From 7ec1262af43ee60f9e61973439fce12a471b4f99 Mon Sep 17 00:00:00 2001 From: The Android Open Source Project Date: Tue, 3 Mar 2009 18:28:35 -0800 Subject: [PATCH] auto import from //depot/cupcake/@135843 --- pppd/Android.mk | 43 - pppd/MODULE_LICENSE_BSD | 0 pppd/Makefile.linux | 224 -- pppd/Makefile.sol2 | 56 - pppd/NOTICE | 270 --- pppd/auth.c | 2555 ----------------------- pppd/cbcp.c | 488 ----- pppd/cbcp.h | 26 - pppd/ccp.c | 1674 --------------- pppd/ccp.h | 52 - pppd/chap-md5.c | 117 -- pppd/chap-md5.h | 31 - pppd/chap-new.c | 636 ------ pppd/chap-new.h | 130 -- pppd/chap_ms.c | 938 --------- pppd/chap_ms.h | 122 -- pppd/demand.c | 361 ---- pppd/eap.c | 2428 ---------------------- pppd/eap.h | 158 -- pppd/ecp.c | 173 -- pppd/ecp.h | 45 - pppd/eui64.c | 57 - pppd/eui64.h | 114 - pppd/fsm.c | 817 -------- pppd/fsm.h | 168 -- pppd/include/net/if_ppp.h | 156 -- pppd/include/net/ppp-comp.h | 266 --- pppd/include/net/ppp_defs.h | 194 -- pppd/include/net/pppio.h | 107 - pppd/include/net/slcompress.h | 148 -- pppd/include/net/vjcompress.h | 144 -- pppd/include/pcap-int.h | 117 -- pppd/ipcp.c | 2196 -------------------- pppd/ipcp.h | 96 - pppd/ipv6cp.c | 1561 -------------- pppd/ipv6cp.h | 171 -- pppd/ipxcp.c | 1598 -------------- pppd/ipxcp.h | 94 - pppd/lcp.c | 2337 --------------------- pppd/lcp.h | 119 -- pppd/magic.c | 123 -- pppd/magic.h | 49 - pppd/main.c | 2054 ------------------ pppd/md4.c | 298 --- pppd/md4.h | 64 - pppd/md5.c | 307 --- pppd/md5.h | 65 - pppd/multilink.c | 589 ------ pppd/options.c | 1609 -------------- pppd/patchlevel.h | 4 - pppd/pathnames.h | 59 - pppd/plugins/Makefile.linux | 41 - pppd/plugins/Makefile.sol2 | 27 - pppd/plugins/minconn.c | 66 - pppd/plugins/passprompt.c | 110 - pppd/plugins/passwordfd.c | 82 - pppd/plugins/pppoatm/COPYING | 7 - pppd/plugins/pppoatm/Makefile.linux | 46 - pppd/plugins/pppoatm/ans.c | 262 --- pppd/plugins/pppoatm/atm.h | 108 - pppd/plugins/pppoatm/atmres.h | 36 - pppd/plugins/pppoatm/atmsap.h | 45 - pppd/plugins/pppoatm/misc.c | 51 - pppd/plugins/pppoatm/pppoatm.c | 225 -- pppd/plugins/pppoatm/text2atm.c | 249 --- pppd/plugins/pppoatm/text2qos.c | 180 -- pppd/plugins/radius/COPYRIGHT | 90 - pppd/plugins/radius/Makefile.linux | 65 - pppd/plugins/radius/avpair.c | 795 ------- pppd/plugins/radius/buildreq.c | 446 ---- pppd/plugins/radius/clientid.c | 121 -- pppd/plugins/radius/config.c | 544 ----- pppd/plugins/radius/dict.c | 450 ---- pppd/plugins/radius/etc/dictionary | 253 --- pppd/plugins/radius/etc/dictionary.ascend | 295 --- pppd/plugins/radius/etc/dictionary.compat | 45 - pppd/plugins/radius/etc/dictionary.merit | 17 - pppd/plugins/radius/etc/dictionary.microsoft | 81 - pppd/plugins/radius/etc/issue | 5 - pppd/plugins/radius/etc/port-id-map | 24 - pppd/plugins/radius/etc/radiusclient.conf | 91 - pppd/plugins/radius/etc/radiusclient.conf.in | 91 - pppd/plugins/radius/etc/realms | 22 - pppd/plugins/radius/etc/servers | 4 - pppd/plugins/radius/includes.h | 54 - pppd/plugins/radius/ip_util.c | 137 -- pppd/plugins/radius/lock.c | 46 - pppd/plugins/radius/md5.c | 13 - pppd/plugins/radius/options.h | 62 - pppd/plugins/radius/pathnames.h | 28 - pppd/plugins/radius/pppd-radattr.8 | 44 - pppd/plugins/radius/pppd-radius.8 | 67 - pppd/plugins/radius/radattr.c | 111 - pppd/plugins/radius/radius.c | 1306 ------------ pppd/plugins/radius/radiusclient.h | 455 ---- pppd/plugins/radius/radrealms.c | 147 -- pppd/plugins/radius/sendserver.c | 520 ----- pppd/plugins/radius/util.c | 84 - pppd/plugins/rp-pppoe/Makefile.linux | 66 - pppd/plugins/rp-pppoe/common.c | 504 ----- pppd/plugins/rp-pppoe/config.h | 135 -- pppd/plugins/rp-pppoe/debug.c | 143 -- pppd/plugins/rp-pppoe/discovery.c | 645 ------ pppd/plugins/rp-pppoe/if.c | 1097 ---------- pppd/plugins/rp-pppoe/plugin.c | 440 ---- pppd/plugins/rp-pppoe/pppoe-discovery.c | 124 -- pppd/plugins/rp-pppoe/pppoe.h | 323 --- pppd/plugins/winbind.c | 681 ------ pppd/ppp.pam | 6 - pppd/pppcrypt.c | 193 -- pppd/pppcrypt.h | 48 - pppd/pppd.8 | 1888 ----------------- pppd/pppd.h | 905 -------- pppd/sha1.c | 170 -- pppd/sha1.h | 31 - pppd/spinlock.c | 473 ----- pppd/spinlock.h | 59 - pppd/srp-entry.8 | 83 - pppd/srp-entry.c | 190 -- pppd/sys-linux.c | 2881 -------------------------- pppd/sys-solaris.c | 2778 ------------------------- pppd/tdb.c | 2009 ------------------ pppd/tdb.h | 164 -- pppd/tty.c | 1263 ----------- pppd/upap.c | 683 ------ pppd/upap.h | 110 - pppd/utils.c | 1089 ---------- 127 files changed, 53437 deletions(-) delete mode 100644 pppd/Android.mk delete mode 100644 pppd/MODULE_LICENSE_BSD delete mode 100644 pppd/Makefile.linux delete mode 100644 pppd/Makefile.sol2 delete mode 100644 pppd/NOTICE delete mode 100644 pppd/auth.c delete mode 100644 pppd/cbcp.c delete mode 100644 pppd/cbcp.h delete mode 100644 pppd/ccp.c delete mode 100644 pppd/ccp.h delete mode 100644 pppd/chap-md5.c delete mode 100644 pppd/chap-md5.h delete mode 100644 pppd/chap-new.c delete mode 100644 pppd/chap-new.h delete mode 100644 pppd/chap_ms.c delete mode 100644 pppd/chap_ms.h delete mode 100644 pppd/demand.c delete mode 100644 pppd/eap.c delete mode 100644 pppd/eap.h delete mode 100644 pppd/ecp.c delete mode 100644 pppd/ecp.h delete mode 100644 pppd/eui64.c delete mode 100644 pppd/eui64.h delete mode 100644 pppd/fsm.c delete mode 100644 pppd/fsm.h delete mode 100644 pppd/include/net/if_ppp.h delete mode 100644 pppd/include/net/ppp-comp.h delete mode 100644 pppd/include/net/ppp_defs.h delete mode 100644 pppd/include/net/pppio.h delete mode 100644 pppd/include/net/slcompress.h delete mode 100644 pppd/include/net/vjcompress.h delete mode 100644 pppd/include/pcap-int.h delete mode 100644 pppd/ipcp.c delete mode 100644 pppd/ipcp.h delete mode 100644 pppd/ipv6cp.c delete mode 100644 pppd/ipv6cp.h delete mode 100644 pppd/ipxcp.c delete mode 100644 pppd/ipxcp.h delete mode 100644 pppd/lcp.c delete mode 100644 pppd/lcp.h delete mode 100644 pppd/magic.c delete mode 100644 pppd/magic.h delete mode 100644 pppd/main.c delete mode 100644 pppd/md4.c delete mode 100644 pppd/md4.h delete mode 100644 pppd/md5.c delete mode 100644 pppd/md5.h delete mode 100644 pppd/multilink.c delete mode 100644 pppd/options.c delete mode 100644 pppd/patchlevel.h delete mode 100644 pppd/pathnames.h delete mode 100644 pppd/plugins/Makefile.linux delete mode 100644 pppd/plugins/Makefile.sol2 delete mode 100644 pppd/plugins/minconn.c delete mode 100644 pppd/plugins/passprompt.c delete mode 100644 pppd/plugins/passwordfd.c delete mode 100644 pppd/plugins/pppoatm/COPYING delete mode 100644 pppd/plugins/pppoatm/Makefile.linux delete mode 100644 pppd/plugins/pppoatm/ans.c delete mode 100644 pppd/plugins/pppoatm/atm.h delete mode 100644 pppd/plugins/pppoatm/atmres.h delete mode 100644 pppd/plugins/pppoatm/atmsap.h delete mode 100644 pppd/plugins/pppoatm/misc.c delete mode 100644 pppd/plugins/pppoatm/pppoatm.c delete mode 100644 pppd/plugins/pppoatm/text2atm.c delete mode 100644 pppd/plugins/pppoatm/text2qos.c delete mode 100644 pppd/plugins/radius/COPYRIGHT delete mode 100644 pppd/plugins/radius/Makefile.linux delete mode 100644 pppd/plugins/radius/avpair.c delete mode 100644 pppd/plugins/radius/buildreq.c delete mode 100644 pppd/plugins/radius/clientid.c delete mode 100644 pppd/plugins/radius/config.c delete mode 100644 pppd/plugins/radius/dict.c delete mode 100644 pppd/plugins/radius/etc/dictionary delete mode 100644 pppd/plugins/radius/etc/dictionary.ascend delete mode 100644 pppd/plugins/radius/etc/dictionary.compat delete mode 100644 pppd/plugins/radius/etc/dictionary.merit delete mode 100644 pppd/plugins/radius/etc/dictionary.microsoft delete mode 100644 pppd/plugins/radius/etc/issue delete mode 100644 pppd/plugins/radius/etc/port-id-map delete mode 100644 pppd/plugins/radius/etc/radiusclient.conf delete mode 100644 pppd/plugins/radius/etc/radiusclient.conf.in delete mode 100644 pppd/plugins/radius/etc/realms delete mode 100644 pppd/plugins/radius/etc/servers delete mode 100644 pppd/plugins/radius/includes.h delete mode 100644 pppd/plugins/radius/ip_util.c delete mode 100644 pppd/plugins/radius/lock.c delete mode 100644 pppd/plugins/radius/md5.c delete mode 100644 pppd/plugins/radius/options.h delete mode 100644 pppd/plugins/radius/pathnames.h delete mode 100644 pppd/plugins/radius/pppd-radattr.8 delete mode 100644 pppd/plugins/radius/pppd-radius.8 delete mode 100644 pppd/plugins/radius/radattr.c delete mode 100644 pppd/plugins/radius/radius.c delete mode 100644 pppd/plugins/radius/radiusclient.h delete mode 100644 pppd/plugins/radius/radrealms.c delete mode 100644 pppd/plugins/radius/sendserver.c delete mode 100644 pppd/plugins/radius/util.c delete mode 100644 pppd/plugins/rp-pppoe/Makefile.linux delete mode 100644 pppd/plugins/rp-pppoe/common.c delete mode 100644 pppd/plugins/rp-pppoe/config.h delete mode 100644 pppd/plugins/rp-pppoe/debug.c delete mode 100644 pppd/plugins/rp-pppoe/discovery.c delete mode 100644 pppd/plugins/rp-pppoe/if.c delete mode 100644 pppd/plugins/rp-pppoe/plugin.c delete mode 100644 pppd/plugins/rp-pppoe/pppoe-discovery.c delete mode 100644 pppd/plugins/rp-pppoe/pppoe.h delete mode 100644 pppd/plugins/winbind.c delete mode 100644 pppd/ppp.pam delete mode 100644 pppd/pppcrypt.c delete mode 100644 pppd/pppcrypt.h delete mode 100644 pppd/pppd.8 delete mode 100644 pppd/pppd.h delete mode 100644 pppd/sha1.c delete mode 100644 pppd/sha1.h delete mode 100644 pppd/spinlock.c delete mode 100644 pppd/spinlock.h delete mode 100644 pppd/srp-entry.8 delete mode 100644 pppd/srp-entry.c delete mode 100644 pppd/sys-linux.c delete mode 100644 pppd/sys-solaris.c delete mode 100644 pppd/tdb.c delete mode 100644 pppd/tdb.h delete mode 100644 pppd/tty.c delete mode 100644 pppd/upap.c delete mode 100644 pppd/upap.h delete mode 100644 pppd/utils.c diff --git a/pppd/Android.mk b/pppd/Android.mk deleted file mode 100644 index 01928b1..0000000 --- a/pppd/Android.mk +++ /dev/null @@ -1,43 +0,0 @@ -ifeq ($(TARGET_ARCH),arm) - -LOCAL_PATH:= $(call my-dir) -include $(CLEAR_VARS) - -LOCAL_SRC_FILES:= \ - main.c \ - magic.c \ - fsm.c \ - lcp.c \ - ipcp.c \ - upap.c \ - chap-new.c \ - md5.c \ - ccp.c \ - ecp.c \ - ipxcp.c \ - auth.c \ - options.c \ - sys-linux.c \ - md4.c \ - chap_ms.c \ - demand.c \ - utils.c \ - tty.c \ - eap.c \ - chap-md5.c - -LOCAL_SHARED_LIBRARIES := \ - libcutils - -LOCAL_C_INCLUDES := \ - $(LOCAL_PATH)/include - -LOCAL_CFLAGS := -DANDROID_CHANGES - -LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) -LOCAL_MODULE_TAGS := eng -LOCAL_MODULE:= pppd - -include $(BUILD_EXECUTABLE) - -endif diff --git a/pppd/MODULE_LICENSE_BSD b/pppd/MODULE_LICENSE_BSD deleted file mode 100644 index e69de29..0000000 diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux deleted file mode 100644 index e7e52b8..0000000 --- a/pppd/Makefile.linux +++ /dev/null @@ -1,224 +0,0 @@ -# -# pppd makefile for Linux -# $Id: Makefile.linux,v 1.66 2004/11/13 12:02:22 paulus Exp $ -# - -# Default installation locations -DESTDIR = @DESTDIR@ -BINDIR = $(DESTDIR)/sbin -MANDIR = $(DESTDIR)/share/man/man8 -INCDIR = $(DESTDIR)/include - -TARGETS = pppd - -PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \ - ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \ - demand.c utils.c tty.c eap.c chap-md5.c - -HEADERS = ccp.h chap-new.h ecp.h fsm.h ipcp.h \ - ipxcp.h lcp.h magic.h md5.h patchlevel.h pathnames.h pppd.h \ - upap.h eap.h - -MANPAGES = pppd.8 -PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \ - ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \ - eap.o chap-md5.o - -# -# include dependencies if present -ifeq (.depend,$(wildcard .depend)) -include .depend -endif - -# CC = gcc -# -COPTS = -O2 -pipe -Wall -g -LIBS = - -# Uncomment the next 2 lines to include support for Microsoft's -# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. -CHAPMS=y -USE_CRYPT=y -# Don't use MSLANMAN unless you really know what you're doing. -#MSLANMAN=y -# Uncomment the next line to include support for MPPE. CHAPMS (above) must -# also be enabled. Also, edit plugins/radius/Makefile.linux. -MPPE=y - -# Uncomment the next line to include support for PPP packet filtering. -# This requires that the libpcap library and headers be installed -# and that the kernel driver support PPP packet filtering. -FILTER=y - -# Uncomment the next line to enable multilink PPP (enabled by default) -# Linux distributions: Please leave multilink ENABLED in your builds -# of pppd! -HAVE_MULTILINK=y - -# Uncomment the next line to enable the TDB database (enabled by default.) -# If you enable multilink, then TDB is automatically enabled also. -# Linux distributions: Please leave TDB ENABLED in your builds. -USE_TDB=y - -HAS_SHADOW=y -#USE_PAM=y -#HAVE_INET6=y - -# Enable plugins -PLUGIN=y - -# Enable Microsoft proprietary Callback Control Protocol -#CBCP=y - -# Enable EAP SRP-SHA1 authentication (requires libsrp) -#USE_SRP=y - -MAXOCTETS=y - -INCLUDE_DIRS= -I../include - -COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP - -CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) - -ifdef CHAPMS -CFLAGS += -DCHAPMS=1 -NEEDDES=y -PPPDOBJS += md4.o chap_ms.o -HEADERS += md4.h chap_ms.h -ifdef MSLANMAN -CFLAGS += -DMSLANMAN=1 -endif -ifdef MPPE -CFLAGS += -DMPPE=1 -endif -endif - -# EAP SRP-SHA1 -ifdef USE_SRP -CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include -LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto -TARGETS += srp-entry -EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry -MANPAGES += srp-entry.8 -EXTRACLEAN += srp-entry.o -NEEDDES=y -else -# OpenSSL has an integrated version of SHA-1, and its implementation -# is incompatible with this local SHA-1 implementation. We must use -# one or the other, not both. -PPPDSRCS += sha1.c -HEADERS += sha1.h -PPPDOBJS += sha1.o -endif - -ifdef HAS_SHADOW -CFLAGS += -DHAS_SHADOW -#LIBS += -lshadow $(LIBS) -endif - -ifneq ($(wildcard /usr/include/crypt.h),) -CFLAGS += -DHAVE_CRYPT_H=1 -endif -ifneq ($(wildcard /usr/lib/libcrypt.*),) -LIBS += -lcrypt -endif - -ifdef NEEDDES -ifndef USE_CRYPT -LIBS += -ldes $(LIBS) -else -CFLAGS += -DUSE_CRYPT=1 -endif -PPPDOBJS += pppcrypt.o -HEADERS += pppcrypt.h -endif - -# For "Pluggable Authentication Modules", see ftp.redhat.com:/pub/pam/. -ifdef USE_PAM -CFLAGS += -DUSE_PAM -LIBS += -lpam -ldl -endif - -# Multi-linnk -ifdef HAVE_MULTILINK - # Multilink implies the use of TDB - USE_TDB=y - - CFLAGS += -DHAVE_MULTILINK - PPPDSRCS += multilink.c - PPPDOBJS += multilink.o -endif - -# TDB -ifdef USE_TDB - CFLAGS += -DUSE_TDB=1 - PPPDSRCS += tdb.c spinlock.c - PPPDOBJS += tdb.o spinlock.o - HEADERS += tdb.h spinlock.h -endif - -# Lock library binary for Linux is included in 'linux' subdirectory. -ifdef LOCKLIB -LIBS += -llock -CFLAGS += -DLOCKLIB=1 -endif - -ifdef PLUGIN -CFLAGS += -DPLUGIN -LDFLAGS += -Wl,-E -LIBS += -ldl -endif - -ifdef FILTER -ifneq ($(wildcard /usr/include/pcap-bpf.h),) -LIBS += -lpcap -CFLAGS += -DPPP_FILTER -endif -endif - -ifdef HAVE_INET6 - PPPDSRCS += ipv6cp.c eui64.c - HEADERS += ipv6cp.h eui64.h - PPPDOBJS += ipv6cp.o eui64.o - CFLAGS += -DINET6=1 -endif - -ifdef CBCP - PPPDSRCS += cbcp.c - PPPDOBJS += cbcp.o - CFLAGS += -DCBCP_SUPPORT - HEADERS += cbcp.h -endif - -ifdef MAXOCTETS - CFLAGS += -DMAXOCTETS -endif - -INSTALL= install - -all: $(TARGETS) - -install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) - $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi - $(INSTALL) -c -m 444 pppd.8 $(MANDIR) - -pppd: $(PPPDOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) - -srp-entry: srp-entry.c - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) - -install-devel: - mkdir -p $(INCDIR)/pppd - $(INSTALL) -c -m 644 $(HEADERS) $(INCDIR)/pppd - -clean: - rm -f $(PPPDOBJS) $(EXTRACLEAN) $(TARGETS) *~ #* core - -depend: - $(CPP) -M $(CFLAGS) $(PPPDSRCS) >.depend diff --git a/pppd/Makefile.sol2 b/pppd/Makefile.sol2 deleted file mode 100644 index 75c2922..0000000 --- a/pppd/Makefile.sol2 +++ /dev/null @@ -1,56 +0,0 @@ -# -# Makefile for pppd under Solaris 2. -# $Id: Makefile.sol2,v 1.26 2004/04/14 02:39:39 carlsonj Exp $ -# - -include ../Makedefs.com - -CFLAGS = -I../include -DSVR4 -DSOL2 $(COPTS) -LIBS = -lsocket -lnsl - -OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o eap.o md5.o \ - tty.o ccp.o ecp.o auth.o options.o demand.o utils.o sys-solaris.o \ - chap-md5.o - -# -# uncomment the following to enable plugins -# -CFLAGS += -DPLUGIN -LIBS += -ldl - -# -# Solaris 8 and above accomodates /var/run, so uncomment the -# following to place pppd process IDs on that location -# -#CFLAGS += -D_PATH_VARRUN='"/var/run/"' - -# -# uncomment the following to enable IPv6 -# -# Solaris 8 and on includes support for IPv6 -# -#CFLAGS += -DINET6 -#OBJS += ipv6cp.o eui64.o - -# Uncomment to enable MS-CHAP -#CFLAGS += -DUSE_CRYPT -DCHAPMS -DHAVE_CRYPT_H -#OBJS += chap_ms.o pppcrypt.o md4.o sha1.o - -# Uncomment for CBCP -#CFLAGS += -DCBCP_SUPPORT -#OBJS += cbcp.o - -# -# Make targets -# -all: pppd - -pppd: $(OBJS) - $(CC) -o pppd $(OBJS) $(LIBS) - -install: - $(INSTALL) -f $(BINDIR) -m 4755 -u root pppd - $(INSTALL) -f $(MANDIR)/man8 -m 444 pppd.8 - -clean: - rm -f $(OBJS) pppd *~ core y.tab.c y.tab.h diff --git a/pppd/NOTICE b/pppd/NOTICE deleted file mode 100644 index 3923192..0000000 --- a/pppd/NOTICE +++ /dev/null @@ -1,270 +0,0 @@ -This product includes software developed by Paul Mackerras -This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/). -This product includes software developed by Pedro Roque Marques -This product includes software developed by Tommi Komulainen - -Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - -3. The name "Carnegie Mellon University" must not be used to - endorse or promote products derived from this software without - prior written permission. For permission or any legal - details, please contact - Office of Technology Transfer - Carnegie Mellon University - 5000 Forbes Avenue - Pittsburgh, PA 15213-3890 - (412) 268-4387, fax: (412) 268-7395 - tech-transfer@andrew.cmu.edu - -4. Redistributions of any form whatsoever must retain the following - acknowledgment: - "This product includes software developed by Computing Services - at Carnegie Mellon University (http://www.cmu.edu/computing/)." - -CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Copyright (c) 1995 Pedro Roque Marques. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - -3. The names of the authors of this software must not be used to - endorse or promote products derived from this software without - prior written permission. - -4. Redistributions of any form whatsoever must retain the following - acknowledgment: - "This product includes software developed by Pedro Roque Marques - " - -THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Copyright (C) 2000-2004 Paul Mackerras. All rights reserved. -Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. -Copyright (c) 2003 Paul Mackerras. All rights reserved. -Copyright (c) 1996-2002 Paul Mackerras. All rights reserved. -Copyright (c) 1999-2004 Paul Mackerras. All rights reserved. -Copyright (c) 2000-2002 Paul Mackerras. All rights reserved. -Copyright (c) 1999-2002 Paul Mackerras. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. The name(s) of the authors of this software must not be used to - endorse or promote products derived from this software without - prior written permission. - -3. Redistributions of any form whatsoever must retain the following - acknowledgment: - "This product includes software developed by Paul Mackerras - ". - -THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Copyright (c) 1995 Eric Rosenquist. All rights reserved. -Copyright (c) 2002 The Android Open Source Project - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - -3. The name(s) of the authors of this software must not be used to - endorse or promote products derived from this software without - prior written permission. - -THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - -Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. - -License to copy and use this software is granted provided that -it is identified as the "RSA Data Security, Inc. MD5 Message- -Digest Algorithm" in all material mentioning or referencing this -software or this function. - -License is also granted to make and use derivative works -provided that such works are identified as "derived from the RSA -Data Security, Inc. MD5 Message-Digest Algorithm" in all -material mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning -either the merchantability of this software or the suitability -of this software for any particular purpose. It is provided "as -is" without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - -Copyright (c) 2001 by Sun Microsystems, Inc. -All rights reserved. - -Non-exclusive rights to redistribute, modify, translate, and use -this software in source and binary forms, in whole or in part, is -hereby granted, provided that the above copyright notice is -duplicated in any source form, and that neither the name of the -copyright holder nor the author is used to endorse or promote -products derived from this software. - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -Copyright (c) 1999 Tommi Komulainen. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - -3. The name(s) of the authors of this software must not be used to - endorse or promote products derived from this software without - prior written permission. - -4. Redistributions of any form whatsoever must retain the following - acknowledgment: - "This product includes software developed by Tommi Komulainen - ". - -THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt, -Alain.Durand@imag.fr, IMAG, -Jean-Luc.Richier@imag.fr, IMAG-LSR. - -Copyright (c) 1998, 1999 Francis.Dupont@inria.fr, GIE DYADE, -Alain.Durand@imag.fr, IMAG, -Jean-Luc.Richier@imag.fr, IMAG-LSR. - -Ce travail a été fait au sein du GIE DYADE (Groupement d'Intérêt -Économique ayant pour membres BULL S.A. et l'INRIA). - -Ce logiciel informatique est disponible aux conditions -usuelles dans la recherche, c'est-à-dire qu'il peut -être utilisé, copié, modifié, distribué à l'unique -condition que ce texte soit conservé afin que -l'origine de ce logiciel soit reconnue. - -Le nom de l'Institut National de Recherche en Informatique -et en Automatique (INRIA), de l'IMAG, ou d'une personne morale -ou physique ayant participé à l'élaboration de ce logiciel ne peut -être utilisé sans son accord préalable explicite. - -Ce logiciel est fourni tel quel sans aucune garantie, -support ou responsabilité d'aucune sorte. -Ce logiciel est dérivé de sources d'origine -"University of California at Berkeley" et -"Digital Equipment Corporation" couvertes par des copyrights. - -L'Institut d'Informatique et de Mathématiques Appliquées de Grenoble (IMAG) -est une fédération d'unités mixtes de recherche du CNRS, de l'Institut National -Polytechnique de Grenoble et de l'Université Joseph Fourier regroupant -sept laboratoires dont le laboratoire Logiciels, Systèmes, Réseaux (LSR). - -This work has been done in the context of GIE DYADE (joint R & D venture -between BULL S.A. and INRIA). - -This software is available with usual "research" terms -with the aim of retain credits of the software. -Permission to use, copy, modify and distribute this software for any -purpose and without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies, -and the name of INRIA, IMAG, or any contributor not be used in advertising -or publicity pertaining to this material without the prior explicit -permission. The software is provided "as is" without any -warranties, support or liabilities of any kind. -This software is derived from source code from -"University of California at Berkeley" and -"Digital Equipment Corporation" protected by copyrights. - -Grenoble's Institute of Computer Science and Applied Mathematics (IMAG) -is a federation of seven research units funded by the CNRS, National -Polytechnic Institute of Grenoble and University Joseph Fourier. -The research unit in Software, Systems, Networks (LSR) is member of IMAG. - -Copyright (C) Anton Blanchard 2001 -Copyright (C) Andrew Tridgell 1999-2004 -Copyright (C) Paul `Rusty' Russell 2000 -Copyright (C) Jeremy Allison 2000-2003 -This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA diff --git a/pppd/auth.c b/pppd/auth.c deleted file mode 100644 index 07f0b31..0000000 --- a/pppd/auth.c +++ /dev/null @@ -1,2555 +0,0 @@ -/* - * auth.c - PPP authentication and phase control. - * - * Copyright (c) 1993-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Derived from main.c, which is: - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: auth.c,v 1.101 2004/11/12 10:30:51 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(_PATH_LASTLOG) && defined(__linux__) -#include -#endif - -#include -#include -#include - -#ifdef USE_PAM -#include -#endif - -#ifdef HAS_SHADOW -#include -#ifndef PW_PPP -#define PW_PPP PW_LOGIN -#endif -#endif -#include - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" -#include "ccp.h" -#include "ecp.h" -#include "ipcp.h" -#include "upap.h" -#include "chap-new.h" -#include "eap.h" -#ifdef CBCP_SUPPORT -#include "cbcp.h" -#endif -#include "pathnames.h" - -static const char rcsid[] = RCSID; - -/* Bits in scan_authfile return value */ -#define NONWILD_SERVER 1 -#define NONWILD_CLIENT 2 - -#define ISWILD(word) (word[0] == '*' && word[1] == 0) - -/* The name by which the peer authenticated itself to us. */ -char peer_authname[MAXNAMELEN]; - -/* Records which authentication operations haven't completed yet. */ -static int auth_pending[NUM_PPP]; - -/* Records which authentication operations have been completed. */ -int auth_done[NUM_PPP]; - -/* Set if we have successfully called plogin() */ -static int logged_in; - -/* List of addresses which the peer may use. */ -static struct permitted_ip *addresses[NUM_PPP]; - -/* Wordlist giving addresses which the peer may use - without authenticating itself. */ -static struct wordlist *noauth_addrs; - -/* Remote telephone number, if available */ -char remote_number[MAXNAMELEN]; - -/* Wordlist giving remote telephone numbers which may connect. */ -static struct wordlist *permitted_numbers; - -/* Extra options to apply, from the secrets file entry for the peer. */ -static struct wordlist *extra_options; - -/* Number of network protocols which we have opened. */ -static int num_np_open; - -/* Number of network protocols which have come up. */ -static int num_np_up; - -/* Set if we got the contents of passwd[] from the pap-secrets file. */ -static int passwd_from_file; - -/* Set if we require authentication only because we have a default route. */ -static bool default_auth; - -/* Hook to enable a plugin to control the idle time limit */ -int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; - -/* Hook for a plugin to say whether we can possibly authenticate any peer */ -int (*pap_check_hook) __P((void)) = NULL; - -/* Hook for a plugin to check the PAP user and password */ -int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, - struct wordlist **paddrs, - struct wordlist **popts)) = NULL; - -/* Hook for a plugin to know about the PAP user logout */ -void (*pap_logout_hook) __P((void)) = NULL; - -/* Hook for a plugin to get the PAP password for authenticating us */ -int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; - -/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */ -int (*chap_check_hook) __P((void)) = NULL; - -/* Hook for a plugin to get the CHAP password for authenticating us */ -int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; - -/* Hook for a plugin to say whether it is OK if the peer - refuses to authenticate. */ -int (*null_auth_hook) __P((struct wordlist **paddrs, - struct wordlist **popts)) = NULL; - -int (*allowed_address_hook) __P((u_int32_t addr)) = NULL; - -/* A notifier for when the peer has authenticated itself, - and we are proceeding to the network phase. */ -struct notifier *auth_up_notifier = NULL; - -/* A notifier for when the link goes down. */ -struct notifier *link_down_notifier = NULL; - -/* - * This is used to ensure that we don't start an auth-up/down - * script while one is already running. - */ -enum script_state { - s_down, - s_up -}; - -static enum script_state auth_state = s_down; -static enum script_state auth_script_state = s_down; -static pid_t auth_script_pid = 0; - -static int used_login; /* peer authenticated against login database */ - -/* - * Option variables. - */ -bool uselogin = 0; /* Use /etc/passwd for checking PAP */ -bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ -bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ -bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ -bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */ -#ifdef CHAPMS -bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */ -bool refuse_mschap_v2 = 0; /* Don't wanna auth. ourselves with MS-CHAPv2 */ -#else -bool refuse_mschap = 1; /* Don't wanna auth. ourselves with MS-CHAP */ -bool refuse_mschap_v2 = 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */ -#endif -bool usehostname = 0; /* Use hostname for our_name */ -bool auth_required = 0; /* Always require authentication from peer */ -bool allow_any_ip = 0; /* Allow peer to use any IP address */ -bool explicit_remote = 0; /* User specified explicit remote name */ -char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ - -static char *uafname; /* name of most recent +ua file */ - -extern char *crypt __P((const char *, const char *)); - -/* Prototypes for procedures local to this file. */ - -static void network_phase __P((int)); -static void check_idle __P((void *)); -static void connect_time_expired __P((void *)); -static int plogin __P((char *, char *, char **)); -static void plogout __P((void)); -static int null_login __P((int)); -static int get_pap_passwd __P((char *)); -static int have_pap_secret __P((int *)); -static int have_chap_secret __P((char *, char *, int, int *)); -static int have_srp_secret __P((char *client, char *server, int need_ip, - int *lacks_ipp)); -static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); -static int scan_authfile __P((FILE *, char *, char *, char *, - struct wordlist **, struct wordlist **, - char *, int)); -static void free_wordlist __P((struct wordlist *)); -static void auth_script __P((char *)); -static void auth_script_done __P((void *)); -static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *)); -static int some_ip_ok __P((struct wordlist *)); -static int setupapfile __P((char **)); -static int privgroup __P((char **)); -static int set_noauth_addr __P((char **)); -static int set_permitted_number __P((char **)); -static void check_access __P((FILE *, char *)); -static int wordlist_count __P((struct wordlist *)); - -#ifdef MAXOCTETS -static void check_maxoctets __P((void *)); -#endif - -/* - * Authentication-related options. - */ -option_t auth_options[] = { - { "auth", o_bool, &auth_required, - "Require authentication from peer", OPT_PRIO | 1 }, - { "noauth", o_bool, &auth_required, - "Don't require peer to authenticate", OPT_PRIOSUB | OPT_PRIV, - &allow_any_ip }, - { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, - "Require PAP authentication from peer", - OPT_PRIOSUB | 1, &auth_required }, - { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, - "Require PAP authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required }, - { "require-chap", o_bool, &auth_required, - "Require CHAP authentication from peer", - OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5, - &lcp_wantoptions[0].chap_mdtype }, - { "+chap", o_bool, &auth_required, - "Require CHAP authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5, - &lcp_wantoptions[0].chap_mdtype }, -#ifdef CHAPMS - { "require-mschap", o_bool, &auth_required, - "Require MS-CHAP authentication from peer", - OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT, - &lcp_wantoptions[0].chap_mdtype }, - { "+mschap", o_bool, &auth_required, - "Require MS-CHAP authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT, - &lcp_wantoptions[0].chap_mdtype }, - { "require-mschap-v2", o_bool, &auth_required, - "Require MS-CHAPv2 authentication from peer", - OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2, - &lcp_wantoptions[0].chap_mdtype }, - { "+mschap-v2", o_bool, &auth_required, - "Require MS-CHAPv2 authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2, - &lcp_wantoptions[0].chap_mdtype }, -#endif - - { "refuse-pap", o_bool, &refuse_pap, - "Don't agree to auth to peer with PAP", 1 }, - { "-pap", o_bool, &refuse_pap, - "Don't allow PAP authentication with peer", OPT_ALIAS | 1 }, - { "refuse-chap", o_bool, &refuse_chap, - "Don't agree to auth to peer with CHAP", - OPT_A2CLRB | MDTYPE_MD5, - &lcp_allowoptions[0].chap_mdtype }, - { "-chap", o_bool, &refuse_chap, - "Don't allow CHAP authentication with peer", - OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5, - &lcp_allowoptions[0].chap_mdtype }, -#ifdef CHAPMS - { "refuse-mschap", o_bool, &refuse_mschap, - "Don't agree to auth to peer with MS-CHAP", - OPT_A2CLRB | MDTYPE_MICROSOFT, - &lcp_allowoptions[0].chap_mdtype }, - { "-mschap", o_bool, &refuse_mschap, - "Don't allow MS-CHAP authentication with peer", - OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT, - &lcp_allowoptions[0].chap_mdtype }, - { "refuse-mschap-v2", o_bool, &refuse_mschap_v2, - "Don't agree to auth to peer with MS-CHAPv2", - OPT_A2CLRB | MDTYPE_MICROSOFT_V2, - &lcp_allowoptions[0].chap_mdtype }, - { "-mschap-v2", o_bool, &refuse_mschap_v2, - "Don't allow MS-CHAPv2 authentication with peer", - OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2, - &lcp_allowoptions[0].chap_mdtype }, -#endif - - { "require-eap", o_bool, &lcp_wantoptions[0].neg_eap, - "Require EAP authentication from peer", OPT_PRIOSUB | 1, - &auth_required }, - { "refuse-eap", o_bool, &refuse_eap, - "Don't agree to authenticate to peer with EAP", 1 }, - - { "name", o_string, our_name, - "Set local name for authentication", - OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, - - { "+ua", o_special, (void *)setupapfile, - "Get PAP user and password from file", - OPT_PRIO | OPT_A2STRVAL, &uafname }, - - { "user", o_string, user, - "Set name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN }, - - { "password", o_string, passwd, - "Password for authenticating us to the peer", - OPT_PRIO | OPT_STATIC | OPT_HIDE, NULL, MAXSECRETLEN }, - - { "usehostname", o_bool, &usehostname, - "Must use hostname for authentication", 1 }, - - { "remotename", o_string, remote_name, - "Set remote name for authentication", OPT_PRIO | OPT_STATIC, - &explicit_remote, MAXNAMELEN }, - - { "login", o_bool, &uselogin, - "Use system password database for PAP", 1 }, - - { "papcrypt", o_bool, &cryptpap, - "PAP passwords are encrypted", 1 }, - - { "privgroup", o_special, (void *)privgroup, - "Allow group members to use privileged options", OPT_PRIV | OPT_A2LIST }, - - { "allow-ip", o_special, (void *)set_noauth_addr, - "Set IP address(es) which can be used without authentication", - OPT_PRIV | OPT_A2LIST }, - - { "remotenumber", o_string, remote_number, - "Set remote telephone number for authentication", OPT_PRIO | OPT_STATIC, - NULL, MAXNAMELEN }, - - { "allow-number", o_special, (void *)set_permitted_number, - "Set telephone number(s) which are allowed to connect", - OPT_PRIV | OPT_A2LIST }, - - { NULL } -}; - -/* - * setupapfile - specifies UPAP info for authenticating with peer. - */ -static int -setupapfile(argv) - char **argv; -{ - FILE *ufile; - int l; - char u[MAXNAMELEN], p[MAXSECRETLEN]; - char *fname; - - lcp_allowoptions[0].neg_upap = 1; - - /* open user info file */ - fname = strdup(*argv); - if (fname == NULL) - novm("+ua file name"); - seteuid(getuid()); - ufile = fopen(fname, "r"); - seteuid(0); - if (ufile == NULL) { - option_error("unable to open user login data file %s", fname); - return 0; - } - check_access(ufile, fname); - uafname = fname; - - /* get username */ - if (fgets(u, MAXNAMELEN - 1, ufile) == NULL - || fgets(p, MAXSECRETLEN - 1, ufile) == NULL) { - fclose(ufile); - option_error("unable to read user login data file %s", fname); - return 0; - } - fclose(ufile); - - /* get rid of newlines */ - l = strlen(u); - if (l > 0 && u[l-1] == '\n') - u[l-1] = 0; - l = strlen(p); - if (l > 0 && p[l-1] == '\n') - p[l-1] = 0; - - if (override_value("user", option_priority, fname)) - strlcpy(user, u, sizeof(user)); - if (override_value("passwd", option_priority, fname)) - strlcpy(passwd, p, sizeof(passwd)); - - return (1); -} - - -/* - * privgroup - allow members of the group to have privileged access. - */ -static int -privgroup(argv) - char **argv; -{ - struct group *g; - int i; - - g = getgrnam(*argv); - if (g == 0) { - option_error("group %s is unknown", *argv); - return 0; - } - for (i = 0; i < ngroups; ++i) { - if (groups[i] == g->gr_gid) { - privileged = 1; - break; - } - } - return 1; -} - - -/* - * set_noauth_addr - set address(es) that can be used without authentication. - * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. - */ -static int -set_noauth_addr(argv) - char **argv; -{ - char *addr = *argv; - int l = strlen(addr) + 1; - struct wordlist *wp; - - wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l); - if (wp == NULL) - novm("allow-ip argument"); - wp->word = (char *) (wp + 1); - wp->next = noauth_addrs; - BCOPY(addr, wp->word, l); - noauth_addrs = wp; - return 1; -} - - -/* - * set_permitted_number - set remote telephone number(s) that may connect. - */ -static int -set_permitted_number(argv) - char **argv; -{ - char *number = *argv; - int l = strlen(number) + 1; - struct wordlist *wp; - - wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l); - if (wp == NULL) - novm("allow-number argument"); - wp->word = (char *) (wp + 1); - wp->next = permitted_numbers; - BCOPY(number, wp->word, l); - permitted_numbers = wp; - return 1; -} - - -/* - * An Open on LCP has requested a change from Dead to Establish phase. - * Do what's necessary to bring the physical layer up. - */ -void -link_required(unit) - int unit; -{ - new_phase(PHASE_SERIALCONN); - - devfd = the_channel->connect(); - if (devfd < 0) - goto fail; - - /* set up the serial device as a ppp interface */ - /* - * N.B. we used to do tdb_writelock/tdb_writeunlock around this - * (from establish_ppp to set_ifunit). However, we won't be - * doing the set_ifunit in multilink mode, which is the only time - * we need the atomicity that the tdb_writelock/tdb_writeunlock - * gives us. Thus we don't need the tdb_writelock/tdb_writeunlock. - */ - fd_ppp = the_channel->establish_ppp(devfd); - if (fd_ppp < 0) { - status = EXIT_FATAL_ERROR; - goto disconnect; - } - - if (!demand && ifunit >= 0) - set_ifunit(1); - - /* - * Start opening the connection and wait for - * incoming events (reply, timeout, etc.). - */ - if (ifunit >= 0) - notice("Connect: %s <--> %s", ifname, ppp_devnam); - else - notice("Starting negotiation on %s", ppp_devnam); - add_fd(fd_ppp); - - status = EXIT_NEGOTIATION_FAILED; - new_phase(PHASE_ESTABLISH); - - lcp_lowerup(0); - return; - - disconnect: - new_phase(PHASE_DISCONNECT); - if (the_channel->disconnect) - the_channel->disconnect(); - - fail: - new_phase(PHASE_DEAD); - if (the_channel->cleanup) - (*the_channel->cleanup)(); - -} - -/* - * LCP has terminated the link; go to the Dead phase and take the - * physical layer down. - */ -void -link_terminated(unit) - int unit; -{ - if (phase == PHASE_DEAD || phase == PHASE_MASTER) - return; - new_phase(PHASE_DISCONNECT); - - if (pap_logout_hook) { - pap_logout_hook(); - } else { - if (logged_in) - plogout(); - } - - if (!doing_multilink) { - notice("Connection terminated."); - print_link_stats(); - } else - notice("Link terminated."); - - /* - * Delete pid files before disestablishing ppp. Otherwise it - * can happen that another pppd gets the same unit and then - * we delete its pid file. - */ - if (!doing_multilink && !demand) - remove_pidfiles(); - - /* - * If we may want to bring the link up again, transfer - * the ppp unit back to the loopback. Set the - * real serial device back to its normal mode of operation. - */ - if (fd_ppp >= 0) { - remove_fd(fd_ppp); - clean_check(); - the_channel->disestablish_ppp(devfd); - if (doing_multilink) - mp_exit_bundle(); - fd_ppp = -1; - } - if (!hungup) - lcp_lowerdown(0); - if (!doing_multilink && !demand) - script_unsetenv("IFNAME"); - - /* - * Run disconnector script, if requested. - * XXX we may not be able to do this if the line has hung up! - */ - if (devfd >= 0 && the_channel->disconnect) { - the_channel->disconnect(); - devfd = -1; - } - - if (doing_multilink && multilink_master) { - if (!bundle_terminating) - new_phase(PHASE_MASTER); - else - mp_bundle_terminated(); - } else - new_phase(PHASE_DEAD); -} - -/* - * LCP has gone down; it will either die or try to re-establish. - */ -void -link_down(unit) - int unit; -{ - if (auth_state != s_down) { - notify(link_down_notifier, 0); - auth_state = s_down; - if (auth_script_state == s_up && auth_script_pid == 0) { - update_link_stats(unit); - auth_script_state = s_down; - auth_script(_PATH_AUTHDOWN); - } - } - if (!doing_multilink) { - upper_layers_down(unit); - if (phase != PHASE_DEAD && phase != PHASE_MASTER) - new_phase(PHASE_ESTABLISH); - } - /* XXX if doing_multilink, should do something to stop - network-layer traffic on the link */ -} - -void upper_layers_down(int unit) -{ - int i; - struct protent *protp; - - for (i = 0; (protp = protocols[i]) != NULL; ++i) { - if (!protp->enabled_flag) - continue; - if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) - (*protp->lowerdown)(unit); - if (protp->protocol < 0xC000 && protp->close != NULL) - (*protp->close)(unit, "LCP down"); - } - num_np_open = 0; - num_np_up = 0; -} - -/* - * The link is established. - * Proceed to the Dead, Authenticate or Network phase as appropriate. - */ -void -link_established(unit) - int unit; -{ - int auth; - lcp_options *wo = &lcp_wantoptions[unit]; - lcp_options *go = &lcp_gotoptions[unit]; - lcp_options *ho = &lcp_hisoptions[unit]; - int i; - struct protent *protp; - - /* - * Tell higher-level protocols that LCP is up. - */ - if (!doing_multilink) { - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->protocol != PPP_LCP && protp->enabled_flag - && protp->lowerup != NULL) - (*protp->lowerup)(unit); - } - - if (!auth_required && noauth_addrs != NULL) - set_allowed_addrs(unit, NULL, NULL); - - if (auth_required && !(go->neg_upap || go->neg_chap || go->neg_eap)) { - /* - * We wanted the peer to authenticate itself, and it refused: - * if we have some address(es) it can use without auth, fine, - * otherwise treat it as though it authenticated with PAP using - * a username of "" and a password of "". If that's not OK, - * boot it out. - */ - if (noauth_addrs != NULL) { - set_allowed_addrs(unit, NULL, NULL); - } else if (!wo->neg_upap || uselogin || !null_login(unit)) { - warn("peer refused to authenticate: terminating link"); - lcp_close(unit, "peer refused to authenticate"); - status = EXIT_PEER_AUTH_FAILED; - return; - } - } - - new_phase(PHASE_AUTHENTICATE); - used_login = 0; - auth = 0; - if (go->neg_eap) { - eap_authpeer(unit, our_name); - auth |= EAP_PEER; - } else if (go->neg_chap) { - chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); - auth |= CHAP_PEER; - } else if (go->neg_upap) { - upap_authpeer(unit); - auth |= PAP_PEER; - } - if (ho->neg_eap) { - eap_authwithpeer(unit, user); - auth |= EAP_WITHPEER; - } else if (ho->neg_chap) { - chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); - auth |= CHAP_WITHPEER; - } else if (ho->neg_upap) { - if (passwd[0] == 0) { - passwd_from_file = 1; - if (!get_pap_passwd(passwd)) - error("No secret found for PAP login"); - } - upap_authwithpeer(unit, user, passwd); - auth |= PAP_WITHPEER; - } - auth_pending[unit] = auth; - auth_done[unit] = 0; - - if (!auth) - network_phase(unit); -} - -/* - * Proceed to the network phase. - */ -static void -network_phase(unit) - int unit; -{ - lcp_options *go = &lcp_gotoptions[unit]; - - /* Log calling number. */ - if (*remote_number) - notice("peer from calling number %q authorized", remote_number); - - /* - * If the peer had to authenticate, run the auth-up script now. - */ - if (go->neg_chap || go->neg_upap || go->neg_eap) { - notify(auth_up_notifier, 0); - auth_state = s_up; - if (auth_script_state == s_down && auth_script_pid == 0) { - auth_script_state = s_up; - auth_script(_PATH_AUTHUP); - } - } - -#ifdef CBCP_SUPPORT - /* - * If we negotiated callback, do it now. - */ - if (go->neg_cbcp) { - new_phase(PHASE_CALLBACK); - (*cbcp_protent.open)(unit); - return; - } -#endif - - /* - * Process extra options from the secrets file - */ - if (extra_options) { - options_from_list(extra_options, 1); - free_wordlist(extra_options); - extra_options = 0; - } - start_networks(unit); -} - -void -start_networks(unit) - int unit; -{ - int i; - struct protent *protp; - int ecp_required, mppe_required; - - new_phase(PHASE_NETWORK); - -#ifdef HAVE_MULTILINK - if (multilink) { - if (mp_join_bundle()) { - if (updetach && !nodetach) - detach(); - return; - } - } -#endif /* HAVE_MULTILINK */ - -#ifdef PPP_FILTER - if (!demand) - set_filters(&pass_filter, &active_filter); -#endif - /* Start CCP and ECP */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if ((protp->protocol == PPP_ECP || protp->protocol == PPP_CCP) - && protp->enabled_flag && protp->open != NULL) - (*protp->open)(0); - - /* - * Bring up other network protocols iff encryption is not required. - */ - ecp_required = ecp_gotoptions[unit].required; - mppe_required = ccp_gotoptions[unit].mppe; - if (!ecp_required && !mppe_required) - continue_networks(unit); -} - -void -continue_networks(unit) - int unit; -{ - int i; - struct protent *protp; - - /* - * Start the "real" network protocols. - */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->protocol < 0xC000 - && protp->protocol != PPP_CCP && protp->protocol != PPP_ECP - && protp->enabled_flag && protp->open != NULL) { - (*protp->open)(0); - ++num_np_open; - } - - if (num_np_open == 0) - /* nothing to do */ - lcp_close(0, "No network protocols running"); -} - -/* - * The peer has failed to authenticate himself using `protocol'. - */ -void -auth_peer_fail(unit, protocol) - int unit, protocol; -{ - /* - * Authentication failure: take the link down - */ - lcp_close(unit, "Authentication failed"); - status = EXIT_PEER_AUTH_FAILED; -} - -/* - * The peer has been successfully authenticated using `protocol'. - */ -void -auth_peer_success(unit, protocol, prot_flavor, name, namelen) - int unit, protocol, prot_flavor; - char *name; - int namelen; -{ - int bit; - - switch (protocol) { - case PPP_CHAP: - bit = CHAP_PEER; - switch (prot_flavor) { - case CHAP_MD5: - bit |= CHAP_MD5_PEER; - break; -#ifdef CHAPMS - case CHAP_MICROSOFT: - bit |= CHAP_MS_PEER; - break; - case CHAP_MICROSOFT_V2: - bit |= CHAP_MS2_PEER; - break; -#endif - } - break; - case PPP_PAP: - bit = PAP_PEER; - break; - case PPP_EAP: - bit = EAP_PEER; - break; - default: - warn("auth_peer_success: unknown protocol %x", protocol); - return; - } - - /* - * Save the authenticated name of the peer for later. - */ - if (namelen > sizeof(peer_authname) - 1) - namelen = sizeof(peer_authname) - 1; - BCOPY(name, peer_authname, namelen); - peer_authname[namelen] = 0; - script_setenv("PEERNAME", peer_authname, 0); - - /* Save the authentication method for later. */ - auth_done[unit] |= bit; - - /* - * If there is no more authentication still to be done, - * proceed to the network (or callback) phase. - */ - if ((auth_pending[unit] &= ~bit) == 0) - network_phase(unit); -} - -/* - * We have failed to authenticate ourselves to the peer using `protocol'. - */ -void -auth_withpeer_fail(unit, protocol) - int unit, protocol; -{ - if (passwd_from_file) - BZERO(passwd, MAXSECRETLEN); - /* - * We've failed to authenticate ourselves to our peer. - * Some servers keep sending CHAP challenges, but there - * is no point in persisting without any way to get updated - * authentication secrets. - */ - lcp_close(unit, "Failed to authenticate ourselves to peer"); - status = EXIT_AUTH_TOPEER_FAILED; -} - -/* - * We have successfully authenticated ourselves with the peer using `protocol'. - */ -void -auth_withpeer_success(unit, protocol, prot_flavor) - int unit, protocol, prot_flavor; -{ - int bit; - - switch (protocol) { - case PPP_CHAP: - bit = CHAP_WITHPEER; - switch (prot_flavor) { - case CHAP_MD5: - bit |= CHAP_MD5_WITHPEER; - break; -#ifdef CHAPMS - case CHAP_MICROSOFT: - bit |= CHAP_MS_WITHPEER; - break; - case CHAP_MICROSOFT_V2: - bit |= CHAP_MS2_WITHPEER; - break; -#endif - } - break; - case PPP_PAP: - if (passwd_from_file) - BZERO(passwd, MAXSECRETLEN); - bit = PAP_WITHPEER; - break; - case PPP_EAP: - bit = EAP_WITHPEER; - break; - default: - warn("auth_withpeer_success: unknown protocol %x", protocol); - bit = 0; - } - - /* Save the authentication method for later. */ - auth_done[unit] |= bit; - - /* - * If there is no more authentication still being done, - * proceed to the network (or callback) phase. - */ - if ((auth_pending[unit] &= ~bit) == 0) - network_phase(unit); -} - - -/* - * np_up - a network protocol has come up. - */ -void -np_up(unit, proto) - int unit, proto; -{ - int tlim; - - if (num_np_up == 0) { - /* - * At this point we consider that the link has come up successfully. - */ - status = EXIT_OK; - unsuccess = 0; - new_phase(PHASE_RUNNING); - - if (idle_time_hook != 0) - tlim = (*idle_time_hook)(NULL); - else - tlim = idle_time_limit; - if (tlim > 0) - TIMEOUT(check_idle, NULL, tlim); - - /* - * Set a timeout to close the connection once the maximum - * connect time has expired. - */ - if (maxconnect > 0) - TIMEOUT(connect_time_expired, 0, maxconnect); - -#ifdef MAXOCTETS - if (maxoctets > 0) - TIMEOUT(check_maxoctets, NULL, maxoctets_timeout); -#endif - - /* - * Detach now, if the updetach option was given. - */ - if (updetach && !nodetach) - detach(); - } - ++num_np_up; -} - -/* - * np_down - a network protocol has gone down. - */ -void -np_down(unit, proto) - int unit, proto; -{ - if (--num_np_up == 0) { - UNTIMEOUT(check_idle, NULL); - UNTIMEOUT(connect_time_expired, NULL); -#ifdef MAXOCTETS - UNTIMEOUT(check_maxoctets, NULL); -#endif - new_phase(PHASE_NETWORK); - } -} - -/* - * np_finished - a network protocol has finished using the link. - */ -void -np_finished(unit, proto) - int unit, proto; -{ - if (--num_np_open <= 0) { - /* no further use for the link: shut up shop. */ - lcp_close(0, "No network protocols running"); - } -} - -#ifdef MAXOCTETS -static void -check_maxoctets(arg) - void *arg; -{ - int diff; - unsigned int used; - - update_link_stats(ifunit); - link_stats_valid=0; - - switch(maxoctets_dir) { - case PPP_OCTETS_DIRECTION_IN: - used = link_stats.bytes_in; - break; - case PPP_OCTETS_DIRECTION_OUT: - used = link_stats.bytes_out; - break; - case PPP_OCTETS_DIRECTION_MAXOVERAL: - case PPP_OCTETS_DIRECTION_MAXSESSION: - used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out; - break; - default: - used = link_stats.bytes_in+link_stats.bytes_out; - break; - } - diff = maxoctets - used; - if(diff < 0) { - notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used); - lcp_close(0, "Traffic limit"); - need_holdoff = 0; - status = EXIT_TRAFFIC_LIMIT; - } else { - TIMEOUT(check_maxoctets, NULL, maxoctets_timeout); - } -} -#endif - -/* - * check_idle - check whether the link has been idle for long - * enough that we can shut it down. - */ -static void -check_idle(arg) - void *arg; -{ - struct ppp_idle idle; - time_t itime; - int tlim; - - if (!get_idle_time(0, &idle)) - return; - if (idle_time_hook != 0) { - tlim = idle_time_hook(&idle); - } else { - itime = MIN(idle.xmit_idle, idle.recv_idle); - tlim = idle_time_limit - itime; - } - if (tlim <= 0) { - /* link is idle: shut it down. */ - notice("Terminating connection due to lack of activity."); - lcp_close(0, "Link inactive"); - need_holdoff = 0; - status = EXIT_IDLE_TIMEOUT; - } else { - TIMEOUT(check_idle, NULL, tlim); - } -} - -/* - * connect_time_expired - log a message and close the connection. - */ -static void -connect_time_expired(arg) - void *arg; -{ - info("Connect time expired"); - status = EXIT_CONNECT_TIME; - lcp_close(0, "Connect time expired"); /* Close connection */ -} - -/* - * auth_check_options - called to check authentication options. - */ -void -auth_check_options() -{ - lcp_options *wo = &lcp_wantoptions[0]; - int can_auth; - int lacks_ip; - - /* Default our_name to hostname, and user to our_name */ - if (our_name[0] == 0 || usehostname) - strlcpy(our_name, hostname, sizeof(our_name)); - if (user[0] == 0) - strlcpy(user, our_name, sizeof(user)); - - /* - * If we have a default route, require the peer to authenticate - * unless the noauth option was given or the real user is root. - */ - if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) { - auth_required = 1; - default_auth = 1; - } - - /* If we selected any CHAP flavors, we should probably negotiate it. :-) */ - if (wo->chap_mdtype) - wo->neg_chap = 1; - - /* If authentication is required, ask peer for CHAP, PAP, or EAP. */ - if (auth_required) { - allow_any_ip = 0; - if (!wo->neg_chap && !wo->neg_upap && !wo->neg_eap) { - wo->neg_chap = chap_mdtype_all != MDTYPE_NONE; - wo->chap_mdtype = chap_mdtype_all; - wo->neg_upap = 1; - wo->neg_eap = 1; - } - } else { - wo->neg_chap = 0; - wo->chap_mdtype = MDTYPE_NONE; - wo->neg_upap = 0; - wo->neg_eap = 0; - } - - /* - * Check whether we have appropriate secrets to use - * to authenticate the peer. Note that EAP can authenticate by way - * of a CHAP-like exchanges as well as SRP. - */ - lacks_ip = 0; - can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); - if (!can_auth && (wo->neg_chap || wo->neg_eap)) { - can_auth = have_chap_secret((explicit_remote? remote_name: NULL), - our_name, 1, &lacks_ip); - } - if (!can_auth && wo->neg_eap) { - can_auth = have_srp_secret((explicit_remote? remote_name: NULL), - our_name, 1, &lacks_ip); - } - - if (auth_required && !can_auth && noauth_addrs == NULL) { - if (default_auth) { - option_error( -"By default the remote system is required to authenticate itself"); - option_error( -"(because this system has a default route to the internet)"); - } else if (explicit_remote) - option_error( -"The remote system (%s) is required to authenticate itself", - remote_name); - else - option_error( -"The remote system is required to authenticate itself"); - option_error( -"but I couldn't find any suitable secret (password) for it to use to do so."); - if (lacks_ip) - option_error( -"(None of the available passwords would let it use an IP address.)"); - - exit(1); - } - - /* - * Early check for remote number authorization. - */ - if (!auth_number()) { - warn("calling number %q is not authorized", remote_number); - exit(EXIT_CNID_AUTH_FAILED); - } -} - -/* - * auth_reset - called when LCP is starting negotiations to recheck - * authentication options, i.e. whether we have appropriate secrets - * to use for authenticating ourselves and/or the peer. - */ -void -auth_reset(unit) - int unit; -{ - lcp_options *go = &lcp_gotoptions[unit]; - lcp_options *ao = &lcp_allowoptions[unit]; - int hadchap; - - hadchap = -1; - ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); - ao->neg_chap = (!refuse_chap || !refuse_mschap || !refuse_mschap_v2) - && (passwd[0] != 0 || - (hadchap = have_chap_secret(user, (explicit_remote? remote_name: - NULL), 0, NULL))); - ao->neg_eap = !refuse_eap && ( - passwd[0] != 0 || - (hadchap == 1 || (hadchap == -1 && have_chap_secret(user, - (explicit_remote? remote_name: NULL), 0, NULL))) || - have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)); - - hadchap = -1; - if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) - go->neg_upap = 0; - if (go->neg_chap) { - if (!(hadchap = have_chap_secret((explicit_remote? remote_name: NULL), - our_name, 1, NULL))) - go->neg_chap = 0; - } - if (go->neg_eap && - (hadchap == 0 || (hadchap == -1 && - !have_chap_secret((explicit_remote? remote_name: NULL), our_name, - 1, NULL))) && - !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, - NULL)) - go->neg_eap = 0; -} - - -/* - * check_passwd - Check the user name and passwd against the PAP secrets - * file. If requested, also check against the system password database, - * and login the user if OK. - * - * returns: - * UPAP_AUTHNAK: Authentication failed. - * UPAP_AUTHACK: Authentication succeeded. - * In either case, msg points to an appropriate message. - */ -int -check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) - int unit; - char *auser; - int userlen; - char *apasswd; - int passwdlen; - char **msg; -{ -#if 1 - return UPAP_AUTHNAK; -#else - int ret; - char *filename; - FILE *f; - struct wordlist *addrs = NULL, *opts = NULL; - char passwd[256], user[256]; - char secret[MAXWORDLEN]; - static int attempts = 0; - - /* - * Make copies of apasswd and auser, then null-terminate them. - * If there are unprintable characters in the password, make - * them visible. - */ - slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd); - slprintf(user, sizeof(user), "%.*v", userlen, auser); - *msg = ""; - - /* - * Check if a plugin wants to handle this. - */ - if (pap_auth_hook) { - ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts); - if (ret >= 0) { - /* note: set_allowed_addrs() saves opts (but not addrs): - don't free it! */ - if (ret) - set_allowed_addrs(unit, addrs, opts); - else if (opts != 0) - free_wordlist(opts); - if (addrs != 0) - free_wordlist(addrs); - BZERO(passwd, sizeof(passwd)); - return ret? UPAP_AUTHACK: UPAP_AUTHNAK; - } - } - - /* - * Open the file of pap secrets and scan for a suitable secret - * for authenticating this user. - */ - filename = _PATH_UPAPFILE; - addrs = opts = NULL; - ret = UPAP_AUTHNAK; - f = fopen(filename, "r"); - if (f == NULL) { - error("Can't open PAP password file %s: %m", filename); - - } else { - check_access(f, filename); - if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename, 0) < 0) { - warn("no PAP secret found for %s", user); - } else { - /* - * If the secret is "@login", it means to check - * the password against the login database. - */ - int login_secret = strcmp(secret, "@login") == 0; - ret = UPAP_AUTHACK; - if (uselogin || login_secret) { - /* login option or secret is @login */ - if ((ret = plogin(user, passwd, msg)) == UPAP_AUTHACK) - used_login = 1; - } - if (secret[0] != 0 && !login_secret) { - /* password given in pap-secrets - must match */ - if ((cryptpap || strcmp(passwd, secret) != 0) - && strcmp(crypt(passwd, secret), secret) != 0) - ret = UPAP_AUTHNAK; - } - } - fclose(f); - } - - if (ret == UPAP_AUTHNAK) { - if (**msg == 0) - *msg = "Login incorrect"; - /* - * XXX can we ever get here more than once?? - * Frustrate passwd stealer programs. - * Allow 10 tries, but start backing off after 3 (stolen from login). - * On 10'th, drop the connection. - */ - if (attempts++ >= 10) { - warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user); - lcp_close(unit, "login failed"); - } - if (attempts > 3) - sleep((u_int) (attempts - 3) * 5); - if (opts != NULL) - free_wordlist(opts); - - } else { - attempts = 0; /* Reset count */ - if (**msg == 0) - *msg = "Login ok"; - set_allowed_addrs(unit, addrs, opts); - } - - if (addrs != NULL) - free_wordlist(addrs); - BZERO(passwd, sizeof(passwd)); - BZERO(secret, sizeof(secret)); - - return ret; -#endif -} - -/* - * This function is needed for PAM. - */ - -#ifdef USE_PAM -/* Static variables used to communicate between the conversation function - * and the server_login function - */ -static char *PAM_username; -static char *PAM_password; -static int PAM_error = 0; -static pam_handle_t *pamh = NULL; - -/* PAM conversation function - * Here we assume (for now, at least) that echo on means login name, and - * echo off means password. - */ - -static int PAM_conv (int num_msg, -#ifndef SOL2 - const -#endif - struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ - int replies = 0; - struct pam_response *reply = NULL; - -#define COPY_STRING(s) (s) ? strdup(s) : NULL - - reply = malloc(sizeof(struct pam_response) * num_msg); - if (!reply) return PAM_CONV_ERR; - - for (replies = 0; replies < num_msg; replies++) { - switch (msg[replies]->msg_style) { - case PAM_PROMPT_ECHO_ON: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(PAM_username); - /* PAM frees resp */ - break; - case PAM_PROMPT_ECHO_OFF: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING(PAM_password); - /* PAM frees resp */ - break; - case PAM_TEXT_INFO: - /* fall through */ - case PAM_ERROR_MSG: - /* ignore it, but pam still wants a NULL response... */ - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = NULL; - break; - default: - /* Must be an error of some sort... */ - free (reply); - PAM_error = 1; - return PAM_CONV_ERR; - } - } - *resp = reply; - return PAM_SUCCESS; -} - -static struct pam_conv PAM_conversation = { - &PAM_conv, - NULL -}; -#endif /* USE_PAM */ - -/* - * plogin - Check the user name and password against the system - * password database, and login the user if OK. - * - * returns: - * UPAP_AUTHNAK: Login failed. - * UPAP_AUTHACK: Login succeeded. - * In either case, msg points to an appropriate message. - */ - -static int -plogin(user, passwd, msg) - char *user; - char *passwd; - char **msg; -{ - char *tty; - -#if 1 - return UPAP_AUTHNAK; -#else -#ifdef USE_PAM - int pam_error; - - pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh); - if (pam_error != PAM_SUCCESS) { - *msg = (char *) pam_strerror (pamh, pam_error); - reopen_log(); - return UPAP_AUTHNAK; - } - /* - * Define the fields for the credential validation - */ - - PAM_username = user; - PAM_password = passwd; - PAM_error = 0; - pam_set_item (pamh, PAM_TTY, devnam); /* this might be useful to some modules */ - - /* - * Validate the user - */ - pam_error = pam_authenticate (pamh, PAM_SILENT); - if (pam_error == PAM_SUCCESS && !PAM_error) { - pam_error = pam_acct_mgmt (pamh, PAM_SILENT); - if (pam_error == PAM_SUCCESS) - pam_error = pam_open_session (pamh, PAM_SILENT); - } - - *msg = (char *) pam_strerror (pamh, pam_error); - - /* - * Clean up the mess - */ - reopen_log(); /* apparently the PAM stuff does closelog() */ - PAM_username = NULL; - PAM_password = NULL; - if (pam_error != PAM_SUCCESS) - return UPAP_AUTHNAK; -#else /* #ifdef USE_PAM */ - -/* - * Use the non-PAM methods directly - */ - -#ifdef HAS_SHADOW - struct spwd *spwd; - struct spwd *getspnam(); -#endif - struct passwd *pw = getpwnam(user); - - endpwent(); - if (pw == NULL) - return (UPAP_AUTHNAK); - -#ifdef HAS_SHADOW - spwd = getspnam(user); - endspent(); - if (spwd) { - /* check the age of the password entry */ - long now = time(NULL) / 86400L; - - if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) - || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) - && spwd->sp_lstchg >= 0 - && now >= spwd->sp_lstchg + spwd->sp_max)) { - warn("Password for %s has expired", user); - return (UPAP_AUTHNAK); - } - pw->pw_passwd = spwd->sp_pwdp; - } -#endif - - /* - * If no passwd, don't let them login. - */ - if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 - || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) - return (UPAP_AUTHNAK); - -#endif /* #ifdef USE_PAM */ - - /* - * Write a wtmp entry for this user. - */ - - tty = devnam; - if (strncmp(tty, "/dev/", 5) == 0) - tty += 5; - logwtmp(tty, user, ifname); /* Add wtmp login entry */ - -#if defined(_PATH_LASTLOG) && !defined(USE_PAM) - if (pw != (struct passwd *)NULL) { - struct lastlog ll; - int fd; - - if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { - (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); - memset((void *)&ll, 0, sizeof(ll)); - (void)time(&ll.ll_time); - (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); - (void)write(fd, (char *)&ll, sizeof(ll)); - (void)close(fd); - } - } -#endif /* _PATH_LASTLOG and not USE_PAM */ - - info("user %s logged in", user); - logged_in = 1; - - return (UPAP_AUTHACK); -#endif -} - -/* - * plogout - Logout the user. - */ -static void -plogout() -{ -#ifdef USE_PAM - int pam_error; - - if (pamh != NULL) { - pam_error = pam_close_session (pamh, PAM_SILENT); - pam_end (pamh, pam_error); - pamh = NULL; - } - /* Apparently the pam stuff does closelog(). */ - reopen_log(); -#else /* ! USE_PAM */ - char *tty; - - tty = devnam; - if (strncmp(tty, "/dev/", 5) == 0) - tty += 5; - logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ -#endif /* ! USE_PAM */ - logged_in = 0; -} - - -/* - * null_login - Check if a username of "" and a password of "" are - * acceptable, and iff so, set the list of acceptable IP addresses - * and return 1. - */ -static int -null_login(unit) - int unit; -{ - char *filename; - FILE *f; - int i, ret; - struct wordlist *addrs, *opts; - char secret[MAXWORDLEN]; - - /* - * Check if a plugin wants to handle this. - */ - ret = -1; - if (null_auth_hook) - ret = (*null_auth_hook)(&addrs, &opts); - - /* - * Open the file of pap secrets and scan for a suitable secret. - */ - if (ret <= 0) { - filename = _PATH_UPAPFILE; - addrs = NULL; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - check_access(f, filename); - - i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename, 0); - ret = i >= 0 && secret[0] == 0; - BZERO(secret, sizeof(secret)); - fclose(f); - } - - if (ret) - set_allowed_addrs(unit, addrs, opts); - else if (opts != 0) - free_wordlist(opts); - if (addrs != 0) - free_wordlist(addrs); - - return ret; -} - - -/* - * get_pap_passwd - get a password for authenticating ourselves with - * our peer using PAP. Returns 1 on success, 0 if no suitable password - * could be found. - * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null). - */ -static int -get_pap_passwd(passwd) - char *passwd; -{ - char *filename; - FILE *f; - int ret; - char secret[MAXWORDLEN]; - - /* - * Check whether a plugin wants to supply this. - */ - if (pap_passwd_hook) { - ret = (*pap_passwd_hook)(user, passwd); - if (ret >= 0) - return ret; - } - - filename = _PATH_UPAPFILE; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - check_access(f, filename); - ret = scan_authfile(f, user, - (remote_name[0]? remote_name: NULL), - secret, NULL, NULL, filename, 0); - fclose(f); - if (ret < 0) - return 0; - if (passwd != NULL) - strlcpy(passwd, secret, MAXSECRETLEN); - BZERO(secret, sizeof(secret)); - return 1; -} - - -/* - * have_pap_secret - check whether we have a PAP file with any - * secrets that we could possibly use for authenticating the peer. - */ -static int -have_pap_secret(lacks_ipp) - int *lacks_ipp; -{ - FILE *f; - int ret; - char *filename; - struct wordlist *addrs; - - /* let the plugin decide, if there is one */ - if (pap_check_hook) { - ret = (*pap_check_hook)(); - if (ret >= 0) - return ret; - } - - filename = _PATH_UPAPFILE; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - - ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, - NULL, &addrs, NULL, filename, 0); - fclose(f); - if (ret >= 0 && !some_ip_ok(addrs)) { - if (lacks_ipp != 0) - *lacks_ipp = 1; - ret = -1; - } - if (addrs != 0) - free_wordlist(addrs); - - return ret >= 0; -} - - -/* - * have_chap_secret - check whether we have a CHAP file with a - * secret that we could possibly use for authenticating `client' - * on `server'. Either can be the null string, meaning we don't - * know the identity yet. - */ -static int -have_chap_secret(client, server, need_ip, lacks_ipp) - char *client; - char *server; - int need_ip; - int *lacks_ipp; -{ - FILE *f; - int ret; - char *filename; - struct wordlist *addrs; - - if (chap_check_hook) { - ret = (*chap_check_hook)(); - if (ret >= 0) { - return ret; - } - } - - filename = _PATH_CHAPFILE; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - - if (client != NULL && client[0] == 0) - client = NULL; - else if (server != NULL && server[0] == 0) - server = NULL; - - ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename, 0); - fclose(f); - if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { - if (lacks_ipp != 0) - *lacks_ipp = 1; - ret = -1; - } - if (addrs != 0) - free_wordlist(addrs); - - return ret >= 0; -} - - -/* - * have_srp_secret - check whether we have a SRP file with a - * secret that we could possibly use for authenticating `client' - * on `server'. Either can be the null string, meaning we don't - * know the identity yet. - */ -static int -have_srp_secret(client, server, need_ip, lacks_ipp) - char *client; - char *server; - int need_ip; - int *lacks_ipp; -{ - FILE *f; - int ret; - char *filename; - struct wordlist *addrs; - - filename = _PATH_SRPFILE; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - - if (client != NULL && client[0] == 0) - client = NULL; - else if (server != NULL && server[0] == 0) - server = NULL; - - ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename, 0); - fclose(f); - if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { - if (lacks_ipp != 0) - *lacks_ipp = 1; - ret = -1; - } - if (addrs != 0) - free_wordlist(addrs); - - return ret >= 0; -} - - -/* - * get_secret - open the CHAP secret file and return the secret - * for authenticating the given client on the given server. - * (We could be either client or server). - */ -int -get_secret(unit, client, server, secret, secret_len, am_server) - int unit; - char *client; - char *server; - char *secret; - int *secret_len; - int am_server; -{ - FILE *f; - int ret, len; - char *filename; - struct wordlist *addrs, *opts; - char secbuf[MAXWORDLEN]; - - if (!am_server && passwd[0] != 0) { - strlcpy(secbuf, passwd, sizeof(secbuf)); - } else if (!am_server && chap_passwd_hook) { - if ( (*chap_passwd_hook)(client, secbuf) < 0) { - error("Unable to obtain CHAP password for %s on %s from plugin", - client, server); - return 0; - } - } else { - filename = _PATH_CHAPFILE; - addrs = NULL; - secbuf[0] = 0; - - f = fopen(filename, "r"); - if (f == NULL) { - error("Can't open chap secret file %s: %m", filename); - return 0; - } - check_access(f, filename); - - ret = scan_authfile(f, client, server, secbuf, &addrs, &opts, filename, 0); - fclose(f); - if (ret < 0) - return 0; - - if (am_server) - set_allowed_addrs(unit, addrs, opts); - else if (opts != 0) - free_wordlist(opts); - if (addrs != 0) - free_wordlist(addrs); - } - - len = strlen(secbuf); - if (len > MAXSECRETLEN) { - error("Secret for %s on %s is too long", client, server); - len = MAXSECRETLEN; - } - BCOPY(secbuf, secret, len); - BZERO(secbuf, sizeof(secbuf)); - *secret_len = len; - - return 1; -} - - -/* - * get_srp_secret - open the SRP secret file and return the secret - * for authenticating the given client on the given server. - * (We could be either client or server). - */ -int -get_srp_secret(unit, client, server, secret, am_server) - int unit; - char *client; - char *server; - char *secret; - int am_server; -{ - FILE *fp; - int ret; - char *filename; - struct wordlist *addrs, *opts; - - if (!am_server && passwd[0] != '\0') { - strlcpy(secret, passwd, MAXWORDLEN); - } else { - filename = _PATH_SRPFILE; - addrs = NULL; - - fp = fopen(filename, "r"); - if (fp == NULL) { - error("Can't open srp secret file %s: %m", filename); - return 0; - } - check_access(fp, filename); - - secret[0] = '\0'; - ret = scan_authfile(fp, client, server, secret, &addrs, &opts, - filename, am_server); - fclose(fp); - if (ret < 0) - return 0; - - if (am_server) - set_allowed_addrs(unit, addrs, opts); - else if (opts != NULL) - free_wordlist(opts); - if (addrs != NULL) - free_wordlist(addrs); - } - - return 1; -} - -/* - * set_allowed_addrs() - set the list of allowed addresses. - * Also looks for `--' indicating options to apply for this peer - * and leaves the following words in extra_options. - */ -static void -set_allowed_addrs(unit, addrs, opts) - int unit; - struct wordlist *addrs; - struct wordlist *opts; -{ - int n; - struct wordlist *ap, **plink; - struct permitted_ip *ip; - char *ptr_word, *ptr_mask; - struct hostent *hp; - struct netent *np; - u_int32_t a, mask, ah, offset; - struct ipcp_options *wo = &ipcp_wantoptions[unit]; - u_int32_t suggested_ip = 0; - - if (addresses[unit] != NULL) - free(addresses[unit]); - addresses[unit] = NULL; - if (extra_options != NULL) - free_wordlist(extra_options); - extra_options = opts; - - /* - * Count the number of IP addresses given. - */ - n = wordlist_count(addrs) + wordlist_count(noauth_addrs); - if (n == 0) - return; - ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip)); - if (ip == 0) - return; - - /* temporarily append the noauth_addrs list to addrs */ - for (plink = &addrs; *plink != NULL; plink = &(*plink)->next) - ; - *plink = noauth_addrs; - - n = 0; - for (ap = addrs; ap != NULL; ap = ap->next) { - /* "-" means no addresses authorized, "*" means any address allowed */ - ptr_word = ap->word; - if (strcmp(ptr_word, "-") == 0) - break; - if (strcmp(ptr_word, "*") == 0) { - ip[n].permit = 1; - ip[n].base = ip[n].mask = 0; - ++n; - break; - } - - ip[n].permit = 1; - if (*ptr_word == '!') { - ip[n].permit = 0; - ++ptr_word; - } - - mask = ~ (u_int32_t) 0; - offset = 0; - ptr_mask = strchr (ptr_word, '/'); - if (ptr_mask != NULL) { - int bit_count; - char *endp; - - bit_count = (int) strtol (ptr_mask+1, &endp, 10); - if (bit_count <= 0 || bit_count > 32) { - warn("invalid address length %v in auth. address list", - ptr_mask+1); - continue; - } - bit_count = 32 - bit_count; /* # bits in host part */ - if (*endp == '+') { - offset = ifunit + 1; - ++endp; - } - if (*endp != 0) { - warn("invalid address length syntax: %v", ptr_mask+1); - continue; - } - *ptr_mask = '\0'; - mask <<= bit_count; - } - - hp = gethostbyname(ptr_word); - if (hp != NULL && hp->h_addrtype == AF_INET) { - a = *(u_int32_t *)hp->h_addr; - } else { - np = getnetbyname (ptr_word); - if (np != NULL && np->n_addrtype == AF_INET) { - a = htonl ((u_int32_t)np->n_net); - if (ptr_mask == NULL) { - /* calculate appropriate mask for net */ - ah = ntohl(a); - if (IN_CLASSA(ah)) - mask = IN_CLASSA_NET; - else if (IN_CLASSB(ah)) - mask = IN_CLASSB_NET; - else if (IN_CLASSC(ah)) - mask = IN_CLASSC_NET; - } - } else { - a = inet_addr (ptr_word); - } - } - - if (ptr_mask != NULL) - *ptr_mask = '/'; - - if (a == (u_int32_t)-1L) { - warn("unknown host %s in auth. address list", ap->word); - continue; - } - if (offset != 0) { - if (offset >= ~mask) { - warn("interface unit %d too large for subnet %v", - ifunit, ptr_word); - continue; - } - a = htonl((ntohl(a) & mask) + offset); - mask = ~(u_int32_t)0; - } - ip[n].mask = htonl(mask); - ip[n].base = a & ip[n].mask; - ++n; - if (~mask == 0 && suggested_ip == 0) - suggested_ip = a; - } - *plink = NULL; - - ip[n].permit = 0; /* make the last entry forbid all addresses */ - ip[n].base = 0; /* to terminate the list */ - ip[n].mask = 0; - - addresses[unit] = ip; - - /* - * If the address given for the peer isn't authorized, or if - * the user hasn't given one, AND there is an authorized address - * which is a single host, then use that if we find one. - */ - if (suggested_ip != 0 - && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) { - wo->hisaddr = suggested_ip; - /* - * Do we insist on this address? No, if there are other - * addresses authorized than the suggested one. - */ - if (n > 1) - wo->accept_remote = 1; - } -} - -/* - * auth_ip_addr - check whether the peer is authorized to use - * a given IP address. Returns 1 if authorized, 0 otherwise. - */ -int -auth_ip_addr(unit, addr) - int unit; - u_int32_t addr; -{ - int ok; - - /* don't allow loopback or multicast address */ - if (bad_ip_adrs(addr)) - return 0; - - if (allowed_address_hook) { - ok = allowed_address_hook(addr); - if (ok >= 0) return ok; - } - - if (addresses[unit] != NULL) { - ok = ip_addr_check(addr, addresses[unit]); - if (ok >= 0) - return ok; - } - - if (auth_required) - return 0; /* no addresses authorized */ - return allow_any_ip || privileged || !have_route_to(addr); -} - -static int -ip_addr_check(addr, addrs) - u_int32_t addr; - struct permitted_ip *addrs; -{ - for (; ; ++addrs) - if ((addr & addrs->mask) == addrs->base) - return addrs->permit; -} - -/* - * bad_ip_adrs - return 1 if the IP address is one we don't want - * to use, such as an address in the loopback net or a multicast address. - * addr is in network byte order. - */ -int -bad_ip_adrs(addr) - u_int32_t addr; -{ - addr = ntohl(addr); - return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET - || IN_MULTICAST(addr) || IN_BADCLASS(addr); -} - -/* - * some_ip_ok - check a wordlist to see if it authorizes any - * IP address(es). - */ -static int -some_ip_ok(addrs) - struct wordlist *addrs; -{ - for (; addrs != 0; addrs = addrs->next) { - if (addrs->word[0] == '-') - break; - if (addrs->word[0] != '!') - return 1; /* some IP address is allowed */ - } - return 0; -} - -/* - * auth_number - check whether the remote number is allowed to connect. - * Returns 1 if authorized, 0 otherwise. - */ -int -auth_number() -{ - struct wordlist *wp = permitted_numbers; - int l; - - /* Allow all if no authorization list. */ - if (!wp) - return 1; - - /* Allow if we have a match in the authorization list. */ - while (wp) { - /* trailing '*' wildcard */ - l = strlen(wp->word); - if ((wp->word)[l - 1] == '*') - l--; - if (!strncasecmp(wp->word, remote_number, l)) - return 1; - wp = wp->next; - } - - return 0; -} - -/* - * check_access - complain if a secret file has too-liberal permissions. - */ -static void -check_access(f, filename) - FILE *f; - char *filename; -{ - struct stat sbuf; - - if (fstat(fileno(f), &sbuf) < 0) { - warn("cannot stat secret file %s: %m", filename); - } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { - warn("Warning - secret file %s has world and/or group access", - filename); - } -} - - -/* - * scan_authfile - Scan an authorization file for a secret suitable - * for authenticating `client' on `server'. The return value is -1 - * if no secret is found, otherwise >= 0. The return value has - * NONWILD_CLIENT set if the secret didn't have "*" for the client, and - * NONWILD_SERVER set if the secret didn't have "*" for the server. - * Any following words on the line up to a "--" (i.e. address authorization - * info) are placed in a wordlist and returned in *addrs. Any - * following words (extra options) are placed in a wordlist and - * returned in *opts. - * We assume secret is NULL or points to MAXWORDLEN bytes of space. - * Flags are non-zero if we need two colons in the secret in order to - * match. - */ -static int -scan_authfile(f, client, server, secret, addrs, opts, filename, flags) - FILE *f; - char *client; - char *server; - char *secret; - struct wordlist **addrs; - struct wordlist **opts; - char *filename; - int flags; -{ - int newline, xxx; - int got_flag, best_flag; - FILE *sf; - struct wordlist *ap, *addr_list, *alist, **app; - char word[MAXWORDLEN]; - char atfile[MAXWORDLEN]; - char lsecret[MAXWORDLEN]; - char *cp; - - if (addrs != NULL) - *addrs = NULL; - if (opts != NULL) - *opts = NULL; - addr_list = NULL; - if (!getword(f, word, &newline, filename)) - return -1; /* file is empty??? */ - newline = 1; - best_flag = -1; - for (;;) { - /* - * Skip until we find a word at the start of a line. - */ - while (!newline && getword(f, word, &newline, filename)) - ; - if (!newline) - break; /* got to end of file */ - - /* - * Got a client - check if it's a match or a wildcard. - */ - got_flag = 0; - if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { - newline = 0; - continue; - } - if (!ISWILD(word)) - got_flag = NONWILD_CLIENT; - - /* - * Now get a server and check if it matches. - */ - if (!getword(f, word, &newline, filename)) - break; - if (newline) - continue; - if (!ISWILD(word)) { - if (server != NULL && strcmp(word, server) != 0) - continue; - got_flag |= NONWILD_SERVER; - } - - /* - * Got some sort of a match - see if it's better than what - * we have already. - */ - if (got_flag <= best_flag) - continue; - - /* - * Get the secret. - */ - if (!getword(f, word, &newline, filename)) - break; - if (newline) - continue; - - /* - * SRP-SHA1 authenticator should never be reading secrets from - * a file. (Authenticatee may, though.) - */ - if (flags && ((cp = strchr(word, ':')) == NULL || - strchr(cp + 1, ':') == NULL)) - continue; - - if (secret != NULL) { - /* - * Special syntax: @/pathname means read secret from file. - */ - if (word[0] == '@' && word[1] == '/') { - strlcpy(atfile, word+1, sizeof(atfile)); - if ((sf = fopen(atfile, "r")) == NULL) { - warn("can't open indirect secret file %s", atfile); - continue; - } - check_access(sf, atfile); - if (!getword(sf, word, &xxx, atfile)) { - warn("no secret in indirect secret file %s", atfile); - fclose(sf); - continue; - } - fclose(sf); - } - strlcpy(lsecret, word, sizeof(lsecret)); - } - - /* - * Now read address authorization info and make a wordlist. - */ - app = &alist; - for (;;) { - if (!getword(f, word, &newline, filename) || newline) - break; - ap = (struct wordlist *) - malloc(sizeof(struct wordlist) + strlen(word) + 1); - if (ap == NULL) - novm("authorized addresses"); - ap->word = (char *) (ap + 1); - strcpy(ap->word, word); - *app = ap; - app = &ap->next; - } - *app = NULL; - - /* - * This is the best so far; remember it. - */ - best_flag = got_flag; - if (addr_list) - free_wordlist(addr_list); - addr_list = alist; - if (secret != NULL) - strlcpy(secret, lsecret, MAXWORDLEN); - - if (!newline) - break; - } - - /* scan for a -- word indicating the start of options */ - for (app = &addr_list; (ap = *app) != NULL; app = &ap->next) - if (strcmp(ap->word, "--") == 0) - break; - /* ap = start of options */ - if (ap != NULL) { - ap = ap->next; /* first option */ - free(*app); /* free the "--" word */ - *app = NULL; /* terminate addr list */ - } - if (opts != NULL) - *opts = ap; - else if (ap != NULL) - free_wordlist(ap); - if (addrs != NULL) - *addrs = addr_list; - else if (addr_list != NULL) - free_wordlist(addr_list); - - return best_flag; -} - -/* - * wordlist_count - return the number of items in a wordlist - */ -static int -wordlist_count(wp) - struct wordlist *wp; -{ - int n; - - for (n = 0; wp != NULL; wp = wp->next) - ++n; - return n; -} - -/* - * free_wordlist - release memory allocated for a wordlist. - */ -static void -free_wordlist(wp) - struct wordlist *wp; -{ - struct wordlist *next; - - while (wp != NULL) { - next = wp->next; - free(wp); - wp = next; - } -} - -/* - * auth_script_done - called when the auth-up or auth-down script - * has finished. - */ -static void -auth_script_done(arg) - void *arg; -{ - auth_script_pid = 0; - switch (auth_script_state) { - case s_up: - if (auth_state == s_down) { - auth_script_state = s_down; - auth_script(_PATH_AUTHDOWN); - } - break; - case s_down: - if (auth_state == s_up) { - auth_script_state = s_up; - auth_script(_PATH_AUTHUP); - } - break; - } -} - -/* - * auth_script - execute a script with arguments - * interface-name peer-name real-user tty speed - */ -static void -auth_script(script) - char *script; -{ - char strspeed[32]; - struct passwd *pw; - char struid[32]; - char *user_name; - char *argv[8]; - - if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) - user_name = pw->pw_name; - else { - slprintf(struid, sizeof(struid), "%d", getuid()); - user_name = struid; - } - slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); - - argv[0] = script; - argv[1] = ifname; - argv[2] = peer_authname; - argv[3] = user_name; - argv[4] = devnam; - argv[5] = strspeed; - argv[6] = NULL; - - auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); -} diff --git a/pppd/cbcp.c b/pppd/cbcp.c deleted file mode 100644 index ab069d4..0000000 --- a/pppd/cbcp.c +++ /dev/null @@ -1,488 +0,0 @@ -/* - * cbcp - Call Back Configuration Protocol. - * - * Copyright (c) 1995 Pedro Roque Marques. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The names of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Pedro Roque Marques - * " - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: cbcp.c,v 1.16 2004/10/28 00:15:36 paulus Exp $" - -#include -#include -#include -#include - -#include "pppd.h" -#include "cbcp.h" -#include "fsm.h" -#include "lcp.h" - -static const char rcsid[] = RCSID; - -/* - * Options. - */ -static int setcbcp __P((char **)); - -static option_t cbcp_option_list[] = { - { "callback", o_special, (void *)setcbcp, - "Ask for callback", OPT_PRIO | OPT_A2STRVAL, &cbcp[0].us_number }, - { NULL } -}; - -/* - * Protocol entry points. - */ -static void cbcp_init __P((int unit)); -static void cbcp_open __P((int unit)); -static void cbcp_lowerup __P((int unit)); -static void cbcp_input __P((int unit, u_char *pkt, int len)); -static void cbcp_protrej __P((int unit)); -static int cbcp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); - -struct protent cbcp_protent = { - PPP_CBCP, - cbcp_init, - cbcp_input, - cbcp_protrej, - cbcp_lowerup, - NULL, - cbcp_open, - NULL, - cbcp_printpkt, - NULL, - 0, - "CBCP", - NULL, - cbcp_option_list, - NULL, - NULL, - NULL -}; - -cbcp_state cbcp[NUM_PPP]; - -/* internal prototypes */ - -static void cbcp_recvreq __P((cbcp_state *us, u_char *pckt, int len)); -static void cbcp_resp __P((cbcp_state *us)); -static void cbcp_up __P((cbcp_state *us)); -static void cbcp_recvack __P((cbcp_state *us, u_char *pckt, int len)); -static void cbcp_send __P((cbcp_state *us, int code, u_char *buf, int len)); - -/* option processing */ -static int -setcbcp(argv) - char **argv; -{ - lcp_wantoptions[0].neg_cbcp = 1; - cbcp_protent.enabled_flag = 1; - cbcp[0].us_number = strdup(*argv); - if (cbcp[0].us_number == 0) - novm("callback number"); - cbcp[0].us_type |= (1 << CB_CONF_USER); - cbcp[0].us_type |= (1 << CB_CONF_ADMIN); - return (1); -} - -/* init state */ -static void -cbcp_init(iface) - int iface; -{ - cbcp_state *us; - - us = &cbcp[iface]; - memset(us, 0, sizeof(cbcp_state)); - us->us_unit = iface; - us->us_type |= (1 << CB_CONF_NO); -} - -/* lower layer is up */ -static void -cbcp_lowerup(iface) - int iface; -{ - cbcp_state *us = &cbcp[iface]; - - dbglog("cbcp_lowerup"); - dbglog("want: %d", us->us_type); - - if (us->us_type == CB_CONF_USER) - dbglog("phone no: %s", us->us_number); -} - -static void -cbcp_open(unit) - int unit; -{ - dbglog("cbcp_open"); -} - -/* process an incomming packet */ -static void -cbcp_input(unit, inpacket, pktlen) - int unit; - u_char *inpacket; - int pktlen; -{ - u_char *inp; - u_char code, id; - u_short len; - - cbcp_state *us = &cbcp[unit]; - - inp = inpacket; - - if (pktlen < CBCP_MINLEN) { - if (debug) - dbglog("CBCP packet is too small"); - return; - } - - GETCHAR(code, inp); - GETCHAR(id, inp); - GETSHORT(len, inp); - - if (len > pktlen || len < CBCP_MINLEN) { - if (debug) - dbglog("CBCP packet: invalid length %d", len); - return; - } - - len -= CBCP_MINLEN; - - switch(code) { - case CBCP_REQ: - us->us_id = id; - cbcp_recvreq(us, inp, len); - break; - - case CBCP_RESP: - if (debug) - dbglog("CBCP_RESP received"); - break; - - case CBCP_ACK: - if (debug && id != us->us_id) - dbglog("id doesn't match: expected %d recv %d", - us->us_id, id); - - cbcp_recvack(us, inp, len); - break; - - default: - break; - } -} - -/* protocol was rejected by foe */ -void cbcp_protrej(int iface) -{ -} - -char *cbcp_codenames[] = { - "Request", "Response", "Ack" -}; - -char *cbcp_optionnames[] = { - "NoCallback", - "UserDefined", - "AdminDefined", - "List" -}; - -/* pretty print a packet */ -static int -cbcp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, opt, id, len, olen, delay; - u_char *pstart; - - if (plen < HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(cbcp_codenames) / sizeof(char *)) - printer(arg, " %s", cbcp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - - switch (code) { - case CBCP_REQ: - case CBCP_RESP: - case CBCP_ACK: - while(len >= 2) { - GETCHAR(opt, p); - GETCHAR(olen, p); - - if (olen < 2 || olen > len) { - break; - } - - printer(arg, " <"); - len -= olen; - - if (opt >= 1 && opt <= sizeof(cbcp_optionnames) / sizeof(char *)) - printer(arg, " %s", cbcp_optionnames[opt-1]); - else - printer(arg, " option=0x%x", opt); - - if (olen > 2) { - GETCHAR(delay, p); - printer(arg, " delay = %d", delay); - } - - if (olen > 3) { - int addrt; - char str[256]; - - GETCHAR(addrt, p); - memcpy(str, p, olen - 4); - str[olen - 4] = 0; - printer(arg, " number = %s", str); - } - printer(arg, ">"); - } - break; - - default: - break; - } - - for (; len > 0; --len) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - - return p - pstart; -} - -/* received CBCP request */ -static void -cbcp_recvreq(us, pckt, pcktlen) - cbcp_state *us; - u_char *pckt; - int pcktlen; -{ - u_char type, opt_len, delay, addr_type; - char address[256]; - int len = pcktlen; - - address[0] = 0; - - while (len >= 2) { - dbglog("length: %d", len); - - GETCHAR(type, pckt); - GETCHAR(opt_len, pckt); - if (opt_len < 2 || opt_len > len) - break; - - if (opt_len > 2) - GETCHAR(delay, pckt); - - us->us_allowed |= (1 << type); - - switch(type) { - case CB_CONF_NO: - dbglog("no callback allowed"); - break; - - case CB_CONF_USER: - dbglog("user callback allowed"); - if (opt_len > 4) { - GETCHAR(addr_type, pckt); - memcpy(address, pckt, opt_len - 4); - address[opt_len - 4] = 0; - if (address[0]) - dbglog("address: %s", address); - } - break; - - case CB_CONF_ADMIN: - dbglog("user admin defined allowed"); - break; - - case CB_CONF_LIST: - break; - } - len -= opt_len; - } - if (len != 0) { - if (debug) - dbglog("cbcp_recvreq: malformed packet (%d bytes left)", len); - return; - } - - cbcp_resp(us); -} - -static void -cbcp_resp(us) - cbcp_state *us; -{ - u_char cb_type; - u_char buf[256]; - u_char *bufp = buf; - int len = 0; - int slen; - - cb_type = us->us_allowed & us->us_type; - dbglog("cbcp_resp cb_type=%d", cb_type); - -#if 0 - if (!cb_type) - lcp_down(us->us_unit); -#endif - - if (cb_type & ( 1 << CB_CONF_USER ) ) { - dbglog("cbcp_resp CONF_USER"); - slen = strlen(us->us_number); - if (slen > 250) { - warn("callback number truncated to 250 characters"); - slen = 250; - } - PUTCHAR(CB_CONF_USER, bufp); - len = 3 + 1 + slen + 1; - PUTCHAR(len , bufp); - PUTCHAR(5, bufp); /* delay */ - PUTCHAR(1, bufp); - BCOPY(us->us_number, bufp, slen + 1); - cbcp_send(us, CBCP_RESP, buf, len); - return; - } - - if (cb_type & ( 1 << CB_CONF_ADMIN ) ) { - dbglog("cbcp_resp CONF_ADMIN"); - PUTCHAR(CB_CONF_ADMIN, bufp); - len = 3; - PUTCHAR(len, bufp); - PUTCHAR(5, bufp); /* delay */ - cbcp_send(us, CBCP_RESP, buf, len); - return; - } - - if (cb_type & ( 1 << CB_CONF_NO ) ) { - dbglog("cbcp_resp CONF_NO"); - PUTCHAR(CB_CONF_NO, bufp); - len = 2; - PUTCHAR(len , bufp); - cbcp_send(us, CBCP_RESP, buf, len); - start_networks(us->us_unit); - return; - } -} - -static void -cbcp_send(us, code, buf, len) - cbcp_state *us; - int code; - u_char *buf; - int len; -{ - u_char *outp; - int outlen; - - outp = outpacket_buf; - - outlen = 4 + len; - - MAKEHEADER(outp, PPP_CBCP); - - PUTCHAR(code, outp); - PUTCHAR(us->us_id, outp); - PUTSHORT(outlen, outp); - - if (len) - BCOPY(buf, outp, len); - - output(us->us_unit, outpacket_buf, outlen + PPP_HDRLEN); -} - -static void -cbcp_recvack(us, pckt, len) - cbcp_state *us; - u_char *pckt; - int len; -{ - u_char type, delay, addr_type; - int opt_len; - char address[256]; - - if (len >= 2) { - GETCHAR(type, pckt); - GETCHAR(opt_len, pckt); - if (opt_len >= 2 && opt_len <= len) { - - if (opt_len > 2) - GETCHAR(delay, pckt); - - if (opt_len > 4) { - GETCHAR(addr_type, pckt); - memcpy(address, pckt, opt_len - 4); - address[opt_len - 4] = 0; - if (address[0]) - dbglog("peer will call: %s", address); - } - if (type == CB_CONF_NO) - return; - - cbcp_up(us); - - } else if (debug) - dbglog("cbcp_recvack: malformed packet"); - } -} - -/* ok peer will do callback */ -static void -cbcp_up(us) - cbcp_state *us; -{ - persist = 0; - lcp_close(0, "Call me back, please"); - status = EXIT_CALLBACK; -} diff --git a/pppd/cbcp.h b/pppd/cbcp.h deleted file mode 100644 index c2ab3f6..0000000 --- a/pppd/cbcp.h +++ /dev/null @@ -1,26 +0,0 @@ -#ifndef CBCP_H -#define CBCP_H - -typedef struct cbcp_state { - int us_unit; /* Interface unit number */ - u_char us_id; /* Current id */ - u_char us_allowed; - int us_type; - char *us_number; /* Telefone Number */ -} cbcp_state; - -extern cbcp_state cbcp[]; - -extern struct protent cbcp_protent; - -#define CBCP_MINLEN 4 - -#define CBCP_REQ 1 -#define CBCP_RESP 2 -#define CBCP_ACK 3 - -#define CB_CONF_NO 1 -#define CB_CONF_USER 2 -#define CB_CONF_ADMIN 3 -#define CB_CONF_LIST 4 -#endif diff --git a/pppd/ccp.c b/pppd/ccp.c deleted file mode 100644 index fd51952..0000000 --- a/pppd/ccp.c +++ /dev/null @@ -1,1674 +0,0 @@ -/* - * ccp.c - PPP Compression Control Protocol. - * - * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: ccp.c,v 1.48 2004/11/13 02:28:15 paulus Exp $" - -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "ccp.h" -#include - -#ifdef MPPE -#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ -#include "lcp.h" /* lcp_close(), lcp_fsm */ -#endif - -static const char rcsid[] = RCSID; - -/* - * Unfortunately there is a bug in zlib which means that using a - * size of 8 (window size = 256) for Deflate compression will cause - * buffer overruns and kernel crashes in the deflate module. - * Until this is fixed we only accept sizes in the range 9 .. 15. - * Thanks to James Carlson for pointing this out. - */ -#define DEFLATE_MIN_WORKS 9 - -/* - * Command-line options. - */ -static int setbsdcomp __P((char **)); -static int setdeflate __P((char **)); -static char bsd_value[8]; -static char deflate_value[8]; - -/* - * Option variables. - */ -#ifdef MPPE -bool refuse_mppe_stateful = 1; /* Allow stateful mode? */ -#endif - -static option_t ccp_option_list[] = { - { "noccp", o_bool, &ccp_protent.enabled_flag, - "Disable CCP negotiation" }, - { "-ccp", o_bool, &ccp_protent.enabled_flag, - "Disable CCP negotiation", OPT_ALIAS }, - - { "bsdcomp", o_special, (void *)setbsdcomp, - "Request BSD-Compress packet compression", - OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, bsd_value }, - { "nobsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress, - "don't allow BSD-Compress", OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].bsd_compress }, - { "-bsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress, - "don't allow BSD-Compress", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].bsd_compress }, - - { "deflate", o_special, (void *)setdeflate, - "request Deflate compression", - OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, deflate_value }, - { "nodeflate", o_bool, &ccp_wantoptions[0].deflate, - "don't allow Deflate compression", OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].deflate }, - { "-deflate", o_bool, &ccp_wantoptions[0].deflate, - "don't allow Deflate compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].deflate }, - - { "nodeflatedraft", o_bool, &ccp_wantoptions[0].deflate_draft, - "don't use draft deflate #", OPT_A2COPY, - &ccp_allowoptions[0].deflate_draft }, - - { "predictor1", o_bool, &ccp_wantoptions[0].predictor_1, - "request Predictor-1", OPT_PRIO | 1 }, - { "nopredictor1", o_bool, &ccp_wantoptions[0].predictor_1, - "don't allow Predictor-1", OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].predictor_1 }, - { "-predictor1", o_bool, &ccp_wantoptions[0].predictor_1, - "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, - &ccp_allowoptions[0].predictor_1 }, - -#ifdef MPPE - /* MPPE options are symmetrical ... we only set wantoptions here */ - { "require-mppe", o_bool, &ccp_wantoptions[0].mppe, - "require MPPE encryption", - OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, - { "+mppe", o_bool, &ccp_wantoptions[0].mppe, - "require MPPE encryption", - OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, - { "nomppe", o_bool, &ccp_wantoptions[0].mppe, - "don't allow MPPE encryption", OPT_PRIO }, - { "-mppe", o_bool, &ccp_wantoptions[0].mppe, - "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO }, - - /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */ - { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe, - "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, - &ccp_wantoptions[0].mppe }, - { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe, - "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, - &ccp_wantoptions[0].mppe }, - { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe, - "don't allow MPPE 40-bit encryption", - OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe }, - { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe, - "don't allow MPPE 40-bit encryption", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, - &ccp_wantoptions[0].mppe }, - - { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe, - "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128, - &ccp_wantoptions[0].mppe }, - { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe, - "require MPPE 128-bit encryption", - OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128, - &ccp_wantoptions[0].mppe }, - { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe, - "don't allow MPPE 128-bit encryption", - OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe }, - { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe, - "don't allow MPPE 128-bit encryption", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, - &ccp_wantoptions[0].mppe }, - - /* strange one; we always request stateless, but will we allow stateful? */ - { "mppe-stateful", o_bool, &refuse_mppe_stateful, - "allow MPPE stateful mode", OPT_PRIO }, - { "nomppe-stateful", o_bool, &refuse_mppe_stateful, - "disallow MPPE stateful mode", OPT_PRIO | 1 }, -#endif /* MPPE */ - - { NULL } -}; - -/* - * Protocol entry points from main code. - */ -static void ccp_init __P((int unit)); -static void ccp_open __P((int unit)); -static void ccp_close __P((int unit, char *)); -static void ccp_lowerup __P((int unit)); -static void ccp_lowerdown __P((int)); -static void ccp_input __P((int unit, u_char *pkt, int len)); -static void ccp_protrej __P((int unit)); -static int ccp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); -static void ccp_datainput __P((int unit, u_char *pkt, int len)); - -struct protent ccp_protent = { - PPP_CCP, - ccp_init, - ccp_input, - ccp_protrej, - ccp_lowerup, - ccp_lowerdown, - ccp_open, - ccp_close, - ccp_printpkt, - ccp_datainput, - 1, - "CCP", - "Compressed", - ccp_option_list, - NULL, - NULL, - NULL -}; - -fsm ccp_fsm[NUM_PPP]; -ccp_options ccp_wantoptions[NUM_PPP]; /* what to request the peer to use */ -ccp_options ccp_gotoptions[NUM_PPP]; /* what the peer agreed to do */ -ccp_options ccp_allowoptions[NUM_PPP]; /* what we'll agree to do */ -ccp_options ccp_hisoptions[NUM_PPP]; /* what we agreed to do */ - -/* - * Callbacks for fsm code. - */ -static void ccp_resetci __P((fsm *)); -static int ccp_cilen __P((fsm *)); -static void ccp_addci __P((fsm *, u_char *, int *)); -static int ccp_ackci __P((fsm *, u_char *, int)); -static int ccp_nakci __P((fsm *, u_char *, int, int)); -static int ccp_rejci __P((fsm *, u_char *, int)); -static int ccp_reqci __P((fsm *, u_char *, int *, int)); -static void ccp_up __P((fsm *)); -static void ccp_down __P((fsm *)); -static int ccp_extcode __P((fsm *, int, int, u_char *, int)); -static void ccp_rack_timeout __P((void *)); -static char *method_name __P((ccp_options *, ccp_options *)); - -static fsm_callbacks ccp_callbacks = { - ccp_resetci, - ccp_cilen, - ccp_addci, - ccp_ackci, - ccp_nakci, - ccp_rejci, - ccp_reqci, - ccp_up, - ccp_down, - NULL, - NULL, - NULL, - NULL, - ccp_extcode, - "CCP" -}; - -/* - * Do we want / did we get any compression? - */ -#define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \ - || (opt).predictor_1 || (opt).predictor_2 \ - || (opt).mppe) - -/* - * Local state (mainly for handling reset-reqs and reset-acks). - */ -static int ccp_localstate[NUM_PPP]; -#define RACK_PENDING 1 /* waiting for reset-ack */ -#define RREQ_REPEAT 2 /* send another reset-req if no reset-ack */ - -#define RACKTIMEOUT 1 /* second */ - -static int all_rejected[NUM_PPP]; /* we rejected all peer's options */ - -/* - * Option parsing. - */ -static int -setbsdcomp(argv) - char **argv; -{ - int rbits, abits; - char *str, *endp; - - str = *argv; - abits = rbits = strtol(str, &endp, 0); - if (endp != str && *endp == ',') { - str = endp + 1; - abits = strtol(str, &endp, 0); - } - if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for bsdcomp option", *argv); - return 0; - } - if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS)) - || (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) { - option_error("bsdcomp option values must be 0 or %d .. %d", - BSD_MIN_BITS, BSD_MAX_BITS); - return 0; - } - if (rbits > 0) { - ccp_wantoptions[0].bsd_compress = 1; - ccp_wantoptions[0].bsd_bits = rbits; - } else - ccp_wantoptions[0].bsd_compress = 0; - if (abits > 0) { - ccp_allowoptions[0].bsd_compress = 1; - ccp_allowoptions[0].bsd_bits = abits; - } else - ccp_allowoptions[0].bsd_compress = 0; - slprintf(bsd_value, sizeof(bsd_value), - rbits == abits? "%d": "%d,%d", rbits, abits); - - return 1; -} - -static int -setdeflate(argv) - char **argv; -{ - int rbits, abits; - char *str, *endp; - - str = *argv; - abits = rbits = strtol(str, &endp, 0); - if (endp != str && *endp == ',') { - str = endp + 1; - abits = strtol(str, &endp, 0); - } - if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for deflate option", *argv); - return 0; - } - if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE)) - || (abits != 0 && (abits < DEFLATE_MIN_SIZE - || abits > DEFLATE_MAX_SIZE))) { - option_error("deflate option values must be 0 or %d .. %d", - DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE); - return 0; - } - if (rbits == DEFLATE_MIN_SIZE || abits == DEFLATE_MIN_SIZE) { - if (rbits == DEFLATE_MIN_SIZE) - rbits = DEFLATE_MIN_WORKS; - if (abits == DEFLATE_MIN_SIZE) - abits = DEFLATE_MIN_WORKS; - warn("deflate option value of %d changed to %d to avoid zlib bug", - DEFLATE_MIN_SIZE, DEFLATE_MIN_WORKS); - } - if (rbits > 0) { - ccp_wantoptions[0].deflate = 1; - ccp_wantoptions[0].deflate_size = rbits; - } else - ccp_wantoptions[0].deflate = 0; - if (abits > 0) { - ccp_allowoptions[0].deflate = 1; - ccp_allowoptions[0].deflate_size = abits; - } else - ccp_allowoptions[0].deflate = 0; - slprintf(deflate_value, sizeof(deflate_value), - rbits == abits? "%d": "%d,%d", rbits, abits); - - return 1; -} - -/* - * ccp_init - initialize CCP. - */ -static void -ccp_init(unit) - int unit; -{ - fsm *f = &ccp_fsm[unit]; - - f->unit = unit; - f->protocol = PPP_CCP; - f->callbacks = &ccp_callbacks; - fsm_init(f); - - memset(&ccp_wantoptions[unit], 0, sizeof(ccp_options)); - memset(&ccp_gotoptions[unit], 0, sizeof(ccp_options)); - memset(&ccp_allowoptions[unit], 0, sizeof(ccp_options)); - memset(&ccp_hisoptions[unit], 0, sizeof(ccp_options)); - - ccp_wantoptions[0].deflate = 1; - ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE; - ccp_wantoptions[0].deflate_correct = 1; - ccp_wantoptions[0].deflate_draft = 1; - ccp_allowoptions[0].deflate = 1; - ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE; - ccp_allowoptions[0].deflate_correct = 1; - ccp_allowoptions[0].deflate_draft = 1; - - ccp_wantoptions[0].bsd_compress = 1; - ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS; - ccp_allowoptions[0].bsd_compress = 1; - ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; - - ccp_allowoptions[0].predictor_1 = 1; -} - -/* - * ccp_open - CCP is allowed to come up. - */ -static void -ccp_open(unit) - int unit; -{ - fsm *f = &ccp_fsm[unit]; - - if (f->state != OPENED) - ccp_flags_set(unit, 1, 0); - - /* - * Find out which compressors the kernel supports before - * deciding whether to open in silent mode. - */ - ccp_resetci(f); - if (!ANY_COMPRESS(ccp_gotoptions[unit])) - f->flags |= OPT_SILENT; - - fsm_open(f); -} - -/* - * ccp_close - Terminate CCP. - */ -static void -ccp_close(unit, reason) - int unit; - char *reason; -{ - ccp_flags_set(unit, 0, 0); - fsm_close(&ccp_fsm[unit], reason); -} - -/* - * ccp_lowerup - we may now transmit CCP packets. - */ -static void -ccp_lowerup(unit) - int unit; -{ - fsm_lowerup(&ccp_fsm[unit]); -} - -/* - * ccp_lowerdown - we may not transmit CCP packets. - */ -static void -ccp_lowerdown(unit) - int unit; -{ - fsm_lowerdown(&ccp_fsm[unit]); -} - -/* - * ccp_input - process a received CCP packet. - */ -static void -ccp_input(unit, p, len) - int unit; - u_char *p; - int len; -{ - fsm *f = &ccp_fsm[unit]; - int oldstate; - - /* - * Check for a terminate-request so we can print a message. - */ - oldstate = f->state; - fsm_input(f, p, len); - if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { - notice("Compression disabled by peer."); -#ifdef MPPE - if (ccp_gotoptions[unit].mppe) { - error("MPPE disabled, closing LCP"); - lcp_close(unit, "MPPE disabled by peer"); - } -#endif - } - - /* - * If we get a terminate-ack and we're not asking for compression, - * close CCP. - */ - if (oldstate == REQSENT && p[0] == TERMACK - && !ANY_COMPRESS(ccp_gotoptions[unit])) - ccp_close(unit, "No compression negotiated"); -} - -/* - * Handle a CCP-specific code. - */ -static int -ccp_extcode(f, code, id, p, len) - fsm *f; - int code, id; - u_char *p; - int len; -{ - switch (code) { - case CCP_RESETREQ: - if (f->state != OPENED) - break; - /* send a reset-ack, which the transmitter will see and - reset its compression state. */ - fsm_sdata(f, CCP_RESETACK, id, NULL, 0); - break; - - case CCP_RESETACK: - if (ccp_localstate[f->unit] & RACK_PENDING && id == f->reqid) { - ccp_localstate[f->unit] &= ~(RACK_PENDING | RREQ_REPEAT); - UNTIMEOUT(ccp_rack_timeout, f); - } - break; - - default: - return 0; - } - - return 1; -} - -/* - * ccp_protrej - peer doesn't talk CCP. - */ -static void -ccp_protrej(unit) - int unit; -{ - ccp_flags_set(unit, 0, 0); - fsm_lowerdown(&ccp_fsm[unit]); - -#ifdef MPPE - if (ccp_gotoptions[unit].mppe) { - error("MPPE required but peer negotiation failed"); - lcp_close(unit, "MPPE required but peer negotiation failed"); - } -#endif - -} - -/* - * ccp_resetci - initialize at start of negotiation. - */ -static void -ccp_resetci(f) - fsm *f; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - u_char opt_buf[CCP_MAX_OPTION_LENGTH]; - - *go = ccp_wantoptions[f->unit]; - all_rejected[f->unit] = 0; - -#ifdef MPPE - if (go->mppe) { - ccp_options *ao = &ccp_allowoptions[f->unit]; - int auth_mschap_bits = auth_done[f->unit]; - int numbits; - - /* - * Start with a basic sanity check: mschap[v2] auth must be in - * exactly one direction. RFC 3079 says that the keys are - * 'derived from the credentials of the peer that initiated the call', - * however the PPP protocol doesn't have such a concept, and pppd - * cannot get this info externally. Instead we do the best we can. - * NB: If MPPE is required, all other compression opts are invalid. - * So, we return right away if we can't do it. - */ - - /* Leave only the mschap auth bits set */ - auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | - CHAP_MS2_WITHPEER | CHAP_MS2_PEER); - /* Count the mschap auths */ - auth_mschap_bits >>= CHAP_MS_SHIFT; - numbits = 0; - do { - numbits += auth_mschap_bits & 1; - auth_mschap_bits >>= 1; - } while (auth_mschap_bits); - if (numbits > 1) { - error("MPPE required, but auth done in both directions."); - lcp_close(f->unit, "MPPE required but not available"); - return; - } - if (!numbits) { - error("MPPE required, but MS-CHAP[v2] auth not performed."); - lcp_close(f->unit, "MPPE required but not available"); - return; - } - - /* A plugin (eg radius) may not have obtained key material. */ - if (!mppe_keys_set) { - error("MPPE required, but keys are not available. " - "Possible plugin problem?"); - lcp_close(f->unit, "MPPE required but not available"); - return; - } - - /* LM auth not supported for MPPE */ - if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { - /* This might be noise */ - if (go->mppe & MPPE_OPT_40) { - notice("Disabling 40-bit MPPE; MS-CHAP LM not supported"); - go->mppe &= ~MPPE_OPT_40; - ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40; - } - } - - /* Last check: can we actually negotiate something? */ - if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) { - /* Could be misconfig, could be 40-bit disabled above. */ - error("MPPE required, but both 40-bit and 128-bit disabled."); - lcp_close(f->unit, "MPPE required but not available"); - return; - } - - /* sync options */ - ao->mppe = go->mppe; - /* MPPE is not compatible with other compression types */ - ao->bsd_compress = go->bsd_compress = 0; - ao->predictor_1 = go->predictor_1 = 0; - ao->predictor_2 = go->predictor_2 = 0; - ao->deflate = go->deflate = 0; - } -#endif /* MPPE */ - - /* - * Check whether the kernel knows about the various - * compression methods we might request. - */ -#ifdef MPPE - if (go->mppe) { - opt_buf[0] = CI_MPPE; - opt_buf[1] = CILEN_MPPE; - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); - /* Key material unimportant here. */ - if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) { - error("MPPE required, but kernel has no support."); - lcp_close(f->unit, "MPPE required but not available"); - } - } -#endif - if (go->bsd_compress) { - opt_buf[0] = CI_BSD_COMPRESS; - opt_buf[1] = CILEN_BSD_COMPRESS; - opt_buf[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, BSD_MIN_BITS); - if (ccp_test(f->unit, opt_buf, CILEN_BSD_COMPRESS, 0) <= 0) - go->bsd_compress = 0; - } - if (go->deflate) { - if (go->deflate_correct) { - opt_buf[0] = CI_DEFLATE; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) - go->deflate_correct = 0; - } - if (go->deflate_draft) { - opt_buf[0] = CI_DEFLATE_DRAFT; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) - go->deflate_draft = 0; - } - if (!go->deflate_correct && !go->deflate_draft) - go->deflate = 0; - } - if (go->predictor_1) { - opt_buf[0] = CI_PREDICTOR_1; - opt_buf[1] = CILEN_PREDICTOR_1; - if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_1, 0) <= 0) - go->predictor_1 = 0; - } - if (go->predictor_2) { - opt_buf[0] = CI_PREDICTOR_2; - opt_buf[1] = CILEN_PREDICTOR_2; - if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_2, 0) <= 0) - go->predictor_2 = 0; - } -} - -/* - * ccp_cilen - Return total length of our configuration info. - */ -static int -ccp_cilen(f) - fsm *f; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - - return (go->bsd_compress? CILEN_BSD_COMPRESS: 0) - + (go->deflate? CILEN_DEFLATE: 0) - + (go->predictor_1? CILEN_PREDICTOR_1: 0) - + (go->predictor_2? CILEN_PREDICTOR_2: 0) - + (go->mppe? CILEN_MPPE: 0); -} - -/* - * ccp_addci - put our requests in a packet. - */ -static void -ccp_addci(f, p, lenp) - fsm *f; - u_char *p; - int *lenp; -{ - int res; - ccp_options *go = &ccp_gotoptions[f->unit]; - u_char *p0 = p; - - /* - * Add the compression types that we can receive, in decreasing - * preference order. Get the kernel to allocate the first one - * in case it gets Acked. - */ -#ifdef MPPE - if (go->mppe) { - u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; - - p[0] = opt_buf[0] = CI_MPPE; - p[1] = opt_buf[1] = CILEN_MPPE; - MPPE_OPTS_TO_CI(go->mppe, &p[2]); - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); - BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); - res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); - if (res > 0) - p += CILEN_MPPE; - else - /* This shouldn't happen, we've already tested it! */ - lcp_close(f->unit, "MPPE required but not available in kernel"); - } -#endif - if (go->deflate) { - p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; - p[1] = CILEN_DEFLATE; - p[2] = DEFLATE_MAKE_OPT(go->deflate_size); - p[3] = DEFLATE_CHK_SEQUENCE; - if (p != p0) { - p += CILEN_DEFLATE; - } else { - for (;;) { - if (go->deflate_size < DEFLATE_MIN_WORKS) { - go->deflate = 0; - break; - } - res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); - if (res > 0) { - p += CILEN_DEFLATE; - break; - } else if (res < 0) { - go->deflate = 0; - break; - } - --go->deflate_size; - p[2] = DEFLATE_MAKE_OPT(go->deflate_size); - } - } - if (p != p0 && go->deflate_correct && go->deflate_draft) { - p[0] = CI_DEFLATE_DRAFT; - p[1] = CILEN_DEFLATE; - p[2] = p[2 - CILEN_DEFLATE]; - p[3] = DEFLATE_CHK_SEQUENCE; - p += CILEN_DEFLATE; - } - } - if (go->bsd_compress) { - p[0] = CI_BSD_COMPRESS; - p[1] = CILEN_BSD_COMPRESS; - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits); - if (p != p0) { - p += CILEN_BSD_COMPRESS; /* not the first option */ - } else { - for (;;) { - if (go->bsd_bits < BSD_MIN_BITS) { - go->bsd_compress = 0; - break; - } - res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0); - if (res > 0) { - p += CILEN_BSD_COMPRESS; - break; - } else if (res < 0) { - go->bsd_compress = 0; - break; - } - --go->bsd_bits; - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits); - } - } - } - /* XXX Should Predictor 2 be preferable to Predictor 1? */ - if (go->predictor_1) { - p[0] = CI_PREDICTOR_1; - p[1] = CILEN_PREDICTOR_1; - if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 0) <= 0) { - go->predictor_1 = 0; - } else { - p += CILEN_PREDICTOR_1; - } - } - if (go->predictor_2) { - p[0] = CI_PREDICTOR_2; - p[1] = CILEN_PREDICTOR_2; - if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 0) <= 0) { - go->predictor_2 = 0; - } else { - p += CILEN_PREDICTOR_2; - } - } - - go->method = (p > p0)? p0[0]: -1; - - *lenp = p - p0; -} - -/* - * ccp_ackci - process a received configure-ack, and return - * 1 iff the packet was OK. - */ -static int -ccp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - u_char *p0 = p; - -#ifdef MPPE - if (go->mppe) { - u_char opt_buf[CILEN_MPPE]; - - opt_buf[0] = CI_MPPE; - opt_buf[1] = CILEN_MPPE; - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); - if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE)) - return 0; - p += CILEN_MPPE; - len -= CILEN_MPPE; - /* XXX Cope with first/fast ack */ - if (len == 0) - return 1; - } -#endif - if (go->deflate) { - if (len < CILEN_DEFLATE - || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) - || p[1] != CILEN_DEFLATE - || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - /* XXX Cope with first/fast ack */ - if (len == 0) - return 1; - if (go->deflate_correct && go->deflate_draft) { - if (len < CILEN_DEFLATE - || p[0] != CI_DEFLATE_DRAFT - || p[1] != CILEN_DEFLATE - || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - } - if (go->bsd_compress) { - if (len < CILEN_BSD_COMPRESS - || p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS - || p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits)) - return 0; - p += CILEN_BSD_COMPRESS; - len -= CILEN_BSD_COMPRESS; - /* XXX Cope with first/fast ack */ - if (p == p0 && len == 0) - return 1; - } - if (go->predictor_1) { - if (len < CILEN_PREDICTOR_1 - || p[0] != CI_PREDICTOR_1 || p[1] != CILEN_PREDICTOR_1) - return 0; - p += CILEN_PREDICTOR_1; - len -= CILEN_PREDICTOR_1; - /* XXX Cope with first/fast ack */ - if (p == p0 && len == 0) - return 1; - } - if (go->predictor_2) { - if (len < CILEN_PREDICTOR_2 - || p[0] != CI_PREDICTOR_2 || p[1] != CILEN_PREDICTOR_2) - return 0; - p += CILEN_PREDICTOR_2; - len -= CILEN_PREDICTOR_2; - /* XXX Cope with first/fast ack */ - if (p == p0 && len == 0) - return 1; - } - - if (len != 0) - return 0; - return 1; -} - -/* - * ccp_nakci - process received configure-nak. - * Returns 1 iff the nak was OK. - */ -static int -ccp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - ccp_options no; /* options we've seen already */ - ccp_options try; /* options to ask for next time */ - - memset(&no, 0, sizeof(no)); - try = *go; - -#ifdef MPPE - if (go->mppe && len >= CILEN_MPPE - && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { - no.mppe = 1; - /* - * Peer wants us to use a different strength or other setting. - * Fail if we aren't willing to use his suggestion. - */ - MPPE_CI_TO_OPTS(&p[2], try.mppe); - if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) { - error("Refusing MPPE stateful mode offered by peer"); - try.mppe = 0; - } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) { - /* Peer must have set options we didn't request (suggest) */ - try.mppe = 0; - } - - if (!try.mppe) { - error("MPPE required but peer negotiation failed"); - lcp_close(f->unit, "MPPE required but peer negotiation failed"); - } - } -#endif /* MPPE */ - if (go->deflate && len >= CILEN_DEFLATE - && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) - && p[1] == CILEN_DEFLATE) { - no.deflate = 1; - /* - * Peer wants us to use a different code size or something. - * Stop asking for Deflate if we don't understand his suggestion. - */ - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL - || DEFLATE_SIZE(p[2]) < DEFLATE_MIN_WORKS - || p[3] != DEFLATE_CHK_SEQUENCE) - try.deflate = 0; - else if (DEFLATE_SIZE(p[2]) < go->deflate_size) - try.deflate_size = DEFLATE_SIZE(p[2]); - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - if (go->deflate_correct && go->deflate_draft - && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT - && p[1] == CILEN_DEFLATE) { - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - } - - if (go->bsd_compress && len >= CILEN_BSD_COMPRESS - && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { - no.bsd_compress = 1; - /* - * Peer wants us to use a different number of bits - * or a different version. - */ - if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION) - try.bsd_compress = 0; - else if (BSD_NBITS(p[2]) < go->bsd_bits) - try.bsd_bits = BSD_NBITS(p[2]); - p += CILEN_BSD_COMPRESS; - len -= CILEN_BSD_COMPRESS; - } - - /* - * Predictor-1 and 2 have no options, so they can't be Naked. - * - * There may be remaining options but we ignore them. - */ - - if (f->state != OPENED) - *go = try; - return 1; -} - -/* - * ccp_rejci - reject some of our suggested compression methods. - */ -static int -ccp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - ccp_options try; /* options to request next time */ - - try = *go; - - /* - * Cope with empty configure-rejects by ceasing to send - * configure-requests. - */ - if (len == 0 && all_rejected[f->unit]) - return -1; - -#ifdef MPPE - if (go->mppe && len >= CILEN_MPPE - && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { - error("MPPE required but peer refused"); - lcp_close(f->unit, "MPPE required but peer refused"); - p += CILEN_MPPE; - len -= CILEN_MPPE; - } -#endif - if (go->deflate_correct && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { - if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; /* Rej is bad */ - try.deflate_correct = 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - if (go->deflate_draft && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE_DRAFT && p[1] == CILEN_DEFLATE) { - if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; /* Rej is bad */ - try.deflate_draft = 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - if (!try.deflate_correct && !try.deflate_draft) - try.deflate = 0; - if (go->bsd_compress && len >= CILEN_BSD_COMPRESS - && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { - if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits)) - return 0; - try.bsd_compress = 0; - p += CILEN_BSD_COMPRESS; - len -= CILEN_BSD_COMPRESS; - } - if (go->predictor_1 && len >= CILEN_PREDICTOR_1 - && p[0] == CI_PREDICTOR_1 && p[1] == CILEN_PREDICTOR_1) { - try.predictor_1 = 0; - p += CILEN_PREDICTOR_1; - len -= CILEN_PREDICTOR_1; - } - if (go->predictor_2 && len >= CILEN_PREDICTOR_2 - && p[0] == CI_PREDICTOR_2 && p[1] == CILEN_PREDICTOR_2) { - try.predictor_2 = 0; - p += CILEN_PREDICTOR_2; - len -= CILEN_PREDICTOR_2; - } - - if (len != 0) - return 0; - - if (f->state != OPENED) - *go = try; - - return 1; -} - -/* - * ccp_reqci - processed a received configure-request. - * Returns CONFACK, CONFNAK or CONFREJ and the packet modified - * appropriately. - */ -static int -ccp_reqci(f, p, lenp, dont_nak) - fsm *f; - u_char *p; - int *lenp; - int dont_nak; -{ - int ret, newret, res; - u_char *p0, *retp; - int len, clen, type, nb; - ccp_options *ho = &ccp_hisoptions[f->unit]; - ccp_options *ao = &ccp_allowoptions[f->unit]; -#ifdef MPPE - bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ - /* CI_MPPE, or due to other options? */ -#endif - - ret = CONFACK; - retp = p0 = p; - len = *lenp; - - memset(ho, 0, sizeof(ccp_options)); - ho->method = (len > 0)? p[0]: -1; - - while (len > 0) { - newret = CONFACK; - if (len < 2 || p[1] < 2 || p[1] > len) { - /* length is bad */ - clen = len; - newret = CONFREJ; - - } else { - type = p[0]; - clen = p[1]; - - switch (type) { -#ifdef MPPE - case CI_MPPE: - if (!ao->mppe || clen != CILEN_MPPE) { - newret = CONFREJ; - break; - } - MPPE_CI_TO_OPTS(&p[2], ho->mppe); - - /* Nak if anything unsupported or unknown are set. */ - if (ho->mppe & MPPE_OPT_UNSUPPORTED) { - newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNSUPPORTED; - } - if (ho->mppe & MPPE_OPT_UNKNOWN) { - newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNKNOWN; - } - - /* Check state opt */ - if (ho->mppe & MPPE_OPT_STATEFUL) { - /* - * We can Nak and request stateless, but it's a - * lot easier to just assume the peer will request - * it if he can do it; stateful mode is bad over - * the Internet -- which is where we expect MPPE. - */ - if (refuse_mppe_stateful) { - error("Refusing MPPE stateful mode offered by peer"); - newret = CONFREJ; - break; - } - } - - /* Find out which of {S,L} are set. */ - if ((ho->mppe & MPPE_OPT_128) - && (ho->mppe & MPPE_OPT_40)) { - /* Both are set, negotiate the strongest. */ - newret = CONFNAK; - if (ao->mppe & MPPE_OPT_128) - ho->mppe &= ~MPPE_OPT_40; - else if (ao->mppe & MPPE_OPT_40) - ho->mppe &= ~MPPE_OPT_128; - else { - newret = CONFREJ; - break; - } - } else if (ho->mppe & MPPE_OPT_128) { - if (!(ao->mppe & MPPE_OPT_128)) { - newret = CONFREJ; - break; - } - } else if (ho->mppe & MPPE_OPT_40) { - if (!(ao->mppe & MPPE_OPT_40)) { - newret = CONFREJ; - break; - } - } else { - /* Neither are set. */ - newret = CONFREJ; - break; - } - - /* rebuild the opts */ - MPPE_OPTS_TO_CI(ho->mppe, &p[2]); - if (newret == CONFACK) { - u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; - int mtu; - - BCOPY(p, opt_buf, CILEN_MPPE); - BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], - MPPE_MAX_KEY_LEN); - if (ccp_test(f->unit, opt_buf, - CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { - /* This shouldn't happen, we've already tested it! */ - error("MPPE required, but kernel has no support."); - lcp_close(f->unit, "MPPE required but not available"); - newret = CONFREJ; - break; - } - /* - * We need to decrease the interface MTU by MPPE_PAD - * because MPPE frames **grow**. The kernel [must] - * allocate MPPE_PAD extra bytes in xmit buffers. - */ - mtu = netif_get_mtu(f->unit); - if (mtu) - netif_set_mtu(f->unit, mtu - MPPE_PAD); - else - newret = CONFREJ; - } - - /* - * We have accepted MPPE or are willing to negotiate - * MPPE parameters. A CONFREJ is due to subsequent - * (non-MPPE) processing. - */ - rej_for_ci_mppe = 0; - break; -#endif /* MPPE */ - case CI_DEFLATE: - case CI_DEFLATE_DRAFT: - if (!ao->deflate || clen != CILEN_DEFLATE - || (!ao->deflate_correct && type == CI_DEFLATE) - || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) { - newret = CONFREJ; - break; - } - - ho->deflate = 1; - ho->deflate_size = nb = DEFLATE_SIZE(p[2]); - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL - || p[3] != DEFLATE_CHK_SEQUENCE - || nb > ao->deflate_size || nb < DEFLATE_MIN_WORKS) { - newret = CONFNAK; - if (!dont_nak) { - p[2] = DEFLATE_MAKE_OPT(ao->deflate_size); - p[3] = DEFLATE_CHK_SEQUENCE; - /* fall through to test this #bits below */ - } else - break; - } - - /* - * Check whether we can do Deflate with the window - * size they want. If the window is too big, reduce - * it until the kernel can cope and nak with that. - * We only check this for the first option. - */ - if (p == p0) { - for (;;) { - res = ccp_test(f->unit, p, CILEN_DEFLATE, 1); - if (res > 0) - break; /* it's OK now */ - if (res < 0 || nb == DEFLATE_MIN_WORKS || dont_nak) { - newret = CONFREJ; - p[2] = DEFLATE_MAKE_OPT(ho->deflate_size); - break; - } - newret = CONFNAK; - --nb; - p[2] = DEFLATE_MAKE_OPT(nb); - } - } - break; - - case CI_BSD_COMPRESS: - if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) { - newret = CONFREJ; - break; - } - - ho->bsd_compress = 1; - ho->bsd_bits = nb = BSD_NBITS(p[2]); - if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION - || nb > ao->bsd_bits || nb < BSD_MIN_BITS) { - newret = CONFNAK; - if (!dont_nak) { - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, ao->bsd_bits); - /* fall through to test this #bits below */ - } else - break; - } - - /* - * Check whether we can do BSD-Compress with the code - * size they want. If the code size is too big, reduce - * it until the kernel can cope and nak with that. - * We only check this for the first option. - */ - if (p == p0) { - for (;;) { - res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 1); - if (res > 0) - break; - if (res < 0 || nb == BSD_MIN_BITS || dont_nak) { - newret = CONFREJ; - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, - ho->bsd_bits); - break; - } - newret = CONFNAK; - --nb; - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, nb); - } - } - break; - - case CI_PREDICTOR_1: - if (!ao->predictor_1 || clen != CILEN_PREDICTOR_1) { - newret = CONFREJ; - break; - } - - ho->predictor_1 = 1; - if (p == p0 - && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 1) <= 0) { - newret = CONFREJ; - } - break; - - case CI_PREDICTOR_2: - if (!ao->predictor_2 || clen != CILEN_PREDICTOR_2) { - newret = CONFREJ; - break; - } - - ho->predictor_2 = 1; - if (p == p0 - && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 1) <= 0) { - newret = CONFREJ; - } - break; - - default: - newret = CONFREJ; - } - } - - if (newret == CONFNAK && dont_nak) - newret = CONFREJ; - if (!(newret == CONFACK || (newret == CONFNAK && ret == CONFREJ))) { - /* we're returning this option */ - if (newret == CONFREJ && ret == CONFNAK) - retp = p0; - ret = newret; - if (p != retp) - BCOPY(p, retp, clen); - retp += clen; - } - - p += clen; - len -= clen; - } - - if (ret != CONFACK) { - if (ret == CONFREJ && *lenp == retp - p0) - all_rejected[f->unit] = 1; - else - *lenp = retp - p0; - } -#ifdef MPPE - if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { - error("MPPE required but peer negotiation failed"); - lcp_close(f->unit, "MPPE required but peer negotiation failed"); - } -#endif - return ret; -} - -/* - * Make a string name for a compression method (or 2). - */ -static char * -method_name(opt, opt2) - ccp_options *opt, *opt2; -{ - static char result[64]; - - if (!ANY_COMPRESS(*opt)) - return "(none)"; - switch (opt->method) { -#ifdef MPPE - case CI_MPPE: - { - char *p = result; - char *q = result + sizeof(result); /* 1 past result */ - - slprintf(p, q - p, "MPPE "); - p += 5; - if (opt->mppe & MPPE_OPT_128) { - slprintf(p, q - p, "128-bit "); - p += 8; - } - if (opt->mppe & MPPE_OPT_40) { - slprintf(p, q - p, "40-bit "); - p += 7; - } - if (opt->mppe & MPPE_OPT_STATEFUL) - slprintf(p, q - p, "stateful"); - else - slprintf(p, q - p, "stateless"); - - break; - } -#endif - case CI_DEFLATE: - case CI_DEFLATE_DRAFT: - if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) - slprintf(result, sizeof(result), "Deflate%s (%d/%d)", - (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), - opt->deflate_size, opt2->deflate_size); - else - slprintf(result, sizeof(result), "Deflate%s (%d)", - (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), - opt->deflate_size); - break; - case CI_BSD_COMPRESS: - if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) - slprintf(result, sizeof(result), "BSD-Compress (%d/%d)", - opt->bsd_bits, opt2->bsd_bits); - else - slprintf(result, sizeof(result), "BSD-Compress (%d)", - opt->bsd_bits); - break; - case CI_PREDICTOR_1: - return "Predictor 1"; - case CI_PREDICTOR_2: - return "Predictor 2"; - default: - slprintf(result, sizeof(result), "Method %d", opt->method); - } - return result; -} - -/* - * CCP has come up - inform the kernel driver and log a message. - */ -static void -ccp_up(f) - fsm *f; -{ - ccp_options *go = &ccp_gotoptions[f->unit]; - ccp_options *ho = &ccp_hisoptions[f->unit]; - char method1[64]; - - ccp_flags_set(f->unit, 1, 1); - if (ANY_COMPRESS(*go)) { - if (ANY_COMPRESS(*ho)) { - if (go->method == ho->method) { - notice("%s compression enabled", method_name(go, ho)); - } else { - strlcpy(method1, method_name(go, NULL), sizeof(method1)); - notice("%s / %s compression enabled", - method1, method_name(ho, NULL)); - } - } else - notice("%s receive compression enabled", method_name(go, NULL)); - } else if (ANY_COMPRESS(*ho)) - notice("%s transmit compression enabled", method_name(ho, NULL)); -#ifdef MPPE - if (go->mppe) { - BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); - BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); - continue_networks(f->unit); /* Bring up IP et al */ - } -#endif -} - -/* - * CCP has gone down - inform the kernel driver. - */ -static void -ccp_down(f) - fsm *f; -{ - if (ccp_localstate[f->unit] & RACK_PENDING) - UNTIMEOUT(ccp_rack_timeout, f); - ccp_localstate[f->unit] = 0; - ccp_flags_set(f->unit, 1, 0); -#ifdef MPPE - if (ccp_gotoptions[f->unit].mppe) { - ccp_gotoptions[f->unit].mppe = 0; - if (lcp_fsm[f->unit].state == OPENED) { - /* If LCP is not already going down, make sure it does. */ - error("MPPE disabled"); - lcp_close(f->unit, "MPPE disabled"); - } - } -#endif -} - -/* - * Print the contents of a CCP packet. - */ -static char *ccp_codenames[] = { - "ConfReq", "ConfAck", "ConfNak", "ConfRej", - "TermReq", "TermAck", "CodeRej", - NULL, NULL, NULL, NULL, NULL, NULL, - "ResetReq", "ResetAck", -}; - -static int -ccp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - u_char *p0, *optend; - int code, id, len; - int optlen; - - p0 = p; - if (plen < HEADERLEN) - return 0; - code = p[0]; - id = p[1]; - len = (p[2] << 8) + p[3]; - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(ccp_codenames) / sizeof(char *) - && ccp_codenames[code-1] != NULL) - printer(arg, " %s", ccp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - p += HEADERLEN; - - switch (code) { - case CONFREQ: - case CONFACK: - case CONFNAK: - case CONFREJ: - /* print list of possible compression methods */ - while (len >= 2) { - code = p[0]; - optlen = p[1]; - if (optlen < 2 || optlen > len) - break; - printer(arg, " <"); - len -= optlen; - optend = p + optlen; - switch (code) { -#ifdef MPPE - case CI_MPPE: - if (optlen >= CILEN_MPPE) { - u_char mppe_opts; - - MPPE_CI_TO_OPTS(&p[2], mppe_opts); - printer(arg, "mppe %s %s %s %s %s %s%s", - (p[2] & MPPE_H_BIT)? "+H": "-H", - (p[5] & MPPE_M_BIT)? "+M": "-M", - (p[5] & MPPE_S_BIT)? "+S": "-S", - (p[5] & MPPE_L_BIT)? "+L": "-L", - (p[5] & MPPE_D_BIT)? "+D": "-D", - (p[5] & MPPE_C_BIT)? "+C": "-C", - (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": ""); - if (mppe_opts & MPPE_OPT_UNKNOWN) - printer(arg, " (%.2x %.2x %.2x %.2x)", - p[2], p[3], p[4], p[5]); - p += CILEN_MPPE; - } - break; -#endif - case CI_DEFLATE: - case CI_DEFLATE_DRAFT: - if (optlen >= CILEN_DEFLATE) { - printer(arg, "deflate%s %d", - (code == CI_DEFLATE_DRAFT? "(old#)": ""), - DEFLATE_SIZE(p[2])); - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL) - printer(arg, " method %d", DEFLATE_METHOD(p[2])); - if (p[3] != DEFLATE_CHK_SEQUENCE) - printer(arg, " check %d", p[3]); - p += CILEN_DEFLATE; - } - break; - case CI_BSD_COMPRESS: - if (optlen >= CILEN_BSD_COMPRESS) { - printer(arg, "bsd v%d %d", BSD_VERSION(p[2]), - BSD_NBITS(p[2])); - p += CILEN_BSD_COMPRESS; - } - break; - case CI_PREDICTOR_1: - if (optlen >= CILEN_PREDICTOR_1) { - printer(arg, "predictor 1"); - p += CILEN_PREDICTOR_1; - } - break; - case CI_PREDICTOR_2: - if (optlen >= CILEN_PREDICTOR_2) { - printer(arg, "predictor 2"); - p += CILEN_PREDICTOR_2; - } - break; - } - while (p < optend) - printer(arg, " %.2x", *p++); - printer(arg, ">"); - } - break; - - case TERMACK: - case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - print_string((char *)p, len, printer, arg); - p += len; - len = 0; - } - break; - } - - /* dump out the rest of the packet in hex */ - while (--len >= 0) - printer(arg, " %.2x", *p++); - - return p - p0; -} - -/* - * We have received a packet that the decompressor failed to - * decompress. Here we would expect to issue a reset-request, but - * Motorola has a patent on resetting the compressor as a result of - * detecting an error in the decompressed data after decompression. - * (See US patent 5,130,993; international patent publication number - * WO 91/10289; Australian patent 73296/91.) - * - * So we ask the kernel whether the error was detected after - * decompression; if it was, we take CCP down, thus disabling - * compression :-(, otherwise we issue the reset-request. - */ -static void -ccp_datainput(unit, pkt, len) - int unit; - u_char *pkt; - int len; -{ - fsm *f; - - f = &ccp_fsm[unit]; - if (f->state == OPENED) { - if (ccp_fatal_error(unit)) { - /* - * Disable compression by taking CCP down. - */ - error("Lost compression sync: disabling compression"); - ccp_close(unit, "Lost compression sync"); -#ifdef MPPE - /* - * If we were doing MPPE, we must also take the link down. - */ - if (ccp_gotoptions[unit].mppe) { - error("Too many MPPE errors, closing LCP"); - lcp_close(unit, "Too many MPPE errors"); - } -#endif - } else { - /* - * Send a reset-request to reset the peer's compressor. - * We don't do that if we are still waiting for an - * acknowledgement to a previous reset-request. - */ - if (!(ccp_localstate[f->unit] & RACK_PENDING)) { - fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0); - TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT); - ccp_localstate[f->unit] |= RACK_PENDING; - } else - ccp_localstate[f->unit] |= RREQ_REPEAT; - } - } -} - -/* - * Timeout waiting for reset-ack. - */ -static void -ccp_rack_timeout(arg) - void *arg; -{ - fsm *f = arg; - - if (f->state == OPENED && ccp_localstate[f->unit] & RREQ_REPEAT) { - fsm_sdata(f, CCP_RESETREQ, f->reqid, NULL, 0); - TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT); - ccp_localstate[f->unit] &= ~RREQ_REPEAT; - } else - ccp_localstate[f->unit] &= ~RACK_PENDING; -} - diff --git a/pppd/ccp.h b/pppd/ccp.h deleted file mode 100644 index 6f4a2fe..0000000 --- a/pppd/ccp.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * ccp.h - Definitions for PPP Compression Control Protocol. - * - * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ccp.h,v 1.12 2004/11/04 10:02:26 paulus Exp $ - */ - -typedef struct ccp_options { - bool bsd_compress; /* do BSD Compress? */ - bool deflate; /* do Deflate? */ - bool predictor_1; /* do Predictor-1? */ - bool predictor_2; /* do Predictor-2? */ - bool deflate_correct; /* use correct code for deflate? */ - bool deflate_draft; /* use draft RFC code for deflate? */ - bool mppe; /* do MPPE? */ - u_short bsd_bits; /* # bits/code for BSD Compress */ - u_short deflate_size; /* lg(window size) for Deflate */ - short method; /* code for chosen compression method */ -} ccp_options; - -extern fsm ccp_fsm[]; -extern ccp_options ccp_wantoptions[]; -extern ccp_options ccp_gotoptions[]; -extern ccp_options ccp_allowoptions[]; -extern ccp_options ccp_hisoptions[]; - -extern struct protent ccp_protent; diff --git a/pppd/chap-md5.c b/pppd/chap-md5.c deleted file mode 100644 index bc69778..0000000 --- a/pppd/chap-md5.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * chap-md5.c - New CHAP/MD5 implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $" - -#include -#include -#include "pppd.h" -#include "chap-new.h" -#include "chap-md5.h" -#include "magic.h" -#include "md5.h" - -#define MD5_HASH_SIZE 16 -#define MD5_MIN_CHALLENGE 16 -#define MD5_MAX_CHALLENGE 24 - -static void -chap_md5_generate_challenge(unsigned char *cp) -{ - int clen; - - clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE)) - + MD5_MIN_CHALLENGE; - *cp++ = clen; - random_bytes(cp, clen); -} - -static int -chap_md5_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - MD5_CTX ctx; - unsigned char idbyte = id; - unsigned char hash[MD5_HASH_SIZE]; - int challenge_len, response_len; - - challenge_len = *challenge++; - response_len = *response++; - if (response_len == MD5_HASH_SIZE) { - /* Generate hash of ID, secret, challenge */ - MD5_Init(&ctx); - MD5_Update(&ctx, &idbyte, 1); - MD5_Update(&ctx, secret, secret_len); - MD5_Update(&ctx, challenge, challenge_len); - MD5_Final(hash, &ctx); - - /* Test if our hash matches the peer's response */ - if (memcmp(hash, response, MD5_HASH_SIZE) == 0) { - slprintf(message, message_space, "Access granted"); - return 1; - } - } - slprintf(message, message_space, "Access denied"); - return 0; -} - -static void -chap_md5_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private) -{ - MD5_CTX ctx; - unsigned char idbyte = id; - int challenge_len = *challenge++; - - MD5_Init(&ctx); - MD5_Update(&ctx, &idbyte, 1); - MD5_Update(&ctx, secret, secret_len); - MD5_Update(&ctx, challenge, challenge_len); - MD5_Final(&response[1], &ctx); - response[0] = MD5_HASH_SIZE; -} - -static struct chap_digest_type md5_digest = { - CHAP_MD5, /* code */ - chap_md5_generate_challenge, - chap_md5_verify_response, - chap_md5_make_response, - NULL, /* check_success */ - NULL, /* handle_failure */ -}; - -void -chap_md5_init(void) -{ - chap_register_digest(&md5_digest); -} diff --git a/pppd/chap-md5.h b/pppd/chap-md5.h deleted file mode 100644 index 30d0658..0000000 --- a/pppd/chap-md5.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * chap-md5.h - New CHAP/MD5 implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -extern void chap_md5_init(void); diff --git a/pppd/chap-new.c b/pppd/chap-new.c deleted file mode 100644 index b09fa3e..0000000 --- a/pppd/chap-new.c +++ /dev/null @@ -1,636 +0,0 @@ -/* - * chap-new.c - New CHAP implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: chap-new.c,v 1.6 2004/11/04 10:02:26 paulus Exp $" - -#include -#include -#include "pppd.h" -#include "chap-new.h" -#include "chap-md5.h" - -#ifdef CHAPMS -#include "chap_ms.h" -#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) -#else -#define MDTYPE_ALL (MDTYPE_MD5) -#endif - -int chap_mdtype_all = MDTYPE_ALL; - -/* Hook for a plugin to validate CHAP challenge */ -int (*chap_verify_hook)(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) = NULL; - -/* - * Option variables. - */ -int chap_timeout_time = 3; -int chap_max_transmits = 10; -int chap_rechallenge_time = 0; - -/* - * Command-line options. - */ -static option_t chap_option_list[] = { - { "chap-restart", o_int, &chap_timeout_time, - "Set timeout for CHAP", OPT_PRIO }, - { "chap-max-challenge", o_int, &chap_max_transmits, - "Set max #xmits for challenge", OPT_PRIO }, - { "chap-interval", o_int, &chap_rechallenge_time, - "Set interval for rechallenge", OPT_PRIO }, - { NULL } -}; - -/* - * Internal state. - */ -static struct chap_client_state { - int flags; - char *name; - struct chap_digest_type *digest; - unsigned char priv[64]; /* private area for digest's use */ -} client; - -/* - * These limits apply to challenge and response packets we send. - * The +4 is the +1 that we actually need rounded up. - */ -#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN) -#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN) - -static struct chap_server_state { - int flags; - int id; - char *name; - struct chap_digest_type *digest; - int challenge_xmits; - int challenge_pktlen; - unsigned char challenge[CHAL_MAX_PKTLEN]; -} server; - -/* Values for flags in chap_client_state and chap_server_state */ -#define LOWERUP 1 -#define AUTH_STARTED 2 -#define AUTH_DONE 4 -#define AUTH_FAILED 8 -#define TIMEOUT_PENDING 0x10 -#define CHALLENGE_VALID 0x20 - -/* - * Prototypes. - */ -static void chap_init(int unit); -static void chap_lowerup(int unit); -static void chap_lowerdown(int unit); -static void chap_timeout(void *arg); -static void chap_generate_challenge(struct chap_server_state *ss); -static void chap_handle_response(struct chap_server_state *ss, int code, - unsigned char *pkt, int len); -static int chap_verify_response(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); -static void chap_respond(struct chap_client_state *cs, int id, - unsigned char *pkt, int len); -static void chap_handle_status(struct chap_client_state *cs, int code, int id, - unsigned char *pkt, int len); -static void chap_protrej(int unit); -static void chap_input(int unit, unsigned char *pkt, int pktlen); -static int chap_print_pkt(unsigned char *p, int plen, - void (*printer) __P((void *, char *, ...)), void *arg); - -/* List of digest types that we know about */ -static struct chap_digest_type *chap_digests; - -/* - * chap_init - reset to initial state. - */ -static void -chap_init(int unit) -{ - memset(&client, 0, sizeof(client)); - memset(&server, 0, sizeof(server)); - - chap_md5_init(); -#ifdef CHAPMS - chapms_init(); -#endif -} - -/* - * Add a new digest type to the list. - */ -void -chap_register_digest(struct chap_digest_type *dp) -{ - dp->next = chap_digests; - chap_digests = dp; -} - -/* - * chap_lowerup - we can start doing stuff now. - */ -static void -chap_lowerup(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - cs->flags |= LOWERUP; - ss->flags |= LOWERUP; - if (ss->flags & AUTH_STARTED) - chap_timeout(ss); -} - -static void -chap_lowerdown(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - cs->flags = 0; - if (ss->flags & TIMEOUT_PENDING) - UNTIMEOUT(chap_timeout, ss); - ss->flags = 0; -} - -/* - * chap_auth_peer - Start authenticating the peer. - * If the lower layer is already up, we start sending challenges, - * otherwise we wait for the lower layer to come up. - */ -void -chap_auth_peer(int unit, char *our_name, int digest_code) -{ - struct chap_server_state *ss = &server; - struct chap_digest_type *dp; - - if (ss->flags & AUTH_STARTED) { - error("CHAP: peer authentication already started!"); - return; - } - for (dp = chap_digests; dp != NULL; dp = dp->next) - if (dp->code == digest_code) - break; - if (dp == NULL) - fatal("CHAP digest 0x%x requested but not available", - digest_code); - - ss->digest = dp; - ss->name = our_name; - /* Start with a random ID value */ - ss->id = (unsigned char)(drand48() * 256); - ss->flags |= AUTH_STARTED; - if (ss->flags & LOWERUP) - chap_timeout(ss); -} - -/* - * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. - * There isn't much to do until we receive a challenge. - */ -void -chap_auth_with_peer(int unit, char *our_name, int digest_code) -{ - struct chap_client_state *cs = &client; - struct chap_digest_type *dp; - - if (cs->flags & AUTH_STARTED) { - error("CHAP: authentication with peer already started!"); - return; - } - for (dp = chap_digests; dp != NULL; dp = dp->next) - if (dp->code == digest_code) - break; - if (dp == NULL) - fatal("CHAP digest 0x%x requested but not available", - digest_code); - - cs->digest = dp; - cs->name = our_name; - cs->flags |= AUTH_STARTED; -} - -/* - * chap_timeout - It's time to send another challenge to the peer. - * This could be either a retransmission of a previous challenge, - * or a new challenge to start re-authentication. - */ -static void -chap_timeout(void *arg) -{ - struct chap_server_state *ss = arg; - - ss->flags &= ~TIMEOUT_PENDING; - if ((ss->flags & CHALLENGE_VALID) == 0) { - ss->challenge_xmits = 0; - chap_generate_challenge(ss); - ss->flags |= CHALLENGE_VALID; - } else if (ss->challenge_xmits >= chap_max_transmits) { - ss->flags &= ~CHALLENGE_VALID; - ss->flags |= AUTH_DONE | AUTH_FAILED; - auth_peer_fail(0, PPP_CHAP); - return; - } - - output(0, ss->challenge, ss->challenge_pktlen); - ++ss->challenge_xmits; - ss->flags |= TIMEOUT_PENDING; - TIMEOUT(chap_timeout, arg, chap_timeout_time); -} - -/* - * chap_generate_challenge - generate a challenge string and format - * the challenge packet in ss->challenge_pkt. - */ -static void -chap_generate_challenge(struct chap_server_state *ss) -{ - int clen = 1, nlen, len; - unsigned char *p; - - p = ss->challenge; - MAKEHEADER(p, PPP_CHAP); - p += CHAP_HDRLEN; - ss->digest->generate_challenge(p); - clen = *p; - nlen = strlen(ss->name); - memcpy(p + 1 + clen, ss->name, nlen); - - len = CHAP_HDRLEN + 1 + clen + nlen; - ss->challenge_pktlen = PPP_HDRLEN + len; - - p = ss->challenge + PPP_HDRLEN; - p[0] = CHAP_CHALLENGE; - p[1] = ++ss->id; - p[2] = len >> 8; - p[3] = len; -} - -/* - * chap_handle_response - check the response to our challenge. - */ -static void -chap_handle_response(struct chap_server_state *ss, int id, - unsigned char *pkt, int len) -{ - int response_len, ok, mlen; - unsigned char *response, *p; - char *name = NULL; /* initialized to shut gcc up */ - int (*verifier)(char *, char *, int, struct chap_digest_type *, - unsigned char *, unsigned char *, char *, int); - char rname[MAXNAMELEN+1]; - char message[256]; - - if ((ss->flags & LOWERUP) == 0) - return; - if (id != ss->challenge[PPP_HDRLEN+1] || len < 2) - return; - if ((ss->flags & AUTH_DONE) == 0) { - if ((ss->flags & CHALLENGE_VALID) == 0) - return; - response = pkt; - GETCHAR(response_len, pkt); - len -= response_len + 1; /* length of name */ - name = (char *)pkt + response_len; - if (len < 0) - return; - - ss->flags &= ~CHALLENGE_VALID; - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_timeout, ss); - } - - if (explicit_remote) { - name = remote_name; - } else { - /* Null terminate and clean remote name. */ - slprintf(rname, sizeof(rname), "%.*v", len, name); - name = rname; - } - - if (chap_verify_hook) - verifier = chap_verify_hook; - else - verifier = chap_verify_response; - ok = (*verifier)(name, ss->name, id, ss->digest, - ss->challenge + PPP_HDRLEN + CHAP_HDRLEN, - response, message, sizeof(message)); - if (!ok || !auth_number()) { - ss->flags |= AUTH_FAILED; - warn("Peer %q failed CHAP authentication", name); - } - } - - /* send the response */ - p = outpacket_buf; - MAKEHEADER(p, PPP_CHAP); - mlen = strlen(message); - len = CHAP_HDRLEN + mlen; - p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; - p[1] = id; - p[2] = len >> 8; - p[3] = len; - if (mlen > 0) - memcpy(p + CHAP_HDRLEN, message, mlen); - output(0, outpacket_buf, PPP_HDRLEN + len); - - if ((ss->flags & AUTH_DONE) == 0) { - ss->flags |= AUTH_DONE; - if (ss->flags & AUTH_FAILED) { - auth_peer_fail(0, PPP_CHAP); - } else { - auth_peer_success(0, PPP_CHAP, ss->digest->code, - name, strlen(name)); - if (chap_rechallenge_time) { - ss->flags |= TIMEOUT_PENDING; - TIMEOUT(chap_timeout, ss, - chap_rechallenge_time); - } - } - } -} - -/* - * chap_verify_response - check whether the peer's response matches - * what we think it should be. Returns 1 if it does (authentication - * succeeded), or 0 if it doesn't. - */ -static int -chap_verify_response(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - int ok; - unsigned char secret[MAXSECRETLEN]; - int secret_len; - - /* Get the secret that the peer is supposed to know */ - if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) { - error("No CHAP secret found for authenticating %q", name); - return 0; - } - - ok = digest->verify_response(id, name, secret, secret_len, challenge, - response, message, message_space); - memset(secret, 0, sizeof(secret)); - - return ok; -} - -/* - * chap_respond - Generate and send a response to a challenge. - */ -static void -chap_respond(struct chap_client_state *cs, int id, - unsigned char *pkt, int len) -{ - int clen, nlen; - int secret_len; - unsigned char *p; - unsigned char response[RESP_MAX_PKTLEN]; - char rname[MAXNAMELEN+1]; - char secret[MAXSECRETLEN+1]; - - if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) - return; /* not ready */ - if (len < 2 || len < pkt[0] + 1) - return; /* too short */ - clen = pkt[0]; - nlen = len - (clen + 1); - - /* Null terminate and clean remote name. */ - slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); - - /* Microsoft doesn't send their name back in the PPP packet */ - if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0)) - strlcpy(rname, remote_name, sizeof(rname)); - - /* get secret for authenticating ourselves with the specified host */ - if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) { - secret_len = 0; /* assume null secret if can't find one */ - warn("No CHAP secret found for authenticating us to %q", rname); - } - - p = response; - MAKEHEADER(p, PPP_CHAP); - p += CHAP_HDRLEN; - - cs->digest->make_response(p, id, cs->name, pkt, - secret, secret_len, cs->priv); - memset(secret, 0, secret_len); - - clen = *p; - nlen = strlen(cs->name); - memcpy(p + clen + 1, cs->name, nlen); - - p = response + PPP_HDRLEN; - len = CHAP_HDRLEN + clen + 1 + nlen; - p[0] = CHAP_RESPONSE; - p[1] = id; - p[2] = len >> 8; - p[3] = len; - - output(0, response, PPP_HDRLEN + len); -} - -static void -chap_handle_status(struct chap_client_state *cs, int code, int id, - unsigned char *pkt, int len) -{ - const char *msg = NULL; - - if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) - != (AUTH_STARTED|LOWERUP)) - return; - cs->flags |= AUTH_DONE; - - if (code == CHAP_SUCCESS) { - /* used for MS-CHAP v2 mutual auth, yuck */ - if (cs->digest->check_success != NULL) { - if (!(*cs->digest->check_success)(pkt, len, cs->priv)) - code = CHAP_FAILURE; - } else - msg = "CHAP authentication succeeded"; - } else { - if (cs->digest->handle_failure != NULL) - (*cs->digest->handle_failure)(pkt, len); - else - msg = "CHAP authentication failed"; - } - if (msg) { - if (len > 0) - info("%s: %.*v", msg, len, pkt); - else - info("%s", msg); - } - if (code == CHAP_SUCCESS) - auth_withpeer_success(0, PPP_CHAP, cs->digest->code); - else { - cs->flags |= AUTH_FAILED; - auth_withpeer_fail(0, PPP_CHAP); - } -} - -static void -chap_input(int unit, unsigned char *pkt, int pktlen) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - unsigned char code, id; - int len; - - if (pktlen < CHAP_HDRLEN) - return; - GETCHAR(code, pkt); - GETCHAR(id, pkt); - GETSHORT(len, pkt); - if (len < CHAP_HDRLEN || len > pktlen) - return; - len -= CHAP_HDRLEN; - - switch (code) { - case CHAP_CHALLENGE: - chap_respond(cs, id, pkt, len); - break; - case CHAP_RESPONSE: - chap_handle_response(ss, id, pkt, len); - break; - case CHAP_FAILURE: - case CHAP_SUCCESS: - chap_handle_status(cs, code, id, pkt, len); - break; - } -} - -static void -chap_protrej(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_timeout, ss); - } - if (ss->flags & AUTH_STARTED) { - ss->flags = 0; - auth_peer_fail(0, PPP_CHAP); - } - if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { - cs->flags &= ~AUTH_STARTED; - auth_withpeer_fail(0, PPP_CHAP); - } -} - -/* - * chap_print_pkt - print the contents of a CHAP packet. - */ -static char *chap_code_names[] = { - "Challenge", "Response", "Success", "Failure" -}; - -static int -chap_print_pkt(unsigned char *p, int plen, - void (*printer) __P((void *, char *, ...)), void *arg) -{ - int code, id, len; - int clen, nlen; - unsigned char x; - - if (plen < CHAP_HDRLEN) - return 0; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < CHAP_HDRLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *)) - printer(arg, " %s", chap_code_names[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= CHAP_HDRLEN; - switch (code) { - case CHAP_CHALLENGE: - case CHAP_RESPONSE: - if (len < 1) - break; - clen = p[0]; - if (len < clen + 1) - break; - ++p; - nlen = len - clen - 1; - printer(arg, " <"); - for (; clen > 0; --clen) { - GETCHAR(x, p); - printer(arg, "%.2x", x); - } - printer(arg, ">, name = "); - print_string((char *)p, nlen, printer, arg); - break; - case CHAP_FAILURE: - case CHAP_SUCCESS: - printer(arg, " "); - print_string((char *)p, len, printer, arg); - break; - default: - for (clen = len; clen > 0; --clen) { - GETCHAR(x, p); - printer(arg, " %.2x", x); - } - } - - return len + CHAP_HDRLEN; -} - -struct protent chap_protent = { - PPP_CHAP, - chap_init, - chap_input, - chap_protrej, - chap_lowerup, - chap_lowerdown, - NULL, /* open */ - NULL, /* close */ - chap_print_pkt, - NULL, /* datainput */ - 1, /* enabled_flag */ - "CHAP", /* name */ - NULL, /* data_name */ - chap_option_list, - NULL, /* check_options */ -}; diff --git a/pppd/chap-new.h b/pppd/chap-new.h deleted file mode 100644 index 48235d4..0000000 --- a/pppd/chap-new.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * chap-new.c - New CHAP implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * CHAP packets begin with a standard header with code, id, len (2 bytes). - */ -#define CHAP_HDRLEN 4 - -/* - * Values for the code field. - */ -#define CHAP_CHALLENGE 1 -#define CHAP_RESPONSE 2 -#define CHAP_SUCCESS 3 -#define CHAP_FAILURE 4 - -/* - * CHAP digest codes. - */ -#define CHAP_MD5 5 -#define CHAP_MICROSOFT 0x80 -#define CHAP_MICROSOFT_V2 0x81 - -/* - * Semi-arbitrary limits on challenge and response fields. - */ -#define MAX_CHALLENGE_LEN 64 -#define MAX_RESPONSE_LEN 64 - -/* bitmask of supported algorithms */ -#define MDTYPE_MICROSOFT_V2 0x1 -#define MDTYPE_MICROSOFT 0x2 -#define MDTYPE_MD5 0x4 -#define MDTYPE_NONE 0 - -/* hashes supported by this instance of pppd */ -extern int chap_mdtype_all; - -/* Return the digest alg. ID for the most preferred digest type. */ -#define CHAP_DIGEST(mdtype) \ - ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ - ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ - ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ - 0 - -/* Return the bit flag (lsb set) for our most preferred digest type. */ -#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) - -/* Return the bit flag for a given digest algorithm ID. */ -#define CHAP_MDTYPE_D(digest) \ - ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ - ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ - ((digest) == CHAP_MD5)? MDTYPE_MD5: \ - 0 - -/* Can we do the requested digest? */ -#define CHAP_CANDIGEST(mdtype, digest) \ - ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ - ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ - ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ - 0 - -/* - * The code for each digest type has to supply one of these. - */ -struct chap_digest_type { - int code; - - /* - * Note: challenge and response arguments below are formatted as - * a length byte followed by the actual challenge/response data. - */ - void (*generate_challenge)(unsigned char *challenge); - int (*verify_response)(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); - void (*make_response)(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *priv); - int (*check_success)(unsigned char *pkt, int len, unsigned char *priv); - void (*handle_failure)(unsigned char *pkt, int len); - - struct chap_digest_type *next; -}; - -/* Hook for a plugin to validate CHAP challenge */ -extern int (*chap_verify_hook)(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); - -/* Called by digest code to register a digest type */ -extern void chap_register_digest(struct chap_digest_type *); - -/* Called by authentication code to start authenticating the peer. */ -extern void chap_auth_peer(int unit, char *our_name, int digest_code); - -/* Called by auth. code to start authenticating us to the peer. */ -extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); - -/* Represents the CHAP protocol to the main pppd code */ -extern struct protent chap_protent; diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c deleted file mode 100644 index fb65d56..0000000 --- a/pppd/chap_ms.c +++ /dev/null @@ -1,938 +0,0 @@ -/* - * chap_ms.c - Microsoft MS-CHAP compatible implementation. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997 - * - * Implemented LANManager type password response to MS-CHAP challenges. - * Now pppd provides both NT style and LANMan style blocks, and the - * prefered is set by option "ms-lanman". Default is to use NT. - * The hash text (StdText) was taken from Win95 RASAPI32.DLL. - * - * You should also use DOMAIN\\USERNAME as described in README.MSCHAP80 - */ - -/* - * Modifications by Frank Cusack, frank@google.com, March 2002. - * - * Implemented MS-CHAPv2 functionality, heavily based on sample - * implementation in RFC 2759. Implemented MPPE functionality, - * heavily based on sample implementation in RFC 3079. - * - * Copyright (c) 2002 The Android Open Source Project - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - */ - -#define RCSID "$Id: chap_ms.c,v 1.33 2004/11/12 09:57:43 paulus Exp $" - -#ifdef CHAPMS - -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "chap-new.h" -#include "chap_ms.h" -#include "md4.h" -#include "sha1.h" -#include "pppcrypt.h" -#include "magic.h" - -static const char rcsid[] = RCSID; - - -static void ascii2unicode __P((char[], int, u_char[])); -static void NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE])); -static void ChallengeResponse __P((u_char *, u_char *, u_char[24])); -static void ChapMS_NT __P((u_char *, char *, int, u_char[24])); -static void ChapMS2_NT __P((char *, u_char[16], char *, char *, int, - u_char[24])); -static void GenerateAuthenticatorResponsePlain - __P((char*, int, u_char[24], u_char[16], u_char *, - char *, u_char[41])); -#ifdef MSLANMAN -static void ChapMS_LANMan __P((u_char *, char *, int, MS_ChapResponse *)); -#endif - -#ifdef MPPE -static void Set_Start_Key __P((u_char *, char *, int)); -static void SetMasterKeys __P((char *, int, u_char[24], int)); -#endif - -#ifdef MSLANMAN -bool ms_lanman = 0; /* Use LanMan password instead of NT */ - /* Has meaning only with MS-CHAP challenges */ -#endif - -#ifdef MPPE -u_char mppe_send_key[MPPE_MAX_KEY_LEN]; -u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; -int mppe_keys_set = 0; /* Have the MPPE keys been set? */ - -#ifdef DEBUGMPPEKEY -/* For MPPE debug */ -/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */ -static char *mschap_challenge = NULL; -/* Use "!@\#$%^&*()_+:3|~" (sans quotes, backslash is to escape #) for ... */ -static char *mschap2_peer_challenge = NULL; -#endif - -#include "fsm.h" /* Need to poke MPPE options */ -#include "ccp.h" -#include -#endif - -/* - * Command-line options. - */ -static option_t chapms_option_list[] = { -#ifdef MSLANMAN - { "ms-lanman", o_bool, &ms_lanman, - "Use LanMan passwd when using MS-CHAP", 1 }, -#endif -#ifdef DEBUGMPPEKEY - { "mschap-challenge", o_string, &mschap_challenge, - "specify CHAP challenge" }, - { "mschap2-peer-challenge", o_string, &mschap2_peer_challenge, - "specify CHAP peer challenge" }, -#endif - { NULL } -}; - -/* - * chapms_generate_challenge - generate a challenge for MS-CHAP. - * For MS-CHAP the challenge length is fixed at 8 bytes. - * The length goes in challenge[0] and the actual challenge starts - * at challenge[1]. - */ -static void -chapms_generate_challenge(unsigned char *challenge) -{ - *challenge++ = 8; -#ifdef DEBUGMPPEKEY - if (mschap_challenge && strlen(mschap_challenge) == 8) - memcpy(challenge, mschap_challenge, 8); - else -#endif - random_bytes(challenge, 8); -} - -static void -chapms2_generate_challenge(unsigned char *challenge) -{ - *challenge++ = 16; -#ifdef DEBUGMPPEKEY - if (mschap_challenge && strlen(mschap_challenge) == 16) - memcpy(challenge, mschap_challenge, 16); - else -#endif - random_bytes(challenge, 16); -} - -static int -chapms_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - MS_ChapResponse *rmd; - MS_ChapResponse md; - int diff; - int challenge_len, response_len; - - challenge_len = *challenge++; /* skip length, is 8 */ - response_len = *response++; - if (response_len != MS_CHAP_RESPONSE_LEN) - goto bad; - - rmd = (MS_ChapResponse *) response; - -#ifndef MSLANMAN - if (!rmd->UseNT[0]) { - /* Should really propagate this into the error packet. */ - notice("Peer request for LANMAN auth not supported"); - goto bad; - } -#endif - - /* Generate the expected response. */ - ChapMS(challenge, (char *)secret, secret_len, &md); - -#ifdef MSLANMAN - /* Determine which part of response to verify against */ - if (!rmd->UseNT[0]) - diff = memcmp(&rmd->LANManResp, &md.LANManResp, - sizeof(md.LANManResp)); - else -#endif - diff = memcmp(&rmd->NTResp, &md.NTResp, sizeof(md.NTResp)); - - if (diff == 0) { - slprintf(message, message_space, "Access granted"); - return 1; - } - - bad: - /* See comments below for MS-CHAP V2 */ - slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0", - challenge_len, challenge); - return 0; -} - -static int -chapms2_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - MS_Chap2Response *rmd; - MS_Chap2Response md; - char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; - int challenge_len, response_len; - - challenge_len = *challenge++; /* skip length, is 16 */ - response_len = *response++; - if (response_len != MS_CHAP2_RESPONSE_LEN) - goto bad; /* not even the right length */ - - rmd = (MS_Chap2Response *) response; - - /* Generate the expected response and our mutual auth. */ - ChapMS2(challenge, rmd->PeerChallenge, name, - (char *)secret, secret_len, &md, - (unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR); - - /* compare MDs and send the appropriate status */ - /* - * Per RFC 2759, success message must be formatted as - * "S= M=" - * where - * is the Authenticator Response (mutual auth) - * is a text message - * - * However, some versions of Windows (win98 tested) do not know - * about the M= part (required per RFC 2759) and flag - * it as an error (reported incorrectly as an encryption error - * to the user). Since the RFC requires it, and it can be - * useful information, we supply it if the peer is a conforming - * system. Luckily (?), win98 sets the Flags field to 0x04 - * (contrary to RFC requirements) so we can use that to - * distinguish between conforming and non-conforming systems. - * - * Special thanks to Alex Swiridov for - * help debugging this. - */ - if (memcmp(md.NTResp, rmd->NTResp, sizeof(md.NTResp)) == 0) { - if (rmd->Flags[0]) - slprintf(message, message_space, "S=%s", saresponse); - else - slprintf(message, message_space, "S=%s M=%s", - saresponse, "Access granted"); - return 1; - } - - bad: - /* - * Failure message must be formatted as - * "E=e R=r C=c V=v M=m" - * where - * e = error code (we use 691, ERROR_AUTHENTICATION_FAILURE) - * r = retry (we use 1, ok to retry) - * c = challenge to use for next response, we reuse previous - * v = Change Password version supported, we use 0 - * m = text message - * - * The M=m part is only for MS-CHAPv2. Neither win2k nor - * win98 (others untested) display the message to the user anyway. - * They also both ignore the E=e code. - * - * Note that it's safe to reuse the same challenge as we don't - * actually accept another response based on the error message - * (and no clients try to resend a response anyway). - * - * Basically, this whole bit is useless code, even the small - * implementation here is only because of overspecification. - */ - slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", - challenge_len, challenge, "Access denied"); - return 0; -} - -static void -chapms_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private) -{ - challenge++; /* skip length, should be 8 */ - *response++ = MS_CHAP_RESPONSE_LEN; - ChapMS(challenge, secret, secret_len, (MS_ChapResponse *) response); -} - -static void -chapms2_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private) -{ - challenge++; /* skip length, should be 16 */ - *response++ = MS_CHAP2_RESPONSE_LEN; - ChapMS2(challenge, -#ifdef DEBUGMPPEKEY - mschap2_peer_challenge, -#else - NULL, -#endif - our_name, secret, secret_len, - (MS_Chap2Response *) response, private, - MS_CHAP2_AUTHENTICATEE); -} - -static int -chapms2_check_success(unsigned char *msg, int len, unsigned char *private) -{ - if ((len < MS_AUTH_RESPONSE_LENGTH + 2) || - strncmp((char *)msg, "S=", 2) != 0) { - /* Packet does not start with "S=" */ - error("MS-CHAPv2 Success packet is badly formed."); - return 0; - } - msg += 2; - len -= 2; - if (len < MS_AUTH_RESPONSE_LENGTH - || memcmp(msg, private, MS_AUTH_RESPONSE_LENGTH)) { - /* Authenticator Response did not match expected. */ - error("MS-CHAPv2 mutual authentication failed."); - return 0; - } - /* Authenticator Response matches. */ - msg += MS_AUTH_RESPONSE_LENGTH; /* Eat it */ - len -= MS_AUTH_RESPONSE_LENGTH; - if ((len >= 3) && !strncmp((char *)msg, " M=", 3)) { - msg += 3; /* Eat the delimiter */ - } else if (len) { - /* Packet has extra text which does not begin " M=" */ - error("MS-CHAPv2 Success packet is badly formed."); - return 0; - } - return 1; -} - -static void -chapms_handle_failure(unsigned char *inp, int len) -{ - int err; - char *p, *msg; - - /* We want a null-terminated string for strxxx(). */ - msg = malloc(len + 1); - if (!msg) { - notice("Out of memory in chapms_handle_failure"); - return; - } - BCOPY(inp, msg, len); - msg[len] = 0; - p = msg; - - /* - * Deal with MS-CHAP formatted failure messages; just print the - * M= part (if any). For MS-CHAP we're not really supposed - * to use M=, but it shouldn't hurt. See - * chapms[2]_verify_response. - */ - if (!strncmp(p, "E=", 2)) - err = strtol(p, NULL, 10); /* Remember the error code. */ - else - goto print_msg; /* Message is badly formatted. */ - - if (len && ((p = strstr(p, " M=")) != NULL)) { - /* M= field found. */ - p += 3; - } else { - /* No M=; use the error code. */ - switch (err) { - case MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS: - p = "E=646 Restricted logon hours"; - break; - - case MS_CHAP_ERROR_ACCT_DISABLED: - p = "E=647 Account disabled"; - break; - - case MS_CHAP_ERROR_PASSWD_EXPIRED: - p = "E=648 Password expired"; - break; - - case MS_CHAP_ERROR_NO_DIALIN_PERMISSION: - p = "E=649 No dialin permission"; - break; - - case MS_CHAP_ERROR_AUTHENTICATION_FAILURE: - p = "E=691 Authentication failure"; - break; - - case MS_CHAP_ERROR_CHANGING_PASSWORD: - /* Should never see this, we don't support Change Password. */ - p = "E=709 Error changing password"; - break; - - default: - free(msg); - error("Unknown MS-CHAP authentication failure: %.*v", - len, inp); - return; - } - } -print_msg: - if (p != NULL) - error("MS-CHAP authentication failed: %v", p); - free(msg); -} - -static void -ChallengeResponse(u_char *challenge, - u_char PasswordHash[MD4_SIGNATURE_SIZE], - u_char response[24]) -{ - u_char ZPasswordHash[21]; - - BZERO(ZPasswordHash, sizeof(ZPasswordHash)); - BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE); - -#if 0 - dbglog("ChallengeResponse - ZPasswordHash %.*B", - sizeof(ZPasswordHash), ZPasswordHash); -#endif - - (void) DesSetkey(ZPasswordHash + 0); - DesEncrypt(challenge, response + 0); - (void) DesSetkey(ZPasswordHash + 7); - DesEncrypt(challenge, response + 8); - (void) DesSetkey(ZPasswordHash + 14); - DesEncrypt(challenge, response + 16); - -#if 0 - dbglog("ChallengeResponse - response %.24B", response); -#endif -} - -void -ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge, - char *username, u_char Challenge[8]) - -{ - SHA1_CTX sha1Context; - u_char sha1Hash[SHA1_SIGNATURE_SIZE]; - char *user; - - /* remove domain from "domain\username" */ - if ((user = strrchr(username, '\\')) != NULL) - ++user; - else - user = username; - - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PeerChallenge, 16); - SHA1_Update(&sha1Context, rchallenge, 16); - SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user)); - SHA1_Final(sha1Hash, &sha1Context); - - BCOPY(sha1Hash, Challenge, 8); -} - -/* - * Convert the ASCII version of the password to Unicode. - * This implicitly supports 8-bit ISO8859/1 characters. - * This gives us the little-endian representation, which - * is assumed by all M$ CHAP RFCs. (Unicode byte ordering - * is machine-dependent.) - */ -static void -ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) -{ - int i; - - BZERO(unicode, ascii_len * 2); - for (i = 0; i < ascii_len; i++) - unicode[i * 2] = (u_char) ascii[i]; -} - -static void -NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) -{ -#ifdef __NetBSD__ - /* NetBSD uses the libc md4 routines which take bytes instead of bits */ - int mdlen = secret_len; -#else - int mdlen = secret_len * 8; -#endif - MD4_CTX md4Context; - - MD4Init(&md4Context); - MD4Update(&md4Context, (unsigned char *)secret, mdlen); - MD4Final(hash, &md4Context); - -} - -static void -ChapMS_NT(u_char *rchallenge, char *secret, int secret_len, - u_char NTResponse[24]) -{ - u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - - /* Hash the Unicode version of the secret (== password). */ - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); - - ChallengeResponse(rchallenge, PasswordHash, NTResponse); -} - -static void -ChapMS2_NT(char *rchallenge, u_char PeerChallenge[16], char *username, - char *secret, int secret_len, u_char NTResponse[24]) -{ - u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char Challenge[8]; - - ChallengeHash(PeerChallenge, (unsigned char *)rchallenge, username, - Challenge); - - /* Hash the Unicode version of the secret (== password). */ - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); - - ChallengeResponse(Challenge, PasswordHash, NTResponse); -} - -#ifdef MSLANMAN -static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */ - -static void -ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, - MS_ChapResponse *response) -{ - int i; - u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - - /* LANMan password is case insensitive */ - BZERO(UcasePassword, sizeof(UcasePassword)); - for (i = 0; i < secret_len; i++) - UcasePassword[i] = (u_char)toupper(secret[i]); - (void) DesSetkey(UcasePassword + 0); - DesEncrypt( StdText, PasswordHash + 0 ); - (void) DesSetkey(UcasePassword + 7); - DesEncrypt( StdText, PasswordHash + 8 ); - ChallengeResponse(rchallenge, PasswordHash, response->LANManResp); -} -#endif - - -void -GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], u_char PeerChallenge[16], - u_char *rchallenge, char *username, - u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) -{ - /* - * "Magic" constants used in response generation, from RFC 2759. - */ - u_char Magic1[39] = /* "Magic server to client signing constant" */ - { 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, - 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 }; - u_char Magic2[41] = /* "Pad to make it do more than one iteration" */ - { 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, - 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, - 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, - 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, - 0x6E }; - - int i; - SHA1_CTX sha1Context; - u_char Digest[SHA1_SIGNATURE_SIZE]; - u_char Challenge[8]; - - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, NTResponse, 24); - SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); - SHA1_Final(Digest, &sha1Context); - - ChallengeHash(PeerChallenge, rchallenge, username, Challenge); - - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, Digest, sizeof(Digest)); - SHA1_Update(&sha1Context, Challenge, sizeof(Challenge)); - SHA1_Update(&sha1Context, Magic2, sizeof(Magic2)); - SHA1_Final(Digest, &sha1Context); - - /* Convert to ASCII hex string. */ - for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) - sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]); -} - - -static void -GenerateAuthenticatorResponsePlain - (char *secret, int secret_len, - u_char NTResponse[24], u_char PeerChallenge[16], - u_char *rchallenge, char *username, - u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) -{ - u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; - - /* Hash (x2) the Unicode version of the secret (== password). */ - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash((char *)unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash((char *)PasswordHash, sizeof(PasswordHash), - PasswordHashHash); - - GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge, - rchallenge, username, authResponse); -} - - -#ifdef MPPE -/* - * Set mppe_xxxx_key from the NTPasswordHashHash. - * RFC 2548 (RADIUS support) requires us to export this function (ugh). - */ -void -mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) -{ - SHA1_CTX sha1Context; - u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ - - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, rchallenge, 8); - SHA1_Final(Digest, &sha1Context); - - /* Same key in both directions. */ - BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); - BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); - - mppe_keys_set = 1; -} - -/* - * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079) - */ -static void -Set_Start_Key(u_char *rchallenge, char *secret, int secret_len) -{ - u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; - - /* Hash (x2) the Unicode version of the secret (== password). */ - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); - - mppe_set_keys(rchallenge, PasswordHashHash); -} - -/* - * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) - * - * This helper function used in the Winbind module, which gets the - * NTHashHash from the server. - */ -void -mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], int IsServer) -{ - SHA1_CTX sha1Context; - u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ - u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ - - u_char SHApad1[40] = - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - u_char SHApad2[40] = - { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; - - /* "This is the MPPE Master Key" */ - u_char Magic1[27] = - { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; - /* "On the client side, this is the send key; " - "on the server side, it is the receive key." */ - u_char Magic2[84] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, - 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, - 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - /* "On the client side, this is the receive key; " - "on the server side, it is the send key." */ - u_char Magic3[84] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, - 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - u_char *s; - - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, NTResponse, 24); - SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); - SHA1_Final(MasterKey, &sha1Context); - - /* - * generate send key - */ - if (IsServer) - s = Magic3; - else - s = Magic2; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, MasterKey, 16); - SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); - SHA1_Update(&sha1Context, s, 84); - SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); - SHA1_Final(Digest, &sha1Context); - - BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key)); - - /* - * generate recv key - */ - if (IsServer) - s = Magic2; - else - s = Magic3; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, MasterKey, 16); - SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); - SHA1_Update(&sha1Context, s, 84); - SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); - SHA1_Final(Digest, &sha1Context); - - BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key)); - - mppe_keys_set = 1; -} - -/* - * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079) - */ -static void -SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) -{ - u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; - /* Hash (x2) the Unicode version of the secret (== password). */ - ascii2unicode(secret, secret_len, unicodePassword); - NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); - NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); - mppe_set_keys2(PasswordHashHash, NTResponse, IsServer); -} - -#endif /* MPPE */ - - -void -ChapMS(u_char *rchallenge, char *secret, int secret_len, - MS_ChapResponse *response) -{ - BZERO(response, sizeof(*response)); - - ChapMS_NT(rchallenge, secret, secret_len, response->NTResp); - -#ifdef MSLANMAN - ChapMS_LANMan(rchallenge, secret, secret_len, response); - - /* preferred method is set by option */ - response->UseNT[0] = !ms_lanman; -#else - response->UseNT[0] = 1; -#endif - -#ifdef MPPE - Set_Start_Key(rchallenge, secret, secret_len); -#endif -} - - -/* - * If PeerChallenge is NULL, one is generated and response->PeerChallenge - * is filled in. Call this way when generating a response. - * If PeerChallenge is supplied, it is copied into response->PeerChallenge. - * Call this way when verifying a response (or debugging). - * Do not call with PeerChallenge = response->PeerChallenge. - * - * response->PeerChallenge is then used for calculation of the - * Authenticator Response. - */ -void -ChapMS2(u_char *rchallenge, u_char *PeerChallenge, - char *user, char *secret, int secret_len, MS_Chap2Response *response, - u_char authResponse[], int authenticator) -{ - /* ARGSUSED */ - u_char *p = response->PeerChallenge; - int i; - - BZERO(response, sizeof(*response)); - - /* Generate the Peer-Challenge if requested, or copy it if supplied. */ - if (!PeerChallenge) - for (i = 0; i < sizeof(response->PeerChallenge); i++) - *p++ = (u_char) (drand48() * 0xff); - else - BCOPY(PeerChallenge, response->PeerChallenge, - sizeof(response->PeerChallenge)); - - /* Generate the NT-Response */ - ChapMS2_NT((char *)rchallenge, response->PeerChallenge, user, - secret, secret_len, response->NTResp); - - /* Generate the Authenticator Response. */ - GenerateAuthenticatorResponsePlain(secret, secret_len, response->NTResp, - response->PeerChallenge, rchallenge, - user, authResponse); - -#ifdef MPPE - SetMasterKeys(secret, secret_len, response->NTResp, authenticator); -#endif -} - -#ifdef MPPE -/* - * Set MPPE options from plugins. - */ -void -set_mppe_enc_types(int policy, int types) -{ - /* Early exit for unknown policies. */ - if (policy != MPPE_ENC_POL_ENC_ALLOWED || - policy != MPPE_ENC_POL_ENC_REQUIRED) - return; - - /* Don't modify MPPE if it's optional and wasn't already configured. */ - if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe) - return; - - /* - * Disable undesirable encryption types. Note that we don't ENABLE - * any encryption types, to avoid overriding manual configuration. - */ - switch(types) { - case MPPE_ENC_TYPES_RC4_40: - ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ - break; - case MPPE_ENC_TYPES_RC4_128: - ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ - break; - default: - break; - } -} -#endif /* MPPE */ - -static struct chap_digest_type chapms_digest = { - CHAP_MICROSOFT, /* code */ - chapms_generate_challenge, - chapms_verify_response, - chapms_make_response, - NULL, /* check_success */ - chapms_handle_failure, -}; - -static struct chap_digest_type chapms2_digest = { - CHAP_MICROSOFT_V2, /* code */ - chapms2_generate_challenge, - chapms2_verify_response, - chapms2_make_response, - chapms2_check_success, - chapms_handle_failure, -}; - -void -chapms_init(void) -{ - chap_register_digest(&chapms_digest); - chap_register_digest(&chapms2_digest); - add_options(chapms_option_list); -} - -#endif /* CHAPMS */ diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h deleted file mode 100644 index 168c0be..0000000 --- a/pppd/chap_ms.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * chap_ms.h - Challenge Handshake Authentication Protocol definitions. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: chap_ms.h,v 1.12 2004/11/09 22:49:05 paulus Exp $ - */ - -#ifndef __CHAPMS_INCLUDE__ - -#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */ -#define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */ - -#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ -#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */ -#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */ - /* as ASCII */ - -/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */ -#define MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS 646 -#define MS_CHAP_ERROR_ACCT_DISABLED 647 -#define MS_CHAP_ERROR_PASSWD_EXPIRED 648 -#define MS_CHAP_ERROR_NO_DIALIN_PERMISSION 649 -#define MS_CHAP_ERROR_AUTHENTICATION_FAILURE 691 -#define MS_CHAP_ERROR_CHANGING_PASSWORD 709 - -/* - * Apparently gcc on ARM gives all structures 4-byte alignment - * by default. This tells gcc that these structures may be - * unaligned and may not have extra padding inside them. - */ -#ifdef __GNUC__ -#define PACKED __attribute__((__packed__)) -#else -#define PACKED -#endif - -/* - * Use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse), - * in case this struct gets padded. - */ -typedef struct { - u_char LANManResp[24]; - u_char NTResp[24]; - u_char UseNT[1]; /* If 1, ignore the LANMan response field */ -} MS_ChapResponse PACKED; - -/* - * Use MS_CHAP2_RESPONSE_LEN, rather than sizeof(MS_Chap2Response), - * in case this struct gets padded. - */ -typedef struct { - u_char PeerChallenge[16]; - u_char Reserved[8]; /* Must be zero */ - u_char NTResp[24]; - u_char Flags[1]; /* Must be zero */ -} MS_Chap2Response PACKED; - -#ifdef MPPE -#include /* MPPE_MAX_KEY_LEN */ -extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; -extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; -extern int mppe_keys_set; - -/* These values are the RADIUS attribute values--see RFC 2548. */ -#define MPPE_ENC_POL_ENC_ALLOWED 1 -#define MPPE_ENC_POL_ENC_REQUIRED 2 -#define MPPE_ENC_TYPES_RC4_40 2 -#define MPPE_ENC_TYPES_RC4_128 4 - -/* used by plugins (using above values) */ -extern void set_mppe_enc_types(int, int); -#endif - -/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */ -#define MS_CHAP2_AUTHENTICATEE 0 -#define MS_CHAP2_AUTHENTICATOR 1 - -void ChapMS __P((u_char *, char *, int, MS_ChapResponse *)); -void ChapMS2 __P((u_char *, u_char *, char *, char *, int, - MS_Chap2Response *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int)); -#ifdef MPPE -void mppe_set_keys __P((u_char *, u_char[MD4_SIGNATURE_SIZE])); -void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], int IsServer); -#endif - -void ChallengeHash __P((u_char[16], u_char *, char *, u_char[8])); - -void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], u_char PeerChallenge[16], - u_char *rchallenge, char *username, - u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]); - -void chapms_init(void); - -#define __CHAPMS_INCLUDE__ -#endif /* __CHAPMS_INCLUDE__ */ diff --git a/pppd/demand.c b/pppd/demand.c deleted file mode 100644 index 8bf96d0..0000000 --- a/pppd/demand.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * demand.c - Support routines for demand-dialling. - * - * Copyright (c) 1996-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: demand.c,v 1.19 2004/11/04 10:02:26 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef PPP_FILTER -#include -#endif - -#include "pppd.h" -#include "fsm.h" -#include "ipcp.h" -#include "lcp.h" - -static const char rcsid[] = RCSID; - -char *frame; -int framelen; -int framemax; -int escape_flag; -int flush_flag; -int fcs; - -struct packet { - int length; - struct packet *next; - unsigned char data[1]; -}; - -struct packet *pend_q; -struct packet *pend_qtail; - -static int active_packet __P((unsigned char *, int)); - -/* - * demand_conf - configure the interface for doing dial-on-demand. - */ -void -demand_conf() -{ - int i; - struct protent *protp; - -/* framemax = lcp_allowoptions[0].mru; - if (framemax < PPP_MRU) */ - framemax = PPP_MRU; - framemax += PPP_HDRLEN + PPP_FCSLEN; - frame = malloc(framemax); - if (frame == NULL) - novm("demand frame"); - framelen = 0; - pend_q = NULL; - escape_flag = 0; - flush_flag = 0; - fcs = PPP_INITFCS; - - netif_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU)); - if (ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0 - || ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0) - fatal("Couldn't set up demand-dialled PPP interface: %m"); - -#ifdef PPP_FILTER - set_filters(&pass_filter, &active_filter); -#endif - - /* - * Call the demand_conf procedure for each protocol that's got one. - */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->enabled_flag && protp->demand_conf != NULL) - if (!((*protp->demand_conf)(0))) - die(1); -} - - -/* - * demand_block - set each network protocol to block further packets. - */ -void -demand_block() -{ - int i; - struct protent *protp; - - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->enabled_flag && protp->demand_conf != NULL) - sifnpmode(0, protp->protocol & ~0x8000, NPMODE_QUEUE); - get_loop_output(); -} - -/* - * demand_discard - set each network protocol to discard packets - * with an error. - */ -void -demand_discard() -{ - struct packet *pkt, *nextpkt; - int i; - struct protent *protp; - - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->enabled_flag && protp->demand_conf != NULL) - sifnpmode(0, protp->protocol & ~0x8000, NPMODE_ERROR); - get_loop_output(); - - /* discard all saved packets */ - for (pkt = pend_q; pkt != NULL; pkt = nextpkt) { - nextpkt = pkt->next; - free(pkt); - } - pend_q = NULL; - framelen = 0; - flush_flag = 0; - escape_flag = 0; - fcs = PPP_INITFCS; -} - -/* - * demand_unblock - set each enabled network protocol to pass packets. - */ -void -demand_unblock() -{ - int i; - struct protent *protp; - - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->enabled_flag && protp->demand_conf != NULL) - sifnpmode(0, protp->protocol & ~0x8000, NPMODE_PASS); -} - -/* - * FCS lookup table as calculated by genfcstab. - */ -static u_short fcstab[256] = { - 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf, - 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7, - 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e, - 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876, - 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd, - 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5, - 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c, - 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974, - 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb, - 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3, - 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a, - 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72, - 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9, - 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1, - 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738, - 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70, - 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7, - 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff, - 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036, - 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e, - 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5, - 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd, - 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134, - 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c, - 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3, - 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb, - 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232, - 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a, - 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1, - 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9, - 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330, - 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78 -}; - -/* - * loop_chars - process characters received from the loopback. - * Calls loop_frame when a complete frame has been accumulated. - * Return value is 1 if we need to bring up the link, 0 otherwise. - */ -int -loop_chars(p, n) - unsigned char *p; - int n; -{ - int c, rv; - - rv = 0; - for (; n > 0; --n) { - c = *p++; - if (c == PPP_FLAG) { - if (!escape_flag && !flush_flag - && framelen > 2 && fcs == PPP_GOODFCS) { - framelen -= 2; - if (loop_frame((unsigned char *)frame, framelen)) - rv = 1; - } - framelen = 0; - flush_flag = 0; - escape_flag = 0; - fcs = PPP_INITFCS; - continue; - } - if (flush_flag) - continue; - if (escape_flag) { - c ^= PPP_TRANS; - escape_flag = 0; - } else if (c == PPP_ESCAPE) { - escape_flag = 1; - continue; - } - if (framelen >= framemax) { - flush_flag = 1; - continue; - } - frame[framelen++] = c; - fcs = PPP_FCS(fcs, c); - } - return rv; -} - -/* - * loop_frame - given a frame obtained from the loopback, - * decide whether to bring up the link or not, and, if we want - * to transmit this frame later, put it on the pending queue. - * Return value is 1 if we need to bring up the link, 0 otherwise. - * We assume that the kernel driver has already applied the - * pass_filter, so we won't get packets it rejected. - * We apply the active_filter to see if we want this packet to - * bring up the link. - */ -int -loop_frame(frame, len) - unsigned char *frame; - int len; -{ - struct packet *pkt; - - /* dbglog("from loop: %P", frame, len); */ - if (len < PPP_HDRLEN) - return 0; - if ((PPP_PROTOCOL(frame) & 0x8000) != 0) - return 0; /* shouldn't get any of these anyway */ - if (!active_packet(frame, len)) - return 0; - - pkt = (struct packet *) malloc(sizeof(struct packet) + len); - if (pkt != NULL) { - pkt->length = len; - pkt->next = NULL; - memcpy(pkt->data, frame, len); - if (pend_q == NULL) - pend_q = pkt; - else - pend_qtail->next = pkt; - pend_qtail = pkt; - } - return 1; -} - -/* - * demand_rexmit - Resend all those frames which we got via the - * loopback, now that the real serial link is up. - */ -void -demand_rexmit(proto) - int proto; -{ - struct packet *pkt, *prev, *nextpkt; - - prev = NULL; - pkt = pend_q; - pend_q = NULL; - for (; pkt != NULL; pkt = nextpkt) { - nextpkt = pkt->next; - if (PPP_PROTOCOL(pkt->data) == proto) { - output(0, pkt->data, pkt->length); - free(pkt); - } else { - if (prev == NULL) - pend_q = pkt; - else - prev->next = pkt; - prev = pkt; - } - } - pend_qtail = prev; - if (prev != NULL) - prev->next = NULL; -} - -/* - * Scan a packet to decide whether it is an "active" packet, - * that is, whether it is worth bringing up the link for. - */ -static int -active_packet(p, len) - unsigned char *p; - int len; -{ - int proto, i; - struct protent *protp; - - if (len < PPP_HDRLEN) - return 0; - proto = PPP_PROTOCOL(p); -#ifdef PPP_FILTER - if (pass_filter.bf_len != 0 - && bpf_filter(pass_filter.bf_insns, p, len, len) == 0) - return 0; - if (active_filter.bf_len != 0 - && bpf_filter(active_filter.bf_insns, p, len, len) == 0) - return 0; -#endif - for (i = 0; (protp = protocols[i]) != NULL; ++i) { - if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) { - if (!protp->enabled_flag) - return 0; - if (protp->active_pkt == NULL) - return 1; - return (*protp->active_pkt)(p, len); - } - } - return 0; /* not a supported protocol !!?? */ -} diff --git a/pppd/eap.c b/pppd/eap.c deleted file mode 100644 index 6203f94..0000000 --- a/pppd/eap.c +++ /dev/null @@ -1,2428 +0,0 @@ -/* - * eap.c - Extensible Authentication Protocol for PPP (RFC 2284) - * - * Copyright (c) 2001 by Sun Microsystems, Inc. - * All rights reserved. - * - * Non-exclusive rights to redistribute, modify, translate, and use - * this software in source and binary forms, in whole or in part, is - * hereby granted, provided that the above copyright notice is - * duplicated in any source form, and that neither the name of the - * copyright holder nor the author is used to endorse or promote - * products derived from this software. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Original version by James Carlson - * - * This implementation of EAP supports MD5-Challenge and SRP-SHA1 - * authentication styles. Note that support of MD5-Challenge is a - * requirement of RFC 2284, and that it's essentially just a - * reimplementation of regular RFC 1994 CHAP using EAP messages. - * - * As an authenticator ("server"), there are multiple phases for each - * style. In the first phase of each style, the unauthenticated peer - * name is queried using the EAP Identity request type. If the - * "remotename" option is used, then this phase is skipped, because - * the peer's name is presumed to be known. - * - * For MD5-Challenge, there are two phases, and the second phase - * consists of sending the challenge itself and handling the - * associated response. - * - * For SRP-SHA1, there are four phases. The second sends 's', 'N', - * and 'g'. The reply contains 'A'. The third sends 'B', and the - * reply contains 'M1'. The forth sends the 'M2' value. - * - * As an authenticatee ("client"), there's just a single phase -- - * responding to the queries generated by the peer. EAP is an - * authenticator-driven protocol. - * - * Based on draft-ietf-pppext-eap-srp-03.txt. - */ - -#define RCSID "$Id: eap.c,v 1.4 2004/11/09 22:39:25 paulus Exp $" - -/* - * TODO: - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "pathnames.h" -#include "md5.h" -#include "eap.h" - -#ifdef USE_SRP -#include -#include -#include -#include "pppcrypt.h" -#endif /* USE_SRP */ - -#ifndef SHA_DIGESTSIZE -#define SHA_DIGESTSIZE 20 -#endif - -static const char rcsid[] = RCSID; - -eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */ -#ifdef USE_SRP -static char *pn_secret = NULL; /* Pseudonym generating secret */ -#endif - -/* - * Command-line options. - */ -static option_t eap_option_list[] = { - { "eap-restart", o_int, &eap_states[0].es_server.ea_timeout, - "Set retransmit timeout for EAP Requests (server)" }, - { "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests, - "Set max number of EAP Requests sent (server)" }, - { "eap-timeout", o_int, &eap_states[0].es_client.ea_timeout, - "Set time limit for peer EAP authentication" }, - { "eap-max-rreq", o_int, &eap_states[0].es_client.ea_maxrequests, - "Set max number of EAP Requests allows (client)" }, - { "eap-interval", o_int, &eap_states[0].es_rechallenge, - "Set interval for EAP rechallenge" }, -#ifdef USE_SRP - { "srp-interval", o_int, &eap_states[0].es_lwrechallenge, - "Set interval for SRP lightweight rechallenge" }, - { "srp-pn-secret", o_string, &pn_secret, - "Long term pseudonym generation secret" }, - { "srp-use-pseudonym", o_bool, &eap_states[0].es_usepseudo, - "Use pseudonym if offered one by server", 1 }, -#endif - { NULL } -}; - -/* - * Protocol entry points. - */ -static void eap_init __P((int unit)); -static void eap_input __P((int unit, u_char *inp, int inlen)); -static void eap_protrej __P((int unit)); -static void eap_lowerup __P((int unit)); -static void eap_lowerdown __P((int unit)); -static int eap_printpkt __P((u_char *inp, int inlen, - void (*)(void *arg, char *fmt, ...), void *arg)); - -struct protent eap_protent = { - PPP_EAP, /* protocol number */ - eap_init, /* initialization procedure */ - eap_input, /* process a received packet */ - eap_protrej, /* process a received protocol-reject */ - eap_lowerup, /* lower layer has gone up */ - eap_lowerdown, /* lower layer has gone down */ - NULL, /* open the protocol */ - NULL, /* close the protocol */ - eap_printpkt, /* print a packet in readable form */ - NULL, /* process a received data packet */ - 1, /* protocol enabled */ - "EAP", /* text name of protocol */ - NULL, /* text name of corresponding data protocol */ - eap_option_list, /* list of command-line options */ - NULL, /* check requested options; assign defaults */ - NULL, /* configure interface for demand-dial */ - NULL /* say whether to bring up link for this pkt */ -}; - -/* - * A well-known 2048 bit modulus. - */ -static const u_char wkmodulus[] = { - 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, - 0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, - 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, - 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, - 0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED, - 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, - 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, - 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50, - 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, - 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, - 0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, - 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, - 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, - 0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74, - 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, - 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, - 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16, - 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, - 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, - 0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, - 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, - 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, - 0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78, - 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, - 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, - 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8, - 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, - 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, - 0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, - 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, - 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, - 0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73 -}; - -/* Local forward declarations. */ -static void eap_server_timeout __P((void *arg)); - -/* - * Convert EAP state code to printable string for debug. - */ -static const char * -eap_state_name(esc) -enum eap_state_code esc; -{ - static const char *state_names[] = { EAP_STATES }; - - return (state_names[(int)esc]); -} - -/* - * eap_init - Initialize state for an EAP user. This is currently - * called once by main() during start-up. - */ -static void -eap_init(unit) -int unit; -{ - eap_state *esp = &eap_states[unit]; - - BZERO(esp, sizeof (*esp)); - esp->es_unit = unit; - esp->es_server.ea_timeout = EAP_DEFTIMEOUT; - esp->es_server.ea_maxrequests = EAP_DEFTRANSMITS; - esp->es_server.ea_id = (u_char)(drand48() * 0x100); - esp->es_client.ea_timeout = EAP_DEFREQTIME; - esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ; -} - -/* - * eap_client_timeout - Give up waiting for the peer to send any - * Request messages. - */ -static void -eap_client_timeout(arg) -void *arg; -{ - eap_state *esp = (eap_state *) arg; - - if (!eap_client_active(esp)) - return; - - error("EAP: timeout waiting for Request from peer"); - auth_withpeer_fail(esp->es_unit, PPP_EAP); - esp->es_client.ea_state = eapBadAuth; -} - -/* - * eap_authwithpeer - Authenticate to our peer (behave as client). - * - * Start client state and wait for requests. This is called only - * after eap_lowerup. - */ -void -eap_authwithpeer(unit, localname) -int unit; -char *localname; -{ - eap_state *esp = &eap_states[unit]; - - /* Save the peer name we're given */ - esp->es_client.ea_name = localname; - esp->es_client.ea_namelen = strlen(localname); - - esp->es_client.ea_state = eapListen; - - /* - * Start a timer so that if the other end just goes - * silent, we don't sit here waiting forever. - */ - if (esp->es_client.ea_timeout > 0) - TIMEOUT(eap_client_timeout, (void *)esp, - esp->es_client.ea_timeout); -} - -/* - * Format a standard EAP Failure message and send it to the peer. - * (Server operation) - */ -static void -eap_send_failure(esp) -eap_state *esp; -{ - u_char *outp; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_FAILURE, outp); - esp->es_server.ea_id++; - PUTCHAR(esp->es_server.ea_id, outp); - PUTSHORT(EAP_HEADERLEN, outp); - - output(esp->es_unit, outpacket_buf, EAP_HEADERLEN + PPP_HDRLEN); - - esp->es_server.ea_state = eapBadAuth; - auth_peer_fail(esp->es_unit, PPP_EAP); -} - -/* - * Format a standard EAP Success message and send it to the peer. - * (Server operation) - */ -static void -eap_send_success(esp) -eap_state *esp; -{ - u_char *outp; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_SUCCESS, outp); - esp->es_server.ea_id++; - PUTCHAR(esp->es_server.ea_id, outp); - PUTSHORT(EAP_HEADERLEN, outp); - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + EAP_HEADERLEN); - - auth_peer_success(esp->es_unit, PPP_EAP, 0, - esp->es_server.ea_peer, esp->es_server.ea_peerlen); -} - -#ifdef USE_SRP -/* - * Set DES key according to pseudonym-generating secret and current - * date. - */ -static bool -pncrypt_setkey(int timeoffs) -{ - struct tm *tp; - char tbuf[9]; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; - time_t reftime; - - if (pn_secret == NULL) - return (0); - reftime = time(NULL) + timeoffs; - tp = localtime(&reftime); - SHA1Init(&ctxt); - SHA1Update(&ctxt, pn_secret, strlen(pn_secret)); - strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp); - SHA1Update(&ctxt, tbuf, strlen(tbuf)); - SHA1Final(dig, &ctxt); - return (DesSetkey(dig)); -} - -static char base64[] = -"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -struct b64state { - u_int32_t bs_bits; - int bs_offs; -}; - -static int -b64enc(bs, inp, inlen, outp) -struct b64state *bs; -u_char *inp; -int inlen; -u_char *outp; -{ - int outlen = 0; - - while (inlen > 0) { - bs->bs_bits = (bs->bs_bits << 8) | *inp++; - inlen--; - bs->bs_offs += 8; - if (bs->bs_offs >= 24) { - *outp++ = base64[(bs->bs_bits >> 18) & 0x3F]; - *outp++ = base64[(bs->bs_bits >> 12) & 0x3F]; - *outp++ = base64[(bs->bs_bits >> 6) & 0x3F]; - *outp++ = base64[bs->bs_bits & 0x3F]; - outlen += 4; - bs->bs_offs = 0; - bs->bs_bits = 0; - } - } - return (outlen); -} - -static int -b64flush(bs, outp) -struct b64state *bs; -u_char *outp; -{ - int outlen = 0; - - if (bs->bs_offs == 8) { - *outp++ = base64[(bs->bs_bits >> 2) & 0x3F]; - *outp++ = base64[(bs->bs_bits << 4) & 0x3F]; - outlen = 2; - } else if (bs->bs_offs == 16) { - *outp++ = base64[(bs->bs_bits >> 10) & 0x3F]; - *outp++ = base64[(bs->bs_bits >> 4) & 0x3F]; - *outp++ = base64[(bs->bs_bits << 2) & 0x3F]; - outlen = 3; - } - bs->bs_offs = 0; - bs->bs_bits = 0; - return (outlen); -} - -static int -b64dec(bs, inp, inlen, outp) -struct b64state *bs; -u_char *inp; -int inlen; -u_char *outp; -{ - int outlen = 0; - char *cp; - - while (inlen > 0) { - if ((cp = strchr(base64, *inp++)) == NULL) - break; - bs->bs_bits = (bs->bs_bits << 6) | (cp - base64); - inlen--; - bs->bs_offs += 6; - if (bs->bs_offs >= 8) { - *outp++ = bs->bs_bits >> (bs->bs_offs - 8); - outlen++; - bs->bs_offs -= 8; - } - } - return (outlen); -} -#endif /* USE_SRP */ - -/* - * Assume that current waiting server state is complete and figure - * next state to use based on available authentication data. 'status' - * indicates if there was an error in handling the last query. It is - * 0 for success and non-zero for failure. - */ -static void -eap_figure_next_state(esp, status) -eap_state *esp; -int status; -{ -#ifdef USE_SRP - unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp; - struct t_pw tpw; - struct t_confent *tce, mytce; - char *cp, *cp2; - struct t_server *ts; - int id, i, plen, toffs; - u_char vals[2]; - struct b64state bs; -#endif /* USE_SRP */ - - esp->es_server.ea_timeout = esp->es_savedtime; - switch (esp->es_server.ea_state) { - case eapBadAuth: - return; - - case eapIdentify: -#ifdef USE_SRP - /* Discard any previous session. */ - ts = (struct t_server *)esp->es_server.ea_session; - if (ts != NULL) { - t_serverclose(ts); - esp->es_server.ea_session = NULL; - esp->es_server.ea_skey = NULL; - } -#endif /* USE_SRP */ - if (status != 0) { - esp->es_server.ea_state = eapBadAuth; - break; - } -#ifdef USE_SRP - /* If we've got a pseudonym, try to decode to real name. */ - if (esp->es_server.ea_peerlen > SRP_PSEUDO_LEN && - strncmp(esp->es_server.ea_peer, SRP_PSEUDO_ID, - SRP_PSEUDO_LEN) == 0 && - (esp->es_server.ea_peerlen - SRP_PSEUDO_LEN) * 3 / 4 < - sizeof (secbuf)) { - BZERO(&bs, sizeof (bs)); - plen = b64dec(&bs, - esp->es_server.ea_peer + SRP_PSEUDO_LEN, - esp->es_server.ea_peerlen - SRP_PSEUDO_LEN, - secbuf); - toffs = 0; - for (i = 0; i < 5; i++) { - pncrypt_setkey(toffs); - toffs -= 86400; - if (!DesDecrypt(secbuf, clear)) { - dbglog("no DES here; cannot decode " - "pseudonym"); - return; - } - id = *(unsigned char *)clear; - if (id + 1 <= plen && id + 9 > plen) - break; - } - if (plen % 8 == 0 && i < 5) { - /* - * Note that this is always shorter than the - * original stored string, so there's no need - * to realloc. - */ - if ((i = plen = *(unsigned char *)clear) > 7) - i = 7; - esp->es_server.ea_peerlen = plen; - dp = (unsigned char *)esp->es_server.ea_peer; - BCOPY(clear + 1, dp, i); - plen -= i; - dp += i; - sp = secbuf + 8; - while (plen > 0) { - (void) DesDecrypt(sp, dp); - sp += 8; - dp += 8; - plen -= 8; - } - esp->es_server.ea_peer[ - esp->es_server.ea_peerlen] = '\0'; - dbglog("decoded pseudonym to \"%.*q\"", - esp->es_server.ea_peerlen, - esp->es_server.ea_peer); - } else { - dbglog("failed to decode real name"); - /* Stay in eapIdentfy state; requery */ - break; - } - } - /* Look up user in secrets database. */ - if (get_srp_secret(esp->es_unit, esp->es_server.ea_peer, - esp->es_server.ea_name, (char *)secbuf, 1) != 0) { - /* Set up default in case SRP entry is bad */ - esp->es_server.ea_state = eapMD5Chall; - /* Get t_confent based on index in srp-secrets */ - id = strtol((char *)secbuf, &cp, 10); - if (*cp++ != ':' || id < 0) - break; - if (id == 0) { - mytce.index = 0; - mytce.modulus.data = (u_char *)wkmodulus; - mytce.modulus.len = sizeof (wkmodulus); - mytce.generator.data = (u_char *)"\002"; - mytce.generator.len = 1; - tce = &mytce; - } else if ((tce = gettcid(id)) != NULL) { - /* - * Client will have to verify this modulus/ - * generator combination, and that will take - * a while. Lengthen the timeout here. - */ - if (esp->es_server.ea_timeout > 0 && - esp->es_server.ea_timeout < 30) - esp->es_server.ea_timeout = 30; - } else { - break; - } - if ((cp2 = strchr(cp, ':')) == NULL) - break; - *cp2++ = '\0'; - tpw.pebuf.name = esp->es_server.ea_peer; - tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf, - cp); - tpw.pebuf.password.data = tpw.pwbuf; - tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf, - cp2); - tpw.pebuf.salt.data = tpw.saltbuf; - if ((ts = t_serveropenraw(&tpw.pebuf, tce)) == NULL) - break; - esp->es_server.ea_session = (void *)ts; - esp->es_server.ea_state = eapSRP1; - vals[0] = esp->es_server.ea_id + 1; - vals[1] = EAPT_SRP; - t_serveraddexdata(ts, vals, 2); - /* Generate B; must call before t_servergetkey() */ - t_servergenexp(ts); - break; - } -#endif /* USE_SRP */ - esp->es_server.ea_state = eapMD5Chall; - break; - - case eapSRP1: -#ifdef USE_SRP - ts = (struct t_server *)esp->es_server.ea_session; - if (ts != NULL && status != 0) { - t_serverclose(ts); - esp->es_server.ea_session = NULL; - esp->es_server.ea_skey = NULL; - } -#endif /* USE_SRP */ - if (status == 1) { - esp->es_server.ea_state = eapMD5Chall; - } else if (status != 0 || esp->es_server.ea_session == NULL) { - esp->es_server.ea_state = eapBadAuth; - } else { - esp->es_server.ea_state = eapSRP2; - } - break; - - case eapSRP2: -#ifdef USE_SRP - ts = (struct t_server *)esp->es_server.ea_session; - if (ts != NULL && status != 0) { - t_serverclose(ts); - esp->es_server.ea_session = NULL; - esp->es_server.ea_skey = NULL; - } -#endif /* USE_SRP */ - if (status != 0 || esp->es_server.ea_session == NULL) { - esp->es_server.ea_state = eapBadAuth; - } else { - esp->es_server.ea_state = eapSRP3; - } - break; - - case eapSRP3: - case eapSRP4: -#ifdef USE_SRP - ts = (struct t_server *)esp->es_server.ea_session; - if (ts != NULL && status != 0) { - t_serverclose(ts); - esp->es_server.ea_session = NULL; - esp->es_server.ea_skey = NULL; - } -#endif /* USE_SRP */ - if (status != 0 || esp->es_server.ea_session == NULL) { - esp->es_server.ea_state = eapBadAuth; - } else { - esp->es_server.ea_state = eapOpen; - } - break; - - case eapMD5Chall: - if (status != 0) { - esp->es_server.ea_state = eapBadAuth; - } else { - esp->es_server.ea_state = eapOpen; - } - break; - - default: - esp->es_server.ea_state = eapBadAuth; - break; - } - if (esp->es_server.ea_state == eapBadAuth) - eap_send_failure(esp); -} - -/* - * Format an EAP Request message and send it to the peer. Message - * type depends on current state. (Server operation) - */ -static void -eap_send_request(esp) -eap_state *esp; -{ - u_char *outp; - u_char *lenloc; - u_char *ptr; - int outlen; - int challen; - char *str; -#ifdef USE_SRP - struct t_server *ts; - u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp; - int i, j; - struct b64state b64; - SHA1_CTX ctxt; -#endif /* USE_SRP */ - - /* Handle both initial auth and restart */ - if (esp->es_server.ea_state < eapIdentify && - esp->es_server.ea_state != eapInitial) { - esp->es_server.ea_state = eapIdentify; - if (explicit_remote) { - /* - * If we already know the peer's - * unauthenticated name, then there's no - * reason to ask. Go to next state instead. - */ - esp->es_server.ea_peer = remote_name; - esp->es_server.ea_peerlen = strlen(remote_name); - eap_figure_next_state(esp, 0); - } - } - - if (esp->es_server.ea_maxrequests > 0 && - esp->es_server.ea_requests >= esp->es_server.ea_maxrequests) { - if (esp->es_server.ea_responses > 0) - error("EAP: too many Requests sent"); - else - error("EAP: no response to Requests"); - eap_send_failure(esp); - return; - } - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_REQUEST, outp); - PUTCHAR(esp->es_server.ea_id, outp); - lenloc = outp; - INCPTR(2, outp); - - switch (esp->es_server.ea_state) { - case eapIdentify: - PUTCHAR(EAPT_IDENTITY, outp); - str = "Name"; - challen = strlen(str); - BCOPY(str, outp, challen); - INCPTR(challen, outp); - break; - - case eapMD5Chall: - PUTCHAR(EAPT_MD5CHAP, outp); - /* - * pick a random challenge length between - * MIN_CHALLENGE_LENGTH and MAX_CHALLENGE_LENGTH - */ - challen = (drand48() * - (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) + - MIN_CHALLENGE_LENGTH; - PUTCHAR(challen, outp); - esp->es_challen = challen; - ptr = esp->es_challenge; - while (--challen >= 0) - *ptr++ = (u_char) (drand48() * 0x100); - BCOPY(esp->es_challenge, outp, esp->es_challen); - INCPTR(esp->es_challen, outp); - BCOPY(esp->es_server.ea_name, outp, esp->es_server.ea_namelen); - INCPTR(esp->es_server.ea_namelen, outp); - break; - -#ifdef USE_SRP - case eapSRP1: - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(EAPSRP_CHALLENGE, outp); - - PUTCHAR(esp->es_server.ea_namelen, outp); - BCOPY(esp->es_server.ea_name, outp, esp->es_server.ea_namelen); - INCPTR(esp->es_server.ea_namelen, outp); - - ts = (struct t_server *)esp->es_server.ea_session; - assert(ts != NULL); - PUTCHAR(ts->s.len, outp); - BCOPY(ts->s.data, outp, ts->s.len); - INCPTR(ts->s.len, outp); - - if (ts->g.len == 1 && ts->g.data[0] == 2) { - PUTCHAR(0, outp); - } else { - PUTCHAR(ts->g.len, outp); - BCOPY(ts->g.data, outp, ts->g.len); - INCPTR(ts->g.len, outp); - } - - if (ts->n.len != sizeof (wkmodulus) || - BCMP(ts->n.data, wkmodulus, sizeof (wkmodulus)) != 0) { - BCOPY(ts->n.data, outp, ts->n.len); - INCPTR(ts->n.len, outp); - } - break; - - case eapSRP2: - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(EAPSRP_SKEY, outp); - - ts = (struct t_server *)esp->es_server.ea_session; - assert(ts != NULL); - BCOPY(ts->B.data, outp, ts->B.len); - INCPTR(ts->B.len, outp); - break; - - case eapSRP3: - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(EAPSRP_SVALIDATOR, outp); - PUTLONG(SRPVAL_EBIT, outp); - ts = (struct t_server *)esp->es_server.ea_session; - assert(ts != NULL); - BCOPY(t_serverresponse(ts), outp, SHA_DIGESTSIZE); - INCPTR(SHA_DIGESTSIZE, outp); - - if (pncrypt_setkey(0)) { - /* Generate pseudonym */ - optr = outp; - cp = (unsigned char *)esp->es_server.ea_peer; - if ((j = i = esp->es_server.ea_peerlen) > 7) - j = 7; - clear[0] = i; - BCOPY(cp, clear + 1, j); - i -= j; - cp += j; - if (!DesEncrypt(clear, cipher)) { - dbglog("no DES here; not generating pseudonym"); - break; - } - BZERO(&b64, sizeof (b64)); - outp++; /* space for pseudonym length */ - outp += b64enc(&b64, cipher, 8, outp); - while (i >= 8) { - (void) DesEncrypt(cp, cipher); - outp += b64enc(&b64, cipher, 8, outp); - cp += 8; - i -= 8; - } - if (i > 0) { - BCOPY(cp, clear, i); - cp += i; - while (i < 8) { - *cp++ = drand48() * 0x100; - i++; - } - (void) DesEncrypt(clear, cipher); - outp += b64enc(&b64, cipher, 8, outp); - } - outp += b64flush(&b64, outp); - - /* Set length and pad out to next 20 octet boundary */ - i = outp - optr - 1; - *optr = i; - i %= SHA_DIGESTSIZE; - if (i != 0) { - while (i < SHA_DIGESTSIZE) { - *outp++ = drand48() * 0x100; - i++; - } - } - - /* Obscure the pseudonym with SHA1 hash */ - SHA1Init(&ctxt); - SHA1Update(&ctxt, &esp->es_server.ea_id, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, esp->es_server.ea_peer, - esp->es_server.ea_peerlen); - while (optr < outp) { - SHA1Final(dig, &ctxt); - cp = dig; - while (cp < dig + SHA_DIGESTSIZE) - *optr++ ^= *cp++; - SHA1Init(&ctxt); - SHA1Update(&ctxt, &esp->es_server.ea_id, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, optr - SHA_DIGESTSIZE, - SHA_DIGESTSIZE); - } - } - break; - - case eapSRP4: - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(EAPSRP_LWRECHALLENGE, outp); - challen = MIN_CHALLENGE_LENGTH + - ((MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH) * drand48()); - esp->es_challen = challen; - ptr = esp->es_challenge; - while (--challen >= 0) - *ptr++ = drand48() * 0x100; - BCOPY(esp->es_challenge, outp, esp->es_challen); - INCPTR(esp->es_challen, outp); - break; -#endif /* USE_SRP */ - - default: - return; - } - - outlen = (outp - outpacket_buf) - PPP_HDRLEN; - PUTSHORT(outlen, lenloc); - - output(esp->es_unit, outpacket_buf, outlen + PPP_HDRLEN); - - esp->es_server.ea_requests++; - - if (esp->es_server.ea_timeout > 0) - TIMEOUT(eap_server_timeout, esp, esp->es_server.ea_timeout); -} - -/* - * eap_authpeer - Authenticate our peer (behave as server). - * - * Start server state and send first request. This is called only - * after eap_lowerup. - */ -void -eap_authpeer(unit, localname) -int unit; -char *localname; -{ - eap_state *esp = &eap_states[unit]; - - /* Save the name we're given. */ - esp->es_server.ea_name = localname; - esp->es_server.ea_namelen = strlen(localname); - - esp->es_savedtime = esp->es_server.ea_timeout; - - /* Lower layer up yet? */ - if (esp->es_server.ea_state == eapInitial || - esp->es_server.ea_state == eapPending) { - esp->es_server.ea_state = eapPending; - return; - } - - esp->es_server.ea_state = eapPending; - - /* ID number not updated here intentionally; hashed into M1 */ - eap_send_request(esp); -} - -/* - * eap_server_timeout - Retransmission timer for sending Requests - * expired. - */ -static void -eap_server_timeout(arg) -void *arg; -{ - eap_state *esp = (eap_state *) arg; - - if (!eap_server_active(esp)) - return; - - /* EAP ID number must not change on timeout. */ - eap_send_request(esp); -} - -/* - * When it's time to send rechallenge the peer, this timeout is - * called. Once the rechallenge is successful, the response handler - * will restart the timer. If it fails, then the link is dropped. - */ -static void -eap_rechallenge(arg) -void *arg; -{ - eap_state *esp = (eap_state *)arg; - - if (esp->es_server.ea_state != eapOpen && - esp->es_server.ea_state != eapSRP4) - return; - - esp->es_server.ea_requests = 0; - esp->es_server.ea_state = eapIdentify; - eap_figure_next_state(esp, 0); - esp->es_server.ea_id++; - eap_send_request(esp); -} - -static void -srp_lwrechallenge(arg) -void *arg; -{ - eap_state *esp = (eap_state *)arg; - - if (esp->es_server.ea_state != eapOpen || - esp->es_server.ea_type != EAPT_SRP) - return; - - esp->es_server.ea_requests = 0; - esp->es_server.ea_state = eapSRP4; - esp->es_server.ea_id++; - eap_send_request(esp); -} - -/* - * eap_lowerup - The lower layer is now up. - * - * This is called before either eap_authpeer or eap_authwithpeer. See - * link_established() in auth.c. All that's necessary here is to - * return to closed state so that those two routines will do the right - * thing. - */ -static void -eap_lowerup(unit) -int unit; -{ - eap_state *esp = &eap_states[unit]; - - /* Discard any (possibly authenticated) peer name. */ - if (esp->es_server.ea_peer != NULL && - esp->es_server.ea_peer != remote_name) - free(esp->es_server.ea_peer); - esp->es_server.ea_peer = NULL; - if (esp->es_client.ea_peer != NULL) - free(esp->es_client.ea_peer); - esp->es_client.ea_peer = NULL; - - esp->es_client.ea_state = eapClosed; - esp->es_server.ea_state = eapClosed; -} - -/* - * eap_lowerdown - The lower layer is now down. - * - * Cancel all timeouts and return to initial state. - */ -static void -eap_lowerdown(unit) -int unit; -{ - eap_state *esp = &eap_states[unit]; - - if (eap_client_active(esp) && esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - } - if (eap_server_active(esp)) { - if (esp->es_server.ea_timeout > 0) { - UNTIMEOUT(eap_server_timeout, (void *)esp); - } - } else { - if ((esp->es_server.ea_state == eapOpen || - esp->es_server.ea_state == eapSRP4) && - esp->es_rechallenge > 0) { - UNTIMEOUT(eap_rechallenge, (void *)esp); - } - if (esp->es_server.ea_state == eapOpen && - esp->es_lwrechallenge > 0) { - UNTIMEOUT(srp_lwrechallenge, (void *)esp); - } - } - - esp->es_client.ea_state = esp->es_server.ea_state = eapInitial; - esp->es_client.ea_requests = esp->es_server.ea_requests = 0; -} - -/* - * eap_protrej - Peer doesn't speak this protocol. - * - * This shouldn't happen. If it does, it represents authentication - * failure. - */ -static void -eap_protrej(unit) -int unit; -{ - eap_state *esp = &eap_states[unit]; - - if (eap_client_active(esp)) { - error("EAP authentication failed due to Protocol-Reject"); - auth_withpeer_fail(unit, PPP_EAP); - } - if (eap_server_active(esp)) { - error("EAP authentication of peer failed on Protocol-Reject"); - auth_peer_fail(unit, PPP_EAP); - } - eap_lowerdown(unit); -} - -/* - * Format and send a regular EAP Response message. - */ -static void -eap_send_response(esp, id, typenum, str, lenstr) -eap_state *esp; -u_char id; -u_char typenum; -u_char *str; -int lenstr; -{ - u_char *outp; - int msglen; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_RESPONSE, outp); - PUTCHAR(id, outp); - esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + sizeof (u_char) + lenstr; - PUTSHORT(msglen, outp); - PUTCHAR(typenum, outp); - if (lenstr > 0) { - BCOPY(str, outp, lenstr); - } - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); -} - -/* - * Format and send an MD5-Challenge EAP Response message. - */ -static void -eap_chap_response(esp, id, hash, name, namelen) -eap_state *esp; -u_char id; -u_char *hash; -char *name; -int namelen; -{ - u_char *outp; - int msglen; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_RESPONSE, outp); - PUTCHAR(id, outp); - esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE + - namelen; - PUTSHORT(msglen, outp); - PUTCHAR(EAPT_MD5CHAP, outp); - PUTCHAR(MD5_SIGNATURE_SIZE, outp); - BCOPY(hash, outp, MD5_SIGNATURE_SIZE); - INCPTR(MD5_SIGNATURE_SIZE, outp); - if (namelen > 0) { - BCOPY(name, outp, namelen); - } - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); -} - -#ifdef USE_SRP -/* - * Format and send a SRP EAP Response message. - */ -static void -eap_srp_response(esp, id, subtypenum, str, lenstr) -eap_state *esp; -u_char id; -u_char subtypenum; -u_char *str; -int lenstr; -{ - u_char *outp; - int msglen; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_RESPONSE, outp); - PUTCHAR(id, outp); - esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + lenstr; - PUTSHORT(msglen, outp); - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(subtypenum, outp); - if (lenstr > 0) { - BCOPY(str, outp, lenstr); - } - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); -} - -/* - * Format and send a SRP EAP Client Validator Response message. - */ -static void -eap_srpval_response(esp, id, flags, str) -eap_state *esp; -u_char id; -u_int32_t flags; -u_char *str; -{ - u_char *outp; - int msglen; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_RESPONSE, outp); - PUTCHAR(id, outp); - esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u_int32_t) + - SHA_DIGESTSIZE; - PUTSHORT(msglen, outp); - PUTCHAR(EAPT_SRP, outp); - PUTCHAR(EAPSRP_CVALIDATOR, outp); - PUTLONG(flags, outp); - BCOPY(str, outp, SHA_DIGESTSIZE); - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); -} -#endif /* USE_SRP */ - -static void -eap_send_nak(esp, id, type) -eap_state *esp; -u_char id; -u_char type; -{ - u_char *outp; - int msglen; - - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_EAP); - - PUTCHAR(EAP_RESPONSE, outp); - PUTCHAR(id, outp); - esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + 2 * sizeof (u_char); - PUTSHORT(msglen, outp); - PUTCHAR(EAPT_NAK, outp); - PUTCHAR(type, outp); - - output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); -} - -#ifdef USE_SRP -static char * -name_of_pn_file() -{ - char *user, *path, *file; - struct passwd *pw; - size_t pl; - static bool pnlogged = 0; - - pw = getpwuid(getuid()); - if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) { - errno = EINVAL; - return (NULL); - } - file = _PATH_PSEUDONYM; - pl = strlen(user) + strlen(file) + 2; - path = malloc(pl); - if (path == NULL) - return (NULL); - (void) slprintf(path, pl, "%s/%s", user, file); - if (!pnlogged) { - dbglog("pseudonym file: %s", path); - pnlogged = 1; - } - return (path); -} - -static int -open_pn_file(modebits) -mode_t modebits; -{ - char *path; - int fd, err; - - if ((path = name_of_pn_file()) == NULL) - return (-1); - fd = open(path, modebits, S_IRUSR | S_IWUSR); - err = errno; - free(path); - errno = err; - return (fd); -} - -static void -remove_pn_file() -{ - char *path; - - if ((path = name_of_pn_file()) != NULL) { - (void) unlink(path); - (void) free(path); - } -} - -static void -write_pseudonym(esp, inp, len, id) -eap_state *esp; -u_char *inp; -int len, id; -{ - u_char val; - u_char *datp, *digp; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; - int dsize, fd, olen = len; - - /* - * Do the decoding by working backwards. This eliminates the need - * to save the decoded output in a separate buffer. - */ - val = id; - while (len > 0) { - if ((dsize = len % SHA_DIGESTSIZE) == 0) - dsize = SHA_DIGESTSIZE; - len -= dsize; - datp = inp + len; - SHA1Init(&ctxt); - SHA1Update(&ctxt, &val, 1); - SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN); - if (len > 0) { - SHA1Update(&ctxt, datp, SHA_DIGESTSIZE); - } else { - SHA1Update(&ctxt, esp->es_client.ea_name, - esp->es_client.ea_namelen); - } - SHA1Final(dig, &ctxt); - for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++) - *datp++ ^= *digp; - } - - /* Now check that the result is sane */ - if (olen <= 0 || *inp + 1 > olen) { - dbglog("EAP: decoded pseudonym is unusable <%.*B>", olen, inp); - return; - } - - /* Save it away */ - fd = open_pn_file(O_WRONLY | O_CREAT | O_TRUNC); - if (fd < 0) { - dbglog("EAP: error saving pseudonym: %m"); - return; - } - len = write(fd, inp + 1, *inp); - if (close(fd) != -1 && len == *inp) { - dbglog("EAP: saved pseudonym"); - esp->es_usedpseudo = 0; - } else { - dbglog("EAP: failed to save pseudonym"); - remove_pn_file(); - } -} -#endif /* USE_SRP */ - -/* - * eap_request - Receive EAP Request message (client mode). - */ -static void -eap_request(esp, inp, id, len) -eap_state *esp; -u_char *inp; -int id; -int len; -{ - u_char typenum; - u_char vallen; - int secret_len; - char secret[MAXWORDLEN]; - char rhostname[256]; - MD5_CTX mdContext; - u_char hash[MD5_SIGNATURE_SIZE]; -#ifdef USE_SRP - struct t_client *tc; - struct t_num sval, gval, Nval, *Ap, Bval; - u_char vals[2]; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; - int fd; -#endif /* USE_SRP */ - - /* - * Note: we update es_client.ea_id *only if* a Response - * message is being generated. Otherwise, we leave it the - * same for duplicate detection purposes. - */ - - esp->es_client.ea_requests++; - if (esp->es_client.ea_maxrequests != 0 && - esp->es_client.ea_requests > esp->es_client.ea_maxrequests) { - info("EAP: received too many Request messages"); - if (esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - } - auth_withpeer_fail(esp->es_unit, PPP_EAP); - return; - } - - if (len <= 0) { - error("EAP: empty Request message discarded"); - return; - } - - GETCHAR(typenum, inp); - len--; - - switch (typenum) { - case EAPT_IDENTITY: - if (len > 0) - info("EAP: Identity prompt \"%.*q\"", len, inp); -#ifdef USE_SRP - if (esp->es_usepseudo && - (esp->es_usedpseudo == 0 || - (esp->es_usedpseudo == 1 && - id == esp->es_client.ea_id))) { - esp->es_usedpseudo = 1; - /* Try to get a pseudonym */ - if ((fd = open_pn_file(O_RDONLY)) >= 0) { - strcpy(rhostname, SRP_PSEUDO_ID); - len = read(fd, rhostname + SRP_PSEUDO_LEN, - sizeof (rhostname) - SRP_PSEUDO_LEN); - /* XXX NAI unsupported */ - if (len > 0) { - eap_send_response(esp, id, typenum, - rhostname, len + SRP_PSEUDO_LEN); - } - (void) close(fd); - if (len > 0) - break; - } - } - /* Stop using pseudonym now. */ - if (esp->es_usepseudo && esp->es_usedpseudo != 2) { - remove_pn_file(); - esp->es_usedpseudo = 2; - } -#endif /* USE_SRP */ - eap_send_response(esp, id, typenum, esp->es_client.ea_name, - esp->es_client.ea_namelen); - break; - - case EAPT_NOTIFICATION: - if (len > 0) - info("EAP: Notification \"%.*q\"", len, inp); - eap_send_response(esp, id, typenum, NULL, 0); - break; - - case EAPT_NAK: - /* - * Avoid the temptation to send Response Nak in reply - * to Request Nak here. It can only lead to trouble. - */ - warn("EAP: unexpected Nak in Request; ignored"); - /* Return because we're waiting for something real. */ - return; - - case EAPT_MD5CHAP: - if (len < 1) { - error("EAP: received MD5-Challenge with no data"); - /* Bogus request; wait for something real. */ - return; - } - GETCHAR(vallen, inp); - len--; - if (vallen < 8 || vallen > len) { - error("EAP: MD5-Challenge with bad length %d (8..%d)", - vallen, len); - /* Try something better. */ - eap_send_nak(esp, id, EAPT_SRP); - break; - } - - /* Not so likely to happen. */ - if (vallen >= len + sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; - } else { - BCOPY(inp + vallen, rhostname, len - vallen); - rhostname[len - vallen] = '\0'; - } - - /* In case the remote doesn't give us his name. */ - if (explicit_remote || - (remote_name[0] != '\0' && vallen == len)) - strlcpy(rhostname, remote_name, sizeof (rhostname)); - - /* - * Get the secret for authenticating ourselves with - * the specified host. - */ - if (!get_secret(esp->es_unit, esp->es_client.ea_name, - rhostname, secret, &secret_len, 0)) { - dbglog("EAP: no MD5 secret for auth to %q", rhostname); - eap_send_nak(esp, id, EAPT_SRP); - break; - } - MD5_Init(&mdContext); - typenum = id; - MD5_Update(&mdContext, &typenum, 1); - MD5_Update(&mdContext, secret, secret_len); - BZERO(secret, sizeof (secret)); - MD5_Update(&mdContext, inp, vallen); - MD5_Final(hash, &mdContext); - eap_chap_response(esp, id, hash, esp->es_client.ea_name, - esp->es_client.ea_namelen); - break; - -#ifdef USE_SRP - case EAPT_SRP: - if (len < 1) { - error("EAP: received empty SRP Request"); - /* Bogus request; wait for something real. */ - return; - } - - /* Get subtype */ - GETCHAR(vallen, inp); - len--; - switch (vallen) { - case EAPSRP_CHALLENGE: - tc = NULL; - if (esp->es_client.ea_session != NULL) { - tc = (struct t_client *)esp->es_client. - ea_session; - /* - * If this is a new challenge, then start - * over with a new client session context. - * Otherwise, just resend last response. - */ - if (id != esp->es_client.ea_id) { - t_clientclose(tc); - esp->es_client.ea_session = NULL; - tc = NULL; - } - } - /* No session key just yet */ - esp->es_client.ea_skey = NULL; - if (tc == NULL) { - GETCHAR(vallen, inp); - len--; - if (vallen >= len) { - error("EAP: badly-formed SRP Challenge" - " (name)"); - /* Ignore badly-formed messages */ - return; - } - BCOPY(inp, rhostname, vallen); - rhostname[vallen] = '\0'; - INCPTR(vallen, inp); - len -= vallen; - - /* - * In case the remote doesn't give us his name, - * use configured name. - */ - if (explicit_remote || - (remote_name[0] != '\0' && vallen == 0)) { - strlcpy(rhostname, remote_name, - sizeof (rhostname)); - } - - if (esp->es_client.ea_peer != NULL) - free(esp->es_client.ea_peer); - esp->es_client.ea_peer = strdup(rhostname); - esp->es_client.ea_peerlen = strlen(rhostname); - - GETCHAR(vallen, inp); - len--; - if (vallen >= len) { - error("EAP: badly-formed SRP Challenge" - " (s)"); - /* Ignore badly-formed messages */ - return; - } - sval.data = inp; - sval.len = vallen; - INCPTR(vallen, inp); - len -= vallen; - - GETCHAR(vallen, inp); - len--; - if (vallen > len) { - error("EAP: badly-formed SRP Challenge" - " (g)"); - /* Ignore badly-formed messages */ - return; - } - /* If no generator present, then use value 2 */ - if (vallen == 0) { - gval.data = (u_char *)"\002"; - gval.len = 1; - } else { - gval.data = inp; - gval.len = vallen; - } - INCPTR(vallen, inp); - len -= vallen; - - /* - * If no modulus present, then use well-known - * value. - */ - if (len == 0) { - Nval.data = (u_char *)wkmodulus; - Nval.len = sizeof (wkmodulus); - } else { - Nval.data = inp; - Nval.len = len; - } - tc = t_clientopen(esp->es_client.ea_name, - &Nval, &gval, &sval); - if (tc == NULL) { - eap_send_nak(esp, id, EAPT_MD5CHAP); - break; - } - esp->es_client.ea_session = (void *)tc; - - /* Add Challenge ID & type to verifier */ - vals[0] = id; - vals[1] = EAPT_SRP; - t_clientaddexdata(tc, vals, 2); - } - Ap = t_clientgenexp(tc); - eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data, - Ap->len); - break; - - case EAPSRP_SKEY: - tc = (struct t_client *)esp->es_client.ea_session; - if (tc == NULL) { - warn("EAP: peer sent Subtype 2 without 1"); - eap_send_nak(esp, id, EAPT_MD5CHAP); - break; - } - if (esp->es_client.ea_skey != NULL) { - /* - * ID number should not change here. Warn - * if it does (but otherwise ignore). - */ - if (id != esp->es_client.ea_id) { - warn("EAP: ID changed from %d to %d " - "in SRP Subtype 2 rexmit", - esp->es_client.ea_id, id); - } - } else { - if (get_srp_secret(esp->es_unit, - esp->es_client.ea_name, - esp->es_client.ea_peer, secret, 0) == 0) { - /* - * Can't work with this peer because - * the secret is missing. Just give - * up. - */ - eap_send_nak(esp, id, EAPT_MD5CHAP); - break; - } - Bval.data = inp; - Bval.len = len; - t_clientpasswd(tc, secret); - BZERO(secret, sizeof (secret)); - esp->es_client.ea_skey = - t_clientgetkey(tc, &Bval); - if (esp->es_client.ea_skey == NULL) { - /* Server is rogue; stop now */ - error("EAP: SRP server is rogue"); - goto client_failure; - } - } - eap_srpval_response(esp, id, SRPVAL_EBIT, - t_clientresponse(tc)); - break; - - case EAPSRP_SVALIDATOR: - tc = (struct t_client *)esp->es_client.ea_session; - if (tc == NULL || esp->es_client.ea_skey == NULL) { - warn("EAP: peer sent Subtype 3 without 1/2"); - eap_send_nak(esp, id, EAPT_MD5CHAP); - break; - } - /* - * If we're already open, then this ought to be a - * duplicate. Otherwise, check that the server is - * who we think it is. - */ - if (esp->es_client.ea_state == eapOpen) { - if (id != esp->es_client.ea_id) { - warn("EAP: ID changed from %d to %d " - "in SRP Subtype 3 rexmit", - esp->es_client.ea_id, id); - } - } else { - len -= sizeof (u_int32_t) + SHA_DIGESTSIZE; - if (len < 0 || t_clientverify(tc, inp + - sizeof (u_int32_t)) != 0) { - error("EAP: SRP server verification " - "failed"); - goto client_failure; - } - GETLONG(esp->es_client.ea_keyflags, inp); - /* Save pseudonym if user wants it. */ - if (len > 0 && esp->es_usepseudo) { - INCPTR(SHA_DIGESTSIZE, inp); - write_pseudonym(esp, inp, len, id); - } - } - /* - * We've verified our peer. We're now mostly done, - * except for waiting on the regular EAP Success - * message. - */ - eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0); - break; - - case EAPSRP_LWRECHALLENGE: - if (len < 4) { - warn("EAP: malformed Lightweight rechallenge"); - return; - } - SHA1Init(&ctxt); - vals[0] = id; - SHA1Update(&ctxt, vals, 1); - SHA1Update(&ctxt, esp->es_client.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, inp, len); - SHA1Update(&ctxt, esp->es_client.ea_name, - esp->es_client.ea_namelen); - SHA1Final(dig, &ctxt); - eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, - SHA_DIGESTSIZE); - break; - - default: - error("EAP: unknown SRP Subtype %d", vallen); - eap_send_nak(esp, id, EAPT_MD5CHAP); - break; - } - break; -#endif /* USE_SRP */ - - default: - info("EAP: unknown authentication type %d; Naking", typenum); - eap_send_nak(esp, id, EAPT_SRP); - break; - } - - if (esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - TIMEOUT(eap_client_timeout, (void *)esp, - esp->es_client.ea_timeout); - } - return; - -#ifdef USE_SRP -client_failure: - esp->es_client.ea_state = eapBadAuth; - if (esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - } - esp->es_client.ea_session = NULL; - t_clientclose(tc); - auth_withpeer_fail(esp->es_unit, PPP_EAP); -#endif /* USE_SRP */ -} - -/* - * eap_response - Receive EAP Response message (server mode). - */ -static void -eap_response(esp, inp, id, len) -eap_state *esp; -u_char *inp; -int id; -int len; -{ - u_char typenum; - u_char vallen; - int secret_len; - char secret[MAXSECRETLEN]; - char rhostname[256]; - MD5_CTX mdContext; - u_char hash[MD5_SIGNATURE_SIZE]; -#ifdef USE_SRP - struct t_server *ts; - struct t_num A; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; -#endif /* USE_SRP */ - - if (esp->es_server.ea_id != id) { - dbglog("EAP: discarding Response %d; expected ID %d", id, - esp->es_server.ea_id); - return; - } - - esp->es_server.ea_responses++; - - if (len <= 0) { - error("EAP: empty Response message discarded"); - return; - } - - GETCHAR(typenum, inp); - len--; - - switch (typenum) { - case EAPT_IDENTITY: - if (esp->es_server.ea_state != eapIdentify) { - dbglog("EAP discarding unwanted Identify \"%.q\"", len, - inp); - break; - } - info("EAP: unauthenticated peer name \"%.*q\"", len, inp); - if (esp->es_server.ea_peer != NULL && - esp->es_server.ea_peer != remote_name) - free(esp->es_server.ea_peer); - esp->es_server.ea_peer = malloc(len + 1); - if (esp->es_server.ea_peer == NULL) { - esp->es_server.ea_peerlen = 0; - eap_figure_next_state(esp, 1); - break; - } - BCOPY(inp, esp->es_server.ea_peer, len); - esp->es_server.ea_peer[len] = '\0'; - esp->es_server.ea_peerlen = len; - eap_figure_next_state(esp, 0); - break; - - case EAPT_NOTIFICATION: - dbglog("EAP unexpected Notification; response discarded"); - break; - - case EAPT_NAK: - if (len < 1) { - info("EAP: Nak Response with no suggested protocol"); - eap_figure_next_state(esp, 1); - break; - } - - GETCHAR(vallen, inp); - len--; - - if (!explicit_remote && esp->es_server.ea_state == eapIdentify){ - /* Peer cannot Nak Identify Request */ - eap_figure_next_state(esp, 1); - break; - } - - switch (vallen) { - case EAPT_SRP: - /* Run through SRP validator selection again. */ - esp->es_server.ea_state = eapIdentify; - eap_figure_next_state(esp, 0); - break; - - case EAPT_MD5CHAP: - esp->es_server.ea_state = eapMD5Chall; - break; - - default: - dbglog("EAP: peer requesting unknown Type %d", vallen); - switch (esp->es_server.ea_state) { - case eapSRP1: - case eapSRP2: - case eapSRP3: - esp->es_server.ea_state = eapMD5Chall; - break; - case eapMD5Chall: - case eapSRP4: - esp->es_server.ea_state = eapIdentify; - eap_figure_next_state(esp, 0); - break; - default: - break; - } - break; - } - break; - - case EAPT_MD5CHAP: - if (esp->es_server.ea_state != eapMD5Chall) { - error("EAP: unexpected MD5-Response"); - eap_figure_next_state(esp, 1); - break; - } - if (len < 1) { - error("EAP: received MD5-Response with no data"); - eap_figure_next_state(esp, 1); - break; - } - GETCHAR(vallen, inp); - len--; - if (vallen != 16 || vallen > len) { - error("EAP: MD5-Response with bad length %d", vallen); - eap_figure_next_state(esp, 1); - break; - } - - /* Not so likely to happen. */ - if (vallen >= len + sizeof (rhostname)) { - dbglog("EAP: trimming really long peer name down"); - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); - rhostname[sizeof (rhostname) - 1] = '\0'; - } else { - BCOPY(inp + vallen, rhostname, len - vallen); - rhostname[len - vallen] = '\0'; - } - - /* In case the remote doesn't give us his name. */ - if (explicit_remote || - (remote_name[0] != '\0' && vallen == len)) - strlcpy(rhostname, remote_name, sizeof (rhostname)); - - /* - * Get the secret for authenticating the specified - * host. - */ - if (!get_secret(esp->es_unit, rhostname, - esp->es_server.ea_name, secret, &secret_len, 1)) { - dbglog("EAP: no MD5 secret for auth of %q", rhostname); - eap_send_failure(esp); - break; - } - MD5_Init(&mdContext); - MD5_Update(&mdContext, &esp->es_server.ea_id, 1); - MD5_Update(&mdContext, secret, secret_len); - BZERO(secret, sizeof (secret)); - MD5_Update(&mdContext, esp->es_challenge, esp->es_challen); - MD5_Final(hash, &mdContext); - if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { - eap_send_failure(esp); - break; - } - esp->es_server.ea_type = EAPT_MD5CHAP; - eap_send_success(esp); - eap_figure_next_state(esp, 0); - if (esp->es_rechallenge != 0) - TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); - break; - -#ifdef USE_SRP - case EAPT_SRP: - if (len < 1) { - error("EAP: empty SRP Response"); - eap_figure_next_state(esp, 1); - break; - } - GETCHAR(typenum, inp); - len--; - switch (typenum) { - case EAPSRP_CKEY: - if (esp->es_server.ea_state != eapSRP1) { - error("EAP: unexpected SRP Subtype 1 Response"); - eap_figure_next_state(esp, 1); - break; - } - A.data = inp; - A.len = len; - ts = (struct t_server *)esp->es_server.ea_session; - assert(ts != NULL); - esp->es_server.ea_skey = t_servergetkey(ts, &A); - if (esp->es_server.ea_skey == NULL) { - /* Client's A value is bogus; terminate now */ - error("EAP: bogus A value from client"); - eap_send_failure(esp); - } else { - eap_figure_next_state(esp, 0); - } - break; - - case EAPSRP_CVALIDATOR: - if (esp->es_server.ea_state != eapSRP2) { - error("EAP: unexpected SRP Subtype 2 Response"); - eap_figure_next_state(esp, 1); - break; - } - if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) { - error("EAP: M1 length %d < %d", len, - sizeof (u_int32_t) + SHA_DIGESTSIZE); - eap_figure_next_state(esp, 1); - break; - } - GETLONG(esp->es_server.ea_keyflags, inp); - ts = (struct t_server *)esp->es_server.ea_session; - assert(ts != NULL); - if (t_serververify(ts, inp)) { - info("EAP: unable to validate client identity"); - eap_send_failure(esp); - break; - } - eap_figure_next_state(esp, 0); - break; - - case EAPSRP_ACK: - if (esp->es_server.ea_state != eapSRP3) { - error("EAP: unexpected SRP Subtype 3 Response"); - eap_send_failure(esp); - break; - } - esp->es_server.ea_type = EAPT_SRP; - eap_send_success(esp); - eap_figure_next_state(esp, 0); - if (esp->es_rechallenge != 0) - TIMEOUT(eap_rechallenge, esp, - esp->es_rechallenge); - if (esp->es_lwrechallenge != 0) - TIMEOUT(srp_lwrechallenge, esp, - esp->es_lwrechallenge); - break; - - case EAPSRP_LWRECHALLENGE: - if (esp->es_server.ea_state != eapSRP4) { - info("EAP: unexpected SRP Subtype 4 Response"); - return; - } - if (len != SHA_DIGESTSIZE) { - error("EAP: bad Lightweight rechallenge " - "response"); - return; - } - SHA1Init(&ctxt); - vallen = id; - SHA1Update(&ctxt, &vallen, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, esp->es_challenge, esp->es_challen); - SHA1Update(&ctxt, esp->es_server.ea_peer, - esp->es_server.ea_peerlen); - SHA1Final(dig, &ctxt); - if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) { - error("EAP: failed Lightweight rechallenge"); - eap_send_failure(esp); - break; - } - esp->es_server.ea_state = eapOpen; - if (esp->es_lwrechallenge != 0) - TIMEOUT(srp_lwrechallenge, esp, - esp->es_lwrechallenge); - break; - } - break; -#endif /* USE_SRP */ - - default: - /* This can't happen. */ - error("EAP: unknown Response type %d; ignored", typenum); - return; - } - - if (esp->es_server.ea_timeout > 0) { - UNTIMEOUT(eap_server_timeout, (void *)esp); - } - - if (esp->es_server.ea_state != eapBadAuth && - esp->es_server.ea_state != eapOpen) { - esp->es_server.ea_id++; - eap_send_request(esp); - } -} - -/* - * eap_success - Receive EAP Success message (client mode). - */ -static void -eap_success(esp, inp, id, len) -eap_state *esp; -u_char *inp; -int id; -int len; -{ - if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp)) { - dbglog("EAP unexpected success message in state %s (%d)", - eap_state_name(esp->es_client.ea_state), - esp->es_client.ea_state); - return; - } - - if (esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - } - - if (len > 0) { - /* This is odd. The spec doesn't allow for this. */ - PRINTMSG(inp, len); - } - - esp->es_client.ea_state = eapOpen; - auth_withpeer_success(esp->es_unit, PPP_EAP, 0); -} - -/* - * eap_failure - Receive EAP Failure message (client mode). - */ -static void -eap_failure(esp, inp, id, len) -eap_state *esp; -u_char *inp; -int id; -int len; -{ - if (!eap_client_active(esp)) { - dbglog("EAP unexpected failure message in state %s (%d)", - eap_state_name(esp->es_client.ea_state), - esp->es_client.ea_state); - } - - if (esp->es_client.ea_timeout > 0) { - UNTIMEOUT(eap_client_timeout, (void *)esp); - } - - if (len > 0) { - /* This is odd. The spec doesn't allow for this. */ - PRINTMSG(inp, len); - } - - esp->es_client.ea_state = eapBadAuth; - - error("EAP: peer reports authentication failure"); - auth_withpeer_fail(esp->es_unit, PPP_EAP); -} - -/* - * eap_input - Handle received EAP message. - */ -static void -eap_input(unit, inp, inlen) -int unit; -u_char *inp; -int inlen; -{ - eap_state *esp = &eap_states[unit]; - u_char code, id; - int len; - - /* - * Parse header (code, id and length). If packet too short, - * drop it. - */ - if (inlen < EAP_HEADERLEN) { - error("EAP: packet too short: %d < %d", inlen, EAP_HEADERLEN); - return; - } - GETCHAR(code, inp); - GETCHAR(id, inp); - GETSHORT(len, inp); - if (len < EAP_HEADERLEN || len > inlen) { - error("EAP: packet has illegal length field %d (%d..%d)", len, - EAP_HEADERLEN, inlen); - return; - } - len -= EAP_HEADERLEN; - - /* Dispatch based on message code */ - switch (code) { - case EAP_REQUEST: - eap_request(esp, inp, id, len); - break; - - case EAP_RESPONSE: - eap_response(esp, inp, id, len); - break; - - case EAP_SUCCESS: - eap_success(esp, inp, id, len); - break; - - case EAP_FAILURE: - eap_failure(esp, inp, id, len); - break; - - default: /* XXX Need code reject */ - /* Note: it's not legal to send EAP Nak here. */ - warn("EAP: unknown code %d received", code); - break; - } -} - -/* - * eap_printpkt - print the contents of an EAP packet. - */ -static char *eap_codenames[] = { - "Request", "Response", "Success", "Failure" -}; - -static char *eap_typenames[] = { - "Identity", "Notification", "Nak", "MD5-Challenge", - "OTP", "Generic-Token", NULL, NULL, - "RSA", "DSS", "KEA", "KEA-Validate", - "TLS", "Defender", "Windows 2000", "Arcot", - "Cisco", "Nokia", "SRP" -}; - -static int -eap_printpkt(inp, inlen, printer, arg) -u_char *inp; -int inlen; -void (*printer) __P((void *, char *, ...)); -void *arg; -{ - int code, id, len, rtype, vallen; - u_char *pstart; - u_int32_t uval; - - if (inlen < EAP_HEADERLEN) - return (0); - pstart = inp; - GETCHAR(code, inp); - GETCHAR(id, inp); - GETSHORT(len, inp); - if (len < EAP_HEADERLEN || len > inlen) - return (0); - - if (code >= 1 && code <= sizeof(eap_codenames) / sizeof(char *)) - printer(arg, " %s", eap_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= EAP_HEADERLEN; - switch (code) { - case EAP_REQUEST: - if (len < 1) { - printer(arg, " "); - break; - } - GETCHAR(rtype, inp); - len--; - if (rtype >= 1 && - rtype <= sizeof (eap_typenames) / sizeof (char *)) - printer(arg, " %s", eap_typenames[rtype-1]); - else - printer(arg, " type=0x%x", rtype); - switch (rtype) { - case EAPT_IDENTITY: - case EAPT_NOTIFICATION: - if (len > 0) { - printer(arg, " "); - INCPTR(len, inp); - len = 0; - } else { - printer(arg, " "); - } - break; - - case EAPT_MD5CHAP: - if (len <= 0) - break; - GETCHAR(vallen, inp); - len--; - if (vallen > len) - goto truncated; - printer(arg, " ", vallen, inp); - INCPTR(vallen, inp); - len -= vallen; - if (len > 0) { - printer(arg, " "); - INCPTR(len, inp); - len = 0; - } else { - printer(arg, " "); - } - break; - - case EAPT_SRP: - if (len < 3) - goto truncated; - GETCHAR(vallen, inp); - len--; - printer(arg, "-%d", vallen); - switch (vallen) { - case EAPSRP_CHALLENGE: - GETCHAR(vallen, inp); - len--; - if (vallen >= len) - goto truncated; - if (vallen > 0) { - printer(arg, " "); - } else { - printer(arg, " "); - } - INCPTR(vallen, inp); - len -= vallen; - GETCHAR(vallen, inp); - len--; - if (vallen >= len) - goto truncated; - printer(arg, " ", vallen, inp); - INCPTR(vallen, inp); - len -= vallen; - GETCHAR(vallen, inp); - len--; - if (vallen > len) - goto truncated; - if (vallen == 0) { - printer(arg, " "); - } else { - printer(arg, " ", vallen, inp); - } - INCPTR(vallen, inp); - len -= vallen; - if (len == 0) { - printer(arg, " "); - } else { - printer(arg, " ", len, inp); - INCPTR(len, inp); - len = 0; - } - break; - - case EAPSRP_SKEY: - printer(arg, " ", len, inp); - INCPTR(len, inp); - len = 0; - break; - - case EAPSRP_SVALIDATOR: - if (len < sizeof (u_int32_t)) - break; - GETLONG(uval, inp); - len -= sizeof (u_int32_t); - if (uval & SRPVAL_EBIT) { - printer(arg, " E"); - uval &= ~SRPVAL_EBIT; - } - if (uval != 0) { - printer(arg, " f<%X>", uval); - } - if ((vallen = len) > SHA_DIGESTSIZE) - vallen = SHA_DIGESTSIZE; - printer(arg, " ", len, inp, - len < SHA_DIGESTSIZE ? "?" : ""); - INCPTR(vallen, inp); - len -= vallen; - if (len > 0) { - printer(arg, " ", len, inp); - INCPTR(len, inp); - len = 0; - } - break; - - case EAPSRP_LWRECHALLENGE: - printer(arg, " ", len, inp); - INCPTR(len, inp); - len = 0; - break; - } - break; - } - break; - - case EAP_RESPONSE: - if (len < 1) - break; - GETCHAR(rtype, inp); - len--; - if (rtype >= 1 && - rtype <= sizeof (eap_typenames) / sizeof (char *)) - printer(arg, " %s", eap_typenames[rtype-1]); - else - printer(arg, " type=0x%x", rtype); - switch (rtype) { - case EAPT_IDENTITY: - if (len > 0) { - printer(arg, " "); - INCPTR(len, inp); - len = 0; - } - break; - - case EAPT_NAK: - if (len <= 0) { - printer(arg, " "); - break; - } - GETCHAR(rtype, inp); - len--; - printer(arg, " = 1 && - rtype < sizeof (eap_typenames) / sizeof (char *)) - printer(arg, " (%s)", eap_typenames[rtype-1]); - printer(arg, ">"); - break; - - case EAPT_MD5CHAP: - if (len <= 0) { - printer(arg, " "); - break; - } - GETCHAR(vallen, inp); - len--; - if (vallen > len) - goto truncated; - printer(arg, " ", vallen, inp); - INCPTR(vallen, inp); - len -= vallen; - if (len > 0) { - printer(arg, " "); - INCPTR(len, inp); - len = 0; - } else { - printer(arg, " "); - } - break; - - case EAPT_SRP: - if (len < 1) - goto truncated; - GETCHAR(vallen, inp); - len--; - printer(arg, "-%d", vallen); - switch (vallen) { - case EAPSRP_CKEY: - printer(arg, " ", len, inp); - INCPTR(len, inp); - len = 0; - break; - - case EAPSRP_CVALIDATOR: - if (len < sizeof (u_int32_t)) - break; - GETLONG(uval, inp); - len -= sizeof (u_int32_t); - if (uval & SRPVAL_EBIT) { - printer(arg, " E"); - uval &= ~SRPVAL_EBIT; - } - if (uval != 0) { - printer(arg, " f<%X>", uval); - } - printer(arg, " ", len, inp, - len == SHA_DIGESTSIZE ? "" : "?"); - INCPTR(len, inp); - len = 0; - break; - - case EAPSRP_ACK: - break; - - case EAPSRP_LWRECHALLENGE: - printer(arg, " ", len, inp, - len == SHA_DIGESTSIZE ? "" : "?"); - if ((vallen = len) > SHA_DIGESTSIZE) - vallen = SHA_DIGESTSIZE; - INCPTR(vallen, inp); - len -= vallen; - break; - } - break; - } - break; - - case EAP_SUCCESS: /* No payload expected for these! */ - case EAP_FAILURE: - break; - - truncated: - printer(arg, " "); - break; - } - - if (len > 8) - printer(arg, "%8B...", inp); - else if (len > 0) - printer(arg, "%.*B", len, inp); - INCPTR(len, inp); - - return (inp - pstart); -} diff --git a/pppd/eap.h b/pppd/eap.h deleted file mode 100644 index 199d184..0000000 --- a/pppd/eap.h +++ /dev/null @@ -1,158 +0,0 @@ -/* - * eap.h - Extensible Authentication Protocol for PPP (RFC 2284) - * - * Copyright (c) 2001 by Sun Microsystems, Inc. - * All rights reserved. - * - * Non-exclusive rights to redistribute, modify, translate, and use - * this software in source and binary forms, in whole or in part, is - * hereby granted, provided that the above copyright notice is - * duplicated in any source form, and that neither the name of the - * copyright holder nor the author is used to endorse or promote - * products derived from this software. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Original version by James Carlson - * - * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $ - */ - -#ifndef PPP_EAP_H -#define PPP_EAP_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Packet header = Code, id, length. - */ -#define EAP_HEADERLEN 4 - - -/* EAP message codes. */ -#define EAP_REQUEST 1 -#define EAP_RESPONSE 2 -#define EAP_SUCCESS 3 -#define EAP_FAILURE 4 - -/* EAP types */ -#define EAPT_IDENTITY 1 -#define EAPT_NOTIFICATION 2 -#define EAPT_NAK 3 /* (response only) */ -#define EAPT_MD5CHAP 4 -#define EAPT_OTP 5 /* One-Time Password; RFC 1938 */ -#define EAPT_TOKEN 6 /* Generic Token Card */ -/* 7 and 8 are unassigned. */ -#define EAPT_RSA 9 /* RSA Public Key Authentication */ -#define EAPT_DSS 10 /* DSS Unilateral */ -#define EAPT_KEA 11 /* KEA */ -#define EAPT_KEA_VALIDATE 12 /* KEA-VALIDATE */ -#define EAPT_TLS 13 /* EAP-TLS */ -#define EAPT_DEFENDER 14 /* Defender Token (AXENT) */ -#define EAPT_W2K 15 /* Windows 2000 EAP */ -#define EAPT_ARCOT 16 /* Arcot Systems */ -#define EAPT_CISCOWIRELESS 17 /* Cisco Wireless */ -#define EAPT_NOKIACARD 18 /* Nokia IP smart card */ -#define EAPT_SRP 19 /* Secure Remote Password */ -/* 20 is deprecated */ - -/* EAP SRP-SHA1 Subtypes */ -#define EAPSRP_CHALLENGE 1 /* Request 1 - Challenge */ -#define EAPSRP_CKEY 1 /* Response 1 - Client Key */ -#define EAPSRP_SKEY 2 /* Request 2 - Server Key */ -#define EAPSRP_CVALIDATOR 2 /* Response 2 - Client Validator */ -#define EAPSRP_SVALIDATOR 3 /* Request 3 - Server Validator */ -#define EAPSRP_ACK 3 /* Response 3 - final ack */ -#define EAPSRP_LWRECHALLENGE 4 /* Req/resp 4 - Lightweight rechal */ - -#define SRPVAL_EBIT 0x00000001 /* Use shared key for ECP */ - -#define SRP_PSEUDO_ID "pseudo_" -#define SRP_PSEUDO_LEN 7 - -#define MD5_SIGNATURE_SIZE 16 -#define MIN_CHALLENGE_LENGTH 16 -#define MAX_CHALLENGE_LENGTH 24 - -enum eap_state_code { - eapInitial = 0, /* No EAP authentication yet requested */ - eapPending, /* Waiting for LCP (no timer) */ - eapClosed, /* Authentication not in use */ - eapListen, /* Client ready (and timer running) */ - eapIdentify, /* EAP Identify sent */ - eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */ - eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */ - eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */ - eapMD5Chall, /* Sent MD5-Challenge */ - eapOpen, /* Completed authentication */ - eapSRP4, /* Sent EAP SRP-SHA1 Subtype 4 */ - eapBadAuth /* Failed authentication */ -}; - -#define EAP_STATES \ - "Initial", "Pending", "Closed", "Listen", "Identify", \ - "SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth" - -#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) -#define eap_server_active(esp) \ - ((esp)->es_server.ea_state >= eapIdentify && \ - (esp)->es_server.ea_state <= eapMD5Chall) - -struct eap_auth { - char *ea_name; /* Our name */ - char *ea_peer; /* Peer's name */ - void *ea_session; /* Authentication library linkage */ - u_char *ea_skey; /* Shared encryption key */ - int ea_timeout; /* Time to wait (for retransmit/fail) */ - int ea_maxrequests; /* Max Requests allowed */ - u_short ea_namelen; /* Length of our name */ - u_short ea_peerlen; /* Length of peer's name */ - enum eap_state_code ea_state; - u_char ea_id; /* Current id */ - u_char ea_requests; /* Number of Requests sent/received */ - u_char ea_responses; /* Number of Responses */ - u_char ea_type; /* One of EAPT_* */ - u_int32_t ea_keyflags; /* SRP shared key usage flags */ -}; - -/* - * Complete EAP state for one PPP session. - */ -typedef struct eap_state { - int es_unit; /* Interface unit number */ - struct eap_auth es_client; /* Client (authenticatee) data */ - struct eap_auth es_server; /* Server (authenticator) data */ - int es_savedtime; /* Saved timeout */ - int es_rechallenge; /* EAP rechallenge interval */ - int es_lwrechallenge; /* SRP lightweight rechallenge inter */ - bool es_usepseudo; /* Use SRP Pseudonym if offered one */ - int es_usedpseudo; /* Set if we already sent PN */ - int es_challen; /* Length of challenge string */ - u_char es_challenge[MAX_CHALLENGE_LENGTH]; -} eap_state; - -/* - * Timeouts. - */ -#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */ -#define EAP_DEFTRANSMITS 10 /* max # times to transmit */ -#define EAP_DEFREQTIME 20 /* Time to wait for peer request */ -#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ - -extern eap_state eap_states[]; - -void eap_authwithpeer __P((int unit, char *localname)); -void eap_authpeer __P((int unit, char *localname)); - -extern struct protent eap_protent; - -#ifdef __cplusplus -} -#endif - -#endif /* PPP_EAP_H */ - diff --git a/pppd/ecp.c b/pppd/ecp.c deleted file mode 100644 index 43964fc..0000000 --- a/pppd/ecp.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * ecp.c - PPP Encryption Control Protocol. - * - * Copyright (c) 2002 The Android Open Source Project - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Derived from ccp.c, which is: - * - * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: ecp.c,v 1.4 2004/11/04 10:02:26 paulus Exp $" - -static const char rcsid[] = RCSID; - -#include - -#include "pppd.h" -#include "fsm.h" -#include "ecp.h" - -static option_t ecp_option_list[] = { - { "noecp", o_bool, &ecp_protent.enabled_flag, - "Disable ECP negotiation" }, - { "-ecp", o_bool, &ecp_protent.enabled_flag, - "Disable ECP negotiation", OPT_ALIAS }, - - { NULL } -}; - -/* - * Protocol entry points from main code. - */ -static void ecp_init __P((int unit)); -/* -static void ecp_open __P((int unit)); -static void ecp_close __P((int unit, char *)); -static void ecp_lowerup __P((int unit)); -static void ecp_lowerdown __P((int)); -static void ecp_input __P((int unit, u_char *pkt, int len)); -static void ecp_protrej __P((int unit)); -*/ -static int ecp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); -/* -static void ecp_datainput __P((int unit, u_char *pkt, int len)); -*/ - -struct protent ecp_protent = { - PPP_ECP, - ecp_init, - NULL, /* ecp_input, */ - NULL, /* ecp_protrej, */ - NULL, /* ecp_lowerup, */ - NULL, /* ecp_lowerdown, */ - NULL, /* ecp_open, */ - NULL, /* ecp_close, */ - ecp_printpkt, - NULL, /* ecp_datainput, */ - 0, - "ECP", - "Encrypted", - ecp_option_list, - NULL, - NULL, - NULL -}; - -fsm ecp_fsm[NUM_PPP]; -ecp_options ecp_wantoptions[NUM_PPP]; /* what to request the peer to use */ -ecp_options ecp_gotoptions[NUM_PPP]; /* what the peer agreed to do */ -ecp_options ecp_allowoptions[NUM_PPP]; /* what we'll agree to do */ -ecp_options ecp_hisoptions[NUM_PPP]; /* what we agreed to do */ - -static fsm_callbacks ecp_callbacks = { - NULL, /* ecp_resetci, */ - NULL, /* ecp_cilen, */ - NULL, /* ecp_addci, */ - NULL, /* ecp_ackci, */ - NULL, /* ecp_nakci, */ - NULL, /* ecp_rejci, */ - NULL, /* ecp_reqci, */ - NULL, /* ecp_up, */ - NULL, /* ecp_down, */ - NULL, - NULL, - NULL, - NULL, - NULL, /* ecp_extcode, */ - "ECP" -}; - -/* - * ecp_init - initialize ECP. - */ -static void -ecp_init(unit) - int unit; -{ - fsm *f = &ecp_fsm[unit]; - - f->unit = unit; - f->protocol = PPP_ECP; - f->callbacks = &ecp_callbacks; - fsm_init(f); - - memset(&ecp_wantoptions[unit], 0, sizeof(ecp_options)); - memset(&ecp_gotoptions[unit], 0, sizeof(ecp_options)); - memset(&ecp_allowoptions[unit], 0, sizeof(ecp_options)); - memset(&ecp_hisoptions[unit], 0, sizeof(ecp_options)); - -} - - -static int -ecp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - return 0; -} - diff --git a/pppd/ecp.h b/pppd/ecp.h deleted file mode 100644 index f02eae2..0000000 --- a/pppd/ecp.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * ecp.h - Definitions for PPP Encryption Control Protocol. - * - * Copyright (c) 2002 The Android Open Source Project - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ecp.h,v 1.2 2003/01/10 07:12:36 fcusack Exp $ - */ - -typedef struct ecp_options { - bool required; /* Is ECP required? */ - unsigned enctype; /* Encryption type */ -} ecp_options; - -extern fsm ecp_fsm[]; -extern ecp_options ecp_wantoptions[]; -extern ecp_options ecp_gotoptions[]; -extern ecp_options ecp_allowoptions[]; -extern ecp_options ecp_hisoptions[]; - -extern struct protent ecp_protent; diff --git a/pppd/eui64.c b/pppd/eui64.c deleted file mode 100644 index d025eff..0000000 --- a/pppd/eui64.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * eui64.c - EUI64 routines for IPv6CP. - * - * Copyright (c) 1999 Tommi Komulainen. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Tommi Komulainen - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: eui64.c,v 1.6 2002/12/04 23:03:32 paulus Exp $ - */ - -#define RCSID "$Id: eui64.c,v 1.6 2002/12/04 23:03:32 paulus Exp $" - -#include "pppd.h" - -static const char rcsid[] = RCSID; - -/* - * eui64_ntoa - Make an ascii representation of an interface identifier - */ -char * -eui64_ntoa(e) - eui64_t e; -{ - static char buf[32]; - - snprintf(buf, 32, "%02x%02x:%02x%02x:%02x%02x:%02x%02x", - e.e8[0], e.e8[1], e.e8[2], e.e8[3], - e.e8[4], e.e8[5], e.e8[6], e.e8[7]); - return buf; -} diff --git a/pppd/eui64.h b/pppd/eui64.h deleted file mode 100644 index 0f6b6fd..0000000 --- a/pppd/eui64.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * eui64.h - EUI64 routines for IPv6CP. - * - * Copyright (c) 1999 Tommi Komulainen. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Tommi Komulainen - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: eui64.h,v 1.6 2002/12/04 23:03:32 paulus Exp $ -*/ - -#ifndef __EUI64_H__ -#define __EUI64_H__ - -#if !defined(INET6) -#error "this file should only be included when INET6 is defined" -#endif /* not defined(INET6) */ - -#if defined(SOL2) -#include - -typedef union { - uint8_t e8[8]; /* lower 64-bit IPv6 address */ - uint32_t e32[2]; /* lower 64-bit IPv6 address */ -} eui64_t; - -/* - * Declare the two below, since in.h only defines them when _KERNEL - * is declared - which shouldn't be true when dealing with user-land programs - */ -#define s6_addr8 _S6_un._S6_u8 -#define s6_addr32 _S6_un._S6_u32 - -#else /* else if not defined(SOL2) */ - -/* - * TODO: - * - * Maybe this should be done by processing struct in6_addr directly... - */ -typedef union -{ - u_int8_t e8[8]; - u_int16_t e16[4]; - u_int32_t e32[2]; -} eui64_t; - -#endif /* defined(SOL2) */ - -#define eui64_iszero(e) (((e).e32[0] | (e).e32[1]) == 0) -#define eui64_equals(e, o) (((e).e32[0] == (o).e32[0]) && \ - ((e).e32[1] == (o).e32[1])) -#define eui64_zero(e) (e).e32[0] = (e).e32[1] = 0; - -#define eui64_copy(s, d) memcpy(&(d), &(s), sizeof(eui64_t)) - -#define eui64_magic(e) do { \ - (e).e32[0] = magic(); \ - (e).e32[1] = magic(); \ - (e).e8[0] &= ~2; \ - } while (0) -#define eui64_magic_nz(x) do { \ - eui64_magic(x); \ - } while (eui64_iszero(x)) -#define eui64_magic_ne(x, y) do { \ - eui64_magic(x); \ - } while (eui64_equals(x, y)) - -#define eui64_get(ll, cp) do { \ - eui64_copy((*cp), (ll)); \ - (cp) += sizeof(eui64_t); \ - } while (0) - -#define eui64_put(ll, cp) do { \ - eui64_copy((ll), (*cp)); \ - (cp) += sizeof(eui64_t); \ - } while (0) - -#define eui64_set32(e, l) do { \ - (e).e32[0] = 0; \ - (e).e32[1] = htonl(l); \ - } while (0) -#define eui64_setlo32(e, l) eui64_set32(e, l) - -char *eui64_ntoa __P((eui64_t)); /* Returns ascii representation of id */ - -#endif /* __EUI64_H__ */ - diff --git a/pppd/fsm.c b/pppd/fsm.c deleted file mode 100644 index c200cc3..0000000 --- a/pppd/fsm.c +++ /dev/null @@ -1,817 +0,0 @@ -/* - * fsm.c - {Link, IP} Control Protocol Finite State Machine. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: fsm.c,v 1.23 2004/11/13 02:28:15 paulus Exp $" - -/* - * TODO: - * Randomize fsm id on link/init. - * Deal with variable outgoing MTU. - */ - -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" - -static const char rcsid[] = RCSID; - -static void fsm_timeout __P((void *)); -static void fsm_rconfreq __P((fsm *, int, u_char *, int)); -static void fsm_rconfack __P((fsm *, int, u_char *, int)); -static void fsm_rconfnakrej __P((fsm *, int, int, u_char *, int)); -static void fsm_rtermreq __P((fsm *, int, u_char *, int)); -static void fsm_rtermack __P((fsm *)); -static void fsm_rcoderej __P((fsm *, u_char *, int)); -static void fsm_sconfreq __P((fsm *, int)); - -#define PROTO_NAME(f) ((f)->callbacks->proto_name) - -int peer_mru[NUM_PPP]; - - -/* - * fsm_init - Initialize fsm. - * - * Initialize fsm state. - */ -void -fsm_init(f) - fsm *f; -{ - f->state = INITIAL; - f->flags = 0; - f->id = 0; /* XXX Start with random id? */ - f->timeouttime = DEFTIMEOUT; - f->maxconfreqtransmits = DEFMAXCONFREQS; - f->maxtermtransmits = DEFMAXTERMREQS; - f->maxnakloops = DEFMAXNAKLOOPS; - f->term_reason_len = 0; -} - - -/* - * fsm_lowerup - The lower layer is up. - */ -void -fsm_lowerup(f) - fsm *f; -{ - switch( f->state ){ - case INITIAL: - f->state = CLOSED; - break; - - case STARTING: - if( f->flags & OPT_SILENT ) - f->state = STOPPED; - else { - /* Send an initial configure-request */ - fsm_sconfreq(f, 0); - f->state = REQSENT; - } - break; - - default: - FSMDEBUG(("%s: Up event in state %d!", PROTO_NAME(f), f->state)); - } -} - - -/* - * fsm_lowerdown - The lower layer is down. - * - * Cancel all timeouts and inform upper layers. - */ -void -fsm_lowerdown(f) - fsm *f; -{ - switch( f->state ){ - case CLOSED: - f->state = INITIAL; - break; - - case STOPPED: - f->state = STARTING; - if( f->callbacks->starting ) - (*f->callbacks->starting)(f); - break; - - case CLOSING: - f->state = INITIAL; - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - break; - - case STOPPING: - case REQSENT: - case ACKRCVD: - case ACKSENT: - f->state = STARTING; - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - break; - - case OPENED: - if( f->callbacks->down ) - (*f->callbacks->down)(f); - f->state = STARTING; - break; - - default: - FSMDEBUG(("%s: Down event in state %d!", PROTO_NAME(f), f->state)); - } -} - - -/* - * fsm_open - Link is allowed to come up. - */ -void -fsm_open(f) - fsm *f; -{ - switch( f->state ){ - case INITIAL: - f->state = STARTING; - if( f->callbacks->starting ) - (*f->callbacks->starting)(f); - break; - - case CLOSED: - if( f->flags & OPT_SILENT ) - f->state = STOPPED; - else { - /* Send an initial configure-request */ - fsm_sconfreq(f, 0); - f->state = REQSENT; - } - break; - - case CLOSING: - f->state = STOPPING; - /* fall through */ - case STOPPED: - case OPENED: - if( f->flags & OPT_RESTART ){ - fsm_lowerdown(f); - fsm_lowerup(f); - } - break; - } -} - -/* - * terminate_layer - Start process of shutting down the FSM - * - * Cancel any timeout running, notify upper layers we're done, and - * send a terminate-request message as configured. - */ -static void -terminate_layer(f, nextstate) - fsm *f; - int nextstate; -{ - if( f->state != OPENED ) - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - else if( f->callbacks->down ) - (*f->callbacks->down)(f); /* Inform upper layers we're down */ - - /* Init restart counter and send Terminate-Request */ - f->retransmits = f->maxtermtransmits; - fsm_sdata(f, TERMREQ, f->reqid = ++f->id, - (u_char *) f->term_reason, f->term_reason_len); - - if (f->retransmits == 0) { - /* - * User asked for no terminate requests at all; just close it. - * We've already fired off one Terminate-Request just to be nice - * to the peer, but we're not going to wait for a reply. - */ - f->state = nextstate == CLOSING ? CLOSED : STOPPED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - return; - } - - TIMEOUT(fsm_timeout, f, f->timeouttime); - --f->retransmits; - - f->state = nextstate; -} - -/* - * fsm_close - Start closing connection. - * - * Cancel timeouts and either initiate close or possibly go directly to - * the CLOSED state. - */ -void -fsm_close(f, reason) - fsm *f; - char *reason; -{ - f->term_reason = reason; - f->term_reason_len = (reason == NULL? 0: strlen(reason)); - switch( f->state ){ - case STARTING: - f->state = INITIAL; - break; - case STOPPED: - f->state = CLOSED; - break; - case STOPPING: - f->state = CLOSING; - break; - - case REQSENT: - case ACKRCVD: - case ACKSENT: - case OPENED: - terminate_layer(f, CLOSING); - break; - } -} - - -/* - * fsm_timeout - Timeout expired. - */ -static void -fsm_timeout(arg) - void *arg; -{ - fsm *f = (fsm *) arg; - - switch (f->state) { - case CLOSING: - case STOPPING: - if( f->retransmits <= 0 ){ - /* - * We've waited for an ack long enough. Peer probably heard us. - */ - f->state = (f->state == CLOSING)? CLOSED: STOPPED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - } else { - /* Send Terminate-Request */ - fsm_sdata(f, TERMREQ, f->reqid = ++f->id, - (u_char *) f->term_reason, f->term_reason_len); - TIMEOUT(fsm_timeout, f, f->timeouttime); - --f->retransmits; - } - break; - - case REQSENT: - case ACKRCVD: - case ACKSENT: - if (f->retransmits <= 0) { - warn("%s: timeout sending Config-Requests\n", PROTO_NAME(f)); - f->state = STOPPED; - if( (f->flags & OPT_PASSIVE) == 0 && f->callbacks->finished ) - (*f->callbacks->finished)(f); - - } else { - /* Retransmit the configure-request */ - if (f->callbacks->retransmit) - (*f->callbacks->retransmit)(f); - fsm_sconfreq(f, 1); /* Re-send Configure-Request */ - if( f->state == ACKRCVD ) - f->state = REQSENT; - } - break; - - default: - FSMDEBUG(("%s: Timeout event in state %d!", PROTO_NAME(f), f->state)); - } -} - - -/* - * fsm_input - Input packet. - */ -void -fsm_input(f, inpacket, l) - fsm *f; - u_char *inpacket; - int l; -{ - u_char *inp; - u_char code, id; - int len; - - /* - * Parse header (code, id and length). - * If packet too short, drop it. - */ - inp = inpacket; - if (l < HEADERLEN) { - FSMDEBUG(("fsm_input(%x): Rcvd short header.", f->protocol)); - return; - } - GETCHAR(code, inp); - GETCHAR(id, inp); - GETSHORT(len, inp); - if (len < HEADERLEN) { - FSMDEBUG(("fsm_input(%x): Rcvd illegal length.", f->protocol)); - return; - } - if (len > l) { - FSMDEBUG(("fsm_input(%x): Rcvd short packet.", f->protocol)); - return; - } - len -= HEADERLEN; /* subtract header length */ - - if( f->state == INITIAL || f->state == STARTING ){ - FSMDEBUG(("fsm_input(%x): Rcvd packet in state %d.", - f->protocol, f->state)); - return; - } - - /* - * Action depends on code. - */ - switch (code) { - case CONFREQ: - fsm_rconfreq(f, id, inp, len); - break; - - case CONFACK: - fsm_rconfack(f, id, inp, len); - break; - - case CONFNAK: - case CONFREJ: - fsm_rconfnakrej(f, code, id, inp, len); - break; - - case TERMREQ: - fsm_rtermreq(f, id, inp, len); - break; - - case TERMACK: - fsm_rtermack(f); - break; - - case CODEREJ: - fsm_rcoderej(f, inp, len); - break; - - default: - if( !f->callbacks->extcode - || !(*f->callbacks->extcode)(f, code, id, inp, len) ) - fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN); - break; - } -} - - -/* - * fsm_rconfreq - Receive Configure-Request. - */ -static void -fsm_rconfreq(f, id, inp, len) - fsm *f; - u_char id; - u_char *inp; - int len; -{ - int code, reject_if_disagree; - - switch( f->state ){ - case CLOSED: - /* Go away, we're closed */ - fsm_sdata(f, TERMACK, id, NULL, 0); - return; - case CLOSING: - case STOPPING: - return; - - case OPENED: - /* Go down and restart negotiation */ - if( f->callbacks->down ) - (*f->callbacks->down)(f); /* Inform upper layers */ - fsm_sconfreq(f, 0); /* Send initial Configure-Request */ - f->state = REQSENT; - break; - - case STOPPED: - /* Negotiation started by our peer */ - fsm_sconfreq(f, 0); /* Send initial Configure-Request */ - f->state = REQSENT; - break; - } - - /* - * Pass the requested configuration options - * to protocol-specific code for checking. - */ - if (f->callbacks->reqci){ /* Check CI */ - reject_if_disagree = (f->nakloops >= f->maxnakloops); - code = (*f->callbacks->reqci)(f, inp, &len, reject_if_disagree); - } else if (len) - code = CONFREJ; /* Reject all CI */ - else - code = CONFACK; - - /* send the Ack, Nak or Rej to the peer */ - fsm_sdata(f, code, id, inp, len); - - if (code == CONFACK) { - if (f->state == ACKRCVD) { - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - f->state = OPENED; - if (f->callbacks->up) - (*f->callbacks->up)(f); /* Inform upper layers */ - } else - f->state = ACKSENT; - f->nakloops = 0; - - } else { - /* we sent CONFACK or CONFREJ */ - if (f->state != ACKRCVD) - f->state = REQSENT; - if( code == CONFNAK ) - ++f->nakloops; - } -} - - -/* - * fsm_rconfack - Receive Configure-Ack. - */ -static void -fsm_rconfack(f, id, inp, len) - fsm *f; - int id; - u_char *inp; - int len; -{ - if (id != f->reqid || f->seen_ack) /* Expected id? */ - return; /* Nope, toss... */ - if( !(f->callbacks->ackci? (*f->callbacks->ackci)(f, inp, len): - (len == 0)) ){ - /* Ack is bad - ignore it */ - error("Received bad configure-ack: %P", inp, len); - return; - } - f->seen_ack = 1; - f->rnakloops = 0; - - switch (f->state) { - case CLOSED: - case STOPPED: - fsm_sdata(f, TERMACK, id, NULL, 0); - break; - - case REQSENT: - f->state = ACKRCVD; - f->retransmits = f->maxconfreqtransmits; - break; - - case ACKRCVD: - /* Huh? an extra valid Ack? oh well... */ - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - fsm_sconfreq(f, 0); - f->state = REQSENT; - break; - - case ACKSENT: - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - f->state = OPENED; - f->retransmits = f->maxconfreqtransmits; - if (f->callbacks->up) - (*f->callbacks->up)(f); /* Inform upper layers */ - break; - - case OPENED: - /* Go down and restart negotiation */ - if (f->callbacks->down) - (*f->callbacks->down)(f); /* Inform upper layers */ - fsm_sconfreq(f, 0); /* Send initial Configure-Request */ - f->state = REQSENT; - break; - } -} - - -/* - * fsm_rconfnakrej - Receive Configure-Nak or Configure-Reject. - */ -static void -fsm_rconfnakrej(f, code, id, inp, len) - fsm *f; - int code, id; - u_char *inp; - int len; -{ - int ret; - int treat_as_reject; - - if (id != f->reqid || f->seen_ack) /* Expected id? */ - return; /* Nope, toss... */ - - if (code == CONFNAK) { - ++f->rnakloops; - treat_as_reject = (f->rnakloops >= f->maxnakloops); - if (f->callbacks->nakci == NULL - || !(ret = f->callbacks->nakci(f, inp, len, treat_as_reject))) { - error("Received bad configure-nak: %P", inp, len); - return; - } - } else { - f->rnakloops = 0; - if (f->callbacks->rejci == NULL - || !(ret = f->callbacks->rejci(f, inp, len))) { - error("Received bad configure-rej: %P", inp, len); - return; - } - } - - f->seen_ack = 1; - - switch (f->state) { - case CLOSED: - case STOPPED: - fsm_sdata(f, TERMACK, id, NULL, 0); - break; - - case REQSENT: - case ACKSENT: - /* They didn't agree to what we wanted - try another request */ - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - if (ret < 0) - f->state = STOPPED; /* kludge for stopping CCP */ - else - fsm_sconfreq(f, 0); /* Send Configure-Request */ - break; - - case ACKRCVD: - /* Got a Nak/reject when we had already had an Ack?? oh well... */ - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - fsm_sconfreq(f, 0); - f->state = REQSENT; - break; - - case OPENED: - /* Go down and restart negotiation */ - if (f->callbacks->down) - (*f->callbacks->down)(f); /* Inform upper layers */ - fsm_sconfreq(f, 0); /* Send initial Configure-Request */ - f->state = REQSENT; - break; - } -} - - -/* - * fsm_rtermreq - Receive Terminate-Req. - */ -static void -fsm_rtermreq(f, id, p, len) - fsm *f; - int id; - u_char *p; - int len; -{ - switch (f->state) { - case ACKRCVD: - case ACKSENT: - f->state = REQSENT; /* Start over but keep trying */ - break; - - case OPENED: - if (len > 0) { - info("%s terminated by peer (%0.*v)", PROTO_NAME(f), len, p); - } else - info("%s terminated by peer", PROTO_NAME(f)); - f->retransmits = 0; - f->state = STOPPING; - if (f->callbacks->down) - (*f->callbacks->down)(f); /* Inform upper layers */ - TIMEOUT(fsm_timeout, f, f->timeouttime); - break; - } - - fsm_sdata(f, TERMACK, id, NULL, 0); -} - - -/* - * fsm_rtermack - Receive Terminate-Ack. - */ -static void -fsm_rtermack(f) - fsm *f; -{ - switch (f->state) { - case CLOSING: - UNTIMEOUT(fsm_timeout, f); - f->state = CLOSED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - break; - case STOPPING: - UNTIMEOUT(fsm_timeout, f); - f->state = STOPPED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - break; - - case ACKRCVD: - f->state = REQSENT; - break; - - case OPENED: - if (f->callbacks->down) - (*f->callbacks->down)(f); /* Inform upper layers */ - fsm_sconfreq(f, 0); - f->state = REQSENT; - break; - } -} - - -/* - * fsm_rcoderej - Receive an Code-Reject. - */ -static void -fsm_rcoderej(f, inp, len) - fsm *f; - u_char *inp; - int len; -{ - u_char code, id; - - if (len < HEADERLEN) { - FSMDEBUG(("fsm_rcoderej: Rcvd short Code-Reject packet!")); - return; - } - GETCHAR(code, inp); - GETCHAR(id, inp); - warn("%s: Rcvd Code-Reject for code %d, id %d", PROTO_NAME(f), code, id); - - if( f->state == ACKRCVD ) - f->state = REQSENT; -} - - -/* - * fsm_protreject - Peer doesn't speak this protocol. - * - * Treat this as a catastrophic error (RXJ-). - */ -void -fsm_protreject(f) - fsm *f; -{ - switch( f->state ){ - case CLOSING: - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - /* fall through */ - case CLOSED: - f->state = CLOSED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - break; - - case STOPPING: - case REQSENT: - case ACKRCVD: - case ACKSENT: - UNTIMEOUT(fsm_timeout, f); /* Cancel timeout */ - /* fall through */ - case STOPPED: - f->state = STOPPED; - if( f->callbacks->finished ) - (*f->callbacks->finished)(f); - break; - - case OPENED: - terminate_layer(f, STOPPING); - break; - - default: - FSMDEBUG(("%s: Protocol-reject event in state %d!", - PROTO_NAME(f), f->state)); - } -} - - -/* - * fsm_sconfreq - Send a Configure-Request. - */ -static void -fsm_sconfreq(f, retransmit) - fsm *f; - int retransmit; -{ - u_char *outp; - int cilen; - - if( f->state != REQSENT && f->state != ACKRCVD && f->state != ACKSENT ){ - /* Not currently negotiating - reset options */ - if( f->callbacks->resetci ) - (*f->callbacks->resetci)(f); - f->nakloops = 0; - f->rnakloops = 0; - } - - if( !retransmit ){ - /* New request - reset retransmission counter, use new ID */ - f->retransmits = f->maxconfreqtransmits; - f->reqid = ++f->id; - } - - f->seen_ack = 0; - - /* - * Make up the request packet - */ - outp = outpacket_buf + PPP_HDRLEN + HEADERLEN; - if( f->callbacks->cilen && f->callbacks->addci ){ - cilen = (*f->callbacks->cilen)(f); - if( cilen > peer_mru[f->unit] - HEADERLEN ) - cilen = peer_mru[f->unit] - HEADERLEN; - if (f->callbacks->addci) - (*f->callbacks->addci)(f, outp, &cilen); - } else - cilen = 0; - - /* send the request to our peer */ - fsm_sdata(f, CONFREQ, f->reqid, outp, cilen); - - /* start the retransmit timer */ - --f->retransmits; - TIMEOUT(fsm_timeout, f, f->timeouttime); -} - - -/* - * fsm_sdata - Send some data. - * - * Used for all packets sent to our peer by this module. - */ -void -fsm_sdata(f, code, id, data, datalen) - fsm *f; - u_char code, id; - u_char *data; - int datalen; -{ - u_char *outp; - int outlen; - - /* Adjust length to be smaller than MTU */ - outp = outpacket_buf; - if (datalen > peer_mru[f->unit] - HEADERLEN) - datalen = peer_mru[f->unit] - HEADERLEN; - if (datalen && data != outp + PPP_HDRLEN + HEADERLEN) - BCOPY(data, outp + PPP_HDRLEN + HEADERLEN, datalen); - outlen = datalen + HEADERLEN; - MAKEHEADER(outp, f->protocol); - PUTCHAR(code, outp); - PUTCHAR(id, outp); - PUTSHORT(outlen, outp); - output(f->unit, outpacket_buf, outlen + PPP_HDRLEN); -} diff --git a/pppd/fsm.h b/pppd/fsm.h deleted file mode 100644 index 87a78d3..0000000 --- a/pppd/fsm.h +++ /dev/null @@ -1,168 +0,0 @@ -/* - * fsm.h - {Link, IP} Control Protocol Finite State Machine definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: fsm.h,v 1.10 2004/11/13 02:28:15 paulus Exp $ - */ - -/* - * Packet header = Code, id, length. - */ -#define HEADERLEN 4 - - -/* - * CP (LCP, IPCP, etc.) codes. - */ -#define CONFREQ 1 /* Configuration Request */ -#define CONFACK 2 /* Configuration Ack */ -#define CONFNAK 3 /* Configuration Nak */ -#define CONFREJ 4 /* Configuration Reject */ -#define TERMREQ 5 /* Termination Request */ -#define TERMACK 6 /* Termination Ack */ -#define CODEREJ 7 /* Code Reject */ - - -/* - * Each FSM is described by an fsm structure and fsm callbacks. - */ -typedef struct fsm { - int unit; /* Interface unit number */ - int protocol; /* Data Link Layer Protocol field value */ - int state; /* State */ - int flags; /* Contains option bits */ - u_char id; /* Current id */ - u_char reqid; /* Current request id */ - u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */ - int timeouttime; /* Timeout time in milliseconds */ - int maxconfreqtransmits; /* Maximum Configure-Request transmissions */ - int retransmits; /* Number of retransmissions left */ - int maxtermtransmits; /* Maximum Terminate-Request transmissions */ - int nakloops; /* Number of nak loops since last ack */ - int rnakloops; /* Number of naks received */ - int maxnakloops; /* Maximum number of nak loops tolerated */ - struct fsm_callbacks *callbacks; /* Callback routines */ - char *term_reason; /* Reason for closing protocol */ - int term_reason_len; /* Length of term_reason */ -} fsm; - - -typedef struct fsm_callbacks { - void (*resetci) /* Reset our Configuration Information */ - __P((fsm *)); - int (*cilen) /* Length of our Configuration Information */ - __P((fsm *)); - void (*addci) /* Add our Configuration Information */ - __P((fsm *, u_char *, int *)); - int (*ackci) /* ACK our Configuration Information */ - __P((fsm *, u_char *, int)); - int (*nakci) /* NAK our Configuration Information */ - __P((fsm *, u_char *, int, int)); - int (*rejci) /* Reject our Configuration Information */ - __P((fsm *, u_char *, int)); - int (*reqci) /* Request peer's Configuration Information */ - __P((fsm *, u_char *, int *, int)); - void (*up) /* Called when fsm reaches OPENED state */ - __P((fsm *)); - void (*down) /* Called when fsm leaves OPENED state */ - __P((fsm *)); - void (*starting) /* Called when we want the lower layer */ - __P((fsm *)); - void (*finished) /* Called when we don't want the lower layer */ - __P((fsm *)); - void (*protreject) /* Called when Protocol-Reject received */ - __P((int)); - void (*retransmit) /* Retransmission is necessary */ - __P((fsm *)); - int (*extcode) /* Called when unknown code received */ - __P((fsm *, int, int, u_char *, int)); - char *proto_name; /* String name for protocol (for messages) */ -} fsm_callbacks; - - -/* - * Link states. - */ -#define INITIAL 0 /* Down, hasn't been opened */ -#define STARTING 1 /* Down, been opened */ -#define CLOSED 2 /* Up, hasn't been opened */ -#define STOPPED 3 /* Open, waiting for down event */ -#define CLOSING 4 /* Terminating the connection, not open */ -#define STOPPING 5 /* Terminating, but open */ -#define REQSENT 6 /* We've sent a Config Request */ -#define ACKRCVD 7 /* We've received a Config Ack */ -#define ACKSENT 8 /* We've sent a Config Ack */ -#define OPENED 9 /* Connection available */ - - -/* - * Flags - indicate options controlling FSM operation - */ -#define OPT_PASSIVE 1 /* Don't die if we don't get a response */ -#define OPT_RESTART 2 /* Treat 2nd OPEN as DOWN, UP */ -#define OPT_SILENT 4 /* Wait for peer to speak first */ - - -/* - * Timeouts. - */ -#define DEFTIMEOUT 3 /* Timeout time in seconds */ -#define DEFMAXTERMREQS 2 /* Maximum Terminate-Request transmissions */ -#define DEFMAXCONFREQS 10 /* Maximum Configure-Request transmissions */ -#define DEFMAXNAKLOOPS 5 /* Maximum number of nak loops */ - - -/* - * Prototypes - */ -void fsm_init __P((fsm *)); -void fsm_lowerup __P((fsm *)); -void fsm_lowerdown __P((fsm *)); -void fsm_open __P((fsm *)); -void fsm_close __P((fsm *, char *)); -void fsm_input __P((fsm *, u_char *, int)); -void fsm_protreject __P((fsm *)); -void fsm_sdata __P((fsm *, int, int, u_char *, int)); - - -/* - * Variables - */ -extern int peer_mru[]; /* currently negotiated peer MRU (per unit) */ diff --git a/pppd/include/net/if_ppp.h b/pppd/include/net/if_ppp.h deleted file mode 100644 index bfec606..0000000 --- a/pppd/include/net/if_ppp.h +++ /dev/null @@ -1,156 +0,0 @@ -/* $Id: if_ppp.h,v 1.19 2002/12/06 09:49:15 paulus Exp $ */ - -/* - * if_ppp.h - Point-to-Point Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _IF_PPP_H_ -#define _IF_PPP_H_ - -/* - * Bit definitions for flags. - */ -#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */ -#define SC_COMP_AC 0x00000002 /* header compression (output) */ -#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */ -#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */ -#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */ -#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */ -#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */ -#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */ -#define SC_DEBUG 0x00010000 /* enable debug messages */ -#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */ -#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */ -#define SC_LOG_RAWIN 0x00080000 /* log all chars received */ -#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */ -#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */ -#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */ -#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */ -#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */ -#define SC_SYNC 0x00200000 /* use synchronous HDLC framing */ -#define SC_MASK 0x0fff00ff /* bits that user can change */ - -/* - * State bits in sc_flags, not changeable by user. - */ -#define SC_TIMEOUT 0x00000400 /* timeout is currently pending */ -#define SC_VJ_RESET 0x00000800 /* need to reset VJ decomp */ -#define SC_COMP_RUN 0x00001000 /* compressor has been inited */ -#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */ -#define SC_DC_ERROR 0x00004000 /* non-fatal decomp error detected */ -#define SC_DC_FERROR 0x00008000 /* fatal decomp error detected */ -#define SC_TBUSY 0x10000000 /* xmitter doesn't need a packet yet */ -#define SC_PKTLOST 0x20000000 /* have lost or dropped a packet */ -#define SC_FLUSH 0x40000000 /* flush input until next PPP_FLAG */ -#define SC_ESCAPED 0x80000000 /* saw a PPP_ESCAPE */ - -/* - * Ioctl definitions. - */ - -struct npioctl { - int protocol; /* PPP procotol, e.g. PPP_IP */ - enum NPmode mode; -}; - -/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */ -struct ppp_option_data { - u_char *ptr; - u_int length; - int transmit; -}; - -struct ifpppstatsreq { - char ifr_name[IFNAMSIZ]; - struct ppp_stats stats; -}; - -struct ifpppcstatsreq { - char ifr_name[IFNAMSIZ]; - struct ppp_comp_stats stats; -}; - -/* - * Ioctl definitions. - */ - -#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */ -#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */ -#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */ -#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */ -#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */ -#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */ -#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */ -#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */ -#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */ -#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */ -#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */ -#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */ -#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */ -#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data) -#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */ -#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */ -#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */ -#ifdef PPP_FILTER -#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */ -#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */ -#endif /* PPP_FILTER */ - -/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */ -#define PPPIOCGMTU _IOR('t', 73, int) /* get interface MTU */ -#define PPPIOCSMTU _IOW('t', 72, int) /* set interface MTU */ - -/* - * These two are interface ioctls so that pppstats can do them on - * a socket without having to open the serial device. - */ -#define SIOCGPPPSTATS _IOWR('i', 123, struct ifpppstatsreq) -#define SIOCGPPPCSTATS _IOWR('i', 122, struct ifpppcstatsreq) - -#if !defined(ifr_mtu) -#define ifr_mtu ifr_ifru.ifru_metric -#endif - -#if (defined(_KERNEL) || defined(KERNEL)) && !defined(NeXT) -void pppattach __P((void)); -void pppintr __P((void)); -#endif -#endif /* _IF_PPP_H_ */ diff --git a/pppd/include/net/ppp-comp.h b/pppd/include/net/ppp-comp.h deleted file mode 100644 index 894bf12..0000000 --- a/pppd/include/net/ppp-comp.h +++ /dev/null @@ -1,266 +0,0 @@ -/* - * ppp-comp.h - Definitions for doing PPP packet compression. - * - * Copyright (c) 1984 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ppp-comp.h,v 1.13 2002/12/06 09:49:15 paulus Exp $ - */ - -#ifndef _NET_PPP_COMP_H -#define _NET_PPP_COMP_H - -/* - * The following symbols control whether we include code for - * various compression methods. - */ -#ifndef DO_BSD_COMPRESS -#define DO_BSD_COMPRESS 1 /* by default, include BSD-Compress */ -#endif -#ifndef DO_DEFLATE -#define DO_DEFLATE 1 /* by default, include Deflate */ -#endif -#define DO_PREDICTOR_1 0 -#define DO_PREDICTOR_2 0 - -/* - * Structure giving methods for compression/decompression. - */ -#ifdef PACKETPTR -struct compressor { - int compress_proto; /* CCP compression protocol number */ - - /* Allocate space for a compressor (transmit side) */ - void *(*comp_alloc) __P((u_char *options, int opt_len)); - /* Free space used by a compressor */ - void (*comp_free) __P((void *state)); - /* Initialize a compressor */ - int (*comp_init) __P((void *state, u_char *options, int opt_len, - int unit, int hdrlen, int debug)); - /* Reset a compressor */ - void (*comp_reset) __P((void *state)); - /* Compress a packet */ - int (*compress) __P((void *state, PACKETPTR *mret, - PACKETPTR mp, int orig_len, int max_len)); - /* Return compression statistics */ - void (*comp_stat) __P((void *state, struct compstat *stats)); - - /* Allocate space for a decompressor (receive side) */ - void *(*decomp_alloc) __P((u_char *options, int opt_len)); - /* Free space used by a decompressor */ - void (*decomp_free) __P((void *state)); - /* Initialize a decompressor */ - int (*decomp_init) __P((void *state, u_char *options, int opt_len, - int unit, int hdrlen, int mru, int debug)); - /* Reset a decompressor */ - void (*decomp_reset) __P((void *state)); - /* Decompress a packet. */ - int (*decompress) __P((void *state, PACKETPTR mp, - PACKETPTR *dmpp)); - /* Update state for an incompressible packet received */ - void (*incomp) __P((void *state, PACKETPTR mp)); - /* Return decompression statistics */ - void (*decomp_stat) __P((void *state, struct compstat *stats)); -}; -#endif /* PACKETPTR */ - -/* - * Return values for decompress routine. - * We need to make these distinctions so that we can disable certain - * useful functionality, namely sending a CCP reset-request as a result - * of an error detected after decompression. This is to avoid infringing - * a patent held by Motorola. - * Don't you just lurve software patents. - */ -#define DECOMP_OK 0 /* everything went OK */ -#define DECOMP_ERROR 1 /* error detected before decomp. */ -#define DECOMP_FATALERROR 2 /* error detected after decomp. */ - -/* - * CCP codes. - */ -#define CCP_CONFREQ 1 -#define CCP_CONFACK 2 -#define CCP_TERMREQ 5 -#define CCP_TERMACK 6 -#define CCP_RESETREQ 14 -#define CCP_RESETACK 15 - -/* - * Max # bytes for a CCP option - */ -#define CCP_MAX_OPTION_LENGTH 32 - -/* - * Parts of a CCP packet. - */ -#define CCP_CODE(dp) ((dp)[0]) -#define CCP_ID(dp) ((dp)[1]) -#define CCP_LENGTH(dp) (((dp)[2] << 8) + (dp)[3]) -#define CCP_HDRLEN 4 - -#define CCP_OPT_CODE(dp) ((dp)[0]) -#define CCP_OPT_LENGTH(dp) ((dp)[1]) -#define CCP_OPT_MINLEN 2 - -/* - * Definitions for BSD-Compress. - */ -#define CI_BSD_COMPRESS 21 /* config. option for BSD-Compress */ -#define CILEN_BSD_COMPRESS 3 /* length of config. option */ - -/* Macros for handling the 3rd byte of the BSD-Compress config option. */ -#define BSD_NBITS(x) ((x) & 0x1F) /* number of bits requested */ -#define BSD_VERSION(x) ((x) >> 5) /* version of option format */ -#define BSD_CURRENT_VERSION 1 /* current version number */ -#define BSD_MAKE_OPT(v, n) (((v) << 5) | (n)) - -#define BSD_MIN_BITS 9 /* smallest code size supported */ -#define BSD_MAX_BITS 15 /* largest code size supported */ - -/* - * Definitions for Deflate. - */ -#define CI_DEFLATE 26 /* config option for Deflate */ -#define CI_DEFLATE_DRAFT 24 /* value used in original draft RFC */ -#define CILEN_DEFLATE 4 /* length of its config option */ - -#define DEFLATE_MIN_SIZE 8 -#define DEFLATE_MAX_SIZE 15 -#define DEFLATE_METHOD_VAL 8 -#define DEFLATE_SIZE(x) (((x) >> 4) + DEFLATE_MIN_SIZE) -#define DEFLATE_METHOD(x) ((x) & 0x0F) -#define DEFLATE_MAKE_OPT(w) ((((w) - DEFLATE_MIN_SIZE) << 4) \ - + DEFLATE_METHOD_VAL) -#define DEFLATE_CHK_SEQUENCE 0 - -/* - * Definitions for MPPE. - */ -#define CI_MPPE 18 /* config option for MPPE */ -#define CILEN_MPPE 6 /* length of config option */ - -#define MPPE_PAD 4 /* MPPE growth per frame */ -#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ - -/* option bits for ccp_options.mppe */ -#define MPPE_OPT_40 0x01 /* 40 bit */ -#define MPPE_OPT_128 0x02 /* 128 bit */ -#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */ -/* unsupported opts */ -#define MPPE_OPT_56 0x08 /* 56 bit */ -#define MPPE_OPT_MPPC 0x10 /* MPPC compression */ -#define MPPE_OPT_D 0x20 /* Unknown */ -#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D) -#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */ - -/* - * This is not nice ... the alternative is a bitfield struct though. - * And unfortunately, we cannot share the same bits for the option - * names above since C and H are the same bit. We could do a u_int32 - * but then we have to do a htonl() all the time and/or we still need - * to know which octet is which. - */ -#define MPPE_C_BIT 0x01 /* MPPC */ -#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */ -#define MPPE_L_BIT 0x20 /* 40-bit */ -#define MPPE_S_BIT 0x40 /* 128-bit */ -#define MPPE_M_BIT 0x80 /* 56-bit, not supported */ -#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */ - -/* Does not include H bit; used for least significant octet only. */ -#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT) - -/* Build a CI from mppe opts (see RFC 3078) */ -#define MPPE_OPTS_TO_CI(opts, ci) \ - do { \ - u_char *ptr = ci; /* u_char[4] */ \ - \ - /* H bit */ \ - if (opts & MPPE_OPT_STATEFUL) \ - *ptr++ = 0x0; \ - else \ - *ptr++ = MPPE_H_BIT; \ - *ptr++ = 0; \ - *ptr++ = 0; \ - \ - /* S,L bits */ \ - *ptr = 0; \ - if (opts & MPPE_OPT_128) \ - *ptr |= MPPE_S_BIT; \ - if (opts & MPPE_OPT_40) \ - *ptr |= MPPE_L_BIT; \ - /* M,D,C bits not supported */ \ - } while (/* CONSTCOND */ 0) - -/* The reverse of the above */ -#define MPPE_CI_TO_OPTS(ci, opts) \ - do { \ - u_char *ptr = ci; /* u_char[4] */ \ - \ - opts = 0; \ - \ - /* H bit */ \ - if (!(ptr[0] & MPPE_H_BIT)) \ - opts |= MPPE_OPT_STATEFUL; \ - \ - /* S,L bits */ \ - if (ptr[3] & MPPE_S_BIT) \ - opts |= MPPE_OPT_128; \ - if (ptr[3] & MPPE_L_BIT) \ - opts |= MPPE_OPT_40; \ - \ - /* M,D,C bits */ \ - if (ptr[3] & MPPE_M_BIT) \ - opts |= MPPE_OPT_56; \ - if (ptr[3] & MPPE_D_BIT) \ - opts |= MPPE_OPT_D; \ - if (ptr[3] & MPPE_C_BIT) \ - opts |= MPPE_OPT_MPPC; \ - \ - /* Other bits */ \ - if (ptr[0] & ~MPPE_H_BIT) \ - opts |= MPPE_OPT_UNKNOWN; \ - if (ptr[1] || ptr[2]) \ - opts |= MPPE_OPT_UNKNOWN; \ - if (ptr[3] & ~MPPE_ALL_BITS) \ - opts |= MPPE_OPT_UNKNOWN; \ - } while (/* CONSTCOND */ 0) - -/* - * Definitions for other, as yet unsupported, compression methods. - */ -#define CI_PREDICTOR_1 1 /* config option for Predictor-1 */ -#define CILEN_PREDICTOR_1 2 /* length of its config option */ -#define CI_PREDICTOR_2 2 /* config option for Predictor-2 */ -#define CILEN_PREDICTOR_2 2 /* length of its config option */ - -#endif /* _NET_PPP_COMP_H */ diff --git a/pppd/include/net/ppp_defs.h b/pppd/include/net/ppp_defs.h deleted file mode 100644 index b06eda5..0000000 --- a/pppd/include/net/ppp_defs.h +++ /dev/null @@ -1,194 +0,0 @@ -/* $Id: ppp_defs.h,v 1.17 2002/12/06 09:49:15 paulus Exp $ */ - -/* - * ppp_defs.h - PPP definitions. - * - * Copyright (c) 1984 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _PPP_DEFS_H_ -#define _PPP_DEFS_H_ - -/* - * The basic PPP frame. - */ -#define PPP_HDRLEN 4 /* octets for standard ppp header */ -#define PPP_FCSLEN 2 /* octets for FCS */ - -/* - * Packet sizes - * - * Note - lcp shouldn't be allowed to negotiate stuff outside these - * limits. See lcp.h in the pppd directory. - * (XXX - these constants should simply be shared by lcp.c instead - * of living in lcp.h) - */ -#define PPP_MTU 1500 /* Default MTU (size of Info field) */ -#define PPP_MAXMTU 65535 - (PPP_HDRLEN + PPP_FCSLEN) -#define PPP_MINMTU 64 -#define PPP_MRU 1500 /* default MRU = max length of info field */ -#define PPP_MAXMRU 65000 /* Largest MRU we allow */ -#define PPP_MINMRU 128 - -#define PPP_ADDRESS(p) (((u_char *)(p))[0]) -#define PPP_CONTROL(p) (((u_char *)(p))[1]) -#define PPP_PROTOCOL(p) ((((u_char *)(p))[2] << 8) + ((u_char *)(p))[3]) - -/* - * Significant octet values. - */ -#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ -#define PPP_UI 0x03 /* Unnumbered Information */ -#define PPP_FLAG 0x7e /* Flag Sequence */ -#define PPP_ESCAPE 0x7d /* Asynchronous Control Escape */ -#define PPP_TRANS 0x20 /* Asynchronous transparency modifier */ - -/* - * Protocol field values. - */ -#define PPP_IP 0x21 /* Internet Protocol */ -#define PPP_AT 0x29 /* AppleTalk Protocol */ -#define PPP_IPX 0x2b /* IPX protocol */ -#define PPP_VJC_COMP 0x2d /* VJ compressed TCP */ -#define PPP_VJC_UNCOMP 0x2f /* VJ uncompressed TCP */ -#define PPP_IPV6 0x57 /* Internet Protocol Version 6 */ -#define PPP_COMP 0xfd /* compressed packet */ -#define PPP_IPCP 0x8021 /* IP Control Protocol */ -#define PPP_ATCP 0x8029 /* AppleTalk Control Protocol */ -#define PPP_IPXCP 0x802b /* IPX Control Protocol */ -#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ -#define PPP_CCP 0x80fd /* Compression Control Protocol */ -#define PPP_ECP 0x8053 /* Encryption Control Protocol */ -#define PPP_LCP 0xc021 /* Link Control Protocol */ -#define PPP_PAP 0xc023 /* Password Authentication Protocol */ -#define PPP_LQR 0xc025 /* Link Quality Report protocol */ -#define PPP_CHAP 0xc223 /* Cryptographic Handshake Auth. Protocol */ -#define PPP_CBCP 0xc029 /* Callback Control Protocol */ -#define PPP_EAP 0xc227 /* Extensible Authentication Protocol */ - -/* - * Values for FCS calculations. - */ -#define PPP_INITFCS 0xffff /* Initial FCS value */ -#define PPP_GOODFCS 0xf0b8 /* Good final FCS value */ -#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff]) - -/* - * A 32-bit unsigned integral type. - */ - -#if !defined(__BIT_TYPES_DEFINED__) && !defined(_BITYPES) \ - && !defined(__FreeBSD__) && (NS_TARGET < 40) -#ifdef UINT32_T -typedef UINT32_T u_int32_t; -#else -typedef unsigned int u_int32_t; -typedef unsigned short u_int16_t; -#endif -#endif - -/* - * Extended asyncmap - allows any character to be escaped. - */ -typedef u_int32_t ext_accm[8]; - -/* - * What to do with network protocol (NP) packets. - */ -enum NPmode { - NPMODE_PASS, /* pass the packet through */ - NPMODE_DROP, /* silently drop the packet */ - NPMODE_ERROR, /* return an error */ - NPMODE_QUEUE /* save it up for later. */ -}; - -/* - * Statistics. - */ -struct pppstat { - unsigned int ppp_ibytes; /* bytes received */ - unsigned int ppp_ipackets; /* packets received */ - unsigned int ppp_ierrors; /* receive errors */ - unsigned int ppp_obytes; /* bytes sent */ - unsigned int ppp_opackets; /* packets sent */ - unsigned int ppp_oerrors; /* transmit errors */ -}; - -struct vjstat { - unsigned int vjs_packets; /* outbound packets */ - unsigned int vjs_compressed; /* outbound compressed packets */ - unsigned int vjs_searches; /* searches for connection state */ - unsigned int vjs_misses; /* times couldn't find conn. state */ - unsigned int vjs_uncompressedin; /* inbound uncompressed packets */ - unsigned int vjs_compressedin; /* inbound compressed packets */ - unsigned int vjs_errorin; /* inbound unknown type packets */ - unsigned int vjs_tossed; /* inbound packets tossed because of error */ -}; - -struct ppp_stats { - struct pppstat p; /* basic PPP statistics */ - struct vjstat vj; /* VJ header compression statistics */ -}; - -struct compstat { - unsigned int unc_bytes; /* total uncompressed bytes */ - unsigned int unc_packets; /* total uncompressed packets */ - unsigned int comp_bytes; /* compressed bytes */ - unsigned int comp_packets; /* compressed packets */ - unsigned int inc_bytes; /* incompressible bytes */ - unsigned int inc_packets; /* incompressible packets */ - unsigned int ratio; /* recent compression ratio << 8 */ -}; - -struct ppp_comp_stats { - struct compstat c; /* packet compression statistics */ - struct compstat d; /* packet decompression statistics */ -}; - -/* - * The following structure records the time in seconds since - * the last NP packet was sent or received. - */ -struct ppp_idle { - time_t xmit_idle; /* time since last NP packet sent */ - time_t recv_idle; /* time since last NP packet received */ -}; - -#ifndef __P -#ifdef __STDC__ -#define __P(x) x -#else -#define __P(x) () -#endif -#endif - -#endif /* _PPP_DEFS_H_ */ diff --git a/pppd/include/net/pppio.h b/pppd/include/net/pppio.h deleted file mode 100644 index 54cfe44..0000000 --- a/pppd/include/net/pppio.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * pppio.h - ioctl and other misc. definitions for STREAMS modules. - * - * Copyright (c) 1994 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: pppio.h,v 1.9 2002/12/06 09:49:15 paulus Exp $ - */ - -#define _PPPIO(n) (('p' << 8) + (n)) - -#define PPPIO_NEWPPA _PPPIO(130) /* allocate a new PPP unit */ -#define PPPIO_GETSTAT _PPPIO(131) /* get PPP statistics */ -#define PPPIO_GETCSTAT _PPPIO(132) /* get PPP compression stats */ -#define PPPIO_MTU _PPPIO(133) /* set max transmission unit */ -#define PPPIO_MRU _PPPIO(134) /* set max receive unit */ -#define PPPIO_CFLAGS _PPPIO(135) /* set/clear/get compression flags */ -#define PPPIO_XCOMP _PPPIO(136) /* alloc transmit compressor */ -#define PPPIO_RCOMP _PPPIO(137) /* alloc receive decompressor */ -#define PPPIO_XACCM _PPPIO(138) /* set transmit asyncmap */ -#define PPPIO_RACCM _PPPIO(139) /* set receive asyncmap */ -#define PPPIO_VJINIT _PPPIO(140) /* initialize VJ comp/decomp */ -#define PPPIO_ATTACH _PPPIO(141) /* attach to a ppa (without putmsg) */ -#define PPPIO_LASTMOD _PPPIO(142) /* mark last ppp module */ -#define PPPIO_GCLEAN _PPPIO(143) /* get 8-bit-clean flags */ -#define PPPIO_DEBUG _PPPIO(144) /* request debug information */ -#define PPPIO_BIND _PPPIO(145) /* bind to SAP */ -#define PPPIO_NPMODE _PPPIO(146) /* set mode for handling data pkts */ -#define PPPIO_GIDLE _PPPIO(147) /* get time since last data pkt */ -#define PPPIO_PASSFILT _PPPIO(148) /* set filter for packets to pass */ -#define PPPIO_ACTIVEFILT _PPPIO(149) /* set filter for "link active" pkts */ - -/* - * Values for PPPIO_CFLAGS - */ -#define COMP_AC 0x1 /* compress address/control */ -#define DECOMP_AC 0x2 /* decompress address/control */ -#define COMP_PROT 0x4 /* compress PPP protocol */ -#define DECOMP_PROT 0x8 /* decompress PPP protocol */ - -#define COMP_VJC 0x10 /* compress TCP/IP headers */ -#define COMP_VJCCID 0x20 /* compress connection ID as well */ -#define DECOMP_VJC 0x40 /* decompress TCP/IP headers */ -#define DECOMP_VJCCID 0x80 /* accept compressed connection ID */ - -#define CCP_ISOPEN 0x100 /* look at CCP packets */ -#define CCP_ISUP 0x200 /* do packet comp/decomp */ -#define CCP_ERROR 0x400 /* (status) error in packet decomp */ -#define CCP_FATALERROR 0x800 /* (status) fatal error ditto */ -#define CCP_COMP_RUN 0x1000 /* (status) seen CCP ack sent */ -#define CCP_DECOMP_RUN 0x2000 /* (status) seen CCP ack rcvd */ - -/* - * Values for 8-bit-clean flags. - */ -#define RCV_B7_0 1 /* have rcvd char with bit 7 = 0 */ -#define RCV_B7_1 2 /* have rcvd char with bit 7 = 1 */ -#define RCV_EVNP 4 /* have rcvd char with even parity */ -#define RCV_ODDP 8 /* have rcvd char with odd parity */ - -/* - * Values for the first byte of M_CTL messages passed between - * PPP modules. - */ -#define PPPCTL_OERROR 0xe0 /* output error [up] */ -#define PPPCTL_IERROR 0xe1 /* input error (e.g. FCS) [up] */ -#define PPPCTL_MTU 0xe2 /* set MTU [down] */ -#define PPPCTL_MRU 0xe3 /* set MRU [down] */ -#define PPPCTL_UNIT 0xe4 /* note PPP unit number [down] */ - -/* - * Values for the integer argument to PPPIO_DEBUG. - */ -#define PPPDBG_DUMP 0x10000 /* print out debug info now */ -#define PPPDBG_LOG 0x100 /* log various things */ -#define PPPDBG_DRIVER 0 /* identifies ppp driver as target */ -#define PPPDBG_IF 1 /* identifies ppp network i/f target */ -#define PPPDBG_COMP 2 /* identifies ppp compression target */ -#define PPPDBG_AHDLC 3 /* identifies ppp async hdlc target */ diff --git a/pppd/include/net/slcompress.h b/pppd/include/net/slcompress.h deleted file mode 100644 index d887dfc..0000000 --- a/pppd/include/net/slcompress.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Definitions for tcp compression routines. - * - * $Id: slcompress.h,v 1.4 1994/09/21 06:50:08 paulus Exp $ - * - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: - * - Initial distribution. - */ - -#ifndef _SLCOMPRESS_H_ -#define _SLCOMPRESS_H_ - -#define MAX_STATES 16 /* must be > 2 and < 256 */ -#define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */ - -/* - * Compressed packet format: - * - * The first octet contains the packet type (top 3 bits), TCP - * 'push' bit, and flags that indicate which of the 4 TCP sequence - * numbers have changed (bottom 5 bits). The next octet is a - * conversation number that associates a saved IP/TCP header with - * the compressed packet. The next two octets are the TCP checksum - * from the original datagram. The next 0 to 15 octets are - * sequence number changes, one change per bit set in the header - * (there may be no changes and there are two special cases where - * the receiver implicitly knows what changed -- see below). - * - * There are 5 numbers which can change (they are always inserted - * in the following order): TCP urgent pointer, window, - * acknowlegement, sequence number and IP ID. (The urgent pointer - * is different from the others in that its value is sent, not the - * change in value.) Since typical use of SLIP links is biased - * toward small packets (see comments on MTU/MSS below), changes - * use a variable length coding with one octet for numbers in the - * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the - * range 256 - 65535 or 0. (If the change in sequence number or - * ack is more than 65535, an uncompressed packet is sent.) - */ - -/* - * Packet types (must not conflict with IP protocol version) - * - * The top nibble of the first octet is the packet type. There are - * three possible types: IP (not proto TCP or tcp with one of the - * control flags set); uncompressed TCP (a normal IP/TCP packet but - * with the 8-bit protocol field replaced by an 8-bit connection id -- - * this type of packet syncs the sender & receiver); and compressed - * TCP (described above). - * - * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and - * is logically part of the 4-bit "changes" field that follows. Top - * three bits are actual packet type. For backward compatibility - * and in the interest of conserving bits, numbers are chosen so the - * IP protocol version number (4) which normally appears in this nibble - * means "IP packet". - */ - -/* packet types */ -#define TYPE_IP 0x40 -#define TYPE_UNCOMPRESSED_TCP 0x70 -#define TYPE_COMPRESSED_TCP 0x80 -#define TYPE_ERROR 0x00 - -/* Bits in first octet of compressed packet */ -#define NEW_C 0x40 /* flag bits for what changed in a packet */ -#define NEW_I 0x20 -#define NEW_S 0x08 -#define NEW_A 0x04 -#define NEW_W 0x02 -#define NEW_U 0x01 - -/* reserved, special-case values of above */ -#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ -#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ -#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) - -#define TCP_PUSH_BIT 0x10 - - -/* - * "state" data for each active tcp conversation on the wire. This is - * basically a copy of the entire IP/TCP header from the last packet - * we saw from the conversation together with a small identifier - * the transmit & receive ends of the line use to locate saved header. - */ -struct cstate { - struct cstate *cs_next; /* next most recently used cstate (xmit only) */ - u_short cs_hlen; /* size of hdr (receive only) */ - u_char cs_id; /* connection # associated with this state */ - u_char cs_filler; - union { - char csu_hdr[MAX_HDR]; - struct ip csu_ip; /* ip/tcp hdr from most recent packet */ - } slcs_u; -}; -#define cs_ip slcs_u.csu_ip -#define cs_hdr slcs_u.csu_hdr - -/* - * all the state data for one serial line (we need one of these - * per line). - */ -struct slcompress { - struct cstate *last_cs; /* most recently used tstate */ - u_char last_recv; /* last rcvd conn. id */ - u_char last_xmit; /* last sent conn. id */ - u_short flags; -#ifndef SL_NO_STATS - int sls_packets; /* outbound packets */ - int sls_compressed; /* outbound compressed packets */ - int sls_searches; /* searches for connection state */ - int sls_misses; /* times couldn't find conn. state */ - int sls_uncompressedin; /* inbound uncompressed packets */ - int sls_compressedin; /* inbound compressed packets */ - int sls_errorin; /* inbound unknown type packets */ - int sls_tossed; /* inbound packets tossed because of error */ -#endif - struct cstate tstate[MAX_STATES]; /* xmit connection states */ - struct cstate rstate[MAX_STATES]; /* receive connection states */ -}; -/* flag values */ -#define SLF_TOSS 1 /* tossing rcvd frames because of input err */ - -void sl_compress_init __P((struct slcompress *)); -void sl_compress_setup __P((struct slcompress *, int)); -u_int sl_compress_tcp __P((struct mbuf *, - struct ip *, struct slcompress *, int)); -int sl_uncompress_tcp __P((u_char **, int, u_int, struct slcompress *)); -int sl_uncompress_tcp_core __P((u_char *, int, int, u_int, - struct slcompress *, u_char **, u_int *)); - -#endif /* _SLCOMPRESS_H_ */ diff --git a/pppd/include/net/vjcompress.h b/pppd/include/net/vjcompress.h deleted file mode 100644 index 03a33bf..0000000 --- a/pppd/include/net/vjcompress.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Definitions for tcp compression routines. - * - * $Id: vjcompress.h,v 1.3 1996/05/28 00:55:33 paulus Exp $ - * - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: - * - Initial distribution. - */ - -#ifndef _VJCOMPRESS_H_ -#define _VJCOMPRESS_H_ - -#define MAX_STATES 16 /* must be > 2 and < 256 */ -#define MAX_HDR 128 - -/* - * Compressed packet format: - * - * The first octet contains the packet type (top 3 bits), TCP - * 'push' bit, and flags that indicate which of the 4 TCP sequence - * numbers have changed (bottom 5 bits). The next octet is a - * conversation number that associates a saved IP/TCP header with - * the compressed packet. The next two octets are the TCP checksum - * from the original datagram. The next 0 to 15 octets are - * sequence number changes, one change per bit set in the header - * (there may be no changes and there are two special cases where - * the receiver implicitly knows what changed -- see below). - * - * There are 5 numbers which can change (they are always inserted - * in the following order): TCP urgent pointer, window, - * acknowlegement, sequence number and IP ID. (The urgent pointer - * is different from the others in that its value is sent, not the - * change in value.) Since typical use of SLIP links is biased - * toward small packets (see comments on MTU/MSS below), changes - * use a variable length coding with one octet for numbers in the - * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the - * range 256 - 65535 or 0. (If the change in sequence number or - * ack is more than 65535, an uncompressed packet is sent.) - */ - -/* - * Packet types (must not conflict with IP protocol version) - * - * The top nibble of the first octet is the packet type. There are - * three possible types: IP (not proto TCP or tcp with one of the - * control flags set); uncompressed TCP (a normal IP/TCP packet but - * with the 8-bit protocol field replaced by an 8-bit connection id -- - * this type of packet syncs the sender & receiver); and compressed - * TCP (described above). - * - * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and - * is logically part of the 4-bit "changes" field that follows. Top - * three bits are actual packet type. For backward compatibility - * and in the interest of conserving bits, numbers are chosen so the - * IP protocol version number (4) which normally appears in this nibble - * means "IP packet". - */ - -/* packet types */ -#define TYPE_IP 0x40 -#define TYPE_UNCOMPRESSED_TCP 0x70 -#define TYPE_COMPRESSED_TCP 0x80 -#define TYPE_ERROR 0x00 - -/* Bits in first octet of compressed packet */ -#define NEW_C 0x40 /* flag bits for what changed in a packet */ -#define NEW_I 0x20 -#define NEW_S 0x08 -#define NEW_A 0x04 -#define NEW_W 0x02 -#define NEW_U 0x01 - -/* reserved, special-case values of above */ -#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ -#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ -#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) - -#define TCP_PUSH_BIT 0x10 - - -/* - * "state" data for each active tcp conversation on the wire. This is - * basically a copy of the entire IP/TCP header from the last packet - * we saw from the conversation together with a small identifier - * the transmit & receive ends of the line use to locate saved header. - */ -struct cstate { - struct cstate *cs_next; /* next most recently used state (xmit only) */ - u_short cs_hlen; /* size of hdr (receive only) */ - u_char cs_id; /* connection # associated with this state */ - u_char cs_filler; - union { - char csu_hdr[MAX_HDR]; - struct ip csu_ip; /* ip/tcp hdr from most recent packet */ - } vjcs_u; -}; -#define cs_ip vjcs_u.csu_ip -#define cs_hdr vjcs_u.csu_hdr - -/* - * all the state data for one serial line (we need one of these per line). - */ -struct vjcompress { - struct cstate *last_cs; /* most recently used tstate */ - u_char last_recv; /* last rcvd conn. id */ - u_char last_xmit; /* last sent conn. id */ - u_short flags; -#ifndef VJ_NO_STATS - struct vjstat stats; -#endif - struct cstate tstate[MAX_STATES]; /* xmit connection states */ - struct cstate rstate[MAX_STATES]; /* receive connection states */ -}; - -/* flag values */ -#define VJF_TOSS 1 /* tossing rcvd frames because of input err */ - -extern void vj_compress_init __P((struct vjcompress *comp, int max_state)); -extern u_int vj_compress_tcp __P((struct ip *ip, u_int mlen, - struct vjcompress *comp, int compress_cid_flag, - u_char **vjhdrp)); -extern void vj_uncompress_err __P((struct vjcompress *comp)); -extern int vj_uncompress_uncomp __P((u_char *buf, int buflen, - struct vjcompress *comp)); -extern int vj_uncompress_tcp __P((u_char *buf, int buflen, int total_len, - struct vjcompress *comp, u_char **hdrp, - u_int *hlenp)); - -#endif /* _VJCOMPRESS_H_ */ diff --git a/pppd/include/pcap-int.h b/pppd/include/pcap-int.h deleted file mode 100644 index 895fb9e..0000000 --- a/pppd/include/pcap-int.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Computer Systems - * Engineering Group at Lawrence Berkeley Laboratory. - * 4. Neither the name of the University nor of the Laboratory may be used - * to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#) $Header: /data/cvs/ppp/include/pcap-int.h,v 1.1 2000/08/01 01:37:24 paulus Exp $ (LBL) - */ - -#ifndef pcap_int_h -#define pcap_int_h - -#include - -/* - * Savefile - */ -struct pcap_sf { - FILE *rfile; - int swapped; - int version_major; - int version_minor; - u_char *base; -}; - -struct pcap_md { - struct pcap_stat stat; - /*XXX*/ - int use_bpf; - u_long TotPkts; /* can't oflow for 79 hrs on ether */ - u_long TotAccepted; /* count accepted by filter */ - u_long TotDrops; /* count of dropped packets */ - long TotMissed; /* missed by i/f during this run */ - long OrigMissed; /* missed by i/f before this run */ -#ifdef linux - int pad; - int skip; - char *device; -#endif -}; - -struct pcap { - int fd; - int snapshot; - int linktype; - int tzoff; /* timezone offset */ - int offset; /* offset for proper alignment */ - - struct pcap_sf sf; - struct pcap_md md; - - /* - * Read buffer. - */ - int bufsize; - u_char *buffer; - u_char *bp; - int cc; - - /* - * Place holder for pcap_next(). - */ - u_char *pkt; - - - /* - * Placeholder for filter code if bpf not in kernel. - */ - struct bpf_program fcode; - - char errbuf[PCAP_ERRBUF_SIZE]; -}; - -int yylex(void); - -#ifndef min -#define min(a, b) ((a) > (b) ? (b) : (a)) -#endif - -/* XXX should these be in pcap.h? */ -int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); -int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *); - -/* Ultrix pads to make everything line up on a nice boundary */ -#if defined(ultrix) || defined(__alpha) -#define PCAP_FDDIPAD 3 -#endif - -/* XXX */ -extern int pcap_fddipad; -#endif diff --git a/pppd/ipcp.c b/pppd/ipcp.c deleted file mode 100644 index 52eb3ca..0000000 --- a/pppd/ipcp.c +++ /dev/null @@ -1,2196 +0,0 @@ -/* - * ipcp.c - PPP IP Control Protocol. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: ipcp.c,v 1.69 2004/11/13 12:03:26 paulus Exp $" - -/* - * TODO: - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "ipcp.h" -#include "pathnames.h" - -static const char rcsid[] = RCSID; - -/* global vars */ -ipcp_options ipcp_wantoptions[NUM_PPP]; /* Options that we want to request */ -ipcp_options ipcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ -ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ -ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ - -u_int32_t netmask = 0; /* IP netmask to set on interface */ - -bool disable_defaultip = 0; /* Don't use hostname for default IP adrs */ - -/* Hook for a plugin to know when IP protocol has come up */ -void (*ip_up_hook) __P((void)) = NULL; - -/* Hook for a plugin to know when IP protocol has come down */ -void (*ip_down_hook) __P((void)) = NULL; - -/* Hook for a plugin to choose the remote IP address */ -void (*ip_choose_hook) __P((u_int32_t *)) = NULL; - -/* Notifiers for when IPCP goes up and down */ -struct notifier *ip_up_notifier = NULL; -struct notifier *ip_down_notifier = NULL; - -/* local vars */ -static int default_route_set[NUM_PPP]; /* Have set up a default route */ -static int proxy_arp_set[NUM_PPP]; /* Have created proxy arp entry */ -static bool usepeerdns; /* Ask peer for DNS addrs */ -static int ipcp_is_up; /* have called np_up() */ -static int ipcp_is_open; /* haven't called np_finished() */ -static bool ask_for_local; /* request our address from peer */ -static char vj_value[8]; /* string form of vj option value */ -static char netmask_str[20]; /* string form of netmask value */ - -/* - * Callbacks for fsm code. (CI = Configuration Information) - */ -static void ipcp_resetci __P((fsm *)); /* Reset our CI */ -static int ipcp_cilen __P((fsm *)); /* Return length of our CI */ -static void ipcp_addci __P((fsm *, u_char *, int *)); /* Add our CI */ -static int ipcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */ -static int ipcp_nakci __P((fsm *, u_char *, int, int));/* Peer nak'd our CI */ -static int ipcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */ -static int ipcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv CI */ -static void ipcp_up __P((fsm *)); /* We're UP */ -static void ipcp_down __P((fsm *)); /* We're DOWN */ -static void ipcp_finished __P((fsm *)); /* Don't need lower layer */ - -fsm ipcp_fsm[NUM_PPP]; /* IPCP fsm structure */ - -static fsm_callbacks ipcp_callbacks = { /* IPCP callback routines */ - ipcp_resetci, /* Reset our Configuration Information */ - ipcp_cilen, /* Length of our Configuration Information */ - ipcp_addci, /* Add our Configuration Information */ - ipcp_ackci, /* ACK our Configuration Information */ - ipcp_nakci, /* NAK our Configuration Information */ - ipcp_rejci, /* Reject our Configuration Information */ - ipcp_reqci, /* Request peer's Configuration Information */ - ipcp_up, /* Called when fsm reaches OPENED state */ - ipcp_down, /* Called when fsm leaves OPENED state */ - NULL, /* Called when we want the lower layer up */ - ipcp_finished, /* Called when we want the lower layer down */ - NULL, /* Called when Protocol-Reject received */ - NULL, /* Retransmission is necessary */ - NULL, /* Called to handle protocol-specific codes */ - "IPCP" /* String name of protocol */ -}; - -/* - * Command-line options. - */ -static int setvjslots __P((char **)); -static int setdnsaddr __P((char **)); -static int setwinsaddr __P((char **)); -static int setnetmask __P((char **)); -int setipaddr __P((char *, char **, int)); -static void printipaddr __P((option_t *, void (*)(void *, char *,...),void *)); - -static option_t ipcp_option_list[] = { - { "noip", o_bool, &ipcp_protent.enabled_flag, - "Disable IP and IPCP" }, - { "-ip", o_bool, &ipcp_protent.enabled_flag, - "Disable IP and IPCP", OPT_ALIAS }, - - { "novj", o_bool, &ipcp_wantoptions[0].neg_vj, - "Disable VJ compression", OPT_A2CLR, &ipcp_allowoptions[0].neg_vj }, - { "-vj", o_bool, &ipcp_wantoptions[0].neg_vj, - "Disable VJ compression", OPT_ALIAS | OPT_A2CLR, - &ipcp_allowoptions[0].neg_vj }, - - { "novjccomp", o_bool, &ipcp_wantoptions[0].cflag, - "Disable VJ connection-ID compression", OPT_A2CLR, - &ipcp_allowoptions[0].cflag }, - { "-vjccomp", o_bool, &ipcp_wantoptions[0].cflag, - "Disable VJ connection-ID compression", OPT_ALIAS | OPT_A2CLR, - &ipcp_allowoptions[0].cflag }, - - { "vj-max-slots", o_special, (void *)setvjslots, - "Set maximum VJ header slots", - OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, vj_value }, - - { "ipcp-accept-local", o_bool, &ipcp_wantoptions[0].accept_local, - "Accept peer's address for us", 1 }, - { "ipcp-accept-remote", o_bool, &ipcp_wantoptions[0].accept_remote, - "Accept peer's address for it", 1 }, - - { "ipparam", o_string, &ipparam, - "Set ip script parameter", OPT_PRIO }, - - { "noipdefault", o_bool, &disable_defaultip, - "Don't use name for default IP adrs", 1 }, - - { "ms-dns", 1, (void *)setdnsaddr, - "DNS address for the peer's use" }, - { "ms-wins", 1, (void *)setwinsaddr, - "Nameserver for SMB over TCP/IP for peer" }, - - { "ipcp-restart", o_int, &ipcp_fsm[0].timeouttime, - "Set timeout for IPCP", OPT_PRIO }, - { "ipcp-max-terminate", o_int, &ipcp_fsm[0].maxtermtransmits, - "Set max #xmits for term-reqs", OPT_PRIO }, - { "ipcp-max-configure", o_int, &ipcp_fsm[0].maxconfreqtransmits, - "Set max #xmits for conf-reqs", OPT_PRIO }, - { "ipcp-max-failure", o_int, &ipcp_fsm[0].maxnakloops, - "Set max #conf-naks for IPCP", OPT_PRIO }, - - { "defaultroute", o_bool, &ipcp_wantoptions[0].default_route, - "Add default route", OPT_ENABLE|1, &ipcp_allowoptions[0].default_route }, - { "nodefaultroute", o_bool, &ipcp_allowoptions[0].default_route, - "disable defaultroute option", OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - { "-defaultroute", o_bool, &ipcp_allowoptions[0].default_route, - "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - - { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, - "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, - { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, - "disable proxyarp option", OPT_A2CLR, - &ipcp_wantoptions[0].proxy_arp }, - { "-proxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, - "disable proxyarp option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].proxy_arp }, - - { "usepeerdns", o_bool, &usepeerdns, - "Ask peer for DNS address(es)", 1 }, - - { "netmask", o_special, (void *)setnetmask, - "set netmask", OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, netmask_str }, - - { "ipcp-no-addresses", o_bool, &ipcp_wantoptions[0].old_addrs, - "Disable old-style IP-Addresses usage", OPT_A2CLR, - &ipcp_allowoptions[0].old_addrs }, - { "ipcp-no-address", o_bool, &ipcp_wantoptions[0].neg_addr, - "Disable IP-Address usage", OPT_A2CLR, - &ipcp_allowoptions[0].neg_addr }, - - { "IP addresses", o_wild, (void *) &setipaddr, - "set local and remote IP addresses", - OPT_NOARG | OPT_A2PRINTER, (void *) &printipaddr }, - - { NULL } -}; - -/* - * Protocol entry points from main code. - */ -static void ipcp_init __P((int)); -static void ipcp_open __P((int)); -static void ipcp_close __P((int, char *)); -static void ipcp_lowerup __P((int)); -static void ipcp_lowerdown __P((int)); -static void ipcp_input __P((int, u_char *, int)); -static void ipcp_protrej __P((int)); -static int ipcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); -static void ip_check_options __P((void)); -static int ip_demand_conf __P((int)); -static int ip_active_pkt __P((u_char *, int)); -static void create_resolv __P((u_int32_t, u_int32_t)); - -struct protent ipcp_protent = { - PPP_IPCP, - ipcp_init, - ipcp_input, - ipcp_protrej, - ipcp_lowerup, - ipcp_lowerdown, - ipcp_open, - ipcp_close, - ipcp_printpkt, - NULL, - 1, - "IPCP", - "IP", - ipcp_option_list, - ip_check_options, - ip_demand_conf, - ip_active_pkt -}; - -static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); -static void ipcp_script __P((char *)); /* Run an up/down script */ -static void ipcp_script_done __P((void *)); - -/* - * Lengths of configuration options. - */ -#define CILEN_VOID 2 -#define CILEN_COMPRESS 4 /* min length for compression protocol opt. */ -#define CILEN_VJ 6 /* length for RFC1332 Van-Jacobson opt. */ -#define CILEN_ADDR 6 /* new-style single address option */ -#define CILEN_ADDRS 10 /* old-style dual address option */ - - -#define CODENAME(x) ((x) == CONFACK ? "ACK" : \ - (x) == CONFNAK ? "NAK" : "REJ") - -/* - * This state variable is used to ensure that we don't - * run an ipcp-up/down script while one is already running. - */ -static enum script_state { - s_down, - s_up, -} ipcp_script_state; -static pid_t ipcp_script_pid; - -/* - * Make a string representation of a network IP address. - */ -char * -ip_ntoa(ipaddr) -u_int32_t ipaddr; -{ - static char b[64]; - - slprintf(b, sizeof(b), "%I", ipaddr); - return b; -} - -/* - * Option parsing. - */ - -/* - * setvjslots - set maximum number of connection slots for VJ compression - */ -static int -setvjslots(argv) - char **argv; -{ - int value; - - if (!int_option(*argv, &value)) - return 0; - if (value < 2 || value > 16) { - option_error("vj-max-slots value must be between 2 and 16"); - return 0; - } - ipcp_wantoptions [0].maxslotindex = - ipcp_allowoptions[0].maxslotindex = value - 1; - slprintf(vj_value, sizeof(vj_value), "%d", value); - return 1; -} - -/* - * setdnsaddr - set the dns address(es) - */ -static int -setdnsaddr(argv) - char **argv; -{ - u_int32_t dns; - struct hostent *hp; - - dns = inet_addr(*argv); - if (dns == (u_int32_t) -1) { - if ((hp = gethostbyname(*argv)) == NULL) { - option_error("invalid address parameter '%s' for ms-dns option", - *argv); - return 0; - } - dns = *(u_int32_t *)hp->h_addr; - } - - /* We take the last 2 values given, the 2nd-last as the primary - and the last as the secondary. If only one is given it - becomes both primary and secondary. */ - if (ipcp_allowoptions[0].dnsaddr[1] == 0) - ipcp_allowoptions[0].dnsaddr[0] = dns; - else - ipcp_allowoptions[0].dnsaddr[0] = ipcp_allowoptions[0].dnsaddr[1]; - - /* always set the secondary address value. */ - ipcp_allowoptions[0].dnsaddr[1] = dns; - - return (1); -} - -/* - * setwinsaddr - set the wins address(es) - * This is primrarly used with the Samba package under UNIX or for pointing - * the caller to the existing WINS server on a Windows NT platform. - */ -static int -setwinsaddr(argv) - char **argv; -{ - u_int32_t wins; - struct hostent *hp; - - wins = inet_addr(*argv); - if (wins == (u_int32_t) -1) { - if ((hp = gethostbyname(*argv)) == NULL) { - option_error("invalid address parameter '%s' for ms-wins option", - *argv); - return 0; - } - wins = *(u_int32_t *)hp->h_addr; - } - - /* We take the last 2 values given, the 2nd-last as the primary - and the last as the secondary. If only one is given it - becomes both primary and secondary. */ - if (ipcp_allowoptions[0].winsaddr[1] == 0) - ipcp_allowoptions[0].winsaddr[0] = wins; - else - ipcp_allowoptions[0].winsaddr[0] = ipcp_allowoptions[0].winsaddr[1]; - - /* always set the secondary address value. */ - ipcp_allowoptions[0].winsaddr[1] = wins; - - return (1); -} - -/* - * setipaddr - Set the IP address - * If doit is 0, the call is to check whether this option is - * potentially an IP address specification. - * Not static so that plugins can call it to set the addresses - */ -int -setipaddr(arg, argv, doit) - char *arg; - char **argv; - int doit; -{ - struct hostent *hp; - char *colon; - u_int32_t local, remote; - ipcp_options *wo = &ipcp_wantoptions[0]; - static int prio_local = 0, prio_remote = 0; - - /* - * IP address pair separated by ":". - */ - if ((colon = strchr(arg, ':')) == NULL) - return 0; - if (!doit) - return 1; - - /* - * If colon first character, then no local addr. - */ - if (colon != arg && option_priority >= prio_local) { - *colon = '\0'; - if ((local = inet_addr(arg)) == (u_int32_t) -1) { - if ((hp = gethostbyname(arg)) == NULL) { - option_error("unknown host: %s", arg); - return 0; - } - local = *(u_int32_t *)hp->h_addr; - } - if (bad_ip_adrs(local)) { - option_error("bad local IP address %s", ip_ntoa(local)); - return 0; - } - if (local != 0) - wo->ouraddr = local; - *colon = ':'; - prio_local = option_priority; - } - - /* - * If colon last character, then no remote addr. - */ - if (*++colon != '\0' && option_priority >= prio_remote) { - if ((remote = inet_addr(colon)) == (u_int32_t) -1) { - if ((hp = gethostbyname(colon)) == NULL) { - option_error("unknown host: %s", colon); - return 0; - } - remote = *(u_int32_t *)hp->h_addr; - if (remote_name[0] == 0) - strlcpy(remote_name, colon, sizeof(remote_name)); - } - if (bad_ip_adrs(remote)) { - option_error("bad remote IP address %s", ip_ntoa(remote)); - return 0; - } - if (remote != 0) - wo->hisaddr = remote; - prio_remote = option_priority; - } - - return 1; -} - -static void -printipaddr(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - ipcp_options *wo = &ipcp_wantoptions[0]; - - if (wo->ouraddr != 0) - printer(arg, "%I", wo->ouraddr); - printer(arg, ":"); - if (wo->hisaddr != 0) - printer(arg, "%I", wo->hisaddr); -} - -/* - * setnetmask - set the netmask to be used on the interface. - */ -static int -setnetmask(argv) - char **argv; -{ - u_int32_t mask; - int n; - char *p; - - /* - * Unfortunately, if we use inet_addr, we can't tell whether - * a result of all 1s is an error or a valid 255.255.255.255. - */ - p = *argv; - n = parse_dotted_ip(p, &mask); - - mask = htonl(mask); - - if (n == 0 || p[n] != 0 || (netmask & ~mask) != 0) { - option_error("invalid netmask value '%s'", *argv); - return 0; - } - - netmask = mask; - slprintf(netmask_str, sizeof(netmask_str), "%I", mask); - - return (1); -} - -int -parse_dotted_ip(p, vp) - char *p; - u_int32_t *vp; -{ - int n; - u_int32_t v, b; - char *endp, *p0 = p; - - v = 0; - for (n = 3;; --n) { - b = strtoul(p, &endp, 0); - if (endp == p) - return 0; - if (b > 255) { - if (n < 3) - return 0; - /* accept e.g. 0xffffff00 */ - *vp = b; - return endp - p0; - } - v |= b << (n * 8); - p = endp; - if (n == 0) - break; - if (*p != '.') - return 0; - ++p; - } - *vp = v; - return p - p0; -} - - -/* - * ipcp_init - Initialize IPCP. - */ -static void -ipcp_init(unit) - int unit; -{ - fsm *f = &ipcp_fsm[unit]; - ipcp_options *wo = &ipcp_wantoptions[unit]; - ipcp_options *ao = &ipcp_allowoptions[unit]; - - f->unit = unit; - f->protocol = PPP_IPCP; - f->callbacks = &ipcp_callbacks; - fsm_init(&ipcp_fsm[unit]); - - memset(wo, 0, sizeof(*wo)); - memset(ao, 0, sizeof(*ao)); - - wo->neg_addr = wo->old_addrs = 1; - wo->neg_vj = 1; - wo->vj_protocol = IPCP_VJ_COMP; - wo->maxslotindex = MAX_STATES - 1; /* really max index */ - wo->cflag = 1; - - - /* max slots and slot-id compression are currently hardwired in */ - /* ppp_if.c to 16 and 1, this needs to be changed (among other */ - /* things) gmc */ - - ao->neg_addr = ao->old_addrs = 1; - ao->neg_vj = 1; - ao->maxslotindex = MAX_STATES - 1; - ao->cflag = 1; - - /* - * XXX These control whether the user may use the proxyarp - * and defaultroute options. - */ - ao->proxy_arp = 1; - ao->default_route = 1; -} - - -/* - * ipcp_open - IPCP is allowed to come up. - */ -static void -ipcp_open(unit) - int unit; -{ - fsm_open(&ipcp_fsm[unit]); - ipcp_is_open = 1; -} - - -/* - * ipcp_close - Take IPCP down. - */ -static void -ipcp_close(unit, reason) - int unit; - char *reason; -{ - fsm_close(&ipcp_fsm[unit], reason); -} - - -/* - * ipcp_lowerup - The lower layer is up. - */ -static void -ipcp_lowerup(unit) - int unit; -{ - fsm_lowerup(&ipcp_fsm[unit]); -} - - -/* - * ipcp_lowerdown - The lower layer is down. - */ -static void -ipcp_lowerdown(unit) - int unit; -{ - fsm_lowerdown(&ipcp_fsm[unit]); -} - - -/* - * ipcp_input - Input IPCP packet. - */ -static void -ipcp_input(unit, p, len) - int unit; - u_char *p; - int len; -{ - fsm_input(&ipcp_fsm[unit], p, len); -} - - -/* - * ipcp_protrej - A Protocol-Reject was received for IPCP. - * - * Pretend the lower layer went down, so we shut up. - */ -static void -ipcp_protrej(unit) - int unit; -{ - fsm_lowerdown(&ipcp_fsm[unit]); -} - - -/* - * ipcp_resetci - Reset our CI. - * Called by fsm_sconfreq, Send Configure Request. - */ -static void -ipcp_resetci(f) - fsm *f; -{ - ipcp_options *wo = &ipcp_wantoptions[f->unit]; - ipcp_options *go = &ipcp_gotoptions[f->unit]; - ipcp_options *ao = &ipcp_allowoptions[f->unit]; - - wo->req_addr = (wo->neg_addr || wo->old_addrs) && - (ao->neg_addr || ao->old_addrs); - if (wo->ouraddr == 0) - wo->accept_local = 1; - if (wo->hisaddr == 0) - wo->accept_remote = 1; - wo->req_dns1 = usepeerdns; /* Request DNS addresses from the peer */ - wo->req_dns2 = usepeerdns; - *go = *wo; - if (!ask_for_local) - go->ouraddr = 0; - if (ip_choose_hook) { - ip_choose_hook(&wo->hisaddr); - if (wo->hisaddr) { - wo->accept_remote = 0; - } - } - BZERO(&ipcp_hisoptions[f->unit], sizeof(ipcp_options)); -} - - -/* - * ipcp_cilen - Return length of our CI. - * Called by fsm_sconfreq, Send Configure Request. - */ -static int -ipcp_cilen(f) - fsm *f; -{ - ipcp_options *go = &ipcp_gotoptions[f->unit]; - ipcp_options *wo = &ipcp_wantoptions[f->unit]; - ipcp_options *ho = &ipcp_hisoptions[f->unit]; - -#define LENCIADDRS(neg) (neg ? CILEN_ADDRS : 0) -#define LENCIVJ(neg, old) (neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0) -#define LENCIADDR(neg) (neg ? CILEN_ADDR : 0) -#define LENCIDNS(neg) (neg ? (CILEN_ADDR) : 0) - - /* - * First see if we want to change our options to the old - * forms because we have received old forms from the peer. - */ - if (go->neg_addr && go->old_addrs && !ho->neg_addr && ho->old_addrs) - go->neg_addr = 0; - if (wo->neg_vj && !go->neg_vj && !go->old_vj) { - /* try an older style of VJ negotiation */ - /* use the old style only if the peer did */ - if (ho->neg_vj && ho->old_vj) { - go->neg_vj = 1; - go->old_vj = 1; - go->vj_protocol = ho->vj_protocol; - } - } - - return (LENCIADDRS(!go->neg_addr && go->old_addrs) + - LENCIVJ(go->neg_vj, go->old_vj) + - LENCIADDR(go->neg_addr) + - LENCIDNS(go->req_dns1) + - LENCIDNS(go->req_dns2)) ; -} - - -/* - * ipcp_addci - Add our desired CIs to a packet. - * Called by fsm_sconfreq, Send Configure Request. - */ -static void -ipcp_addci(f, ucp, lenp) - fsm *f; - u_char *ucp; - int *lenp; -{ - ipcp_options *go = &ipcp_gotoptions[f->unit]; - int len = *lenp; - -#define ADDCIADDRS(opt, neg, val1, val2) \ - if (neg) { \ - if (len >= CILEN_ADDRS) { \ - u_int32_t l; \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_ADDRS, ucp); \ - l = ntohl(val1); \ - PUTLONG(l, ucp); \ - l = ntohl(val2); \ - PUTLONG(l, ucp); \ - len -= CILEN_ADDRS; \ - } else \ - go->old_addrs = 0; \ - } - -#define ADDCIVJ(opt, neg, val, old, maxslotindex, cflag) \ - if (neg) { \ - int vjlen = old? CILEN_COMPRESS : CILEN_VJ; \ - if (len >= vjlen) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(vjlen, ucp); \ - PUTSHORT(val, ucp); \ - if (!old) { \ - PUTCHAR(maxslotindex, ucp); \ - PUTCHAR(cflag, ucp); \ - } \ - len -= vjlen; \ - } else \ - neg = 0; \ - } - -#define ADDCIADDR(opt, neg, val) \ - if (neg) { \ - if (len >= CILEN_ADDR) { \ - u_int32_t l; \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_ADDR, ucp); \ - l = ntohl(val); \ - PUTLONG(l, ucp); \ - len -= CILEN_ADDR; \ - } else \ - neg = 0; \ - } - -#define ADDCIDNS(opt, neg, addr) \ - if (neg) { \ - if (len >= CILEN_ADDR) { \ - u_int32_t l; \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_ADDR, ucp); \ - l = ntohl(addr); \ - PUTLONG(l, ucp); \ - len -= CILEN_ADDR; \ - } else \ - neg = 0; \ - } - - ADDCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, go->ouraddr, - go->hisaddr); - - ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj, - go->maxslotindex, go->cflag); - - ADDCIADDR(CI_ADDR, go->neg_addr, go->ouraddr); - - ADDCIDNS(CI_MS_DNS1, go->req_dns1, go->dnsaddr[0]); - - ADDCIDNS(CI_MS_DNS2, go->req_dns2, go->dnsaddr[1]); - - *lenp -= len; -} - - -/* - * ipcp_ackci - Ack our CIs. - * Called by fsm_rconfack, Receive Configure ACK. - * - * Returns: - * 0 - Ack was bad. - * 1 - Ack was good. - */ -static int -ipcp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ipcp_options *go = &ipcp_gotoptions[f->unit]; - u_short cilen, citype, cishort; - u_int32_t cilong; - u_char cimaxslotindex, cicflag; - - /* - * CIs must be in exactly the same order that we sent... - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ - -#define ACKCIADDRS(opt, neg, val1, val2) \ - if (neg) { \ - u_int32_t l; \ - if ((len -= CILEN_ADDRS) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_ADDRS || \ - citype != opt) \ - goto bad; \ - GETLONG(l, p); \ - cilong = htonl(l); \ - if (val1 != cilong) \ - goto bad; \ - GETLONG(l, p); \ - cilong = htonl(l); \ - if (val2 != cilong) \ - goto bad; \ - } - -#define ACKCIVJ(opt, neg, val, old, maxslotindex, cflag) \ - if (neg) { \ - int vjlen = old? CILEN_COMPRESS : CILEN_VJ; \ - if ((len -= vjlen) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != vjlen || \ - citype != opt) \ - goto bad; \ - GETSHORT(cishort, p); \ - if (cishort != val) \ - goto bad; \ - if (!old) { \ - GETCHAR(cimaxslotindex, p); \ - if (cimaxslotindex != maxslotindex) \ - goto bad; \ - GETCHAR(cicflag, p); \ - if (cicflag != cflag) \ - goto bad; \ - } \ - } - -#define ACKCIADDR(opt, neg, val) \ - if (neg) { \ - u_int32_t l; \ - if ((len -= CILEN_ADDR) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_ADDR || \ - citype != opt) \ - goto bad; \ - GETLONG(l, p); \ - cilong = htonl(l); \ - if (val != cilong) \ - goto bad; \ - } - -#define ACKCIDNS(opt, neg, addr) \ - if (neg) { \ - u_int32_t l; \ - if ((len -= CILEN_ADDR) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_ADDR || citype != opt) \ - goto bad; \ - GETLONG(l, p); \ - cilong = htonl(l); \ - if (addr != cilong) \ - goto bad; \ - } - - ACKCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, go->ouraddr, - go->hisaddr); - - ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj, - go->maxslotindex, go->cflag); - - ACKCIADDR(CI_ADDR, go->neg_addr, go->ouraddr); - - ACKCIDNS(CI_MS_DNS1, go->req_dns1, go->dnsaddr[0]); - - ACKCIDNS(CI_MS_DNS2, go->req_dns2, go->dnsaddr[1]); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - return (1); - -bad: - IPCPDEBUG(("ipcp_ackci: received bad Ack!")); - return (0); -} - -/* - * ipcp_nakci - Peer has sent a NAK for some of our CIs. - * This should not modify any state if the Nak is bad - * or if IPCP is in the OPENED state. - * Calback from fsm_rconfnakrej - Receive Configure-Nak or Configure-Reject. - * - * Returns: - * 0 - Nak was bad. - * 1 - Nak was good. - */ -static int -ipcp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; - int treat_as_reject; -{ - ipcp_options *go = &ipcp_gotoptions[f->unit]; - u_char cimaxslotindex, cicflag; - u_char citype, cilen, *next; - u_short cishort; - u_int32_t ciaddr1, ciaddr2, l, cidnsaddr; - ipcp_options no; /* options we've seen Naks for */ - ipcp_options try; /* options to request next time */ - - BZERO(&no, sizeof(no)); - try = *go; - - /* - * Any Nak'd CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define NAKCIADDRS(opt, neg, code) \ - if ((neg) && \ - (cilen = p[1]) == CILEN_ADDRS && \ - len >= cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - ciaddr1 = htonl(l); \ - GETLONG(l, p); \ - ciaddr2 = htonl(l); \ - no.old_addrs = 1; \ - code \ - } - -#define NAKCIVJ(opt, neg, code) \ - if (go->neg && \ - ((cilen = p[1]) == CILEN_COMPRESS || cilen == CILEN_VJ) && \ - len >= cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - no.neg = 1; \ - code \ - } - -#define NAKCIADDR(opt, neg, code) \ - if (go->neg && \ - (cilen = p[1]) == CILEN_ADDR && \ - len >= cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - ciaddr1 = htonl(l); \ - no.neg = 1; \ - code \ - } - -#define NAKCIDNS(opt, neg, code) \ - if (go->neg && \ - ((cilen = p[1]) == CILEN_ADDR) && \ - len >= cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - cidnsaddr = htonl(l); \ - no.neg = 1; \ - code \ - } - - /* - * Accept the peer's idea of {our,his} address, if different - * from our idea, only if the accept_{local,remote} flag is set. - */ - NAKCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, - if (treat_as_reject) { - try.old_addrs = 0; - } else { - if (go->accept_local && ciaddr1) { - /* take his idea of our address */ - try.ouraddr = ciaddr1; - } - if (go->accept_remote && ciaddr2) { - /* take his idea of his address */ - try.hisaddr = ciaddr2; - } - } - ); - - /* - * Accept the peer's value of maxslotindex provided that it - * is less than what we asked for. Turn off slot-ID compression - * if the peer wants. Send old-style compress-type option if - * the peer wants. - */ - NAKCIVJ(CI_COMPRESSTYPE, neg_vj, - if (treat_as_reject) { - try.neg_vj = 0; - } else if (cilen == CILEN_VJ) { - GETCHAR(cimaxslotindex, p); - GETCHAR(cicflag, p); - if (cishort == IPCP_VJ_COMP) { - try.old_vj = 0; - if (cimaxslotindex < go->maxslotindex) - try.maxslotindex = cimaxslotindex; - if (!cicflag) - try.cflag = 0; - } else { - try.neg_vj = 0; - } - } else { - if (cishort == IPCP_VJ_COMP || cishort == IPCP_VJ_COMP_OLD) { - try.old_vj = 1; - try.vj_protocol = cishort; - } else { - try.neg_vj = 0; - } - } - ); - - NAKCIADDR(CI_ADDR, neg_addr, - if (treat_as_reject) { - try.neg_addr = 0; - try.old_addrs = 0; - } else if (go->accept_local && ciaddr1) { - /* take his idea of our address */ - try.ouraddr = ciaddr1; - } - ); - - NAKCIDNS(CI_MS_DNS1, req_dns1, - if (treat_as_reject) { - try.req_dns1 = 0; - } else { - try.dnsaddr[0] = cidnsaddr; - } - ); - - NAKCIDNS(CI_MS_DNS2, req_dns2, - if (treat_as_reject) { - try.req_dns2 = 0; - } else { - try.dnsaddr[1] = cidnsaddr; - } - ); - - /* - * There may be remaining CIs, if the peer is requesting negotiation - * on an option that we didn't include in our request packet. - * If they want to negotiate about IP addresses, we comply. - * If they want us to ask for compression, we refuse. - */ - while (len >= CILEN_VOID) { - GETCHAR(citype, p); - GETCHAR(cilen, p); - if ( cilen < CILEN_VOID || (len -= cilen) < 0 ) - goto bad; - next = p + cilen - 2; - - switch (citype) { - case CI_COMPRESSTYPE: - if (go->neg_vj || no.neg_vj || - (cilen != CILEN_VJ && cilen != CILEN_COMPRESS)) - goto bad; - no.neg_vj = 1; - break; - case CI_ADDRS: - if ((!go->neg_addr && go->old_addrs) || no.old_addrs - || cilen != CILEN_ADDRS) - goto bad; - try.neg_addr = 0; - GETLONG(l, p); - ciaddr1 = htonl(l); - if (ciaddr1 && go->accept_local) - try.ouraddr = ciaddr1; - GETLONG(l, p); - ciaddr2 = htonl(l); - if (ciaddr2 && go->accept_remote) - try.hisaddr = ciaddr2; - no.old_addrs = 1; - break; - case CI_ADDR: - if (go->neg_addr || no.neg_addr || cilen != CILEN_ADDR) - goto bad; - try.old_addrs = 0; - GETLONG(l, p); - ciaddr1 = htonl(l); - if (ciaddr1 && go->accept_local) - try.ouraddr = ciaddr1; - if (try.ouraddr != 0) - try.neg_addr = 1; - no.neg_addr = 1; - break; - } - p = next; - } - - /* - * OK, the Nak is good. Now we can update state. - * If there are any remaining options, we ignore them. - */ - if (f->state != OPENED) - *go = try; - - return 1; - -bad: - IPCPDEBUG(("ipcp_nakci: received bad Nak!")); - return 0; -} - - -/* - * ipcp_rejci - Reject some of our CIs. - * Callback from fsm_rconfnakrej. - */ -static int -ipcp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ipcp_options *go = &ipcp_gotoptions[f->unit]; - u_char cimaxslotindex, ciflag, cilen; - u_short cishort; - u_int32_t cilong; - ipcp_options try; /* options to request next time */ - - try = *go; - /* - * Any Rejected CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define REJCIADDRS(opt, neg, val1, val2) \ - if ((neg) && \ - (cilen = p[1]) == CILEN_ADDRS && \ - len >= cilen && \ - p[0] == opt) { \ - u_int32_t l; \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - cilong = htonl(l); \ - /* Check rejected value. */ \ - if (cilong != val1) \ - goto bad; \ - GETLONG(l, p); \ - cilong = htonl(l); \ - /* Check rejected value. */ \ - if (cilong != val2) \ - goto bad; \ - try.old_addrs = 0; \ - } - -#define REJCIVJ(opt, neg, val, old, maxslot, cflag) \ - if (go->neg && \ - p[1] == (old? CILEN_COMPRESS : CILEN_VJ) && \ - len >= p[1] && \ - p[0] == opt) { \ - len -= p[1]; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - /* Check rejected value. */ \ - if (cishort != val) \ - goto bad; \ - if (!old) { \ - GETCHAR(cimaxslotindex, p); \ - if (cimaxslotindex != maxslot) \ - goto bad; \ - GETCHAR(ciflag, p); \ - if (ciflag != cflag) \ - goto bad; \ - } \ - try.neg = 0; \ - } - -#define REJCIADDR(opt, neg, val) \ - if (go->neg && \ - (cilen = p[1]) == CILEN_ADDR && \ - len >= cilen && \ - p[0] == opt) { \ - u_int32_t l; \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - cilong = htonl(l); \ - /* Check rejected value. */ \ - if (cilong != val) \ - goto bad; \ - try.neg = 0; \ - } - -#define REJCIDNS(opt, neg, dnsaddr) \ - if (go->neg && \ - ((cilen = p[1]) == CILEN_ADDR) && \ - len >= cilen && \ - p[0] == opt) { \ - u_int32_t l; \ - len -= cilen; \ - INCPTR(2, p); \ - GETLONG(l, p); \ - cilong = htonl(l); \ - /* Check rejected value. */ \ - if (cilong != dnsaddr) \ - goto bad; \ - try.neg = 0; \ - } - - - REJCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, - go->ouraddr, go->hisaddr); - - REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj, - go->maxslotindex, go->cflag); - - REJCIADDR(CI_ADDR, neg_addr, go->ouraddr); - - REJCIDNS(CI_MS_DNS1, req_dns1, go->dnsaddr[0]); - - REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - /* - * Now we can update state. - */ - if (f->state != OPENED) - *go = try; - return 1; - -bad: - IPCPDEBUG(("ipcp_rejci: received bad Reject!")); - return 0; -} - - -/* - * ipcp_reqci - Check the peer's requested CIs and send appropriate response. - * Callback from fsm_rconfreq, Receive Configure Request - * - * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified - * appropriately. If reject_if_disagree is non-zero, doesn't return - * CONFNAK; returns CONFREJ if it can't return CONFACK. - */ -static int -ipcp_reqci(f, inp, len, reject_if_disagree) - fsm *f; - u_char *inp; /* Requested CIs */ - int *len; /* Length of requested CIs */ - int reject_if_disagree; -{ - ipcp_options *wo = &ipcp_wantoptions[f->unit]; - ipcp_options *ho = &ipcp_hisoptions[f->unit]; - ipcp_options *ao = &ipcp_allowoptions[f->unit]; - u_char *cip, *next; /* Pointer to current and next CIs */ - u_short cilen, citype; /* Parsed len, type */ - u_short cishort; /* Parsed short value */ - u_int32_t tl, ciaddr1, ciaddr2;/* Parsed address values */ - int rc = CONFACK; /* Final packet return code */ - int orc; /* Individual option return code */ - u_char *p; /* Pointer to next char to parse */ - u_char *ucp = inp; /* Pointer to current output char */ - int l = *len; /* Length left */ - u_char maxslotindex, cflag; - int d; - - /* - * Reset all his options. - */ - BZERO(ho, sizeof(*ho)); - - /* - * Process all his options. - */ - next = inp; - while (l) { - orc = CONFACK; /* Assume success */ - cip = p = next; /* Remember begining of CI */ - if (l < 2 || /* Not enough data for CI header or */ - p[1] < 2 || /* CI length too small or */ - p[1] > l) { /* CI length too big? */ - IPCPDEBUG(("ipcp_reqci: bad CI length!")); - orc = CONFREJ; /* Reject bad CI */ - cilen = l; /* Reject till end of packet */ - l = 0; /* Don't loop again */ - goto endswitch; - } - GETCHAR(citype, p); /* Parse CI type */ - GETCHAR(cilen, p); /* Parse CI length */ - l -= cilen; /* Adjust remaining length */ - next += cilen; /* Step to next CI */ - - switch (citype) { /* Check CI type */ - case CI_ADDRS: - if (!ao->old_addrs || ho->neg_addr || - cilen != CILEN_ADDRS) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - - /* - * If he has no address, or if we both have his address but - * disagree about it, then NAK it with our idea. - * In particular, if we don't know his address, but he does, - * then accept it. - */ - GETLONG(tl, p); /* Parse source address (his) */ - ciaddr1 = htonl(tl); - if (ciaddr1 != wo->hisaddr - && (ciaddr1 == 0 || !wo->accept_remote)) { - orc = CONFNAK; - if (!reject_if_disagree) { - DECPTR(sizeof(u_int32_t), p); - tl = ntohl(wo->hisaddr); - PUTLONG(tl, p); - } - } else if (ciaddr1 == 0 && wo->hisaddr == 0) { - /* - * If neither we nor he knows his address, reject the option. - */ - orc = CONFREJ; - wo->req_addr = 0; /* don't NAK with 0.0.0.0 later */ - break; - } - - /* - * If he doesn't know our address, or if we both have our address - * but disagree about it, then NAK it with our idea. - */ - GETLONG(tl, p); /* Parse desination address (ours) */ - ciaddr2 = htonl(tl); - if (ciaddr2 != wo->ouraddr) { - if (ciaddr2 == 0 || !wo->accept_local) { - orc = CONFNAK; - if (!reject_if_disagree) { - DECPTR(sizeof(u_int32_t), p); - tl = ntohl(wo->ouraddr); - PUTLONG(tl, p); - } - } else { - wo->ouraddr = ciaddr2; /* accept peer's idea */ - } - } - - ho->old_addrs = 1; - ho->hisaddr = ciaddr1; - ho->ouraddr = ciaddr2; - break; - - case CI_ADDR: - if (!ao->neg_addr || ho->old_addrs || - cilen != CILEN_ADDR) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - - /* - * If he has no address, or if we both have his address but - * disagree about it, then NAK it with our idea. - * In particular, if we don't know his address, but he does, - * then accept it. - */ - GETLONG(tl, p); /* Parse source address (his) */ - ciaddr1 = htonl(tl); - if (ciaddr1 != wo->hisaddr - && (ciaddr1 == 0 || !wo->accept_remote)) { - orc = CONFNAK; - if (!reject_if_disagree) { - DECPTR(sizeof(u_int32_t), p); - tl = ntohl(wo->hisaddr); - PUTLONG(tl, p); - } - } else if (ciaddr1 == 0 && wo->hisaddr == 0) { - /* - * Don't ACK an address of 0.0.0.0 - reject it instead. - */ - orc = CONFREJ; - wo->req_addr = 0; /* don't NAK with 0.0.0.0 later */ - break; - } - - ho->neg_addr = 1; - ho->hisaddr = ciaddr1; - break; - - case CI_MS_DNS1: - case CI_MS_DNS2: - /* Microsoft primary or secondary DNS request */ - d = citype == CI_MS_DNS2; - - /* If we do not have a DNS address then we cannot send it */ - if (ao->dnsaddr[d] == 0 || - cilen != CILEN_ADDR) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - GETLONG(tl, p); - if (htonl(tl) != ao->dnsaddr[d]) { - DECPTR(sizeof(u_int32_t), p); - tl = ntohl(ao->dnsaddr[d]); - PUTLONG(tl, p); - orc = CONFNAK; - } - break; - - case CI_MS_WINS1: - case CI_MS_WINS2: - /* Microsoft primary or secondary WINS request */ - d = citype == CI_MS_WINS2; - - /* If we do not have a DNS address then we cannot send it */ - if (ao->winsaddr[d] == 0 || - cilen != CILEN_ADDR) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - GETLONG(tl, p); - if (htonl(tl) != ao->winsaddr[d]) { - DECPTR(sizeof(u_int32_t), p); - tl = ntohl(ao->winsaddr[d]); - PUTLONG(tl, p); - orc = CONFNAK; - } - break; - - case CI_COMPRESSTYPE: - if (!ao->neg_vj || - (cilen != CILEN_VJ && cilen != CILEN_COMPRESS)) { - orc = CONFREJ; - break; - } - GETSHORT(cishort, p); - - if (!(cishort == IPCP_VJ_COMP || - (cishort == IPCP_VJ_COMP_OLD && cilen == CILEN_COMPRESS))) { - orc = CONFREJ; - break; - } - - ho->neg_vj = 1; - ho->vj_protocol = cishort; - if (cilen == CILEN_VJ) { - GETCHAR(maxslotindex, p); - if (maxslotindex > ao->maxslotindex) { - orc = CONFNAK; - if (!reject_if_disagree){ - DECPTR(1, p); - PUTCHAR(ao->maxslotindex, p); - } - } - GETCHAR(cflag, p); - if (cflag && !ao->cflag) { - orc = CONFNAK; - if (!reject_if_disagree){ - DECPTR(1, p); - PUTCHAR(wo->cflag, p); - } - } - ho->maxslotindex = maxslotindex; - ho->cflag = cflag; - } else { - ho->old_vj = 1; - ho->maxslotindex = MAX_STATES - 1; - ho->cflag = 1; - } - break; - - default: - orc = CONFREJ; - break; - } -endswitch: - if (orc == CONFACK && /* Good CI */ - rc != CONFACK) /* but prior CI wasnt? */ - continue; /* Don't send this one */ - - if (orc == CONFNAK) { /* Nak this CI? */ - if (reject_if_disagree) /* Getting fed up with sending NAKs? */ - orc = CONFREJ; /* Get tough if so */ - else { - if (rc == CONFREJ) /* Rejecting prior CI? */ - continue; /* Don't send this one */ - if (rc == CONFACK) { /* Ack'd all prior CIs? */ - rc = CONFNAK; /* Not anymore... */ - ucp = inp; /* Backup */ - } - } - } - - if (orc == CONFREJ && /* Reject this CI */ - rc != CONFREJ) { /* but no prior ones? */ - rc = CONFREJ; - ucp = inp; /* Backup */ - } - - /* Need to move CI? */ - if (ucp != cip) - BCOPY(cip, ucp, cilen); /* Move it */ - - /* Update output pointer */ - INCPTR(cilen, ucp); - } - - /* - * If we aren't rejecting this packet, and we want to negotiate - * their address, and they didn't send their address, then we - * send a NAK with a CI_ADDR option appended. We assume the - * input buffer is long enough that we can append the extra - * option safely. - */ - if (rc != CONFREJ && !ho->neg_addr && !ho->old_addrs && - wo->req_addr && !reject_if_disagree) { - if (rc == CONFACK) { - rc = CONFNAK; - ucp = inp; /* reset pointer */ - wo->req_addr = 0; /* don't ask again */ - } - PUTCHAR(CI_ADDR, ucp); - PUTCHAR(CILEN_ADDR, ucp); - tl = ntohl(wo->hisaddr); - PUTLONG(tl, ucp); - } - - *len = ucp - inp; /* Compute output length */ - IPCPDEBUG(("ipcp: returning Configure-%s", CODENAME(rc))); - return (rc); /* Return final code */ -} - - -/* - * ip_check_options - check that any IP-related options are OK, - * and assign appropriate defaults. - */ -static void -ip_check_options() -{ - struct hostent *hp; - u_int32_t local; - ipcp_options *wo = &ipcp_wantoptions[0]; - - /* - * Default our local IP address based on our hostname. - * If local IP address already given, don't bother. - */ - if (wo->ouraddr == 0 && !disable_defaultip) { - /* - * Look up our hostname (possibly with domain name appended) - * and take the first IP address as our local IP address. - * If there isn't an IP address for our hostname, too bad. - */ - wo->accept_local = 1; /* don't insist on this default value */ - if ((hp = gethostbyname(hostname)) != NULL) { - local = *(u_int32_t *)hp->h_addr; - if (local != 0 && !bad_ip_adrs(local)) - wo->ouraddr = local; - } - } - ask_for_local = wo->ouraddr != 0 || !disable_defaultip; -} - - -/* - * ip_demand_conf - configure the interface as though - * IPCP were up, for use with dial-on-demand. - */ -static int -ip_demand_conf(u) - int u; -{ - ipcp_options *wo = &ipcp_wantoptions[u]; - - if (wo->hisaddr == 0) { - /* make up an arbitrary address for the peer */ - wo->hisaddr = htonl(0x0a707070 + ifunit); - wo->accept_remote = 1; - } - if (wo->ouraddr == 0) { - /* make up an arbitrary address for us */ - wo->ouraddr = htonl(0x0a404040 + ifunit); - wo->accept_local = 1; - ask_for_local = 0; /* don't tell the peer this address */ - } - if (!sifaddr(u, wo->ouraddr, wo->hisaddr, GetMask(wo->ouraddr))) - return 0; - if (!sifup(u)) - return 0; - if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) - return 0; - if (wo->default_route) - if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) - default_route_set[u] = 1; - if (wo->proxy_arp) - if (sifproxyarp(u, wo->hisaddr)) - proxy_arp_set[u] = 1; - - notice("local IP address %I", wo->ouraddr); - notice("remote IP address %I", wo->hisaddr); - - return 1; -} - - -/* - * ipcp_up - IPCP has come UP. - * - * Configure the IP network interface appropriately and bring it up. - */ -static void -ipcp_up(f) - fsm *f; -{ - u_int32_t mask; - ipcp_options *ho = &ipcp_hisoptions[f->unit]; - ipcp_options *go = &ipcp_gotoptions[f->unit]; - ipcp_options *wo = &ipcp_wantoptions[f->unit]; - - IPCPDEBUG(("ipcp: up")); - - /* - * We must have a non-zero IP address for both ends of the link. - */ - if (!ho->neg_addr && !ho->old_addrs) - ho->hisaddr = wo->hisaddr; - - if (!(go->neg_addr || go->old_addrs) && (wo->neg_addr || wo->old_addrs) - && wo->ouraddr != 0) { - error("Peer refused to agree to our IP address"); - ipcp_close(f->unit, "Refused our IP address"); - return; - } - if (go->ouraddr == 0) { - error("Could not determine local IP address"); - ipcp_close(f->unit, "Could not determine local IP address"); - return; - } - if (ho->hisaddr == 0) { - ho->hisaddr = htonl(0x0a404040 + ifunit); - warn("Could not determine remote IP address: defaulting to %I", - ho->hisaddr); - } - script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0); - script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1); - - if (go->dnsaddr[0]) - script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0); - if (go->dnsaddr[1]) - script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0); - if (usepeerdns && (go->dnsaddr[0] || go->dnsaddr[1])) { - script_setenv("USEPEERDNS", "1", 0); - create_resolv(go->dnsaddr[0], go->dnsaddr[1]); - } - - /* - * Check that the peer is allowed to use the IP address it wants. - */ - if (!auth_ip_addr(f->unit, ho->hisaddr)) { - error("Peer is not authorized to use remote address %I", ho->hisaddr); - ipcp_close(f->unit, "Unauthorized remote IP address"); - return; - } - - /* set tcp compression */ - sifvjcomp(f->unit, ho->neg_vj, ho->cflag, ho->maxslotindex); - - /* - * If we are doing dial-on-demand, the interface is already - * configured, so we put out any saved-up packets, then set the - * interface to pass IP packets. - */ - if (demand) { - if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { - ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); - if (go->ouraddr != wo->ouraddr) { - warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); - wo->ouraddr = go->ouraddr; - } else - script_unsetenv("OLDIPLOCAL"); - if (ho->hisaddr != wo->hisaddr) { - warn("Remote IP address changed to %I", ho->hisaddr); - script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0); - wo->hisaddr = ho->hisaddr; - } else - script_unsetenv("OLDIPREMOTE"); - - /* Set the interface to the new addresses */ - mask = GetMask(go->ouraddr); - if (!sifaddr(f->unit, go->ouraddr, ho->hisaddr, mask)) { - if (debug) - warn("Interface configuration failed"); - ipcp_close(f->unit, "Interface configuration failed"); - return; - } - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ - if (ipcp_wantoptions[f->unit].proxy_arp) - if (sifproxyarp(f->unit, ho->hisaddr)) - proxy_arp_set[f->unit] = 1; - - } - demand_rexmit(PPP_IP); - sifnpmode(f->unit, PPP_IP, NPMODE_PASS); - - } else { - /* - * Set IP addresses and (if specified) netmask. - */ - mask = GetMask(go->ouraddr); - -#if !(defined(SVR4) && (defined(SNI) || defined(__USLC__))) - if (!sifaddr(f->unit, go->ouraddr, ho->hisaddr, mask)) { - if (debug) - warn("Interface configuration failed"); - ipcp_close(f->unit, "Interface configuration failed"); - return; - } -#endif - - /* bring the interface up for IP */ - if (!sifup(f->unit)) { - if (debug) - warn("Interface failed to come up"); - ipcp_close(f->unit, "Interface configuration failed"); - return; - } - -#if (defined(SVR4) && (defined(SNI) || defined(__USLC__))) - if (!sifaddr(f->unit, go->ouraddr, ho->hisaddr, mask)) { - if (debug) - warn("Interface configuration failed"); - ipcp_close(f->unit, "Interface configuration failed"); - return; - } -#endif - sifnpmode(f->unit, PPP_IP, NPMODE_PASS); - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) - if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ - if (ipcp_wantoptions[f->unit].proxy_arp) - if (sifproxyarp(f->unit, ho->hisaddr)) - proxy_arp_set[f->unit] = 1; - - ipcp_wantoptions[0].ouraddr = go->ouraddr; - - notice("local IP address %I", go->ouraddr); - notice("remote IP address %I", ho->hisaddr); - if (go->dnsaddr[0]) - notice("primary DNS address %I", go->dnsaddr[0]); - if (go->dnsaddr[1]) - notice("secondary DNS address %I", go->dnsaddr[1]); - } - - reset_link_stats(f->unit); - - np_up(f->unit, PPP_IP); - ipcp_is_up = 1; - - notify(ip_up_notifier, 0); - if (ip_up_hook) - ip_up_hook(); - - /* - * Execute the ip-up script, like this: - * /etc/ppp/ip-up interface tty speed local-IP remote-IP - */ - if (ipcp_script_state == s_down && ipcp_script_pid == 0) { - ipcp_script_state = s_up; - ipcp_script(_PATH_IPUP); - } -} - - -/* - * ipcp_down - IPCP has gone DOWN. - * - * Take the IP network interface down, clear its addresses - * and delete routes through it. - */ -static void -ipcp_down(f) - fsm *f; -{ - IPCPDEBUG(("ipcp: down")); - /* XXX a bit IPv4-centric here, we only need to get the stats - * before the interface is marked down. */ - /* XXX more correct: we must get the stats before running the notifiers, - * at least for the radius plugin */ - update_link_stats(f->unit); - notify(ip_down_notifier, 0); - if (ip_down_hook) - ip_down_hook(); - if (ipcp_is_up) { - ipcp_is_up = 0; - np_down(f->unit, PPP_IP); - } - sifvjcomp(f->unit, 0, 0, 0); - - print_link_stats(); /* _after_ running the notifiers and ip_down_hook(), - * because print_link_stats() sets link_stats_valid - * to 0 (zero) */ - - /* - * If we are doing dial-on-demand, set the interface - * to queue up outgoing packets (for now). - */ - if (demand) { - sifnpmode(f->unit, PPP_IP, NPMODE_QUEUE); - } else { - sifnpmode(f->unit, PPP_IP, NPMODE_DROP); - sifdown(f->unit); - ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, - ipcp_hisoptions[f->unit].hisaddr); - } - - /* Execute the ip-down script */ - if (ipcp_script_state == s_up && ipcp_script_pid == 0) { - ipcp_script_state = s_down; - ipcp_script(_PATH_IPDOWN); - } -} - - -/* - * ipcp_clear_addrs() - clear the interface addresses, routes, - * proxy arp entries, etc. - */ -static void -ipcp_clear_addrs(unit, ouraddr, hisaddr) - int unit; - u_int32_t ouraddr; /* local address */ - u_int32_t hisaddr; /* remote address */ -{ - if (proxy_arp_set[unit]) { - cifproxyarp(unit, hisaddr); - proxy_arp_set[unit] = 0; - } - if (default_route_set[unit]) { - cifdefaultroute(unit, ouraddr, hisaddr); - default_route_set[unit] = 0; - } - cifaddr(unit, ouraddr, hisaddr); -} - - -/* - * ipcp_finished - possibly shut down the lower layers. - */ -static void -ipcp_finished(f) - fsm *f; -{ - if (ipcp_is_open) { - ipcp_is_open = 0; - np_finished(f->unit, PPP_IP); - } -} - - -/* - * ipcp_script_done - called when the ip-up or ip-down script - * has finished. - */ -static void -ipcp_script_done(arg) - void *arg; -{ - ipcp_script_pid = 0; - switch (ipcp_script_state) { - case s_up: - if (ipcp_fsm[0].state != OPENED) { - ipcp_script_state = s_down; - ipcp_script(_PATH_IPDOWN); - } - break; - case s_down: - if (ipcp_fsm[0].state == OPENED) { - ipcp_script_state = s_up; - ipcp_script(_PATH_IPUP); - } - break; - } -} - - -/* - * ipcp_script - Execute a script with arguments - * interface-name tty-name speed local-IP remote-IP. - */ -static void -ipcp_script(script) - char *script; -{ - char strspeed[32], strlocal[32], strremote[32]; - char *argv[8]; - - slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); - slprintf(strlocal, sizeof(strlocal), "%I", ipcp_gotoptions[0].ouraddr); - slprintf(strremote, sizeof(strremote), "%I", ipcp_hisoptions[0].hisaddr); - - argv[0] = script; - argv[1] = ifname; - argv[2] = devnam; - argv[3] = strspeed; - argv[4] = strlocal; - argv[5] = strremote; - argv[6] = ipparam; - argv[7] = NULL; - ipcp_script_pid = run_program(script, argv, 0, ipcp_script_done, NULL); -} - -/* - * create_resolv - create the replacement resolv.conf file - */ -static void -create_resolv(peerdns1, peerdns2) - u_int32_t peerdns1, peerdns2; -{ - FILE *f; - -#if 0 /* resolv.conf has no meaning for ANDROIDS */ - f = fopen(_PATH_RESOLV, "w"); - if (f == NULL) { - error("Failed to create %s: %m", _PATH_RESOLV); - return; - } - - if (peerdns1) - fprintf(f, "nameserver %s\n", ip_ntoa(peerdns1)); - - if (peerdns2) - fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2)); - - if (ferror(f)) - error("Write failed to %s: %m", _PATH_RESOLV); - - fclose(f); -#endif -} - -/* - * ipcp_printpkt - print the contents of an IPCP packet. - */ -static char *ipcp_codenames[] = { - "ConfReq", "ConfAck", "ConfNak", "ConfRej", - "TermReq", "TermAck", "CodeRej" -}; - -static int -ipcp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, id, len, olen; - u_char *pstart, *optend; - u_short cishort; - u_int32_t cilong; - - if (plen < HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(ipcp_codenames) / sizeof(char *)) - printer(arg, " %s", ipcp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - switch (code) { - case CONFREQ: - case CONFACK: - case CONFNAK: - case CONFREJ: - /* print option list */ - while (len >= 2) { - GETCHAR(code, p); - GETCHAR(olen, p); - p -= 2; - if (olen < 2 || olen > len) { - break; - } - printer(arg, " <"); - len -= olen; - optend = p + olen; - switch (code) { - case CI_ADDRS: - if (olen == CILEN_ADDRS) { - p += 2; - GETLONG(cilong, p); - printer(arg, "addrs %I", htonl(cilong)); - GETLONG(cilong, p); - printer(arg, " %I", htonl(cilong)); - } - break; - case CI_COMPRESSTYPE: - if (olen >= CILEN_COMPRESS) { - p += 2; - GETSHORT(cishort, p); - printer(arg, "compress "); - switch (cishort) { - case IPCP_VJ_COMP: - printer(arg, "VJ"); - break; - case IPCP_VJ_COMP_OLD: - printer(arg, "old-VJ"); - break; - default: - printer(arg, "0x%x", cishort); - } - } - break; - case CI_ADDR: - if (olen == CILEN_ADDR) { - p += 2; - GETLONG(cilong, p); - printer(arg, "addr %I", htonl(cilong)); - } - break; - case CI_MS_DNS1: - case CI_MS_DNS2: - p += 2; - GETLONG(cilong, p); - printer(arg, "ms-dns%d %I", code - CI_MS_DNS1 + 1, - htonl(cilong)); - break; - case CI_MS_WINS1: - case CI_MS_WINS2: - p += 2; - GETLONG(cilong, p); - printer(arg, "ms-wins %I", htonl(cilong)); - break; - } - while (p < optend) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - printer(arg, ">"); - } - break; - - case TERMACK: - case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string((char *)p, len, printer, arg); - p += len; - len = 0; - } - break; - } - - /* print the rest of the bytes in the packet */ - for (; len > 0; --len) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - - return p - pstart; -} - -/* - * ip_active_pkt - see if this IP packet is worth bringing the link up for. - * We don't bring the link up for IP fragments or for TCP FIN packets - * with no data. - */ -#define IP_HDRLEN 20 /* bytes */ -#define IP_OFFMASK 0x1fff -#ifndef IPPROTO_TCP -#define IPPROTO_TCP 6 -#endif -#define TCP_HDRLEN 20 -#define TH_FIN 0x01 - -/* - * We use these macros because the IP header may be at an odd address, - * and some compilers might use word loads to get th_off or ip_hl. - */ - -#define net_short(x) (((x)[0] << 8) + (x)[1]) -#define get_iphl(x) (((unsigned char *)(x))[0] & 0xF) -#define get_ipoff(x) net_short((unsigned char *)(x) + 6) -#define get_ipproto(x) (((unsigned char *)(x))[9]) -#define get_tcpoff(x) (((unsigned char *)(x))[12] >> 4) -#define get_tcpflags(x) (((unsigned char *)(x))[13]) - -static int -ip_active_pkt(pkt, len) - u_char *pkt; - int len; -{ - u_char *tcp; - int hlen; - - len -= PPP_HDRLEN; - pkt += PPP_HDRLEN; - if (len < IP_HDRLEN) - return 0; - if ((get_ipoff(pkt) & IP_OFFMASK) != 0) - return 0; - if (get_ipproto(pkt) != IPPROTO_TCP) - return 1; - hlen = get_iphl(pkt) * 4; - if (len < hlen + TCP_HDRLEN) - return 0; - tcp = pkt + hlen; - if ((get_tcpflags(tcp) & TH_FIN) != 0 && len == hlen + get_tcpoff(tcp) * 4) - return 0; - return 1; -} diff --git a/pppd/ipcp.h b/pppd/ipcp.h deleted file mode 100644 index 6cf14c9..0000000 --- a/pppd/ipcp.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * ipcp.h - IP Control Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ipcp.h,v 1.14 2002/12/04 23:03:32 paulus Exp $ - */ - -/* - * Options. - */ -#define CI_ADDRS 1 /* IP Addresses */ -#define CI_COMPRESSTYPE 2 /* Compression Type */ -#define CI_ADDR 3 - -#define CI_MS_DNS1 129 /* Primary DNS value */ -#define CI_MS_WINS1 130 /* Primary WINS value */ -#define CI_MS_DNS2 131 /* Secondary DNS value */ -#define CI_MS_WINS2 132 /* Secondary WINS value */ - -#define MAX_STATES 16 /* from slcompress.h */ - -#define IPCP_VJMODE_OLD 1 /* "old" mode (option # = 0x0037) */ -#define IPCP_VJMODE_RFC1172 2 /* "old-rfc"mode (option # = 0x002d) */ -#define IPCP_VJMODE_RFC1332 3 /* "new-rfc"mode (option # = 0x002d, */ - /* maxslot and slot number compression) */ - -#define IPCP_VJ_COMP 0x002d /* current value for VJ compression option*/ -#define IPCP_VJ_COMP_OLD 0x0037 /* "old" (i.e, broken) value for VJ */ - /* compression option*/ - -typedef struct ipcp_options { - bool neg_addr; /* Negotiate IP Address? */ - bool old_addrs; /* Use old (IP-Addresses) option? */ - bool req_addr; /* Ask peer to send IP address? */ - bool default_route; /* Assign default route through interface? */ - bool proxy_arp; /* Make proxy ARP entry for peer? */ - bool neg_vj; /* Van Jacobson Compression? */ - bool old_vj; /* use old (short) form of VJ option? */ - bool accept_local; /* accept peer's value for ouraddr */ - bool accept_remote; /* accept peer's value for hisaddr */ - bool req_dns1; /* Ask peer to send primary DNS address? */ - bool req_dns2; /* Ask peer to send secondary DNS address? */ - int vj_protocol; /* protocol value to use in VJ option */ - int maxslotindex; /* values for RFC1332 VJ compression neg. */ - bool cflag; - u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */ - u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */ - u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */ -} ipcp_options; - -extern fsm ipcp_fsm[]; -extern ipcp_options ipcp_wantoptions[]; -extern ipcp_options ipcp_gotoptions[]; -extern ipcp_options ipcp_allowoptions[]; -extern ipcp_options ipcp_hisoptions[]; - -char *ip_ntoa __P((u_int32_t)); - -extern struct protent ipcp_protent; diff --git a/pppd/ipv6cp.c b/pppd/ipv6cp.c deleted file mode 100644 index ce9b138..0000000 --- a/pppd/ipv6cp.c +++ /dev/null @@ -1,1561 +0,0 @@ -/* - * ipv6cp.c - PPP IPV6 Control Protocol. - * - * Copyright (c) 1999 Tommi Komulainen. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Tommi Komulainen - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - */ - -/* Original version, based on RFC2023 : - - Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt, - Alain.Durand@imag.fr, IMAG, - Jean-Luc.Richier@imag.fr, IMAG-LSR. - - Copyright (c) 1998, 1999 Francis.Dupont@inria.fr, GIE DYADE, - Alain.Durand@imag.fr, IMAG, - Jean-Luc.Richier@imag.fr, IMAG-LSR. - - Ce travail a été fait au sein du GIE DYADE (Groupement d'Intérêt - Économique ayant pour membres BULL S.A. et l'INRIA). - - Ce logiciel informatique est disponible aux conditions - usuelles dans la recherche, c'est-à-dire qu'il peut - être utilisé, copié, modifié, distribué à l'unique - condition que ce texte soit conservé afin que - l'origine de ce logiciel soit reconnue. - - Le nom de l'Institut National de Recherche en Informatique - et en Automatique (INRIA), de l'IMAG, ou d'une personne morale - ou physique ayant participé à l'élaboration de ce logiciel ne peut - être utilisé sans son accord préalable explicite. - - Ce logiciel est fourni tel quel sans aucune garantie, - support ou responsabilité d'aucune sorte. - Ce logiciel est dérivé de sources d'origine - "University of California at Berkeley" et - "Digital Equipment Corporation" couvertes par des copyrights. - - L'Institut d'Informatique et de Mathématiques Appliquées de Grenoble (IMAG) - est une fédération d'unités mixtes de recherche du CNRS, de l'Institut National - Polytechnique de Grenoble et de l'Université Joseph Fourier regroupant - sept laboratoires dont le laboratoire Logiciels, Systèmes, Réseaux (LSR). - - This work has been done in the context of GIE DYADE (joint R & D venture - between BULL S.A. and INRIA). - - This software is available with usual "research" terms - with the aim of retain credits of the software. - Permission to use, copy, modify and distribute this software for any - purpose and without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies, - and the name of INRIA, IMAG, or any contributor not be used in advertising - or publicity pertaining to this material without the prior explicit - permission. The software is provided "as is" without any - warranties, support or liabilities of any kind. - This software is derived from source code from - "University of California at Berkeley" and - "Digital Equipment Corporation" protected by copyrights. - - Grenoble's Institute of Computer Science and Applied Mathematics (IMAG) - is a federation of seven research units funded by the CNRS, National - Polytechnic Institute of Grenoble and University Joseph Fourier. - The research unit in Software, Systems, Networks (LSR) is member of IMAG. -*/ - -/* - * Derived from : - * - * - * ipcp.c - PPP IP Control Protocol. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ipv6cp.c,v 1.20 2004/11/13 02:28:15 paulus Exp $ - */ - -#define RCSID "$Id: ipv6cp.c,v 1.20 2004/11/13 02:28:15 paulus Exp $" - -/* - * TODO: - * - * Proxy Neighbour Discovery. - * - * Better defines for selecting the ordering of - * interface up / set address. (currently checks for __linux__, - * since SVR4 && (SNI || __USLC__) didn't work properly) - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "ipcp.h" -#include "ipv6cp.h" -#include "magic.h" -#include "pathnames.h" - -static const char rcsid[] = RCSID; - -/* global vars */ -ipv6cp_options ipv6cp_wantoptions[NUM_PPP]; /* Options that we want to request */ -ipv6cp_options ipv6cp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ -ipv6cp_options ipv6cp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ -ipv6cp_options ipv6cp_hisoptions[NUM_PPP]; /* Options that we ack'd */ -int no_ifaceid_neg = 0; - -/* local vars */ -static int ipv6cp_is_up; - -/* - * Callbacks for fsm code. (CI = Configuration Information) - */ -static void ipv6cp_resetci __P((fsm *)); /* Reset our CI */ -static int ipv6cp_cilen __P((fsm *)); /* Return length of our CI */ -static void ipv6cp_addci __P((fsm *, u_char *, int *)); /* Add our CI */ -static int ipv6cp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */ -static int ipv6cp_nakci __P((fsm *, u_char *, int, int));/* Peer nak'd our CI */ -static int ipv6cp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */ -static int ipv6cp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv CI */ -static void ipv6cp_up __P((fsm *)); /* We're UP */ -static void ipv6cp_down __P((fsm *)); /* We're DOWN */ -static void ipv6cp_finished __P((fsm *)); /* Don't need lower layer */ - -fsm ipv6cp_fsm[NUM_PPP]; /* IPV6CP fsm structure */ - -static fsm_callbacks ipv6cp_callbacks = { /* IPV6CP callback routines */ - ipv6cp_resetci, /* Reset our Configuration Information */ - ipv6cp_cilen, /* Length of our Configuration Information */ - ipv6cp_addci, /* Add our Configuration Information */ - ipv6cp_ackci, /* ACK our Configuration Information */ - ipv6cp_nakci, /* NAK our Configuration Information */ - ipv6cp_rejci, /* Reject our Configuration Information */ - ipv6cp_reqci, /* Request peer's Configuration Information */ - ipv6cp_up, /* Called when fsm reaches OPENED state */ - ipv6cp_down, /* Called when fsm leaves OPENED state */ - NULL, /* Called when we want the lower layer up */ - ipv6cp_finished, /* Called when we want the lower layer down */ - NULL, /* Called when Protocol-Reject received */ - NULL, /* Retransmission is necessary */ - NULL, /* Called to handle protocol-specific codes */ - "IPV6CP" /* String name of protocol */ -}; - -/* - * Command-line options. - */ -static int setifaceid __P((char **arg)); -static void printifaceid __P((option_t *, - void (*)(void *, char *, ...), void *)); - -static option_t ipv6cp_option_list[] = { - { "ipv6", o_special, (void *)setifaceid, - "Set interface identifiers for IPV6", - OPT_A2PRINTER, (void *)printifaceid }, - - { "+ipv6", o_bool, &ipv6cp_protent.enabled_flag, - "Enable IPv6 and IPv6CP", OPT_PRIO | 1 }, - { "noipv6", o_bool, &ipv6cp_protent.enabled_flag, - "Disable IPv6 and IPv6CP", OPT_PRIOSUB }, - { "-ipv6", o_bool, &ipv6cp_protent.enabled_flag, - "Disable IPv6 and IPv6CP", OPT_PRIOSUB | OPT_ALIAS }, - - { "ipv6cp-accept-local", o_bool, &ipv6cp_allowoptions[0].accept_local, - "Accept peer's interface identifier for us", 1 }, - - { "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip, - "Use (default) IPv4 address as interface identifier", 1 }, - -#if defined(SOL2) || defined(__linux__) - { "ipv6cp-use-persistent", o_bool, &ipv6cp_wantoptions[0].use_persistent, - "Use uniquely-available persistent value for link local address", 1 }, -#endif /* defined(SOL2) */ - - { "ipv6cp-restart", o_int, &ipv6cp_fsm[0].timeouttime, - "Set timeout for IPv6CP", OPT_PRIO }, - { "ipv6cp-max-terminate", o_int, &ipv6cp_fsm[0].maxtermtransmits, - "Set max #xmits for term-reqs", OPT_PRIO }, - { "ipv6cp-max-configure", o_int, &ipv6cp_fsm[0].maxconfreqtransmits, - "Set max #xmits for conf-reqs", OPT_PRIO }, - { "ipv6cp-max-failure", o_int, &ipv6cp_fsm[0].maxnakloops, - "Set max #conf-naks for IPv6CP", OPT_PRIO }, - - { NULL } -}; - - -/* - * Protocol entry points from main code. - */ -static void ipv6cp_init __P((int)); -static void ipv6cp_open __P((int)); -static void ipv6cp_close __P((int, char *)); -static void ipv6cp_lowerup __P((int)); -static void ipv6cp_lowerdown __P((int)); -static void ipv6cp_input __P((int, u_char *, int)); -static void ipv6cp_protrej __P((int)); -static int ipv6cp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); -static void ipv6_check_options __P((void)); -static int ipv6_demand_conf __P((int)); -static int ipv6_active_pkt __P((u_char *, int)); - -struct protent ipv6cp_protent = { - PPP_IPV6CP, - ipv6cp_init, - ipv6cp_input, - ipv6cp_protrej, - ipv6cp_lowerup, - ipv6cp_lowerdown, - ipv6cp_open, - ipv6cp_close, - ipv6cp_printpkt, - NULL, - 0, - "IPV6CP", - "IPV6", - ipv6cp_option_list, - ipv6_check_options, - ipv6_demand_conf, - ipv6_active_pkt -}; - -static void ipv6cp_clear_addrs __P((int, eui64_t, eui64_t)); -static void ipv6cp_script __P((char *)); -static void ipv6cp_script_done __P((void *)); - -/* - * Lengths of configuration options. - */ -#define CILEN_VOID 2 -#define CILEN_COMPRESS 4 /* length for RFC2023 compress opt. */ -#define CILEN_IFACEID 10 /* RFC2472, interface identifier */ - -#define CODENAME(x) ((x) == CONFACK ? "ACK" : \ - (x) == CONFNAK ? "NAK" : "REJ") - -/* - * This state variable is used to ensure that we don't - * run an ipcp-up/down script while one is already running. - */ -static enum script_state { - s_down, - s_up, -} ipv6cp_script_state; -static pid_t ipv6cp_script_pid; - -/* - * setifaceid - set the interface identifiers manually - */ -static int -setifaceid(argv) - char **argv; -{ - char *comma, *arg, c; - ipv6cp_options *wo = &ipv6cp_wantoptions[0]; - struct in6_addr addr; - static int prio_local, prio_remote; - -#define VALIDID(a) ( (((a).s6_addr32[0] == 0) && ((a).s6_addr32[1] == 0)) && \ - (((a).s6_addr32[2] != 0) || ((a).s6_addr32[3] != 0)) ) - - arg = *argv; - if ((comma = strchr(arg, ',')) == NULL) - comma = arg + strlen(arg); - - /* - * If comma first character, then no local identifier - */ - if (comma != arg) { - c = *comma; - *comma = '\0'; - - if (inet_pton(AF_INET6, arg, &addr) == 0 || !VALIDID(addr)) { - option_error("Illegal interface identifier (local): %s", arg); - return 0; - } - - if (option_priority >= prio_local) { - eui64_copy(addr.s6_addr32[2], wo->ourid); - wo->opt_local = 1; - prio_local = option_priority; - } - *comma = c; - } - - /* - * If comma last character, the no remote identifier - */ - if (*comma != 0 && *++comma != '\0') { - if (inet_pton(AF_INET6, comma, &addr) == 0 || !VALIDID(addr)) { - option_error("Illegal interface identifier (remote): %s", comma); - return 0; - } - if (option_priority >= prio_remote) { - eui64_copy(addr.s6_addr32[2], wo->hisid); - wo->opt_remote = 1; - prio_remote = option_priority; - } - } - - if (override_value("+ipv6", option_priority, option_source)) - ipv6cp_protent.enabled_flag = 1; - return 1; -} - -char *llv6_ntoa(eui64_t ifaceid); - -static void -printifaceid(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - ipv6cp_options *wo = &ipv6cp_wantoptions[0]; - - if (wo->opt_local) - printer(arg, "%s", llv6_ntoa(wo->ourid)); - printer(arg, ","); - if (wo->opt_remote) - printer(arg, "%s", llv6_ntoa(wo->hisid)); -} - -/* - * Make a string representation of a network address. - */ -char * -llv6_ntoa(ifaceid) - eui64_t ifaceid; -{ - static char b[64]; - - sprintf(b, "fe80::%s", eui64_ntoa(ifaceid)); - return b; -} - - -/* - * ipv6cp_init - Initialize IPV6CP. - */ -static void -ipv6cp_init(unit) - int unit; -{ - fsm *f = &ipv6cp_fsm[unit]; - ipv6cp_options *wo = &ipv6cp_wantoptions[unit]; - ipv6cp_options *ao = &ipv6cp_allowoptions[unit]; - - f->unit = unit; - f->protocol = PPP_IPV6CP; - f->callbacks = &ipv6cp_callbacks; - fsm_init(&ipv6cp_fsm[unit]); - - memset(wo, 0, sizeof(*wo)); - memset(ao, 0, sizeof(*ao)); - - wo->accept_local = 1; - wo->neg_ifaceid = 1; - ao->neg_ifaceid = 1; - -#ifdef IPV6CP_COMP - wo->neg_vj = 1; - ao->neg_vj = 1; - wo->vj_protocol = IPV6CP_COMP; -#endif - -} - - -/* - * ipv6cp_open - IPV6CP is allowed to come up. - */ -static void -ipv6cp_open(unit) - int unit; -{ - fsm_open(&ipv6cp_fsm[unit]); -} - - -/* - * ipv6cp_close - Take IPV6CP down. - */ -static void -ipv6cp_close(unit, reason) - int unit; - char *reason; -{ - fsm_close(&ipv6cp_fsm[unit], reason); -} - - -/* - * ipv6cp_lowerup - The lower layer is up. - */ -static void -ipv6cp_lowerup(unit) - int unit; -{ - fsm_lowerup(&ipv6cp_fsm[unit]); -} - - -/* - * ipv6cp_lowerdown - The lower layer is down. - */ -static void -ipv6cp_lowerdown(unit) - int unit; -{ - fsm_lowerdown(&ipv6cp_fsm[unit]); -} - - -/* - * ipv6cp_input - Input IPV6CP packet. - */ -static void -ipv6cp_input(unit, p, len) - int unit; - u_char *p; - int len; -{ - fsm_input(&ipv6cp_fsm[unit], p, len); -} - - -/* - * ipv6cp_protrej - A Protocol-Reject was received for IPV6CP. - * - * Pretend the lower layer went down, so we shut up. - */ -static void -ipv6cp_protrej(unit) - int unit; -{ - fsm_lowerdown(&ipv6cp_fsm[unit]); -} - - -/* - * ipv6cp_resetci - Reset our CI. - */ -static void -ipv6cp_resetci(f) - fsm *f; -{ - ipv6cp_options *wo = &ipv6cp_wantoptions[f->unit]; - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - - wo->req_ifaceid = wo->neg_ifaceid && ipv6cp_allowoptions[f->unit].neg_ifaceid; - - if (!wo->opt_local) { - eui64_magic_nz(wo->ourid); - } - - *go = *wo; - eui64_zero(go->hisid); /* last proposed interface identifier */ -} - - -/* - * ipv6cp_cilen - Return length of our CI. - */ -static int -ipv6cp_cilen(f) - fsm *f; -{ - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - -#define LENCIVJ(neg) (neg ? CILEN_COMPRESS : 0) -#define LENCIIFACEID(neg) (neg ? CILEN_IFACEID : 0) - - return (LENCIIFACEID(go->neg_ifaceid) + - LENCIVJ(go->neg_vj)); -} - - -/* - * ipv6cp_addci - Add our desired CIs to a packet. - */ -static void -ipv6cp_addci(f, ucp, lenp) - fsm *f; - u_char *ucp; - int *lenp; -{ - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - int len = *lenp; - -#define ADDCIVJ(opt, neg, val) \ - if (neg) { \ - int vjlen = CILEN_COMPRESS; \ - if (len >= vjlen) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(vjlen, ucp); \ - PUTSHORT(val, ucp); \ - len -= vjlen; \ - } else \ - neg = 0; \ - } - -#define ADDCIIFACEID(opt, neg, val1) \ - if (neg) { \ - int idlen = CILEN_IFACEID; \ - if (len >= idlen) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(idlen, ucp); \ - eui64_put(val1, ucp); \ - len -= idlen; \ - } else \ - neg = 0; \ - } - - ADDCIIFACEID(CI_IFACEID, go->neg_ifaceid, go->ourid); - - ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol); - - *lenp -= len; -} - - -/* - * ipv6cp_ackci - Ack our CIs. - * - * Returns: - * 0 - Ack was bad. - * 1 - Ack was good. - */ -static int -ipv6cp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - u_short cilen, citype, cishort; - eui64_t ifaceid; - - /* - * CIs must be in exactly the same order that we sent... - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ - -#define ACKCIVJ(opt, neg, val) \ - if (neg) { \ - int vjlen = CILEN_COMPRESS; \ - if ((len -= vjlen) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != vjlen || \ - citype != opt) \ - goto bad; \ - GETSHORT(cishort, p); \ - if (cishort != val) \ - goto bad; \ - } - -#define ACKCIIFACEID(opt, neg, val1) \ - if (neg) { \ - int idlen = CILEN_IFACEID; \ - if ((len -= idlen) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != idlen || \ - citype != opt) \ - goto bad; \ - eui64_get(ifaceid, p); \ - if (! eui64_equals(val1, ifaceid)) \ - goto bad; \ - } - - ACKCIIFACEID(CI_IFACEID, go->neg_ifaceid, go->ourid); - - ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - return (1); - -bad: - IPV6CPDEBUG(("ipv6cp_ackci: received bad Ack!")); - return (0); -} - -/* - * ipv6cp_nakci - Peer has sent a NAK for some of our CIs. - * This should not modify any state if the Nak is bad - * or if IPV6CP is in the OPENED state. - * - * Returns: - * 0 - Nak was bad. - * 1 - Nak was good. - */ -static int -ipv6cp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; - int treat_as_reject; -{ - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - u_char citype, cilen, *next; - u_short cishort; - eui64_t ifaceid; - ipv6cp_options no; /* options we've seen Naks for */ - ipv6cp_options try; /* options to request next time */ - - BZERO(&no, sizeof(no)); - try = *go; - - /* - * Any Nak'd CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define NAKCIIFACEID(opt, neg, code) \ - if (go->neg && \ - len >= (cilen = CILEN_IFACEID) && \ - p[1] == cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - eui64_get(ifaceid, p); \ - no.neg = 1; \ - code \ - } - -#define NAKCIVJ(opt, neg, code) \ - if (go->neg && \ - ((cilen = p[1]) == CILEN_COMPRESS) && \ - len >= cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - no.neg = 1; \ - code \ - } - - /* - * Accept the peer's idea of {our,his} interface identifier, if different - * from our idea, only if the accept_{local,remote} flag is set. - */ - NAKCIIFACEID(CI_IFACEID, neg_ifaceid, - if (treat_as_reject) { - try.neg_ifaceid = 0; - } else if (go->accept_local) { - while (eui64_iszero(ifaceid) || - eui64_equals(ifaceid, go->hisid)) /* bad luck */ - eui64_magic(ifaceid); - try.ourid = ifaceid; - IPV6CPDEBUG(("local LL address %s", llv6_ntoa(ifaceid))); - } - ); - -#ifdef IPV6CP_COMP - NAKCIVJ(CI_COMPRESSTYPE, neg_vj, - { - if (cishort == IPV6CP_COMP && !treat_as_reject) { - try.vj_protocol = cishort; - } else { - try.neg_vj = 0; - } - } - ); -#else - NAKCIVJ(CI_COMPRESSTYPE, neg_vj, - { - try.neg_vj = 0; - } - ); -#endif - - /* - * There may be remaining CIs, if the peer is requesting negotiation - * on an option that we didn't include in our request packet. - * If they want to negotiate about interface identifier, we comply. - * If they want us to ask for compression, we refuse. - */ - while (len >= CILEN_VOID) { - GETCHAR(citype, p); - GETCHAR(cilen, p); - if ( cilen < CILEN_VOID || (len -= cilen) < 0 ) - goto bad; - next = p + cilen - 2; - - switch (citype) { - case CI_COMPRESSTYPE: - if (go->neg_vj || no.neg_vj || - (cilen != CILEN_COMPRESS)) - goto bad; - no.neg_vj = 1; - break; - case CI_IFACEID: - if (go->neg_ifaceid || no.neg_ifaceid || cilen != CILEN_IFACEID) - goto bad; - try.neg_ifaceid = 1; - eui64_get(ifaceid, p); - if (go->accept_local) { - while (eui64_iszero(ifaceid) || - eui64_equals(ifaceid, go->hisid)) /* bad luck */ - eui64_magic(ifaceid); - try.ourid = ifaceid; - } - no.neg_ifaceid = 1; - break; - } - p = next; - } - - /* If there is still anything left, this packet is bad. */ - if (len != 0) - goto bad; - - /* - * OK, the Nak is good. Now we can update state. - */ - if (f->state != OPENED) - *go = try; - - return 1; - -bad: - IPV6CPDEBUG(("ipv6cp_nakci: received bad Nak!")); - return 0; -} - - -/* - * ipv6cp_rejci - Reject some of our CIs. - */ -static int -ipv6cp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - u_char cilen; - u_short cishort; - eui64_t ifaceid; - ipv6cp_options try; /* options to request next time */ - - try = *go; - /* - * Any Rejected CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define REJCIIFACEID(opt, neg, val1) \ - if (go->neg && \ - len >= (cilen = CILEN_IFACEID) && \ - p[1] == cilen && \ - p[0] == opt) { \ - len -= cilen; \ - INCPTR(2, p); \ - eui64_get(ifaceid, p); \ - /* Check rejected value. */ \ - if (! eui64_equals(ifaceid, val1)) \ - goto bad; \ - try.neg = 0; \ - } - -#define REJCIVJ(opt, neg, val) \ - if (go->neg && \ - p[1] == CILEN_COMPRESS && \ - len >= p[1] && \ - p[0] == opt) { \ - len -= p[1]; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - /* Check rejected value. */ \ - if (cishort != val) \ - goto bad; \ - try.neg = 0; \ - } - - REJCIIFACEID(CI_IFACEID, neg_ifaceid, go->ourid); - - REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - /* - * Now we can update state. - */ - if (f->state != OPENED) - *go = try; - return 1; - -bad: - IPV6CPDEBUG(("ipv6cp_rejci: received bad Reject!")); - return 0; -} - - -/* - * ipv6cp_reqci - Check the peer's requested CIs and send appropriate response. - * - * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified - * appropriately. If reject_if_disagree is non-zero, doesn't return - * CONFNAK; returns CONFREJ if it can't return CONFACK. - */ -static int -ipv6cp_reqci(f, inp, len, reject_if_disagree) - fsm *f; - u_char *inp; /* Requested CIs */ - int *len; /* Length of requested CIs */ - int reject_if_disagree; -{ - ipv6cp_options *wo = &ipv6cp_wantoptions[f->unit]; - ipv6cp_options *ho = &ipv6cp_hisoptions[f->unit]; - ipv6cp_options *ao = &ipv6cp_allowoptions[f->unit]; - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - u_char *cip, *next; /* Pointer to current and next CIs */ - u_short cilen, citype; /* Parsed len, type */ - u_short cishort; /* Parsed short value */ - eui64_t ifaceid; /* Parsed interface identifier */ - int rc = CONFACK; /* Final packet return code */ - int orc; /* Individual option return code */ - u_char *p; /* Pointer to next char to parse */ - u_char *ucp = inp; /* Pointer to current output char */ - int l = *len; /* Length left */ - - /* - * Reset all his options. - */ - BZERO(ho, sizeof(*ho)); - - /* - * Process all his options. - */ - next = inp; - while (l) { - orc = CONFACK; /* Assume success */ - cip = p = next; /* Remember begining of CI */ - if (l < 2 || /* Not enough data for CI header or */ - p[1] < 2 || /* CI length too small or */ - p[1] > l) { /* CI length too big? */ - IPV6CPDEBUG(("ipv6cp_reqci: bad CI length!")); - orc = CONFREJ; /* Reject bad CI */ - cilen = l; /* Reject till end of packet */ - l = 0; /* Don't loop again */ - goto endswitch; - } - GETCHAR(citype, p); /* Parse CI type */ - GETCHAR(cilen, p); /* Parse CI length */ - l -= cilen; /* Adjust remaining length */ - next += cilen; /* Step to next CI */ - - switch (citype) { /* Check CI type */ - case CI_IFACEID: - IPV6CPDEBUG(("ipv6cp: received interface identifier ")); - - if (!ao->neg_ifaceid || - cilen != CILEN_IFACEID) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - - /* - * If he has no interface identifier, or if we both have same - * identifier then NAK it with new idea. - * In particular, if we don't know his identifier, but he does, - * then accept it. - */ - eui64_get(ifaceid, p); - IPV6CPDEBUG(("(%s)", llv6_ntoa(ifaceid))); - if (eui64_iszero(ifaceid) && eui64_iszero(go->ourid)) { - orc = CONFREJ; /* Reject CI */ - break; - } - if (!eui64_iszero(wo->hisid) && - !eui64_equals(ifaceid, wo->hisid) && - eui64_iszero(go->hisid)) { - - orc = CONFNAK; - ifaceid = wo->hisid; - go->hisid = ifaceid; - DECPTR(sizeof(ifaceid), p); - eui64_put(ifaceid, p); - } else - if (eui64_iszero(ifaceid) || eui64_equals(ifaceid, go->ourid)) { - orc = CONFNAK; - if (eui64_iszero(go->hisid)) /* first time, try option */ - ifaceid = wo->hisid; - while (eui64_iszero(ifaceid) || - eui64_equals(ifaceid, go->ourid)) /* bad luck */ - eui64_magic(ifaceid); - go->hisid = ifaceid; - DECPTR(sizeof(ifaceid), p); - eui64_put(ifaceid, p); - } - - ho->neg_ifaceid = 1; - ho->hisid = ifaceid; - break; - - case CI_COMPRESSTYPE: - IPV6CPDEBUG(("ipv6cp: received COMPRESSTYPE ")); - if (!ao->neg_vj || - (cilen != CILEN_COMPRESS)) { - orc = CONFREJ; - break; - } - GETSHORT(cishort, p); - IPV6CPDEBUG(("(%d)", cishort)); - -#ifdef IPV6CP_COMP - if (!(cishort == IPV6CP_COMP)) { - orc = CONFREJ; - break; - } - - ho->neg_vj = 1; - ho->vj_protocol = cishort; - break; -#else - orc = CONFREJ; - break; -#endif - - default: - orc = CONFREJ; - break; - } - -endswitch: - IPV6CPDEBUG((" (%s)\n", CODENAME(orc))); - - if (orc == CONFACK && /* Good CI */ - rc != CONFACK) /* but prior CI wasnt? */ - continue; /* Don't send this one */ - - if (orc == CONFNAK) { /* Nak this CI? */ - if (reject_if_disagree) /* Getting fed up with sending NAKs? */ - orc = CONFREJ; /* Get tough if so */ - else { - if (rc == CONFREJ) /* Rejecting prior CI? */ - continue; /* Don't send this one */ - if (rc == CONFACK) { /* Ack'd all prior CIs? */ - rc = CONFNAK; /* Not anymore... */ - ucp = inp; /* Backup */ - } - } - } - - if (orc == CONFREJ && /* Reject this CI */ - rc != CONFREJ) { /* but no prior ones? */ - rc = CONFREJ; - ucp = inp; /* Backup */ - } - - /* Need to move CI? */ - if (ucp != cip) - BCOPY(cip, ucp, cilen); /* Move it */ - - /* Update output pointer */ - INCPTR(cilen, ucp); - } - - /* - * If we aren't rejecting this packet, and we want to negotiate - * their identifier and they didn't send their identifier, then we - * send a NAK with a CI_IFACEID option appended. We assume the - * input buffer is long enough that we can append the extra - * option safely. - */ - if (rc != CONFREJ && !ho->neg_ifaceid && - wo->req_ifaceid && !reject_if_disagree) { - if (rc == CONFACK) { - rc = CONFNAK; - ucp = inp; /* reset pointer */ - wo->req_ifaceid = 0; /* don't ask again */ - } - PUTCHAR(CI_IFACEID, ucp); - PUTCHAR(CILEN_IFACEID, ucp); - eui64_put(wo->hisid, ucp); - } - - *len = ucp - inp; /* Compute output length */ - IPV6CPDEBUG(("ipv6cp: returning Configure-%s", CODENAME(rc))); - return (rc); /* Return final code */ -} - - -/* - * ipv6_check_options - check that any IP-related options are OK, - * and assign appropriate defaults. - */ -static void -ipv6_check_options() -{ - ipv6cp_options *wo = &ipv6cp_wantoptions[0]; - - if (!ipv6cp_protent.enabled_flag) - return; - -#if defined(SOL2) || defined(__linux__) - /* - * Persistent link-local id is only used when user has not explicitly - * configure/hard-code the id - */ - if ((wo->use_persistent) && (!wo->opt_local) && (!wo->opt_remote)) { - - /* - * On systems where there are no Ethernet interfaces used, there - * may be other ways to obtain a persistent id. Right now, it - * will fall back to using magic [see eui64_magic] below when - * an EUI-48 from MAC address can't be obtained. Other possibilities - * include obtaining EEPROM serial numbers, or some other unique - * yet persistent number. On Sparc platforms, this is possible, - * but too bad there's no standards yet for x86 machines. - */ - if (ether_to_eui64(&wo->ourid)) { - wo->opt_local = 1; - } - } -#endif - - if (!wo->opt_local) { /* init interface identifier */ - if (wo->use_ip && eui64_iszero(wo->ourid)) { - eui64_setlo32(wo->ourid, ntohl(ipcp_wantoptions[0].ouraddr)); - if (!eui64_iszero(wo->ourid)) - wo->opt_local = 1; - } - - while (eui64_iszero(wo->ourid)) - eui64_magic(wo->ourid); - } - - if (!wo->opt_remote) { - if (wo->use_ip && eui64_iszero(wo->hisid)) { - eui64_setlo32(wo->hisid, ntohl(ipcp_wantoptions[0].hisaddr)); - if (!eui64_iszero(wo->hisid)) - wo->opt_remote = 1; - } - } - - if (demand && (eui64_iszero(wo->ourid) || eui64_iszero(wo->hisid))) { - option_error("local/remote LL address required for demand-dialling\n"); - exit(1); - } -} - - -/* - * ipv6_demand_conf - configure the interface as though - * IPV6CP were up, for use with dial-on-demand. - */ -static int -ipv6_demand_conf(u) - int u; -{ - ipv6cp_options *wo = &ipv6cp_wantoptions[u]; - -#if defined(__linux__) || defined(SOL2) || (defined(SVR4) && (defined(SNI) || defined(__USLC__))) -#if defined(SOL2) - if (!sif6up(u)) - return 0; -#else - if (!sifup(u)) - return 0; -#endif /* defined(SOL2) */ -#endif - if (!sif6addr(u, wo->ourid, wo->hisid)) - return 0; -#if !defined(__linux__) && !(defined(SVR4) && (defined(SNI) || defined(__USLC__))) - if (!sifup(u)) - return 0; -#endif - if (!sifnpmode(u, PPP_IPV6, NPMODE_QUEUE)) - return 0; - - notice("ipv6_demand_conf"); - notice("local LL address %s", llv6_ntoa(wo->ourid)); - notice("remote LL address %s", llv6_ntoa(wo->hisid)); - - return 1; -} - - -/* - * ipv6cp_up - IPV6CP has come UP. - * - * Configure the IPv6 network interface appropriately and bring it up. - */ -static void -ipv6cp_up(f) - fsm *f; -{ - ipv6cp_options *ho = &ipv6cp_hisoptions[f->unit]; - ipv6cp_options *go = &ipv6cp_gotoptions[f->unit]; - ipv6cp_options *wo = &ipv6cp_wantoptions[f->unit]; - - IPV6CPDEBUG(("ipv6cp: up")); - - /* - * We must have a non-zero LL address for both ends of the link. - */ - if (!ho->neg_ifaceid) - ho->hisid = wo->hisid; - - if(!no_ifaceid_neg) { - if (eui64_iszero(ho->hisid)) { - error("Could not determine remote LL address"); - ipv6cp_close(f->unit, "Could not determine remote LL address"); - return; - } - if (eui64_iszero(go->ourid)) { - error("Could not determine local LL address"); - ipv6cp_close(f->unit, "Could not determine local LL address"); - return; - } - if (eui64_equals(go->ourid, ho->hisid)) { - error("local and remote LL addresses are equal"); - ipv6cp_close(f->unit, "local and remote LL addresses are equal"); - return; - } - } - script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0); - script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0); - -#ifdef IPV6CP_COMP - /* set tcp compression */ - sif6comp(f->unit, ho->neg_vj); -#endif - - /* - * If we are doing dial-on-demand, the interface is already - * configured, so we put out any saved-up packets, then set the - * interface to pass IPv6 packets. - */ - if (demand) { - if (! eui64_equals(go->ourid, wo->ourid) || - ! eui64_equals(ho->hisid, wo->hisid)) { - if (! eui64_equals(go->ourid, wo->ourid)) - warn("Local LL address changed to %s", - llv6_ntoa(go->ourid)); - if (! eui64_equals(ho->hisid, wo->hisid)) - warn("Remote LL address changed to %s", - llv6_ntoa(ho->hisid)); - ipv6cp_clear_addrs(f->unit, go->ourid, ho->hisid); - - /* Set the interface to the new addresses */ - if (!sif6addr(f->unit, go->ourid, ho->hisid)) { - if (debug) - warn("sif6addr failed"); - ipv6cp_close(f->unit, "Interface configuration failed"); - return; - } - - } - demand_rexmit(PPP_IPV6); - sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS); - - } else { - /* - * Set LL addresses - */ -#if !defined(__linux__) && !defined(SOL2) && !(defined(SVR4) && (defined(SNI) || defined(__USLC__))) - if (!sif6addr(f->unit, go->ourid, ho->hisid)) { - if (debug) - warn("sif6addr failed"); - ipv6cp_close(f->unit, "Interface configuration failed"); - return; - } -#endif - - /* bring the interface up for IPv6 */ -#if defined(SOL2) - if (!sif6up(f->unit)) { - if (debug) - warn("sifup failed (IPV6)"); - ipv6cp_close(f->unit, "Interface configuration failed"); - return; - } -#else - if (!sifup(f->unit)) { - if (debug) - warn("sifup failed (IPV6)"); - ipv6cp_close(f->unit, "Interface configuration failed"); - return; - } -#endif /* defined(SOL2) */ - -#if defined(__linux__) || defined(SOL2) || (defined(SVR4) && (defined(SNI) || defined(__USLC__))) - if (!sif6addr(f->unit, go->ourid, ho->hisid)) { - if (debug) - warn("sif6addr failed"); - ipv6cp_close(f->unit, "Interface configuration failed"); - return; - } -#endif - sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS); - - notice("local LL address %s", llv6_ntoa(go->ourid)); - notice("remote LL address %s", llv6_ntoa(ho->hisid)); - } - - np_up(f->unit, PPP_IPV6); - ipv6cp_is_up = 1; - - /* - * Execute the ipv6-up script, like this: - * /etc/ppp/ipv6-up interface tty speed local-LL remote-LL - */ - if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) { - ipv6cp_script_state = s_up; - ipv6cp_script(_PATH_IPV6UP); - } -} - - -/* - * ipv6cp_down - IPV6CP has gone DOWN. - * - * Take the IPv6 network interface down, clear its addresses - * and delete routes through it. - */ -static void -ipv6cp_down(f) - fsm *f; -{ - IPV6CPDEBUG(("ipv6cp: down")); - update_link_stats(f->unit); - if (ipv6cp_is_up) { - ipv6cp_is_up = 0; - np_down(f->unit, PPP_IPV6); - } -#ifdef IPV6CP_COMP - sif6comp(f->unit, 0); -#endif - - /* - * If we are doing dial-on-demand, set the interface - * to queue up outgoing packets (for now). - */ - if (demand) { - sifnpmode(f->unit, PPP_IPV6, NPMODE_QUEUE); - } else { - sifnpmode(f->unit, PPP_IPV6, NPMODE_DROP); -#if !defined(__linux__) && !(defined(SVR4) && (defined(SNI) || defined(__USLC))) -#if defined(SOL2) - sif6down(f->unit); -#else - sifdown(f->unit); -#endif /* defined(SOL2) */ -#endif - ipv6cp_clear_addrs(f->unit, - ipv6cp_gotoptions[f->unit].ourid, - ipv6cp_hisoptions[f->unit].hisid); -#if defined(__linux__) || (defined(SVR4) && (defined(SNI) || defined(__USLC))) - sifdown(f->unit); -#endif - } - - /* Execute the ipv6-down script */ - if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) { - ipv6cp_script_state = s_down; - ipv6cp_script(_PATH_IPV6DOWN); - } -} - - -/* - * ipv6cp_clear_addrs() - clear the interface addresses, routes, - * proxy neighbour discovery entries, etc. - */ -static void -ipv6cp_clear_addrs(unit, ourid, hisid) - int unit; - eui64_t ourid; - eui64_t hisid; -{ - cif6addr(unit, ourid, hisid); -} - - -/* - * ipv6cp_finished - possibly shut down the lower layers. - */ -static void -ipv6cp_finished(f) - fsm *f; -{ - np_finished(f->unit, PPP_IPV6); -} - - -/* - * ipv6cp_script_done - called when the ipv6-up or ipv6-down script - * has finished. - */ -static void -ipv6cp_script_done(arg) - void *arg; -{ - ipv6cp_script_pid = 0; - switch (ipv6cp_script_state) { - case s_up: - if (ipv6cp_fsm[0].state != OPENED) { - ipv6cp_script_state = s_down; - ipv6cp_script(_PATH_IPV6DOWN); - } - break; - case s_down: - if (ipv6cp_fsm[0].state == OPENED) { - ipv6cp_script_state = s_up; - ipv6cp_script(_PATH_IPV6UP); - } - break; - } -} - - -/* - * ipv6cp_script - Execute a script with arguments - * interface-name tty-name speed local-LL remote-LL. - */ -static void -ipv6cp_script(script) - char *script; -{ - char strspeed[32], strlocal[32], strremote[32]; - char *argv[8]; - - sprintf(strspeed, "%d", baud_rate); - strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid)); - strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid)); - - argv[0] = script; - argv[1] = ifname; - argv[2] = devnam; - argv[3] = strspeed; - argv[4] = strlocal; - argv[5] = strremote; - argv[6] = ipparam; - argv[7] = NULL; - - ipv6cp_script_pid = run_program(script, argv, 0, ipv6cp_script_done, NULL); -} - -/* - * ipv6cp_printpkt - print the contents of an IPV6CP packet. - */ -static char *ipv6cp_codenames[] = { - "ConfReq", "ConfAck", "ConfNak", "ConfRej", - "TermReq", "TermAck", "CodeRej" -}; - -static int -ipv6cp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, id, len, olen; - u_char *pstart, *optend; - u_short cishort; - eui64_t ifaceid; - - if (plen < HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(ipv6cp_codenames) / sizeof(char *)) - printer(arg, " %s", ipv6cp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - switch (code) { - case CONFREQ: - case CONFACK: - case CONFNAK: - case CONFREJ: - /* print option list */ - while (len >= 2) { - GETCHAR(code, p); - GETCHAR(olen, p); - p -= 2; - if (olen < 2 || olen > len) { - break; - } - printer(arg, " <"); - len -= olen; - optend = p + olen; - switch (code) { - case CI_COMPRESSTYPE: - if (olen >= CILEN_COMPRESS) { - p += 2; - GETSHORT(cishort, p); - printer(arg, "compress "); - printer(arg, "0x%x", cishort); - } - break; - case CI_IFACEID: - if (olen == CILEN_IFACEID) { - p += 2; - eui64_get(ifaceid, p); - printer(arg, "addr %s", llv6_ntoa(ifaceid)); - } - break; - } - while (p < optend) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - printer(arg, ">"); - } - break; - - case TERMACK: - case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string((char *)p, len, printer, arg); - p += len; - len = 0; - } - break; - } - - /* print the rest of the bytes in the packet */ - for (; len > 0; --len) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - - return p - pstart; -} - -/* - * ipv6_active_pkt - see if this IP packet is worth bringing the link up for. - * We don't bring the link up for IP fragments or for TCP FIN packets - * with no data. - */ -#define IP6_HDRLEN 40 /* bytes */ -#define IP6_NHDR_FRAG 44 /* fragment IPv6 header */ -#define TCP_HDRLEN 20 -#define TH_FIN 0x01 - -/* - * We use these macros because the IP header may be at an odd address, - * and some compilers might use word loads to get th_off or ip_hl. - */ - -#define get_ip6nh(x) (((unsigned char *)(x))[6]) -#define get_tcpoff(x) (((unsigned char *)(x))[12] >> 4) -#define get_tcpflags(x) (((unsigned char *)(x))[13]) - -static int -ipv6_active_pkt(pkt, len) - u_char *pkt; - int len; -{ - u_char *tcp; - - len -= PPP_HDRLEN; - pkt += PPP_HDRLEN; - if (len < IP6_HDRLEN) - return 0; - if (get_ip6nh(pkt) == IP6_NHDR_FRAG) - return 0; - if (get_ip6nh(pkt) != IPPROTO_TCP) - return 1; - if (len < IP6_HDRLEN + TCP_HDRLEN) - return 0; - tcp = pkt + IP6_HDRLEN; - if ((get_tcpflags(tcp) & TH_FIN) != 0 && len == IP6_HDRLEN + get_tcpoff(tcp) * 4) - return 0; - return 1; -} diff --git a/pppd/ipv6cp.h b/pppd/ipv6cp.h deleted file mode 100644 index cc4568d..0000000 --- a/pppd/ipv6cp.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - * ipv6cp.h - PPP IPV6 Control Protocol. - * - * Copyright (c) 1999 Tommi Komulainen. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Tommi Komulainen - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - */ - -/* Original version, based on RFC2023 : - - Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt, - Alain.Durand@imag.fr, IMAG, - Jean-Luc.Richier@imag.fr, IMAG-LSR. - - Copyright (c) 1998, 1999 Francis.Dupont@inria.fr, GIE DYADE, - Alain.Durand@imag.fr, IMAG, - Jean-Luc.Richier@imag.fr, IMAG-LSR. - - Ce travail a été fait au sein du GIE DYADE (Groupement d'Intérêt - Économique ayant pour membres BULL S.A. et l'INRIA). - - Ce logiciel informatique est disponible aux conditions - usuelles dans la recherche, c'est-à-dire qu'il peut - être utilisé, copié, modifié, distribué à l'unique - condition que ce texte soit conservé afin que - l'origine de ce logiciel soit reconnue. - - Le nom de l'Institut National de Recherche en Informatique - et en Automatique (INRIA), de l'IMAG, ou d'une personne morale - ou physique ayant participé à l'élaboration de ce logiciel ne peut - être utilisé sans son accord préalable explicite. - - Ce logiciel est fourni tel quel sans aucune garantie, - support ou responsabilité d'aucune sorte. - Ce logiciel est dérivé de sources d'origine - "University of California at Berkeley" et - "Digital Equipment Corporation" couvertes par des copyrights. - - L'Institut d'Informatique et de Mathématiques Appliquées de Grenoble (IMAG) - est une fédération d'unités mixtes de recherche du CNRS, de l'Institut National - Polytechnique de Grenoble et de l'Université Joseph Fourier regroupant - sept laboratoires dont le laboratoire Logiciels, Systèmes, Réseaux (LSR). - - This work has been done in the context of GIE DYADE (joint R & D venture - between BULL S.A. and INRIA). - - This software is available with usual "research" terms - with the aim of retain credits of the software. - Permission to use, copy, modify and distribute this software for any - purpose and without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies, - and the name of INRIA, IMAG, or any contributor not be used in advertising - or publicity pertaining to this material without the prior explicit - permission. The software is provided "as is" without any - warranties, support or liabilities of any kind. - This software is derived from source code from - "University of California at Berkeley" and - "Digital Equipment Corporation" protected by copyrights. - - Grenoble's Institute of Computer Science and Applied Mathematics (IMAG) - is a federation of seven research units funded by the CNRS, National - Polytechnic Institute of Grenoble and University Joseph Fourier. - The research unit in Software, Systems, Networks (LSR) is member of IMAG. -*/ - -/* - * Derived from : - * - * - * ipcp.h - IP Control Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ipv6cp.h,v 1.7 2002/12/04 23:03:32 paulus Exp $ - */ - -/* - * Options. - */ -#define CI_IFACEID 1 /* Interface Identifier */ -#define CI_COMPRESSTYPE 2 /* Compression Type */ - -/* No compression types yet defined. - *#define IPV6CP_COMP 0x004f - */ -typedef struct ipv6cp_options { - int neg_ifaceid; /* Negotiate interface identifier? */ - int req_ifaceid; /* Ask peer to send interface identifier? */ - int accept_local; /* accept peer's value for iface id? */ - int opt_local; /* ourtoken set by option */ - int opt_remote; /* histoken set by option */ - int use_ip; /* use IP as interface identifier */ -#if defined(SOL2) || defined(__linux__) - int use_persistent; /* use uniquely persistent value for address */ -#endif /* defined(SOL2) */ - int neg_vj; /* Van Jacobson Compression? */ - u_short vj_protocol; /* protocol value to use in VJ option */ - eui64_t ourid, hisid; /* Interface identifiers */ -} ipv6cp_options; - -extern fsm ipv6cp_fsm[]; -extern ipv6cp_options ipv6cp_wantoptions[]; -extern ipv6cp_options ipv6cp_gotoptions[]; -extern ipv6cp_options ipv6cp_allowoptions[]; -extern ipv6cp_options ipv6cp_hisoptions[]; - -extern struct protent ipv6cp_protent; diff --git a/pppd/ipxcp.c b/pppd/ipxcp.c deleted file mode 100644 index a78456d..0000000 --- a/pppd/ipxcp.c +++ /dev/null @@ -1,1598 +0,0 @@ -/* - * ipxcp.c - PPP IPX Control Protocol. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifdef IPX_CHANGE - -#define RCSID "$Id: ipxcp.c,v 1.23 2004/11/13 02:28:15 paulus Exp $" - -/* - * TODO: - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "ipxcp.h" -#include "pathnames.h" -#include "magic.h" - -static const char rcsid[] = RCSID; - -/* global vars */ -ipxcp_options ipxcp_wantoptions[NUM_PPP]; /* Options that we want to request */ -ipxcp_options ipxcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ -ipxcp_options ipxcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ -ipxcp_options ipxcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ - -#define wo (&ipxcp_wantoptions[0]) -#define ao (&ipxcp_allowoptions[0]) -#define go (&ipxcp_gotoptions[0]) -#define ho (&ipxcp_hisoptions[0]) - -/* - * Callbacks for fsm code. (CI = Configuration Information) - */ -static void ipxcp_resetci __P((fsm *)); /* Reset our CI */ -static int ipxcp_cilen __P((fsm *)); /* Return length of our CI */ -static void ipxcp_addci __P((fsm *, u_char *, int *)); /* Add our CI */ -static int ipxcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */ -static int ipxcp_nakci __P((fsm *, u_char *, int, int));/* Peer nak'd our CI */ -static int ipxcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */ -static int ipxcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv CI */ -static void ipxcp_up __P((fsm *)); /* We're UP */ -static void ipxcp_down __P((fsm *)); /* We're DOWN */ -static void ipxcp_finished __P((fsm *)); /* Don't need lower layer */ -static void ipxcp_script __P((fsm *, char *)); /* Run an up/down script */ - -fsm ipxcp_fsm[NUM_PPP]; /* IPXCP fsm structure */ - -static fsm_callbacks ipxcp_callbacks = { /* IPXCP callback routines */ - ipxcp_resetci, /* Reset our Configuration Information */ - ipxcp_cilen, /* Length of our Configuration Information */ - ipxcp_addci, /* Add our Configuration Information */ - ipxcp_ackci, /* ACK our Configuration Information */ - ipxcp_nakci, /* NAK our Configuration Information */ - ipxcp_rejci, /* Reject our Configuration Information */ - ipxcp_reqci, /* Request peer's Configuration Information */ - ipxcp_up, /* Called when fsm reaches OPENED state */ - ipxcp_down, /* Called when fsm leaves OPENED state */ - NULL, /* Called when we want the lower layer up */ - ipxcp_finished, /* Called when we want the lower layer down */ - NULL, /* Called when Protocol-Reject received */ - NULL, /* Retransmission is necessary */ - NULL, /* Called to handle protocol-specific codes */ - "IPXCP" /* String name of protocol */ -}; - -/* - * Command-line options. - */ -static int setipxnode __P((char **)); -static void printipxnode __P((option_t *, - void (*)(void *, char *, ...), void *)); -static int setipxname __P((char **)); - -static option_t ipxcp_option_list[] = { - { "ipx", o_bool, &ipxcp_protent.enabled_flag, - "Enable IPXCP (and IPX)", OPT_PRIO | 1 }, - { "+ipx", o_bool, &ipxcp_protent.enabled_flag, - "Enable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS | 1 }, - { "noipx", o_bool, &ipxcp_protent.enabled_flag, - "Disable IPXCP (and IPX)", OPT_PRIOSUB }, - { "-ipx", o_bool, &ipxcp_protent.enabled_flag, - "Disable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS }, - - { "ipx-network", o_uint32, &ipxcp_wantoptions[0].our_network, - "Set our IPX network number", OPT_PRIO, &ipxcp_wantoptions[0].neg_nn }, - - { "ipxcp-accept-network", o_bool, &ipxcp_wantoptions[0].accept_network, - "Accept peer IPX network number", 1, - &ipxcp_allowoptions[0].accept_network }, - - { "ipx-node", o_special, (void *)setipxnode, - "Set IPX node number", OPT_A2PRINTER, (void *)printipxnode }, - - { "ipxcp-accept-local", o_bool, &ipxcp_wantoptions[0].accept_local, - "Accept our IPX address", 1, - &ipxcp_allowoptions[0].accept_local }, - - { "ipxcp-accept-remote", o_bool, &ipxcp_wantoptions[0].accept_remote, - "Accept peer's IPX address", 1, - &ipxcp_allowoptions[0].accept_remote }, - - { "ipx-routing", o_int, &ipxcp_wantoptions[0].router, - "Set IPX routing proto number", OPT_PRIO, - &ipxcp_wantoptions[0].neg_router }, - - { "ipx-router-name", o_special, setipxname, - "Set IPX router name", OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, - &ipxcp_wantoptions[0].name }, - - { "ipxcp-restart", o_int, &ipxcp_fsm[0].timeouttime, - "Set timeout for IPXCP", OPT_PRIO }, - { "ipxcp-max-terminate", o_int, &ipxcp_fsm[0].maxtermtransmits, - "Set max #xmits for IPXCP term-reqs", OPT_PRIO }, - { "ipxcp-max-configure", o_int, &ipxcp_fsm[0].maxconfreqtransmits, - "Set max #xmits for IPXCP conf-reqs", OPT_PRIO }, - { "ipxcp-max-failure", o_int, &ipxcp_fsm[0].maxnakloops, - "Set max #conf-naks for IPXCP", OPT_PRIO }, - - { NULL } -}; - -/* - * Protocol entry points. - */ - -static void ipxcp_init __P((int)); -static void ipxcp_open __P((int)); -static void ipxcp_close __P((int, char *)); -static void ipxcp_lowerup __P((int)); -static void ipxcp_lowerdown __P((int)); -static void ipxcp_input __P((int, u_char *, int)); -static void ipxcp_protrej __P((int)); -static int ipxcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); - -struct protent ipxcp_protent = { - PPP_IPXCP, - ipxcp_init, - ipxcp_input, - ipxcp_protrej, - ipxcp_lowerup, - ipxcp_lowerdown, - ipxcp_open, - ipxcp_close, - ipxcp_printpkt, - NULL, - 0, - "IPXCP", - "IPX", - ipxcp_option_list, - NULL, - NULL, - NULL -}; - -/* - * Lengths of configuration options. - */ - -#define CILEN_VOID 2 -#define CILEN_COMPLETE 2 /* length of complete option */ -#define CILEN_NETN 6 /* network number length option */ -#define CILEN_NODEN 8 /* node number length option */ -#define CILEN_PROTOCOL 4 /* Minimum length of routing protocol */ -#define CILEN_NAME 3 /* Minimum length of router name */ -#define CILEN_COMPRESS 4 /* Minimum length of compression protocol */ - -#define CODENAME(x) ((x) == CONFACK ? "ACK" : \ - (x) == CONFNAK ? "NAK" : "REJ") - -static int ipxcp_is_up; - -static char *ipx_ntoa __P((u_int32_t)); - -/* Used in printing the node number */ -#define NODE(base) base[0], base[1], base[2], base[3], base[4], base[5] - -/* Used to generate the proper bit mask */ -#define BIT(num) (1 << (num)) - -/* - * Convert from internal to external notation - */ - -static short int -to_external(internal) -short int internal; -{ - short int external; - - if (internal & BIT(IPX_NONE) ) - external = IPX_NONE; - else - external = RIP_SAP; - - return external; -} - -/* - * Make a string representation of a network IP address. - */ - -static char * -ipx_ntoa(ipxaddr) -u_int32_t ipxaddr; -{ - static char b[64]; - slprintf(b, sizeof(b), "%x", ipxaddr); - return b; -} - - -static u_char * -setipxnodevalue(src,dst) -u_char *src, *dst; -{ - int indx; - int item; - - for (;;) { - if (!isxdigit (*src)) - break; - - for (indx = 0; indx < 5; ++indx) { - dst[indx] <<= 4; - dst[indx] |= (dst[indx + 1] >> 4) & 0x0F; - } - - item = toupper (*src) - '0'; - if (item > 9) - item -= 7; - - dst[5] = (dst[5] << 4) | item; - ++src; - } - return src; -} - -static int ipx_prio_our, ipx_prio_his; - -static int -setipxnode(argv) - char **argv; -{ - char *end; - int have_his = 0; - u_char our_node[6]; - u_char his_node[6]; - - memset (our_node, 0, 6); - memset (his_node, 0, 6); - - end = setipxnodevalue (*argv, our_node); - if (*end == ':') { - have_his = 1; - end = setipxnodevalue (++end, his_node); - } - - if (*end == '\0') { - ipxcp_wantoptions[0].neg_node = 1; - if (option_priority >= ipx_prio_our) { - memcpy(&ipxcp_wantoptions[0].our_node[0], our_node, 6); - ipx_prio_our = option_priority; - } - if (have_his && option_priority >= ipx_prio_his) { - memcpy(&ipxcp_wantoptions[0].his_node[0], his_node, 6); - ipx_prio_his = option_priority; - } - return 1; - } - - option_error("invalid parameter '%s' for ipx-node option", *argv); - return 0; -} - -static void -printipxnode(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - unsigned char *p; - - p = ipxcp_wantoptions[0].our_node; - if (ipx_prio_our) - printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x", - p[0], p[1], p[2], p[3], p[4], p[5]); - printer(arg, ":"); - p = ipxcp_wantoptions[0].his_node; - if (ipx_prio_his) - printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x", - p[0], p[1], p[2], p[3], p[4], p[5]); -} - -static int -setipxname (argv) - char **argv; -{ - char *dest = ipxcp_wantoptions[0].name; - char *src = *argv; - int count; - char ch; - - ipxcp_wantoptions[0].neg_name = 1; - ipxcp_allowoptions[0].neg_name = 1; - memset (dest, '\0', sizeof (ipxcp_wantoptions[0].name)); - - count = 0; - while (*src) { - ch = *src++; - if (! isalnum (ch) && ch != '_') { - option_error("IPX router name must be alphanumeric or _"); - return 0; - } - - if (count >= sizeof (ipxcp_wantoptions[0].name) - 1) { - option_error("IPX router name is limited to %d characters", - sizeof (ipxcp_wantoptions[0].name) - 1); - return 0; - } - - dest[count++] = toupper (ch); - } - dest[count] = 0; - - return 1; -} - -/* - * ipxcp_init - Initialize IPXCP. - */ -static void -ipxcp_init(unit) - int unit; -{ - fsm *f = &ipxcp_fsm[unit]; - - f->unit = unit; - f->protocol = PPP_IPXCP; - f->callbacks = &ipxcp_callbacks; - fsm_init(&ipxcp_fsm[unit]); - - memset (wo->name, 0, sizeof (wo->name)); - memset (wo->our_node, 0, sizeof (wo->our_node)); - memset (wo->his_node, 0, sizeof (wo->his_node)); - - wo->neg_nn = 1; - wo->neg_complete = 1; - wo->network = 0; - - ao->neg_node = 1; - ao->neg_nn = 1; - ao->neg_name = 1; - ao->neg_complete = 1; - ao->neg_router = 1; - - ao->accept_local = 0; - ao->accept_remote = 0; - ao->accept_network = 0; - - wo->tried_rip = 0; - wo->tried_nlsp = 0; -} - -/* - * Copy the node number - */ - -static void -copy_node (src, dst) -u_char *src, *dst; -{ - memcpy (dst, src, sizeof (ipxcp_wantoptions[0].our_node)); -} - -/* - * Compare node numbers - */ - -static int -compare_node (src, dst) -u_char *src, *dst; -{ - return memcmp (dst, src, sizeof (ipxcp_wantoptions[0].our_node)) == 0; -} - -/* - * Is the node number zero? - */ - -static int -zero_node (node) -u_char *node; -{ - int indx; - for (indx = 0; indx < sizeof (ipxcp_wantoptions[0].our_node); ++indx) - if (node [indx] != 0) - return 0; - return 1; -} - -/* - * Increment the node number - */ - -static void -inc_node (node) -u_char *node; -{ - u_char *outp; - u_int32_t magic_num; - - outp = node; - magic_num = magic(); - *outp++ = '\0'; - *outp++ = '\0'; - PUTLONG (magic_num, outp); -} - -/* - * ipxcp_open - IPXCP is allowed to come up. - */ -static void -ipxcp_open(unit) - int unit; -{ - fsm_open(&ipxcp_fsm[unit]); -} - -/* - * ipxcp_close - Take IPXCP down. - */ -static void -ipxcp_close(unit, reason) - int unit; - char *reason; -{ - fsm_close(&ipxcp_fsm[unit], reason); -} - - -/* - * ipxcp_lowerup - The lower layer is up. - */ -static void -ipxcp_lowerup(unit) - int unit; -{ - fsm_lowerup(&ipxcp_fsm[unit]); -} - - -/* - * ipxcp_lowerdown - The lower layer is down. - */ -static void -ipxcp_lowerdown(unit) - int unit; -{ - fsm_lowerdown(&ipxcp_fsm[unit]); -} - - -/* - * ipxcp_input - Input IPXCP packet. - */ -static void -ipxcp_input(unit, p, len) - int unit; - u_char *p; - int len; -{ - fsm_input(&ipxcp_fsm[unit], p, len); -} - - -/* - * ipxcp_protrej - A Protocol-Reject was received for IPXCP. - * - * Pretend the lower layer went down, so we shut up. - */ -static void -ipxcp_protrej(unit) - int unit; -{ - fsm_lowerdown(&ipxcp_fsm[unit]); -} - - -/* - * ipxcp_resetci - Reset our CI. - */ -static void -ipxcp_resetci(f) - fsm *f; -{ - wo->req_node = wo->neg_node && ao->neg_node; - wo->req_nn = wo->neg_nn && ao->neg_nn; - - if (wo->our_network == 0) { - wo->neg_node = 1; - ao->accept_network = 1; - } -/* - * If our node number is zero then change it. - */ - if (zero_node (wo->our_node)) { - inc_node (wo->our_node); - ao->accept_local = 1; - wo->neg_node = 1; - } -/* - * If his node number is zero then change it. - */ - if (zero_node (wo->his_node)) { - inc_node (wo->his_node); - ao->accept_remote = 1; - } -/* - * If no routing agent was specified then we do RIP/SAP according to the - * RFC documents. If you have specified something then OK. Otherwise, we - * do RIP/SAP. - */ - if (ao->router == 0) { - ao->router |= BIT(RIP_SAP); - wo->router |= BIT(RIP_SAP); - } - - /* Always specify a routing protocol unless it was REJected. */ - wo->neg_router = 1; -/* - * Start with these default values - */ - *go = *wo; -} - -/* - * ipxcp_cilen - Return length of our CI. - */ - -static int -ipxcp_cilen(f) - fsm *f; -{ - int len; - - len = go->neg_nn ? CILEN_NETN : 0; - len += go->neg_node ? CILEN_NODEN : 0; - len += go->neg_name ? CILEN_NAME + strlen (go->name) - 1 : 0; - - /* RFC says that defaults should not be included. */ - if (go->neg_router && to_external(go->router) != RIP_SAP) - len += CILEN_PROTOCOL; - - return (len); -} - - -/* - * ipxcp_addci - Add our desired CIs to a packet. - */ -static void -ipxcp_addci(f, ucp, lenp) - fsm *f; - u_char *ucp; - int *lenp; -{ -/* - * Add the options to the record. - */ - if (go->neg_nn) { - PUTCHAR (IPX_NETWORK_NUMBER, ucp); - PUTCHAR (CILEN_NETN, ucp); - PUTLONG (go->our_network, ucp); - } - - if (go->neg_node) { - int indx; - PUTCHAR (IPX_NODE_NUMBER, ucp); - PUTCHAR (CILEN_NODEN, ucp); - for (indx = 0; indx < sizeof (go->our_node); ++indx) - PUTCHAR (go->our_node[indx], ucp); - } - - if (go->neg_name) { - int cilen = strlen (go->name); - int indx; - PUTCHAR (IPX_ROUTER_NAME, ucp); - PUTCHAR (CILEN_NAME + cilen - 1, ucp); - for (indx = 0; indx < cilen; ++indx) - PUTCHAR (go->name [indx], ucp); - } - - if (go->neg_router) { - short external = to_external (go->router); - if (external != RIP_SAP) { - PUTCHAR (IPX_ROUTER_PROTOCOL, ucp); - PUTCHAR (CILEN_PROTOCOL, ucp); - PUTSHORT (external, ucp); - } - } -} - -/* - * ipxcp_ackci - Ack our CIs. - * - * Returns: - * 0 - Ack was bad. - * 1 - Ack was good. - */ -static int -ipxcp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - u_short cilen, citype, cishort; - u_char cichar; - u_int32_t cilong; - -#define ACKCIVOID(opt, neg) \ - if (neg) { \ - if ((len -= CILEN_VOID) < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_VOID || \ - citype != opt) \ - break; \ - } - -#define ACKCICOMPLETE(opt,neg) ACKCIVOID(opt, neg) - -#define ACKCICHARS(opt, neg, val, cnt) \ - if (neg) { \ - int indx, count = cnt; \ - len -= (count + 2); \ - if (len < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != (count + 2) || \ - citype != opt) \ - break; \ - for (indx = 0; indx < count; ++indx) {\ - GETCHAR(cichar, p); \ - if (cichar != ((u_char *) &val)[indx]) \ - break; \ - }\ - if (indx != count) \ - break; \ - } - -#define ACKCINODE(opt,neg,val) ACKCICHARS(opt,neg,val,sizeof(val)) -#define ACKCINAME(opt,neg,val) ACKCICHARS(opt,neg,val,strlen(val)) - -#define ACKCINETWORK(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_NETN) < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_NETN || \ - citype != opt) \ - break; \ - GETLONG(cilong, p); \ - if (cilong != val) \ - break; \ - } - -#define ACKCIPROTO(opt, neg, val) \ - if (neg) { \ - if (len < 2) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_PROTOCOL || citype != opt) \ - break; \ - len -= cilen; \ - if (len < 0) \ - break; \ - GETSHORT(cishort, p); \ - if (cishort != to_external (val) || cishort == RIP_SAP) \ - break; \ - } -/* - * Process the ACK frame in the order in which the frame was assembled - */ - do { - ACKCINETWORK (IPX_NETWORK_NUMBER, go->neg_nn, go->our_network); - ACKCINODE (IPX_NODE_NUMBER, go->neg_node, go->our_node); - ACKCINAME (IPX_ROUTER_NAME, go->neg_name, go->name); - if (len > 0) - ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router); -/* - * This is the end of the record. - */ - if (len == 0) - return (1); - } while (0); -/* - * The frame is invalid - */ - IPXCPDEBUG(("ipxcp_ackci: received bad Ack!")); - return (0); -} - -/* - * ipxcp_nakci - Peer has sent a NAK for some of our CIs. - * This should not modify any state if the Nak is bad - * or if IPXCP is in the OPENED state. - * - * Returns: - * 0 - Nak was bad. - * 1 - Nak was good. - */ - -static int -ipxcp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; - int treat_as_reject; -{ - u_char citype, cilen, *next; - u_short s; - u_int32_t l; - ipxcp_options no; /* options we've seen Naks for */ - ipxcp_options try; /* options to request next time */ - - BZERO(&no, sizeof(no)); - try = *go; - - while (len >= CILEN_VOID) { - GETCHAR (citype, p); - GETCHAR (cilen, p); - len -= cilen; - if (cilen < CILEN_VOID || len < 0) - goto bad; - next = &p [cilen - CILEN_VOID]; - - switch (citype) { - case IPX_NETWORK_NUMBER: - if (!go->neg_nn || no.neg_nn || (cilen != CILEN_NETN)) - goto bad; - no.neg_nn = 1; - - GETLONG(l, p); - if (treat_as_reject) - try.neg_nn = 0; - else if (l && ao->accept_network) - try.our_network = l; - break; - - case IPX_NODE_NUMBER: - if (!go->neg_node || no.neg_node || (cilen != CILEN_NODEN)) - goto bad; - no.neg_node = 1; - - if (treat_as_reject) - try.neg_node = 0; - else if (!zero_node (p) && ao->accept_local && - ! compare_node (p, ho->his_node)) - copy_node (p, try.our_node); - break; - - /* This has never been sent. Ignore the NAK frame */ - case IPX_COMPRESSION_PROTOCOL: - goto bad; - - case IPX_ROUTER_PROTOCOL: - if (!go->neg_router || (cilen < CILEN_PROTOCOL)) - goto bad; - - GETSHORT (s, p); - if (s > 15) /* This is just bad, but ignore for now. */ - break; - - s = BIT(s); - if (no.router & s) /* duplicate NAKs are always bad */ - goto bad; - - if (no.router == 0) /* Reset on first NAK only */ - try.router = 0; - - no.router |= s; - try.router |= s; - try.neg_router = 1; - break; - - /* These, according to the RFC, must never be NAKed. */ - case IPX_ROUTER_NAME: - case IPX_COMPLETE: - goto bad; - - /* These are for options which we have not seen. */ - default: - break; - } - p = next; - } - - /* - * Do not permit the peer to force a router protocol which we do not - * support. However, default to the condition that will accept "NONE". - */ - try.router &= (ao->router | BIT(IPX_NONE)); - if (try.router == 0 && ao->router != 0) - try.router = BIT(IPX_NONE); - - if (try.router != 0) - try.neg_router = 1; - - /* - * OK, the Nak is good. Now we can update state. - * If there are any options left, we ignore them. - */ - if (f->state != OPENED) - *go = try; - - return 1; - -bad: - IPXCPDEBUG(("ipxcp_nakci: received bad Nak!")); - return 0; -} - -/* - * ipxcp_rejci - Reject some of our CIs. - */ -static int -ipxcp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - u_short cilen, citype, cishort; - u_char cichar; - u_int32_t cilong; - ipxcp_options try; /* options to request next time */ - -#define REJCINETWORK(opt, neg, val) \ - if (neg && p[0] == opt) { \ - if ((len -= CILEN_NETN) < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_NETN || \ - citype != opt) \ - break; \ - GETLONG(cilong, p); \ - if (cilong != val) \ - break; \ - neg = 0; \ - } - -#define REJCICHARS(opt, neg, val, cnt) \ - if (neg && p[0] == opt) { \ - int indx, count = cnt; \ - len -= (count + 2); \ - if (len < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != (count + 2) || \ - citype != opt) \ - break; \ - for (indx = 0; indx < count; ++indx) {\ - GETCHAR(cichar, p); \ - if (cichar != ((u_char *) &val)[indx]) \ - break; \ - }\ - if (indx != count) \ - break; \ - neg = 0; \ - } - -#define REJCINODE(opt,neg,val) REJCICHARS(opt,neg,val,sizeof(val)) -#define REJCINAME(opt,neg,val) REJCICHARS(opt,neg,val,strlen(val)) - -#define REJCIVOID(opt, neg) \ - if (neg && p[0] == opt) { \ - if ((len -= CILEN_VOID) < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_VOID || citype != opt) \ - break; \ - neg = 0; \ - } - -/* a reject for RIP/SAP is invalid since we don't send it and you can't - reject something which is not sent. (You can NAK, but you can't REJ.) */ -#define REJCIPROTO(opt, neg, val, bit) \ - if (neg && p[0] == opt) { \ - if ((len -= CILEN_PROTOCOL) < 0) \ - break; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_PROTOCOL) \ - break; \ - GETSHORT(cishort, p); \ - if (cishort != to_external (val) || cishort == RIP_SAP) \ - break; \ - neg = 0; \ - } -/* - * Any Rejected CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ - try = *go; - - do { - REJCINETWORK (IPX_NETWORK_NUMBER, try.neg_nn, try.our_network); - REJCINODE (IPX_NODE_NUMBER, try.neg_node, try.our_node); - REJCINAME (IPX_ROUTER_NAME, try.neg_name, try.name); - REJCIPROTO (IPX_ROUTER_PROTOCOL, try.neg_router, try.router, 0); -/* - * This is the end of the record. - */ - if (len == 0) { - if (f->state != OPENED) - *go = try; - return (1); - } - } while (0); -/* - * The frame is invalid at this point. - */ - IPXCPDEBUG(("ipxcp_rejci: received bad Reject!")); - return 0; -} - -/* - * ipxcp_reqci - Check the peer's requested CIs and send appropriate response. - * - * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified - * appropriately. If reject_if_disagree is non-zero, doesn't return - * CONFNAK; returns CONFREJ if it can't return CONFACK. - */ -static int -ipxcp_reqci(f, inp, len, reject_if_disagree) - fsm *f; - u_char *inp; /* Requested CIs */ - int *len; /* Length of requested CIs */ - int reject_if_disagree; -{ - u_char *cip, *next; /* Pointer to current and next CIs */ - u_short cilen, citype; /* Parsed len, type */ - u_short cishort; /* Parsed short value */ - u_int32_t cinetwork; /* Parsed address values */ - int rc = CONFACK; /* Final packet return code */ - int orc; /* Individual option return code */ - u_char *p; /* Pointer to next char to parse */ - u_char *ucp = inp; /* Pointer to current output char */ - int l = *len; /* Length left */ - - /* - * Reset all his options. - */ - BZERO(ho, sizeof(*ho)); - - /* - * Process all his options. - */ - next = inp; - while (l) { - orc = CONFACK; /* Assume success */ - cip = p = next; /* Remember begining of CI */ - if (l < 2 || /* Not enough data for CI header or */ - p[1] < 2 || /* CI length too small or */ - p[1] > l) { /* CI length too big? */ - IPXCPDEBUG(("ipxcp_reqci: bad CI length!")); - orc = CONFREJ; /* Reject bad CI */ - cilen = l; /* Reject till end of packet */ - l = 0; /* Don't loop again */ - goto endswitch; - } - GETCHAR(citype, p); /* Parse CI type */ - GETCHAR(cilen, p); /* Parse CI length */ - l -= cilen; /* Adjust remaining length */ - next += cilen; /* Step to next CI */ - - switch (citype) { /* Check CI type */ -/* - * The network number must match. Choose the larger of the two. - */ - case IPX_NETWORK_NUMBER: - /* if we wont negotiate the network number or the length is wrong - then reject the option */ - if ( !ao->neg_nn || cilen != CILEN_NETN ) { - orc = CONFREJ; - break; - } - GETLONG(cinetwork, p); - - /* If the network numbers match then acknowledge them. */ - if (cinetwork != 0) { - ho->his_network = cinetwork; - ho->neg_nn = 1; - if (wo->our_network == cinetwork) - break; -/* - * If the network number is not given or we don't accept their change or - * the network number is too small then NAK it. - */ - if (! ao->accept_network || cinetwork < wo->our_network) { - DECPTR (sizeof (u_int32_t), p); - PUTLONG (wo->our_network, p); - orc = CONFNAK; - } - break; - } -/* - * The peer sent '0' for the network. Give it ours if we have one. - */ - if (go->our_network != 0) { - DECPTR (sizeof (u_int32_t), p); - PUTLONG (wo->our_network, p); - orc = CONFNAK; -/* - * We don't have one. Reject the value. - */ - } else - orc = CONFREJ; - - break; -/* - * The node number is required - */ - case IPX_NODE_NUMBER: - /* if we wont negotiate the node number or the length is wrong - then reject the option */ - if ( cilen != CILEN_NODEN ) { - orc = CONFREJ; - break; - } - - copy_node (p, ho->his_node); - ho->neg_node = 1; -/* - * If the remote does not have a number and we do then NAK it with the value - * which we have for it. (We never have a default value of zero.) - */ - if (zero_node (ho->his_node)) { - orc = CONFNAK; - copy_node (wo->his_node, p); - INCPTR (sizeof (wo->his_node), p); - break; - } -/* - * If you have given me the expected network node number then I'll accept - * it now. - */ - if (compare_node (wo->his_node, ho->his_node)) { - orc = CONFACK; - ho->neg_node = 1; - INCPTR (sizeof (wo->his_node), p); - break; - } -/* - * If his node number is the same as ours then ask him to try the next - * value. - */ - if (compare_node (ho->his_node, go->our_node)) { - inc_node (ho->his_node); - orc = CONFNAK; - copy_node (ho->his_node, p); - INCPTR (sizeof (wo->his_node), p); - break; - } -/* - * If we don't accept a new value then NAK it. - */ - if (! ao->accept_remote) { - copy_node (wo->his_node, p); - INCPTR (sizeof (wo->his_node), p); - orc = CONFNAK; - break; - } - orc = CONFACK; - ho->neg_node = 1; - INCPTR (sizeof (wo->his_node), p); - break; -/* - * Compression is not desired at this time. It is always rejected. - */ - case IPX_COMPRESSION_PROTOCOL: - orc = CONFREJ; - break; -/* - * The routing protocol is a bitmask of various types. Any combination - * of the values RIP_SAP and NLSP are permissible. 'IPX_NONE' for no - * routing protocol must be specified only once. - */ - case IPX_ROUTER_PROTOCOL: - if ( !ao->neg_router || cilen < CILEN_PROTOCOL ) { - orc = CONFREJ; - break; - } - - GETSHORT (cishort, p); - - if (wo->neg_router == 0) { - wo->neg_router = 1; - wo->router = BIT(IPX_NONE); - } - - if ((cishort == IPX_NONE && ho->router != 0) || - (ho->router & BIT(IPX_NONE))) { - orc = CONFREJ; - break; - } - - cishort = BIT(cishort); - if (ho->router & cishort) { - orc = CONFREJ; - break; - } - - ho->router |= cishort; - ho->neg_router = 1; - - /* Finally do not allow a router protocol which we do not - support. */ - - if ((cishort & (ao->router | BIT(IPX_NONE))) == 0) { - int protocol; - - if (cishort == BIT(NLSP) && - (ao->router & BIT(RIP_SAP)) && - !wo->tried_rip) { - protocol = RIP_SAP; - wo->tried_rip = 1; - } else - protocol = IPX_NONE; - - DECPTR (sizeof (u_int16_t), p); - PUTSHORT (protocol, p); - orc = CONFNAK; - } - break; -/* - * The router name is advisorary. Just accept it if it is not too large. - */ - case IPX_ROUTER_NAME: - if (cilen >= CILEN_NAME) { - int name_size = cilen - CILEN_NAME; - if (name_size > sizeof (ho->name)) - name_size = sizeof (ho->name) - 1; - memset (ho->name, 0, sizeof (ho->name)); - memcpy (ho->name, p, name_size); - ho->name [name_size] = '\0'; - ho->neg_name = 1; - orc = CONFACK; - break; - } - orc = CONFREJ; - break; -/* - * This is advisorary. - */ - case IPX_COMPLETE: - if (cilen != CILEN_COMPLETE) - orc = CONFREJ; - else { - ho->neg_complete = 1; - orc = CONFACK; - } - break; -/* - * All other entries are not known at this time. - */ - default: - orc = CONFREJ; - break; - } -endswitch: - if (orc == CONFACK && /* Good CI */ - rc != CONFACK) /* but prior CI wasnt? */ - continue; /* Don't send this one */ - - if (orc == CONFNAK) { /* Nak this CI? */ - if (reject_if_disagree) /* Getting fed up with sending NAKs? */ - orc = CONFREJ; /* Get tough if so */ - if (rc == CONFREJ) /* Rejecting prior CI? */ - continue; /* Don't send this one */ - if (rc == CONFACK) { /* Ack'd all prior CIs? */ - rc = CONFNAK; /* Not anymore... */ - ucp = inp; /* Backup */ - } - } - - if (orc == CONFREJ && /* Reject this CI */ - rc != CONFREJ) { /* but no prior ones? */ - rc = CONFREJ; - ucp = inp; /* Backup */ - } - - /* Need to move CI? */ - if (ucp != cip) - BCOPY(cip, ucp, cilen); /* Move it */ - - /* Update output pointer */ - INCPTR(cilen, ucp); - } - - /* - * If we aren't rejecting this packet, and we want to negotiate - * their address, and they didn't send their address, then we - * send a NAK with a IPX_NODE_NUMBER option appended. We assume the - * input buffer is long enough that we can append the extra - * option safely. - */ - - if (rc != CONFREJ && !ho->neg_node && - wo->req_nn && !reject_if_disagree) { - if (rc == CONFACK) { - rc = CONFNAK; - wo->req_nn = 0; /* don't ask again */ - ucp = inp; /* reset pointer */ - } - - if (zero_node (wo->his_node)) - inc_node (wo->his_node); - - PUTCHAR (IPX_NODE_NUMBER, ucp); - PUTCHAR (CILEN_NODEN, ucp); - copy_node (wo->his_node, ucp); - INCPTR (sizeof (wo->his_node), ucp); - } - - *len = ucp - inp; /* Compute output length */ - IPXCPDEBUG(("ipxcp: returning Configure-%s", CODENAME(rc))); - return (rc); /* Return final code */ -} - -/* - * ipxcp_up - IPXCP has come UP. - * - * Configure the IP network interface appropriately and bring it up. - */ - -static void -ipxcp_up(f) - fsm *f; -{ - int unit = f->unit; - - IPXCPDEBUG(("ipxcp: up")); - - /* The default router protocol is RIP/SAP. */ - if (ho->router == 0) - ho->router = BIT(RIP_SAP); - - if (go->router == 0) - go->router = BIT(RIP_SAP); - - /* Fetch the network number */ - if (!ho->neg_nn) - ho->his_network = wo->his_network; - - if (!ho->neg_node) - copy_node (wo->his_node, ho->his_node); - - if (!wo->neg_node && !go->neg_node) - copy_node (wo->our_node, go->our_node); - - if (zero_node (go->our_node)) { - static char errmsg[] = "Could not determine local IPX node address"; - if (debug) - error(errmsg); - ipxcp_close(f->unit, errmsg); - return; - } - - go->network = go->our_network; - if (ho->his_network != 0 && ho->his_network > go->network) - go->network = ho->his_network; - - if (go->network == 0) { - static char errmsg[] = "Can not determine network number"; - if (debug) - error(errmsg); - ipxcp_close (unit, errmsg); - return; - } - - /* bring the interface up */ - if (!sifup(unit)) { - if (debug) - warn("sifup failed (IPX)"); - ipxcp_close(unit, "Interface configuration failed"); - return; - } - ipxcp_is_up = 1; - - /* set the network number for IPX */ - if (!sipxfaddr(unit, go->network, go->our_node)) { - if (debug) - warn("sipxfaddr failed"); - ipxcp_close(unit, "Interface configuration failed"); - return; - } - - np_up(f->unit, PPP_IPX); - - /* - * Execute the ipx-up script, like this: - * /etc/ppp/ipx-up interface tty speed local-IPX remote-IPX - */ - - ipxcp_script (f, _PATH_IPXUP); -} - -/* - * ipxcp_down - IPXCP has gone DOWN. - * - * Take the IP network interface down, clear its addresses - * and delete routes through it. - */ - -static void -ipxcp_down(f) - fsm *f; -{ - IPXCPDEBUG(("ipxcp: down")); - - if (!ipxcp_is_up) - return; - ipxcp_is_up = 0; - np_down(f->unit, PPP_IPX); - cipxfaddr(f->unit); - sifnpmode(f->unit, PPP_IPX, NPMODE_DROP); - sifdown(f->unit); - ipxcp_script (f, _PATH_IPXDOWN); -} - - -/* - * ipxcp_finished - possibly shut down the lower layers. - */ -static void -ipxcp_finished(f) - fsm *f; -{ - np_finished(f->unit, PPP_IPX); -} - - -/* - * ipxcp_script - Execute a script with arguments - * interface-name tty-name speed local-IPX remote-IPX networks. - */ -static void -ipxcp_script(f, script) - fsm *f; - char *script; -{ - char strspeed[32], strlocal[32], strremote[32]; - char strnetwork[32], strpid[32]; - char *argv[14], strproto_lcl[32], strproto_rmt[32]; - - slprintf(strpid, sizeof(strpid), "%d", getpid()); - slprintf(strspeed, sizeof(strspeed),"%d", baud_rate); - - strproto_lcl[0] = '\0'; - if (go->neg_router && ((go->router & BIT(IPX_NONE)) == 0)) { - if (go->router & BIT(RIP_SAP)) - strlcpy (strproto_lcl, "RIP ", sizeof(strproto_lcl)); - if (go->router & BIT(NLSP)) - strlcat (strproto_lcl, "NLSP ", sizeof(strproto_lcl)); - } - - if (strproto_lcl[0] == '\0') - strlcpy (strproto_lcl, "NONE ", sizeof(strproto_lcl)); - - strproto_lcl[strlen (strproto_lcl)-1] = '\0'; - - strproto_rmt[0] = '\0'; - if (ho->neg_router && ((ho->router & BIT(IPX_NONE)) == 0)) { - if (ho->router & BIT(RIP_SAP)) - strlcpy (strproto_rmt, "RIP ", sizeof(strproto_rmt)); - if (ho->router & BIT(NLSP)) - strlcat (strproto_rmt, "NLSP ", sizeof(strproto_rmt)); - } - - if (strproto_rmt[0] == '\0') - strlcpy (strproto_rmt, "NONE ", sizeof(strproto_rmt)); - - strproto_rmt[strlen (strproto_rmt)-1] = '\0'; - - strlcpy (strnetwork, ipx_ntoa (go->network), sizeof(strnetwork)); - - slprintf (strlocal, sizeof(strlocal), "%0.6B", go->our_node); - - slprintf (strremote, sizeof(strremote), "%0.6B", ho->his_node); - - argv[0] = script; - argv[1] = ifname; - argv[2] = devnam; - argv[3] = strspeed; - argv[4] = strnetwork; - argv[5] = strlocal; - argv[6] = strremote; - argv[7] = strproto_lcl; - argv[8] = strproto_rmt; - argv[9] = go->name; - argv[10] = ho->name; - argv[11] = ipparam; - argv[12] = strpid; - argv[13] = NULL; - run_program(script, argv, 0, NULL, NULL); -} - -/* - * ipxcp_printpkt - print the contents of an IPXCP packet. - */ -static char *ipxcp_codenames[] = { - "ConfReq", "ConfAck", "ConfNak", "ConfRej", - "TermReq", "TermAck", "CodeRej" -}; - -static int -ipxcp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, id, len, olen; - u_char *pstart, *optend; - u_short cishort; - u_int32_t cilong; - - if (plen < HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(ipxcp_codenames) / sizeof(char *)) - printer(arg, " %s", ipxcp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - switch (code) { - case CONFREQ: - case CONFACK: - case CONFNAK: - case CONFREJ: - /* print option list */ - while (len >= 2) { - GETCHAR(code, p); - GETCHAR(olen, p); - p -= 2; - if (olen < CILEN_VOID || olen > len) { - break; - } - printer(arg, " <"); - len -= olen; - optend = p + olen; - switch (code) { - case IPX_NETWORK_NUMBER: - if (olen == CILEN_NETN) { - p += 2; - GETLONG(cilong, p); - printer (arg, "network %s", ipx_ntoa (cilong)); - } - break; - case IPX_NODE_NUMBER: - if (olen == CILEN_NODEN) { - p += 2; - printer (arg, "node "); - while (p < optend) { - GETCHAR(code, p); - printer(arg, "%.2x", (int) (unsigned int) (unsigned char) code); - } - } - break; - case IPX_COMPRESSION_PROTOCOL: - if (olen == CILEN_COMPRESS) { - p += 2; - GETSHORT (cishort, p); - printer (arg, "compression %d", (int) cishort); - } - break; - case IPX_ROUTER_PROTOCOL: - if (olen == CILEN_PROTOCOL) { - p += 2; - GETSHORT (cishort, p); - printer (arg, "router proto %d", (int) cishort); - } - break; - case IPX_ROUTER_NAME: - if (olen >= CILEN_NAME) { - p += 2; - printer (arg, "router name \""); - while (p < optend) { - GETCHAR(code, p); - if (code >= 0x20 && code <= 0x7E) - printer (arg, "%c", (int) (unsigned int) (unsigned char) code); - else - printer (arg, " \\%.2x", (int) (unsigned int) (unsigned char) code); - } - printer (arg, "\""); - } - break; - case IPX_COMPLETE: - if (olen == CILEN_COMPLETE) { - p += 2; - printer (arg, "complete"); - } - break; - default: - break; - } - - while (p < optend) { - GETCHAR(code, p); - printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code); - } - printer(arg, ">"); - } - break; - - case TERMACK: - case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string(p, len, printer, arg); - p += len; - len = 0; - } - break; - } - - /* print the rest of the bytes in the packet */ - for (; len > 0; --len) { - GETCHAR(code, p); - printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code); - } - - return p - pstart; -} -#endif /* ifdef IPX_CHANGE */ diff --git a/pppd/ipxcp.h b/pppd/ipxcp.h deleted file mode 100644 index 396b6bb..0000000 --- a/pppd/ipxcp.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * ipxcp.h - IPX Control Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: ipxcp.h,v 1.5 2002/12/04 23:03:32 paulus Exp $ - */ - -/* - * Options. - */ -#define IPX_NETWORK_NUMBER 1 /* IPX Network Number */ -#define IPX_NODE_NUMBER 2 -#define IPX_COMPRESSION_PROTOCOL 3 -#define IPX_ROUTER_PROTOCOL 4 -#define IPX_ROUTER_NAME 5 -#define IPX_COMPLETE 6 - -/* Values for the router protocol */ -#define IPX_NONE 0 -#define RIP_SAP 2 -#define NLSP 4 - -typedef struct ipxcp_options { - bool neg_node; /* Negotiate IPX node number? */ - bool req_node; /* Ask peer to send IPX node number? */ - - bool neg_nn; /* Negotiate IPX network number? */ - bool req_nn; /* Ask peer to send IPX network number */ - - bool neg_name; /* Negotiate IPX router name */ - bool neg_complete; /* Negotiate completion */ - bool neg_router; /* Negotiate IPX router number */ - - bool accept_local; /* accept peer's value for ournode */ - bool accept_remote; /* accept peer's value for hisnode */ - bool accept_network; /* accept network number */ - - bool tried_nlsp; /* I have suggested NLSP already */ - bool tried_rip; /* I have suggested RIP/SAP already */ - - u_int32_t his_network; /* base network number */ - u_int32_t our_network; /* our value for network number */ - u_int32_t network; /* the final network number */ - - u_char his_node[6]; /* peer's node number */ - u_char our_node[6]; /* our node number */ - u_char name [48]; /* name of the router */ - int router; /* routing protocol */ -} ipxcp_options; - -extern fsm ipxcp_fsm[]; -extern ipxcp_options ipxcp_wantoptions[]; -extern ipxcp_options ipxcp_gotoptions[]; -extern ipxcp_options ipxcp_allowoptions[]; -extern ipxcp_options ipxcp_hisoptions[]; - -extern struct protent ipxcp_protent; diff --git a/pppd/lcp.c b/pppd/lcp.c deleted file mode 100644 index 23f69fe..0000000 --- a/pppd/lcp.c +++ /dev/null @@ -1,2337 +0,0 @@ -/* - * lcp.c - PPP Link Control Protocol. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: lcp.c,v 1.74 2004/11/13 02:28:15 paulus Exp $" - -/* - * TODO: - */ - -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" -#include "chap-new.h" -#include "magic.h" - -static const char rcsid[] = RCSID; - -/* - * When the link comes up we want to be able to wait for a short while, - * or until seeing some input from the peer, before starting to send - * configure-requests. We do this by delaying the fsm_lowerup call. - */ -/* steal a bit in fsm flags word */ -#define DELAYED_UP 0x100 - -static void lcp_delayed_up __P((void *)); - -/* - * LCP-related command-line options. - */ -int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ -int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ -bool lax_recv = 0; /* accept control chars in asyncmap */ -bool noendpoint = 0; /* don't send/accept endpoint discriminator */ - -static int noopt __P((char **)); - -#ifdef HAVE_MULTILINK -static int setendpoint __P((char **)); -static void printendpoint __P((option_t *, void (*)(void *, char *, ...), - void *)); -#endif /* HAVE_MULTILINK */ - -static option_t lcp_option_list[] = { - /* LCP options */ - { "-all", o_special_noarg, (void *)noopt, - "Don't request/allow any LCP options" }, - - { "noaccomp", o_bool, &lcp_wantoptions[0].neg_accompression, - "Disable address/control compression", - OPT_A2CLR, &lcp_allowoptions[0].neg_accompression }, - { "-ac", o_bool, &lcp_wantoptions[0].neg_accompression, - "Disable address/control compression", - OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_accompression }, - - { "asyncmap", o_uint32, &lcp_wantoptions[0].asyncmap, - "Set asyncmap (for received packets)", - OPT_OR, &lcp_wantoptions[0].neg_asyncmap }, - { "-as", o_uint32, &lcp_wantoptions[0].asyncmap, - "Set asyncmap (for received packets)", - OPT_ALIAS | OPT_OR, &lcp_wantoptions[0].neg_asyncmap }, - { "default-asyncmap", o_uint32, &lcp_wantoptions[0].asyncmap, - "Disable asyncmap negotiation", - OPT_OR | OPT_NOARG | OPT_VAL(~0U) | OPT_A2CLR, - &lcp_allowoptions[0].neg_asyncmap }, - { "-am", o_uint32, &lcp_wantoptions[0].asyncmap, - "Disable asyncmap negotiation", - OPT_ALIAS | OPT_OR | OPT_NOARG | OPT_VAL(~0U) | OPT_A2CLR, - &lcp_allowoptions[0].neg_asyncmap }, - - { "nomagic", o_bool, &lcp_wantoptions[0].neg_magicnumber, - "Disable magic number negotiation (looped-back line detection)", - OPT_A2CLR, &lcp_allowoptions[0].neg_magicnumber }, - { "-mn", o_bool, &lcp_wantoptions[0].neg_magicnumber, - "Disable magic number negotiation (looped-back line detection)", - OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_magicnumber }, - - { "mru", o_int, &lcp_wantoptions[0].mru, - "Set MRU (maximum received packet size) for negotiation", - OPT_PRIO, &lcp_wantoptions[0].neg_mru }, - { "default-mru", o_bool, &lcp_wantoptions[0].neg_mru, - "Disable MRU negotiation (use default 1500)", - OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_mru }, - { "-mru", o_bool, &lcp_wantoptions[0].neg_mru, - "Disable MRU negotiation (use default 1500)", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_mru }, - - { "mtu", o_int, &lcp_allowoptions[0].mru, - "Set our MTU", OPT_LIMITS, NULL, MAXMRU, MINMRU }, - - { "nopcomp", o_bool, &lcp_wantoptions[0].neg_pcompression, - "Disable protocol field compression", - OPT_A2CLR, &lcp_allowoptions[0].neg_pcompression }, - { "-pc", o_bool, &lcp_wantoptions[0].neg_pcompression, - "Disable protocol field compression", - OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_pcompression }, - - { "passive", o_bool, &lcp_wantoptions[0].passive, - "Set passive mode", 1 }, - { "-p", o_bool, &lcp_wantoptions[0].passive, - "Set passive mode", OPT_ALIAS | 1 }, - - { "silent", o_bool, &lcp_wantoptions[0].silent, - "Set silent mode", 1 }, - - { "lcp-echo-failure", o_int, &lcp_echo_fails, - "Set number of consecutive echo failures to indicate link failure", - OPT_PRIO }, - { "lcp-echo-interval", o_int, &lcp_echo_interval, - "Set time in seconds between LCP echo requests", OPT_PRIO }, - { "lcp-restart", o_int, &lcp_fsm[0].timeouttime, - "Set time in seconds between LCP retransmissions", OPT_PRIO }, - { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits, - "Set maximum number of LCP terminate-request transmissions", OPT_PRIO }, - { "lcp-max-configure", o_int, &lcp_fsm[0].maxconfreqtransmits, - "Set maximum number of LCP configure-request transmissions", OPT_PRIO }, - { "lcp-max-failure", o_int, &lcp_fsm[0].maxnakloops, - "Set limit on number of LCP configure-naks", OPT_PRIO }, - - { "receive-all", o_bool, &lax_recv, - "Accept all received control characters", 1 }, - -#ifdef HAVE_MULTILINK - { "mrru", o_int, &lcp_wantoptions[0].mrru, - "Maximum received packet size for multilink bundle", - OPT_PRIO, &lcp_wantoptions[0].neg_mrru }, - - { "mpshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf, - "Use short sequence numbers in multilink headers", - OPT_PRIO | 1, &lcp_allowoptions[0].neg_ssnhf }, - { "nompshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf, - "Don't use short sequence numbers in multilink headers", - OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_ssnhf }, - - { "endpoint", o_special, (void *) setendpoint, - "Endpoint discriminator for multilink", - OPT_PRIO | OPT_A2PRINTER, (void *) printendpoint }, -#endif /* HAVE_MULTILINK */ - - { "noendpoint", o_bool, &noendpoint, - "Don't send or accept multilink endpoint discriminator", 1 }, - - {NULL} -}; - -/* global vars */ -fsm lcp_fsm[NUM_PPP]; /* LCP fsm structure (global)*/ -lcp_options lcp_wantoptions[NUM_PPP]; /* Options that we want to request */ -lcp_options lcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ -lcp_options lcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ -lcp_options lcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ - -static int lcp_echos_pending = 0; /* Number of outstanding echo msgs */ -static int lcp_echo_number = 0; /* ID number of next echo frame */ -static int lcp_echo_timer_running = 0; /* set if a timer is running */ - -static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ - -/* - * Callbacks for fsm code. (CI = Configuration Information) - */ -static void lcp_resetci __P((fsm *)); /* Reset our CI */ -static int lcp_cilen __P((fsm *)); /* Return length of our CI */ -static void lcp_addci __P((fsm *, u_char *, int *)); /* Add our CI to pkt */ -static int lcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */ -static int lcp_nakci __P((fsm *, u_char *, int, int)); /* Peer nak'd our CI */ -static int lcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */ -static int lcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv peer CI */ -static void lcp_up __P((fsm *)); /* We're UP */ -static void lcp_down __P((fsm *)); /* We're DOWN */ -static void lcp_starting __P((fsm *)); /* We need lower layer up */ -static void lcp_finished __P((fsm *)); /* We need lower layer down */ -static int lcp_extcode __P((fsm *, int, int, u_char *, int)); -static void lcp_rprotrej __P((fsm *, u_char *, int)); - -/* - * routines to send LCP echos to peer - */ - -static void lcp_echo_lowerup __P((int)); -static void lcp_echo_lowerdown __P((int)); -static void LcpEchoTimeout __P((void *)); -static void lcp_received_echo_reply __P((fsm *, int, u_char *, int)); -static void LcpSendEchoRequest __P((fsm *)); -static void LcpLinkFailure __P((fsm *)); -static void LcpEchoCheck __P((fsm *)); - -static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ - lcp_resetci, /* Reset our Configuration Information */ - lcp_cilen, /* Length of our Configuration Information */ - lcp_addci, /* Add our Configuration Information */ - lcp_ackci, /* ACK our Configuration Information */ - lcp_nakci, /* NAK our Configuration Information */ - lcp_rejci, /* Reject our Configuration Information */ - lcp_reqci, /* Request peer's Configuration Information */ - lcp_up, /* Called when fsm reaches OPENED state */ - lcp_down, /* Called when fsm leaves OPENED state */ - lcp_starting, /* Called when we want the lower layer up */ - lcp_finished, /* Called when we want the lower layer down */ - NULL, /* Called when Protocol-Reject received */ - NULL, /* Retransmission is necessary */ - lcp_extcode, /* Called to handle LCP-specific codes */ - "LCP" /* String name of protocol */ -}; - -/* - * Protocol entry points. - * Some of these are called directly. - */ - -static void lcp_init __P((int)); -static void lcp_input __P((int, u_char *, int)); -static void lcp_protrej __P((int)); -static int lcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); - -struct protent lcp_protent = { - PPP_LCP, - lcp_init, - lcp_input, - lcp_protrej, - lcp_lowerup, - lcp_lowerdown, - lcp_open, - lcp_close, - lcp_printpkt, - NULL, - 1, - "LCP", - NULL, - lcp_option_list, - NULL, - NULL, - NULL -}; - -int lcp_loopbackfail = DEFLOOPBACKFAIL; - -/* - * Length of each type of configuration option (in octets) - */ -#define CILEN_VOID 2 -#define CILEN_CHAR 3 -#define CILEN_SHORT 4 /* CILEN_VOID + 2 */ -#define CILEN_CHAP 5 /* CILEN_VOID + 2 + 1 */ -#define CILEN_LONG 6 /* CILEN_VOID + 4 */ -#define CILEN_LQR 8 /* CILEN_VOID + 2 + 4 */ -#define CILEN_CBCP 3 - -#define CODENAME(x) ((x) == CONFACK ? "ACK" : \ - (x) == CONFNAK ? "NAK" : "REJ") - -/* - * noopt - Disable all options (why?). - */ -static int -noopt(argv) - char **argv; -{ - BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options)); - BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options)); - - return (1); -} - -#ifdef HAVE_MULTILINK -static int -setendpoint(argv) - char **argv; -{ - if (str_to_epdisc(&lcp_wantoptions[0].endpoint, *argv)) { - lcp_wantoptions[0].neg_endpoint = 1; - return 1; - } - option_error("Can't parse '%s' as an endpoint discriminator", *argv); - return 0; -} - -static void -printendpoint(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - printer(arg, "%s", epdisc_to_str(&lcp_wantoptions[0].endpoint)); -} -#endif /* HAVE_MULTILINK */ - -/* - * lcp_init - Initialize LCP. - */ -static void -lcp_init(unit) - int unit; -{ - fsm *f = &lcp_fsm[unit]; - lcp_options *wo = &lcp_wantoptions[unit]; - lcp_options *ao = &lcp_allowoptions[unit]; - - f->unit = unit; - f->protocol = PPP_LCP; - f->callbacks = &lcp_callbacks; - - fsm_init(f); - - BZERO(wo, sizeof(*wo)); - wo->neg_mru = 1; - wo->mru = DEFMRU; - wo->neg_asyncmap = 1; - wo->neg_magicnumber = 1; - wo->neg_pcompression = 1; - wo->neg_accompression = 1; - - BZERO(ao, sizeof(*ao)); - ao->neg_mru = 1; - ao->mru = MAXMRU; - ao->neg_asyncmap = 1; - ao->neg_chap = 1; - ao->chap_mdtype = chap_mdtype_all; - ao->neg_upap = 1; - ao->neg_eap = 1; - ao->neg_magicnumber = 1; - ao->neg_pcompression = 1; - ao->neg_accompression = 1; - ao->neg_endpoint = 1; -} - - -/* - * lcp_open - LCP is allowed to come up. - */ -void -lcp_open(unit) - int unit; -{ - fsm *f = &lcp_fsm[unit]; - lcp_options *wo = &lcp_wantoptions[unit]; - - f->flags &= ~(OPT_PASSIVE | OPT_SILENT); - if (wo->passive) - f->flags |= OPT_PASSIVE; - if (wo->silent) - f->flags |= OPT_SILENT; - fsm_open(f); -} - - -/* - * lcp_close - Take LCP down. - */ -void -lcp_close(unit, reason) - int unit; - char *reason; -{ - fsm *f = &lcp_fsm[unit]; - - if (phase != PHASE_DEAD && phase != PHASE_MASTER) - new_phase(PHASE_TERMINATE); - if (f->state == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT)) { - /* - * This action is not strictly according to the FSM in RFC1548, - * but it does mean that the program terminates if you do a - * lcp_close() in passive/silent mode when a connection hasn't - * been established. - */ - f->state = CLOSED; - lcp_finished(f); - - } else - fsm_close(f, reason); -} - - -/* - * lcp_lowerup - The lower layer is up. - */ -void -lcp_lowerup(unit) - int unit; -{ - lcp_options *wo = &lcp_wantoptions[unit]; - fsm *f = &lcp_fsm[unit]; - - /* - * Don't use A/C or protocol compression on transmission, - * but accept A/C and protocol compressed packets - * if we are going to ask for A/C and protocol compression. - */ - if (ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0) < 0 - || ppp_recv_config(unit, PPP_MRU, (lax_recv? 0: 0xffffffff), - wo->neg_pcompression, wo->neg_accompression) < 0) - return; - peer_mru[unit] = PPP_MRU; - - if (listen_time != 0) { - f->flags |= DELAYED_UP; - timeout(lcp_delayed_up, f, 0, listen_time * 1000); - } else - fsm_lowerup(f); -} - - -/* - * lcp_lowerdown - The lower layer is down. - */ -void -lcp_lowerdown(unit) - int unit; -{ - fsm *f = &lcp_fsm[unit]; - - if (f->flags & DELAYED_UP) - f->flags &= ~DELAYED_UP; - else - fsm_lowerdown(&lcp_fsm[unit]); -} - - -/* - * lcp_delayed_up - Bring the lower layer up now. - */ -static void -lcp_delayed_up(arg) - void *arg; -{ - fsm *f = arg; - - if (f->flags & DELAYED_UP) { - f->flags &= ~DELAYED_UP; - fsm_lowerup(f); - } -} - - -/* - * lcp_input - Input LCP packet. - */ -static void -lcp_input(unit, p, len) - int unit; - u_char *p; - int len; -{ - fsm *f = &lcp_fsm[unit]; - - if (f->flags & DELAYED_UP) { - f->flags &= ~DELAYED_UP; - fsm_lowerup(f); - } - fsm_input(f, p, len); -} - - -/* - * lcp_extcode - Handle a LCP-specific code. - */ -static int -lcp_extcode(f, code, id, inp, len) - fsm *f; - int code, id; - u_char *inp; - int len; -{ - u_char *magp; - - switch( code ){ - case PROTREJ: - lcp_rprotrej(f, inp, len); - break; - - case ECHOREQ: - if (f->state != OPENED) - break; - magp = inp; - PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp); - fsm_sdata(f, ECHOREP, id, inp, len); - break; - - case ECHOREP: - lcp_received_echo_reply(f, id, inp, len); - break; - - case DISCREQ: - break; - - default: - return 0; - } - return 1; -} - - -/* - * lcp_rprotrej - Receive an Protocol-Reject. - * - * Figure out which protocol is rejected and inform it. - */ -static void -lcp_rprotrej(f, inp, len) - fsm *f; - u_char *inp; - int len; -{ - int i; - struct protent *protp; - u_short prot; - - if (len < 2) { - LCPDEBUG(("lcp_rprotrej: Rcvd short Protocol-Reject packet!")); - return; - } - - GETSHORT(prot, inp); - - /* - * Protocol-Reject packets received in any state other than the LCP - * OPENED state SHOULD be silently discarded. - */ - if( f->state != OPENED ){ - LCPDEBUG(("Protocol-Reject discarded: LCP in state %d", f->state)); - return; - } - - /* - * Upcall the proper Protocol-Reject routine. - */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->protocol == prot && protp->enabled_flag) { - (*protp->protrej)(f->unit); - return; - } - - warn("Protocol-Reject for unsupported protocol 0x%x", prot); -} - - -/* - * lcp_protrej - A Protocol-Reject was received. - */ -/*ARGSUSED*/ -static void -lcp_protrej(unit) - int unit; -{ - /* - * Can't reject LCP! - */ - error("Received Protocol-Reject for LCP!"); - fsm_protreject(&lcp_fsm[unit]); -} - - -/* - * lcp_sprotrej - Send a Protocol-Reject for some protocol. - */ -void -lcp_sprotrej(unit, p, len) - int unit; - u_char *p; - int len; -{ - /* - * Send back the protocol and the information field of the - * rejected packet. We only get here if LCP is in the OPENED state. - */ - p += 2; - len -= 2; - - fsm_sdata(&lcp_fsm[unit], PROTREJ, ++lcp_fsm[unit].id, - p, len); -} - - -/* - * lcp_resetci - Reset our CI. - */ -static void -lcp_resetci(f) - fsm *f; -{ - lcp_options *wo = &lcp_wantoptions[f->unit]; - lcp_options *go = &lcp_gotoptions[f->unit]; - lcp_options *ao = &lcp_allowoptions[f->unit]; - - wo->magicnumber = magic(); - wo->numloops = 0; - *go = *wo; - if (!multilink) { - go->neg_mrru = 0; - go->neg_ssnhf = 0; - go->neg_endpoint = 0; - } - if (noendpoint) - ao->neg_endpoint = 0; - peer_mru[f->unit] = PPP_MRU; - auth_reset(f->unit); -} - - -/* - * lcp_cilen - Return length of our CI. - */ -static int -lcp_cilen(f) - fsm *f; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - -#define LENCIVOID(neg) ((neg) ? CILEN_VOID : 0) -#define LENCICHAP(neg) ((neg) ? CILEN_CHAP : 0) -#define LENCISHORT(neg) ((neg) ? CILEN_SHORT : 0) -#define LENCILONG(neg) ((neg) ? CILEN_LONG : 0) -#define LENCILQR(neg) ((neg) ? CILEN_LQR: 0) -#define LENCICBCP(neg) ((neg) ? CILEN_CBCP: 0) - /* - * NB: we only ask for one of CHAP, UPAP, or EAP, even if we will - * accept more than one. We prefer EAP first, then CHAP, then - * PAP. - */ - return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) + - LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) + - LENCISHORT(go->neg_eap) + - LENCICHAP(!go->neg_eap && go->neg_chap) + - LENCISHORT(!go->neg_eap && !go->neg_chap && go->neg_upap) + - LENCILQR(go->neg_lqr) + - LENCICBCP(go->neg_cbcp) + - LENCILONG(go->neg_magicnumber) + - LENCIVOID(go->neg_pcompression) + - LENCIVOID(go->neg_accompression) + - LENCISHORT(go->neg_mrru) + - LENCIVOID(go->neg_ssnhf) + - (go->neg_endpoint? CILEN_CHAR + go->endpoint.length: 0)); -} - - -/* - * lcp_addci - Add our desired CIs to a packet. - */ -static void -lcp_addci(f, ucp, lenp) - fsm *f; - u_char *ucp; - int *lenp; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - u_char *start_ucp = ucp; - -#define ADDCIVOID(opt, neg) \ - if (neg) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_VOID, ucp); \ - } -#define ADDCISHORT(opt, neg, val) \ - if (neg) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_SHORT, ucp); \ - PUTSHORT(val, ucp); \ - } -#define ADDCICHAP(opt, neg, val) \ - if (neg) { \ - PUTCHAR((opt), ucp); \ - PUTCHAR(CILEN_CHAP, ucp); \ - PUTSHORT(PPP_CHAP, ucp); \ - PUTCHAR((CHAP_DIGEST(val)), ucp); \ - } -#define ADDCILONG(opt, neg, val) \ - if (neg) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_LONG, ucp); \ - PUTLONG(val, ucp); \ - } -#define ADDCILQR(opt, neg, val) \ - if (neg) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_LQR, ucp); \ - PUTSHORT(PPP_LQR, ucp); \ - PUTLONG(val, ucp); \ - } -#define ADDCICHAR(opt, neg, val) \ - if (neg) { \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_CHAR, ucp); \ - PUTCHAR(val, ucp); \ - } -#define ADDCIENDP(opt, neg, class, val, len) \ - if (neg) { \ - int i; \ - PUTCHAR(opt, ucp); \ - PUTCHAR(CILEN_CHAR + len, ucp); \ - PUTCHAR(class, ucp); \ - for (i = 0; i < len; ++i) \ - PUTCHAR(val[i], ucp); \ - } - - ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); - ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, - go->asyncmap); - ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); - ADDCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); - ADDCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, - PPP_PAP); - ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); - ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); - ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); - ADDCIVOID(CI_PCOMPRESSION, go->neg_pcompression); - ADDCIVOID(CI_ACCOMPRESSION, go->neg_accompression); - ADDCISHORT(CI_MRRU, go->neg_mrru, go->mrru); - ADDCIVOID(CI_SSNHF, go->neg_ssnhf); - ADDCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class, - go->endpoint.value, go->endpoint.length); - - if (ucp - start_ucp != *lenp) { - /* this should never happen, because peer_mtu should be 1500 */ - error("Bug in lcp_addci: wrong length"); - } -} - - -/* - * lcp_ackci - Ack our CIs. - * This should not modify any state if the Ack is bad. - * - * Returns: - * 0 - Ack was bad. - * 1 - Ack was good. - */ -static int -lcp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - u_char cilen, citype, cichar; - u_short cishort; - u_int32_t cilong; - - /* - * CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define ACKCIVOID(opt, neg) \ - if (neg) { \ - if ((len -= CILEN_VOID) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_VOID || \ - citype != opt) \ - goto bad; \ - } -#define ACKCISHORT(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_SHORT) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_SHORT || \ - citype != opt) \ - goto bad; \ - GETSHORT(cishort, p); \ - if (cishort != val) \ - goto bad; \ - } -#define ACKCICHAR(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_CHAR) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_CHAR || \ - citype != opt) \ - goto bad; \ - GETCHAR(cichar, p); \ - if (cichar != val) \ - goto bad; \ - } -#define ACKCICHAP(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_CHAP) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_CHAP || \ - citype != (opt)) \ - goto bad; \ - GETSHORT(cishort, p); \ - if (cishort != PPP_CHAP) \ - goto bad; \ - GETCHAR(cichar, p); \ - if (cichar != (CHAP_DIGEST(val))) \ - goto bad; \ - } -#define ACKCILONG(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_LONG) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_LONG || \ - citype != opt) \ - goto bad; \ - GETLONG(cilong, p); \ - if (cilong != val) \ - goto bad; \ - } -#define ACKCILQR(opt, neg, val) \ - if (neg) { \ - if ((len -= CILEN_LQR) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_LQR || \ - citype != opt) \ - goto bad; \ - GETSHORT(cishort, p); \ - if (cishort != PPP_LQR) \ - goto bad; \ - GETLONG(cilong, p); \ - if (cilong != val) \ - goto bad; \ - } -#define ACKCIENDP(opt, neg, class, val, vlen) \ - if (neg) { \ - int i; \ - if ((len -= CILEN_CHAR + vlen) < 0) \ - goto bad; \ - GETCHAR(citype, p); \ - GETCHAR(cilen, p); \ - if (cilen != CILEN_CHAR + vlen || \ - citype != opt) \ - goto bad; \ - GETCHAR(cichar, p); \ - if (cichar != class) \ - goto bad; \ - for (i = 0; i < vlen; ++i) { \ - GETCHAR(cichar, p); \ - if (cichar != val[i]) \ - goto bad; \ - } \ - } - - ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); - ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, - go->asyncmap); - ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); - ACKCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); - ACKCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, - PPP_PAP); - ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); - ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); - ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); - ACKCIVOID(CI_PCOMPRESSION, go->neg_pcompression); - ACKCIVOID(CI_ACCOMPRESSION, go->neg_accompression); - ACKCISHORT(CI_MRRU, go->neg_mrru, go->mrru); - ACKCIVOID(CI_SSNHF, go->neg_ssnhf); - ACKCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class, - go->endpoint.value, go->endpoint.length); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - return (1); -bad: - LCPDEBUG(("lcp_acki: received bad Ack!")); - return (0); -} - - -/* - * lcp_nakci - Peer has sent a NAK for some of our CIs. - * This should not modify any state if the Nak is bad - * or if LCP is in the OPENED state. - * - * Returns: - * 0 - Nak was bad. - * 1 - Nak was good. - */ -static int -lcp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; - int treat_as_reject; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - lcp_options *wo = &lcp_wantoptions[f->unit]; - u_char citype, cichar, *next; - u_short cishort; - u_int32_t cilong; - lcp_options no; /* options we've seen Naks for */ - lcp_options try; /* options to request next time */ - int looped_back = 0; - int cilen; - - BZERO(&no, sizeof(no)); - try = *go; - - /* - * Any Nak'd CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define NAKCIVOID(opt, neg) \ - if (go->neg && \ - len >= CILEN_VOID && \ - p[1] == CILEN_VOID && \ - p[0] == opt) { \ - len -= CILEN_VOID; \ - INCPTR(CILEN_VOID, p); \ - no.neg = 1; \ - try.neg = 0; \ - } -#define NAKCICHAP(opt, neg, code) \ - if (go->neg && \ - len >= CILEN_CHAP && \ - p[1] == CILEN_CHAP && \ - p[0] == opt) { \ - len -= CILEN_CHAP; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - GETCHAR(cichar, p); \ - no.neg = 1; \ - code \ - } -#define NAKCICHAR(opt, neg, code) \ - if (go->neg && \ - len >= CILEN_CHAR && \ - p[1] == CILEN_CHAR && \ - p[0] == opt) { \ - len -= CILEN_CHAR; \ - INCPTR(2, p); \ - GETCHAR(cichar, p); \ - no.neg = 1; \ - code \ - } -#define NAKCISHORT(opt, neg, code) \ - if (go->neg && \ - len >= CILEN_SHORT && \ - p[1] == CILEN_SHORT && \ - p[0] == opt) { \ - len -= CILEN_SHORT; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - no.neg = 1; \ - code \ - } -#define NAKCILONG(opt, neg, code) \ - if (go->neg && \ - len >= CILEN_LONG && \ - p[1] == CILEN_LONG && \ - p[0] == opt) { \ - len -= CILEN_LONG; \ - INCPTR(2, p); \ - GETLONG(cilong, p); \ - no.neg = 1; \ - code \ - } -#define NAKCILQR(opt, neg, code) \ - if (go->neg && \ - len >= CILEN_LQR && \ - p[1] == CILEN_LQR && \ - p[0] == opt) { \ - len -= CILEN_LQR; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - GETLONG(cilong, p); \ - no.neg = 1; \ - code \ - } -#define NAKCIENDP(opt, neg) \ - if (go->neg && \ - len >= CILEN_CHAR && \ - p[0] == opt && \ - p[1] >= CILEN_CHAR && \ - p[1] <= len) { \ - len -= p[1]; \ - INCPTR(p[1], p); \ - no.neg = 1; \ - try.neg = 0; \ - } - - /* - * NOTE! There must be no assignments to individual fields of *go in - * the code below. Any such assignment is a BUG! - */ - /* - * We don't care if they want to send us smaller packets than - * we want. Therefore, accept any MRU less than what we asked for, - * but then ignore the new value when setting the MRU in the kernel. - * If they send us a bigger MRU than what we asked, accept it, up to - * the limit of the default MRU we'd get if we didn't negotiate. - */ - if (go->neg_mru && go->mru != DEFMRU) { - NAKCISHORT(CI_MRU, neg_mru, - if (cishort <= wo->mru || cishort <= DEFMRU) - try.mru = cishort; - ); - } - - /* - * Add any characters they want to our (receive-side) asyncmap. - */ - if (go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) { - NAKCILONG(CI_ASYNCMAP, neg_asyncmap, - try.asyncmap = go->asyncmap | cilong; - ); - } - - /* - * If they've nak'd our authentication-protocol, check whether - * they are proposing a different protocol, or a different - * hash algorithm for CHAP. - */ - if ((go->neg_chap || go->neg_upap || go->neg_eap) - && len >= CILEN_SHORT - && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { - cilen = p[1]; - len -= cilen; - no.neg_chap = go->neg_chap; - no.neg_upap = go->neg_upap; - no.neg_eap = go->neg_eap; - INCPTR(2, p); - GETSHORT(cishort, p); - if (cishort == PPP_PAP && cilen == CILEN_SHORT) { - /* If we were asking for EAP, then we need to stop that. */ - if (go->neg_eap) - try.neg_eap = 0; - - /* If we were asking for CHAP, then we need to stop that. */ - else if (go->neg_chap) - try.neg_chap = 0; - /* - * If we weren't asking for CHAP or EAP, then we were asking for - * PAP, in which case this Nak is bad. - */ - else - goto bad; - - } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { - GETCHAR(cichar, p); - /* Stop asking for EAP, if we were. */ - if (go->neg_eap) { - try.neg_eap = 0; - /* Try to set up to use their suggestion, if possible */ - if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) - try.chap_mdtype = CHAP_MDTYPE_D(cichar); - } else if (go->neg_chap) { - /* - * We were asking for our preferred algorithm, they must - * want something different. - */ - if (cichar != CHAP_DIGEST(go->chap_mdtype)) { - if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) { - /* Use their suggestion if we support it ... */ - try.chap_mdtype = CHAP_MDTYPE_D(cichar); - } else { - /* ... otherwise, try our next-preferred algorithm. */ - try.chap_mdtype &= ~(CHAP_MDTYPE(try.chap_mdtype)); - if (try.chap_mdtype == MDTYPE_NONE) /* out of algos */ - try.neg_chap = 0; - } - } else { - /* - * Whoops, they Nak'd our algorithm of choice - * but then suggested it back to us. - */ - goto bad; - } - } else { - /* - * Stop asking for PAP if we were asking for it. - */ - try.neg_upap = 0; - } - - } else { - - /* - * If we were asking for EAP, and they're Conf-Naking EAP, - * well, that's just strange. Nobody should do that. - */ - if (cishort == PPP_EAP && cilen == CILEN_SHORT && go->neg_eap) - dbglog("Unexpected Conf-Nak for EAP"); - - /* - * We don't recognize what they're suggesting. - * Stop asking for what we were asking for. - */ - if (go->neg_eap) - try.neg_eap = 0; - else if (go->neg_chap) - try.neg_chap = 0; - else - try.neg_upap = 0; - p += cilen - CILEN_SHORT; - } - } - - /* - * If they can't cope with our link quality protocol, we'll have - * to stop asking for LQR. We haven't got any other protocol. - * If they Nak the reporting period, take their value XXX ? - */ - NAKCILQR(CI_QUALITY, neg_lqr, - if (cishort != PPP_LQR) - try.neg_lqr = 0; - else - try.lqr_period = cilong; - ); - - /* - * Only implementing CBCP...not the rest of the callback options - */ - NAKCICHAR(CI_CALLBACK, neg_cbcp, - try.neg_cbcp = 0; - ); - - /* - * Check for a looped-back line. - */ - NAKCILONG(CI_MAGICNUMBER, neg_magicnumber, - try.magicnumber = magic(); - looped_back = 1; - ); - - /* - * Peer shouldn't send Nak for protocol compression or - * address/control compression requests; they should send - * a Reject instead. If they send a Nak, treat it as a Reject. - */ - NAKCIVOID(CI_PCOMPRESSION, neg_pcompression); - NAKCIVOID(CI_ACCOMPRESSION, neg_accompression); - - /* - * Nak for MRRU option - accept their value if it is smaller - * than the one we want. - */ - if (go->neg_mrru) { - NAKCISHORT(CI_MRRU, neg_mrru, - if (treat_as_reject) - try.neg_mrru = 0; - else if (cishort <= wo->mrru) - try.mrru = cishort; - ); - } - - /* - * Nak for short sequence numbers shouldn't be sent, treat it - * like a reject. - */ - NAKCIVOID(CI_SSNHF, neg_ssnhf); - - /* - * Nak of the endpoint discriminator option is not permitted, - * treat it like a reject. - */ - NAKCIENDP(CI_EPDISC, neg_endpoint); - - /* - * There may be remaining CIs, if the peer is requesting negotiation - * on an option that we didn't include in our request packet. - * If we see an option that we requested, or one we've already seen - * in this packet, then this packet is bad. - * If we wanted to respond by starting to negotiate on the requested - * option(s), we could, but we don't, because except for the - * authentication type and quality protocol, if we are not negotiating - * an option, it is because we were told not to. - * For the authentication type, the Nak from the peer means - * `let me authenticate myself with you' which is a bit pointless. - * For the quality protocol, the Nak means `ask me to send you quality - * reports', but if we didn't ask for them, we don't want them. - * An option we don't recognize represents the peer asking to - * negotiate some option we don't support, so ignore it. - */ - while (len >= CILEN_VOID) { - GETCHAR(citype, p); - GETCHAR(cilen, p); - if (cilen < CILEN_VOID || (len -= cilen) < 0) - goto bad; - next = p + cilen - 2; - - switch (citype) { - case CI_MRU: - if ((go->neg_mru && go->mru != DEFMRU) - || no.neg_mru || cilen != CILEN_SHORT) - goto bad; - GETSHORT(cishort, p); - if (cishort < DEFMRU) { - try.neg_mru = 1; - try.mru = cishort; - } - break; - case CI_ASYNCMAP: - if ((go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) - || no.neg_asyncmap || cilen != CILEN_LONG) - goto bad; - break; - case CI_AUTHTYPE: - if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap || - go->neg_eap || no.neg_eap) - goto bad; - break; - case CI_MAGICNUMBER: - if (go->neg_magicnumber || no.neg_magicnumber || - cilen != CILEN_LONG) - goto bad; - break; - case CI_PCOMPRESSION: - if (go->neg_pcompression || no.neg_pcompression - || cilen != CILEN_VOID) - goto bad; - break; - case CI_ACCOMPRESSION: - if (go->neg_accompression || no.neg_accompression - || cilen != CILEN_VOID) - goto bad; - break; - case CI_QUALITY: - if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR) - goto bad; - break; - case CI_MRRU: - if (go->neg_mrru || no.neg_mrru || cilen != CILEN_SHORT) - goto bad; - break; - case CI_SSNHF: - if (go->neg_ssnhf || no.neg_ssnhf || cilen != CILEN_VOID) - goto bad; - try.neg_ssnhf = 1; - break; - case CI_EPDISC: - if (go->neg_endpoint || no.neg_endpoint || cilen < CILEN_CHAR) - goto bad; - break; - } - p = next; - } - - /* - * OK, the Nak is good. Now we can update state. - * If there are any options left we ignore them. - */ - if (f->state != OPENED) { - if (looped_back) { - if (++try.numloops >= lcp_loopbackfail) { - notice("Serial line is looped back."); - lcp_close(f->unit, "Loopback detected"); - status = EXIT_LOOPBACK; - } - } else - try.numloops = 0; - *go = try; - } - - return 1; - -bad: - LCPDEBUG(("lcp_nakci: received bad Nak!")); - return 0; -} - - -/* - * lcp_rejci - Peer has Rejected some of our CIs. - * This should not modify any state if the Reject is bad - * or if LCP is in the OPENED state. - * - * Returns: - * 0 - Reject was bad. - * 1 - Reject was good. - */ -static int -lcp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - u_char cichar; - u_short cishort; - u_int32_t cilong; - lcp_options try; /* options to request next time */ - - try = *go; - - /* - * Any Rejected CIs must be in exactly the same order that we sent. - * Check packet length and CI length at each step. - * If we find any deviations, then this packet is bad. - */ -#define REJCIVOID(opt, neg) \ - if (go->neg && \ - len >= CILEN_VOID && \ - p[1] == CILEN_VOID && \ - p[0] == opt) { \ - len -= CILEN_VOID; \ - INCPTR(CILEN_VOID, p); \ - try.neg = 0; \ - } -#define REJCISHORT(opt, neg, val) \ - if (go->neg && \ - len >= CILEN_SHORT && \ - p[1] == CILEN_SHORT && \ - p[0] == opt) { \ - len -= CILEN_SHORT; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - /* Check rejected value. */ \ - if (cishort != val) \ - goto bad; \ - try.neg = 0; \ - } -#define REJCICHAP(opt, neg, val) \ - if (go->neg && \ - len >= CILEN_CHAP && \ - p[1] == CILEN_CHAP && \ - p[0] == opt) { \ - len -= CILEN_CHAP; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - GETCHAR(cichar, p); \ - /* Check rejected value. */ \ - if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \ - goto bad; \ - try.neg = 0; \ - try.neg_eap = try.neg_upap = 0; \ - } -#define REJCILONG(opt, neg, val) \ - if (go->neg && \ - len >= CILEN_LONG && \ - p[1] == CILEN_LONG && \ - p[0] == opt) { \ - len -= CILEN_LONG; \ - INCPTR(2, p); \ - GETLONG(cilong, p); \ - /* Check rejected value. */ \ - if (cilong != val) \ - goto bad; \ - try.neg = 0; \ - } -#define REJCILQR(opt, neg, val) \ - if (go->neg && \ - len >= CILEN_LQR && \ - p[1] == CILEN_LQR && \ - p[0] == opt) { \ - len -= CILEN_LQR; \ - INCPTR(2, p); \ - GETSHORT(cishort, p); \ - GETLONG(cilong, p); \ - /* Check rejected value. */ \ - if (cishort != PPP_LQR || cilong != val) \ - goto bad; \ - try.neg = 0; \ - } -#define REJCICBCP(opt, neg, val) \ - if (go->neg && \ - len >= CILEN_CBCP && \ - p[1] == CILEN_CBCP && \ - p[0] == opt) { \ - len -= CILEN_CBCP; \ - INCPTR(2, p); \ - GETCHAR(cichar, p); \ - /* Check rejected value. */ \ - if (cichar != val) \ - goto bad; \ - try.neg = 0; \ - } -#define REJCIENDP(opt, neg, class, val, vlen) \ - if (go->neg && \ - len >= CILEN_CHAR + vlen && \ - p[0] == opt && \ - p[1] == CILEN_CHAR + vlen) { \ - int i; \ - len -= CILEN_CHAR + vlen; \ - INCPTR(2, p); \ - GETCHAR(cichar, p); \ - if (cichar != class) \ - goto bad; \ - for (i = 0; i < vlen; ++i) { \ - GETCHAR(cichar, p); \ - if (cichar != val[i]) \ - goto bad; \ - } \ - try.neg = 0; \ - } - - REJCISHORT(CI_MRU, neg_mru, go->mru); - REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); - REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP); - if (!go->neg_eap) { - REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); - if (!go->neg_chap) { - REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); - } - } - REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period); - REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT); - REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber); - REJCIVOID(CI_PCOMPRESSION, neg_pcompression); - REJCIVOID(CI_ACCOMPRESSION, neg_accompression); - REJCISHORT(CI_MRRU, neg_mrru, go->mrru); - REJCIVOID(CI_SSNHF, neg_ssnhf); - REJCIENDP(CI_EPDISC, neg_endpoint, go->endpoint.class, - go->endpoint.value, go->endpoint.length); - - /* - * If there are any remaining CIs, then this packet is bad. - */ - if (len != 0) - goto bad; - /* - * Now we can update state. - */ - if (f->state != OPENED) - *go = try; - return 1; - -bad: - LCPDEBUG(("lcp_rejci: received bad Reject!")); - return 0; -} - - -/* - * lcp_reqci - Check the peer's requested CIs and send appropriate response. - * - * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified - * appropriately. If reject_if_disagree is non-zero, doesn't return - * CONFNAK; returns CONFREJ if it can't return CONFACK. - */ -static int -lcp_reqci(f, inp, lenp, reject_if_disagree) - fsm *f; - u_char *inp; /* Requested CIs */ - int *lenp; /* Length of requested CIs */ - int reject_if_disagree; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - lcp_options *ho = &lcp_hisoptions[f->unit]; - lcp_options *ao = &lcp_allowoptions[f->unit]; - u_char *cip, *next; /* Pointer to current and next CIs */ - int cilen, citype, cichar; /* Parsed len, type, char value */ - u_short cishort; /* Parsed short value */ - u_int32_t cilong; /* Parse long value */ - int rc = CONFACK; /* Final packet return code */ - int orc; /* Individual option return code */ - u_char *p; /* Pointer to next char to parse */ - u_char *rejp; /* Pointer to next char in reject frame */ - u_char *nakp; /* Pointer to next char in Nak frame */ - int l = *lenp; /* Length left */ - - /* - * Reset all his options. - */ - BZERO(ho, sizeof(*ho)); - - /* - * Process all his options. - */ - next = inp; - nakp = nak_buffer; - rejp = inp; - while (l) { - orc = CONFACK; /* Assume success */ - cip = p = next; /* Remember begining of CI */ - if (l < 2 || /* Not enough data for CI header or */ - p[1] < 2 || /* CI length too small or */ - p[1] > l) { /* CI length too big? */ - LCPDEBUG(("lcp_reqci: bad CI length!")); - orc = CONFREJ; /* Reject bad CI */ - cilen = l; /* Reject till end of packet */ - l = 0; /* Don't loop again */ - citype = 0; - goto endswitch; - } - GETCHAR(citype, p); /* Parse CI type */ - GETCHAR(cilen, p); /* Parse CI length */ - l -= cilen; /* Adjust remaining length */ - next += cilen; /* Step to next CI */ - - switch (citype) { /* Check CI type */ - case CI_MRU: - if (!ao->neg_mru || /* Allow option? */ - cilen != CILEN_SHORT) { /* Check CI length */ - orc = CONFREJ; /* Reject CI */ - break; - } - GETSHORT(cishort, p); /* Parse MRU */ - - /* - * He must be able to receive at least our minimum. - * No need to check a maximum. If he sends a large number, - * we'll just ignore it. - */ - if (cishort < MINMRU) { - orc = CONFNAK; /* Nak CI */ - PUTCHAR(CI_MRU, nakp); - PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(MINMRU, nakp); /* Give him a hint */ - break; - } - ho->neg_mru = 1; /* Remember he sent MRU */ - ho->mru = cishort; /* And remember value */ - break; - - case CI_ASYNCMAP: - if (!ao->neg_asyncmap || - cilen != CILEN_LONG) { - orc = CONFREJ; - break; - } - GETLONG(cilong, p); - - /* - * Asyncmap must have set at least the bits - * which are set in lcp_allowoptions[unit].asyncmap. - */ - if ((ao->asyncmap & ~cilong) != 0) { - orc = CONFNAK; - PUTCHAR(CI_ASYNCMAP, nakp); - PUTCHAR(CILEN_LONG, nakp); - PUTLONG(ao->asyncmap | cilong, nakp); - break; - } - ho->neg_asyncmap = 1; - ho->asyncmap = cilong; - break; - - case CI_AUTHTYPE: - if (cilen < CILEN_SHORT || - !(ao->neg_upap || ao->neg_chap || ao->neg_eap)) { - /* - * Reject the option if we're not willing to authenticate. - */ - dbglog("No auth is possible"); - orc = CONFREJ; - break; - } - GETSHORT(cishort, p); - - /* - * Authtype must be PAP, CHAP, or EAP. - * - * Note: if more than one of ao->neg_upap, ao->neg_chap, and - * ao->neg_eap are set, and the peer sends a Configure-Request - * with two or more authenticate-protocol requests, then we will - * reject the second request. - * Whether we end up doing CHAP, UPAP, or EAP depends then on - * the ordering of the CIs in the peer's Configure-Request. - */ - - if (cishort == PPP_PAP) { - /* we've already accepted CHAP or EAP */ - if (ho->neg_chap || ho->neg_eap || - cilen != CILEN_SHORT) { - LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); - orc = CONFREJ; - break; - } - if (!ao->neg_upap) { /* we don't want to do PAP */ - orc = CONFNAK; /* NAK it and suggest CHAP or EAP */ - PUTCHAR(CI_AUTHTYPE, nakp); - if (ao->neg_eap) { - PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(PPP_EAP, nakp); - } else { - PUTCHAR(CILEN_CHAP, nakp); - PUTSHORT(PPP_CHAP, nakp); - PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); - } - break; - } - ho->neg_upap = 1; - break; - } - if (cishort == PPP_CHAP) { - /* we've already accepted PAP or EAP */ - if (ho->neg_upap || ho->neg_eap || - cilen != CILEN_CHAP) { - LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); - orc = CONFREJ; - break; - } - if (!ao->neg_chap) { /* we don't want to do CHAP */ - orc = CONFNAK; /* NAK it and suggest EAP or PAP */ - PUTCHAR(CI_AUTHTYPE, nakp); - PUTCHAR(CILEN_SHORT, nakp); - if (ao->neg_eap) { - PUTSHORT(PPP_EAP, nakp); - } else { - PUTSHORT(PPP_PAP, nakp); - } - break; - } - GETCHAR(cichar, p); /* get digest type */ - if (!(CHAP_CANDIGEST(ao->chap_mdtype, cichar))) { - /* - * We can't/won't do the requested type, - * suggest something else. - */ - orc = CONFNAK; - PUTCHAR(CI_AUTHTYPE, nakp); - PUTCHAR(CILEN_CHAP, nakp); - PUTSHORT(PPP_CHAP, nakp); - PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); - break; - } - ho->chap_mdtype = CHAP_MDTYPE_D(cichar); /* save md type */ - ho->neg_chap = 1; - break; - } - if (cishort == PPP_EAP) { - /* we've already accepted CHAP or PAP */ - if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) { - LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE EAP, rejecting...")); - orc = CONFREJ; - break; - } - if (!ao->neg_eap) { /* we don't want to do EAP */ - orc = CONFNAK; /* NAK it and suggest CHAP or PAP */ - PUTCHAR(CI_AUTHTYPE, nakp); - if (ao->neg_chap) { - PUTCHAR(CILEN_CHAP, nakp); - PUTSHORT(PPP_CHAP, nakp); - PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); - } else { - PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(PPP_PAP, nakp); - } - break; - } - ho->neg_eap = 1; - break; - } - - /* - * We don't recognize the protocol they're asking for. - * Nak it with something we're willing to do. - * (At this point we know ao->neg_upap || ao->neg_chap || - * ao->neg_eap.) - */ - orc = CONFNAK; - PUTCHAR(CI_AUTHTYPE, nakp); - if (ao->neg_eap) { - PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(PPP_EAP, nakp); - } else if (ao->neg_chap) { - PUTCHAR(CILEN_CHAP, nakp); - PUTSHORT(PPP_CHAP, nakp); - PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); - } else { - PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(PPP_PAP, nakp); - } - break; - - case CI_QUALITY: - if (!ao->neg_lqr || - cilen != CILEN_LQR) { - orc = CONFREJ; - break; - } - - GETSHORT(cishort, p); - GETLONG(cilong, p); - - /* - * Check the protocol and the reporting period. - * XXX When should we Nak this, and what with? - */ - if (cishort != PPP_LQR) { - orc = CONFNAK; - PUTCHAR(CI_QUALITY, nakp); - PUTCHAR(CILEN_LQR, nakp); - PUTSHORT(PPP_LQR, nakp); - PUTLONG(ao->lqr_period, nakp); - break; - } - break; - - case CI_MAGICNUMBER: - if (!(ao->neg_magicnumber || go->neg_magicnumber) || - cilen != CILEN_LONG) { - orc = CONFREJ; - break; - } - GETLONG(cilong, p); - - /* - * He must have a different magic number. - */ - if (go->neg_magicnumber && - cilong == go->magicnumber) { - cilong = magic(); /* Don't put magic() inside macro! */ - orc = CONFNAK; - PUTCHAR(CI_MAGICNUMBER, nakp); - PUTCHAR(CILEN_LONG, nakp); - PUTLONG(cilong, nakp); - break; - } - ho->neg_magicnumber = 1; - ho->magicnumber = cilong; - break; - - - case CI_PCOMPRESSION: - if (!ao->neg_pcompression || - cilen != CILEN_VOID) { - orc = CONFREJ; - break; - } - ho->neg_pcompression = 1; - break; - - case CI_ACCOMPRESSION: - if (!ao->neg_accompression || - cilen != CILEN_VOID) { - orc = CONFREJ; - break; - } - ho->neg_accompression = 1; - break; - - case CI_MRRU: - if (!ao->neg_mrru || !multilink || - cilen != CILEN_SHORT) { - orc = CONFREJ; - break; - } - - GETSHORT(cishort, p); - /* possibly should insist on a minimum/maximum MRRU here */ - ho->neg_mrru = 1; - ho->mrru = cishort; - break; - - case CI_SSNHF: - if (!ao->neg_ssnhf || !multilink || - cilen != CILEN_VOID) { - orc = CONFREJ; - break; - } - ho->neg_ssnhf = 1; - break; - - case CI_EPDISC: - if (!ao->neg_endpoint || - cilen < CILEN_CHAR || - cilen > CILEN_CHAR + MAX_ENDP_LEN) { - orc = CONFREJ; - break; - } - GETCHAR(cichar, p); - cilen -= CILEN_CHAR; - ho->neg_endpoint = 1; - ho->endpoint.class = cichar; - ho->endpoint.length = cilen; - BCOPY(p, ho->endpoint.value, cilen); - INCPTR(cilen, p); - break; - - default: - LCPDEBUG(("lcp_reqci: rcvd unknown option %d", citype)); - orc = CONFREJ; - break; - } - -endswitch: - if (orc == CONFACK && /* Good CI */ - rc != CONFACK) /* but prior CI wasnt? */ - continue; /* Don't send this one */ - - if (orc == CONFNAK) { /* Nak this CI? */ - if (reject_if_disagree /* Getting fed up with sending NAKs? */ - && citype != CI_MAGICNUMBER) { - orc = CONFREJ; /* Get tough if so */ - } else { - if (rc == CONFREJ) /* Rejecting prior CI? */ - continue; /* Don't send this one */ - rc = CONFNAK; - } - } - if (orc == CONFREJ) { /* Reject this CI */ - rc = CONFREJ; - if (cip != rejp) /* Need to move rejected CI? */ - BCOPY(cip, rejp, cilen); /* Move it */ - INCPTR(cilen, rejp); /* Update output pointer */ - } - } - - /* - * If we wanted to send additional NAKs (for unsent CIs), the - * code would go here. The extra NAKs would go at *nakp. - * At present there are no cases where we want to ask the - * peer to negotiate an option. - */ - - switch (rc) { - case CONFACK: - *lenp = next - inp; - break; - case CONFNAK: - /* - * Copy the Nak'd options from the nak_buffer to the caller's buffer. - */ - *lenp = nakp - nak_buffer; - BCOPY(nak_buffer, inp, *lenp); - break; - case CONFREJ: - *lenp = rejp - inp; - break; - } - - LCPDEBUG(("lcp_reqci: returning CONF%s.", CODENAME(rc))); - return (rc); /* Return final code */ -} - - -/* - * lcp_up - LCP has come UP. - */ -static void -lcp_up(f) - fsm *f; -{ - lcp_options *wo = &lcp_wantoptions[f->unit]; - lcp_options *ho = &lcp_hisoptions[f->unit]; - lcp_options *go = &lcp_gotoptions[f->unit]; - lcp_options *ao = &lcp_allowoptions[f->unit]; - int mtu, mru; - - if (!go->neg_magicnumber) - go->magicnumber = 0; - if (!ho->neg_magicnumber) - ho->magicnumber = 0; - - /* - * Set our MTU to the smaller of the MTU we wanted and - * the MRU our peer wanted. If we negotiated an MRU, - * set our MRU to the larger of value we wanted and - * the value we got in the negotiation. - * Note on the MTU: the link MTU can be the MRU the peer wanted, - * the interface MTU is set to the lowest of that, the - * MTU we want to use, and our link MRU. - */ - mtu = ho->neg_mru? ho->mru: PPP_MRU; - mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU; -#ifdef HAVE_MULTILINK - if (!(multilink && go->neg_mrru && ho->neg_mrru)) -#endif /* HAVE_MULTILINK */ - netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru)); - ppp_send_config(f->unit, mtu, - (ho->neg_asyncmap? ho->asyncmap: 0xffffffff), - ho->neg_pcompression, ho->neg_accompression); - ppp_recv_config(f->unit, mru, - (lax_recv? 0: go->neg_asyncmap? go->asyncmap: 0xffffffff), - go->neg_pcompression, go->neg_accompression); - - if (ho->neg_mru) - peer_mru[f->unit] = ho->mru; - - lcp_echo_lowerup(f->unit); /* Enable echo messages */ - - link_established(f->unit); -} - - -/* - * lcp_down - LCP has gone DOWN. - * - * Alert other protocols. - */ -static void -lcp_down(f) - fsm *f; -{ - lcp_options *go = &lcp_gotoptions[f->unit]; - - lcp_echo_lowerdown(f->unit); - - link_down(f->unit); - - ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0); - ppp_recv_config(f->unit, PPP_MRU, - (go->neg_asyncmap? go->asyncmap: 0xffffffff), - go->neg_pcompression, go->neg_accompression); - peer_mru[f->unit] = PPP_MRU; -} - - -/* - * lcp_starting - LCP needs the lower layer up. - */ -static void -lcp_starting(f) - fsm *f; -{ - link_required(f->unit); -} - - -/* - * lcp_finished - LCP has finished with the lower layer. - */ -static void -lcp_finished(f) - fsm *f; -{ - link_terminated(f->unit); -} - - -/* - * lcp_printpkt - print the contents of an LCP packet. - */ -static char *lcp_codenames[] = { - "ConfReq", "ConfAck", "ConfNak", "ConfRej", - "TermReq", "TermAck", "CodeRej", "ProtRej", - "EchoReq", "EchoRep", "DiscReq" -}; - -static int -lcp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, id, len, olen, i; - u_char *pstart, *optend; - u_short cishort; - u_int32_t cilong; - - if (plen < HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(lcp_codenames) / sizeof(char *)) - printer(arg, " %s", lcp_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= HEADERLEN; - switch (code) { - case CONFREQ: - case CONFACK: - case CONFNAK: - case CONFREJ: - /* print option list */ - while (len >= 2) { - GETCHAR(code, p); - GETCHAR(olen, p); - p -= 2; - if (olen < 2 || olen > len) { - break; - } - printer(arg, " <"); - len -= olen; - optend = p + olen; - switch (code) { - case CI_MRU: - if (olen == CILEN_SHORT) { - p += 2; - GETSHORT(cishort, p); - printer(arg, "mru %d", cishort); - } - break; - case CI_ASYNCMAP: - if (olen == CILEN_LONG) { - p += 2; - GETLONG(cilong, p); - printer(arg, "asyncmap 0x%x", cilong); - } - break; - case CI_AUTHTYPE: - if (olen >= CILEN_SHORT) { - p += 2; - printer(arg, "auth "); - GETSHORT(cishort, p); - switch (cishort) { - case PPP_PAP: - printer(arg, "pap"); - break; - case PPP_CHAP: - printer(arg, "chap"); - if (p < optend) { - switch (*p) { - case CHAP_MD5: - printer(arg, " MD5"); - ++p; - break; -#ifdef CHAPMS - case CHAP_MICROSOFT: - printer(arg, " MS"); - ++p; - break; - - case CHAP_MICROSOFT_V2: - printer(arg, " MS-v2"); - ++p; - break; -#endif - } - } - break; - case PPP_EAP: - printer(arg, "eap"); - break; - default: - printer(arg, "0x%x", cishort); - } - } - break; - case CI_QUALITY: - if (olen >= CILEN_SHORT) { - p += 2; - printer(arg, "quality "); - GETSHORT(cishort, p); - switch (cishort) { - case PPP_LQR: - printer(arg, "lqr"); - break; - default: - printer(arg, "0x%x", cishort); - } - } - break; - case CI_CALLBACK: - if (olen >= CILEN_CHAR) { - p += 2; - printer(arg, "callback "); - GETCHAR(cishort, p); - switch (cishort) { - case CBCP_OPT: - printer(arg, "CBCP"); - break; - default: - printer(arg, "0x%x", cishort); - } - } - break; - case CI_MAGICNUMBER: - if (olen == CILEN_LONG) { - p += 2; - GETLONG(cilong, p); - printer(arg, "magic 0x%x", cilong); - } - break; - case CI_PCOMPRESSION: - if (olen == CILEN_VOID) { - p += 2; - printer(arg, "pcomp"); - } - break; - case CI_ACCOMPRESSION: - if (olen == CILEN_VOID) { - p += 2; - printer(arg, "accomp"); - } - break; - case CI_MRRU: - if (olen == CILEN_SHORT) { - p += 2; - GETSHORT(cishort, p); - printer(arg, "mrru %d", cishort); - } - break; - case CI_SSNHF: - if (olen == CILEN_VOID) { - p += 2; - printer(arg, "ssnhf"); - } - break; - case CI_EPDISC: -#ifdef HAVE_MULTILINK - if (olen >= CILEN_CHAR) { - struct epdisc epd; - p += 2; - GETCHAR(epd.class, p); - epd.length = olen - CILEN_CHAR; - if (epd.length > MAX_ENDP_LEN) - epd.length = MAX_ENDP_LEN; - if (epd.length > 0) { - BCOPY(p, epd.value, epd.length); - p += epd.length; - } - printer(arg, "endpoint [%s]", epdisc_to_str(&epd)); - } -#else - printer(arg, "endpoint"); -#endif - break; - } - while (p < optend) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - printer(arg, ">"); - } - break; - - case TERMACK: - case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string((char *)p, len, printer, arg); - p += len; - len = 0; - } - break; - - case ECHOREQ: - case ECHOREP: - case DISCREQ: - if (len >= 4) { - GETLONG(cilong, p); - printer(arg, " magic=0x%x", cilong); - p += 4; - len -= 4; - } - break; - } - - /* print the rest of the bytes in the packet */ - for (i = 0; i < len && i < 32; ++i) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - if (i < len) { - printer(arg, " ..."); - p += len - i; - } - - return p - pstart; -} - -/* - * Time to shut down the link because there is nothing out there. - */ - -static -void LcpLinkFailure (f) - fsm *f; -{ - if (f->state == OPENED) { - info("No response to %d echo-requests", lcp_echos_pending); - notice("Serial link appears to be disconnected."); - lcp_close(f->unit, "Peer not responding"); - status = EXIT_PEER_DEAD; - } -} - -/* - * Timer expired for the LCP echo requests from this process. - */ - -static void -LcpEchoCheck (f) - fsm *f; -{ - LcpSendEchoRequest (f); - if (f->state != OPENED) - return; - - /* - * Start the timer for the next interval. - */ - if (lcp_echo_timer_running) - warn("assertion lcp_echo_timer_running==0 failed"); - TIMEOUT (LcpEchoTimeout, f, lcp_echo_interval); - lcp_echo_timer_running = 1; -} - -/* - * LcpEchoTimeout - Timer expired on the LCP echo - */ - -static void -LcpEchoTimeout (arg) - void *arg; -{ - if (lcp_echo_timer_running != 0) { - lcp_echo_timer_running = 0; - LcpEchoCheck ((fsm *) arg); - } -} - -/* - * LcpEchoReply - LCP has received a reply to the echo - */ - -static void -lcp_received_echo_reply (f, id, inp, len) - fsm *f; - int id; - u_char *inp; - int len; -{ - u_int32_t magic; - - /* Check the magic number - don't count replies from ourselves. */ - if (len < 4) { - dbglog("lcp: received short Echo-Reply, length %d", len); - return; - } - GETLONG(magic, inp); - if (lcp_gotoptions[f->unit].neg_magicnumber - && magic == lcp_gotoptions[f->unit].magicnumber) { - warn("appear to have received our own echo-reply!"); - return; - } - - /* Reset the number of outstanding echo frames */ - lcp_echos_pending = 0; -} - -/* - * LcpSendEchoRequest - Send an echo request frame to the peer - */ - -static void -LcpSendEchoRequest (f) - fsm *f; -{ - u_int32_t lcp_magic; - u_char pkt[4], *pktp; - - /* - * Detect the failure of the peer at this point. - */ - if (lcp_echo_fails != 0) { - if (lcp_echos_pending >= lcp_echo_fails) { - LcpLinkFailure(f); - lcp_echos_pending = 0; - } - } - - /* - * Make and send the echo request frame. - */ - if (f->state == OPENED) { - lcp_magic = lcp_gotoptions[f->unit].magicnumber; - pktp = pkt; - PUTLONG(lcp_magic, pktp); - fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt); - ++lcp_echos_pending; - } -} - -/* - * lcp_echo_lowerup - Start the timer for the LCP frame - */ - -static void -lcp_echo_lowerup (unit) - int unit; -{ - fsm *f = &lcp_fsm[unit]; - - /* Clear the parameters for generating echo frames */ - lcp_echos_pending = 0; - lcp_echo_number = 0; - lcp_echo_timer_running = 0; - - /* If a timeout interval is specified then start the timer */ - if (lcp_echo_interval != 0) - LcpEchoCheck (f); -} - -/* - * lcp_echo_lowerdown - Stop the timer for the LCP frame - */ - -static void -lcp_echo_lowerdown (unit) - int unit; -{ - fsm *f = &lcp_fsm[unit]; - - if (lcp_echo_timer_running != 0) { - UNTIMEOUT (LcpEchoTimeout, f); - lcp_echo_timer_running = 0; - } -} diff --git a/pppd/lcp.h b/pppd/lcp.h deleted file mode 100644 index 23f3c84..0000000 --- a/pppd/lcp.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * lcp.h - Link Control Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: lcp.h,v 1.19 2002/12/04 23:03:32 paulus Exp $ - */ - -/* - * Options. - */ -#define CI_MRU 1 /* Maximum Receive Unit */ -#define CI_ASYNCMAP 2 /* Async Control Character Map */ -#define CI_AUTHTYPE 3 /* Authentication Type */ -#define CI_QUALITY 4 /* Quality Protocol */ -#define CI_MAGICNUMBER 5 /* Magic Number */ -#define CI_PCOMPRESSION 7 /* Protocol Field Compression */ -#define CI_ACCOMPRESSION 8 /* Address/Control Field Compression */ -#define CI_CALLBACK 13 /* callback */ -#define CI_MRRU 17 /* max reconstructed receive unit; multilink */ -#define CI_SSNHF 18 /* short sequence numbers for multilink */ -#define CI_EPDISC 19 /* endpoint discriminator */ - -/* - * LCP-specific packet types. - */ -#define PROTREJ 8 /* Protocol Reject */ -#define ECHOREQ 9 /* Echo Request */ -#define ECHOREP 10 /* Echo Reply */ -#define DISCREQ 11 /* Discard Request */ -#define CBCP_OPT 6 /* Use callback control protocol */ - -/* - * The state of options is described by an lcp_options structure. - */ -typedef struct lcp_options { - bool passive; /* Don't die if we don't get a response */ - bool silent; /* Wait for the other end to start first */ - bool restart; /* Restart vs. exit after close */ - bool neg_mru; /* Negotiate the MRU? */ - bool neg_asyncmap; /* Negotiate the async map? */ - bool neg_upap; /* Ask for UPAP authentication? */ - bool neg_chap; /* Ask for CHAP authentication? */ - bool neg_eap; /* Ask for EAP authentication? */ - bool neg_magicnumber; /* Ask for magic number? */ - bool neg_pcompression; /* HDLC Protocol Field Compression? */ - bool neg_accompression; /* HDLC Address/Control Field Compression? */ - bool neg_lqr; /* Negotiate use of Link Quality Reports */ - bool neg_cbcp; /* Negotiate use of CBCP */ - bool neg_mrru; /* negotiate multilink MRRU */ - bool neg_ssnhf; /* negotiate short sequence numbers */ - bool neg_endpoint; /* negotiate endpoint discriminator */ - int mru; /* Value of MRU */ - int mrru; /* Value of MRRU, and multilink enable */ - u_char chap_mdtype; /* which MD types (hashing algorithm) */ - u_int32_t asyncmap; /* Value of async map */ - u_int32_t magicnumber; - int numloops; /* Number of loops during magic number neg. */ - u_int32_t lqr_period; /* Reporting period for LQR 1/100ths second */ - struct epdisc endpoint; /* endpoint discriminator */ -} lcp_options; - -extern fsm lcp_fsm[]; -extern lcp_options lcp_wantoptions[]; -extern lcp_options lcp_gotoptions[]; -extern lcp_options lcp_allowoptions[]; -extern lcp_options lcp_hisoptions[]; - -#define DEFMRU 1500 /* Try for this */ -#define MINMRU 128 /* No MRUs below this */ -#define MAXMRU 16384 /* Normally limit MRU to this */ - -void lcp_open __P((int)); -void lcp_close __P((int, char *)); -void lcp_lowerup __P((int)); -void lcp_lowerdown __P((int)); -void lcp_sprotrej __P((int, u_char *, int)); /* send protocol reject */ - -extern struct protent lcp_protent; - -/* Default number of times we receive our magic number from the peer - before deciding the link is looped-back. */ -#define DEFLOOPBACKFAIL 10 diff --git a/pppd/magic.c b/pppd/magic.c deleted file mode 100644 index 2fb23ff..0000000 --- a/pppd/magic.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * magic.c - PPP Magic Number routines. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: magic.c,v 1.11 2003/06/11 23:56:26 paulus Exp $" - -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "magic.h" - -static const char rcsid[] = RCSID; - -extern long mrand48 __P((void)); -extern void srand48 __P((long)); - -/* - * magic_init - Initialize the magic number generator. - * - * Attempts to compute a random number seed which will not repeat. - * The current method uses the current hostid, current process ID - * and current time, currently. - */ -void -magic_init() -{ - long seed; - struct timeval t; - - gettimeofday(&t, NULL); - seed = get_host_seed() ^ t.tv_sec ^ t.tv_usec ^ getpid(); - srand48(seed); -} - -/* - * magic - Returns the next magic number. - */ -u_int32_t -magic() -{ - return (u_int32_t) mrand48(); -} - -/* - * random_bytes - Fill a buffer with random bytes. - */ -void -random_bytes(unsigned char *buf, int len) -{ - int i; - - for (i = 0; i < len; ++i) - buf[i] = mrand48() >> 24; -} - -#ifdef NO_DRAND48 -/* - * Substitute procedures for those systems which don't have - * drand48 et al. - */ - -double -drand48() -{ - return (double)random() / (double)0x7fffffffL; /* 2**31-1 */ -} - -long -mrand48() -{ - return random(); -} - -void -srand48(seedval) -long seedval; -{ - srandom((int)seedval); -} - -#endif diff --git a/pppd/magic.h b/pppd/magic.h deleted file mode 100644 index c81213b..0000000 --- a/pppd/magic.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * magic.h - PPP Magic Number definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ - */ - -void magic_init __P((void)); /* Initialize the magic number generator */ -u_int32_t magic __P((void)); /* Returns the next magic number */ - -/* Fill buffer with random bytes */ -void random_bytes __P((unsigned char *buf, int len)); diff --git a/pppd/main.c b/pppd/main.c deleted file mode 100644 index d37d781..0000000 --- a/pppd/main.c +++ /dev/null @@ -1,2054 +0,0 @@ -/* - * main.c - Point-to-Point Protocol main module - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Copyright (c) 1999-2004 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: main.c,v 1.148 2004/11/13 12:05:48 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "magic.h" -#include "fsm.h" -#include "lcp.h" -#include "ipcp.h" -#ifdef INET6 -#include "ipv6cp.h" -#endif -#include "upap.h" -#include "chap-new.h" -#include "eap.h" -#include "ccp.h" -#include "ecp.h" -#include "pathnames.h" - -#ifdef USE_TDB -#include "tdb.h" -#endif - -#ifdef CBCP_SUPPORT -#include "cbcp.h" -#endif - -#ifdef IPX_CHANGE -#include "ipxcp.h" -#endif /* IPX_CHANGE */ -#ifdef AT_CHANGE -#include "atcp.h" -#endif - -static const char rcsid[] = RCSID; - -/* interface vars */ -char ifname[32]; /* Interface name */ -int ifunit; /* Interface unit number */ - -struct channel *the_channel; - -char *progname; /* Name of this program */ -char hostname[MAXNAMELEN]; /* Our hostname */ -static char pidfilename[MAXPATHLEN]; /* name of pid file */ -static char linkpidfile[MAXPATHLEN]; /* name of linkname pid file */ -char ppp_devnam[MAXPATHLEN]; /* name of PPP tty (maybe ttypx) */ -uid_t uid; /* Our real user-id */ -struct notifier *pidchange = NULL; -struct notifier *phasechange = NULL; -struct notifier *exitnotify = NULL; -struct notifier *sigreceived = NULL; -struct notifier *fork_notifier = NULL; - -int hungup; /* terminal has been hung up */ -int privileged; /* we're running as real uid root */ -int need_holdoff; /* need holdoff period before restarting */ -int detached; /* have detached from terminal */ -volatile int status; /* exit status for pppd */ -int unsuccess; /* # unsuccessful connection attempts */ -int do_callback; /* != 0 if we should do callback next */ -int doing_callback; /* != 0 if we are doing callback */ -int ppp_session_number; /* Session number, for channels with such a - concept (eg PPPoE) */ -int childwait_done; /* have timed out waiting for children */ - -#ifdef USE_TDB -TDB_CONTEXT *pppdb; /* database for storing status etc. */ -#endif - -char db_key[32]; - -int (*holdoff_hook) __P((void)) = NULL; -int (*new_phase_hook) __P((int)) = NULL; -void (*snoop_recv_hook) __P((unsigned char *p, int len)) = NULL; -void (*snoop_send_hook) __P((unsigned char *p, int len)) = NULL; - -static int conn_running; /* we have a [dis]connector running */ -static int fd_loop; /* fd for getting demand-dial packets */ - -int fd_devnull; /* fd for /dev/null */ -int devfd = -1; /* fd of underlying device */ -int fd_ppp = -1; /* fd for talking PPP */ -int phase; /* where the link is at */ -int kill_link; -int asked_to_quit; -int open_ccp_flag; -int listen_time; -int got_sigusr2; -int got_sigterm; -int got_sighup; - -static sigset_t signals_handled; -static int waiting; -static sigjmp_buf sigjmp; - -char **script_env; /* Env. variable values for scripts */ -int s_env_nalloc; /* # words avail at script_env */ - -u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */ -u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */ - -static int n_children; /* # child processes still running */ -static int got_sigchld; /* set if we have received a SIGCHLD */ - -int privopen; /* don't lock, open device as root */ - -char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n"; - -GIDSET_TYPE groups[NGROUPS_MAX];/* groups the user is in */ -int ngroups; /* How many groups valid in groups */ - -static struct timeval start_time; /* Time when link was started. */ - -static struct pppd_stats old_link_stats; -struct pppd_stats link_stats; -unsigned link_connect_time; -int link_stats_valid; - -int error_count; - -bool bundle_eof; -bool bundle_terminating; - -int sent_since_received = 0; -int sent_total = 0; -int received_total = 0; - -/* - * We maintain a list of child process pids and - * functions to call when they exit. - */ -struct subprocess { - pid_t pid; - char *prog; - void (*done) __P((void *)); - void *arg; - struct subprocess *next; -}; - -static struct subprocess *children; - -/* Prototypes for procedures local to this file. */ - -static void setup_signals __P((void)); -static void create_pidfile __P((int pid)); -static void create_linkpidfile __P((int pid)); -static void cleanup __P((void)); -static void get_input __P((void)); -static void calltimeout __P((void)); -static struct timeval *timeleft __P((struct timeval *)); -static void kill_my_pg __P((int)); -static void hup __P((int)); -static void term __P((int)); -static void chld __P((int)); -static void toggle_debug __P((int)); -static void open_ccp __P((int)); -static void bad_signal __P((int)); -static void holdoff_end __P((void *)); -static int reap_kids __P((void)); -static void childwait_end __P((void *)); - -#ifdef USE_TDB -static void update_db_entry __P((void)); -static void add_db_key __P((const char *)); -static void delete_db_key __P((const char *)); -static void cleanup_db __P((void)); -#endif - -static void handle_events __P((void)); -void print_link_stats __P((void)); - -extern char *ttyname __P((int)); -extern char *getlogin __P((void)); -int main __P((int, char *[])); - -#ifdef ultrix -#undef O_NONBLOCK -#define O_NONBLOCK O_NDELAY -#endif - -#ifdef ULTRIX -#define setlogmask(x) -#endif - -/* - * PPP Data Link Layer "protocol" table. - * One entry per supported protocol. - * The last entry must be NULL. - */ -struct protent *protocols[] = { - &lcp_protent, - &pap_protent, - &chap_protent, -#ifdef CBCP_SUPPORT - &cbcp_protent, -#endif - &ipcp_protent, -#ifdef INET6 - &ipv6cp_protent, -#endif - &ccp_protent, - &ecp_protent, -#ifdef IPX_CHANGE - &ipxcp_protent, -#endif -#ifdef AT_CHANGE - &atcp_protent, -#endif - &eap_protent, - NULL -}; - -/* - * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name. - */ -#if !defined(PPP_DRV_NAME) -#define PPP_DRV_NAME "ppp" -#endif /* !defined(PPP_DRV_NAME) */ - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int i, t; - char *p; - struct passwd *pw; - struct protent *protp; - char numbuf[16]; - - link_stats_valid = 0; - new_phase(PHASE_INITIALIZE); - - script_env = NULL; - - /* Initialize syslog facilities */ - reopen_log(); - - if (gethostname(hostname, MAXNAMELEN) < 0 ) { - option_error("Couldn't get hostname: %m"); - exit(1); - } - hostname[MAXNAMELEN-1] = 0; - - /* make sure we don't create world or group writable files. */ - umask(umask(0777) | 022); - - uid = getuid(); - privileged = uid == 0; - slprintf(numbuf, sizeof(numbuf), "%d", uid); - script_setenv("ORIG_UID", numbuf, 0); - - ngroups = getgroups(NGROUPS_MAX, groups); - - /* - * Initialize magic number generator now so that protocols may - * use magic numbers in initialization. - */ - magic_init(); - - /* - * Initialize each protocol. - */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) - (*protp->init)(0); - - /* - * Initialize the default channel. - */ - tty_init(); - - progname = *argv; - - /* - * Parse, in order, the system options file, the user's options file, - * and the command line arguments. - */ -#ifdef ANDROID - /* Android: only take options from commandline */ - if (!parse_args(argc-1, argv+1)) - exit(EXIT_OPTION_ERROR); - -#else - if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1) - || !options_from_user() - || !parse_args(argc-1, argv+1)) - exit(EXIT_OPTION_ERROR); - -#endif - - devnam_fixed = 1; /* can no longer change device name */ - - /* - * Work out the device name, if it hasn't already been specified, - * and parse the tty's options file. - */ - if (the_channel->process_extra_options) - (*the_channel->process_extra_options)(); - - if (debug) - setlogmask(LOG_UPTO(LOG_DEBUG)); - - /* - * Check that we are running as root. - */ - if (geteuid() != 0) { - option_error("must be root to run %s, since it is not setuid-root", - argv[0]); - exit(EXIT_NOT_ROOT); - } - - if (!ppp_available()) { - option_error("%s", no_ppp_msg); - exit(EXIT_NO_KERNEL_SUPPORT); - } - - /* - * Check that the options given are valid and consistent. - */ - check_options(); - if (!sys_check_options()) - exit(EXIT_OPTION_ERROR); - auth_check_options(); -#ifdef HAVE_MULTILINK - mp_check_options(); -#endif - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (protp->check_options != NULL) - (*protp->check_options)(); - if (the_channel->check_options) - (*the_channel->check_options)(); - - - if (dump_options || dryrun) { - init_pr_log(NULL, LOG_INFO); - print_options(pr_log, NULL); - end_pr_log(); - } - - if (dryrun) - die(0); - - /* Make sure fds 0, 1, 2 are open to somewhere. */ - fd_devnull = open(_PATH_DEVNULL, O_RDWR); - if (fd_devnull < 0) - fatal("Couldn't open %s: %m", _PATH_DEVNULL); - while (fd_devnull <= 2) { - i = dup(fd_devnull); - if (i < 0) - fatal("Critical shortage of file descriptors: dup failed: %m"); - fd_devnull = i; - } - - /* - * Initialize system-dependent stuff. - */ - sys_init(); -#ifdef USE_TDB - pppdb = tdb_open(_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644); - if (pppdb != NULL) { - slprintf(db_key, sizeof(db_key), "pppd%d", getpid()); - update_db_entry(); - } else { - warn("Warning: couldn't open ppp database %s", _PATH_PPPDB); - if (multilink) { - warn("Warning: disabling multilink"); - multilink = 0; - } - } -#endif - - /* - * Detach ourselves from the terminal, if required, - * and identify who is running us. - */ - if (!nodetach && !updetach) - detach(); - p = getlogin(); - if (p == NULL) { - pw = getpwuid(uid); - if (pw != NULL && pw->pw_name != NULL) - p = pw->pw_name; - else - p = "(unknown)"; - } - syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid); - script_setenv("PPPLOGNAME", p, 0); - - if (devnam[0]) - script_setenv("DEVICE", devnam, 1); - slprintf(numbuf, sizeof(numbuf), "%d", getpid()); - script_setenv("PPPD_PID", numbuf, 1); - - setup_signals(); - - create_linkpidfile(getpid()); - - waiting = 0; - - /* - * If we're doing dial-on-demand, set up the interface now. - */ - if (demand) { - /* - * Open the loopback channel and set it up to be the ppp interface. - */ - fd_loop = open_ppp_loopback(); - set_ifunit(1); - /* - * Configure the interface and mark it up, etc. - */ - demand_conf(); - } - - do_callback = 0; - for (;;) { - - bundle_eof = 0; - bundle_terminating = 0; - listen_time = 0; - need_holdoff = 1; - devfd = -1; - status = EXIT_OK; - ++unsuccess; - doing_callback = do_callback; - do_callback = 0; - - if (demand && !doing_callback) { - /* - * Don't do anything until we see some activity. - */ - new_phase(PHASE_DORMANT); - demand_unblock(); - add_fd(fd_loop); - for (;;) { - handle_events(); - if (asked_to_quit) - break; - if (get_loop_output()) - break; - } - remove_fd(fd_loop); - if (asked_to_quit) - break; - - /* - * Now we want to bring up the link. - */ - demand_block(); - info("Starting link"); - } - - gettimeofday(&start_time, NULL); - script_unsetenv("CONNECT_TIME"); - script_unsetenv("BYTES_SENT"); - script_unsetenv("BYTES_RCVD"); - - lcp_open(0); /* Start protocol */ - while (phase != PHASE_DEAD) { - handle_events(); - get_input(); - if (kill_link) - lcp_close(0, "User request"); - if (asked_to_quit) { - bundle_terminating = 1; - if (phase == PHASE_MASTER) - mp_bundle_terminated(); - } - if (open_ccp_flag) { - if (phase == PHASE_NETWORK || phase == PHASE_RUNNING) { - ccp_fsm[0].flags = OPT_RESTART; /* clears OPT_SILENT */ - (*ccp_protent.open)(0); - } - } - } - - if (!persist || asked_to_quit || (maxfail > 0 && unsuccess >= maxfail)) - break; - - if (demand) - demand_discard(); - t = need_holdoff? holdoff: 0; - if (holdoff_hook) - t = (*holdoff_hook)(); - if (t > 0) { - new_phase(PHASE_HOLDOFF); - TIMEOUT(holdoff_end, NULL, t); - do { - handle_events(); - if (kill_link) - new_phase(PHASE_DORMANT); /* allow signal to end holdoff */ - } while (phase == PHASE_HOLDOFF); - if (!persist) - break; - } - } - - /* Wait for scripts to finish */ - reap_kids(); - if (n_children > 0) { - if (child_wait > 0) - TIMEOUT(childwait_end, NULL, child_wait); - if (debug) { - struct subprocess *chp; - dbglog("Waiting for %d child processes...", n_children); - for (chp = children; chp != NULL; chp = chp->next) - dbglog(" script %s, pid %d", chp->prog, chp->pid); - } - while (n_children > 0 && !childwait_done) { - handle_events(); - if (kill_link && !childwait_done) - childwait_end(NULL); - } - } - - die(status); - return 0; -} - -/* - * handle_events - wait for something to happen and respond to it. - */ -static void -handle_events() -{ - struct timeval timo; - - kill_link = open_ccp_flag = 0; - if (sigsetjmp(sigjmp, 1) == 0) { - sigprocmask(SIG_BLOCK, &signals_handled, NULL); - if (got_sighup || got_sigterm || got_sigusr2 || got_sigchld) { - sigprocmask(SIG_UNBLOCK, &signals_handled, NULL); - } else { - waiting = 1; - sigprocmask(SIG_UNBLOCK, &signals_handled, NULL); - wait_input(timeleft(&timo)); - } - } - waiting = 0; - calltimeout(); - if (got_sighup) { - info("Hangup (SIGHUP)"); - kill_link = 1; - got_sighup = 0; - if (status != EXIT_HANGUP) - status = EXIT_USER_REQUEST; - } - if (got_sigterm) { - info("Terminating on signal %d", got_sigterm); - kill_link = 1; - asked_to_quit = 1; - persist = 0; - status = EXIT_USER_REQUEST; - got_sigterm = 0; - } - if (got_sigchld) { - got_sigchld = 0; - reap_kids(); /* Don't leave dead kids lying around */ - } - if (got_sigusr2) { - open_ccp_flag = 1; - got_sigusr2 = 0; - } -} - -/* - * setup_signals - initialize signal handling. - */ -static void -setup_signals() -{ - struct sigaction sa; - - /* - * Compute mask of all interesting signals and install signal handlers - * for each. Only one signal handler may be active at a time. Therefore, - * all other signals should be masked when any handler is executing. - */ - sigemptyset(&signals_handled); - sigaddset(&signals_handled, SIGHUP); - sigaddset(&signals_handled, SIGINT); - sigaddset(&signals_handled, SIGTERM); - sigaddset(&signals_handled, SIGCHLD); - sigaddset(&signals_handled, SIGUSR2); - -#define SIGNAL(s, handler) do { \ - sa.sa_handler = handler; \ - if (sigaction(s, &sa, NULL) < 0) \ - fatal("Couldn't establish signal handler (%d): %m", s); \ - } while (0) - - sa.sa_mask = signals_handled; - sa.sa_flags = 0; - SIGNAL(SIGHUP, hup); /* Hangup */ - SIGNAL(SIGINT, term); /* Interrupt */ - SIGNAL(SIGTERM, term); /* Terminate */ - SIGNAL(SIGCHLD, chld); - - SIGNAL(SIGUSR1, toggle_debug); /* Toggle debug flag */ - SIGNAL(SIGUSR2, open_ccp); /* Reopen CCP */ - - /* - * Install a handler for other signals which would otherwise - * cause pppd to exit without cleaning up. - */ - SIGNAL(SIGABRT, bad_signal); - SIGNAL(SIGALRM, bad_signal); - SIGNAL(SIGFPE, bad_signal); - SIGNAL(SIGILL, bad_signal); - SIGNAL(SIGPIPE, bad_signal); - SIGNAL(SIGQUIT, bad_signal); - SIGNAL(SIGSEGV, bad_signal); -#ifdef SIGBUS - SIGNAL(SIGBUS, bad_signal); -#endif -#ifdef SIGEMT - SIGNAL(SIGEMT, bad_signal); -#endif -#ifdef SIGPOLL - SIGNAL(SIGPOLL, bad_signal); -#endif -#ifdef SIGPROF - SIGNAL(SIGPROF, bad_signal); -#endif -#ifdef SIGSYS - SIGNAL(SIGSYS, bad_signal); -#endif -#ifdef SIGTRAP - SIGNAL(SIGTRAP, bad_signal); -#endif -#ifdef SIGVTALRM - SIGNAL(SIGVTALRM, bad_signal); -#endif -#ifdef SIGXCPU - SIGNAL(SIGXCPU, bad_signal); -#endif -#ifdef SIGXFSZ - SIGNAL(SIGXFSZ, bad_signal); -#endif - - /* - * Apparently we can get a SIGPIPE when we call syslog, if - * syslogd has died and been restarted. Ignoring it seems - * be sufficient. - */ - signal(SIGPIPE, SIG_IGN); -} - -/* - * set_ifunit - do things we need to do once we know which ppp - * unit we are using. - */ -void -set_ifunit(iskey) - int iskey; -{ - info("Using interface %s%d", PPP_DRV_NAME, ifunit); - slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); - script_setenv("IFNAME", ifname, iskey); - if (iskey) { - create_pidfile(getpid()); /* write pid to file */ - create_linkpidfile(getpid()); - } -} - -/* - * detach - detach us from the controlling terminal. - */ -void -detach() -{ - int pid; - char numbuf[16]; - int pipefd[2]; - - if (detached) - return; - if (pipe(pipefd) == -1) - pipefd[0] = pipefd[1] = -1; - if ((pid = fork()) < 0) { - error("Couldn't detach (fork failed: %m)"); - die(1); /* or just return? */ - } - if (pid != 0) { - /* parent */ - notify(pidchange, pid); - /* update pid files if they have been written already */ - if (pidfilename[0]) - create_pidfile(pid); - if (linkpidfile[0]) - create_linkpidfile(pid); - exit(0); /* parent dies */ - } - setsid(); - chdir("/"); - dup2(fd_devnull, 0); - dup2(fd_devnull, 1); - dup2(fd_devnull, 2); - detached = 1; - if (log_default) - log_to_fd = -1; - slprintf(numbuf, sizeof(numbuf), "%d", getpid()); - script_setenv("PPPD_PID", numbuf, 1); - - /* wait for parent to finish updating pid & lock files and die */ - close(pipefd[1]); - complete_read(pipefd[0], numbuf, 1); - close(pipefd[0]); -} - -/* - * reopen_log - (re)open our connection to syslog. - */ -void -reopen_log() -{ - openlog("pppd", LOG_PID | LOG_NDELAY, LOG_PPP); - setlogmask(LOG_UPTO(LOG_INFO)); -} - -/* - * Create a file containing our process ID. - */ -static void -create_pidfile(pid) - int pid; -{ - FILE *pidfile; - - slprintf(pidfilename, sizeof(pidfilename), "%s%s.pid", - _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - error("Failed to create pid file %s: %m", pidfilename); - pidfilename[0] = 0; - } -} - -void -create_linkpidfile(pid) - int pid; -{ - FILE *pidfile; - - if (linkname[0] == 0) - return; - script_setenv("LINKNAME", linkname, 1); - slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid", - _PATH_VARRUN, linkname); - if ((pidfile = fopen(linkpidfile, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - if (ifname[0]) - fprintf(pidfile, "%s\n", ifname); - (void) fclose(pidfile); - } else { - error("Failed to create pid file %s: %m", linkpidfile); - linkpidfile[0] = 0; - } -} - -/* - * remove_pidfile - remove our pid files - */ -void remove_pidfiles() -{ - if (pidfilename[0] != 0 && unlink(pidfilename) < 0 && errno != ENOENT) - warn("unable to delete pid file %s: %m", pidfilename); - pidfilename[0] = 0; - if (linkpidfile[0] != 0 && unlink(linkpidfile) < 0 && errno != ENOENT) - warn("unable to delete pid file %s: %m", linkpidfile); - linkpidfile[0] = 0; -} - -/* - * holdoff_end - called via a timeout when the holdoff period ends. - */ -static void -holdoff_end(arg) - void *arg; -{ - new_phase(PHASE_DORMANT); -} - -/* List of protocol names, to make our messages a little more informative. */ -struct protocol_list { - u_short proto; - const char *name; -} protocol_list[] = { - { 0x21, "IP" }, - { 0x23, "OSI Network Layer" }, - { 0x25, "Xerox NS IDP" }, - { 0x27, "DECnet Phase IV" }, - { 0x29, "Appletalk" }, - { 0x2b, "Novell IPX" }, - { 0x2d, "VJ compressed TCP/IP" }, - { 0x2f, "VJ uncompressed TCP/IP" }, - { 0x31, "Bridging PDU" }, - { 0x33, "Stream Protocol ST-II" }, - { 0x35, "Banyan Vines" }, - { 0x39, "AppleTalk EDDP" }, - { 0x3b, "AppleTalk SmartBuffered" }, - { 0x3d, "Multi-Link" }, - { 0x3f, "NETBIOS Framing" }, - { 0x41, "Cisco Systems" }, - { 0x43, "Ascom Timeplex" }, - { 0x45, "Fujitsu Link Backup and Load Balancing (LBLB)" }, - { 0x47, "DCA Remote Lan" }, - { 0x49, "Serial Data Transport Protocol (PPP-SDTP)" }, - { 0x4b, "SNA over 802.2" }, - { 0x4d, "SNA" }, - { 0x4f, "IP6 Header Compression" }, - { 0x6f, "Stampede Bridging" }, - { 0xfb, "single-link compression" }, - { 0xfd, "1st choice compression" }, - { 0x0201, "802.1d Hello Packets" }, - { 0x0203, "IBM Source Routing BPDU" }, - { 0x0205, "DEC LANBridge100 Spanning Tree" }, - { 0x0231, "Luxcom" }, - { 0x0233, "Sigma Network Systems" }, - { 0x8021, "Internet Protocol Control Protocol" }, - { 0x8023, "OSI Network Layer Control Protocol" }, - { 0x8025, "Xerox NS IDP Control Protocol" }, - { 0x8027, "DECnet Phase IV Control Protocol" }, - { 0x8029, "Appletalk Control Protocol" }, - { 0x802b, "Novell IPX Control Protocol" }, - { 0x8031, "Bridging NCP" }, - { 0x8033, "Stream Protocol Control Protocol" }, - { 0x8035, "Banyan Vines Control Protocol" }, - { 0x803d, "Multi-Link Control Protocol" }, - { 0x803f, "NETBIOS Framing Control Protocol" }, - { 0x8041, "Cisco Systems Control Protocol" }, - { 0x8043, "Ascom Timeplex" }, - { 0x8045, "Fujitsu LBLB Control Protocol" }, - { 0x8047, "DCA Remote Lan Network Control Protocol (RLNCP)" }, - { 0x8049, "Serial Data Control Protocol (PPP-SDCP)" }, - { 0x804b, "SNA over 802.2 Control Protocol" }, - { 0x804d, "SNA Control Protocol" }, - { 0x804f, "IP6 Header Compression Control Protocol" }, - { 0x006f, "Stampede Bridging Control Protocol" }, - { 0x80fb, "Single Link Compression Control Protocol" }, - { 0x80fd, "Compression Control Protocol" }, - { 0xc021, "Link Control Protocol" }, - { 0xc023, "Password Authentication Protocol" }, - { 0xc025, "Link Quality Report" }, - { 0xc027, "Shiva Password Authentication Protocol" }, - { 0xc029, "CallBack Control Protocol (CBCP)" }, - { 0xc081, "Container Control Protocol" }, - { 0xc223, "Challenge Handshake Authentication Protocol" }, - { 0xc281, "Proprietary Authentication Protocol" }, - { 0, NULL }, -}; - -/* - * protocol_name - find a name for a PPP protocol. - */ -const char * -protocol_name(proto) - int proto; -{ - struct protocol_list *lp; - - for (lp = protocol_list; lp->proto != 0; ++lp) - if (proto == lp->proto) - return lp->name; - return NULL; -} - -/* - * get_input - called when incoming data is available. - */ -static void -get_input() -{ - int len, i; - u_char *p; - u_short protocol; - struct protent *protp; - - p = inpacket_buf; /* point to beginning of packet buffer */ - - len = read_packet(inpacket_buf); - if (len < 0) - return; - - if (len == 0) { - if (bundle_eof && multilink_master) { - notice("Last channel has disconnected"); - mp_bundle_terminated(); - return; - } - notice("Modem hangup"); - hungup = 1; - status = EXIT_HANGUP; - lcp_lowerdown(0); /* serial link is no longer available */ - link_terminated(0); - return; - } - - if (len < PPP_HDRLEN) { - dbglog("received short packet:%.*B", len, p); - return; - } - - dump_packet("rcvd", p, len); - if (snoop_recv_hook) snoop_recv_hook(p, len); - - p += 2; /* Skip address and control */ - GETSHORT(protocol, p); - len -= PPP_HDRLEN; - - /* - * Toss all non-LCP packets unless LCP is OPEN. - */ - if (protocol != PPP_LCP && lcp_fsm[0].state != OPENED) { - dbglog("Discarded non-LCP packet when LCP not open"); - return; - } - - /* - * Until we get past the authentication phase, toss all packets - * except LCP, LQR and authentication packets. - */ - if (phase <= PHASE_AUTHENTICATE - && !(protocol == PPP_LCP || protocol == PPP_LQR - || protocol == PPP_PAP || protocol == PPP_CHAP || - protocol == PPP_EAP)) { - dbglog("discarding proto 0x%x in phase %d", - protocol, phase); - return; - } - - /* - * Upcall the proper protocol input routine. - */ - for (i = 0; (protp = protocols[i]) != NULL; ++i) { - if (protp->protocol == protocol && protp->enabled_flag) { - (*protp->input)(0, p, len); - return; - } - if (protocol == (protp->protocol & ~0x8000) && protp->enabled_flag - && protp->datainput != NULL) { - (*protp->datainput)(0, p, len); - return; - } - } - - if (debug) { - const char *pname = protocol_name(protocol); - if (pname != NULL) - warn("Unsupported protocol '%s' (0x%x) received", pname, protocol); - else - warn("Unsupported protocol 0x%x received", protocol); - } - lcp_sprotrej(0, p - PPP_HDRLEN, len + PPP_HDRLEN); -} - -/* - * ppp_send_config - configure the transmit-side characteristics of - * the ppp interface. Returns -1, indicating an error, if the channel - * send_config procedure called error() (or incremented error_count - * itself), otherwise 0. - */ -int -ppp_send_config(unit, mtu, accm, pcomp, accomp) - int unit, mtu; - u_int32_t accm; - int pcomp, accomp; -{ - int errs; - - if (the_channel->send_config == NULL) - return 0; - errs = error_count; - (*the_channel->send_config)(mtu, accm, pcomp, accomp); - return (error_count != errs)? -1: 0; -} - -/* - * ppp_recv_config - configure the receive-side characteristics of - * the ppp interface. Returns -1, indicating an error, if the channel - * recv_config procedure called error() (or incremented error_count - * itself), otherwise 0. - */ -int -ppp_recv_config(unit, mru, accm, pcomp, accomp) - int unit, mru; - u_int32_t accm; - int pcomp, accomp; -{ - int errs; - - if (the_channel->recv_config == NULL) - return 0; - errs = error_count; - (*the_channel->recv_config)(mru, accm, pcomp, accomp); - return (error_count != errs)? -1: 0; -} - -/* - * new_phase - signal the start of a new phase of pppd's operation. - */ -void -new_phase(p) - int p; -{ - phase = p; - if (new_phase_hook) - (*new_phase_hook)(p); - notify(phasechange, p); -} - -/* - * die - clean up state and exit with the specified status. - */ -void -die(status) - int status; -{ - if (!doing_multilink || multilink_master) - print_link_stats(); - cleanup(); - notify(exitnotify, status); - syslog(LOG_INFO, "Exit."); - exit(status); -} - -/* - * cleanup - restore anything which needs to be restored before we exit - */ -/* ARGSUSED */ -static void -cleanup() -{ - sys_cleanup(); - - if (fd_ppp >= 0) - the_channel->disestablish_ppp(devfd); - if (the_channel->cleanup) - (*the_channel->cleanup)(); - remove_pidfiles(); - -#ifdef USE_TDB - if (pppdb != NULL) - cleanup_db(); -#endif - -} - -void -print_link_stats() -{ - /* - * Print connect time and statistics. - */ - if (link_stats_valid) { - int t = (link_connect_time + 5) / 6; /* 1/10ths of minutes */ - info("Connect time %d.%d minutes.", t/10, t%10); - info("Sent %u bytes, received %u bytes.", - link_stats.bytes_out, link_stats.bytes_in); - link_stats_valid = 0; - } -} - -/* - * reset_link_stats - "reset" stats when link goes up. - */ -void -reset_link_stats(u) - int u; -{ - if (!get_ppp_stats(u, &old_link_stats)) - return; - gettimeofday(&start_time, NULL); -} - -/* - * update_link_stats - get stats at link termination. - */ -void -update_link_stats(u) - int u; -{ - struct timeval now; - char numbuf[32]; - - if (!get_ppp_stats(u, &link_stats) - || gettimeofday(&now, NULL) < 0) - return; - link_connect_time = now.tv_sec - start_time.tv_sec; - link_stats_valid = 1; - - link_stats.bytes_in -= old_link_stats.bytes_in; - link_stats.bytes_out -= old_link_stats.bytes_out; - link_stats.pkts_in -= old_link_stats.pkts_in; - link_stats.pkts_out -= old_link_stats.pkts_out; - - slprintf(numbuf, sizeof(numbuf), "%u", link_connect_time); - script_setenv("CONNECT_TIME", numbuf, 0); - slprintf(numbuf, sizeof(numbuf), "%u", link_stats.bytes_out); - script_setenv("BYTES_SENT", numbuf, 0); - slprintf(numbuf, sizeof(numbuf), "%u", link_stats.bytes_in); - script_setenv("BYTES_RCVD", numbuf, 0); -} - - -struct callout { - struct timeval c_time; /* time at which to call routine */ - void *c_arg; /* argument to routine */ - void (*c_func) __P((void *)); /* routine */ - struct callout *c_next; -}; - -static struct callout *callout = NULL; /* Callout list */ -static struct timeval timenow; /* Current time */ - -/* - * timeout - Schedule a timeout. - */ -void -timeout(func, arg, secs, usecs) - void (*func) __P((void *)); - void *arg; - int secs, usecs; -{ - struct callout *newp, *p, **pp; - - /* - * Allocate timeout. - */ - if ((newp = (struct callout *) malloc(sizeof(struct callout))) == NULL) - fatal("Out of memory in timeout()!"); - newp->c_arg = arg; - newp->c_func = func; - gettimeofday(&timenow, NULL); - newp->c_time.tv_sec = timenow.tv_sec + secs; - newp->c_time.tv_usec = timenow.tv_usec + usecs; - if (newp->c_time.tv_usec >= 1000000) { - newp->c_time.tv_sec += newp->c_time.tv_usec / 1000000; - newp->c_time.tv_usec %= 1000000; - } - - /* - * Find correct place and link it in. - */ - for (pp = &callout; (p = *pp); pp = &p->c_next) - if (newp->c_time.tv_sec < p->c_time.tv_sec - || (newp->c_time.tv_sec == p->c_time.tv_sec - && newp->c_time.tv_usec < p->c_time.tv_usec)) - break; - newp->c_next = p; - *pp = newp; -} - - -/* - * untimeout - Unschedule a timeout. - */ -void -untimeout(func, arg) - void (*func) __P((void *)); - void *arg; -{ - struct callout **copp, *freep; - - /* - * Find first matching timeout and remove it from the list. - */ - for (copp = &callout; (freep = *copp); copp = &freep->c_next) - if (freep->c_func == func && freep->c_arg == arg) { - *copp = freep->c_next; - free((char *) freep); - break; - } -} - - -/* - * calltimeout - Call any timeout routines which are now due. - */ -static void -calltimeout() -{ - struct callout *p; - - while (callout != NULL) { - p = callout; - - if (gettimeofday(&timenow, NULL) < 0) - fatal("Failed to get time of day: %m"); - if (!(p->c_time.tv_sec < timenow.tv_sec - || (p->c_time.tv_sec == timenow.tv_sec - && p->c_time.tv_usec <= timenow.tv_usec))) - break; /* no, it's not time yet */ - - callout = p->c_next; - (*p->c_func)(p->c_arg); - - free((char *) p); - } -} - - -/* - * timeleft - return the length of time until the next timeout is due. - */ -static struct timeval * -timeleft(tvp) - struct timeval *tvp; -{ - if (callout == NULL) - return NULL; - - gettimeofday(&timenow, NULL); - tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec; - tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec; - if (tvp->tv_usec < 0) { - tvp->tv_usec += 1000000; - tvp->tv_sec -= 1; - } - if (tvp->tv_sec < 0) - tvp->tv_sec = tvp->tv_usec = 0; - - return tvp; -} - - -/* - * kill_my_pg - send a signal to our process group, and ignore it ourselves. - * We assume that sig is currently blocked. - */ -static void -kill_my_pg(sig) - int sig; -{ - struct sigaction act, oldact; - - sigemptyset(&act.sa_mask); /* unnecessary in fact */ - act.sa_handler = SIG_IGN; - act.sa_flags = 0; - kill(0, sig); - /* - * The kill() above made the signal pending for us, as well as - * the rest of our process group, but we don't want it delivered - * to us. It is blocked at the moment. Setting it to be ignored - * will cause the pending signal to be discarded. If we did the - * kill() after setting the signal to be ignored, it is unspecified - * (by POSIX) whether the signal is immediately discarded or left - * pending, and in fact Linux would leave it pending, and so it - * would be delivered after the current signal handler exits, - * leading to an infinite loop. - */ - sigaction(sig, &act, &oldact); - sigaction(sig, &oldact, NULL); -} - - -/* - * hup - Catch SIGHUP signal. - * - * Indicates that the physical layer has been disconnected. - * We don't rely on this indication; if the user has sent this - * signal, we just take the link down. - */ -static void -hup(sig) - int sig; -{ - /* can't log a message here, it can deadlock */ - got_sighup = 1; - if (conn_running) - /* Send the signal to the [dis]connector process(es) also */ - kill_my_pg(sig); - notify(sigreceived, sig); - if (waiting) - siglongjmp(sigjmp, 1); -} - - -/* - * term - Catch SIGTERM signal and SIGINT signal (^C/del). - * - * Indicates that we should initiate a graceful disconnect and exit. - */ -/*ARGSUSED*/ -static void -term(sig) - int sig; -{ - /* can't log a message here, it can deadlock */ - got_sigterm = sig; - if (conn_running) - /* Send the signal to the [dis]connector process(es) also */ - kill_my_pg(sig); - notify(sigreceived, sig); - if (waiting) - siglongjmp(sigjmp, 1); -} - - -/* - * chld - Catch SIGCHLD signal. - * Sets a flag so we will call reap_kids in the mainline. - */ -static void -chld(sig) - int sig; -{ - got_sigchld = 1; - if (waiting) - siglongjmp(sigjmp, 1); -} - - -/* - * toggle_debug - Catch SIGUSR1 signal. - * - * Toggle debug flag. - */ -/*ARGSUSED*/ -static void -toggle_debug(sig) - int sig; -{ - debug = !debug; - if (debug) { - setlogmask(LOG_UPTO(LOG_DEBUG)); - } else { - setlogmask(LOG_UPTO(LOG_WARNING)); - } -} - - -/* - * open_ccp - Catch SIGUSR2 signal. - * - * Try to (re)negotiate compression. - */ -/*ARGSUSED*/ -static void -open_ccp(sig) - int sig; -{ - got_sigusr2 = 1; - if (waiting) - siglongjmp(sigjmp, 1); -} - - -/* - * bad_signal - We've caught a fatal signal. Clean up state and exit. - */ -static void -bad_signal(sig) - int sig; -{ - static int crashed = 0; - - if (crashed) - _exit(127); - crashed = 1; - error("Fatal signal %d", sig); - if (conn_running) - kill_my_pg(SIGTERM); - notify(sigreceived, sig); - die(127); -} - -/* - * safe_fork - Create a child process. The child closes all the - * file descriptors that we don't want to leak to a script. - * The parent waits for the child to do this before returning. - * This also arranges for the specified fds to be dup'd to - * fds 0, 1, 2 in the child. - */ -pid_t -safe_fork(int infd, int outfd, int errfd) -{ - pid_t pid; - int fd, pipefd[2]; - char buf[1]; - - /* make sure fds 0, 1, 2 are occupied (probably not necessary) */ - while ((fd = dup(fd_devnull)) >= 0) { - if (fd > 2) { - close(fd); - break; - } - } - - if (pipe(pipefd) == -1) - pipefd[0] = pipefd[1] = -1; - pid = fork(); - if (pid < 0) { - error("fork failed: %m"); - return -1; - } - if (pid > 0) { - /* parent */ - close(pipefd[1]); - /* this read() blocks until the close(pipefd[1]) below */ - complete_read(pipefd[0], buf, 1); - close(pipefd[0]); - return pid; - } - - /* Executing in the child */ - sys_close(); -#ifdef USE_TDB - tdb_close(pppdb); -#endif - - /* make sure infd, outfd and errfd won't get tromped on below */ - if (infd == 1 || infd == 2) - infd = dup(infd); - if (outfd == 0 || outfd == 2) - outfd = dup(outfd); - if (errfd == 0 || errfd == 1) - errfd = dup(errfd); - - /* dup the in, out, err fds to 0, 1, 2 */ - if (infd != 0) - dup2(infd, 0); - if (outfd != 1) - dup2(outfd, 1); - if (errfd != 2) - dup2(errfd, 2); - - closelog(); - if (log_to_fd > 2) - close(log_to_fd); - if (the_channel->close) - (*the_channel->close)(); - else - close(devfd); /* some plugins don't have a close function */ - close(fd_ppp); - close(fd_devnull); - if (infd != 0) - close(infd); - if (outfd != 1) - close(outfd); - if (errfd != 2) - close(errfd); - - notify(fork_notifier, 0); - close(pipefd[0]); - /* this close unblocks the read() call above in the parent */ - close(pipefd[1]); - - return 0; -} - -/* - * device_script - run a program to talk to the specified fds - * (e.g. to run the connector or disconnector script). - * stderr gets connected to the log fd or to the _PATH_CONNERRS file. - */ -int -device_script(program, in, out, dont_wait) - char *program; - int in, out; - int dont_wait; -{ - int pid; - int status = -1; - int errfd; - - if (log_to_fd >= 0) - errfd = log_to_fd; - else - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); - - ++conn_running; - pid = safe_fork(in, out, errfd); - - if (pid != 0 && log_to_fd < 0) - close(errfd); - - if (pid < 0) { - --conn_running; - error("Failed to create child process: %m"); - return -1; - } - - if (pid != 0) { - if (dont_wait) { - record_child(pid, program, NULL, NULL); - status = 0; - } else { - while (waitpid(pid, &status, 0) < 0) { - if (errno == EINTR) - continue; - fatal("error waiting for (dis)connection process: %m"); - } - --conn_running; - } - return (status == 0 ? 0 : -1); - } - - /* here we are executing in the child */ - - setgid(getgid()); - setuid(uid); - if (getuid() != uid) { - fprintf(stderr, "pppd: setuid failed\n"); - exit(1); - } - execl("/system/bin/sh", "sh", "-c", program, NULL); - perror("pppd: could not exec /bin/sh"); - exit(99); - /* NOTREACHED */ -} - - -/* - * run-program - execute a program with given arguments, - * but don't wait for it. - * If the program can't be executed, logs an error unless - * must_exist is 0 and the program file doesn't exist. - * Returns -1 if it couldn't fork, 0 if the file doesn't exist - * or isn't an executable plain file, or the process ID of the child. - * If done != NULL, (*done)(arg) will be called later (within - * reap_kids) iff the return value is > 0. - */ -pid_t -run_program(prog, args, must_exist, done, arg) - char *prog; - char **args; - int must_exist; - void (*done) __P((void *)); - void *arg; -{ - int pid; - struct stat sbuf; - - /* - * First check if the file exists and is executable. - * We don't use access() because that would use the - * real user-id, which might not be root, and the script - * might be accessible only to root. - */ - errno = EINVAL; - if (stat(prog, &sbuf) < 0 || !S_ISREG(sbuf.st_mode) - || (sbuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0) { - if (must_exist || errno != ENOENT) - warn("Can't execute %s: %m", prog); - return 0; - } - - pid = safe_fork(fd_devnull, fd_devnull, fd_devnull); - if (pid == -1) { - error("Failed to create child process for %s: %m", prog); - return -1; - } - if (pid != 0) { - if (debug) - dbglog("Script %s started (pid %d)", prog, pid); - record_child(pid, prog, done, arg); - return pid; - } - - /* Leave the current location */ - (void) setsid(); /* No controlling tty. */ - (void) umask (S_IRWXG|S_IRWXO); - (void) chdir ("/"); /* no current directory. */ - setuid(0); /* set real UID = root */ - setgid(getegid()); - -#ifdef BSD - /* Force the priority back to zero if pppd is running higher. */ - if (setpriority (PRIO_PROCESS, 0, 0) < 0) - warn("can't reset priority to 0: %m"); -#endif - - /* run the program */ - execve(prog, args, script_env); - if (must_exist || errno != ENOENT) { - /* have to reopen the log, there's nowhere else - for the message to go. */ - reopen_log(); - syslog(LOG_ERR, "Can't execute %s: %m", prog); - closelog(); - } - _exit(-1); -} - - -/* - * record_child - add a child process to the list for reap_kids - * to use. - */ -void -record_child(pid, prog, done, arg) - int pid; - char *prog; - void (*done) __P((void *)); - void *arg; -{ - struct subprocess *chp; - - ++n_children; - - chp = (struct subprocess *) malloc(sizeof(struct subprocess)); - if (chp == NULL) { - warn("losing track of %s process", prog); - } else { - chp->pid = pid; - chp->prog = prog; - chp->done = done; - chp->arg = arg; - chp->next = children; - children = chp; - } -} - -/* - * childwait_end - we got fed up waiting for the child processes to - * exit, send them all a SIGTERM. - */ -static void -childwait_end(arg) - void *arg; -{ - struct subprocess *chp; - - for (chp = children; chp != NULL; chp = chp->next) { - if (debug) - dbglog("sending SIGTERM to process %d", chp->pid); - kill(chp->pid, SIGTERM); - } - childwait_done = 1; -} - -/* - * reap_kids - get status from any dead child processes, - * and log a message for abnormal terminations. - */ -static int -reap_kids() -{ - int pid, status; - struct subprocess *chp, **prevp; - - if (n_children == 0) - return 0; - while ((pid = waitpid(-1, &status, WNOHANG)) != -1 && pid != 0) { - for (prevp = &children; (chp = *prevp) != NULL; prevp = &chp->next) { - if (chp->pid == pid) { - --n_children; - *prevp = chp->next; - break; - } - } - if (WIFSIGNALED(status)) { - warn("Child process %s (pid %d) terminated with signal %d", - (chp? chp->prog: "??"), pid, WTERMSIG(status)); - } else if (debug) - dbglog("Script %s finished (pid %d), status = 0x%x", - (chp? chp->prog: "??"), pid, - WIFEXITED(status) ? WEXITSTATUS(status) : status); - if (chp && chp->done) - (*chp->done)(chp->arg); - if (chp) - free(chp); - } - if (pid == -1) { - if (errno == ECHILD) - return -1; - if (errno != EINTR) - error("Error waiting for child process: %m"); - } - return 0; -} - -/* - * add_notifier - add a new function to be called when something happens. - */ -void -add_notifier(notif, func, arg) - struct notifier **notif; - notify_func func; - void *arg; -{ - struct notifier *np; - - np = malloc(sizeof(struct notifier)); - if (np == 0) - novm("notifier struct"); - np->next = *notif; - np->func = func; - np->arg = arg; - *notif = np; -} - -/* - * remove_notifier - remove a function from the list of things to - * be called when something happens. - */ -void -remove_notifier(notif, func, arg) - struct notifier **notif; - notify_func func; - void *arg; -{ - struct notifier *np; - - for (; (np = *notif) != 0; notif = &np->next) { - if (np->func == func && np->arg == arg) { - *notif = np->next; - free(np); - break; - } - } -} - -/* - * notify - call a set of functions registered with add_notifier. - */ -void -notify(notif, val) - struct notifier *notif; - int val; -{ - struct notifier *np; - - while ((np = notif) != 0) { - notif = np->next; - (*np->func)(np->arg, val); - } -} - -/* - * novm - log an error message saying we ran out of memory, and die. - */ -void -novm(msg) - char *msg; -{ - fatal("Virtual memory exhausted allocating %s\n", msg); -} - -/* - * script_setenv - set an environment variable value to be used - * for scripts that we run (e.g. ip-up, auth-up, etc.) - */ -void -script_setenv(var, value, iskey) - char *var, *value; - int iskey; -{ - size_t varl = strlen(var); - size_t vl = varl + strlen(value) + 2; - int i; - char *p, *newstring; - - newstring = (char *) malloc(vl+1); - if (newstring == 0) - return; - *newstring++ = iskey; - slprintf(newstring, vl, "%s=%s", var, value); - - /* check if this variable is already set */ - if (script_env != 0) { - for (i = 0; (p = script_env[i]) != 0; ++i) { - if (strncmp(p, var, varl) == 0 && p[varl] == '=') { -#ifdef USE_TDB - if (p[-1] && pppdb != NULL) - delete_db_key(p); -#endif - free(p-1); - script_env[i] = newstring; -#ifdef USE_TDB - if (iskey && pppdb != NULL) - add_db_key(newstring); - update_db_entry(); -#endif - return; - } - } - } else { - /* no space allocated for script env. ptrs. yet */ - i = 0; - script_env = (char **) malloc(16 * sizeof(char *)); - if (script_env == 0) - return; - s_env_nalloc = 16; - } - - /* reallocate script_env with more space if needed */ - if (i + 1 >= s_env_nalloc) { - int new_n = i + 17; - char **newenv = (char **) realloc((void *)script_env, - new_n * sizeof(char *)); - if (newenv == 0) - return; - script_env = newenv; - s_env_nalloc = new_n; - } - - script_env[i] = newstring; - script_env[i+1] = 0; - -#ifdef USE_TDB - if (pppdb != NULL) { - if (iskey) - add_db_key(newstring); - update_db_entry(); - } -#endif -} - -/* - * script_unsetenv - remove a variable from the environment - * for scripts. - */ -void -script_unsetenv(var) - char *var; -{ - int vl = strlen(var); - int i; - char *p; - - if (script_env == 0) - return; - for (i = 0; (p = script_env[i]) != 0; ++i) { - if (strncmp(p, var, vl) == 0 && p[vl] == '=') { -#ifdef USE_TDB - if (p[-1] && pppdb != NULL) - delete_db_key(p); -#endif - free(p-1); - while ((script_env[i] = script_env[i+1]) != 0) - ++i; - break; - } - } -#ifdef USE_TDB - if (pppdb != NULL) - update_db_entry(); -#endif -} - -/* - * Any arbitrary string used as a key for locking the database. - * It doesn't matter what it is as long as all pppds use the same string. - */ -#define PPPD_LOCK_KEY "pppd lock" - -/* - * lock_db - get an exclusive lock on the TDB database. - * Used to ensure atomicity of various lookup/modify operations. - */ -void lock_db() -{ -#ifdef USE_TDB - TDB_DATA key; - - key.dptr = PPPD_LOCK_KEY; - key.dsize = strlen(key.dptr); - tdb_chainlock(pppdb, key); -#endif -} - -/* - * unlock_db - remove the exclusive lock obtained by lock_db. - */ -void unlock_db() -{ -#ifdef USE_TDB - TDB_DATA key; - - key.dptr = PPPD_LOCK_KEY; - key.dsize = strlen(key.dptr); - tdb_chainunlock(pppdb, key); -#endif -} - -#ifdef USE_TDB -/* - * update_db_entry - update our entry in the database. - */ -static void -update_db_entry() -{ - TDB_DATA key, dbuf; - int vlen, i; - char *p, *q, *vbuf; - - if (script_env == NULL) - return; - vlen = 0; - for (i = 0; (p = script_env[i]) != 0; ++i) - vlen += strlen(p) + 1; - vbuf = malloc(vlen + 1); - if (vbuf == 0) - novm("database entry"); - q = vbuf; - for (i = 0; (p = script_env[i]) != 0; ++i) - q += slprintf(q, vbuf + vlen - q, "%s;", p); - - key.dptr = db_key; - key.dsize = strlen(db_key); - dbuf.dptr = vbuf; - dbuf.dsize = vlen; - if (tdb_store(pppdb, key, dbuf, TDB_REPLACE)) - error("tdb_store failed: %s", tdb_error(pppdb)); - - if (vbuf) - free(vbuf); - -} - -/* - * add_db_key - add a key that we can use to look up our database entry. - */ -static void -add_db_key(str) - const char *str; -{ - TDB_DATA key, dbuf; - - key.dptr = (char *) str; - key.dsize = strlen(str); - dbuf.dptr = db_key; - dbuf.dsize = strlen(db_key); - if (tdb_store(pppdb, key, dbuf, TDB_REPLACE)) - error("tdb_store key failed: %s", tdb_error(pppdb)); -} - -/* - * delete_db_key - delete a key for looking up our database entry. - */ -static void -delete_db_key(str) - const char *str; -{ - TDB_DATA key; - - key.dptr = (char *) str; - key.dsize = strlen(str); - tdb_delete(pppdb, key); -} - -/* - * cleanup_db - delete all the entries we put in the database. - */ -static void -cleanup_db() -{ - TDB_DATA key; - int i; - char *p; - - key.dptr = db_key; - key.dsize = strlen(db_key); - tdb_delete(pppdb, key); - for (i = 0; (p = script_env[i]) != 0; ++i) - if (p[-1]) - delete_db_key(p); -} -#endif /* USE_TDB */ diff --git a/pppd/md4.c b/pppd/md4.c deleted file mode 100644 index cda9f94..0000000 --- a/pppd/md4.c +++ /dev/null @@ -1,298 +0,0 @@ -/* -** ******************************************************************** -** md4.c -- Implementation of MD4 Message Digest Algorithm ** -** Updated: 2/16/90 by Ronald L. Rivest ** -** (C) 1990 RSA Data Security, Inc. ** -** ******************************************************************** -*/ - -/* -** To use MD4: -** -- Include md4.h in your program -** -- Declare an MDstruct MD to hold the state of the digest -** computation. -** -- Initialize MD using MDbegin(&MD) -** -- For each full block (64 bytes) X you wish to process, call -** MD4Update(&MD,X,512) -** (512 is the number of bits in a full block.) -** -- For the last block (less than 64 bytes) you wish to process, -** MD4Update(&MD,X,n) -** where n is the number of bits in the partial block. A partial -** block terminates the computation, so every MD computation -** should terminate by processing a partial block, even if it -** has n = 0. -** -- The message digest is available in MD.buffer[0] ... -** MD.buffer[3]. (Least-significant byte of each word -** should be output first.) -** -- You can print out the digest using MDprint(&MD) -*/ - -/* Implementation notes: -** This implementation assumes that ints are 32-bit quantities. -*/ - -#define TRUE 1 -#define FALSE 0 - -/* Compile-time includes -*/ -#include -#include "md4.h" -#include "pppd.h" - -/* Compile-time declarations of MD4 "magic constants". -*/ -#define I0 0x67452301 /* Initial values for MD buffer */ -#define I1 0xefcdab89 -#define I2 0x98badcfe -#define I3 0x10325476 -#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */ -#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */ -/* C2 and C3 are from Knuth, The Art of Programming, Volume 2 -** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley. -** Table 2, page 660. -*/ - -#define fs1 3 /* round 1 shift amounts */ -#define fs2 7 -#define fs3 11 -#define fs4 19 -#define gs1 3 /* round 2 shift amounts */ -#define gs2 5 -#define gs3 9 -#define gs4 13 -#define hs1 3 /* round 3 shift amounts */ -#define hs2 9 -#define hs3 11 -#define hs4 15 - -/* Compile-time macro declarations for MD4. -** Note: The "rot" operator uses the variable "tmp". -** It assumes tmp is declared as unsigned int, so that the >> -** operator will shift in zeros rather than extending the sign bit. -*/ -#define f(X,Y,Z) ((X&Y) | ((~X)&Z)) -#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z)) -#define h(X,Y,Z) (X^Y^Z) -#define rot(X,S) (tmp=X,(tmp<>(32-S))) -#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s) -#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s) -#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s) - -/* MD4print(MDp) -** Print message digest buffer MDp as 32 hexadecimal digits. -** Order is from low-order byte of buffer[0] to high-order byte of -** buffer[3]. -** Each byte is printed with high-order hexadecimal digit first. -** This is a user-callable routine. -*/ -void -MD4Print(MDp) -MD4_CTX *MDp; -{ - int i,j; - for (i=0;i<4;i++) - for (j=0;j<32;j=j+8) - printf("%02x",(MDp->buffer[i]>>j) & 0xFF); -} - -/* MD4Init(MDp) -** Initialize message digest buffer MDp. -** This is a user-callable routine. -*/ -void -MD4Init(MDp) -MD4_CTX *MDp; -{ - int i; - MDp->buffer[0] = I0; - MDp->buffer[1] = I1; - MDp->buffer[2] = I2; - MDp->buffer[3] = I3; - for (i=0;i<8;i++) MDp->count[i] = 0; - MDp->done = 0; -} - -/* MDblock(MDp,X) -** Update message digest buffer MDp->buffer using 16-word data block X. -** Assumes all 16 words of X are full of data. -** Does not update MDp->count. -** This routine is not user-callable. -*/ -static void -MDblock(MDp,Xb) -MD4_CTX *MDp; -unsigned char *Xb; -{ - register unsigned int tmp, A, B, C, D; - unsigned int X[16]; - int i; - - for (i = 0; i < 16; ++i) { - X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24); - Xb += 4; - } - - A = MDp->buffer[0]; - B = MDp->buffer[1]; - C = MDp->buffer[2]; - D = MDp->buffer[3]; - /* Update the message digest buffer */ - ff(A , B , C , D , 0 , fs1); /* Round 1 */ - ff(D , A , B , C , 1 , fs2); - ff(C , D , A , B , 2 , fs3); - ff(B , C , D , A , 3 , fs4); - ff(A , B , C , D , 4 , fs1); - ff(D , A , B , C , 5 , fs2); - ff(C , D , A , B , 6 , fs3); - ff(B , C , D , A , 7 , fs4); - ff(A , B , C , D , 8 , fs1); - ff(D , A , B , C , 9 , fs2); - ff(C , D , A , B , 10 , fs3); - ff(B , C , D , A , 11 , fs4); - ff(A , B , C , D , 12 , fs1); - ff(D , A , B , C , 13 , fs2); - ff(C , D , A , B , 14 , fs3); - ff(B , C , D , A , 15 , fs4); - gg(A , B , C , D , 0 , gs1); /* Round 2 */ - gg(D , A , B , C , 4 , gs2); - gg(C , D , A , B , 8 , gs3); - gg(B , C , D , A , 12 , gs4); - gg(A , B , C , D , 1 , gs1); - gg(D , A , B , C , 5 , gs2); - gg(C , D , A , B , 9 , gs3); - gg(B , C , D , A , 13 , gs4); - gg(A , B , C , D , 2 , gs1); - gg(D , A , B , C , 6 , gs2); - gg(C , D , A , B , 10 , gs3); - gg(B , C , D , A , 14 , gs4); - gg(A , B , C , D , 3 , gs1); - gg(D , A , B , C , 7 , gs2); - gg(C , D , A , B , 11 , gs3); - gg(B , C , D , A , 15 , gs4); - hh(A , B , C , D , 0 , hs1); /* Round 3 */ - hh(D , A , B , C , 8 , hs2); - hh(C , D , A , B , 4 , hs3); - hh(B , C , D , A , 12 , hs4); - hh(A , B , C , D , 2 , hs1); - hh(D , A , B , C , 10 , hs2); - hh(C , D , A , B , 6 , hs3); - hh(B , C , D , A , 14 , hs4); - hh(A , B , C , D , 1 , hs1); - hh(D , A , B , C , 9 , hs2); - hh(C , D , A , B , 5 , hs3); - hh(B , C , D , A , 13 , hs4); - hh(A , B , C , D , 3 , hs1); - hh(D , A , B , C , 11 , hs2); - hh(C , D , A , B , 7 , hs3); - hh(B , C , D , A , 15 , hs4); - MDp->buffer[0] += A; - MDp->buffer[1] += B; - MDp->buffer[2] += C; - MDp->buffer[3] += D; -} - -/* MD4Update(MDp,X,count) -** Input: X -- a pointer to an array of unsigned characters. -** count -- the number of bits of X to use. -** (if not a multiple of 8, uses high bits of last byte.) -** Update MDp using the number of bits of X given by count. -** This is the basic input routine for an MD4 user. -** The routine completes the MD computation when count < 512, so -** every MD computation should end with one call to MD4Update with a -** count less than 512. A call with count 0 will be ignored if the -** MD has already been terminated (done != 0), so an extra call with -** count 0 can be given as a "courtesy close" to force termination -** if desired. -*/ -void -MD4Update(MDp,X,count) -MD4_CTX *MDp; -unsigned char *X; -unsigned int count; -{ - unsigned int i, tmp, bit, byte, mask; - unsigned char XX[64]; - unsigned char *p; - - /* return with no error if this is a courtesy close with count - ** zero and MDp->done is true. - */ - if (count == 0 && MDp->done) return; - /* check to see if MD is already done and report error */ - if (MDp->done) - { printf("\nError: MD4Update MD already done."); return; } - - /* Add count to MDp->count */ - tmp = count; - p = MDp->count; - while (tmp) - { tmp += *p; - *p++ = tmp; - tmp = tmp >> 8; - } - - /* Process data */ - if (count == 512) - { /* Full block of data to handle */ - MDblock(MDp,X); - } - else if (count > 512) /* Check for count too large */ - { - printf("\nError: MD4Update called with illegal count value %d.", - count); - return; - } - else /* partial block -- must be last block so finish up */ - { - /* Find out how many bytes and residual bits there are */ - byte = count >> 3; - bit = count & 7; - /* Copy X into XX since we need to modify it */ - for (i=0;i<=byte;i++) XX[i] = X[i]; - for (i=byte+1;i<64;i++) XX[i] = 0; - /* Add padding '1' bit and low-order zeros in last byte */ - mask = 1 << (7 - bit); - XX[byte] = (XX[byte] | mask) & ~( mask - 1); - /* If room for bit count, finish up with this block */ - if (byte <= 55) - { - for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; - MDblock(MDp,XX); - } - else /* need to do two blocks to finish up */ - { - MDblock(MDp,XX); - for (i=0;i<56;i++) XX[i] = 0; - for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; - MDblock(MDp,XX); - } - /* Set flag saying we're done with MD computation */ - MDp->done = 1; - } -} - -/* -** Finish up MD4 computation and return message digest. -*/ -void -MD4Final(buf, MD) -unsigned char *buf; -MD4_CTX *MD; -{ - int i, j; - unsigned int w; - - MD4Update(MD, NULL, 0); - for (i = 0; i < 4; ++i) { - w = MD->buffer[i]; - for (j = 0; j < 4; ++j) { - *buf++ = w; - w >>= 8; - } - } -} - -/* -** End of md4.c -****************************(cut)***********************************/ diff --git a/pppd/md4.h b/pppd/md4.h deleted file mode 100644 index 80e8f9a..0000000 --- a/pppd/md4.h +++ /dev/null @@ -1,64 +0,0 @@ - -/* -** ******************************************************************** -** md4.h -- Header file for implementation of ** -** MD4 Message Digest Algorithm ** -** Updated: 2/13/90 by Ronald L. Rivest ** -** (C) 1990 RSA Data Security, Inc. ** -** ******************************************************************** -*/ - -#ifndef __P -# if defined(__STDC__) || defined(__GNUC__) -# define __P(x) x -# else -# define __P(x) () -# endif -#endif - - -/* MDstruct is the data structure for a message digest computation. -*/ -typedef struct { - unsigned int buffer[4]; /* Holds 4-word result of MD computation */ - unsigned char count[8]; /* Number of bits processed so far */ - unsigned int done; /* Nonzero means MD computation finished */ -} MD4_CTX; - -/* MD4Init(MD4_CTX *) -** Initialize the MD4_CTX prepatory to doing a message digest -** computation. -*/ -extern void MD4Init __P((MD4_CTX *MD)); - -/* MD4Update(MD,X,count) -** Input: X -- a pointer to an array of unsigned characters. -** count -- the number of bits of X to use (an unsigned int). -** Updates MD using the first "count" bits of X. -** The array pointed to by X is not modified. -** If count is not a multiple of 8, MD4Update uses high bits of -** last byte. -** This is the basic input routine for a user. -** The routine terminates the MD computation when count < 512, so -** every MD computation should end with one call to MD4Update with a -** count less than 512. Zero is OK for a count. -*/ -extern void MD4Update __P((MD4_CTX *MD, unsigned char *X, unsigned int count)); - -/* MD4Print(MD) -** Prints message digest buffer MD as 32 hexadecimal digits. -** Order is from low-order byte of buffer[0] to high-order byte -** of buffer[3]. -** Each byte is printed with high-order hexadecimal digit first. -*/ -extern void MD4Print __P((MD4_CTX *)); - -/* MD4Final(buf, MD) -** Returns message digest from MD and terminates the message -** digest computation. -*/ -extern void MD4Final __P((unsigned char *, MD4_CTX *)); - -/* -** End of md4.h -****************************(cut)***********************************/ diff --git a/pppd/md5.c b/pppd/md5.c deleted file mode 100644 index 2039760..0000000 --- a/pppd/md5.c +++ /dev/null @@ -1,307 +0,0 @@ - - -/* - *********************************************************************** - ** md5.c -- the source code for MD5 routines ** - ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** - ** Created: 2/17/90 RLR ** - ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. ** - *********************************************************************** - */ - -/* - *********************************************************************** - ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** - ** ** - ** License to copy and use this software is granted provided that ** - ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** - ** Digest Algorithm" in all material mentioning or referencing this ** - ** software or this function. ** - ** ** - ** License is also granted to make and use derivative works ** - ** provided that such works are identified as "derived from the RSA ** - ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** - ** material mentioning or referencing the derived work. ** - ** ** - ** RSA Data Security, Inc. makes no representations concerning ** - ** either the merchantability of this software or the suitability ** - ** of this software for any particular purpose. It is provided "as ** - ** is" without express or implied warranty of any kind. ** - ** ** - ** These notices must be retained in any copies of any part of this ** - ** documentation and/or software. ** - *********************************************************************** - */ - -#include -#include "md5.h" - -/* - *********************************************************************** - ** Message-digest routines: ** - ** To form the message digest for a message M ** - ** (1) Initialize a context buffer mdContext using MD5_Init ** - ** (2) Call MD5_Update on mdContext and M ** - ** (3) Call MD5_Final on mdContext ** - ** The message digest is now in mdContext->digest[0...15] ** - *********************************************************************** - */ - -/* forward declaration */ -static void Transform (); - -static unsigned char PADDING[64] = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -/* F, G, H and I are basic MD5 functions */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ -/* Rotation is separate from addition to prevent recomputation */ -#define FF(a, b, c, d, x, s, ac) \ - {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) \ - {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) \ - {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) \ - {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -#ifdef __STDC__ -#define UL(x) x##U -#else -#define UL(x) x -#endif - -/* The routine MD5_Init initializes the message-digest context - mdContext. All fields are set to zero. - */ -void MD5_Init (mdContext) -MD5_CTX *mdContext; -{ - mdContext->i[0] = mdContext->i[1] = (UINT4)0; - - /* Load magic initialization constants. - */ - mdContext->buf[0] = (UINT4)0x67452301; - mdContext->buf[1] = (UINT4)0xefcdab89; - mdContext->buf[2] = (UINT4)0x98badcfe; - mdContext->buf[3] = (UINT4)0x10325476; -} - -/* The routine MD5Update updates the message-digest context to - account for the presence of each of the characters inBuf[0..inLen-1] - in the message whose digest is being computed. - */ -void MD5_Update (mdContext, inBuf, inLen) -MD5_CTX *mdContext; -unsigned char *inBuf; -unsigned int inLen; -{ - UINT4 in[16]; - int mdi; - unsigned int i, ii; - - /* compute number of bytes mod 64 */ - mdi = (int)((mdContext->i[0] >> 3) & 0x3F); - - /* update number of bits */ - if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0]) - mdContext->i[1]++; - mdContext->i[0] += ((UINT4)inLen << 3); - mdContext->i[1] += ((UINT4)inLen >> 29); - - while (inLen--) { - /* add new character to buffer, increment mdi */ - mdContext->in[mdi++] = *inBuf++; - - /* transform if necessary */ - if (mdi == 0x40) { - for (i = 0, ii = 0; i < 16; i++, ii += 4) - in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | - (((UINT4)mdContext->in[ii+2]) << 16) | - (((UINT4)mdContext->in[ii+1]) << 8) | - ((UINT4)mdContext->in[ii]); - Transform (mdContext->buf, in); - mdi = 0; - } - } -} - -/* The routine MD5Final terminates the message-digest computation and - ends with the desired message digest in mdContext->digest[0...15]. - */ -void MD5_Final (hash, mdContext) -unsigned char hash[]; -MD5_CTX *mdContext; -{ - UINT4 in[16]; - int mdi; - unsigned int i, ii; - unsigned int padLen; - - /* save number of bits */ - in[14] = mdContext->i[0]; - in[15] = mdContext->i[1]; - - /* compute number of bytes mod 64 */ - mdi = (int)((mdContext->i[0] >> 3) & 0x3F); - - /* pad out to 56 mod 64 */ - padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); - MD5_Update (mdContext, PADDING, padLen); - - /* append length in bits and transform */ - for (i = 0, ii = 0; i < 14; i++, ii += 4) - in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | - (((UINT4)mdContext->in[ii+2]) << 16) | - (((UINT4)mdContext->in[ii+1]) << 8) | - ((UINT4)mdContext->in[ii]); - Transform (mdContext->buf, in); - - /* store buffer in digest */ - for (i = 0, ii = 0; i < 4; i++, ii += 4) { - mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF); - mdContext->digest[ii+1] = - (unsigned char)((mdContext->buf[i] >> 8) & 0xFF); - mdContext->digest[ii+2] = - (unsigned char)((mdContext->buf[i] >> 16) & 0xFF); - mdContext->digest[ii+3] = - (unsigned char)((mdContext->buf[i] >> 24) & 0xFF); - } - memcpy(hash, mdContext->digest, 16); -} - -/* Basic MD5 step. Transforms buf based on in. - */ -static void Transform (buf, in) -UINT4 *buf; -UINT4 *in; -{ - UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; - - /* Round 1 */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 - FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */ - FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */ - FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */ - FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */ - FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */ - FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */ - FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */ - FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */ - FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */ - FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */ - FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */ - FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */ - FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */ - FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */ - FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */ - FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */ - - /* Round 2 */ -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 - GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */ - GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */ - GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */ - GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */ - GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */ - GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */ - GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */ - GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */ - GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */ - GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */ - GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */ - GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */ - GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */ - GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */ - GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */ - GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */ - - /* Round 3 */ -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 - HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */ - HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */ - HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */ - HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */ - HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */ - HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */ - HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */ - HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */ - HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */ - HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */ - HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */ - HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */ - HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */ - HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */ - HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */ - HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */ - - /* Round 4 */ -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */ - II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */ - II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */ - II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */ - II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */ - II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */ - II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */ - II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */ - II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */ - II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */ - II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */ - II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */ - II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */ - II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */ - II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */ - II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */ - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -/* - *********************************************************************** - ** End of md5.c ** - ******************************** (cut) ******************************** - */ diff --git a/pppd/md5.h b/pppd/md5.h deleted file mode 100644 index f7a0c96..0000000 --- a/pppd/md5.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - *********************************************************************** - ** md5.h -- header file for implementation of MD5 ** - ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** - ** Created: 2/17/90 RLR ** - ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** - ** Revised (for MD5): RLR 4/27/91 ** - ** -- G modified to have y&~z instead of y&z ** - ** -- FF, GG, HH modified to add in last register done ** - ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** - ** -- distinct additive constant for each step ** - ** -- round 4 added, working mod 7 ** - *********************************************************************** - */ - -/* - *********************************************************************** - ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** - ** ** - ** License to copy and use this software is granted provided that ** - ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** - ** Digest Algorithm" in all material mentioning or referencing this ** - ** software or this function. ** - ** ** - ** License is also granted to make and use derivative works ** - ** provided that such works are identified as "derived from the RSA ** - ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** - ** material mentioning or referencing the derived work. ** - ** ** - ** RSA Data Security, Inc. makes no representations concerning ** - ** either the merchantability of this software or the suitability ** - ** of this software for any particular purpose. It is provided "as ** - ** is" without express or implied warranty of any kind. ** - ** ** - ** These notices must be retained in any copies of any part of this ** - ** documentation and/or software. ** - *********************************************************************** - */ - -#ifndef __MD5_INCLUDE__ - -/* typedef a 32-bit type */ -#ifdef _LP64 -typedef unsigned int UINT4; -typedef int INT4; -#else -typedef unsigned long UINT4; -typedef long INT4; -#endif -#define _UINT4_T - -/* Data structure for MD5 (Message-Digest) computation */ -typedef struct { - UINT4 i[2]; /* number of _bits_ handled mod 2^64 */ - UINT4 buf[4]; /* scratch buffer */ - unsigned char in[64]; /* input buffer */ - unsigned char digest[16]; /* actual digest after MD5Final call */ -} MD5_CTX; - -void MD5_Init (); -void MD5_Update (); -void MD5_Final (); - -#define __MD5_INCLUDE__ -#endif /* __MD5_INCLUDE__ */ diff --git a/pppd/multilink.c b/pppd/multilink.c deleted file mode 100644 index b4748cd..0000000 --- a/pppd/multilink.c +++ /dev/null @@ -1,589 +0,0 @@ -/* - * multilink.c - support routines for multilink. - * - * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" -#include "tdb.h" - -bool endpoint_specified; /* user gave explicit endpoint discriminator */ -char *bundle_id; /* identifier for our bundle */ -char *blinks_id; /* key for the list of links */ -bool doing_multilink; /* multilink was enabled and agreed to */ -bool multilink_master; /* we own the multilink bundle */ - -extern TDB_CONTEXT *pppdb; -extern char db_key[]; - -static void make_bundle_links __P((int append)); -static void remove_bundle_link __P((void)); -static void iterate_bundle_links __P((void (*func) __P((char *)))); - -static int get_default_epdisc __P((struct epdisc *)); -static int parse_num __P((char *str, const char *key, int *valp)); -static int owns_unit __P((TDB_DATA pid, int unit)); - -#define set_ip_epdisc(ep, addr) do { \ - ep->length = 4; \ - ep->value[0] = addr >> 24; \ - ep->value[1] = addr >> 16; \ - ep->value[2] = addr >> 8; \ - ep->value[3] = addr; \ -} while (0) - -#define LOCAL_IP_ADDR(addr) \ - (((addr) & 0xff000000) == 0x0a000000 /* 10.x.x.x */ \ - || ((addr) & 0xfff00000) == 0xac100000 /* 172.16.x.x */ \ - || ((addr) & 0xffff0000) == 0xc0a80000) /* 192.168.x.x */ - -#define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH) - -void -mp_check_options() -{ - lcp_options *wo = &lcp_wantoptions[0]; - lcp_options *ao = &lcp_allowoptions[0]; - - doing_multilink = 0; - if (!multilink) - return; - /* if we're doing multilink, we have to negotiate MRRU */ - if (!wo->neg_mrru) { - /* mrru not specified, default to mru */ - wo->mrru = wo->mru; - wo->neg_mrru = 1; - } - ao->mrru = ao->mru; - ao->neg_mrru = 1; - - if (!wo->neg_endpoint && !noendpoint) { - /* get a default endpoint value */ - wo->neg_endpoint = get_default_epdisc(&wo->endpoint); - } -} - -/* - * Make a new bundle or join us to an existing bundle - * if we are doing multilink. - */ -int -mp_join_bundle() -{ - lcp_options *go = &lcp_gotoptions[0]; - lcp_options *ho = &lcp_hisoptions[0]; - lcp_options *ao = &lcp_allowoptions[0]; - int unit, pppd_pid; - int l, mtu; - char *p; - TDB_DATA key, pid, rec; - - if (doing_multilink) { - /* have previously joined a bundle */ - if (!go->neg_mrru || !ho->neg_mrru) { - notice("oops, didn't get multilink on renegotiation"); - lcp_close(0, "multilink required"); - return 0; - } - /* XXX should check the peer_authname and ho->endpoint - are the same as previously */ - return 0; - } - - if (!go->neg_mrru || !ho->neg_mrru) { - /* not doing multilink */ - if (go->neg_mrru) - notice("oops, multilink negotiated only for receive"); - mtu = ho->neg_mru? ho->mru: PPP_MRU; - if (mtu > ao->mru) - mtu = ao->mru; - if (demand) { - /* already have a bundle */ - cfg_bundle(0, 0, 0, 0); - netif_set_mtu(0, mtu); - return 0; - } - make_new_bundle(0, 0, 0, 0); - set_ifunit(1); - netif_set_mtu(0, mtu); - return 0; - } - - doing_multilink = 1; - - /* - * Find the appropriate bundle or join a new one. - * First we make up a name for the bundle. - * The length estimate is worst-case assuming every - * character has to be quoted. - */ - l = 4 * strlen(peer_authname) + 10; - if (ho->neg_endpoint) - l += 3 * ho->endpoint.length + 8; - if (bundle_name) - l += 3 * strlen(bundle_name) + 2; - bundle_id = malloc(l); - if (bundle_id == 0) - novm("bundle identifier"); - - p = bundle_id; - p += slprintf(p, l-1, "BUNDLE=\"%q\"", peer_authname); - if (ho->neg_endpoint || bundle_name) - *p++ = '/'; - if (ho->neg_endpoint) - p += slprintf(p, bundle_id+l-p, "%s", - epdisc_to_str(&ho->endpoint)); - if (bundle_name) - p += slprintf(p, bundle_id+l-p, "/%v", bundle_name); - - /* Make the key for the list of links belonging to the bundle */ - l = p - bundle_id; - blinks_id = malloc(l + 7); - if (blinks_id == NULL) - novm("bundle links key"); - slprintf(blinks_id, l + 7, "BUNDLE_LINKS=%s", bundle_id + 7); - - /* - * For demand mode, we only need to configure the bundle - * and attach the link. - */ - mtu = MIN(ho->mrru, ao->mru); - if (demand) { - cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf); - netif_set_mtu(0, mtu); - script_setenv("BUNDLE", bundle_id + 7, 1); - return 0; - } - - /* - * Check if the bundle ID is already in the database. - */ - unit = -1; - lock_db(); - key.dptr = bundle_id; - key.dsize = p - bundle_id; - pid = tdb_fetch(pppdb, key); - if (pid.dptr != NULL) { - /* bundle ID exists, see if the pppd record exists */ - rec = tdb_fetch(pppdb, pid); - if (rec.dptr != NULL && rec.dsize > 0) { - /* make sure the string is null-terminated */ - rec.dptr[rec.dsize-1] = 0; - /* parse the interface number */ - parse_num(rec.dptr, "IFNAME=ppp", &unit); - /* check the pid value */ - if (!parse_num(rec.dptr, "PPPD_PID=", &pppd_pid) - || !process_exists(pppd_pid) - || !owns_unit(pid, unit)) - unit = -1; - free(rec.dptr); - } - free(pid.dptr); - } - - if (unit >= 0) { - /* attach to existing unit */ - if (bundle_attach(unit)) { - set_ifunit(0); - script_setenv("BUNDLE", bundle_id + 7, 0); - make_bundle_links(1); - unlock_db(); - info("Link attached to %s", ifname); - return 1; - } - /* attach failed because bundle doesn't exist */ - } - - /* we have to make a new bundle */ - make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf); - set_ifunit(1); - netif_set_mtu(0, mtu); - script_setenv("BUNDLE", bundle_id + 7, 1); - make_bundle_links(0); - unlock_db(); - info("New bundle %s created", ifname); - multilink_master = 1; - return 0; -} - -void mp_exit_bundle() -{ - lock_db(); - remove_bundle_link(); - unlock_db(); -} - -static void sendhup(char *str) -{ - int pid; - - if (parse_num(str, "PPPD_PID=", &pid) && pid != getpid()) { - if (debug) - dbglog("sending SIGHUP to process %d", pid); - kill(pid, SIGHUP); - } -} - -void mp_bundle_terminated() -{ - TDB_DATA key; - - bundle_terminating = 1; - upper_layers_down(0); - notice("Connection terminated."); - print_link_stats(); - if (!demand) { - remove_pidfiles(); - script_unsetenv("IFNAME"); - } - - lock_db(); - destroy_bundle(); - iterate_bundle_links(sendhup); - key.dptr = blinks_id; - key.dsize = strlen(blinks_id); - tdb_delete(pppdb, key); - unlock_db(); - -new_phase(PHASE_DEAD); -} - -static void make_bundle_links(int append) -{ - TDB_DATA key, rec; - char *p; - char entry[32]; - int l; - - key.dptr = blinks_id; - key.dsize = strlen(blinks_id); - slprintf(entry, sizeof(entry), "%s;", db_key); - p = entry; - if (append) { - rec = tdb_fetch(pppdb, key); - if (rec.dptr != NULL && rec.dsize > 0) { - rec.dptr[rec.dsize-1] = 0; - if (strstr(rec.dptr, db_key) != NULL) { - /* already in there? strange */ - warn("link entry already exists in tdb"); - return; - } - l = rec.dsize + strlen(entry); - p = malloc(l); - if (p == NULL) - novm("bundle link list"); - slprintf(p, l, "%s%s", rec.dptr, entry); - } else { - warn("bundle link list not found"); - } - if (rec.dptr != NULL) - free(rec.dptr); - } - rec.dptr = p; - rec.dsize = strlen(p) + 1; - if (tdb_store(pppdb, key, rec, TDB_REPLACE)) - error("couldn't %s bundle link list", - append? "update": "create"); - if (p != entry) - free(p); -} - -static void remove_bundle_link() -{ - TDB_DATA key, rec; - char entry[32]; - char *p, *q; - int l; - - key.dptr = blinks_id; - key.dsize = strlen(blinks_id); - slprintf(entry, sizeof(entry), "%s;", db_key); - - rec = tdb_fetch(pppdb, key); - if (rec.dptr == NULL || rec.dsize <= 0) { - if (rec.dptr != NULL) - free(rec.dptr); - return; - } - rec.dptr[rec.dsize-1] = 0; - p = strstr(rec.dptr, entry); - if (p != NULL) { - q = p + strlen(entry); - l = strlen(q) + 1; - memmove(p, q, l); - rec.dsize = p - rec.dptr + l; - if (tdb_store(pppdb, key, rec, TDB_REPLACE)) - error("couldn't update bundle link list (removal)"); - } - free(rec.dptr); -} - -static void iterate_bundle_links(void (*func)(char *)) -{ - TDB_DATA key, rec, pp; - char *p, *q; - - key.dptr = blinks_id; - key.dsize = strlen(blinks_id); - rec = tdb_fetch(pppdb, key); - if (rec.dptr == NULL || rec.dsize <= 0) { - error("bundle link list not found (iterating list)"); - if (rec.dptr != NULL) - free(rec.dptr); - return; - } - p = rec.dptr; - p[rec.dsize-1] = 0; - while ((q = strchr(p, ';')) != NULL) { - *q = 0; - key.dptr = p; - key.dsize = q - p; - pp = tdb_fetch(pppdb, key); - if (pp.dptr != NULL && pp.dsize > 0) { - pp.dptr[pp.dsize-1] = 0; - func(pp.dptr); - } - if (pp.dptr != NULL) - free(pp.dptr); - p = q + 1; - } - free(rec.dptr); -} - -static int -parse_num(str, key, valp) - char *str; - const char *key; - int *valp; -{ - char *p, *endp; - int i; - - p = strstr(str, key); - if (p != 0) { - p += strlen(key); - i = strtol(p, &endp, 10); - if (endp != p && (*endp == 0 || *endp == ';')) { - *valp = i; - return 1; - } - } - return 0; -} - -/* - * Check whether the pppd identified by `key' still owns ppp unit `unit'. - */ -static int -owns_unit(key, unit) - TDB_DATA key; - int unit; -{ - char ifkey[32]; - TDB_DATA kd, vd; - int ret = 0; - - slprintf(ifkey, sizeof(ifkey), "IFNAME=ppp%d", unit); - kd.dptr = ifkey; - kd.dsize = strlen(ifkey); - vd = tdb_fetch(pppdb, kd); - if (vd.dptr != NULL) { - ret = vd.dsize == key.dsize - && memcmp(vd.dptr, key.dptr, vd.dsize) == 0; - free(vd.dptr); - } - return ret; -} - -static int -get_default_epdisc(ep) - struct epdisc *ep; -{ - char *p; - struct hostent *hp; - u_int32_t addr; - - /* First try for an ethernet MAC address */ - p = get_first_ethernet(); - if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) { - ep->class = EPD_MAC; - ep->length = 6; - return 1; - } - - /* see if our hostname corresponds to a reasonable IP address */ - hp = gethostbyname(hostname); - if (hp != NULL) { - addr = *(u_int32_t *)hp->h_addr; - if (!bad_ip_adrs(addr)) { - addr = ntohl(addr); - if (!LOCAL_IP_ADDR(addr)) { - ep->class = EPD_IP; - set_ip_epdisc(ep, addr); - return 1; - } - } - } - - return 0; -} - -/* - * epdisc_to_str - make a printable string from an endpoint discriminator. - */ - -static char *endp_class_names[] = { - "null", "local", "IP", "MAC", "magic", "phone" -}; - -char * -epdisc_to_str(ep) - struct epdisc *ep; -{ - static char str[MAX_ENDP_LEN*3+8]; - u_char *p = ep->value; - int i, mask = 0; - char *q, c, c2; - - if (ep->class == EPD_NULL && ep->length == 0) - return "null"; - if (ep->class == EPD_IP && ep->length == 4) { - u_int32_t addr; - - GETLONG(addr, p); - slprintf(str, sizeof(str), "IP:%I", htonl(addr)); - return str; - } - - c = ':'; - c2 = '.'; - if (ep->class == EPD_MAC && ep->length == 6) - c2 = ':'; - else if (ep->class == EPD_MAGIC && (ep->length % 4) == 0) - mask = 3; - q = str; - if (ep->class <= EPD_PHONENUM) - q += slprintf(q, sizeof(str)-1, "%s", - endp_class_names[ep->class]); - else - q += slprintf(q, sizeof(str)-1, "%d", ep->class); - c = ':'; - for (i = 0; i < ep->length && i < MAX_ENDP_LEN; ++i) { - if ((i & mask) == 0) { - *q++ = c; - c = c2; - } - q += slprintf(q, str + sizeof(str) - q, "%.2x", ep->value[i]); - } - return str; -} - -static int hexc_val(int c) -{ - if (c >= 'a') - return c - 'a' + 10; - if (c >= 'A') - return c - 'A' + 10; - return c - '0'; -} - -int -str_to_epdisc(ep, str) - struct epdisc *ep; - char *str; -{ - int i, l; - char *p, *endp; - - for (i = EPD_NULL; i <= EPD_PHONENUM; ++i) { - int sl = strlen(endp_class_names[i]); - if (strncasecmp(str, endp_class_names[i], sl) == 0) { - str += sl; - break; - } - } - if (i > EPD_PHONENUM) { - /* not a class name, try a decimal class number */ - i = strtol(str, &endp, 10); - if (endp == str) - return 0; /* can't parse class number */ - str = endp; - } - ep->class = i; - if (*str == 0) { - ep->length = 0; - return 1; - } - if (*str != ':' && *str != '.') - return 0; - ++str; - - if (i == EPD_IP) { - u_int32_t addr; - i = parse_dotted_ip(str, &addr); - if (i == 0 || str[i] != 0) - return 0; - set_ip_epdisc(ep, addr); - return 1; - } - if (i == EPD_MAC && get_if_hwaddr(ep->value, str) >= 0) { - ep->length = 6; - return 1; - } - - p = str; - for (l = 0; l < MAX_ENDP_LEN; ++l) { - if (*str == 0) - break; - if (p <= str) - for (p = str; isxdigit(*p); ++p) - ; - i = p - str; - if (i == 0) - return 0; - ep->value[l] = hexc_val(*str++); - if ((i & 1) == 0) - ep->value[l] = (ep->value[l] << 4) + hexc_val(*str++); - if (*str == ':' || *str == '.') - ++str; - } - if (*str != 0 || (ep->class == EPD_MAC && l != 6)) - return 0; - ep->length = l; - return 1; -} - diff --git a/pppd/options.c b/pppd/options.c deleted file mode 100644 index 5375bf3..0000000 --- a/pppd/options.c +++ /dev/null @@ -1,1609 +0,0 @@ -/* - * options.c - handles option processing for PPP. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: options.c,v 1.95 2004/11/09 22:33:35 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef PLUGIN -#include -#endif - -#ifdef PPP_FILTER -#include - -/* - * DLT_PPP_WITH_DIRECTION is in current libpcap cvs, and should be in - * libpcap-0.8.4. Until that is released, use DLT_PPP - but that means - * we lose the inbound and outbound qualifiers. - */ -#ifndef DLT_PPP_WITH_DIRECTION -#define DLT_PPP_WITH_DIRECTION DLT_PPP -#endif -#endif - -#include "pppd.h" -#include "pathnames.h" - -#if defined(ultrix) || defined(NeXT) -char *strdup __P((char *)); -#endif - -static const char rcsid[] = RCSID; - -struct option_value { - struct option_value *next; - const char *source; - char value[1]; -}; - -/* - * Option variables and default values. - */ -int debug = 0; /* Debug flag */ -int kdebugflag = 0; /* Tell kernel to print debug messages */ -int default_device = 1; /* Using /dev/tty or equivalent */ -char devnam[MAXPATHLEN]; /* Device name */ -bool nodetach = 0; /* Don't detach from controlling tty */ -bool updetach = 0; /* Detach once link is up */ -int maxconnect = 0; /* Maximum connect time */ -char user[MAXNAMELEN]; /* Username for PAP */ -char passwd[MAXSECRETLEN]; /* Password for PAP */ -bool persist = 0; /* Reopen link after it goes down */ -char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ -bool demand = 0; /* do dial-on-demand */ -char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ -int idle_time_limit = 0; /* Disconnect if idle for this many seconds */ -int holdoff = 30; /* # seconds to pause before reconnecting */ -bool holdoff_specified; /* true if a holdoff value has been given */ -int log_to_fd = 1; /* send log messages to this fd too */ -bool log_default = 1; /* log_to_fd is default (stdout) */ -int maxfail = 10; /* max # of unsuccessful connection attempts */ -char linkname[MAXPATHLEN]; /* logical name for link */ -bool tune_kernel; /* may alter kernel settings */ -int connect_delay = 1000; /* wait this many ms after connect script */ -int req_unit = -1; /* requested interface unit */ -bool multilink = 0; /* Enable multilink operation */ -char *bundle_name = NULL; /* bundle name for multilink */ -bool dump_options; /* print out option values */ -bool dryrun; /* print out option values and exit */ -char *domain; /* domain name set by domain option */ -int child_wait = 5; /* # seconds to wait for children at exit */ - -#ifdef MAXOCTETS -unsigned int maxoctets = 0; /* default - no limit */ -int maxoctets_dir = 0; /* default - sum of traffic */ -int maxoctets_timeout = 1; /* default 1 second */ -#endif - - -extern option_t auth_options[]; -extern struct stat devstat; - -#ifdef PPP_FILTER -struct bpf_program pass_filter;/* Filter program for packets to pass */ -struct bpf_program active_filter; /* Filter program for link-active pkts */ -#endif - -char *current_option; /* the name of the option being parsed */ -int privileged_option; /* set iff the current option came from root */ -char *option_source; /* string saying where the option came from */ -int option_priority = OPRIO_CFGFILE; /* priority of the current options */ -bool devnam_fixed; /* can no longer change device name */ - -static int logfile_fd = -1; /* fd opened for log file */ -static char logfile_name[MAXPATHLEN]; /* name of log file */ - -/* - * Prototypes - */ -static int setdomain __P((char **)); -static int readfile __P((char **)); -static int callfile __P((char **)); -static int showversion __P((char **)); -static int showhelp __P((char **)); -static void usage __P((void)); -static int setlogfile __P((char **)); -#ifdef PLUGIN -static int loadplugin __P((char **)); -#endif - -#ifdef PPP_FILTER -static int setpassfilter __P((char **)); -static int setactivefilter __P((char **)); -#endif - -#ifdef MAXOCTETS -static int setmodir __P((char **)); -#endif - -static option_t *find_option __P((const char *name)); -static int process_option __P((option_t *, char *, char **)); -static int n_arguments __P((option_t *)); -static int number_option __P((char *, u_int32_t *, int)); - -/* - * Structure to store extra lists of options. - */ -struct option_list { - option_t *options; - struct option_list *next; -}; - -static struct option_list *extra_options = NULL; - -/* - * Valid arguments. - */ -option_t general_options[] = { - { "debug", o_int, &debug, - "Increase debugging level", OPT_INC | OPT_NOARG | 1 }, - { "-d", o_int, &debug, - "Increase debugging level", - OPT_ALIAS | OPT_INC | OPT_NOARG | 1 }, - - { "kdebug", o_int, &kdebugflag, - "Set kernel driver debug level", OPT_PRIO }, - - { "nodetach", o_bool, &nodetach, - "Don't detach from controlling tty", OPT_PRIO | 1 }, - { "-detach", o_bool, &nodetach, - "Don't detach from controlling tty", OPT_ALIAS | OPT_PRIOSUB | 1 }, - { "updetach", o_bool, &updetach, - "Detach from controlling tty once link is up", - OPT_PRIOSUB | OPT_A2CLR | 1, &nodetach }, - - { "holdoff", o_int, &holdoff, - "Set time in seconds before retrying connection", - OPT_PRIO, &holdoff_specified }, - - { "idle", o_int, &idle_time_limit, - "Set time in seconds before disconnecting idle link", OPT_PRIO }, - - { "maxconnect", o_int, &maxconnect, - "Set connection time limit", - OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, - - { "domain", o_special, (void *)setdomain, - "Add given domain name to hostname", - OPT_PRIO | OPT_PRIV | OPT_A2STRVAL, &domain }, - - { "file", o_special, (void *)readfile, - "Take options from a file", OPT_NOPRINT }, - { "call", o_special, (void *)callfile, - "Take options from a privileged file", OPT_NOPRINT }, - - { "persist", o_bool, &persist, - "Keep on reopening connection after close", OPT_PRIO | 1 }, - { "nopersist", o_bool, &persist, - "Turn off persist option", OPT_PRIOSUB }, - - { "demand", o_bool, &demand, - "Dial on demand", OPT_INITONLY | 1, &persist }, - - { "--version", o_special_noarg, (void *)showversion, - "Show version number" }, - { "--help", o_special_noarg, (void *)showhelp, - "Show brief listing of options" }, - { "-h", o_special_noarg, (void *)showhelp, - "Show brief listing of options", OPT_ALIAS }, - - { "logfile", o_special, (void *)setlogfile, - "Append log messages to this file", - OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, &logfile_name }, - { "logfd", o_int, &log_to_fd, - "Send log messages to this file descriptor", - OPT_PRIOSUB | OPT_A2CLR, &log_default }, - { "nolog", o_int, &log_to_fd, - "Don't send log messages to any file", - OPT_PRIOSUB | OPT_NOARG | OPT_VAL(-1) }, - { "nologfd", o_int, &log_to_fd, - "Don't send log messages to any file descriptor", - OPT_PRIOSUB | OPT_ALIAS | OPT_NOARG | OPT_VAL(-1) }, - - { "linkname", o_string, linkname, - "Set logical name for link", - OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXPATHLEN }, - - { "maxfail", o_int, &maxfail, - "Maximum number of unsuccessful connection attempts to allow", - OPT_PRIO }, - - { "ktune", o_bool, &tune_kernel, - "Alter kernel settings as necessary", OPT_PRIO | 1 }, - { "noktune", o_bool, &tune_kernel, - "Don't alter kernel settings", OPT_PRIOSUB }, - - { "connect-delay", o_int, &connect_delay, - "Maximum time (in ms) to wait after connect script finishes", - OPT_PRIO }, - - { "unit", o_int, &req_unit, - "PPP interface unit number to use if possible", - OPT_PRIO | OPT_LLIMIT, 0, 0 }, - - { "dump", o_bool, &dump_options, - "Print out option values after parsing all options", 1 }, - { "dryrun", o_bool, &dryrun, - "Stop after parsing, printing, and checking options", 1 }, - - { "child-timeout", o_int, &child_wait, - "Number of seconds to wait for child processes at exit", - OPT_PRIO }, - -#ifdef HAVE_MULTILINK - { "multilink", o_bool, &multilink, - "Enable multilink operation", OPT_PRIO | 1 }, - { "mp", o_bool, &multilink, - "Enable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 1 }, - { "nomultilink", o_bool, &multilink, - "Disable multilink operation", OPT_PRIOSUB | 0 }, - { "nomp", o_bool, &multilink, - "Disable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 0 }, - - { "bundle", o_string, &bundle_name, - "Bundle name for multilink", OPT_PRIO }, -#endif /* HAVE_MULTILINK */ - -#ifdef PLUGIN - { "plugin", o_special, (void *)loadplugin, - "Load a plug-in module into pppd", OPT_PRIV | OPT_A2LIST }, -#endif - -#ifdef PPP_FILTER - { "pass-filter", 1, setpassfilter, - "set filter for packets to pass", OPT_PRIO }, - - { "active-filter", 1, setactivefilter, - "set filter for active pkts", OPT_PRIO }, -#endif - -#ifdef MAXOCTETS - { "maxoctets", o_int, &maxoctets, - "Set connection traffic limit", - OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, - { "mo", o_int, &maxoctets, - "Set connection traffic limit", - OPT_ALIAS | OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, - { "mo-direction", o_special, setmodir, - "Set direction for limit traffic (sum,in,out,max)" }, - { "mo-timeout", o_int, &maxoctets_timeout, - "Check for traffic limit every N seconds", OPT_PRIO | OPT_LLIMIT | 1 }, -#endif - - { NULL } -}; - -#ifndef IMPLEMENTATION -#define IMPLEMENTATION "" -#endif - -static char *usage_string = "\ -pppd version %s\n\ -Usage: %s [ options ], where options are:\n\ - Communicate over the named device\n\ - Set the baud rate to \n\ - : Set the local and/or remote interface IP\n\ - addresses. Either one may be omitted.\n\ - asyncmap Set the desired async map to hex \n\ - auth Require authentication from peer\n\ - connect

Invoke shell command

to set up the serial line\n\ - crtscts Use hardware RTS/CTS flow control\n\ - defaultroute Add default route through interface\n\ - file Take options from file \n\ - modem Use modem control lines\n\ - mru Set MRU value to for negotiation\n\ -See pppd(8) for more options.\n\ -"; - -/* - * parse_args - parse a string of arguments from the command line. - */ -int -parse_args(argc, argv) - int argc; - char **argv; -{ - char *arg; - option_t *opt; - int n; - - privileged_option = privileged; - option_source = "command line"; - option_priority = OPRIO_CMDLINE; - while (argc > 0) { - arg = *argv++; - --argc; - opt = find_option(arg); - if (opt == NULL) { - option_error("unrecognized option '%s'", arg); - usage(); - return 0; - } - n = n_arguments(opt); - if (argc < n) { - option_error("too few parameters for option %s", arg); - return 0; - } - if (!process_option(opt, arg, argv)) - return 0; - argc -= n; - argv += n; - } - return 1; -} - -/* - * options_from_file - Read a string of options from a file, - * and interpret them. - */ -int -options_from_file(filename, must_exist, check_prot, priv) - char *filename; - int must_exist; - int check_prot; - int priv; -{ - FILE *f; - int i, newline, ret, err; - option_t *opt; - int oldpriv, n; - char *oldsource; - char *argv[MAXARGS]; - char args[MAXARGS][MAXWORDLEN]; - char cmd[MAXWORDLEN]; - - if (check_prot) - seteuid(getuid()); - f = fopen(filename, "r"); - err = errno; - if (check_prot) - seteuid(0); - if (f == NULL) { - errno = err; - if (!must_exist) { - if (err != ENOENT && err != ENOTDIR) - warn("Warning: can't open options file %s: %m", filename); - return 1; - } - option_error("Can't open options file %s: %m", filename); - return 0; - } - - oldpriv = privileged_option; - privileged_option = priv; - oldsource = option_source; - option_source = strdup(filename); - if (option_source == NULL) - option_source = "file"; - ret = 0; - while (getword(f, cmd, &newline, filename)) { - opt = find_option(cmd); - if (opt == NULL) { - option_error("In file %s: unrecognized option '%s'", - filename, cmd); - goto err; - } - n = n_arguments(opt); - for (i = 0; i < n; ++i) { - if (!getword(f, args[i], &newline, filename)) { - option_error( - "In file %s: too few parameters for option '%s'", - filename, cmd); - goto err; - } - argv[i] = args[i]; - } - if (!process_option(opt, cmd, argv)) - goto err; - } - ret = 1; - -err: - fclose(f); - privileged_option = oldpriv; - option_source = oldsource; - return ret; -} - -/* - * options_from_user - See if the use has a ~/.ppprc file, - * and if so, interpret options from it. - */ -int -options_from_user() -{ - char *user, *path, *file; - int ret; - struct passwd *pw; - size_t pl; - - pw = getpwuid(getuid()); - if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) - return 1; - file = _PATH_USEROPT; - pl = strlen(user) + strlen(file) + 2; - path = malloc(pl); - if (path == NULL) - novm("init file name"); - slprintf(path, pl, "%s/%s", user, file); - option_priority = OPRIO_CFGFILE; - ret = options_from_file(path, 0, 1, privileged); - free(path); - return ret; -} - -/* - * options_for_tty - See if an options file exists for the serial - * device, and if so, interpret options from it. - * We only allow the per-tty options file to override anything from - * the command line if it is something that the user can't override - * once it has been set by root; this is done by giving configuration - * files a lower priority than the command line. - */ -int -options_for_tty() -{ - char *dev, *path, *p; - int ret; - size_t pl; - - dev = devnam; - if ((p = strstr(dev, "/dev/")) != NULL) - dev = p + 5; - if (dev[0] == 0 || strcmp(dev, "tty") == 0) - return 1; /* don't look for /etc/ppp/options.tty */ - pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1; - path = malloc(pl); - if (path == NULL) - novm("tty init file name"); - slprintf(path, pl, "%s%s", _PATH_TTYOPT, dev); - /* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */ - for (p = path + strlen(_PATH_TTYOPT); *p != 0; ++p) - if (*p == '/') - *p = '.'; - option_priority = OPRIO_CFGFILE; - ret = options_from_file(path, 0, 0, 1); - free(path); - return ret; -} - -/* - * options_from_list - process a string of options in a wordlist. - */ -int -options_from_list(w, priv) - struct wordlist *w; - int priv; -{ - char *argv[MAXARGS]; - option_t *opt; - int i, n, ret = 0; - struct wordlist *w0; - - privileged_option = priv; - option_source = "secrets file"; - option_priority = OPRIO_SECFILE; - - while (w != NULL) { - opt = find_option(w->word); - if (opt == NULL) { - option_error("In secrets file: unrecognized option '%s'", - w->word); - goto err; - } - n = n_arguments(opt); - w0 = w; - for (i = 0; i < n; ++i) { - w = w->next; - if (w == NULL) { - option_error( - "In secrets file: too few parameters for option '%s'", - w0->word); - goto err; - } - argv[i] = w->word; - } - if (!process_option(opt, w0->word, argv)) - goto err; - w = w->next; - } - ret = 1; - -err: - return ret; -} - -/* - * match_option - see if this option matches an option_t structure. - */ -static int -match_option(name, opt, dowild) - char *name; - option_t *opt; - int dowild; -{ - int (*match) __P((char *, char **, int)); - - if (dowild != (opt->type == o_wild)) - return 0; - if (!dowild) - return strcmp(name, opt->name) == 0; - match = (int (*) __P((char *, char **, int))) opt->addr; - return (*match)(name, NULL, 0); -} - -/* - * find_option - scan the option lists for the various protocols - * looking for an entry with the given name. - * This could be optimized by using a hash table. - */ -static option_t * -find_option(name) - const char *name; -{ - option_t *opt; - struct option_list *list; - int i, dowild; - - for (dowild = 0; dowild <= 1; ++dowild) { - for (opt = general_options; opt->name != NULL; ++opt) - if (match_option(name, opt, dowild)) - return opt; - for (opt = auth_options; opt->name != NULL; ++opt) - if (match_option(name, opt, dowild)) - return opt; - for (list = extra_options; list != NULL; list = list->next) - for (opt = list->options; opt->name != NULL; ++opt) - if (match_option(name, opt, dowild)) - return opt; - for (opt = the_channel->options; opt->name != NULL; ++opt) - if (match_option(name, opt, dowild)) - return opt; - for (i = 0; protocols[i] != NULL; ++i) - if ((opt = protocols[i]->options) != NULL) - for (; opt->name != NULL; ++opt) - if (match_option(name, opt, dowild)) - return opt; - } - return NULL; -} - -/* - * process_option - process one new-style option. - */ -static int -process_option(opt, cmd, argv) - option_t *opt; - char *cmd; - char **argv; -{ - u_int32_t v; - int iv, a; - char *sv; - int (*parser) __P((char **)); - int (*wildp) __P((char *, char **, int)); - char *optopt = (opt->type == o_wild)? "": " option"; - int prio = option_priority; - option_t *mainopt = opt; - - current_option = opt->name; - if ((opt->flags & OPT_PRIVFIX) && privileged_option) - prio += OPRIO_ROOT; - while (mainopt->flags & OPT_PRIOSUB) - --mainopt; - if (mainopt->flags & OPT_PRIO) { - if (prio < mainopt->priority) { - /* new value doesn't override old */ - if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) { - option_error("%s%s set in %s cannot be overridden\n", - opt->name, optopt, mainopt->source); - return 0; - } - return 1; - } - if (prio > OPRIO_ROOT && mainopt->priority == OPRIO_CMDLINE) - warn("%s%s from %s overrides command line", - opt->name, optopt, option_source); - } - - if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) { - option_error("%s%s cannot be changed after initialization", - opt->name, optopt); - return 0; - } - if ((opt->flags & OPT_PRIV) && !privileged_option) { - option_error("using the %s%s requires root privilege", - opt->name, optopt); - return 0; - } - if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) { - option_error("%s%s is disabled", opt->name, optopt); - return 0; - } - if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) { - option_error("the %s%s may not be changed in %s", - opt->name, optopt, option_source); - return 0; - } - - switch (opt->type) { - case o_bool: - v = opt->flags & OPT_VALUE; - *(bool *)(opt->addr) = v; - if (opt->addr2 && (opt->flags & OPT_A2COPY)) - *(bool *)(opt->addr2) = v; - else if (opt->addr2 && (opt->flags & OPT_A2CLR)) - *(bool *)(opt->addr2) = 0; - else if (opt->addr2 && (opt->flags & OPT_A2CLRB)) - *(u_char *)(opt->addr2) &= ~v; - else if (opt->addr2 && (opt->flags & OPT_A2OR)) - *(u_char *)(opt->addr2) |= v; - break; - - case o_int: - iv = 0; - if ((opt->flags & OPT_NOARG) == 0) { - if (!int_option(*argv, &iv)) - return 0; - if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit) - || ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit)) - && !((opt->flags & OPT_ZEROOK && iv == 0))) { - char *zok = (opt->flags & OPT_ZEROOK)? " zero or": ""; - switch (opt->flags & OPT_LIMITS) { - case OPT_LLIMIT: - option_error("%s value must be%s >= %d", - opt->name, zok, opt->lower_limit); - break; - case OPT_ULIMIT: - option_error("%s value must be%s <= %d", - opt->name, zok, opt->upper_limit); - break; - case OPT_LIMITS: - option_error("%s value must be%s between %d and %d", - opt->name, zok, opt->lower_limit, opt->upper_limit); - break; - } - return 0; - } - } - a = opt->flags & OPT_VALUE; - if (a >= 128) - a -= 256; /* sign extend */ - iv += a; - if (opt->flags & OPT_INC) - iv += *(int *)(opt->addr); - if ((opt->flags & OPT_NOINCR) && !privileged_option) { - int oldv = *(int *)(opt->addr); - if ((opt->flags & OPT_ZEROINF) ? - (oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) { - option_error("%s value cannot be increased", opt->name); - return 0; - } - } - *(int *)(opt->addr) = iv; - if (opt->addr2 && (opt->flags & OPT_A2COPY)) - *(int *)(opt->addr2) = iv; - break; - - case o_uint32: - if (opt->flags & OPT_NOARG) { - v = opt->flags & OPT_VALUE; - if (v & 0x80) - v |= 0xffffff00U; - } else if (!number_option(*argv, &v, 16)) - return 0; - if (opt->flags & OPT_OR) - v |= *(u_int32_t *)(opt->addr); - *(u_int32_t *)(opt->addr) = v; - if (opt->addr2 && (opt->flags & OPT_A2COPY)) - *(u_int32_t *)(opt->addr2) = v; - break; - - case o_string: - if (opt->flags & OPT_STATIC) { - strlcpy((char *)(opt->addr), *argv, opt->upper_limit); - } else { - sv = strdup(*argv); - if (sv == NULL) - novm("option argument"); - *(char **)(opt->addr) = sv; - } - break; - - case o_special_noarg: - case o_special: - parser = (int (*) __P((char **))) opt->addr; - if (!(*parser)(argv)) - return 0; - if (opt->flags & OPT_A2LIST) { - struct option_value *ovp, **pp; - - ovp = malloc(sizeof(*ovp) + strlen(*argv)); - if (ovp != 0) { - strcpy(ovp->value, *argv); - ovp->source = option_source; - ovp->next = NULL; - pp = (struct option_value **) &opt->addr2; - while (*pp != 0) - pp = &(*pp)->next; - *pp = ovp; - } - } - break; - - case o_wild: - wildp = (int (*) __P((char *, char **, int))) opt->addr; - if (!(*wildp)(cmd, argv, 1)) - return 0; - break; - } - - if (opt->addr2 && (opt->flags & (OPT_A2COPY|OPT_ENABLE - |OPT_A2PRINTER|OPT_A2STRVAL|OPT_A2LIST|OPT_A2OR)) == 0) - *(bool *)(opt->addr2) = !(opt->flags & OPT_A2CLR); - - mainopt->source = option_source; - mainopt->priority = prio; - mainopt->winner = opt - mainopt; - - return 1; -} - -/* - * override_value - if the option priorities would permit us to - * override the value of option, return 1 and update the priority - * and source of the option value. Otherwise returns 0. - */ -int -override_value(option, priority, source) - const char *option; - int priority; - const char *source; -{ - option_t *opt; - - opt = find_option(option); - if (opt == NULL) - return 0; - while (opt->flags & OPT_PRIOSUB) - --opt; - if ((opt->flags & OPT_PRIO) && priority < opt->priority) - return 0; - opt->priority = priority; - opt->source = source; - opt->winner = -1; - return 1; -} - -/* - * n_arguments - tell how many arguments an option takes - */ -static int -n_arguments(opt) - option_t *opt; -{ - return (opt->type == o_bool || opt->type == o_special_noarg - || (opt->flags & OPT_NOARG))? 0: 1; -} - -/* - * add_options - add a list of options to the set we grok. - */ -void -add_options(opt) - option_t *opt; -{ - struct option_list *list; - - list = malloc(sizeof(*list)); - if (list == 0) - novm("option list entry"); - list->options = opt; - list->next = extra_options; - extra_options = list; -} - -/* - * check_options - check that options are valid and consistent. - */ -void -check_options() -{ - if (logfile_fd >= 0 && logfile_fd != log_to_fd) - close(logfile_fd); -} - -/* - * print_option - print out an option and its value - */ -static void -print_option(opt, mainopt, printer, arg) - option_t *opt, *mainopt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int i, v; - char *p; - - if (opt->flags & OPT_NOPRINT) - return; - switch (opt->type) { - case o_bool: - v = opt->flags & OPT_VALUE; - if (*(bool *)opt->addr != v) - /* this can happen legitimately, e.g. lock - option turned off for default device */ - break; - printer(arg, "%s", opt->name); - break; - case o_int: - v = opt->flags & OPT_VALUE; - if (v >= 128) - v -= 256; - i = *(int *)opt->addr; - if (opt->flags & OPT_NOARG) { - printer(arg, "%s", opt->name); - if (i != v) { - if (opt->flags & OPT_INC) { - for (; i > v; i -= v) - printer(arg, " %s", opt->name); - } else - printer(arg, " # oops: %d not %d\n", - i, v); - } - } else { - printer(arg, "%s %d", opt->name, i); - } - break; - case o_uint32: - printer(arg, "%s", opt->name); - if ((opt->flags & OPT_NOARG) == 0) - printer(arg, " %x", *(u_int32_t *)opt->addr); - break; - - case o_string: - if (opt->flags & OPT_HIDE) { - p = "??????"; - } else { - p = (char *) opt->addr; - if ((opt->flags & OPT_STATIC) == 0) - p = *(char **)p; - } - printer(arg, "%s %q", opt->name, p); - break; - - case o_special: - case o_special_noarg: - case o_wild: - if (opt->type != o_wild) { - printer(arg, "%s", opt->name); - if (n_arguments(opt) == 0) - break; - printer(arg, " "); - } - if (opt->flags & OPT_A2PRINTER) { - void (*oprt) __P((option_t *, - void ((*)__P((void *, char *, ...))), - void *)); - oprt = (void (*) __P((option_t *, - void ((*)__P((void *, char *, ...))), - void *)))opt->addr2; - (*oprt)(opt, printer, arg); - } else if (opt->flags & OPT_A2STRVAL) { - p = (char *) opt->addr2; - if ((opt->flags & OPT_STATIC) == 0) - p = *(char **)p; - printer("%q", p); - } else if (opt->flags & OPT_A2LIST) { - struct option_value *ovp; - - ovp = (struct option_value *) opt->addr2; - for (;;) { - printer(arg, "%q", ovp->value); - if ((ovp = ovp->next) == NULL) - break; - printer(arg, "\t\t# (from %s)\n%s ", - ovp->source, opt->name); - } - } else { - printer(arg, "xxx # [don't know how to print value]"); - } - break; - - default: - printer(arg, "# %s value (type %d\?\?)", opt->name, opt->type); - break; - } - printer(arg, "\t\t# (from %s)\n", mainopt->source); -} - -/* - * print_option_list - print out options in effect from an - * array of options. - */ -static void -print_option_list(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - while (opt->name != NULL) { - if (opt->priority != OPRIO_DEFAULT - && opt->winner != (short int) -1) - print_option(opt + opt->winner, opt, printer, arg); - do { - ++opt; - } while (opt->flags & OPT_PRIOSUB); - } -} - -/* - * print_options - print out what options are in effect. - */ -void -print_options(printer, arg) - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - struct option_list *list; - int i; - - printer(arg, "pppd options in effect:\n"); - print_option_list(general_options, printer, arg); - print_option_list(auth_options, printer, arg); - for (list = extra_options; list != NULL; list = list->next) - print_option_list(list->options, printer, arg); - print_option_list(the_channel->options, printer, arg); - for (i = 0; protocols[i] != NULL; ++i) - print_option_list(protocols[i]->options, printer, arg); -} - -/* - * usage - print out a message telling how to use the program. - */ -static void -usage() -{ - if (phase == PHASE_INITIALIZE) - fprintf(stderr, usage_string, VERSION, progname); -} - -/* - * showhelp - print out usage message and exit. - */ -static int -showhelp(argv) - char **argv; -{ - if (phase == PHASE_INITIALIZE) { - usage(); - exit(0); - } - return 0; -} - -/* - * showversion - print out the version number and exit. - */ -static int -showversion(argv) - char **argv; -{ - if (phase == PHASE_INITIALIZE) { - fprintf(stderr, "pppd version %s\n", VERSION); - exit(0); - } - return 0; -} - -/* - * option_error - print a message about an error in an option. - * The message is logged, and also sent to - * stderr if phase == PHASE_INITIALIZE. - */ -void -option_error __V((char *fmt, ...)) -{ - va_list args; - char buf[1024]; - -#if defined(__STDC__) - va_start(args, fmt); -#else - char *fmt; - va_start(args); - fmt = va_arg(args, char *); -#endif - vslprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (phase == PHASE_INITIALIZE) - fprintf(stderr, "%s: %s\n", progname, buf); - syslog(LOG_ERR, "%s", buf); -#ifdef ANDROID_CHANGES - error("%s", buf); -#endif -} - -#if 0 -/* - * readable - check if a file is readable by the real user. - */ -int -readable(fd) - int fd; -{ - uid_t uid; - int i; - struct stat sbuf; - - uid = getuid(); - if (uid == 0) - return 1; - if (fstat(fd, &sbuf) != 0) - return 0; - if (sbuf.st_uid == uid) - return sbuf.st_mode & S_IRUSR; - if (sbuf.st_gid == getgid()) - return sbuf.st_mode & S_IRGRP; - for (i = 0; i < ngroups; ++i) - if (sbuf.st_gid == groups[i]) - return sbuf.st_mode & S_IRGRP; - return sbuf.st_mode & S_IROTH; -} -#endif - -/* - * Read a word from a file. - * Words are delimited by white-space or by quotes (" or '). - * Quotes, white-space and \ may be escaped with \. - * \ is ignored. - */ -int -getword(f, word, newlinep, filename) - FILE *f; - char *word; - int *newlinep; - char *filename; -{ - int c, len, escape; - int quoted, comment; - int value, digit, got, n; - -#define isoctal(c) ((c) >= '0' && (c) < '8') - - *newlinep = 0; - len = 0; - escape = 0; - comment = 0; - - /* - * First skip white-space and comments. - */ - for (;;) { - c = getc(f); - if (c == EOF) - break; - - /* - * A newline means the end of a comment; backslash-newline - * is ignored. Note that we cannot have escape && comment. - */ - if (c == '\n') { - if (!escape) { - *newlinep = 1; - comment = 0; - } else - escape = 0; - continue; - } - - /* - * Ignore characters other than newline in a comment. - */ - if (comment) - continue; - - /* - * If this character is escaped, we have a word start. - */ - if (escape) - break; - - /* - * If this is the escape character, look at the next character. - */ - if (c == '\\') { - escape = 1; - continue; - } - - /* - * If this is the start of a comment, ignore the rest of the line. - */ - if (c == '#') { - comment = 1; - continue; - } - - /* - * A non-whitespace character is the start of a word. - */ - if (!isspace(c)) - break; - } - - /* - * Save the delimiter for quoted strings. - */ - if (!escape && (c == '"' || c == '\'')) { - quoted = c; - c = getc(f); - } else - quoted = 0; - - /* - * Process characters until the end of the word. - */ - while (c != EOF) { - if (escape) { - /* - * This character is escaped: backslash-newline is ignored, - * various other characters indicate particular values - * as for C backslash-escapes. - */ - escape = 0; - if (c == '\n') { - c = getc(f); - continue; - } - - got = 0; - switch (c) { - case 'a': - value = '\a'; - break; - case 'b': - value = '\b'; - break; - case 'f': - value = '\f'; - break; - case 'n': - value = '\n'; - break; - case 'r': - value = '\r'; - break; - case 's': - value = ' '; - break; - case 't': - value = '\t'; - break; - - default: - if (isoctal(c)) { - /* - * \ddd octal sequence - */ - value = 0; - for (n = 0; n < 3 && isoctal(c); ++n) { - value = (value << 3) + (c & 07); - c = getc(f); - } - got = 1; - break; - } - - if (c == 'x') { - /* - * \x sequence - */ - value = 0; - c = getc(f); - for (n = 0; n < 2 && isxdigit(c); ++n) { - digit = toupper(c) - '0'; - if (digit > 10) - digit += '0' + 10 - 'A'; - value = (value << 4) + digit; - c = getc (f); - } - got = 1; - break; - } - - /* - * Otherwise the character stands for itself. - */ - value = c; - break; - } - - /* - * Store the resulting character for the escape sequence. - */ - if (len < MAXWORDLEN-1) - word[len] = value; - ++len; - - if (!got) - c = getc(f); - continue; - - } - - /* - * Not escaped: see if we've reached the end of the word. - */ - if (quoted) { - if (c == quoted) - break; - } else { - if (isspace(c) || c == '#') { - ungetc (c, f); - break; - } - } - - /* - * Backslash starts an escape sequence. - */ - if (c == '\\') { - escape = 1; - c = getc(f); - continue; - } - - /* - * An ordinary character: store it in the word and get another. - */ - if (len < MAXWORDLEN-1) - word[len] = c; - ++len; - - c = getc(f); - } - - /* - * End of the word: check for errors. - */ - if (c == EOF) { - if (ferror(f)) { - if (errno == 0) - errno = EIO; - option_error("Error reading %s: %m", filename); - die(1); - } - /* - * If len is zero, then we didn't find a word before the - * end of the file. - */ - if (len == 0) - return 0; - } - - /* - * Warn if the word was too long, and append a terminating null. - */ - if (len >= MAXWORDLEN) { - option_error("warning: word in file %s too long (%.20s...)", - filename, word); - len = MAXWORDLEN - 1; - } - word[len] = 0; - - return 1; - -#undef isoctal - -} - -/* - * number_option - parse an unsigned numeric parameter for an option. - */ -static int -number_option(str, valp, base) - char *str; - u_int32_t *valp; - int base; -{ - char *ptr; - - *valp = strtoul(str, &ptr, base); - if (ptr == str) { - option_error("invalid numeric parameter '%s' for %s option", - str, current_option); - return 0; - } - return 1; -} - - -/* - * int_option - like number_option, but valp is int *, - * the base is assumed to be 0, and *valp is not changed - * if there is an error. - */ -int -int_option(str, valp) - char *str; - int *valp; -{ - u_int32_t v; - - if (!number_option(str, &v, 0)) - return 0; - *valp = (int) v; - return 1; -} - - -/* - * The following procedures parse options. - */ - -/* - * readfile - take commands from a file. - */ -static int -readfile(argv) - char **argv; -{ - return options_from_file(*argv, 1, 1, privileged_option); -} - -/* - * callfile - take commands from /etc/ppp/peers/. - * Name may not contain /../, start with / or ../, or end in /.. - */ -static int -callfile(argv) - char **argv; -{ - char *fname, *arg, *p; - int l, ok; - - arg = *argv; - ok = 1; - if (arg[0] == '/' || arg[0] == 0) - ok = 0; - else { - for (p = arg; *p != 0; ) { - if (p[0] == '.' && p[1] == '.' && (p[2] == '/' || p[2] == 0)) { - ok = 0; - break; - } - while (*p != '/' && *p != 0) - ++p; - if (*p == '/') - ++p; - } - } - if (!ok) { - option_error("call option value may not contain .. or start with /"); - return 0; - } - - l = strlen(arg) + strlen(_PATH_PEERFILES) + 1; - if ((fname = (char *) malloc(l)) == NULL) - novm("call file name"); - slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg); - - ok = options_from_file(fname, 1, 1, 1); - - free(fname); - return ok; -} - -#ifdef PPP_FILTER -/* - * setpassfilter - Set the pass filter for packets - */ -static int -setpassfilter(argv) - char **argv; -{ - pcap_t *pc; - int ret = 0; - - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535); - if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { - option_error("error in pass-filter expression: %s\n", - pcap_geterr(pc)); - ret = 1; - } - pcap_close(pc); - - return ret; -} - -/* - * setactivefilter - Set the active filter for packets - */ -static int -setactivefilter(argv) - char **argv; -{ - pcap_t *pc; - int ret = 0; - - pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535); - if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { - option_error("error in active-filter expression: %s\n", - pcap_geterr(pc)); - ret = 1; - } - pcap_close(pc); - - return ret; -} -#endif - -/* - * setdomain - Set domain name to append to hostname - */ -static int -setdomain(argv) - char **argv; -{ - gethostname(hostname, MAXNAMELEN); - if (**argv != 0) { - if (**argv != '.') - strncat(hostname, ".", MAXNAMELEN - strlen(hostname)); - domain = hostname + strlen(hostname); - strncat(hostname, *argv, MAXNAMELEN - strlen(hostname)); - } - hostname[MAXNAMELEN-1] = 0; - return (1); -} - -static int -setlogfile(argv) - char **argv; -{ - int fd, err; - - if (!privileged_option) - seteuid(getuid()); - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); - if (fd < 0 && errno == EEXIST) - fd = open(*argv, O_WRONLY | O_APPEND); - err = errno; - if (!privileged_option) - seteuid(0); - if (fd < 0) { - errno = err; - option_error("Can't open log file %s: %m", *argv); - return 0; - } - strlcpy(logfile_name, *argv, sizeof(logfile_name)); - if (logfile_fd >= 0) - close(logfile_fd); - logfile_fd = fd; - log_to_fd = fd; - log_default = 0; - return 1; -} - -#ifdef MAXOCTETS -static int -setmodir(argv) - char **argv; -{ - if(*argv == NULL) - return 0; - if(!strcmp(*argv,"in")) { - maxoctets_dir = PPP_OCTETS_DIRECTION_IN; - } else if (!strcmp(*argv,"out")) { - maxoctets_dir = PPP_OCTETS_DIRECTION_OUT; - } else if (!strcmp(*argv,"max")) { - maxoctets_dir = PPP_OCTETS_DIRECTION_MAXOVERAL; - } else { - maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; - } - return 1; -} -#endif - -#ifdef PLUGIN -static int -loadplugin(argv) - char **argv; -{ - char *arg = *argv; - void *handle; - const char *err; - void (*init) __P((void)); - char *path = arg; - const char *vers; - - if (strchr(arg, '/') == 0) { - const char *base = _PATH_PLUGIN; - int l = strlen(base) + strlen(arg) + 2; - path = malloc(l); - if (path == 0) - novm("plugin file path"); - strlcpy(path, base, l); - strlcat(path, "/", l); - strlcat(path, arg, l); - } - handle = dlopen(path, RTLD_GLOBAL | RTLD_NOW); - if (handle == 0) { - err = dlerror(); - if (err != 0) - option_error("%s", err); - option_error("Couldn't load plugin %s", arg); - goto err; - } - init = (void (*)(void))dlsym(handle, "plugin_init"); - if (init == 0) { - option_error("%s has no initialization entry point", arg); - goto errclose; - } - vers = (const char *) dlsym(handle, "pppd_version"); - if (vers == 0) { - warn("Warning: plugin %s has no version information", arg); - } else if (strcmp(vers, VERSION) != 0) { - option_error("Plugin %s is for pppd version %s, this is %s", - arg, vers, VERSION); - goto errclose; - } - info("Plugin %s loaded.", arg); - (*init)(); - return 1; - - errclose: - dlclose(handle); - err: - if (path != arg) - free(path); - return 0; -} -#endif /* PLUGIN */ diff --git a/pppd/patchlevel.h b/pppd/patchlevel.h deleted file mode 100644 index 61c2d33..0000000 --- a/pppd/patchlevel.h +++ /dev/null @@ -1,4 +0,0 @@ -/* $Id: patchlevel.h,v 1.62 2004/11/13 12:08:01 paulus Exp $ */ - -#define VERSION "2.4.3" -#define DATE "13 November 2004" diff --git a/pppd/pathnames.h b/pppd/pathnames.h deleted file mode 100644 index fac026d..0000000 --- a/pppd/pathnames.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * define path names - * - * $Id: pathnames.h,v 1.16 2004/11/13 12:02:22 paulus Exp $ - */ - -#ifdef HAVE_PATHS_H -#include - -#else /* HAVE_PATHS_H */ -#ifndef _PATH_VARRUN -#define _PATH_VARRUN "/etc/ppp/" -#endif -#define _PATH_DEVNULL "/dev/null" -#endif /* HAVE_PATHS_H */ - -//#ifndef _ROOT_PATH -#define _ROOT_PATH -//#endif - -#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" -#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" -#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets" -#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" -#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" -#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" -#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" -#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" -#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." -#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" -#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" -#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" - -#define _PATH_USEROPT ".ppprc" -#define _PATH_PSEUDONYM ".ppp_pseudonym" - -#ifdef INET6 -#define _PATH_IPV6UP _ROOT_PATH "/etc/ppp/ipv6-up" -#define _PATH_IPV6DOWN _ROOT_PATH "/etc/ppp/ipv6-down" -#endif - -#ifdef IPX_CHANGE -#define _PATH_IPXUP _ROOT_PATH "/etc/ppp/ipx-up" -#define _PATH_IPXDOWN _ROOT_PATH "/etc/ppp/ipx-down" -#endif /* IPX_CHANGE */ - -#ifdef __STDC__ -#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb" -#else /* __STDC__ */ -#ifdef HAVE_PATHS_H -#define _PATH_PPPDB "/var/run/pppd2.tdb" -#else -#define _PATH_PPPDB "/etc/ppp/pppd2.tdb" -#endif -#endif /* __STDC__ */ - -#ifdef PLUGIN -#define _PATH_PLUGIN "/usr/lib/pppd/" VERSION -#endif /* PLUGIN */ diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux deleted file mode 100644 index b52f284..0000000 --- a/pppd/plugins/Makefile.linux +++ /dev/null @@ -1,41 +0,0 @@ -CC = gcc -COPTS = -O2 -g -CFLAGS = $(COPTS) -I.. -I../../include -fPIC -LDFLAGS = -shared -INSTALL = install - -DESTDIR = @DESTDIR@ -BINDIR = $(DESTDIR)/sbin -MANDIR = $(DESTDIR)/share/man/man8 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - -SUBDIRS := rp-pppoe pppoatm radius -# Uncomment the next line to include the radius authentication plugin -# SUBDIRS += radius -PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so - -# include dependencies if present -ifeq (.depend,$(wildcard .depend)) -include .depend -endif - -all: $(PLUGINS) - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done - -%.so: %.c - $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ - -VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h) - -install: $(PLUGINS) - $(INSTALL) -d $(LIBDIR) - $(INSTALL) $? $(LIBDIR) - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install; done - -clean: - rm -f *.o *.so *.a - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean; done - -depend: - $(CPP) -M $(CFLAGS) *.c >.depend - for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend; done diff --git a/pppd/plugins/Makefile.sol2 b/pppd/plugins/Makefile.sol2 deleted file mode 100644 index bc7d85d..0000000 --- a/pppd/plugins/Makefile.sol2 +++ /dev/null @@ -1,27 +0,0 @@ -# -# Makefile for plugins on Solaris 2 -# -# $Id: Makefile.sol2,v 1.3 2002/09/07 05:15:25 carlsonj Exp $ -# - -include ../../Makedefs.com - -CFLAGS = -c -O -I.. -I../../include $(COPTS) -LDFLAGS = -G - -all: minconn.so - -minconn.so: minconn.o - ld -o $@ $(LDFLAGS) -h $@ minconn.o - -minconn.o: minconn.c - $(CC) $(CFLAGS) -c $? - -passprompt.so: passprompt.o - ld -o $@ $(LDFLAGS) -h $@ passprompt.o - -passprompt.o: passprompt.c - $(CC) $(CFLAGS) -c $? - -clean: - rm -f *.o *.so diff --git a/pppd/plugins/minconn.c b/pppd/plugins/minconn.c deleted file mode 100644 index c12216a..0000000 --- a/pppd/plugins/minconn.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * minconn.c - pppd plugin to implement a `minconnect' option. - * - * Copyright (c) 1999 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include -#include -#include "pppd.h" - -char pppd_version[] = VERSION; - -static int minconnect = 0; - -static option_t my_options[] = { - { "minconnect", o_int, &minconnect, - "Set minimum connect time before idle timeout applies" }, - { NULL } -}; - -static int my_get_idle(struct ppp_idle *idle) -{ - time_t t; - - if (idle == NULL) - return minconnect? minconnect: idle_time_limit; - t = idle->xmit_idle; - if (idle->recv_idle < t) - t = idle->recv_idle; - return idle_time_limit - t; -} - -void plugin_init(void) -{ - info("plugin_init"); - add_options(my_options); - idle_time_hook = my_get_idle; -} diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c deleted file mode 100644 index 7689017..0000000 --- a/pppd/plugins/passprompt.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * passprompt.c - pppd plugin to invoke an external PAP password prompter - * - * Copyright 1999 Paul Mackerras, Alan Curry. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version - * 2 of the License, or (at your option) any later version. - */ -#include -#include -#include -#include -#include "pppd.h" - -char pppd_version[] = VERSION; - -static char promptprog[PATH_MAX+1]; - -static option_t options[] = { - { "promptprog", o_string, promptprog, - "External PAP password prompting program", - OPT_STATIC, NULL, PATH_MAX }, - { NULL } -}; - -static int promptpass(char *user, char *passwd) -{ - int p[2]; - pid_t kid; - int readgood, wstat; - ssize_t red; - - if (promptprog[0] == 0 || access(promptprog, X_OK) < 0) - return -1; /* sorry, can't help */ - - if (!passwd) - return 1; - - if (pipe(p)) { - warn("Can't make a pipe for %s", promptprog); - return 0; - } - if ((kid = fork()) == (pid_t) -1) { - warn("Can't fork to run %s", promptprog); - close(p[0]); - close(p[1]); - return 0; - } - if (!kid) { - /* we are the child, exec the program */ - char *argv[4], fdstr[32]; - sys_close(); - closelog(); - close(p[0]); - seteuid(getuid()); - setegid(getgid()); - argv[0] = promptprog; - argv[1] = user; - argv[2] = remote_name; - sprintf(fdstr, "%d", p[1]); - argv[3] = fdstr; - argv[4] = 0; - execv(*argv, argv); - _exit(127); - } - - /* we are the parent, read the password from the pipe */ - close(p[1]); - readgood = 0; - do { - red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood); - if (red == 0) - break; - if (red < 0) { - if (errno == EINTR) - continue; - error("Can't read secret from %s: %m", promptprog); - readgood = -1; - break; - } - readgood += red; - } while (readgood < MAXSECRETLEN - 1); - passwd[readgood] = 0; - close(p[0]); - - /* now wait for child to exit */ - while (waitpid(kid, &wstat, 0) < 0) { - if (errno != EINTR) { - warn("error waiting for %s: %m", promptprog); - break; - } - } - - if (readgood < 0) - return 0; - if (!WIFEXITED(wstat)) - warn("%s terminated abnormally", promptprog); - if (WEXITSTATUS(wstat)) - warn("%s exited with code %d", promptprog, WEXITSTATUS(status)); - - return 1; -} - -void plugin_init(void) -{ - add_options(options); - pap_passwd_hook = promptpass; -} diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c deleted file mode 100644 index d718f3b..0000000 --- a/pppd/plugins/passwordfd.c +++ /dev/null @@ -1,82 +0,0 @@ - -/* - * Author: Arvin Schnell - * - * This plugin let's you pass the password to the pppd via - * a file descriptor. That's easy and secure - no fiddling - * with pap- and chap-secrets files. - */ - -#include -#include -#include -#include - -#include "pppd.h" - -char pppd_version[] = VERSION; - -static int passwdfd = -1; -static char save_passwd[MAXSECRETLEN]; - -static option_t options[] = { - { "passwordfd", o_int, &passwdfd, - "Receive password on this file descriptor" }, - { NULL } -}; - -static int pwfd_check (void) -{ - return 1; -} - -static int pwfd_passwd (char *user, char *passwd) -{ - int readgood, red; - - if (passwdfd == -1) - return -1; - - if (passwd == NULL) - return 1; - - if (passwdfd == -2) { - strcpy (passwd, save_passwd); - return 1; - } - - readgood = 0; - do { - red = read (passwdfd, passwd + readgood, MAXSECRETLEN - 1 - readgood); - if (red == 0) - break; - if (red < 0) { - error ("Can't read secret from fd\n"); - readgood = -1; - break; - } - readgood += red; - } while (readgood < MAXSECRETLEN - 1); - - close (passwdfd); - - if (readgood < 0) - return 0; - - passwd[readgood] = 0; - strcpy (save_passwd, passwd); - passwdfd = -2; - - return 1; -} - -void plugin_init (void) -{ - add_options (options); - - pap_check_hook = pwfd_check; - pap_passwd_hook = pwfd_passwd; - - chap_check_hook = pwfd_check; - chap_passwd_hook = pwfd_passwd; -} diff --git a/pppd/plugins/pppoatm/COPYING b/pppd/plugins/pppoatm/COPYING deleted file mode 100644 index 16b2621..0000000 --- a/pppd/plugins/pppoatm/COPYING +++ /dev/null @@ -1,7 +0,0 @@ -The files ans.c, atm.h, atmres.h, atmsap.h, misc.c, text2atm.c and -text2qos.c are taken from the linux-atm libraries. These are -Copyright 1995-2000 EPFL-LRC/ICA, and are licensed under the GNU Lesser -General Public License. - -The file pppoatm.c contains its own copyright notice, and is licensed -under the GPL. diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux deleted file mode 100644 index 72acd0b..0000000 --- a/pppd/plugins/pppoatm/Makefile.linux +++ /dev/null @@ -1,46 +0,0 @@ -CC = gcc -COPTS = -O2 -g -CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC -LDFLAGS = -shared -INSTALL = install - -#*********************************************************************** - -DESTDIR = @DESTDIR@ -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - -VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -PLUGIN := pppoatm.so -PLUGIN_OBJS := pppoatm.o - -#******* -# Do we have the ATM libraries installed? Set HAVE_LIBATM to use them, -# or leave it unset to build the few routines we actually _use_ into -# the plugin directly. -# -#HAVE_LIBATM=yes - -ifdef HAVE_LIBATM -LIBS := -latm -else -CFLAGS += -I. -PLUGIN_OBJS += text2qos.o text2atm.o misc.o ans.o -LIBS := -lresolv -endif - -#********* -all: $(PLUGIN) - -$(PLUGIN): $(PLUGIN_OBJS) - $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) - -install: all - $(INSTALL) -d -m 755 $(LIBDIR) - $(INSTALL) -c -m 4550 $(PLUGIN) $(LIBDIR) - -clean: - rm -f *.o *.so - -%.o: %.c - $(CC) $(CFLAGS) -c -o $@ $< diff --git a/pppd/plugins/pppoatm/ans.c b/pppd/plugins/pppoatm/ans.c deleted file mode 100644 index 973eb33..0000000 --- a/pppd/plugins/pppoatm/ans.c +++ /dev/null @@ -1,262 +0,0 @@ -/* ans.c - Interface for text2atm and atm2text to ANS */ - -/* Written 1996-2000 by Werner Almesberger, EPFL-LRC/ICA */ - - -/* - * This stuff is a temporary hack to avoid using gethostbyname_nsap and such - * without doing the "full upgrade" to getaddrinfo/getnameinfo. This also - * serves as an exercise for me to get all the details right before I propose - * a patch that would eventually end up in libc (and that should therefore be - * as stable as possible). - */ - -#if HAVE_CONFIG_H -#include -#endif - -#include -#include -#include - -#include -#include -#include -#include - -#include "atm.h" -#include "atmres.h" - - -#define MAX_ANSWER 2048 -#define MAX_NAME 1024 - -#define MAX_LINE 2048 /* in /etc/e164_cc */ -#define E164_CC_DEFAULT_LEN 2 -#define E164_CC_FILE "/etc/e164_cc" - -#define GET16(pos) (((pos)[0] << 8) | (pos)[1]) - - -static int ans(const char *text,int wanted,void *result,int res_len) -{ - unsigned char answer[MAX_ANSWER]; - unsigned char name[MAX_NAME]; - unsigned char *pos,*data,*found; - int answer_len,name_len,data_len,found_len; - int questions,answers; - - found_len = 0; /* gcc wants it */ - if ((answer_len = res_search(text,C_IN,wanted,answer,MAX_ANSWER)) < 0) - return TRY_OTHER; - /* - * Response header: id, flags, #queries, #answers, #authority, - * #additional (all 16 bits) - */ - pos = answer+12; - if (answer[3] & 15) return TRY_OTHER; /* rcode != 0 */ - questions = GET16(answer+4); - if (questions != 1) return TRY_OTHER; /* trouble ... */ - answers = GET16(answer+6); - if (answers < 1) return TRY_OTHER; - /* - * Query: name, type (16), class (16) - */ - if ((name_len = dn_expand(answer,answer+answer_len,pos,name,MAX_NAME)) < 0) - return TRY_OTHER; - pos += name_len; - if (GET16(pos) != wanted || GET16(pos+2) != C_IN) return TRY_OTHER; - pos += 4; - /* - * Iterate over answers until we find something we like, giving priority - * to ATMA_AESA (until signaling is fixed to work with E.164 too) - */ - found = NULL; - while (answers--) { - /* - * RR: name, type (16), class (16), TTL (32), resource_len (16), - * resource_data ... - */ - if ((name_len = dn_expand(answer,answer+answer_len,pos,name,MAX_NAME)) - < 0) return TRY_OTHER; - pos += name_len; - data_len = GET16(pos+8); - data = pos+10; - pos = data+data_len; - if (GET16(data-10) != wanted || GET16(data-8) != C_IN || !--data_len) - continue; - switch (wanted) { - case T_NSAP: - data_len++; - if (data_len != ATM_ESA_LEN) continue; - memcpy(((struct sockaddr_atmsvc *) result)-> - sas_addr.prv,data,ATM_ESA_LEN); - return 0; - case T_ATMA: - switch (*data++) { - case ATMA_AESA: - if (data_len != ATM_ESA_LEN) continue; - memcpy(((struct sockaddr_atmsvc *) result)-> - sas_addr.prv,data,ATM_ESA_LEN); - return 0; - case ATMA_E164: - if (data_len > ATM_E164_LEN) continue; - if (!found) { - found = data; - found_len = data_len; - } - break; - default: - continue; - } - case T_PTR: - if (dn_expand(answer,answer+answer_len,data,result, - res_len) < 0) return FATAL; - return 0; - default: - continue; - } - } - if (!found) return TRY_OTHER; - memcpy(((struct sockaddr_atmsvc *) result)->sas_addr.pub,found, - found_len); - ((struct sockaddr_atmsvc *) result)->sas_addr.pub[found_len] = 0; - return 0; -} - - -int ans_byname(const char *text,struct sockaddr_atmsvc *addr,int length, - int flags) -{ - if (!(flags & T2A_SVC) || length != sizeof(*addr)) return TRY_OTHER; - memset(addr,0,sizeof(*addr)); - addr->sas_family = AF_ATMSVC; - if (!ans(text,T_ATMA,addr,length)) return 0; - return ans(text,T_NSAP,addr,length); -} - - -static int encode_nsap(char *buf,const unsigned char *addr) -{ - static int fmt_dcc[] = { 2,12,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, - 4,2,0 }; - static int fmt_e164[] = { 2,12,1,1,1,1,1,1,1,1,16,2,0 }; - int *fmt; - int pos,i,j; - - switch (*addr) { - case ATM_AFI_DCC: - case ATM_AFI_ICD: - case ATM_AFI_LOCAL: - case ATM_AFI_DCC_GROUP: - case ATM_AFI_ICD_GROUP: - case ATM_AFI_LOCAL_GROUP: - fmt = fmt_dcc; - break; - case ATM_AFI_E164: - case ATM_AFI_E164_GROUP: - fmt = fmt_e164; - break; - default: - return TRY_OTHER; - } - pos = 2*ATM_ESA_LEN; - for (i = 0; fmt[i]; i++) { - pos -= fmt[i]; - for (j = 0; j < fmt[i]; j++) - sprintf(buf++,"%x", - (addr[(pos+j) >> 1] >> 4*(1-((pos+j) & 1))) & 0xf); - *buf++ = '.'; - } - strcpy(buf,"AESA.ATMA.INT."); - return 0; -} - - -static int encode_nsap_new(char *buf,const unsigned char *addr) -{ - int i; - int digit; - - for (i = 20; i; ) { - i--; - digit = addr[i] & 0x0F; - *(buf++) = digit + (digit >= 10 ? '7' : '0'); - *(buf++) = '.'; - digit = ((unsigned char) (addr[i])) >> 4; - *(buf++) = digit + (digit >= 10 ? '7' : '0'); - *(buf++) = '.'; - } - strcpy (buf, "NSAP.INT."); - return 0; -} - - -static int cc_len(int p0,int p1) -{ - static char *cc_table = NULL; - FILE *file; - char buffer[MAX_LINE]; - char *here; - int cc; - - if (!cc_table) { - if (!(cc_table = malloc(100))) { - perror("malloc"); - return E164_CC_DEFAULT_LEN; - } - memset(cc_table,E164_CC_DEFAULT_LEN,100); - if (!(file = fopen(E164_CC_FILE,"r"))) - perror(E164_CC_FILE); - else { - while (fgets(buffer,MAX_LINE,file)) { - here = strchr(buffer,'#'); - if (here) *here = 0; - if (sscanf(buffer,"%d",&cc) == 1) { - if (cc < 10) cc_table[cc] = 1; - else if (cc < 100) cc_table[cc] = 2; - else cc_table[cc/10] = 3; - } - } - fclose(file); - } - } - if (cc_table[p0] == 1) return 1; - return cc_table[p0*10+p1]; -} - - -static int encode_e164(char *buf,const char *addr) -{ - const char *prefix,*here; - - prefix = addr+cc_len(addr[0]-48,addr[1]-48); - here = strchr(addr,0); - while (here > prefix) { - *buf++ = *--here; - *buf++ = '.'; - } - while (here > addr) *buf++ = *addr++; - strcpy(buf,".E164.ATMA.INT."); - return 0; -} - - -int ans_byaddr(char *buffer,int length,const struct sockaddr_atmsvc *addr, - int flags) -{ - char tmp[MAX_NAME]; /* could be smaller ... */ - int res; - - if (addr->sas_addr.prv) { - res = encode_nsap(tmp,addr->sas_addr.prv); - if (!res && !ans(tmp,T_PTR,buffer,length)) return 0; - res = encode_nsap_new(tmp,addr->sas_addr.prv); - if (res < 0) return res; - return ans(tmp,T_PTR,buffer,length); - } else { - res = encode_e164(tmp,addr->sas_addr.pub); - if (res < 0) return res; - return ans(tmp,T_PTR,buffer,length); - } -} diff --git a/pppd/plugins/pppoatm/atm.h b/pppd/plugins/pppoatm/atm.h deleted file mode 100644 index 3b15dda..0000000 --- a/pppd/plugins/pppoatm/atm.h +++ /dev/null @@ -1,108 +0,0 @@ -/* atm.h - Functions useful for ATM applications */ - -/* Written 1995-2000 by Werner Almesberger, EPFL-LRC/ICA */ - - -#ifndef _ATM_H -#define _ATM_H - -#include -#include -#include - - -/* - * For versions of glibc < 2.1 - */ - -#ifndef AF_ATMPVC -#define AF_ATMPVC 8 -#endif - -#ifndef AF_ATMSVC -#define AF_ATMSVC 20 -#endif - -#ifndef PF_ATMPVC -#define PF_ATMPVC AF_ATMPVC -#endif - -#ifndef PF_ATMSVC -#define PF_ATMSVC AF_ATMSVC -#endif - -#ifndef SOL_ATM -#define SOL_ATM 264 -#endif - -#ifndef SOL_AAL -#define SOL_AAL 265 -#endif - - -#define HOSTS_ATM "/etc/hosts.atm" - -/* text2atm flags */ -#define T2A_PVC 1 /* address is PVC */ -#define T2A_SVC 2 /* address is SVC */ -#define T2A_UNSPEC 4 /* allow unspecified parts in PVC address */ -#define T2A_WILDCARD 8 /* allow wildcards in PVC or SVC address */ -#define T2A_NNI 16 /* allow NNI VPI range (PVC) */ -#define T2A_NAME 32 /* allow name resolution */ -#define T2A_REMOTE 64 /* OBSOLETE */ -#define T2A_LOCAL 128 /* don't use ANS */ - -/* atm2text flags */ -#define A2T_PRETTY 1 /* add syntactic sugar */ -#define A2T_NAME 2 /* attempt name lookup */ -#define A2T_REMOTE 4 /* OBSOLETE */ -#define A2T_LOCAL 8 /* don't use ANS */ - -/* atm_equal flags */ -#define AXE_WILDCARD 1 /* allow wildcard match */ -#define AXE_PRVOPT 2 /* private part of SVC address is optional */ - -/* text2qos flags */ -#define T2Q_DEFAULTS 1 /* structure contains default values */ - -/* text2sap flags */ -#define T2S_NAME 1 /* attempt name lookup */ -#define T2S_LOCAL 2 /* we may support NIS or such in the future */ - -/* sap2text flags */ -#define S2T_NAME 1 /* attempt name lookup */ -#define S2T_LOCAL 2 /* we may support NIS or such in the future */ - -/* sap_equal flags */ -#define SXE_COMPATIBLE 1 /* check for compatibility instead of identity*/ -#define SXE_NEGOTIATION 2 /* allow negotiation; requires SXE_COMPATIBLE; - assumes "a" defines the available - capabilities */ -#define SXE_RESULT 4 /* return selected SAP */ - -#define MAX_ATM_ADDR_LEN (2*ATM_ESA_LEN+ATM_E164_LEN+5) - /* 4 dots, 1 plus */ -#define MAX_ATM_NAME_LEN 256 /* wild guess */ -#define MAX_ATM_QOS_LEN 116 /* 5+4+2*(3+3*(7+9)+2)+1 */ -#define MAX_ATM_SAP_LEN 255 /* BHLI(27)+1+3*BLLI(L2=33,L3=41,+1)+2 */ - - -int text2atm(const char *text,struct sockaddr *addr,int length,int flags); -int atm2text(char *buffer,int length,const struct sockaddr *addr,int flags); -int atm_equal(const struct sockaddr *a,const struct sockaddr *b,int len, - int flags); - -int sdu2cell(int s,int sizes,const int *sdu_size,int *num_sdu); - -int text2qos(const char *text,struct atm_qos *qos,int flags); -int qos2text(char *buffer,int length,const struct atm_qos *qos,int flags); -int qos_equal(const struct atm_qos *a,const struct atm_qos *b); - -int text2sap(const char *text,struct atm_sap *sap,int flags); -int sap2text(char *buffer,int length,const struct atm_sap *sap,int flags); -int sap_equal(const struct atm_sap *a,const struct atm_sap *b,int flags,...); - -int __t2q_get_rate(const char **text,int up); -int __atmlib_fetch(const char **pos,...); /* internal use only */ - -#endif diff --git a/pppd/plugins/pppoatm/atmres.h b/pppd/plugins/pppoatm/atmres.h deleted file mode 100644 index d5b3b8c..0000000 --- a/pppd/plugins/pppoatm/atmres.h +++ /dev/null @@ -1,36 +0,0 @@ -/* atmres.h - Common definitions and prototypes for resolver functions */ - -/* Written 1996,1998 by Werner Almesberger, EPFL-LRC/ICA */ - - -#ifndef _ATMRES_H -#define _ATMRES_H - -#include -#include - - -/* Some #defines that may be needed if ANS isn't installed on that system */ - -#ifndef T_ATMA -#define T_ATMA 34 -#endif -#ifndef ATMA_AESA -#define ATMA_AESA 0 -#endif -#ifndef ATMA_E164 -#define ATMA_E164 1 -#endif - -/* Return codes for text2atm and atm2text */ - -#define TRY_OTHER -2 -#define FATAL -1 /* must be -1 */ - - -int ans_byname(const char *text,struct sockaddr_atmsvc *addr,int length, - int flags); -int ans_byaddr(char *buffer,int length,const struct sockaddr_atmsvc *addr, - int flags); - -#endif diff --git a/pppd/plugins/pppoatm/atmsap.h b/pppd/plugins/pppoatm/atmsap.h deleted file mode 100644 index aea0c8e..0000000 --- a/pppd/plugins/pppoatm/atmsap.h +++ /dev/null @@ -1,45 +0,0 @@ -/* atmsap.h - ATM Service Access Point addressing definitions */ - -/* Written 1996-1998 by Werner Almesberger, EPFL LRC/ICA */ - - -#ifndef _ATMSAP_H -#define _ATMSAP_H - -#include -#include - - -/* - * Selected ISO/IEC TR 9577 Network Layer Protocol Identifiers (NLPID) - */ - -#define NLPID_IEEE802_1_SNAP 0x80 /* IEEE 802.1 SNAP */ - -/* - * Selected Organizationally Unique Identifiers (OUIs) - */ - -#define ATM_FORUM_OUI "\x00\xA0\x3E" /* ATM Forum */ -#define EPFL_OUI "\x00\x60\xD7" /* EPF Lausanne, CH */ - -/* - * Selected vendor-specific application identifiers (for B-HLI). Such an - * identifier consists of three bytes containing the OUI, followed by four - * bytes assigned by the organization owning the OUI. - */ - -#define ANS_HLT_VS_ID ATM_FORUM_OUI "\x00\x00\x00\x01" - /* ATM Name System, af-saa-0069.000 */ -#define VOD_HLT_VS_ID ATM_FORUM_OUI "\x00\x00\x00\x02" - /* VoD, af-saa-0049.001 */ -#define AREQUIPA_HLT_VS_ID EPFL_OUI "\x01\x00\x00\x01" /* Arequipa */ -#define TTCP_HLT_VS_ID EPFL_OUI "\x01\x00\x00\x03" /* ttcp_atm */ - - -/* Mapping of "well-known" TCP, UDP, etc. port numbers to ATM BHLIs. - btd-saa-api-bhli-01.02 */ - -void atm_tcpip_port_mapping(char *vs_id,uint8_t protocol,uint16_t port); - -#endif diff --git a/pppd/plugins/pppoatm/misc.c b/pppd/plugins/pppoatm/misc.c deleted file mode 100644 index 5e6975f..0000000 --- a/pppd/plugins/pppoatm/misc.c +++ /dev/null @@ -1,51 +0,0 @@ -/* misc.c - Miscellaneous library functions */ - -/* Written 1997-2000 by Werner Almesberger, EPFL-ICA/ICA */ - -#if HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include /* for htons */ - -#include -#include - - -int __atmlib_fetch(const char **pos,...) -{ - const char *value; - int ref_len,best_len,len; - int i,best; - va_list ap; - - va_start(ap,pos); - ref_len = strlen(*pos); - best_len = 0; - best = -1; - for (i = 0; (value = va_arg(ap,const char *)); i++) { - len = strlen(value); - if (*value != '!' && len <= ref_len && len > best_len && - !strncasecmp(*pos,value,len)) { - best = i; - best_len = len; - } - } - va_end(ap); - if (best > -1) (*pos) += best_len; - return best; -} - - -void atm_tcpip_port_mapping(char *vs_id,uint8_t protocol,uint16_t port) -{ - memcpy(vs_id,ATM_FORUM_OUI "\x01",4); - vs_id[4] = protocol; /* e.g. IP_TCP or IP_UDP; from netinet/protocols.h */ - vs_id[5] = (htons(port) >> 8) & 255; - vs_id[6] = htons(port) & 255; -} diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c deleted file mode 100644 index ad04b5c..0000000 --- a/pppd/plugins/pppoatm/pppoatm.c +++ /dev/null @@ -1,225 +0,0 @@ -/* pppoatm.c - pppd plugin to implement PPPoATM protocol. - * - * Copyright 2000 Mitchell Blank Jr. - * Based in part on work from Jens Axboe and Paul Mackerras. - * Updated to ppp-2.4.1 by Bernhard Kaindl - * - * Updated to ppp-2.4.2 by David Woodhouse 2004. - * - disconnect method added - * - remove_options() abuse removed. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version - * 2 of the License, or (at your option) any later version. - */ -#include -#include -#include -#include "pppd.h" -#include "pathnames.h" -#include "fsm.h" /* Needed for lcp.h to include cleanly */ -#include "lcp.h" -#include -#include -#include -#include -#include -#include - -const char pppd_version[] = VERSION; - -static struct sockaddr_atmpvc pvcaddr; -static char *qosstr = NULL; -static bool llc_encaps = 0; -static bool vc_encaps = 0; -static int device_got_set = 0; -static int pppoatm_max_mtu, pppoatm_max_mru; -static int setdevname_pppoatm(const char *cp, const char **argv, int doit); -struct channel pppoa_channel; -static int pppoa_fd = -1; - -static option_t pppoa_options[] = { - { "device name", o_wild, (void *) &setdevname_pppoatm, - "ATM service provider IDs: VPI.VCI", - OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, - devnam}, - { "llc-encaps", o_bool, &llc_encaps, - "use LLC encapsulation for PPPoATM", 1}, - { "vc-encaps", o_bool, &vc_encaps, - "use VC multiplexing for PPPoATM (default)", 1}, - { "qos", o_string, &qosstr, - "set QoS for PPPoATM connection", 1}, - { NULL } -}; - -/* returns: - * -1 if there's a problem with setting the device - * 0 if we can't parse "cp" as a valid name of a device - * 1 if "cp" is a reasonable thing to name a device - * Note that we don't actually open the device at this point - * We do need to fill in: - * devnam: a string representation of the device - * devstat: a stat structure of the device. In this case - * we're not opening a device, so we just make sure - * to set up S_ISCHR(devstat.st_mode) != 1, so we - * don't get confused that we're on stdin. - */ -int (*old_setdevname_hook)(const char* cp) = NULL; -static int setdevname_pppoatm(const char *cp, const char **argv, int doit) -{ - struct sockaddr_atmpvc addr; - extern struct stat devstat; - if (device_got_set) - return 0; - //info("PPPoATM setdevname_pppoatm: '%s'", cp); - memset(&addr, 0, sizeof addr); - if (text2atm(cp, (struct sockaddr *) &addr, sizeof(addr), - T2A_PVC | T2A_NAME) < 0) { - if(doit) - info("atm does not recognize: %s", cp); - return 0; - } - if (!doit) return 1; - //if (!dev_set_ok()) return -1; - memcpy(&pvcaddr, &addr, sizeof pvcaddr); - strlcpy(devnam, cp, sizeof devnam); - devstat.st_mode = S_IFSOCK; - if (the_channel != &pppoa_channel) { - the_channel = &pppoa_channel; - lcp_wantoptions[0].neg_accompression = 0; - lcp_allowoptions[0].neg_accompression = 0; - lcp_wantoptions[0].neg_asyncmap = 0; - lcp_allowoptions[0].neg_asyncmap = 0; - lcp_wantoptions[0].neg_pcompression = 0; - } - info("PPPoATM setdevname_pppoatm - SUCCESS:%s", cp); - device_got_set = 1; - return 1; -} - -#define pppoatm_overhead() (llc_encaps ? 6 : 2) - -static void no_device_given_pppoatm(void) -{ - fatal("No vpi.vci specified"); -} - -static void set_line_discipline_pppoatm(int fd) -{ - struct atm_backend_ppp be; - be.backend_num = ATM_BACKEND_PPP; - if (!llc_encaps) - be.encaps = PPPOATM_ENCAPS_VC; - else if (!vc_encaps) - be.encaps = PPPOATM_ENCAPS_LLC; - else - be.encaps = PPPOATM_ENCAPS_AUTODETECT; - if (ioctl(fd, ATM_SETBACKEND, &be) < 0) - fatal("ioctl(ATM_SETBACKEND): %m"); -} - -#if 0 -static void reset_line_discipline_pppoatm(int fd) -{ - atm_backend_t be = ATM_BACKEND_RAW; - /* 2.4 doesn't support this yet */ - (void) ioctl(fd, ATM_SETBACKEND, &be); -} -#endif - -static int connect_pppoatm(void) -{ - int fd; - struct atm_qos qos; - - /* XXX: This won't work on Android */ - system ("/sbin/modprobe pppoatm"); - - if (!device_got_set) - no_device_given_pppoatm(); - fd = socket(AF_ATMPVC, SOCK_DGRAM, 0); - if (fd < 0) - fatal("failed to create socket: %m"); - memset(&qos, 0, sizeof qos); - qos.txtp.traffic_class = qos.rxtp.traffic_class = ATM_UBR; - /* TODO: support simplified QoS setting */ - if (qosstr != NULL) - if (text2qos(qosstr, &qos, 0)) - fatal("Can't parse QoS: \"%s\""); - qos.txtp.max_sdu = lcp_allowoptions[0].mru + pppoatm_overhead(); - qos.rxtp.max_sdu = lcp_wantoptions[0].mru + pppoatm_overhead(); - qos.aal = ATM_AAL5; - if (setsockopt(fd, SOL_ATM, SO_ATMQOS, &qos, sizeof(qos)) < 0) - fatal("setsockopt(SO_ATMQOS): %m"); - /* TODO: accept on SVCs... */ - if (connect(fd, (struct sockaddr *) &pvcaddr, - sizeof(struct sockaddr_atmpvc))) - fatal("connect(%s): %m", devnam); - pppoatm_max_mtu = lcp_allowoptions[0].mru; - pppoatm_max_mru = lcp_wantoptions[0].mru; - set_line_discipline_pppoatm(fd); - strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam)); - pppoa_fd = fd; - return fd; -} - -static void disconnect_pppoatm(void) -{ - close(pppoa_fd); -} - -static void send_config_pppoa(int mtu, - u_int32_t asyncmap, - int pcomp, - int accomp) -{ - int sock; - struct ifreq ifr; - if (mtu > pppoatm_max_mtu) - error("Couldn't increase MTU to %d", mtu); - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) - fatal("Couldn't create IP socket: %m"); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - ifr.ifr_mtu = mtu; - if (ioctl(sock, SIOCSIFMTU, (caddr_t) &ifr) < 0) - fatal("ioctl(SIOCSIFMTU): %m"); - (void) close (sock); -} - -static void recv_config_pppoa(int mru, - u_int32_t asyncmap, - int pcomp, - int accomp) -{ - if (mru > pppoatm_max_mru) - error("Couldn't increase MRU to %d", mru); -} - -void plugin_init(void) -{ -#if defined(__linux__) - extern int new_style_driver; /* From sys-linux.c */ - if (!ppp_available() && !new_style_driver) - fatal("Kernel doesn't support ppp_generic - " - "needed for PPPoATM"); -#else - fatal("No PPPoATM support on this OS"); -#endif - info("PPPoATM plugin_init"); - add_options(pppoa_options); -} -struct channel pppoa_channel = { - options: pppoa_options, - process_extra_options: NULL, - check_options: NULL, - connect: &connect_pppoatm, - disconnect: &disconnect_pppoatm, - establish_ppp: &generic_establish_ppp, - disestablish_ppp: &generic_disestablish_ppp, - send_config: &send_config_pppoa, - recv_config: &recv_config_pppoa, - close: NULL, - cleanup: NULL -}; diff --git a/pppd/plugins/pppoatm/text2atm.c b/pppd/plugins/pppoatm/text2atm.c deleted file mode 100644 index c283b52..0000000 --- a/pppd/plugins/pppoatm/text2atm.c +++ /dev/null @@ -1,249 +0,0 @@ -/* text2atm.c - Converts textual representation of ATM address to binary - encoding */ - -/* Written 1995-2000 by Werner Almesberger, EPFL-LRC/ICA */ - -#if HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include - -#include "atm.h" -#include "atmsap.h" -#include "atmres.h" - - -static int try_pvc(const char *text,struct sockaddr_atmpvc *addr,int flags) -{ - int part[3]; - int i; - - part[0] = part[1] = part[2] = 0; - i = 0; - while (1) { - if (!*text) return FATAL; /* empty or ends with a dot */ - if (i == 3) return TRY_OTHER; /* too long */ - if (isdigit(*text)) { - if (*text == '0' && isdigit(text[1])) return TRY_OTHER; - /* no leading zeroes */ - do { - if (part[i] > INT_MAX/10) return TRY_OTHER;/* number too big */ - part[i] = part[i]*10+*text++-'0'; - } - while (isdigit(*text)); - i++; - if (!*text) break; - if (*text++ != '.') return TRY_OTHER; /* non-PVC character */ - continue; - } - if (*text == '*') { - if (!(flags & T2A_WILDCARD)) return FATAL; /* not allowed */ - part[i++] = ATM_ITF_ANY; /* all *_ANY have the same value */ - } - else { - if (*text != '?') return TRY_OTHER; /* invalid character */ - if (!(flags & T2A_UNSPEC)) return FATAL; /* not allowed */ - part[i++] = ATM_VPI_UNSPEC; /* all *_UNSPEC have the same - value */ - } - if (!*++text) break; - if (*text++ != '.') return FATAL; /* dot required */ - } - if (i < 2) return TRY_OTHER; /* no dots */ - if (i == 2) { - part[2] = part[1]; - part[1] = part[0]; - part[0] = 0; /* default interface */ - } - if (part[0] > SHRT_MAX || part[2] > ATM_MAX_VCI) - return TRY_OTHER; /* too big */ - if (part[1] > (flags & T2A_NNI ? ATM_MAX_VPI_NNI : ATM_MAX_VPI)) - return TRY_OTHER; /* too big */ - if (part[0] == ATM_VPI_UNSPEC) return FATAL; /* bad */ - addr->sap_family = AF_ATMPVC; - addr->sap_addr.itf = part[0]; - addr->sap_addr.vpi = part[1]; - addr->sap_addr.vci = part[2]; - return 0; -} - - -static int do_try_nsap(const char *text,struct sockaddr_atmsvc *addr,int flags) -{ - const char *walk; - int count,pos,dot; - int offset,len; - char value; - - count = dot = 0; - for (walk = text; *walk; walk++) - if (isdigit(*walk)) { - if (count++ == 15) break; - dot = 1; - } - else if (*text != '.') break; - else if (!dot) return FATAL; /* two dots in a row */ - else dot = 0; - if (*walk != ':') { - pos = 0; - offset = 0; - } - else { - if (!dot || *text == '0') return FATAL; - addr->sas_addr.prv[0] = ATM_AFI_E164; - addr->sas_addr.prv[1] = 0; - memset(addr->sas_addr.prv+1,0,8); - for (pos = 18-count-1; *text; text++) { - if (*text == '.') continue; - if (*text == ':') break; - else { - if (pos & 1) addr->sas_addr.prv[pos >> 1] |= *text-'0'; - else addr->sas_addr.prv[pos >> 1] = (*text-'0') << 4; - pos++; - } - } - addr->sas_addr.prv[8] |= 0xf; - text++; - pos++; - offset = 72; - } - for (dot = 0; *text; text++) - if (isxdigit(*text)) { - if (pos == ATM_ESA_LEN*2) return TRY_OTHER; /* too long */ - value = isdigit(*text) ? *text-'0' : (islower(*text) ? - toupper(*text) : *text)-'A'+10; - if (pos & 1) addr->sas_addr.prv[pos >> 1] |= value; - else addr->sas_addr.prv[pos >> 1] = value << 4; - pos++; - dot = 1; - } - else - if (*text == '/' && (flags & T2A_WILDCARD)) break; - else if (*text != '.') return TRY_OTHER; - else { - if (!dot) return FATAL; /* two dots in a row */ - dot = 0; - } - if (!dot) return FATAL; - if (pos > 1 && !*addr->sas_addr.prv) - return TRY_OTHER; /* no leading zeroes */ - if (!*text) - return pos != ATM_ESA_LEN*2 ? TRY_OTHER : ATM_ESA_LEN*2; - /* handle bad length */ - len = 0; - while (*++text) { - if (!isdigit(*text)) return -1; /* non-digit in length */ - if (len >= pos*4) return -1; /* too long */ - len = len*10+*text-'0'; - } - if (len > 7 && addr->sas_addr.prv[0] != ATM_AFI_E164) offset = 72; - if (len < offset) return FATAL; - return len > pos*4 ? TRY_OTHER : len; -} - - -static int try_nsap(const char *text,struct sockaddr_atmsvc *addr,int flags) -{ - int result; - - result = do_try_nsap(text,addr,flags); - if (result < 0) return result; - addr->sas_family = AF_ATMSVC; - *addr->sas_addr.pub = 0; - return result; -} - - -static int try_e164(const char *text,struct sockaddr_atmsvc *addr,int flags) -{ - int i,dot,result; - - if (*text == ':' || *text == '+') text++; - for (i = dot = 0; *text; text++) - if (isdigit(*text)) { - if (i == ATM_E164_LEN) return TRY_OTHER; /* too long */ - addr->sas_addr.pub[i++] = *text; - dot = 1; - } - else if (*text != '.') break; - else { - if (!dot) return TRY_OTHER; /* two dots in a row */ - dot = 0; - } - if (!dot) return TRY_OTHER; - addr->sas_addr.pub[i] = 0; - *addr->sas_addr.prv = 0; - result = 0; - if (*text) { - if (*text++ != '+') return TRY_OTHER; - else { - result = do_try_nsap(text,addr,flags); - if (result < 0) return FATAL; - } - } - addr->sas_family = AF_ATMSVC; - return result; -} - - -static int search(FILE *file,const char *text,struct sockaddr *addr,int length, - int flags) -{ - char line[MAX_ATM_NAME_LEN+1]; - const char *here; - int result; - - while (fgets(line,MAX_ATM_NAME_LEN,file)) { - if (!strtok(line,"\t\n ")) continue; - while ((here = strtok(NULL,"\t\n "))) - if (!strcasecmp(here,text)) { - here = strtok(line,"\t\n "); - result = text2atm(here,addr,length,flags); - if (result >= 0) return result; - } - } - return TRY_OTHER; -} - - -static int try_name(const char *text,struct sockaddr *addr,int length, - int flags) -{ - FILE *file; - int result; - - if (!(file = fopen(HOSTS_ATM,"r"))) return TRY_OTHER; - result = search(file,text,addr,length,flags); - (void) fclose(file); - return result; -} - - -int text2atm(const char *text,struct sockaddr *addr,int length,int flags) -{ - int result; - - if (!*text) return -1; - if (!(flags & (T2A_PVC | T2A_SVC))) flags |= T2A_PVC | T2A_SVC; - if (length < sizeof(struct sockaddr_atmpvc)) return -1; - if (flags & T2A_PVC) { - result = try_pvc(text,(struct sockaddr_atmpvc *) addr,flags); - if (result != TRY_OTHER) return result; - } - if ((flags & T2A_SVC) && length >= sizeof(struct sockaddr_atmsvc)) { - result = try_nsap(text,(struct sockaddr_atmsvc *) addr,flags); - if (result != TRY_OTHER) return result; - result = try_e164(text,(struct sockaddr_atmsvc *) addr,flags); - if (result != TRY_OTHER) return result; - } - if (!(flags & T2A_NAME)) return -1; - result = try_name(text,addr,length,flags & ~T2A_NAME); - if (result == TRY_OTHER && !(flags & T2A_LOCAL)) - result = ans_byname(text,(struct sockaddr_atmsvc *) addr,length,flags); - if (result != TRY_OTHER) return result; - return -1; -} diff --git a/pppd/plugins/pppoatm/text2qos.c b/pppd/plugins/pppoatm/text2qos.c deleted file mode 100644 index 060407a..0000000 --- a/pppd/plugins/pppoatm/text2qos.c +++ /dev/null @@ -1,180 +0,0 @@ -/* text2qos.c - Converts textual representation of QOS parameters to binary - encoding */ - -/* Written 1996-2000 by Werner Almesberger, EPFL-LRC/ICA */ - -#if HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include - -#include "atm.h" - - -#define fetch __atmlib_fetch - - -#define RATE_ERROR -2 - - -int __t2q_get_rate(const char **text,int up) -{ - const char mult[] = "kKmMgGg"; - const char *multiplier; - char *end; - unsigned int rate,fract; - int power; - - if (!strncmp(*text,"max",3)) { - *text += 3; - return ATM_MAX_PCR; - } - rate = strtoul(*text,&end,10); - power = fract = 0; - if (*end == '.') - for (end++; *end && isdigit(*end); end++) { - fract = fract*10+*end-48; - if (--power == -9) break; - } - multiplier = NULL; - if (*end && (multiplier = strchr(mult,*end))) { - while (multiplier >= mult) { - if (rate > UINT_MAX/1000) return RATE_ERROR; - rate *= 1000; - power += 3; - multiplier -= 2; - } - end++; - } - while (power && fract) - if (power < 0) { - fract /= 10; - power++; - } - else { - fract *= 10; - power--; - } - rate += fract; - if (strlen(end) < 3) { - if (multiplier) return RATE_ERROR; - } - else if (!strncmp(end,"cps",3)) end += 3; - else if (!strncmp(end,"bps",3)) { - rate = (rate+(up ? 8*ATM_CELL_PAYLOAD-1 : 0))/8/ - ATM_CELL_PAYLOAD; - end += 3; - } - else if (multiplier) return RATE_ERROR; - if (rate > INT_MAX) return RATE_ERROR; - *text = end; - return rate; -} - - -static int params(const char **text,struct atm_trafprm *a, - struct atm_trafprm *b) -{ - int value; - char *end; - - if (*(*text)++ != ':') return -1; - while (1) { - if (!**text) return -1; - switch (fetch(text,"max_pcr=","pcr=","min_pcr=","max_sdu=","sdu=", - NULL)) { - case 0: - if ((value = __t2q_get_rate(text,0)) == RATE_ERROR) return -1; - if (a) a->max_pcr = value; - if (b) b->max_pcr = value; - break; - case 1: - if ((value = __t2q_get_rate(text,0)) == RATE_ERROR) return -1; - if (a) a->pcr = value; - if (b) b->pcr = value; - break; - case 2: - if ((value = __t2q_get_rate(text,1)) == RATE_ERROR) return -1; - if (value == ATM_MAX_PCR) return -1; - if (a) a->min_pcr = value; - if (b) b->min_pcr = value; - break; - case 3: - case 4: - value = strtol(*text,&end,10); - if (value < 0) return -1; - *text = end; - if (a) a->max_sdu = value; - if (b) b->max_sdu = value; - break; - default: - return 0; - } - if (!**text) break; - if (*(*text)++ != ',') return -1; - } - return 0; -} - - -int text2qos(const char *text,struct atm_qos *qos,int flags) -{ - int traffic_class,aal; - - traffic_class = ATM_NONE; - aal = ATM_NO_AAL; - do { - static const unsigned char aal_number[] = { ATM_AAL0, ATM_AAL5 }; - int item; - - item = fetch(&text,"!none","ubr","cbr","vbr","abr","aal0","aal5",NULL); - switch (item) { - case 1: - case 2: - /* we don't support VBR yet */ - case 4: - traffic_class = item; - break; - case 5: - case 6: - aal = aal_number[item-5]; - break; - default: - return -1; - } - } - while (*text == ',' ? text++ : 0); - if (!traffic_class) return -1; - if (qos && !(flags & T2Q_DEFAULTS)) memset(qos,0,sizeof(*qos)); - if (qos) qos->txtp.traffic_class = qos->rxtp.traffic_class = traffic_class; - if (qos && aal) qos->aal = aal; - if (!*text) return 0; - if (params(&text,qos ? &qos->txtp : NULL,qos ? &qos->rxtp : NULL)) - return -1; - if (!*text) return 0; - switch (fetch(&text,"tx","rx",NULL)) { - case 0: - if (!fetch(&text,":none",NULL)) { - if (qos) qos->txtp.traffic_class = ATM_NONE; - if (*text == ',') text++; - break; - } - if (params(&text,qos ? &qos->txtp : NULL,NULL)) return -1; - break; - case 1: - text -= 2; - break; - default: - return -1; - } - if (!*text) return 0; - if (fetch(&text,"rx",NULL)) return -1; - if (!fetch(&text,":none",NULL) && qos) qos->rxtp.traffic_class = ATM_NONE; - else if (params(&text,qos ? &qos->rxtp : NULL,NULL)) return -1; - return *text ? -1 : 0; -} diff --git a/pppd/plugins/radius/COPYRIGHT b/pppd/plugins/radius/COPYRIGHT deleted file mode 100644 index 3a0f999..0000000 --- a/pppd/plugins/radius/COPYRIGHT +++ /dev/null @@ -1,90 +0,0 @@ -See the respective source files to find out which copyrights apply. - ------------------------------------------------------------------------------- -Copyright (C) 2002 Roaring Penguin Software Inc. - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this -copyright and permission notice appear on all copies and supporting -documentation, the name of Roaring Penguin Software Inc. not be used -in advertising or publicity pertaining to distribution of the program -without specific prior permission, and notice be given in supporting -documentation that copying and distribution is by permission of -Roaring Penguin Software Inc.. - -Roaring Penguin Software Inc. makes no representations about the -suitability of this software for any purpose. It is provided "as is" -without express or implied warranty. - ------------------------------------------------------------------------------- -Copyright (C) 1995,1996,1997,1998 Lars Fenneberg - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this copyright and -permission notice appear on all copies and supporting documentation, the -name of Lars Fenneberg not be used in advertising or publicity pertaining to -distribution of the program without specific prior permission, and notice be -given in supporting documentation that copying and distribution is by -permission of Lars Fenneberg. - -Lars Fenneberg makes no representations about the suitability of this -software for any purpose. It is provided "as is" without express or implied -warranty. - ------------------------------------------------------------------------------- -Copyright 1992 Livingston Enterprises, Inc. -Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA 94566 - -Permission to use, copy, modify, and distribute this software for any -purpose and without fee is hereby granted, provided that this copyright -and permission notice appear on all copies and supporting documentation, -the name of Livingston Enterprises, Inc. not be used in advertising or -publicity pertaining to distribution of the program without specific -prior permission, and notice be given in supporting documentation that -copying and distribution is by permission of Livingston Enterprises, Inc. - -Livingston Enterprises, Inc. makes no representations about the suitability -of this software for any purpose. It is provided "as is" without express -or implied warranty. ------------------------------------------------------------------------------- -[C] The Regents of the University of Michigan and Merit Network, Inc. 1992, -1993, 1994, 1995 All Rights Reserved - -Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, provided -that the above copyright notice and this permission notice appear in all -copies of the software and derivative works or modified versions thereof, -and that both the copyright notice and this permission and disclaimer -notice appear in supporting documentation. - -THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER -EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE -UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE -FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR -THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the -University of Michigan and Merit Network, Inc. shall not be liable for any -special, indirect, incidental or consequential damages with respect to any -claim by Licensee or any third party arising from use of the software. ------------------------------------------------------------------------------- -Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. -All rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. ------------------------------------------------------------------------------- diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux deleted file mode 100644 index 2b071aa..0000000 --- a/pppd/plugins/radius/Makefile.linux +++ /dev/null @@ -1,65 +0,0 @@ -# Makefile for RADIUS plugin -# -# Copyright 2002 Roaring Penguin Software Inc. -# - -DESTDIR = @DESTDIR@ -MANDIR = $(DESTDIR)/share/man/man8 -LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) - -VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -INSTALL = install - -PLUGIN=radius.so radattr.so radrealms.so -CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - -# Uncomment the next line to include support for Microsoft's -# MS-CHAP authentication protocol. -CHAPMS=y -# Uncomment the next line to include support for MPPE. -MPPE=y -# Uncomment the next lint to include support for traffic limiting -MAXOCTETS=y - -ifdef CHAPMS -CFLAGS += -DCHAPMS=1 -ifdef MPPE -CFLAGS += -DMPPE=1 -endif -endif -ifdef MAXOCTETS -CFLAGS += -DMAXOCTETS=1 -endif - -all: $(PLUGIN) - -install: all - $(INSTALL) -d -m 755 $(LIBDIR) - $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) - $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) - $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) - $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - -radius.so: radius.o libradiusclient.a - $(CC) -o radius.so -shared radius.o libradiusclient.a - -radattr.so: radattr.o - $(CC) -o radattr.so -shared radattr.o - -radrealms.so: radrealms.o - $(CC) -o radrealms.so -shared radrealms.o - -CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ - clientid.o sendserver.o lock.o util.o md5.o -libradiusclient.a: $(CLIENTOBJS) - $(AR) rv $@ $? - -clean: - rm -f *.o *.so *.a - -distclean: - rm -f *.o *.so *.a - -dist-clean: distclean diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c deleted file mode 100644 index 716d23f..0000000 --- a/pppd/plugins/radius/avpair.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * $Id: avpair.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -static void rc_extract_vendor_specific_attributes(int attrlen, - unsigned char *ptr, - VALUE_PAIR **vp); -/* - * Function: rc_avpair_add - * - * Purpose: add an attribute-value pair to the given list. - * - * Returns: pointer to added a/v pair upon success, NULL pointer upon failure. - * - * Remarks: Always appends the new pair to the end of the list. - * - */ - -VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len, - int vendorcode) -{ - VALUE_PAIR *vp; - - vp = rc_avpair_new (attrid, pval, len, vendorcode); - - if (vp != (VALUE_PAIR *) NULL) - { - rc_avpair_insert (list, (VALUE_PAIR *) NULL, vp); - } - - return vp; - -} - -/* - * Function: rc_avpair_assign - * - * Purpose: assign the given value to an attribute-value pair. - * - * Returns: 0 on success, - * -1 on failure. - * - */ - -int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len) -{ - int result = -1; - - switch (vp->type) - { - case PW_TYPE_STRING: - - if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN) - || (len > AUTH_STRING_LEN)) { - error("rc_avpair_assign: bad attribute length"); - return result; - } - - if (len > 0) { - memcpy(vp->strvalue, (char *)pval, len); - vp->strvalue[len] = '\0'; - vp->lvalue = len; - } else { - strncpy (vp->strvalue, (char *) pval, AUTH_STRING_LEN); - vp->lvalue = strlen((char *) pval); - } - - result = 0; - break; - - case PW_TYPE_DATE: - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - - vp->lvalue = * (UINT4 *) pval; - - result = 0; - break; - - default: - error("rc_avpair_assign: unknown attribute %d", vp->type); - } - return result; -} - -/* - * Function: rc_avpair_new - * - * Purpose: make a new attribute-value pair with given parameters. - * - * Returns: pointer to generated a/v pair when successful, NULL when failure. - * - */ - -VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode) -{ - VALUE_PAIR *vp = (VALUE_PAIR *) NULL; - DICT_ATTR *pda; - - if ((pda = rc_dict_getattr (attrid, vendorcode)) == (DICT_ATTR *) NULL) - { - error("rc_avpair_new: unknown attribute %d", attrid); - } - else - { - if ((vp = (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) - != (VALUE_PAIR *) NULL) - { - strncpy (vp->name, pda->name, sizeof (vp->name)); - vp->attribute = attrid; - vp->vendorcode = vendorcode; - vp->next = (VALUE_PAIR *) NULL; - vp->type = pda->type; - if (rc_avpair_assign (vp, pval, len) == 0) - { - return vp; - } - free (vp); - vp = (VALUE_PAIR *) NULL; - } - else - novm("rc_avpair_new"); - } - return vp; -} - -/* - * - * Function: rc_avpair_gen - * - * Purpose: takes attribute/value pairs from buffer and builds a - * value_pair list using allocated memory. - * - * Returns: value_pair list or NULL on failure - */ - -VALUE_PAIR *rc_avpair_gen (AUTH_HDR *auth) -{ - int length; - int x_len; - int attribute; - int attrlen; - UINT4 lvalue; - unsigned char *x_ptr; - unsigned char *ptr; - DICT_ATTR *attr; - VALUE_PAIR *vp; - VALUE_PAIR *pair; - unsigned char hex[3]; /* For hex string conversion. */ - char buffer[512]; - - /* - * Extract attribute-value pairs - */ - ptr = auth->data; - length = ntohs ((unsigned short) auth->length) - AUTH_HDR_LEN; - vp = (VALUE_PAIR *) NULL; - - while (length > 0) - { - attribute = *ptr++; - attrlen = *ptr++; - attrlen -= 2; - if (attrlen < 0) - { - error("rc_avpair_gen: received attribute with invalid length"); - break; - } - - /* Handle vendor-specific specially */ - if (attribute == PW_VENDOR_SPECIFIC) { - rc_extract_vendor_specific_attributes(attrlen, ptr, &vp); - ptr += attrlen; - length -= (attrlen + 2); - continue; - } - if ((attr = rc_dict_getattr (attribute, VENDOR_NONE)) == (DICT_ATTR *) NULL) - { - *buffer= '\0'; /* Initial length. */ - for (x_ptr = ptr, x_len = attrlen ; - x_len > 0 ; - x_len--, x_ptr++) - { - sprintf (hex, "%2.2X", *x_ptr); - strcat (buffer, hex); - } - warn("rc_avpair_gen: received unknown attribute %d of length %d: 0x%s", - attribute, attrlen, buffer); - } - else - { - if ((pair = - (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) == - (VALUE_PAIR *) NULL) - { - novm("rc_avpair_gen"); - rc_avpair_free(vp); - return NULL; - } - strcpy (pair->name, attr->name); - pair->attribute = attr->value; - pair->vendorcode = VENDOR_NONE; - pair->type = attr->type; - pair->next = (VALUE_PAIR *) NULL; - - switch (attr->type) - { - - case PW_TYPE_STRING: - memcpy (pair->strvalue, (char *) ptr, (size_t) attrlen); - pair->strvalue[attrlen] = '\0'; - pair->lvalue = attrlen; - rc_avpair_insert (&vp, (VALUE_PAIR *) NULL, pair); - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - memcpy ((char *) &lvalue, (char *) ptr, - sizeof (UINT4)); - pair->lvalue = ntohl (lvalue); - rc_avpair_insert (&vp, (VALUE_PAIR *) NULL, pair); - break; - - default: - warn("rc_avpair_gen: %s has unknown type", attr->name); - free (pair); - break; - } - - } - ptr += attrlen; - length -= attrlen + 2; - } - return (vp); -} - -/* - * Function: rc_extract_vendor_specific_attributes - * - * Purpose: Extracts vendor-specific attributes, assuming they are in - * the "SHOULD" format recommended by RCF 2138. - * - * Returns: found value_pair - * - */ -static void rc_extract_vendor_specific_attributes(int attrlen, - unsigned char *ptr, - VALUE_PAIR **vp) -{ - int vendor_id; - int vtype; - int vlen; - UINT4 lvalue; - DICT_ATTR *attr; - VALUE_PAIR *pair; - - /* ptr is sitting at vendor-ID */ - if (attrlen < 8) { - /* Nothing to see here... */ - return; - } - - /* High-order octet of Vendor-Id must be zero (RFC2138) */ - if (*ptr) { - return; - } - - /* Extract vendor_id */ - vendor_id = (int) ( - ((unsigned int) ptr[1]) * 256 * 256 + - ((unsigned int) ptr[2]) * 256 + - ((unsigned int) ptr[3])); - /* Bump ptr up to contents */ - ptr += 4; - - /* Set attrlen to length of data */ - attrlen -= 4; - for (; attrlen; attrlen -= vlen+2, ptr += vlen) { - vtype = *ptr++; - vlen = *ptr++; - vlen -= 2; - if (vlen < 0 || vlen > attrlen - 2) { - /* Do not log an error. We are supposed to be able to cope with - arbitrary vendor-specific gunk */ - return; - } - /* Looks plausible... */ - if ((attr = rc_dict_getattr(vtype, vendor_id)) == NULL) { - continue; - } - - /* TODO: Check that length matches data size!!!!! */ - pair = (VALUE_PAIR *) malloc(sizeof(VALUE_PAIR)); - if (!pair) { - novm("rc_avpair_gen"); - return; - } - strcpy(pair->name, attr->name); - pair->attribute = attr->value; - pair->vendorcode = vendor_id; - pair->type = attr->type; - pair->next = NULL; - switch (attr->type) { - case PW_TYPE_STRING: - memcpy (pair->strvalue, (char *) ptr, (size_t) vlen); - pair->strvalue[vlen] = '\0'; - pair->lvalue = vlen; - rc_avpair_insert (vp, (VALUE_PAIR *) NULL, pair); - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - memcpy ((char *) &lvalue, (char *) ptr, - sizeof (UINT4)); - pair->lvalue = ntohl (lvalue); - rc_avpair_insert (vp, (VALUE_PAIR *) NULL, pair); - break; - - default: - warn("rc_avpair_gen: %s has unknown type", attr->name); - free (pair); - break; - } - } -} - -/* - * Function: rc_avpair_get - * - * Purpose: Find the first attribute value-pair (which matches the given - * attribute) from the specified value-pair list. - * - * Returns: found value_pair - * - */ - -VALUE_PAIR *rc_avpair_get (VALUE_PAIR *vp, UINT4 attr) -{ - for (; vp != (VALUE_PAIR *) NULL && vp->attribute != attr; vp = vp->next) - { - continue; - } - return (vp); -} - -/* - * Function: rc_avpair_copy - * - * Purpose: Return a copy of the existing list "p" ala strdup(). - * - */ -VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *p) -{ - VALUE_PAIR *vp, *fp = NULL, *lp = NULL; - - while (p) { - vp = malloc(sizeof(VALUE_PAIR)); - if (!vp) { - novm("rc_avpair_copy"); - return NULL; /* leaks a little but so what */ - } - *vp = *p; - if (!fp) - fp = vp; - if (lp) - lp->next = vp; - lp = vp; - p = p->next; - } - - return fp; -} - -/* - * Function: rc_avpair_insert - * - * Purpose: Given the address of an existing list "a" and a pointer - * to an entry "p" in that list, add the list "b" to - * the "a" list after the "p" entry. If "p" is NULL, add - * the list "b" to the end of "a". - * - */ - -void rc_avpair_insert (VALUE_PAIR **a, VALUE_PAIR *p, VALUE_PAIR *b) -{ - VALUE_PAIR *this_node = NULL; - VALUE_PAIR *vp; - - if (*a == (VALUE_PAIR *) NULL) - { - *a = b; - return; - } - - if (!b) - return; - - vp = *a; - - if ( p == (VALUE_PAIR *) NULL) /* run to end of "a" list */ - { - while (vp != (VALUE_PAIR *) NULL) - { - this_node = vp; - vp = vp->next; - } - } - else /* look for the "p" entry in the "a" list (or run to end) */ - { - this_node = *a; - while (this_node != (VALUE_PAIR *) NULL) - { - if (this_node == p) - { - break; - } - this_node = this_node->next; - } - } - - /* add "b" at this_node */ - vp = this_node->next; - this_node->next = b; - - /* run to end of "b" and connect the rest of "a" */ - while (b->next) - b = b->next; - b->next = vp; - - return; -} - -/* - * Function: rc_avpair_free - * - * Purpose: frees all value_pairs in the list - * - */ - -void rc_avpair_free (VALUE_PAIR *pair) -{ - VALUE_PAIR *next; - - while (pair != (VALUE_PAIR *) NULL) - { - next = pair->next; - free (pair); - pair = next; - } -} - -/* - * Function: rc_fieldcpy - * - * Purpose: Copy a data field from the buffer. Advance the buffer - * past the data field. - * - */ - -static void rc_fieldcpy (char *string, char **uptr) -{ - char *ptr; - - ptr = *uptr; - if (*ptr == '"') - { - ptr++; - while (*ptr != '"' && *ptr != '\0' && *ptr != '\n') - { - *string++ = *ptr++; - } - *string = '\0'; - if (*ptr == '"') - { - ptr++; - } - *uptr = ptr; - return; - } - - while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0' && *ptr != '\n' && - *ptr != '=' && *ptr != ',') - { - *string++ = *ptr++; - } - *string = '\0'; - *uptr = ptr; - return; -} - - -/* - * Function: rc_avpair_parse - * - * Purpose: parses the buffer to extract the attribute-value pairs. - * - * Returns: 0 = successful parse of attribute-value pair, - * -1 = syntax (or other) error detected. - * - */ - -#define PARSE_MODE_NAME 0 -#define PARSE_MODE_EQUAL 1 -#define PARSE_MODE_VALUE 2 -#define PARSE_MODE_INVALID 3 - -int rc_avpair_parse (char *buffer, VALUE_PAIR **first_pair) -{ - int mode; - char attrstr[AUTH_ID_LEN]; - char valstr[AUTH_ID_LEN]; - DICT_ATTR *attr = NULL; - DICT_VALUE *dval; - VALUE_PAIR *pair; - VALUE_PAIR *link; - struct tm *tm; - time_t timeval; - - mode = PARSE_MODE_NAME; - while (*buffer != '\n' && *buffer != '\0') - { - if (*buffer == ' ' || *buffer == '\t') - { - buffer++; - continue; - } - - switch (mode) - { - case PARSE_MODE_NAME: /* Attribute Name */ - rc_fieldcpy (attrstr, &buffer); - if ((attr = - rc_dict_findattr (attrstr)) == (DICT_ATTR *) NULL) - { - error("rc_avpair_parse: unknown attribute"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - mode = PARSE_MODE_EQUAL; - break; - - case PARSE_MODE_EQUAL: /* Equal sign */ - if (*buffer == '=') - { - mode = PARSE_MODE_VALUE; - buffer++; - } - else - { - error("rc_avpair_parse: missing or misplaced equal sign"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - break; - - case PARSE_MODE_VALUE: /* Value */ - rc_fieldcpy (valstr, &buffer); - - if ((pair = - (VALUE_PAIR *) malloc (sizeof (VALUE_PAIR))) - == (VALUE_PAIR *) NULL) - { - novm("rc_avpair_parse"); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - return (-1); - } - strcpy (pair->name, attr->name); - pair->attribute = attr->value; - pair->type = attr->type; - pair->vendorcode = attr->vendorcode; - - switch (pair->type) - { - - case PW_TYPE_STRING: - strcpy (pair->strvalue, valstr); - pair->lvalue = strlen(valstr); - break; - - case PW_TYPE_INTEGER: - if (isdigit (*valstr)) - { - pair->lvalue = atoi (valstr); - } - else - { - if ((dval = rc_dict_findval (valstr)) - == (DICT_VALUE *) NULL) - { - error("rc_avpair_parse: unknown attribute value: %s", valstr); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - free (pair); - return (-1); - } - else - { - pair->lvalue = dval->value; - } - } - break; - - case PW_TYPE_IPADDR: - pair->lvalue = rc_get_ipaddr(valstr); - break; - - case PW_TYPE_DATE: - timeval = time (0); - tm = localtime (&timeval); - tm->tm_hour = 0; - tm->tm_min = 0; - tm->tm_sec = 0; - rc_str2tm (valstr, tm); -#ifdef TIMELOCAL - pair->lvalue = (UINT4) timelocal (tm); -#else /* TIMELOCAL */ - pair->lvalue = (UINT4) mktime (tm); -#endif /* TIMELOCAL */ - break; - - default: - error("rc_avpair_parse: unknown attribute type %d", pair->type); - if (*first_pair) { - rc_avpair_free(*first_pair); - *first_pair = (VALUE_PAIR *) NULL; - } - free (pair); - return (-1); - } - pair->next = (VALUE_PAIR *) NULL; - - if (*first_pair == (VALUE_PAIR *) NULL) - { - *first_pair = pair; - } - else - { - link = *first_pair; - while (link->next != (VALUE_PAIR *) NULL) - { - link = link->next; - } - link->next = pair; - } - - mode = PARSE_MODE_NAME; - break; - - default: - mode = PARSE_MODE_NAME; - break; - } - } - return (0); -} - -/* - * Function: rc_avpair_tostr - * - * Purpose: Translate an av_pair into two strings - * - * Returns: 0 on success, -1 on failure - * - */ - -int rc_avpair_tostr (VALUE_PAIR *pair, char *name, int ln, char *value, int lv) -{ - DICT_VALUE *dval; - char buffer[32]; - struct in_addr inad; - unsigned char *ptr; - - *name = *value = '\0'; - - if (!pair || pair->name[0] == '\0') { - error("rc_avpair_tostr: pair is NULL or empty"); - return (-1); - } - - strncpy(name, pair->name, (size_t) ln); - - switch (pair->type) - { - case PW_TYPE_STRING: - lv--; - ptr = (unsigned char *) pair->strvalue; - while (*ptr != '\0') - { - if (!(isprint (*ptr))) - { - sprintf (buffer, "\\%03o", *ptr); - strncat(value, buffer, (size_t) lv); - lv -= 4; - if (lv < 0) break; - } - else - { - strncat(value, ptr, 1); - lv--; - if (lv < 0) break; - } - ptr++; - } - break; - - case PW_TYPE_INTEGER: - dval = rc_dict_getval (pair->lvalue, pair->name); - if (dval != (DICT_VALUE *) NULL) - { - strncpy(value, dval->name, (size_t) lv-1); - } - else - { - sprintf (buffer, "%ld", pair->lvalue); - strncpy(value, buffer, (size_t) lv); - } - break; - - case PW_TYPE_IPADDR: - inad.s_addr = htonl(pair->lvalue); - strncpy (value, inet_ntoa (inad), (size_t) lv-1); - break; - - case PW_TYPE_DATE: - strftime (buffer, sizeof (buffer), "%m/%d/%y %H:%M:%S", - gmtime ((time_t *) & pair->lvalue)); - strncpy(value, buffer, lv-1); - break; - - default: - error("rc_avpair_tostr: unknown attribute type %d", pair->type); - return (-1); - break; - } - - return 0; -} - -/* - * Function: rc_avpair_readin - * - * Purpose: get a sequence of attribute value pairs from the file input - * and make them into a list of value_pairs - * - */ - -VALUE_PAIR *rc_avpair_readin(FILE *input) -{ - VALUE_PAIR *vp = NULL; - char buffer[1024], *q; - - while (fgets(buffer, sizeof(buffer), input) != NULL) - { - q = buffer; - - while(*q && isspace(*q)) q++; - - if ((*q == '\n') || (*q == '#') || (*q == '\0')) - continue; - - if (rc_avpair_parse(q, &vp) < 0) { - error("rc_avpair_readin: malformed attribute: %s", buffer); - rc_avpair_free(vp); - return NULL; - } - } - - return vp; -} diff --git a/pppd/plugins/radius/buildreq.c b/pppd/plugins/radius/buildreq.c deleted file mode 100644 index 955b052..0000000 --- a/pppd/plugins/radius/buildreq.c +++ /dev/null @@ -1,446 +0,0 @@ -/* - * $Id: buildreq.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -unsigned char rc_get_seqnbr(void); - -/* - * Function: rc_get_nas_id - * - * Purpose: fills in NAS-Identifier or NAS-IP-Address in request - * - */ - -int rc_get_nas_id(VALUE_PAIR **sendpairs) -{ - UINT4 client_id; - char *nasid; - - nasid = rc_conf_str("nas_identifier"); - if (strlen(nasid)) { - /* - * Fill in NAS-Identifier - */ - if (rc_avpair_add(sendpairs, PW_NAS_IDENTIFIER, nasid, 0, - VENDOR_NONE) == NULL) - return (ERROR_RC); - - return (OK_RC); - - } else { - /* - * Fill in NAS-IP-Address - */ - if ((client_id = rc_own_ipaddress()) == 0) - return (ERROR_RC); - - if (rc_avpair_add(sendpairs, PW_NAS_IP_ADDRESS, &client_id, - 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - } - - return (OK_RC); -} - -/* - * Function: rc_buildreq - * - * Purpose: builds a skeleton RADIUS request using information from the - * config file. - * - */ - -void rc_buildreq(SEND_DATA *data, int code, char *server, unsigned short port, - int timeout, int retries) -{ - data->server = server; - data->svc_port = port; - data->seq_nbr = rc_get_seqnbr(); - data->timeout = timeout; - data->retries = retries; - data->code = code; -} - -/* - * Function: rc_guess_seqnbr - * - * Purpose: return a random sequence number - * - */ - -static unsigned char rc_guess_seqnbr(void) -{ - return (unsigned char)(magic() & UCHAR_MAX); -} - -/* - * Function: rc_get_seqnbr - * - * Purpose: generate a sequence number - * - */ - -unsigned char rc_get_seqnbr(void) -{ - FILE *sf; - int tries = 1; - int seq_nbr, pos; - char *seqfile = rc_conf_str("seqfile"); - - if ((sf = fopen(seqfile, "a+")) == NULL) - { - error("rc_get_seqnbr: couldn't open sequence file %s: %s", seqfile, strerror(errno)); - /* well, so guess a sequence number */ - return rc_guess_seqnbr(); - } - - while (do_lock_exclusive(fileno(sf))!= 0) - { - if (errno != EWOULDBLOCK) { - error("rc_get_seqnbr: flock failure: %s: %s", seqfile, strerror(errno)); - fclose(sf); - return rc_guess_seqnbr(); - } - tries++; - if (tries <= 10) - rc_mdelay(500); - else - break; - } - - if (tries > 10) { - error("rc_get_seqnbr: couldn't get lock after %d tries: %s", tries-1, seqfile); - fclose(sf); - return rc_guess_seqnbr(); - } - - pos = ftell(sf); - rewind(sf); - if (fscanf(sf, "%d", &seq_nbr) != 1) { - if (pos != ftell(sf)) { - /* file was not empty */ - error("rc_get_seqnbr: fscanf failure: %s", seqfile); - } - seq_nbr = rc_guess_seqnbr(); - } - - rewind(sf); - ftruncate(fileno(sf),0); - fprintf(sf,"%d\n", (seq_nbr+1) & UCHAR_MAX); - - fflush(sf); /* fflush because a process may read it between the do_unlock and fclose */ - - if (do_unlock(fileno(sf)) != 0) - error("rc_get_seqnbr: couldn't release lock on %s: %s", seqfile, strerror(errno)); - - fclose(sf); - - return (unsigned char)seq_nbr; -} - -/* - * Function: rc_auth - * - * Purpose: Builds an authentication request for port id client_port - * with the value_pairs send and submits it to a server - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth(UINT4 client_port, VALUE_PAIR *send, VALUE_PAIR **received, - char *msg, REQUEST_INFO *info) -{ - SERVER *authserver = rc_conf_srv("authserver"); - - if (!authserver) { - return (ERROR_RC); - } - return rc_auth_using_server(authserver, client_port, send, received, - msg, info); -} - -/* - * Function: rc_auth_using_server - * - * Purpose: Builds an authentication request for port id client_port - * with the value_pairs send and submits it to a server. You - * explicitly supply a server list. - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth_using_server(SERVER *authserver, - UINT4 client_port, - VALUE_PAIR *send, - VALUE_PAIR **received, - char *msg, REQUEST_INFO *info) -{ - SEND_DATA data; - int result; - int i; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in NAS-Port - */ - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_PORT, &client_port, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - - result = ERROR_RC; - for(i=0; (imax) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCESS_REQUEST, authserver->name[i], - authserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, info); - } - - *received = data.receive_pairs; - - return result; -} - -/* - * Function: rc_auth_proxy - * - * Purpose: Builds an authentication request - * with the value_pairs send and submits it to a server. - * Works for a proxy; does not add IP address, and does - * does not rely on config file. - * - * Returns: received value_pairs in received, messages from the server in msg - * and 0 on success, negative on failure as return value - * - */ - -int rc_auth_proxy(VALUE_PAIR *send, VALUE_PAIR **received, char *msg) -{ - SEND_DATA data; - int result; - int i; - SERVER *authserver = rc_conf_srv("authserver"); - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - result = ERROR_RC; - for(i=0; (imax) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCESS_REQUEST, authserver->name[i], - authserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, NULL); - } - - *received = data.receive_pairs; - - return result; -} - - -/* - * Function: rc_acct_using_server - * - * Purpose: Builds an accounting request for port id client_port - * with the value_pairs send. You explicitly supply server list. - * - * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get - * filled in by this function, the rest has to be supplied. - */ - -int rc_acct_using_server(SERVER *acctserver, - UINT4 client_port, - VALUE_PAIR *send) -{ - SEND_DATA data; - VALUE_PAIR *adt_vp; - int result; - time_t start_time, dtime; - char msg[4096]; - int i; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in NAS-Port - */ - - if (rc_avpair_add(&(data.send_pairs), PW_NAS_PORT, &client_port, 0, VENDOR_NONE) == NULL) - return (ERROR_RC); - - /* - * Fill in Acct-Delay-Time - */ - - dtime = 0; - if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime, 0, VENDOR_NONE)) == NULL) - return (ERROR_RC); - - start_time = time(NULL); - result = ERROR_RC; - for(i=0; (imax) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i], - acctserver->port[i], timeout, retries); - - dtime = time(NULL) - start_time; - rc_avpair_assign(adt_vp, &dtime, 0); - - result = rc_send_server (&data, msg, NULL); - } - - rc_avpair_free(data.receive_pairs); - - return result; -} - -/* - * Function: rc_acct - * - * Purpose: Builds an accounting request for port id client_port - * with the value_pairs send - * - * Remarks: NAS-Identifier/NAS-IP-Address, NAS-Port and Acct-Delay-Time get - * filled in by this function, the rest has to be supplied. - */ - -int rc_acct(UINT4 client_port, VALUE_PAIR *send) -{ - SERVER *acctserver = rc_conf_srv("acctserver"); - if (!acctserver) return (ERROR_RC); - - return rc_acct_using_server(acctserver, client_port, send); -} - -/* - * Function: rc_acct_proxy - * - * Purpose: Builds an accounting request with the value_pairs send - * - */ - -int rc_acct_proxy(VALUE_PAIR *send) -{ - SEND_DATA data; - int result; - char msg[4096]; - int i; - SERVER *acctserver = rc_conf_srv("authserver"); - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = send; - data.receive_pairs = NULL; - - result = ERROR_RC; - for(i=0; (imax) && (result != OK_RC) && (result != BADRESP_RC) - ; i++) - { - if (data.receive_pairs != NULL) { - rc_avpair_free(data.receive_pairs); - data.receive_pairs = NULL; - } - rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i], - acctserver->port[i], timeout, retries); - - result = rc_send_server (&data, msg, NULL); - } - - rc_avpair_free(data.receive_pairs); - - return result; -} - -/* - * Function: rc_check - * - * Purpose: ask the server hostname on the specified port for a - * status message - * - */ - -int rc_check(char *host, unsigned short port, char *msg) -{ - SEND_DATA data; - int result; - UINT4 service_type; - int timeout = rc_conf_int("radius_timeout"); - int retries = rc_conf_int("radius_retries"); - - data.send_pairs = data.receive_pairs = NULL; - - /* - * Fill in NAS-IP-Address or NAS-Identifier, - * although it isn't neccessary - */ - - if (rc_get_nas_id(&(data.send_pairs)) == ERROR_RC) - return (ERROR_RC); - - /* - * Fill in Service-Type - */ - - service_type = PW_ADMINISTRATIVE; - rc_avpair_add(&(data.send_pairs), PW_SERVICE_TYPE, &service_type, 0, VENDOR_NONE); - - rc_buildreq(&data, PW_STATUS_SERVER, host, port, timeout, retries); - result = rc_send_server (&data, msg, NULL); - - rc_avpair_free(data.receive_pairs); - - return result; -} diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c deleted file mode 100644 index d49579c..0000000 --- a/pppd/plugins/radius/clientid.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * $Id: clientid.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -struct map2id_s { - char *name; - UINT4 id; - - struct map2id_s *next; -}; - -static struct map2id_s *map2id_list = NULL; - -/* - * Function: rc_read_mapfile - * - * Purpose: Read in the ttyname to port id map file - * - * Arguments: the file name of the map file - * - * Returns: zero on success, negative integer on failure - */ - -int rc_read_mapfile(char *filename) -{ - char buffer[1024]; - FILE *mapfd; - char *c, *name, *id, *q; - struct map2id_s *p; - int lnr = 0; - - if ((mapfd = fopen(filename,"r")) == NULL) - { - error("rc_read_mapfile: can't read %s: %s", filename, strerror(errno)); - return (-1); - } - -#define SKIP(p) while(*p && isspace(*p)) p++; - - while (fgets(buffer, sizeof(buffer), mapfd) != NULL) - { - lnr++; - - q = buffer; - - SKIP(q); - - if ((*q == '\n') || (*q == '#') || (*q == '\0')) - continue; - - if (( c = strchr(q, ' ')) || (c = strchr(q,'\t'))) { - - *c = '\0'; c++; - SKIP(c); - - name = q; - id = c; - - if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) { - novm("rc_read_mapfile"); - return (-1); - } - - p->name = strdup(name); - p->id = atoi(id); - p->next = map2id_list; - map2id_list = p; - - } else { - - error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr); - return (-1); - - } - } - -#undef SKIP - - fclose(mapfd); - - return 0; -} - -/* - * Function: rc_map2id - * - * Purpose: Map ttyname to port id - * - * Arguments: full pathname of the tty - * - * Returns: port id, zero if no entry found - */ - -UINT4 rc_map2id(char *name) -{ - struct map2id_s *p; - char ttyname[PATH_MAX]; - - *ttyname = '\0'; - if (*name != '/') - strcpy(ttyname, "/dev/"); - - strncat(ttyname, name, sizeof(ttyname)); - - for(p = map2id_list; p; p = p->next) - if (!strcmp(ttyname, p->name)) return p->id; - - warn("rc_map2id: can't find tty %s in map database", ttyname); - - return 0; -} diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c deleted file mode 100644 index 3bd67fc..0000000 --- a/pppd/plugins/radius/config.c +++ /dev/null @@ -1,544 +0,0 @@ -/* - * $Id: config.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include -#include - -static int test_config(char *); - -/* - * Function: find_option - * - * Purpose: find an option in the option list - * - * Returns: pointer to option on success, NULL otherwise - */ - -static OPTION *find_option(char *optname, unsigned int type) -{ - int i; - - /* there're so few options that a binary search seems not necessary */ - for (i = 0; i < num_options; i++) { - if (!strcmp(config_options[i].name, optname) && - (config_options[i].type & type)) - return &config_options[i]; - } - - return NULL; -} - -/* - * Function: set_option_... - * - * Purpose: set a specific option doing type conversions - * - * Returns: 0 on success, -1 on failure - */ - -static int set_option_str(char *filename, int line, OPTION *option, char *p) -{ - if (p) - option->val = (void *) strdup(p); - else - option->val = NULL; - - return 0; -} - -static int set_option_int(char *filename, int line, OPTION *option, char *p) -{ - int *iptr; - - if (p == NULL) { - error("%s: line %d: bogus option value", filename, line); - return (-1); - } - - if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { - novm("read_config"); - return (-1); - } - - *iptr = atoi(p); - option->val = (void *) iptr; - - return 0; -} - -static int set_option_srv(char *filename, int line, OPTION *option, char *p) -{ - SERVER *serv; - char *q; - struct servent *svp; - int i; - - if (p == NULL) { - error("%s: line %d: bogus option value", filename, line); - return (-1); - } - - serv = (SERVER *) option->val; - - for (i = 0; i < serv->max; i++) { - free(serv->name[i]); - } - serv->max = 0; - - while ((p = strtok(p, ", \t")) != NULL) { - - if ((q = strchr(p,':')) != NULL) { - *q = '\0'; - q++; - serv->port[serv->max] = atoi(q); - } else { - if (!strcmp(option->name,"authserver")) - if ((svp = getservbyname ("radius", "udp")) == NULL) - serv->port[serv->max] = PW_AUTH_UDP_PORT; - else - serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); - else if (!strcmp(option->name, "acctserver")) - if ((svp = getservbyname ("radacct", "udp")) == NULL) - serv->port[serv->max] = PW_ACCT_UDP_PORT; - else - serv->port[serv->max] = ntohs ((unsigned int) svp->s_port); - else { - error("%s: line %d: no default port for %s", filename, line, option->name); - return (-1); - } - } - - serv->name[serv->max++] = strdup(p); - - p = NULL; - } - - return 0; -} - -static int set_option_auo(char *filename, int line, OPTION *option, char *p) -{ - int *iptr; - - if (p == NULL) { - warn("%s: line %d: bogus option value", filename, line); - return (-1); - } - - if ((iptr = (int *) malloc(sizeof(iptr))) == NULL) { - novm("read_config"); - return (-1); - } - - *iptr = 0; - p = strtok(p, ", \t"); - - if (!strncmp(p, "local", 5)) - *iptr = AUTH_LOCAL_FST; - else if (!strncmp(p, "radius", 6)) - *iptr = AUTH_RADIUS_FST; - else { - error("%s: auth_order: unknown keyword: %s", filename, p); - return (-1); - } - - p = strtok(NULL, ", \t"); - - if (p && (*p != '\0')) { - if ((*iptr & AUTH_RADIUS_FST) && !strcmp(p, "local")) - *iptr = (*iptr) | AUTH_LOCAL_SND; - else if ((*iptr & AUTH_LOCAL_FST) && !strcmp(p, "radius")) - *iptr = (*iptr) | AUTH_RADIUS_SND; - else { - error("%s: auth_order: unknown or unexpected keyword: %s", filename, p); - return (-1); - } - } - - option->val = (void *) iptr; - - return 0; -} - - -/* - * Function: rc_read_config - * - * Purpose: read the global config file - * - * Returns: 0 on success, -1 when failure - */ - -int rc_read_config(char *filename) -{ - FILE *configfd; - char buffer[512], *p; - OPTION *option; - int line, pos; - - if ((configfd = fopen(filename,"r")) == NULL) - { - error("rc_read_config: can't open %s: %m", filename); - return (-1); - } - - line = 0; - while ((fgets(buffer, sizeof(buffer), configfd) != NULL)) - { - line++; - p = buffer; - - if ((*p == '\n') || (*p == '#') || (*p == '\0')) - continue; - - p[strlen(p)-1] = '\0'; - - - if ((pos = strcspn(p, "\t ")) == 0) { - error("%s: line %d: bogus format: %s", filename, line, p); - return (-1); - } - - p[pos] = '\0'; - - if ((option = find_option(p, OT_ANY)) == NULL) { - error("%s: line %d: unrecognized keyword: %s", filename, line, p); - return (-1); - } - - if (option->status != ST_UNDEF) { - error("%s: line %d: duplicate option line: %s", filename, line, p); - return (-1); - } - - p += pos+1; - while (isspace(*p)) - p++; - - switch (option->type) { - case OT_STR: - if (set_option_str(filename, line, option, p) < 0) - return (-1); - break; - case OT_INT: - if (set_option_int(filename, line, option, p) < 0) - return (-1); - break; - case OT_SRV: - if (set_option_srv(filename, line, option, p) < 0) - return (-1); - break; - case OT_AUO: - if (set_option_auo(filename, line, option, p) < 0) - return (-1); - break; - default: - fatal("rc_read_config: impossible case branch!"); - abort(); - } - } - fclose(configfd); - - return test_config(filename); -} - -/* - * Function: rc_conf_str, rc_conf_int, rc_conf_src - * - * Purpose: get the value of a config option - * - * Returns: config option value - */ - -char *rc_conf_str(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_STR); - - if (option == NULL) - fatal("rc_conf_str: unkown config option requested: %s", optname); - return (char *)option->val; -} - -int rc_conf_int(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_INT|OT_AUO); - - if (option == NULL) - fatal("rc_conf_int: unkown config option requested: %s", optname); - return *((int *)option->val); -} - -SERVER *rc_conf_srv(char *optname) -{ - OPTION *option; - - option = find_option(optname, OT_SRV); - - if (option == NULL) - fatal("rc_conf_srv: unkown config option requested: %s", optname); - return (SERVER *)option->val; -} - -/* - * Function: test_config - * - * Purpose: test the configuration the user supplied - * - * Returns: 0 on success, -1 when failure - */ - -static int test_config(char *filename) -{ -#if 0 - struct stat st; - char *file; -#endif - - if (!(rc_conf_srv("authserver")->max)) - { - error("%s: no authserver specified", filename); - return (-1); - } - if (!(rc_conf_srv("acctserver")->max)) - { - error("%s: no acctserver specified", filename); - return (-1); - } - if (!rc_conf_str("servers")) - { - error("%s: no servers file specified", filename); - return (-1); - } - if (!rc_conf_str("dictionary")) - { - error("%s: no dictionary specified", filename); - return (-1); - } - - if (rc_conf_int("radius_timeout") <= 0) - { - error("%s: radius_timeout <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_int("radius_retries") <= 0) - { - error("%s: radius_retries <= 0 is illegal", filename); - return (-1); - } - -#if 0 - file = rc_conf_str("login_local"); - if (stat(file, &st) == 0) - { - if (!S_ISREG(st.st_mode)) { - error("%s: not a regular file: %s", filename, file); - return (-1); - } - } else { - error("%s: file not found: %s", filename, file); - return (-1); - } - file = rc_conf_str("login_radius"); - if (stat(file, &st) == 0) - { - if (!S_ISREG(st.st_mode)) { - error("%s: not a regular file: %s", filename, file); - return (-1); - } - } else { - error("%s: file not found: %s", filename, file); - return (-1); - } -#endif - - if (rc_conf_int("login_tries") <= 0) - { - error("%s: login_tries <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_str("seqfile") == NULL) - { - error("%s: seqfile not specified", filename); - return (-1); - } - if (rc_conf_int("login_timeout") <= 0) - { - error("%s: login_timeout <= 0 is illegal", filename); - return (-1); - } - if (rc_conf_str("mapfile") == NULL) - { - error("%s: mapfile not specified", filename); - return (-1); - } - if (rc_conf_str("nologin") == NULL) - { - error("%s: nologin not specified", filename); - return (-1); - } - - return 0; -} - -/* - * Function: rc_find_match - * - * Purpose: see if ip_addr is one of the ip addresses of hostname - * - * Returns: 0 on success, -1 when failure - * - */ - -static int find_match (UINT4 *ip_addr, char *hostname) -{ - UINT4 addr; - char **paddr; - struct hostent *hp; - - if (rc_good_ipaddr (hostname) == 0) - { - if (*ip_addr == ntohl(inet_addr (hostname))) - { - return (0); - } - } - else - { - if ((hp = gethostbyname (hostname)) == (struct hostent *) NULL) - { - return (-1); - } - for (paddr = hp->h_addr_list; *paddr; paddr++) - { - addr = ** (UINT4 **) paddr; - if (ntohl(addr) == *ip_addr) - { - return (0); - } - } - } - return (-1); -} - -/* - * Function: rc_find_server - * - * Purpose: search a server in the servers file - * - * Returns: 0 on success, -1 on failure - * - */ - -int rc_find_server (char *server_name, UINT4 *ip_addr, char *secret) -{ - UINT4 myipaddr = 0; - int len; - int result; - FILE *clientfd; - char *h; - char *s; - char *host2; - char buffer[128]; - char hostnm[AUTH_ID_LEN + 1]; - - /* Get the IP address of the authentication server */ - if ((*ip_addr = rc_get_ipaddr (server_name)) == (UINT4) 0) - return (-1); - - if ((clientfd = fopen (rc_conf_str("servers"), "r")) == (FILE *) NULL) - { - error("rc_find_server: couldn't open file: %m: %s", rc_conf_str("servers")); - return (-1); - } - - myipaddr = rc_own_ipaddress(); - - result = 0; - while (fgets (buffer, sizeof (buffer), clientfd) != (char *) NULL) - { - if (*buffer == '#') - continue; - - if ((h = strtok (buffer, " \t\n")) == NULL) /* first hostname */ - continue; - - memset (hostnm, '\0', AUTH_ID_LEN); - len = strlen (h); - if (len > AUTH_ID_LEN) - { - len = AUTH_ID_LEN; - } - strncpy (hostnm, h, (size_t) len); - hostnm[AUTH_ID_LEN] = '\0'; - - if ((s = strtok (NULL, " \t\n")) == NULL) /* and secret field */ - continue; - - memset (secret, '\0', MAX_SECRET_LENGTH); - len = strlen (s); - if (len > MAX_SECRET_LENGTH) - { - len = MAX_SECRET_LENGTH; - } - strncpy (secret, s, (size_t) len); - secret[MAX_SECRET_LENGTH] = '\0'; - - if (!strchr (hostnm, '/')) /* If single name form */ - { - if (find_match (ip_addr, hostnm) == 0) - { - result++; - break; - } - } - else /* / "paired" form */ - { - strtok (hostnm, "/"); - if (find_match (&myipaddr, hostnm) == 0) - { /* If we're the 1st name, target is 2nd */ - host2 = strtok (NULL, " "); - if (find_match (ip_addr, host2) == 0) - { - result++; - break; - } - } - else /* If we were 2nd name, target is 1st name */ - { - if (find_match (ip_addr, hostnm) == 0) - { - result++; - break; - } - } - } - } - fclose (clientfd); - if (result == 0) - { - memset (buffer, '\0', sizeof (buffer)); - memset (secret, '\0', sizeof (secret)); - error("rc_find_server: couldn't find RADIUS server %s in %s", - server_name, rc_conf_str("servers")); - return (-1); - } - return 0; -} diff --git a/pppd/plugins/radius/dict.c b/pppd/plugins/radius/dict.c deleted file mode 100644 index 72b3e70..0000000 --- a/pppd/plugins/radius/dict.c +++ /dev/null @@ -1,450 +0,0 @@ -/* - * $Id: dict.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 2002 Roaring Penguin Software Inc. - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -static DICT_ATTR *dictionary_attributes = NULL; -static DICT_VALUE *dictionary_values = NULL; -static VENDOR_DICT *vendor_dictionaries = NULL; - -/* - * Function: rc_read_dictionary - * - * Purpose: Initialize the dictionary. Read all ATTRIBUTES into - * the dictionary_attributes list. Read all VALUES into - * the dictionary_values list. Construct VENDOR dictionaries - * as required. - * - */ - -int rc_read_dictionary (char *filename) -{ - FILE *dictfd; - char dummystr[AUTH_ID_LEN]; - char namestr[AUTH_ID_LEN]; - char valstr[AUTH_ID_LEN]; - char attrstr[AUTH_ID_LEN]; - char typestr[AUTH_ID_LEN]; - char vendorstr[AUTH_ID_LEN]; - int line_no; - DICT_ATTR *attr; - DICT_VALUE *dval; - VENDOR_DICT *vdict; - char buffer[256]; - int value; - int type; - int n; - int retcode; - if ((dictfd = fopen (filename, "r")) == (FILE *) NULL) - { - error( "rc_read_dictionary: couldn't open dictionary %s: %s", - filename, strerror(errno)); - return (-1); - } - - line_no = 0; - retcode = 0; - while (fgets (buffer, sizeof (buffer), dictfd) != (char *) NULL) - { - line_no++; - - /* Skip empty space */ - if (*buffer == '#' || *buffer == '\0' || *buffer == '\n') - { - continue; - } - - if (strncmp (buffer, "VENDOR", 6) == 0) { - /* Read the VENDOR line */ - if (sscanf(buffer, "%s%s%d", dummystr, namestr, &value) != 3) { - error("rc_read_dictionary: invalid vendor on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - /* Validate entry */ - if (strlen (namestr) > NAME_LENGTH) { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - /* Create new vendor entry */ - vdict = (VENDOR_DICT *) malloc (sizeof (VENDOR_DICT)); - if (!vdict) { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy(vdict->vendorname, namestr); - vdict->vendorcode = value; - vdict->attributes = NULL; - vdict->next = vendor_dictionaries; - vendor_dictionaries = vdict; - } - else if (strncmp (buffer, "ATTRIBUTE", 9) == 0) - { - - /* Read the ATTRIBUTE line. It is one of: - * ATTRIBUTE attr_name attr_val type OR - * ATTRIBUTE attr_name attr_val type vendor */ - vendorstr[0] = 0; - n = sscanf(buffer, "%s%s%s%s%s", dummystr, namestr, valstr, typestr, vendorstr); - if (n != 4 && n != 5) - { - error("rc_read_dictionary: invalid attribute on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* - * Validate all entries - */ - if (strlen (namestr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (strlen (vendorstr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (!isdigit (*valstr)) - { - error("rc_read_dictionary: invalid value on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - value = atoi (valstr); - - if (strcmp (typestr, "string") == 0) - { - type = PW_TYPE_STRING; - } - else if (strcmp (typestr, "integer") == 0) - { - type = PW_TYPE_INTEGER; - } - else if (strcmp (typestr, "ipaddr") == 0) - { - type = PW_TYPE_IPADDR; - } - else if (strcmp (typestr, "date") == 0) - { - type = PW_TYPE_DATE; - } - else - { - error("rc_read_dictionary: invalid type on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* Search for vendor if supplied */ - if (*vendorstr) { - vdict = rc_dict_findvendor(vendorstr); - if (!vdict) { - error("rc_read_dictionary: unknown vendor on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - } else { - vdict = NULL; - } - /* Create a new attribute for the list */ - if ((attr = - (DICT_ATTR *) malloc (sizeof (DICT_ATTR))) - == (DICT_ATTR *) NULL) - { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy (attr->name, namestr); - if (vdict) { - attr->vendorcode = vdict->vendorcode; - } else { - attr->vendorcode = VENDOR_NONE; - } - attr->value = value; - attr->type = type; - - /* Insert it into the list */ - if (vdict) { - attr->next = vdict->attributes; - vdict->attributes = attr; - } else { - attr->next = dictionary_attributes; - dictionary_attributes = attr; - } - } - else if (strncmp (buffer, "VALUE", 5) == 0) - { - /* Read the VALUE line */ - if (sscanf (buffer, "%s%s%s%s", dummystr, attrstr, - namestr, valstr) != 4) - { - error("rc_read_dictionary: invalid value entry on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - /* - * Validate all entries - */ - if (strlen (attrstr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid attribute length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (strlen (namestr) > NAME_LENGTH) - { - error("rc_read_dictionary: invalid name length on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - - if (!isdigit (*valstr)) - { - error("rc_read_dictionary: invalid value on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - value = atoi (valstr); - - /* Create a new VALUE entry for the list */ - if ((dval = - (DICT_VALUE *) malloc (sizeof (DICT_VALUE))) - == (DICT_VALUE *) NULL) - { - novm("rc_read_dictionary"); - retcode = -1; - break; - } - strcpy (dval->attrname, attrstr); - strcpy (dval->name, namestr); - dval->value = value; - - /* Insert it into the list */ - dval->next = dictionary_values; - dictionary_values = dval; - } - else if (strncmp (buffer, "INCLUDE", 7) == 0) - { - /* Read the INCLUDE line */ - if (sscanf (buffer, "%s%s", dummystr, namestr) != 2) - { - error("rc_read_dictionary: invalid include entry on line %d of dictionary %s", - line_no, filename); - retcode = -1; - break; - } - if (rc_read_dictionary(namestr) == -1) - { - retcode = -1; - break; - } - } - } - fclose (dictfd); - return retcode; -} - -/* - * Function: rc_dict_getattr - * - * Purpose: Return the full attribute structure based on the - * attribute id number and vendor code. If vendor code is VENDOR_NONE, - * non-vendor-specific attributes are used - * - */ - -DICT_ATTR *rc_dict_getattr (int attribute, int vendor) -{ - DICT_ATTR *attr; - VENDOR_DICT *dict; - - if (vendor == VENDOR_NONE) { - attr = dictionary_attributes; - while (attr != (DICT_ATTR *) NULL) { - if (attr->value == attribute) { - return (attr); - } - attr = attr->next; - } - } else { - dict = rc_dict_getvendor(vendor); - if (!dict) { - return NULL; - } - attr = dict->attributes; - while (attr) { - if (attr->value == attribute) { - return attr; - } - attr = attr->next; - } - } - return NULL; -} - -/* - * Function: rc_dict_findattr - * - * Purpose: Return the full attribute structure based on the - * attribute name. - * - */ - -DICT_ATTR *rc_dict_findattr (char *attrname) -{ - DICT_ATTR *attr; - VENDOR_DICT *dict; - - attr = dictionary_attributes; - while (attr != (DICT_ATTR *) NULL) - { - if (strcasecmp (attr->name, attrname) == 0) - { - return (attr); - } - attr = attr->next; - } - - /* Search vendor-specific dictionaries */ - dict = vendor_dictionaries; - while (dict) { - attr = dict->attributes; - while (attr) { - if (strcasecmp (attr->name, attrname) == 0) { - return (attr); - } - attr = attr->next; - } - dict = dict->next; - } - return ((DICT_ATTR *) NULL); -} - - -/* - * Function: rc_dict_findval - * - * Purpose: Return the full value structure based on the - * value name. - * - */ - -DICT_VALUE *rc_dict_findval (char *valname) -{ - DICT_VALUE *val; - - val = dictionary_values; - while (val != (DICT_VALUE *) NULL) - { - if (strcasecmp (val->name, valname) == 0) - { - return (val); - } - val = val->next; - } - return ((DICT_VALUE *) NULL); -} - -/* - * Function: dict_getval - * - * Purpose: Return the full value structure based on the - * actual value and the associated attribute name. - * - */ - -DICT_VALUE * rc_dict_getval (UINT4 value, char *attrname) -{ - DICT_VALUE *val; - - val = dictionary_values; - while (val != (DICT_VALUE *) NULL) - { - if (strcmp (val->attrname, attrname) == 0 && - val->value == value) - { - return (val); - } - val = val->next; - } - return ((DICT_VALUE *) NULL); -} - -/* - * Function: rc_dict_findvendor - * - * Purpose: Return the vendor's dictionary given the vendor name. - * - */ -VENDOR_DICT * rc_dict_findvendor (char *vendorname) -{ - VENDOR_DICT *dict; - - dict = vendor_dictionaries; - while (dict) { - if (!strcmp(vendorname, dict->vendorname)) { - return dict; - } - dict = dict->next; - } - return NULL; -} - -/* - * Function: rc_dict_getvendor - * - * Purpose: Return the vendor's dictionary given the vendor ID - * - */ -VENDOR_DICT * rc_dict_getvendor (int id) -{ - VENDOR_DICT *dict; - - dict = vendor_dictionaries; - while (dict) { - if (id == dict->vendorcode) { - return dict; - } - dict = dict->next; - } - return NULL; -} diff --git a/pppd/plugins/radius/etc/dictionary b/pppd/plugins/radius/etc/dictionary deleted file mode 100644 index 6dd086a..0000000 --- a/pppd/plugins/radius/etc/dictionary +++ /dev/null @@ -1,253 +0,0 @@ -# -# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl -# -# This file contains dictionary translations for parsing -# requests and generating responses. All transactions are -# composed of Attribute/Value Pairs. The value of each attribute -# is specified as one of 4 data types. Valid data types are: -# -# string - 0-253 octets -# ipaddr - 4 octets in network byte order -# integer - 32 bit value in big endian order (high byte first) -# date - 32 bit value in big endian order - seconds since -# 00:00:00 GMT, Jan. 1, 1970 -# -# Enumerated values are stored in the user file with dictionary -# VALUE translations for easy administration. -# -# Example: -# -# ATTRIBUTE VALUE -# --------------- ----- -# Framed-Protocol = PPP -# 7 = 1 (integer encoding) -# - -# The dictionary format now supports vendor-specific attributes. -# Vendors are introduced like this: -# -# VENDOR vendor_name vendor_number -# -# For example: -# -# VENDOR RoaringPenguin 10055 -# -# Vendor-specific attributes have a fifth field with the name of the -# vendor. For example: -# -# ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin -# -# introduces a Roaring Penguin vendor-specific attribbute with name -# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin. - -# -# Following are the proper new names. Use these. -# -ATTRIBUTE User-Name 1 string -ATTRIBUTE Password 2 string -ATTRIBUTE CHAP-Password 3 string -ATTRIBUTE NAS-IP-Address 4 ipaddr -ATTRIBUTE NAS-Port-Id 5 integer -ATTRIBUTE Service-Type 6 integer -ATTRIBUTE Framed-Protocol 7 integer -ATTRIBUTE Framed-IP-Address 8 ipaddr -ATTRIBUTE Framed-IP-Netmask 9 ipaddr -ATTRIBUTE Framed-Routing 10 integer -ATTRIBUTE Filter-Id 11 string -ATTRIBUTE Framed-MTU 12 integer -ATTRIBUTE Framed-Compression 13 integer -ATTRIBUTE Login-IP-Host 14 ipaddr -ATTRIBUTE Login-Service 15 integer -ATTRIBUTE Login-TCP-Port 16 integer -ATTRIBUTE Reply-Message 18 string -ATTRIBUTE Callback-Number 19 string -ATTRIBUTE Callback-Id 20 string -ATTRIBUTE Framed-Route 22 string -ATTRIBUTE Framed-IPX-Network 23 ipaddr -ATTRIBUTE State 24 string -ATTRIBUTE Class 25 string -ATTRIBUTE Session-Timeout 27 integer -ATTRIBUTE Idle-Timeout 28 integer -ATTRIBUTE Termination-Action 29 integer -ATTRIBUTE Called-Station-Id 30 string -ATTRIBUTE Calling-Station-Id 31 string -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Acct-Status-Type 40 integer -ATTRIBUTE Acct-Delay-Time 41 integer -ATTRIBUTE Acct-Input-Octets 42 integer -ATTRIBUTE Acct-Output-Octets 43 integer -ATTRIBUTE Acct-Session-Id 44 string -ATTRIBUTE Acct-Authentic 45 integer -ATTRIBUTE Acct-Session-Time 46 integer -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -ATTRIBUTE Acct-Terminate-Cause 49 integer -ATTRIBUTE Chap-Challenge 60 string -ATTRIBUTE NAS-Port-Type 61 integer -ATTRIBUTE Port-Limit 62 integer -ATTRIBUTE Connect-Info 77 string - -# RFC 2869 -ATTRIBUTE Acct-Interim-Interval 85 integer - -# -# Experimental Non Protocol Attributes used by Cistron-Radiusd -# -ATTRIBUTE Huntgroup-Name 221 string -ATTRIBUTE User-Category 1029 string -ATTRIBUTE Group-Name 1030 string -ATTRIBUTE Simultaneous-Use 1034 integer -ATTRIBUTE Strip-User-Name 1035 integer -ATTRIBUTE Fall-Through 1036 integer -ATTRIBUTE Add-Port-To-IP-Address 1037 integer -ATTRIBUTE Exec-Program 1038 string -ATTRIBUTE Exec-Program-Wait 1039 string -ATTRIBUTE Hint 1040 string - -# -# Non-Protocol Attributes -# These attributes are used internally by the server -# -ATTRIBUTE Expiration 21 date -ATTRIBUTE Auth-Type 1000 integer -ATTRIBUTE Menu 1001 string -ATTRIBUTE Termination-Menu 1002 string -ATTRIBUTE Prefix 1003 string -ATTRIBUTE Suffix 1004 string -ATTRIBUTE Group 1005 string -ATTRIBUTE Crypt-Password 1006 string -ATTRIBUTE Connect-Rate 1007 integer - -# -# Experimental, implementation specific attributes -# -# Limit session traffic -ATTRIBUTE Session-Octets-Limit 227 integer -# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out) -ATTRIBUTE Octets-Direction 228 integer - -# -# Integer Translations -# - -# User Types - -VALUE Service-Type Login-User 1 -VALUE Service-Type Framed-User 2 -VALUE Service-Type Callback-Login-User 3 -VALUE Service-Type Callback-Framed-User 4 -VALUE Service-Type Outbound-User 5 -VALUE Service-Type Administrative-User 6 -VALUE Service-Type NAS-Prompt-User 7 - -# Framed Protocols - -VALUE Framed-Protocol PPP 1 -VALUE Framed-Protocol SLIP 2 - -# Framed Routing Values - -VALUE Framed-Routing None 0 -VALUE Framed-Routing Broadcast 1 -VALUE Framed-Routing Listen 2 -VALUE Framed-Routing Broadcast-Listen 3 - -# Framed Compression Types - -VALUE Framed-Compression None 0 -VALUE Framed-Compression Van-Jacobson-TCP-IP 1 - -# Login Services - -VALUE Login-Service Telnet 0 -VALUE Login-Service Rlogin 1 -VALUE Login-Service TCP-Clear 2 -VALUE Login-Service PortMaster 3 - -# Status Types - -VALUE Acct-Status-Type Start 1 -VALUE Acct-Status-Type Stop 2 -VALUE Acct-Status-Type Accounting-On 7 -VALUE Acct-Status-Type Accounting-Off 8 - -# Authentication Types - -VALUE Acct-Authentic RADIUS 1 -VALUE Acct-Authentic Local 2 -VALUE Acct-Authentic PowerLink128 100 - -# Termination Options - -VALUE Termination-Action Default 0 -VALUE Termination-Action RADIUS-Request 1 - -# NAS Port Types, available in 3.3.1 and later - -VALUE NAS-Port-Type Async 0 -VALUE NAS-Port-Type Sync 1 -VALUE NAS-Port-Type ISDN 2 -VALUE NAS-Port-Type ISDN-V120 3 -VALUE NAS-Port-Type ISDN-V110 4 - -# Acct Terminate Causes, available in 3.3.2 and later - -VALUE Acct-Terminate-Cause User-Request 1 -VALUE Acct-Terminate-Cause Lost-Carrier 2 -VALUE Acct-Terminate-Cause Lost-Service 3 -VALUE Acct-Terminate-Cause Idle-Timeout 4 -VALUE Acct-Terminate-Cause Session-Timeout 5 -VALUE Acct-Terminate-Cause Admin-Reset 6 -VALUE Acct-Terminate-Cause Admin-Reboot 7 -VALUE Acct-Terminate-Cause Port-Error 8 -VALUE Acct-Terminate-Cause NAS-Error 9 -VALUE Acct-Terminate-Cause NAS-Request 10 -VALUE Acct-Terminate-Cause NAS-Reboot 11 -VALUE Acct-Terminate-Cause Port-Unneeded 12 -VALUE Acct-Terminate-Cause Port-Preempted 13 -VALUE Acct-Terminate-Cause Port-Suspended 14 -VALUE Acct-Terminate-Cause Service-Unavailable 15 -VALUE Acct-Terminate-Cause Callback 16 -VALUE Acct-Terminate-Cause User-Error 17 -VALUE Acct-Terminate-Cause Host-Request 18 - -# -# Non-Protocol Integer Translations -# - -VALUE Auth-Type Local 0 -VALUE Auth-Type System 1 -VALUE Auth-Type SecurID 2 -VALUE Auth-Type Crypt-Local 3 -VALUE Auth-Type Reject 4 - -# -# Cistron extensions -# -VALUE Auth-Type Pam 253 -VALUE Auth-Type None 254 - -# -# Experimental Non-Protocol Integer Translations for Cistron-Radiusd -# -VALUE Fall-Through No 0 -VALUE Fall-Through Yes 1 -VALUE Add-Port-To-IP-Address No 0 -VALUE Add-Port-To-IP-Address Yes 1 - -# -# Configuration Values -# uncomment these two lines to turn account expiration on -# - -#VALUE Server-Config Password-Expiration 30 -#VALUE Server-Config Password-Warning 5 - -# Octets-Direction -VALUE Octets-Direction Sum 0 -VALUE Octets-Direction Input 1 -VALUE Octets-Direction Output 2 -VALUE Octets-Direction MaxOveral 3 -VALUE Octets-Direction MaxSession 4 - -INCLUDE /etc/radiusclient/dictionary.microsoft diff --git a/pppd/plugins/radius/etc/dictionary.ascend b/pppd/plugins/radius/etc/dictionary.ascend deleted file mode 100644 index f9f9bdc..0000000 --- a/pppd/plugins/radius/etc/dictionary.ascend +++ /dev/null @@ -1,295 +0,0 @@ -# -# Ascend dictionary. -# -# -# Version: 1.00 21-Jul-1997 Jens Glaser -# - - -# -# Ascend specific extensions -# Used by ASCEND MAX/Pipeline products -# -ATTRIBUTE Ascend-FCP-Parameter 119 string -ATTRIBUTE Ascend-Modem-PortNo 120 integer -ATTRIBUTE Ascend-Modem-SlotNo 121 integer -ATTRIBUTE Ascend-Modem-ShelfNo 122 integer -ATTRIBUTE Ascend-Call-Attempt-Limit 123 integer -ATTRIBUTE Ascend-Call-Block-Duration 124 integer -ATTRIBUTE Ascend-Maximum-Call-Duration 125 integer -ATTRIBUTE Ascend-Temporary-Rtes 126 integer -ATTRIBUTE Tunneling-Protocol 127 integer -ATTRIBUTE Ascend-Shared-Profile-Enable 128 integer -ATTRIBUTE Ascend-Primary-Home-Agent 129 string -ATTRIBUTE Ascend-Secondary-Home-Agent 130 string -ATTRIBUTE Ascend-Dialout-Allowed 131 integer -ATTRIBUTE Ascend-Client-Gateway 132 ipaddr -ATTRIBUTE Ascend-BACP-Enable 133 integer -ATTRIBUTE Ascend-DHCP-Maximum-Leases 134 integer -ATTRIBUTE Ascend-Client-Primary-DNS 135 ipaddr -ATTRIBUTE Ascend-Client-Secondary-DNS 136 ipaddr -ATTRIBUTE Ascend-Client-Assign-DNS 137 integer -ATTRIBUTE Ascend-User-Acct-Type 138 integer -ATTRIBUTE Ascend-User-Acct-Host 139 ipaddr -ATTRIBUTE Ascend-User-Acct-Port 140 integer -ATTRIBUTE Ascend-User-Acct-Key 141 string -ATTRIBUTE Ascend-User-Acct-Base 142 integer -ATTRIBUTE Ascend-User-Acct-Time 143 integer -ATTRIBUTE Ascend-Assign-IP-Client 144 ipaddr -ATTRIBUTE Ascend-Assign-IP-Server 145 ipaddr -ATTRIBUTE Ascend-Assign-IP-Global-Pool 146 string -ATTRIBUTE Ascend-DHCP-Reply 147 integer -ATTRIBUTE Ascend-DHCP-Pool-Number 148 integer -ATTRIBUTE Ascend-Expect-Callback 149 integer -ATTRIBUTE Ascend-Event-Type 150 integer -ATTRIBUTE Ascend-Session-Svr-Key 151 string -ATTRIBUTE Ascend-Multicast-Rate-Limit 152 integer -ATTRIBUTE Ascend-IF-Netmask 153 ipaddr -ATTRIBUTE Ascend-Remote-Addr 154 ipaddr -ATTRIBUTE Ascend-Multicast-Client 155 integer -ATTRIBUTE Ascend-FR-Circuit-Name 156 string -ATTRIBUTE Ascend-FR-LinkUp 157 integer -ATTRIBUTE Ascend-FR-Nailed-Grp 158 integer -ATTRIBUTE Ascend-FR-Type 159 integer -ATTRIBUTE Ascend-FR-Link-Mgt 160 integer -ATTRIBUTE Ascend-FR-N391 161 integer -ATTRIBUTE Ascend-FR-DCE-N392 162 integer -ATTRIBUTE Ascend-FR-DTE-N392 163 integer -ATTRIBUTE Ascend-FR-DCE-N393 164 integer -ATTRIBUTE Ascend-FR-DTE-N393 165 integer -ATTRIBUTE Ascend-FR-T391 166 integer -ATTRIBUTE Ascend-FR-T392 167 integer -ATTRIBUTE Ascend-Bridge-Address 168 string -ATTRIBUTE Ascend-TS-Idle-Limit 169 integer -ATTRIBUTE Ascend-TS-Idle-Mode 170 integer -ATTRIBUTE Ascend-DBA-Monitor 171 integer -ATTRIBUTE Ascend-Base-Channel-Count 172 integer -ATTRIBUTE Ascend-Minimum-Channels 173 integer -ATTRIBUTE Ascend-IPX-Route 174 string -ATTRIBUTE Ascend-FT1-Caller 175 integer -ATTRIBUTE Ascend-Backup 176 string -ATTRIBUTE Ascend-Call-Type 177 integer -ATTRIBUTE Ascend-Group 178 string -ATTRIBUTE Ascend-FR-DLCI 179 integer -ATTRIBUTE Ascend-FR-Profile-Name 180 string -ATTRIBUTE Ascend-Ara-PW 181 string -ATTRIBUTE Ascend-IPX-Node-Addr 182 string -ATTRIBUTE Ascend-Home-Agent-IP-Addr 183 ipaddr -ATTRIBUTE Ascend-Home-Agent-Password 184 string -ATTRIBUTE Ascend-Home-Network-Name 185 string -ATTRIBUTE Ascend-Home-Agent-UDP-Port 186 integer -ATTRIBUTE Ascend-Multilink-ID 187 integer -ATTRIBUTE Ascend-Num-In-Multilink 188 integer -ATTRIBUTE Ascend-First-Dest 189 ipaddr -ATTRIBUTE Ascend-Pre-Input-Octets 190 integer -ATTRIBUTE Ascend-Pre-Output-Octets 191 integer -ATTRIBUTE Ascend-Pre-Input-Packets 192 integer -ATTRIBUTE Ascend-Pre-Output-Packets 193 integer -ATTRIBUTE Ascend-Maximum-Time 194 integer -ATTRIBUTE Ascend-Disconnect-Cause 195 integer -ATTRIBUTE Ascend-Connect-Progress 196 integer -ATTRIBUTE Ascend-Data-Rate 197 integer -ATTRIBUTE Ascend-PreSession-Time 198 integer -ATTRIBUTE Ascend-Token-Idle 199 integer -ATTRIBUTE Ascend-Token-Immediate 200 integer -ATTRIBUTE Ascend-Require-Auth 201 integer -ATTRIBUTE Ascend-Number-Sessions 202 string -ATTRIBUTE Ascend-Authen-Alias 203 string -ATTRIBUTE Ascend-Token-Expiry 204 integer -ATTRIBUTE Ascend-Menu-Selector 205 string -ATTRIBUTE Ascend-Menu-Item 206 string -ATTRIBUTE Ascend-PW-Warntime 207 integer -ATTRIBUTE Ascend-PW-Lifetime 208 integer -ATTRIBUTE Ascend-IP-Direct 209 ipaddr -ATTRIBUTE Ascend-PPP-VJ-Slot-Comp 210 integer -ATTRIBUTE Ascend-PPP-VJ-1172 211 integer -ATTRIBUTE Ascend-PPP-Async-Map 212 integer -ATTRIBUTE Ascend-Third-Prompt 213 string -ATTRIBUTE Ascend-Send-Secret 214 string -ATTRIBUTE Ascend-Receive-Secret 215 string -ATTRIBUTE Ascend-IPX-Peer-Mode 216 integer -ATTRIBUTE Ascend-IP-Pool-Definition 217 string -ATTRIBUTE Ascend-Assign-IP-Pool 218 integer -ATTRIBUTE Ascend-FR-Direct 219 integer -ATTRIBUTE Ascend-FR-Direct-Profile 220 string -ATTRIBUTE Ascend-FR-Direct-DLCI 221 integer -ATTRIBUTE Ascend-Handle-IPX 222 integer -ATTRIBUTE Ascend-Netware-timeout 223 integer -ATTRIBUTE Ascend-IPX-Alias 224 integer -ATTRIBUTE Ascend-Metric 225 integer -ATTRIBUTE Ascend-PRI-Number-Type 226 integer -ATTRIBUTE Ascend-Dial-Number 227 string -ATTRIBUTE Ascend-Route-IP 228 integer -ATTRIBUTE Ascend-Route-IPX 229 integer -ATTRIBUTE Ascend-Bridge 230 integer -ATTRIBUTE Ascend-Send-Auth 231 integer -ATTRIBUTE Ascend-Send-Passwd 232 string -ATTRIBUTE Ascend-Link-Compression 233 integer -ATTRIBUTE Ascend-Target-Util 234 integer -ATTRIBUTE Ascend-Maximum-Channels 235 integer -ATTRIBUTE Ascend-Inc-Channel-Count 236 integer -ATTRIBUTE Ascend-Dec-Channel-Count 237 integer -ATTRIBUTE Ascend-Seconds-Of-History 238 integer -ATTRIBUTE Ascend-History-Weigh-Type 239 integer -ATTRIBUTE Ascend-Add-Seconds 240 integer -ATTRIBUTE Ascend-Remove-Seconds 241 integer -ATTRIBUTE Ascend-Idle-Limit 244 integer -ATTRIBUTE Ascend-Preempt-Limit 245 integer -ATTRIBUTE Ascend-Callback 246 integer -ATTRIBUTE Ascend-Data-Svc 247 integer -ATTRIBUTE Ascend-Force-56 248 integer -ATTRIBUTE Ascend-Billing-Number 249 string -ATTRIBUTE Ascend-Call-By-Call 250 integer -ATTRIBUTE Ascend-Transit-Number 251 string -ATTRIBUTE Ascend-Host-Info 252 string -ATTRIBUTE Ascend-PPP-Address 253 ipaddr -ATTRIBUTE Ascend-MPP-Idle-Percent 254 integer -ATTRIBUTE Ascend-Xmit-Rate 255 integer - - - -# Ascend protocols -VALUE Service-Type Dialout-Framed-User 5 -VALUE Framed-Protocol ARA 255 -VALUE Framed-Protocol MPP 256 -VALUE Framed-Protocol EURAW 257 -VALUE Framed-Protocol EUUI 258 -VALUE Framed-Protocol X25 259 -VALUE Framed-Protocol COMB 260 -VALUE Framed-Protocol FR 261 -VALUE Framed-Protocol MP 262 -VALUE Framed-Protocol FR-CIR 263 - - -# -# Ascend specific extensions -# Used by ASCEND MAX/Pipeline products (see above) -# - -VALUE Ascend-FR-Direct FR-Direct-No 0 -VALUE Ascend-FR-Direct FR-Direct-Yes 1 -VALUE Ascend-Handle-IPX Handle-IPX-None 0 -VALUE Ascend-Handle-IPX Handle-IPX-Client 1 -VALUE Ascend-Handle-IPX Handle-IPX-Server 2 -VALUE Ascend-IPX-Peer-Mode IPX-Peer-Router 0 -VALUE Ascend-IPX-Peer-Mode IPX-Peer-Dialin 1 -VALUE Ascend-Call-Type Nailed 1 -VALUE Ascend-Call-Type Nailed/Mpp 2 -VALUE Ascend-Call-Type Perm/Switched 3 -VALUE Ascend-FT1-Caller FT1-No 0 -VALUE Ascend-FT1-Caller FT1-Yes 1 -VALUE Ascend-PRI-Number-Type Unknown-Number 0 -VALUE Ascend-PRI-Number-Type Intl-Number 1 -VALUE Ascend-PRI-Number-Type National-Number 2 -VALUE Ascend-PRI-Number-Type Local-Number 4 -VALUE Ascend-PRI-Number-Type Abbrev-Number 5 -VALUE Ascend-Route-IPX Route-IPX-No 0 -VALUE Ascend-Route-IPX Route-IPX-Yes 1 -VALUE Ascend-Bridge Bridge-No 0 -VALUE Ascend-Bridge Bridge-Yes 1 -VALUE Ascend-TS-Idle-Mode TS-Idle-None 0 -VALUE Ascend-TS-Idle-Mode TS-Idle-Input 1 -VALUE Ascend-TS-Idle-Mode TS-Idle-Input-Output 2 -VALUE Ascend-Send-Auth Send-Auth-None 0 -VALUE Ascend-Send-Auth Send-Auth-PAP 1 -VALUE Ascend-Send-Auth Send-Auth-CHAP 2 -VALUE Ascend-Send-Auth Send-Auth-MS-CHAP 3 -VALUE Ascend-Link-Compression Link-Comp-None 0 -VALUE Ascend-Link-Compression Link-Comp-Stac 1 -VALUE Ascend-Link-Compression Link-Comp-Stac-Draft-9 2 -VALUE Ascend-Link-Compression Link-Comp-MS-Stac 3 -VALUE Ascend-History-Weigh-Type History-Constant 0 -VALUE Ascend-History-Weigh-Type History-Linear 1 -VALUE Ascend-History-Weigh-Type History-Quadratic 2 -VALUE Ascend-Callback Callback-No 0 -VALUE Ascend-Callback Callback-Yes 1 -VALUE Ascend-Expect-Callback Expect-Callback-No 0 -VALUE Ascend-Expect-Callback Expect-Callback-Yes 1 -VALUE Ascend-Data-Svc Switched-Voice-Bearer 0 -VALUE Ascend-Data-Svc Switched-56KR 1 -VALUE Ascend-Data-Svc Switched-64K 2 -VALUE Ascend-Data-Svc Switched-64KR 3 -VALUE Ascend-Data-Svc Switched-56K 4 -VALUE Ascend-Data-Svc Switched-384KR 5 -VALUE Ascend-Data-Svc Switched-384K 6 -VALUE Ascend-Data-Svc Switched-1536K 7 -VALUE Ascend-Data-Svc Switched-1536KR 8 -VALUE Ascend-Data-Svc Switched-128K 9 -VALUE Ascend-Data-Svc Switched-192K 10 -VALUE Ascend-Data-Svc Switched-256K 11 -VALUE Ascend-Data-Svc Switched-320K 12 -VALUE Ascend-Data-Svc Switched-384K-MR 13 -VALUE Ascend-Data-Svc Switched-448K 14 -VALUE Ascend-Data-Svc Switched-512K 15 -VALUE Ascend-Data-Svc Switched-576K 16 -VALUE Ascend-Data-Svc Switched-640K 17 -VALUE Ascend-Data-Svc Switched-704K 18 -VALUE Ascend-Data-Svc Switched-768K 19 -VALUE Ascend-Data-Svc Switched-832K 20 -VALUE Ascend-Data-Svc Switched-896K 21 -VALUE Ascend-Data-Svc Switched-960K 22 -VALUE Ascend-Data-Svc Switched-1024K 23 -VALUE Ascend-Data-Svc Switched-1088K 24 -VALUE Ascend-Data-Svc Switched-1152K 25 -VALUE Ascend-Data-Svc Switched-1216K 26 -VALUE Ascend-Data-Svc Switched-1280K 27 -VALUE Ascend-Data-Svc Switched-1344K 28 -VALUE Ascend-Data-Svc Switched-1408K 29 -VALUE Ascend-Data-Svc Switched-1472K 30 -VALUE Ascend-Data-Svc Switched-1600K 31 -VALUE Ascend-Data-Svc Switched-1664K 32 -VALUE Ascend-Data-Svc Switched-1728K 33 -VALUE Ascend-Data-Svc Switched-1792K 34 -VALUE Ascend-Data-Svc Switched-1856K 35 -VALUE Ascend-Data-Svc Switched-1920K 36 -VALUE Ascend-Data-Svc Switched-inherited 37 -VALUE Ascend-Data-Svc Switched-restricted-bearer-x30 38 -VALUE Ascend-Data-Svc Switched-clear-bearer-v110 39 -VALUE Ascend-Data-Svc Switched-restricted-64-x30 40 -VALUE Ascend-Data-Svc Switched-clear-56-v110 41 -VALUE Ascend-Data-Svc Switched-modem 42 -VALUE Ascend-Data-Svc Switched-atmodem 43 -VALUE Ascend-Data-Svc Nailed-56KR 1 -VALUE Ascend-Data-Svc Nailed-64K 2 -VALUE Ascend-Force-56 Force-56-No 0 -VALUE Ascend-Force-56 Force-56-Yes 1 -VALUE Ascend-PW-Lifetime Lifetime-In-Days 0 -VALUE Ascend-PW-Warntime Days-Of-Warning 0 -VALUE Ascend-PPP-VJ-1172 PPP-VJ-1172 1 -VALUE Ascend-PPP-VJ-Slot-Comp VJ-Slot-Comp-No 1 -VALUE Ascend-Require-Auth Not-Require-Auth 0 -VALUE Ascend-Require-Auth Require-Auth 1 -VALUE Ascend-Token-Immediate Tok-Imm-No 0 -VALUE Ascend-Token-Immediate Tok-Imm-Yes 1 -VALUE Ascend-DBA-Monitor DBA-Transmit 0 -VALUE Ascend-DBA-Monitor DBA-Transmit-Recv 1 -VALUE Ascend-DBA-Monitor DBA-None 2 -VALUE Ascend-FR-Type Ascend-FR-DTE 0 -VALUE Ascend-FR-Type Ascend-FR-DCE 1 -VALUE Ascend-FR-Type Ascend-FR-NNI 2 -VALUE Ascend-FR-Link-Mgt Ascend-FR-No-Link-Mgt 0 -VALUE Ascend-FR-Link-Mgt Ascend-FR-T1-617D 1 -VALUE Ascend-FR-Link-Mgt Ascend-FR-Q-933A 2 -VALUE Ascend-FR-LinkUp Ascend-LinkUp-Default 0 -VALUE Ascend-FR-LinkUp Ascend-LinkUp-AlwaysUp 1 -VALUE Ascend-Multicast-Client Multicast-No 0 -VALUE Ascend-Multicast-Client Multicast-Yes 1 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-None 0 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-User 1 -VALUE Ascend-User-Acct-Type Ascend-User-Acct-User-Default 2 -VALUE Ascend-User-Acct-Base Base-10 0 -VALUE Ascend-User-Acct-Base Base-16 1 -VALUE Ascend-DHCP-Reply DHCP-Reply-No 0 -VALUE Ascend-DHCP-Reply DHCP-Reply-Yes 1 -VALUE Ascend-Client-Assign-DNS DNS-Assign-No 0 -VALUE Ascend-Client-Assign-DNS DNS-Assign-Yes 1 -VALUE Ascend-Event-Type Ascend-ColdStart 1 -VALUE Ascend-Event-Type Ascend-Session-Event 2 -VALUE Ascend-BACP-Enable BACP-No 0 -VALUE Ascend-BACP-Enable BACP-Yes 1 -VALUE Ascend-Dialout-Allowed Dialout-Not-Allowed 0 -VALUE Ascend-Dialout-Allowed Dialout-Allowed 1 -VALUE Ascend-Shared-Profile-Enable Shared-Profile-No 0 -VALUE Ascend-Shared-Profile-Enable Shared-Profile-Yes 1 -VALUE Ascend-Temporary-Rtes Temp-Rtes-No 0 -VALUE Ascend-Temporary-Rtes Temp-Rtes-Yes 1 diff --git a/pppd/plugins/radius/etc/dictionary.compat b/pppd/plugins/radius/etc/dictionary.compat deleted file mode 100644 index fe3f087..0000000 --- a/pppd/plugins/radius/etc/dictionary.compat +++ /dev/null @@ -1,45 +0,0 @@ -# -# Obsolete names for backwards compatibility with older users files. -# -ATTRIBUTE Client-Id 4 ipaddr -ATTRIBUTE Client-Port-Id 5 integer -ATTRIBUTE User-Service-Type 6 integer -ATTRIBUTE Framed-Address 8 ipaddr -ATTRIBUTE Framed-Netmask 9 ipaddr -ATTRIBUTE Framed-Filter-Id 11 string -ATTRIBUTE Login-Host 14 ipaddr -ATTRIBUTE Login-Port 16 integer -ATTRIBUTE Old-Password 17 string -ATTRIBUTE Port-Message 18 string -ATTRIBUTE Dialback-No 19 string -ATTRIBUTE Dialback-Name 20 string -ATTRIBUTE Challenge-State 24 string -VALUE Framed-Compression Van-Jacobsen-TCP-IP 1 -VALUE Framed-Compression VJ-TCP-IP 1 -VALUE Service-Type Shell-User 6 -VALUE Auth-Type Unix 1 -VALUE Service-Type Dialback-Login-User 3 -VALUE Service-Type Dialback-Framed-User 4 - -# -# For compatibility with MERIT users files. -# -ATTRIBUTE NAS-Port 5 integer -ATTRIBUTE Login-Host 14 ipaddr -ATTRIBUTE Login-Callback-Number 19 string -ATTRIBUTE Framed-Callback-Id 20 string -ATTRIBUTE Client-Port-DNIS 30 string -ATTRIBUTE Caller-ID 31 string -VALUE Service-Type Login 1 -VALUE Service-Type Framed 2 -VALUE Service-Type Callback-Login 3 -VALUE Service-Type Callback-Framed 4 -VALUE Service-Type Exec-User 7 - -# -# For compatibility with ESVA RADIUS, Old Cistron RADIUS -# -ATTRIBUTE Session 1034 integer -ATTRIBUTE User-Name-Is-Star 1035 integer -VALUE User-Name-Is-Star No 0 -VALUE User-Name-Is-Star Yes 1 diff --git a/pppd/plugins/radius/etc/dictionary.merit b/pppd/plugins/radius/etc/dictionary.merit deleted file mode 100644 index 7d675e5..0000000 --- a/pppd/plugins/radius/etc/dictionary.merit +++ /dev/null @@ -1,17 +0,0 @@ -# -# Experimental extensions, configuration only (for check-items) -# Names/numbers as per the MERIT extensions (if possible). -# -ATTRIBUTE NAS-Identifier 32 string -ATTRIBUTE Proxy-State 33 string -ATTRIBUTE Login-LAT-Service 34 string -ATTRIBUTE Login-LAT-Node 35 string -ATTRIBUTE Login-LAT-Group 36 string -ATTRIBUTE Framed-AppleTalk-Link 37 integer -ATTRIBUTE Framed-AppleTalk-Network 38 integer -ATTRIBUTE Framed-AppleTalk-Zone 39 string -ATTRIBUTE Acct-Input-Packets 47 integer -ATTRIBUTE Acct-Output-Packets 48 integer -# 8 is a MERIT extension. -VALUE Service-Type Authenticate-Only 8 - diff --git a/pppd/plugins/radius/etc/dictionary.microsoft b/pppd/plugins/radius/etc/dictionary.microsoft deleted file mode 100644 index da3a317..0000000 --- a/pppd/plugins/radius/etc/dictionary.microsoft +++ /dev/null @@ -1,81 +0,0 @@ -# -# Microsoft's VSA's, from RFC 2548 -# -# $Id: dictionary.microsoft,v 1.1 2004/11/14 07:26:26 paulus Exp $ -# - -VENDOR Microsoft 311 Microsoft - -ATTRIBUTE MS-CHAP-Response 1 string Microsoft -ATTRIBUTE MS-CHAP-Error 2 string Microsoft -ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft -ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft -ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft -ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft -ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft -# This is referred to as both singular and plural in the RFC. -# Plural seems to make more sense. -ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft -ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft -ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft -ATTRIBUTE MS-CHAP-Domain 10 string Microsoft -ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft -ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft -ATTRIBUTE MS-BAP-Usage 13 integer Microsoft -ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft -ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft -ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft -ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft -ATTRIBUTE MS-RAS-Version 18 string Microsoft -ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft -ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft -ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft - -ATTRIBUTE MS-Filter 22 string Microsoft -ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft -ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft - -ATTRIBUTE MS-CHAP2-Response 25 string Microsoft -ATTRIBUTE MS-CHAP2-Success 26 string Microsoft -ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft - -ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft -ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft -ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft -ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft - -#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft - - -# -# Integer Translations -# - -# MS-BAP-Usage Values - -VALUE MS-BAP-Usage Not-Allowed 0 -VALUE MS-BAP-Usage Allowed 1 -VALUE MS-BAP-Usage Required 2 - -# MS-ARAP-Password-Change-Reason Values - -VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1 -VALUE MS-ARAP-PW-Change-Reason Expired-Password 2 -VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3 -VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4 - -# MS-Acct-Auth-Type Values - -VALUE MS-Acct-Auth-Type PAP 1 -VALUE MS-Acct-Auth-Type CHAP 2 -VALUE MS-Acct-Auth-Type MS-CHAP-1 3 -VALUE MS-Acct-Auth-Type MS-CHAP-2 4 -VALUE MS-Acct-Auth-Type EAP 5 - -# MS-Acct-EAP-Type Values - -VALUE MS-Acct-EAP-Type MD5 4 -VALUE MS-Acct-EAP-Type OTP 5 -VALUE MS-Acct-EAP-Type Generic-Token-Card 6 -VALUE MS-Acct-EAP-Type TLS 13 - diff --git a/pppd/plugins/radius/etc/issue b/pppd/plugins/radius/etc/issue deleted file mode 100644 index 6254487..0000000 --- a/pppd/plugins/radius/etc/issue +++ /dev/null @@ -1,5 +0,0 @@ -(\I) ------------------------------------------------------ -\S \R (\N) (port \L) ------------------------------------------------------ - diff --git a/pppd/plugins/radius/etc/port-id-map b/pppd/plugins/radius/etc/port-id-map deleted file mode 100644 index 9088a0b..0000000 --- a/pppd/plugins/radius/etc/port-id-map +++ /dev/null @@ -1,24 +0,0 @@ -# -# port-id-map -# -# This file describes the ttyname to port id mapping. The port id -# is reported as part of a RADIUS authentication or accouting request. -# -#ttyname (as returned by ttyname(3)) port-id -/dev/tty1 1 -/dev/tty2 2 -/dev/tty3 3 -/dev/tty4 4 -/dev/tty5 5 -/dev/tty6 6 -/dev/tty7 7 -/dev/tty8 8 -/dev/ttyS0 9 -/dev/ttyS1 10 -/dev/ttyS2 11 -/dev/ttyS3 12 -/dev/ttyS4 13 -/dev/ttyS5 14 -/dev/ttyS6 15 -/dev/ttyS7 16 - \ No newline at end of file diff --git a/pppd/plugins/radius/etc/radiusclient.conf b/pppd/plugins/radius/etc/radiusclient.conf deleted file mode 100644 index 44c18a5..0000000 --- a/pppd/plugins/radius/etc/radiusclient.conf +++ /dev/null @@ -1,91 +0,0 @@ -# General settings - -# specify which authentication comes first respectively which -# authentication is used. possible values are: "radius" and "local". -# if you specify "radius,local" then the RADIUS server is asked -# first then the local one. if only one keyword is specified only -# this server is asked. -auth_order radius - -# maximum login tries a user has (default 4) -login_tries 4 - -# timeout for all login tries (default 60) -# if this time is exceeded the user is kicked out -login_timeout 60 - -# name of the nologin file which when it exists disables logins. -# it may be extended by the ttyname which will result in -# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable -# logins on /dev/ttyS2) (default /etc/nologin) -nologin /etc/nologin - -# name of the issue file. it's only display when no username is passed -# on the radlogin command line (default /etc/radiusclient/issue) -issue /usr/local/etc/radiusclient/issue - -# RADIUS settings - -# RADIUS server to use for authentication requests. this config -# item can appear more then one time. if multiple servers are -# defined they are tried in a round robin fashion if one -# server is not answering. -# optionally you can specify a the port number on which is remote -# RADIUS listens separated by a colon from the hostname. if -# no port is specified /etc/services is consulted of the radius -# service. if this fails also a compiled in default is used. -authserver localhost:1812 - -# RADIUS server to use for accouting requests. All that I -# said for authserver applies, too. -# -acctserver localhost:1813 - -# file holding shared secrets used for the communication -# between the RADIUS client and server -servers /usr/local/etc/radiusclient/servers - -# dictionary of allowed attributes and values -# just like in the normal RADIUS distributions -dictionary /usr/local/etc/radiusclient/dictionary - -# program to call for a RADIUS authenticated login -# (default /usr/sbin/login.radius) -login_radius /usr/local/sbin/login.radius - -# file which holds sequence number for communication with the -# RADIUS server -seqfile /var/run/radius.seq - -# file which specifies mapping between ttyname and NAS-Port attribute -mapfile /usr/local/etc/radiusclient/port-id-map - -# default authentication realm to append to all usernames if no -# realm was explicitly specified by the user -# the radiusd directly form Livingston doesnt use any realms, so leave -# it blank then -default_realm - -# time to wait for a reply from the RADIUS server -radius_timeout 10 - -# resend request this many times before trying the next server -radius_retries 3 - -# NAS-Identifier -# -# If supplied, this option will cause the client to send the given string -# as the contents of the NAS-Identifier attribute in RADIUS requests. No -# NAS-IP-Address attribute will be sent in this case. -# -# The default behavior is to send a NAS-IP-Address option and not send -# a NAS-Identifier. The value of the NAS-IP-Address option is chosen -# by resolving the system hostname. - -# nas_identifier MyUniqueNASName - -# LOCAL settings - -# program to execute for local login -# it must support the -f flag for preauthenticated login -login_local /bin/login diff --git a/pppd/plugins/radius/etc/radiusclient.conf.in b/pppd/plugins/radius/etc/radiusclient.conf.in deleted file mode 100644 index eae292c..0000000 --- a/pppd/plugins/radius/etc/radiusclient.conf.in +++ /dev/null @@ -1,91 +0,0 @@ -# General settings - -# specify which authentication comes first respectively which -# authentication is used. possible values are: "radius" and "local". -# if you specify "radius,local" then the RADIUS server is asked -# first then the local one. if only one keyword is specified only -# this server is asked. -auth_order radius - -# maximum login tries a user has (default 4) -login_tries 4 - -# timeout for all login tries (default 60) -# if this time is exceeded the user is kicked out -login_timeout 60 - -# name of the nologin file which when it exists disables logins. -# it may be extended by the ttyname which will result in -# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable -# logins on /dev/ttyS2) (default /etc/nologin) -nologin /etc/nologin - -# name of the issue file. it's only display when no username is passed -# on the radlogin command line (default /etc/radiusclient/issue) -issue @pkgsysconfdir@/issue - -# RADIUS settings - -# RADIUS server to use for authentication requests. this config -# item can appear more then one time. if multiple servers are -# defined they are tried in a round robin fashion if one -# server is not answering. -# optionally you can specify a the port number on which is remote -# RADIUS listens separated by a colon from the hostname. if -# no port is specified /etc/services is consulted of the radius -# service. if this fails also a compiled in default is used. -authserver localhost:1812 - -# RADIUS server to use for accouting requests. All that I -# said for authserver applies, too. -# -acctserver localhost:1813 - -# file holding shared secrets used for the communication -# between the RADIUS client and server -servers @pkgsysconfdir@/servers - -# dictionary of allowed attributes and values -# just like in the normal RADIUS distributions -dictionary @pkgsysconfdir@/dictionary - -# program to call for a RADIUS authenticated login -# (default /usr/sbin/login.radius) -login_radius @sbindir@/login.radius - -# file which holds sequence number for communication with the -# RADIUS server -seqfile /var/run/radius.seq - -# file which specifies mapping between ttyname and NAS-Port attribute -mapfile @pkgsysconfdir@/port-id-map - -# default authentication realm to append to all usernames if no -# realm was explicitly specified by the user -# the radiusd directly form Livingston doesnt use any realms, so leave -# it blank then -default_realm - -# time to wait for a reply from the RADIUS server -radius_timeout 10 - -# resend request this many times before trying the next server -radius_retries 3 - -# NAS-Identifier -# -# If supplied, this option will cause the client to send the given string -# as the contents of the NAS-Identifier attribute in RADIUS requests. No -# NAS-IP-Address attribute will be sent in this case. -# -# The default behavior is to send a NAS-IP-Address option and not send -# a NAS-Identifier. The value of the NAS-IP-Address option is chosen -# by resolving the system hostname. - -# nas_identifier MyUniqueNASName - -# LOCAL settings - -# program to execute for local login -# it must support the -f flag for preauthenticated login -login_local /bin/login diff --git a/pppd/plugins/radius/etc/realms b/pppd/plugins/radius/etc/realms deleted file mode 100644 index 3440364..0000000 --- a/pppd/plugins/radius/etc/realms +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/radiusclient/realms -# -# Handle realm @netservers.co.uk on an internal RADIUS server -# (note the server must be told to strip the realm) - -#authserver netservers.co.uk 192.168.1.1:1812 -#acctserver netservers.co.uk 192.168.1.1:1813 - -# users in realm @example.com are handled by separate servers - -#authserver example.com 10.0.0.1:1812 -#acctserver example.com 10.0.0.2:1813 - -# the DEFAULT realm matches users that do not supply a realm - -#authserver DEFAULT 192.168.1.1:1812 -#acctserver DEFAULT 192.168.1.1:1813 - -# Any realms that do not match in the realms file automatically fall -# through to the standard radius plugin which uses the servers in the -# radiusclient.conf file. Note that this is different than the -# DEFAULT realm match, above. diff --git a/pppd/plugins/radius/etc/servers b/pppd/plugins/radius/etc/servers deleted file mode 100644 index b061bf9..0000000 --- a/pppd/plugins/radius/etc/servers +++ /dev/null @@ -1,4 +0,0 @@ -#Server Name or Client/Server pair Key -#---------------- --------------- -#portmaster.elemental.net hardlyasecret -#portmaster2.elemental.net donttellanyone diff --git a/pppd/plugins/radius/includes.h b/pppd/plugins/radius/includes.h deleted file mode 100644 index f48d9b7..0000000 --- a/pppd/plugins/radius/includes.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * $Id: includes.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -#include - -#ifndef PATH_MAX -#define PATH_MAX 1024 -#endif - -#ifndef UCHAR_MAX -# define UCHAR_MAX 255 -#endif - -#include -#include -#include -#include - -#include - -#include "magic.h" - -/* rlib/lock.c */ -int do_lock_exclusive(int); -int do_unlock(int); diff --git a/pppd/plugins/radius/ip_util.c b/pppd/plugins/radius/ip_util.c deleted file mode 100644 index cd59e7b..0000000 --- a/pppd/plugins/radius/ip_util.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * $Id: ip_util.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -/* - * Function: rc_get_ipaddr - * - * Purpose: return an IP address in host long notation from a host - * name or address in dot notation. - * - * Returns: 0 on failure - */ - -UINT4 rc_get_ipaddr (char *host) -{ - struct hostent *hp; - - if (rc_good_ipaddr (host) == 0) - { - return ntohl(inet_addr (host)); - } - else if ((hp = gethostbyname (host)) == (struct hostent *) NULL) - { - error("rc_get_ipaddr: couldn't resolve hostname: %s", host); - return ((UINT4) 0); - } - return ntohl((*(UINT4 *) hp->h_addr)); -} - -/* - * Function: rc_good_ipaddr - * - * Purpose: check for valid IP address in standard dot notation. - * - * Returns: 0 on success, -1 when failure - * - */ - -int rc_good_ipaddr (char *addr) -{ - int dot_count; - int digit_count; - - if (addr == NULL) - return (-1); - - dot_count = 0; - digit_count = 0; - while (*addr != '\0' && *addr != ' ') - { - if (*addr == '.') - { - dot_count++; - digit_count = 0; - } - else if (!isdigit (*addr)) - { - dot_count = 5; - } - else - { - digit_count++; - if (digit_count > 3) - { - dot_count = 5; - } - } - addr++; - } - if (dot_count != 3) - { - return (-1); - } - else - { - return (0); - } -} - -/* - * Function: rc_ip_hostname - * - * Purpose: Return a printable host name (or IP address in dot notation) - * for the supplied IP address. - * - */ - -const char *rc_ip_hostname (UINT4 h_ipaddr) -{ - struct hostent *hp; - UINT4 n_ipaddr = htonl (h_ipaddr); - - if ((hp = gethostbyaddr ((char *) &n_ipaddr, sizeof (struct in_addr), - AF_INET)) == NULL) { - error("rc_ip_hostname: couldn't look up host by addr: %08lX", h_ipaddr); - } - - return ((hp==NULL)?"unknown":hp->h_name); -} - -/* - * Function: rc_own_ipaddress - * - * Purpose: get the IP address of this host in host order - * - * Returns: IP address on success, 0 on failure - * - */ - -UINT4 rc_own_ipaddress(void) -{ - static UINT4 this_host_ipaddr = 0; - - if (!this_host_ipaddr) { - if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) { - error("rc_own_ipaddress: couldn't get own IP address"); - return 0; - } - } - - return this_host_ipaddr; -} diff --git a/pppd/plugins/radius/lock.c b/pppd/plugins/radius/lock.c deleted file mode 100644 index 482e97c..0000000 --- a/pppd/plugins/radius/lock.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * $Id: lock.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1997 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include "includes.h" -#include -#include - -int do_lock_exclusive(int fd) -{ - struct flock fl; - int res; - - memset((void *)&fl, 0, sizeof(fl)); - - fl.l_type = F_WRLCK; - fl.l_whence = fl.l_start = 0; - fl.l_len = 0; /* 0 means "to end of file" */ - - res = fcntl(fd, F_SETLK, &fl); - - if ((res == -1) && (errno == EAGAIN)) - errno = EWOULDBLOCK; - - return res; -} - -int do_unlock(int fd) -{ - struct flock fl; - - memset((void *)&fl, 0, sizeof(fl)); - - fl.l_type = F_UNLCK; - fl.l_whence = fl.l_start = 0; - fl.l_len = 0; /* 0 means "to end of file" */ - - return fcntl(fd, F_SETLK, &fl); -} diff --git a/pppd/plugins/radius/md5.c b/pppd/plugins/radius/md5.c deleted file mode 100644 index 8af03aa..0000000 --- a/pppd/plugins/radius/md5.c +++ /dev/null @@ -1,13 +0,0 @@ -/* - * $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - */ -#include "md5.h" - -void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen) -{ - MD5_CTX context; - - MD5_Init (&context); - MD5_Update (&context, input, inlen); - MD5_Final (output, &context); -} diff --git a/pppd/plugins/radius/options.h b/pppd/plugins/radius/options.h deleted file mode 100644 index aa55305..0000000 --- a/pppd/plugins/radius/options.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * $Id: options.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1996 Lars Fenneberg - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#define OPTION_LEN 64 - -/* ids for different option types */ -#define OT_STR (1<<0) /* string */ -#define OT_INT (1<<1) /* integer */ -#define OT_SRV (1<<2) /* server list */ -#define OT_AUO (1<<3) /* authentication order */ - -#define OT_ANY ((unsigned int)~0) /* used internally */ - -/* status types */ -#define ST_UNDEF (1<<0) /* option is undefined */ - -typedef struct _option { - char name[OPTION_LEN]; /* name of the option */ - int type, status; /* type and status */ - void *val; /* pointer to option value */ -} OPTION; - -static SERVER acctserver = {0}; -static SERVER authserver = {0}; - -int default_tries = 4; -int default_timeout = 60; - -static OPTION config_options[] = { -/* internally used options */ -{"config_file", OT_STR, ST_UNDEF, NULL}, -/* General options */ -{"auth_order", OT_AUO, ST_UNDEF, NULL}, -{"login_tries", OT_INT, ST_UNDEF, &default_tries}, -{"login_timeout", OT_INT, ST_UNDEF, &default_timeout}, -{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"}, -{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"}, -/* RADIUS specific options */ -{"authserver", OT_SRV, ST_UNDEF, &authserver}, -{"acctserver", OT_SRV, ST_UNDEF, &acctserver}, -{"servers", OT_STR, ST_UNDEF, NULL}, -{"dictionary", OT_STR, ST_UNDEF, NULL}, -{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"}, -{"seqfile", OT_STR, ST_UNDEF, NULL}, -{"mapfile", OT_STR, ST_UNDEF, NULL}, -{"default_realm", OT_STR, ST_UNDEF, NULL}, -{"radius_timeout", OT_INT, ST_UNDEF, NULL}, -{"radius_retries", OT_INT, ST_UNDEF, NULL}, -{"nas_identifier", OT_STR, ST_UNDEF, ""}, -/* local options */ -{"login_local", OT_STR, ST_UNDEF, NULL}, -}; - -static int num_options = ((sizeof(config_options))/(sizeof(config_options[0]))); diff --git a/pppd/plugins/radius/pathnames.h b/pppd/plugins/radius/pathnames.h deleted file mode 100644 index 5aa4c60..0000000 --- a/pppd/plugins/radius/pathnames.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * $Id: pathnames.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#ifndef PATHNAMES_H -#define PATHNAMES_H - -#define _PATH_DEV_URANDOM "/dev/urandom" /* Linux only */ -#define _PATH_ETC_ISSUE "/etc/issue" - -/* normally defined in the Makefile */ -#ifndef _PATH_ETC_RADIUSCLIENT_CONF -#define _PATH_ETC_RADIUSCLIENT_CONF "/etc/radiusclient.conf" -#endif - -#endif /* PATHNAMES_H */ diff --git a/pppd/plugins/radius/pppd-radattr.8 b/pppd/plugins/radius/pppd-radattr.8 deleted file mode 100644 index 22d190b..0000000 --- a/pppd/plugins/radius/pppd-radattr.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" manual page [] for RADATTR plugin for pppd 2.4 -.\" $Id: pppd-radattr.8,v 1.2 2003/04/25 07:33:20 fcusack Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.TH PPPD-RADATTR 8 -.SH NAME -radattr.so \- RADIUS utility plugin for -.BR pppd (8) -.SH SYNOPSIS -.B pppd -[ -.I options -] -plugin radius.so plugin radattr.so -.SH DESCRIPTION -.LP -The radattr plugin for pppd causes all radius attributes returned by -the RADIUS server at authentication time to be stored in the file -.I /var/run/radattr.pppN -where -.I pppN -is the name of the PPP interface. The RADIUS attributes are stored -one per line in the format "Attribute-Name Attribute-Value". This -format is convenient for use in /etc/ppp/ip-up and /etc/ppp/ip-down -scripts. -.LP -Note that you -.I must -load the radius.so plugin before loading the radattr.so plugin; -radattr.so depends on symbols defined in radius.so. - -.SH USAGE -To use the plugin, simply supply the -.B plugin radius.so plugin radattr.so -options to pppd. - -.SH SEE ALSO -.BR pppd (8) " pppd-radius" (8) - -.SH AUTHOR -David F. Skoll diff --git a/pppd/plugins/radius/pppd-radius.8 b/pppd/plugins/radius/pppd-radius.8 deleted file mode 100644 index a8c103c..0000000 --- a/pppd/plugins/radius/pppd-radius.8 +++ /dev/null @@ -1,67 +0,0 @@ -.\" manual page [] for RADIUS plugin for pppd 2.4 -.\" $Id: pppd-radius.8,v 1.5 2004/03/26 13:27:17 kad Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.TH PPPD-RADIUS 8 -.SH NAME -radius.so \- RADIUS authentication plugin for -.BR pppd (8) -.SH SYNOPSIS -.B pppd -[ -.I options -] -plugin radius.so -.SH DESCRIPTION -.LP -The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and -MS-CHAPv2 authentication against a RADIUS server instead of the usual -.I /etc/ppp/pap-secrets -and -.I /etc/ppp/chap-secrets -files. -.LP -The RADIUS plugin is built on a library called -.B radiusclient -which has its own configuration files (usually in \fI/etc/radiusclient\fR), -consult those files for more information on configuring the RADIUS -plugin - -.SH OPTIONS -The RADIUS plugin introduces one additional pppd option: -.TP -.BI "radius-config-file " filename -The file -.I filename -is taken as the radiusclient configuration file. If this option is not -used, then the plugin uses -.I /etc/radiusclient/radiusclient.conf -as the configuration file. -.TP -.BI "avpair " attribute=value -Adds an Attribute-Value pair to be passed on to the RADIUS server on each request. -.TP -.BI map-to-ifname -Sets Radius NAS-Port attribute to number equal to interface name (Default) -.TP -.BI map-to-ttyname -Sets Radius NAS-Port attribute value via libradiusclient library - -.SH USAGE -To use the plugin, simply supply the -.B plugin radius.so -option to pppd, and edit -.I /etc/radiusclient/radiusclient.conf -appropriately. If you use the RADIUS plugin, the normal pppd authentication -schemes (login, checking the /etc/ppp/*-secrets files) are skipped. The -RADIUS server should assign an IP address to the peer using the RADIUS -Framed-IP-Address attribute. - -.SH SEE ALSO -.BR pppd (8) " pppd-radattr" (8) - -.SH AUTHOR -David F. Skoll diff --git a/pppd/plugins/radius/radattr.c b/pppd/plugins/radius/radattr.c deleted file mode 100644 index 1fe7daa..0000000 --- a/pppd/plugins/radius/radattr.c +++ /dev/null @@ -1,111 +0,0 @@ -/*********************************************************************** -* -* radattr.c -* -* A plugin which is stacked on top of radius.so. This plugin writes -* all RADIUS attributes from the server's authentication confirmation -* into /var/run/radattr.pppN. These attributes are available for -* consumption by /etc/ppp/ip-{up,down} scripts. -* -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: radattr.c,v 1.2 2004/10/28 00:24:40 paulus Exp $"; - -#include "pppd.h" -#include "radiusclient.h" -#include - -extern void (*radius_attributes_hook)(VALUE_PAIR *); -static void print_attributes(VALUE_PAIR *); -static void cleanup(void *opaque, int arg); - -char pppd_version[] = VERSION; - -/********************************************************************** -* %FUNCTION: plugin_init -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Initializes radattr plugin. -***********************************************************************/ -void -plugin_init(void) -{ - radius_attributes_hook = print_attributes; - -#if 0 - /* calling cleanup() on link down is problematic because print_attributes() - is called only after PAP or CHAP authentication, but not when the link - should go up again for any other reason */ - add_notifier(&link_down_notifier, cleanup, NULL); -#endif - - /* Just in case... */ - add_notifier(&exitnotify, cleanup, NULL); - info("RADATTR plugin initialized."); -} - -/********************************************************************** -* %FUNCTION: print_attributes -* %ARGUMENTS: -* vp -- linked-list of RADIUS attribute-value pairs -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Prints the attribute pairs to /var/run/radattr.pppN. Each line of the -* file contains "name value" pairs. -***********************************************************************/ -static void -print_attributes(VALUE_PAIR *vp) -{ - FILE *fp; - char fname[512]; - char name[2048]; - char value[2048]; - int cnt = 0; - - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); - fp = fopen(fname, "w"); - if (!fp) { - warn("radattr plugin: Could not open %s for writing: %m", fname); - return; - } - - for (; vp; vp=vp->next) { - if (rc_avpair_tostr(vp, name, sizeof(name), value, sizeof(value)) < 0) { - continue; - } - fprintf(fp, "%s %s\n", name, value); - cnt++; - } - fclose(fp); - dbglog("RADATTR plugin wrote %d line(s) to file %s.", cnt, fname); -} - -/********************************************************************** -* %FUNCTION: cleanup -* %ARGUMENTS: -* opaque -- not used -* arg -- not used -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Deletes /var/run/radattr.pppN -***********************************************************************/ -static void -cleanup(void *opaque, int arg) -{ - char fname[512]; - - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); - (void) remove(fname); - dbglog("RADATTR plugin removed file %s.", fname); -} diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c deleted file mode 100644 index 932c89a..0000000 --- a/pppd/plugins/radius/radius.c +++ /dev/null @@ -1,1306 +0,0 @@ -/*********************************************************************** -* -* radius.c -* -* RADIUS plugin for pppd. Performs PAP, CHAP, MS-CHAP, MS-CHAPv2 -* authentication using RADIUS. -* -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* Based on a patch for ipppd, which is: -* Copyright (C) 1996, Matjaz Godec -* Copyright (C) 1996, Lars Fenneberg -* Copyright (C) 1997, Miguel A.L. Paraz -* -* Uses radiusclient library, which is: -* Copyright (C) 1995,1996,1997,1998 Lars Fenneberg -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* MPPE support is by Ralf Hofmann, , with -* modification from Frank Cusack, . -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ -static char const RCSID[] = -"$Id: radius.c,v 1.28 2004/11/14 10:27:57 paulus Exp $"; - -#include "pppd.h" -#include "chap-new.h" -#ifdef CHAPMS -#include "chap_ms.h" -#ifdef MPPE -#include "md5.h" -#endif -#endif -#include "radiusclient.h" -#include "fsm.h" -#include "ipcp.h" -#include -#include -#include -#include -#include -#include - -#define BUF_LEN 1024 - -#define MD5_HASH_SIZE 16 - -static char *config_file = NULL; -static int add_avp(char **); -static struct avpopt { - char *vpstr; - struct avpopt *next; -} *avpopt = NULL; -static bool portnummap = 0; - -static option_t Options[] = { - { "radius-config-file", o_string, &config_file }, - { "avpair", o_special, add_avp }, - { "map-to-ttyname", o_bool, &portnummap, - "Set Radius NAS-Port attribute value via libradiusclient library", OPT_PRIO | 1 }, - { "map-to-ifname", o_bool, &portnummap, - "Set Radius NAS-Port attribute to number as in interface name (Default)", OPT_PRIOSUB | 0 }, - { NULL } -}; - -static int radius_secret_check(void); -static int radius_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -static int radius_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space); - -static void radius_ip_up(void *opaque, int arg); -static void radius_ip_down(void *opaque, int arg); -static void make_username_realm(char *user); -static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, - struct chap_digest_type *digest, - unsigned char *challenge, - char *message, int message_space); -static void radius_choose_ip(u_int32_t *addrp); -static int radius_init(char *msg); -static int get_client_port(char *ifname); -static int radius_allowed_address(u_int32_t addr); -static void radius_acct_interim(void *); -#ifdef MPPE -static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, - unsigned char *); -static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info); -#endif - -#ifndef MAXSESSIONID -#define MAXSESSIONID 32 -#endif - -#ifndef MAXCLASSLEN -#define MAXCLASSLEN 500 -#endif - -struct radius_state { - int accounting_started; - int initialized; - int client_port; - int choose_ip; - int any_ip_addr_ok; - int done_chap_once; - u_int32_t ip_addr; - char user[MAXNAMELEN]; - char config_file[MAXPATHLEN]; - char session_id[MAXSESSIONID + 1]; - time_t start_time; - int acct_interim_interval; - SERVER *authserver; /* Authentication server to use */ - SERVER *acctserver; /* Accounting server to use */ - int class_len; - char class[MAXCLASSLEN]; - VALUE_PAIR *avp; /* Additional (user supplied) vp's to send to server */ -}; - -void (*radius_attributes_hook)(VALUE_PAIR *) = NULL; - -/* The pre_auth_hook MAY set authserver and acctserver if it wants. - In that case, they override the values in the radiusclient.conf file */ -void (*radius_pre_auth_hook)(char const *user, - SERVER **authserver, - SERVER **acctserver) = NULL; - -static struct radius_state rstate; - -char pppd_version[] = VERSION; - -/********************************************************************** -* %FUNCTION: plugin_init -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Initializes RADIUS plugin. -***********************************************************************/ -void -plugin_init(void) -{ - pap_check_hook = radius_secret_check; - pap_auth_hook = radius_pap_auth; - - chap_check_hook = radius_secret_check; - chap_verify_hook = radius_chap_verify; - - ip_choose_hook = radius_choose_ip; - allowed_address_hook = radius_allowed_address; - - add_notifier(&ip_up_notifier, radius_ip_up, NULL); - add_notifier(&ip_down_notifier, radius_ip_down, NULL); - - memset(&rstate, 0, sizeof(rstate)); - - strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf", - sizeof(rstate.config_file)); - - add_options(Options); - - info("RADIUS plugin initialized."); -} - -/********************************************************************** -* %FUNCTION: add_avp -* %ARGUMENTS: -* argv -- the pair to add -* %RETURNS: -* 1 -* %DESCRIPTION: -* Adds an av pair to be passed on to the RADIUS server on each request. -***********************************************************************/ -static int -add_avp(char **argv) -{ - struct avpopt *p = malloc(sizeof(struct avpopt)); - - /* Append to a list of vp's for later parsing */ - p->vpstr = strdup(*argv); - p->next = avpopt; - avpopt = p; - - return 1; -} - -/********************************************************************** -* %FUNCTION: radius_secret_check -* %ARGUMENTS: -* None -* %RETURNS: -* 1 -- we are ALWAYS willing to supply a secret. :-) -* %DESCRIPTION: -* Tells pppd that we will try to authenticate the peer, and not to -* worry about looking in /etc/ppp/*-secrets -***********************************************************************/ -static int -radius_secret_check(void) -{ - return 1; -} - -/********************************************************************** -* %FUNCTION: radius_choose_ip -* %ARGUMENTS: -* addrp -- where to store the IP address -* %RETURNS: -* Nothing -* %DESCRIPTION: -* If RADIUS server has specified an IP address, it is stored in *addrp. -***********************************************************************/ -static void -radius_choose_ip(u_int32_t *addrp) -{ - if (rstate.choose_ip) { - *addrp = rstate.ip_addr; - } -} - -/********************************************************************** -* %FUNCTION: radius_pap_auth -* %ARGUMENTS: -* user -- user-name of peer -* passwd -- password supplied by peer -* msgp -- Message which will be sent in PAP response -* paddrs -- set to a list of possible peer IP addresses -* popts -- set to a list of additional pppd options -* %RETURNS: -* 1 if we can authenticate, -1 if we cannot. -* %DESCRIPTION: -* Performs PAP authentication using RADIUS -***********************************************************************/ -static int -radius_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts) -{ - VALUE_PAIR *send, *received; - UINT4 av_type; - int result; - static char radius_msg[BUF_LEN]; - - radius_msg[0] = 0; - *msgp = radius_msg; - - if (radius_init(radius_msg) < 0) { - return 0; - } - - /* Put user with potentially realm added in rstate.user */ - make_username_realm(user); - - if (radius_pre_auth_hook) { - radius_pre_auth_hook(rstate.user, - &rstate.authserver, - &rstate.acctserver); - } - - send = NULL; - received = NULL; - - /* Hack... the "port" is the ppp interface number. Should really be - the tty */ - rstate.client_port = get_client_port(portnummap ? devnam : ifname); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE); - rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE); - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, - VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.authserver) { - result = rc_auth_using_server(rstate.authserver, - rstate.client_port, send, - &received, radius_msg, NULL); - } else { - result = rc_auth(rstate.client_port, send, &received, radius_msg, NULL); - } - - if (result == OK_RC) { - if (radius_setparams(received, radius_msg, NULL, NULL, NULL, NULL, 0) < 0) { - result = ERROR_RC; - } - } - - /* free value pairs */ - rc_avpair_free(received); - rc_avpair_free(send); - - return (result == OK_RC) ? 1 : 0; -} - -/********************************************************************** -* %FUNCTION: radius_chap_verify -* %ARGUMENTS: -* user -- name of the peer -* ourname -- name for this machine -* id -- the ID byte in the challenge -* digest -- points to the structure representing the digest type -* challenge -- the challenge string we sent (length in first byte) -* response -- the response (hash) the peer sent back (length in 1st byte) -* message -- space for a message to be returned to the peer -* message_space -- number of bytes available at *message. -* %RETURNS: -* 1 if the response is good, 0 if it is bad -* %DESCRIPTION: -* Performs CHAP, MS-CHAP and MS-CHAPv2 authentication using RADIUS. -***********************************************************************/ -static int -radius_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - VALUE_PAIR *send, *received; - UINT4 av_type; - static char radius_msg[BUF_LEN]; - int result; - int challenge_len, response_len; - u_char cpassword[MAX_RESPONSE_LEN + 1]; -#ifdef MPPE - /* Need the RADIUS secret and Request Authenticator to decode MPPE */ - REQUEST_INFO request_info, *req_info = &request_info; -#else - REQUEST_INFO *req_info = NULL; -#endif - - challenge_len = *challenge++; - response_len = *response++; - - radius_msg[0] = 0; - - if (radius_init(radius_msg) < 0) { - error("%s", radius_msg); - return 0; - } - - /* return error for types we can't handle */ - if ((digest->code != CHAP_MD5) -#ifdef CHAPMS - && (digest->code != CHAP_MICROSOFT) - && (digest->code != CHAP_MICROSOFT_V2) -#endif - ) { - error("RADIUS: Challenge type %u unsupported", digest->code); - return 0; - } - - /* Put user with potentially realm added in rstate.user */ - if (!rstate.done_chap_once) { - make_username_realm(user); - rstate.client_port = get_client_port (portnummap ? devnam : ifname); - if (radius_pre_auth_hook) { - radius_pre_auth_hook(rstate.user, - &rstate.authserver, - &rstate.acctserver); - } - } - - send = received = NULL; - - av_type = PW_FRAMED; - rc_avpair_add (&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add (&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - rc_avpair_add (&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE); - - /* - * add the challenge and response fields - */ - switch (digest->code) { - case CHAP_MD5: - /* CHAP-Challenge and CHAP-Password */ - if (response_len != MD5_HASH_SIZE) - return 0; - cpassword[0] = id; - memcpy(&cpassword[1], response, MD5_HASH_SIZE); - - rc_avpair_add(&send, PW_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_NONE); - rc_avpair_add(&send, PW_CHAP_PASSWORD, - cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE); - break; - -#ifdef CHAPMS - case CHAP_MICROSOFT: - { - /* MS-CHAP-Challenge and MS-CHAP-Response */ - MS_ChapResponse *rmd = (MS_ChapResponse *) response; - u_char *p = cpassword; - - if (response_len != MS_CHAP_RESPONSE_LEN) - return 0; - *p++ = id; - /* The idiots use a different field order in RADIUS than PPP */ - memcpy(p, rmd->UseNT, sizeof(rmd->UseNT)); - p += sizeof(rmd->UseNT); - memcpy(p, rmd->LANManResp, sizeof(rmd->LANManResp)); - p += sizeof(rmd->LANManResp); - memcpy(p, rmd->NTResp, sizeof(rmd->NTResp)); - - rc_avpair_add(&send, PW_MS_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_MICROSOFT); - rc_avpair_add(&send, PW_MS_CHAP_RESPONSE, - cpassword, MS_CHAP_RESPONSE_LEN + 1, VENDOR_MICROSOFT); - break; - } - - case CHAP_MICROSOFT_V2: - { - /* MS-CHAP-Challenge and MS-CHAP2-Response */ - MS_Chap2Response *rmd = (MS_Chap2Response *) response; - u_char *p = cpassword; - - if (response_len != MS_CHAP2_RESPONSE_LEN) - return 0; - *p++ = id; - /* The idiots use a different field order in RADIUS than PPP */ - memcpy(p, rmd->Flags, sizeof(rmd->Flags)); - p += sizeof(rmd->Flags); - memcpy(p, rmd->PeerChallenge, sizeof(rmd->PeerChallenge)); - p += sizeof(rmd->PeerChallenge); - memcpy(p, rmd->Reserved, sizeof(rmd->Reserved)); - p += sizeof(rmd->Reserved); - memcpy(p, rmd->NTResp, sizeof(rmd->NTResp)); - - rc_avpair_add(&send, PW_MS_CHAP_CHALLENGE, - challenge, challenge_len, VENDOR_MICROSOFT); - rc_avpair_add(&send, PW_MS_CHAP2_RESPONSE, - cpassword, MS_CHAP2_RESPONSE_LEN + 1, VENDOR_MICROSOFT); - break; - } -#endif - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, - VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - /* - * make authentication with RADIUS server - */ - - if (rstate.authserver) { - result = rc_auth_using_server(rstate.authserver, - rstate.client_port, send, - &received, radius_msg, req_info); - } else { - result = rc_auth(rstate.client_port, send, &received, radius_msg, - req_info); - } - - if (result == OK_RC) { - if (!rstate.done_chap_once) { - if (radius_setparams(received, radius_msg, req_info, digest, - challenge, message, message_space) < 0) { - error("%s", radius_msg); - result = ERROR_RC; - } else { - rstate.done_chap_once = 1; - } - } - } - - rc_avpair_free(received); - rc_avpair_free (send); - return (result == OK_RC); -} - -/********************************************************************** -* %FUNCTION: make_username_realm -* %ARGUMENTS: -* user -- the user given to pppd -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Copies user into rstate.user. If it lacks a realm (no "@domain" part), -* then the default realm from the radiusclient config file is added. -***********************************************************************/ -static void -make_username_realm(char *user) -{ - char *default_realm; - - if ( user != NULL ) { - strlcpy(rstate.user, user, sizeof(rstate.user)); - } else { - rstate.user[0] = 0; - } - - default_realm = rc_conf_str("default_realm"); - - if (!strchr(rstate.user, '@') && - default_realm && - (*default_realm != '\0')) { - strlcat(rstate.user, "@", sizeof(rstate.user)); - strlcat(rstate.user, default_realm, sizeof(rstate.user)); - } -} - -/********************************************************************** -* %FUNCTION: radius_setparams -* %ARGUMENTS: -* vp -- received value-pairs -* msg -- buffer in which to place error message. Holds up to BUF_LEN chars -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Parses attributes sent by RADIUS server and sets them in pppd. -***********************************************************************/ -static int -radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, - struct chap_digest_type *digest, unsigned char *challenge, - char *message, int message_space) -{ - u_int32_t remote; - int ms_chap2_success = 0; -#ifdef MPPE - int mppe_enc_keys = 0; /* whether or not these were received */ - int mppe_enc_policy = 0; - int mppe_enc_types = 0; -#endif - - /* Send RADIUS attributes to anyone else who might be interested */ - if (radius_attributes_hook) { - (*radius_attributes_hook)(vp); - } - - /* - * service type (if not framed then quit), - * new IP address (RADIUS can define static IP for some users), - */ - - while (vp) { - if (vp->vendorcode == VENDOR_NONE) { - switch (vp->attribute) { - case PW_SERVICE_TYPE: - /* check for service type */ - /* if not FRAMED then exit */ - if (vp->lvalue != PW_FRAMED) { - slprintf(msg, BUF_LEN, "RADIUS: wrong service type %ld for %s", - vp->lvalue, rstate.user); - return -1; - } - break; - - case PW_FRAMED_PROTOCOL: - /* check for framed protocol type */ - /* if not PPP then also exit */ - if (vp->lvalue != PW_PPP) { - slprintf(msg, BUF_LEN, "RADIUS: wrong framed protocol %ld for %s", - vp->lvalue, rstate.user); - return -1; - } - break; - - case PW_SESSION_TIMEOUT: - /* Session timeout */ - maxconnect = vp->lvalue; - break; -#ifdef MAXOCTETS - case PW_SESSION_OCTETS_LIMIT: - /* Session traffic limit */ - maxoctets = vp->lvalue; - break; - case PW_OCTETS_DIRECTION: - /* Session traffic limit direction check */ - maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ; - break; -#endif - case PW_ACCT_INTERIM_INTERVAL: - /* Send accounting updates every few seconds */ - rstate.acct_interim_interval = vp->lvalue; - /* RFC says it MUST NOT be less than 60 seconds */ - /* We use "0" to signify not sending updates */ - if (rstate.acct_interim_interval && - rstate.acct_interim_interval < 60) { - rstate.acct_interim_interval = 60; - } - break; - case PW_FRAMED_IP_ADDRESS: - /* seting up remote IP addresses */ - remote = vp->lvalue; - if (remote == 0xffffffff) { - /* 0xffffffff means user should be allowed to select one */ - rstate.any_ip_addr_ok = 1; - } else if (remote != 0xfffffffe) { - /* 0xfffffffe means NAS should select an ip address */ - remote = htonl(vp->lvalue); - if (bad_ip_adrs (remote)) { - slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s", - remote, rstate.user); - return -1; - } - rstate.choose_ip = 1; - rstate.ip_addr = remote; - } - break; - case PW_CLASS: - /* Save Class attribute to pass it in accounting request */ - if (vp->lvalue <= MAXCLASSLEN) { - rstate.class_len=vp->lvalue; - memcpy(rstate.class, vp->strvalue, rstate.class_len); - } /* else too big for our buffer - ignore it */ - break; - } - - -#ifdef CHAPMS - } else if (vp->vendorcode == VENDOR_MICROSOFT) { - switch (vp->attribute) { - case PW_MS_CHAP2_SUCCESS: - if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) { - slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet"); - return -1; - } - if (message != NULL) - strlcpy(message, vp->strvalue + 1, message_space); - ms_chap2_success = 1; - break; - -#ifdef MPPE - case PW_MS_CHAP_MPPE_KEYS: - if (radius_setmppekeys(vp, req_info, challenge) < 0) { - slprintf(msg, BUF_LEN, - "RADIUS: bad MS-CHAP-MPPE-Keys attribute"); - return -1; - } - mppe_enc_keys = 1; - break; - - case PW_MS_MPPE_SEND_KEY: - case PW_MS_MPPE_RECV_KEY: - if (radius_setmppekeys2(vp, req_info) < 0) { - slprintf(msg, BUF_LEN, - "RADIUS: bad MS-MPPE-%s-Key attribute", - (vp->attribute == PW_MS_MPPE_SEND_KEY)? - "Send": "Recv"); - return -1; - } - mppe_enc_keys = 1; - break; - - case PW_MS_MPPE_ENCRYPTION_POLICY: - mppe_enc_policy = vp->lvalue; /* save for later */ - break; - - case PW_MS_MPPE_ENCRYPTION_TYPES: - mppe_enc_types = vp->lvalue; /* save for later */ - break; - -#endif /* MPPE */ -#if 0 - case PW_MS_PRIMARY_DNS_SERVER: - case PW_MS_SECONDARY_DNS_SERVER: - case PW_MS_PRIMARY_NBNS_SERVER: - case PW_MS_SECONDARY_NBNS_SERVER: - break; -#endif - } -#endif /* CHAPMS */ - } - vp = vp->next; - } - - /* Require a valid MS-CHAP2-SUCCESS for MS-CHAPv2 auth */ - if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success) - return -1; - -#ifdef MPPE - /* - * Require both policy and key attributes to indicate a valid key. - * Note that if the policy value was '0' we don't set the key! - */ - if (mppe_enc_policy && mppe_enc_keys) { - mppe_keys_set = 1; - /* Set/modify allowed encryption types. */ - if (mppe_enc_types) - set_mppe_enc_types(mppe_enc_policy, mppe_enc_types); - } -#endif - - return 0; -} - -#ifdef MPPE -/********************************************************************** -* %FUNCTION: radius_setmppekeys -* %ARGUMENTS: -* vp -- value pair holding MS-CHAP-MPPE-KEYS attribute -* req_info -- radius request information used for encryption -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Decrypt the "key" provided by the RADIUS server for MPPE encryption. -* See RFC 2548. -***********************************************************************/ -static int -radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, - unsigned char *challenge) -{ - int i; - MD5_CTX Context; - u_char plain[32]; - u_char buf[16]; - - if (vp->lvalue != 32) { - error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys", - vp->lvalue); - return -1; - } - - memcpy(plain, vp->strvalue, sizeof(plain)); - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Final(buf, &Context); - - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, vp->strvalue, 16); - MD5_Final(buf, &Context); - - for(i = 0; i < 16; i++) - plain[i + 16] ^= buf[i]; - - /* - * Annoying. The "key" returned is just the NTPasswordHashHash, which - * the NAS (us) doesn't need; we only need the start key. So we have - * to generate the start key, sigh. NB: We do not support the LM-Key. - */ - mppe_set_keys(challenge, &plain[8]); - - return 0; -} - -/********************************************************************** -* %FUNCTION: radius_setmppekeys2 -* %ARGUMENTS: -* vp -- value pair holding MS-MPPE-SEND-KEY or MS-MPPE-RECV-KEY attribute -* req_info -- radius request information used for encryption -* %RETURNS: -* >= 0 on success; -1 on failure -* %DESCRIPTION: -* Decrypt the key provided by the RADIUS server for MPPE encryption. -* See RFC 2548. -***********************************************************************/ -static int -radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) -{ - int i; - MD5_CTX Context; - u_char *salt = vp->strvalue; - u_char *crypt = vp->strvalue + 2; - u_char plain[32]; - u_char buf[MD5_HASH_SIZE]; - char *type = "Send"; - - if (vp->attribute == PW_MS_MPPE_RECV_KEY) - type = "Recv"; - - if (vp->lvalue != 34) { - error("RADIUS: Incorrect attribute length (%d) for MS-MPPE-%s-Key", - vp->lvalue, type); - return -1; - } - - if ((salt[0] & 0x80) == 0) { - error("RADIUS: Illegal salt value for MS-MPPE-%s-Key attribute", type); - return -1; - } - - memcpy(plain, crypt, 32); - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Update(&Context, salt, 2); - MD5_Final(buf, &Context); - - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; - - if (plain[0] != sizeof(mppe_send_key) /* 16 */) { - error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", - (int) plain[0], type); - return -1; - } - - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, crypt, 16); - MD5_Final(buf, &Context); - - plain[16] ^= buf[0]; /* only need the first byte */ - - if (vp->attribute == PW_MS_MPPE_SEND_KEY) - memcpy(mppe_send_key, plain + 1, 16); - else - memcpy(mppe_recv_key, plain + 1, 16); - - return 0; -} -#endif /* MPPE */ - -/********************************************************************** -* %FUNCTION: radius_acct_start -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends a "start" accounting message to the RADIUS server. -***********************************************************************/ -static void -radius_acct_start(void) -{ - UINT4 av_type; - int result; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - - if (!rstate.initialized) { - return; - } - - rstate.start_time = time(NULL); - - strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id)); - - rc_avpair_add(&send, PW_ACCT_SESSION_ID, - rstate.session_id, 0, VENDOR_NONE); - rc_avpair_add(&send, PW_USER_NAME, - rstate.user, 0, VENDOR_NONE); - - if (rstate.class_len > 0) - rc_avpair_add(&send, PW_CLASS, - rstate.class, rstate.class_len, VENDOR_NONE); - - av_type = PW_STATUS_START; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - rc_avpair_free(send); - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Accounting START failed for %s", rstate.user); - } else { - rstate.accounting_started = 1; - /* Kick off periodic accounting reports */ - if (rstate.acct_interim_interval) { - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); - } - } -} - -/********************************************************************** -* %FUNCTION: radius_acct_stop -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends a "stop" accounting message to the RADIUS server. -***********************************************************************/ -static void -radius_acct_stop(void) -{ - UINT4 av_type; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - int result; - - if (!rstate.initialized) { - return; - } - - if (!rstate.accounting_started) { - return; - } - - rstate.accounting_started = 0; - rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, - 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE); - - av_type = PW_STATUS_STOP; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - - if (link_stats_valid) { - av_type = link_connect_time; - rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_in; - rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_in; - rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_NAS_ERROR; - switch( status ) { - case EXIT_OK: - case EXIT_USER_REQUEST: - av_type = PW_USER_REQUEST; - break; - - case EXIT_HANGUP: - case EXIT_PEER_DEAD: - case EXIT_CONNECT_FAILED: - av_type = PW_LOST_CARRIER; - break; - - case EXIT_INIT_FAILED: - case EXIT_OPEN_FAILED: - case EXIT_LOCK_FAILED: - case EXIT_PTYCMD_FAILED: - av_type = PW_PORT_ERROR; - break; - - case EXIT_PEER_AUTH_FAILED: - case EXIT_AUTH_TOPEER_FAILED: - case EXIT_NEGOTIATION_FAILED: - case EXIT_CNID_AUTH_FAILED: - av_type = PW_SERVICE_UNAVAILABLE; - break; - - case EXIT_IDLE_TIMEOUT: - av_type = PW_ACCT_IDLE_TIMEOUT; - break; - - case EXIT_CONNECT_TIME: - av_type = PW_ACCT_SESSION_TIMEOUT; - break; - -#ifdef MAXOCTETS - case EXIT_TRAFFIC_LIMIT: - av_type = PW_NAS_REQUEST; - break; -#endif - - default: - av_type = PW_NAS_ERROR; - break; - } - rc_avpair_add(&send, PW_ACCT_TERMINATE_CAUSE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Accounting STOP failed for %s", rstate.user); - } - rc_avpair_free(send); -} - -/********************************************************************** -* %FUNCTION: radius_acct_interim -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Sends an interim accounting message to the RADIUS server -***********************************************************************/ -static void -radius_acct_interim(void *ignored) -{ - UINT4 av_type; - VALUE_PAIR *send = NULL; - ipcp_options *ho = &ipcp_hisoptions[0]; - u_int32_t hisaddr; - int result; - - if (!rstate.initialized) { - return; - } - - if (!rstate.accounting_started) { - return; - } - - rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, - 0, VENDOR_NONE); - - rc_avpair_add(&send, PW_USER_NAME, rstate.user, 0, VENDOR_NONE); - - av_type = PW_STATUS_ALIVE; - rc_avpair_add(&send, PW_ACCT_STATUS_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_FRAMED; - rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); - - av_type = PW_PPP; - rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - - av_type = PW_RADIUS; - rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - - /* Update link stats */ - update_link_stats(0); - - if (link_stats_valid) { - link_stats_valid = 0; /* Force later code to update */ - - av_type = link_connect_time; - rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.bytes_in; - rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_out; - rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - - av_type = link_stats.pkts_in; - rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); - } - - if (*remote_number) { - rc_avpair_add(&send, PW_CALLING_STATION_ID, - remote_number, 0, VENDOR_NONE); - } else if (ipparam) - rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); - rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); - - hisaddr = ho->hisaddr; - av_type = htonl(hisaddr); - rc_avpair_add(&send, PW_FRAMED_IP_ADDRESS , &av_type , 0, VENDOR_NONE); - - /* Add user specified vp's */ - if (rstate.avp) - rc_avpair_insert(&send, NULL, rc_avpair_copy(rstate.avp)); - - if (rstate.acctserver) { - result = rc_acct_using_server(rstate.acctserver, - rstate.client_port, send); - } else { - result = rc_acct(rstate.client_port, send); - } - - if (result != OK_RC) { - /* RADIUS server could be down so make this a warning */ - syslog(LOG_WARNING, - "Interim accounting failed for %s", rstate.user); - } - rc_avpair_free(send); - - /* Schedule another one */ - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); -} - -/********************************************************************** -* %FUNCTION: radius_ip_up -* %ARGUMENTS: -* opaque -- ignored -* arg -- ignored -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Called when IPCP is up. We'll do a start-accounting record. -***********************************************************************/ -static void -radius_ip_up(void *opaque, int arg) -{ - radius_acct_start(); -} - -/********************************************************************** -* %FUNCTION: radius_ip_down -* %ARGUMENTS: -* opaque -- ignored -* arg -- ignored -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Called when IPCP is down. We'll do a stop-accounting record. -***********************************************************************/ -static void -radius_ip_down(void *opaque, int arg) -{ - radius_acct_stop(); -} - -/********************************************************************** -* %FUNCTION: radius_init -* %ARGUMENTS: -* msg -- buffer of size BUF_LEN for error message -* %RETURNS: -* negative on failure; non-negative on success -* %DESCRIPTION: -* Initializes radiusclient library -***********************************************************************/ -static int -radius_init(char *msg) -{ - if (rstate.initialized) { - return 0; - } - - if (config_file && *config_file) { - strlcpy(rstate.config_file, config_file, MAXPATHLEN-1); - } - - rstate.initialized = 1; - - if (rc_read_config(rstate.config_file) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read config file %s", - rstate.config_file); - return -1; - } - - if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read dictionary file %s", - rc_conf_str("dictionary")); - return -1; - } - - if (rc_read_mapfile(rc_conf_str("mapfile")) != 0) { - slprintf(msg, BUF_LEN, "RADIUS: Can't read map file %s", - rc_conf_str("mapfile")); - return -1; - } - - /* Add av pairs saved during option parsing */ - while (avpopt) { - struct avpopt *n = avpopt->next; - - rc_avpair_parse(avpopt->vpstr, &rstate.avp); - free(avpopt->vpstr); - free(avpopt); - avpopt = n; - } - return 0; -} - -/********************************************************************** -* %FUNCTION: get_client_port -* %ARGUMENTS: -* ifname -- PPP interface name (e.g. "ppp7") -* %RETURNS: -* The NAS port number (e.g. 7) -* %DESCRIPTION: -* Extracts the port number from the interface name -***********************************************************************/ -static int -get_client_port(char *ifname) -{ - int port; - if (sscanf(ifname, "ppp%d", &port) == 1) { - return port; - } - return rc_map2id(ifname); -} - -/********************************************************************** -* %FUNCTION: radius_allowed_address -* %ARGUMENTS: -* addr -- IP address -* %RETURNS: -* 1 if we're allowed to use that IP address; 0 if not; -1 if we do -* not know. -***********************************************************************/ -static int -radius_allowed_address(u_int32_t addr) -{ - ipcp_options *wo = &ipcp_wantoptions[0]; - - if (!rstate.choose_ip) { - /* If RADIUS server said any address is OK, then fine... */ - if (rstate.any_ip_addr_ok) { - return 1; - } - - /* Sigh... if an address was supplied for remote host in pppd - options, it has to match that. */ - if (wo->hisaddr != 0 && wo->hisaddr == addr) { - return 1; - } - - return 0; - } - if (addr == rstate.ip_addr) return 1; - return 0; -} - -/* Useful for other plugins */ -char *radius_logged_in_user(void) -{ - return rstate.user; -} diff --git a/pppd/plugins/radius/radiusclient.h b/pppd/plugins/radius/radiusclient.h deleted file mode 100644 index 7b7933e..0000000 --- a/pppd/plugins/radius/radiusclient.h +++ /dev/null @@ -1,455 +0,0 @@ -/* - * $Id: radiusclient.h,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997,1998 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#ifndef RADIUSCLIENT_H -#define RADIUSCLIENT_H - -#include -#include -#include -#include "pppd.h" - -#ifndef _UINT4_T -/* This works for all machines that Linux runs on... */ -typedef unsigned int UINT4; -typedef int INT4; -#endif - -#define AUTH_VECTOR_LEN 16 -#define AUTH_PASS_LEN (3 * 16) /* multiple of 16 */ -#define AUTH_ID_LEN 64 -#define AUTH_STRING_LEN 128 /* maximum of 253 */ - -#define BUFFER_LEN 8192 - -#define NAME_LENGTH 32 -#define GETSTR_LENGTH 128 /* must be bigger than AUTH_PASS_LEN */ - -/* codes for radius_buildreq, radius_getport, etc. */ -#define AUTH 0 -#define ACCT 1 - -/* defines for config.c */ - -#define SERVER_MAX 8 - -#define AUTH_LOCAL_FST (1<<0) -#define AUTH_RADIUS_FST (1<<1) -#define AUTH_LOCAL_SND (1<<2) -#define AUTH_RADIUS_SND (1<<3) - -typedef struct server { - int max; - char *name[SERVER_MAX]; - unsigned short port[SERVER_MAX]; -} SERVER; - -typedef struct pw_auth_hdr -{ - u_char code; - u_char id; - u_short length; - u_char vector[AUTH_VECTOR_LEN]; - u_char data[2]; -} AUTH_HDR; - -#define AUTH_HDR_LEN 20 -#define MAX_SECRET_LENGTH (3 * 16) /* MUST be multiple of 16 */ -#define CHAP_VALUE_LENGTH 16 - -#define PW_AUTH_UDP_PORT 1812 -#define PW_ACCT_UDP_PORT 1813 - -#define PW_TYPE_STRING 0 -#define PW_TYPE_INTEGER 1 -#define PW_TYPE_IPADDR 2 -#define PW_TYPE_DATE 3 - -/* standard RADIUS codes */ - -#define PW_ACCESS_REQUEST 1 -#define PW_ACCESS_ACCEPT 2 -#define PW_ACCESS_REJECT 3 -#define PW_ACCOUNTING_REQUEST 4 -#define PW_ACCOUNTING_RESPONSE 5 -#define PW_ACCOUNTING_STATUS 6 -#define PW_PASSWORD_REQUEST 7 -#define PW_PASSWORD_ACK 8 -#define PW_PASSWORD_REJECT 9 -#define PW_ACCOUNTING_MESSAGE 10 -#define PW_ACCESS_CHALLENGE 11 -#define PW_STATUS_SERVER 12 -#define PW_STATUS_CLIENT 13 - - -/* standard RADIUS attribute-value pairs */ - -#define PW_USER_NAME 1 /* string */ -#define PW_USER_PASSWORD 2 /* string */ -#define PW_CHAP_PASSWORD 3 /* string */ -#define PW_NAS_IP_ADDRESS 4 /* ipaddr */ -#define PW_NAS_PORT 5 /* integer */ -#define PW_SERVICE_TYPE 6 /* integer */ -#define PW_FRAMED_PROTOCOL 7 /* integer */ -#define PW_FRAMED_IP_ADDRESS 8 /* ipaddr */ -#define PW_FRAMED_IP_NETMASK 9 /* ipaddr */ -#define PW_FRAMED_ROUTING 10 /* integer */ -#define PW_FILTER_ID 11 /* string */ -#define PW_FRAMED_MTU 12 /* integer */ -#define PW_FRAMED_COMPRESSION 13 /* integer */ -#define PW_LOGIN_IP_HOST 14 /* ipaddr */ -#define PW_LOGIN_SERVICE 15 /* integer */ -#define PW_LOGIN_PORT 16 /* integer */ -#define PW_OLD_PASSWORD 17 /* string */ /* deprecated */ -#define PW_REPLY_MESSAGE 18 /* string */ -#define PW_LOGIN_CALLBACK_NUMBER 19 /* string */ -#define PW_FRAMED_CALLBACK_ID 20 /* string */ -#define PW_EXPIRATION 21 /* date */ /* deprecated */ -#define PW_FRAMED_ROUTE 22 /* string */ -#define PW_FRAMED_IPX_NETWORK 23 /* integer */ -#define PW_STATE 24 /* string */ -#define PW_CLASS 25 /* string */ -#define PW_VENDOR_SPECIFIC 26 /* string */ -#define PW_SESSION_TIMEOUT 27 /* integer */ -#define PW_IDLE_TIMEOUT 28 /* integer */ -#define PW_TERMINATION_ACTION 29 /* integer */ -#define PW_CALLED_STATION_ID 30 /* string */ -#define PW_CALLING_STATION_ID 31 /* string */ -#define PW_NAS_IDENTIFIER 32 /* string */ -#define PW_PROXY_STATE 33 /* string */ -#define PW_LOGIN_LAT_SERVICE 34 /* string */ -#define PW_LOGIN_LAT_NODE 35 /* string */ -#define PW_LOGIN_LAT_GROUP 36 /* string */ -#define PW_FRAMED_APPLETALK_LINK 37 /* integer */ -#define PW_FRAMED_APPLETALK_NETWORK 38 /* integer */ -#define PW_FRAMED_APPLETALK_ZONE 39 /* string */ -#define PW_CHAP_CHALLENGE 60 /* string */ -#define PW_NAS_PORT_TYPE 61 /* integer */ -#define PW_PORT_LIMIT 62 /* integer */ -#define PW_LOGIN_LAT_PORT 63 /* string */ - -/* Vendor RADIUS attribute-value pairs */ -#define PW_MS_CHAP_CHALLENGE 11 /* string */ -#define PW_MS_CHAP_RESPONSE 1 /* string */ -#define PW_MS_CHAP2_RESPONSE 25 /* string */ -#define PW_MS_CHAP2_SUCCESS 26 /* string */ -#define PW_MS_MPPE_ENCRYPTION_POLICY 7 /* string */ -#define PW_MS_MPPE_ENCRYPTION_TYPE 8 /* string */ -#define PW_MS_MPPE_ENCRYPTION_TYPES PW_MS_MPPE_ENCRYPTION_TYPE -#define PW_MS_CHAP_MPPE_KEYS 12 /* string */ -#define PW_MS_MPPE_SEND_KEY 16 /* string */ -#define PW_MS_MPPE_RECV_KEY 17 /* string */ - -/* Accounting */ - -#define PW_ACCT_STATUS_TYPE 40 /* integer */ -#define PW_ACCT_DELAY_TIME 41 /* integer */ -#define PW_ACCT_INPUT_OCTETS 42 /* integer */ -#define PW_ACCT_OUTPUT_OCTETS 43 /* integer */ -#define PW_ACCT_SESSION_ID 44 /* string */ -#define PW_ACCT_AUTHENTIC 45 /* integer */ -#define PW_ACCT_SESSION_TIME 46 /* integer */ -#define PW_ACCT_INPUT_PACKETS 47 /* integer */ -#define PW_ACCT_OUTPUT_PACKETS 48 /* integer */ -#define PW_ACCT_TERMINATE_CAUSE 49 /* integer */ -#define PW_ACCT_MULTI_SESSION_ID 50 /* string */ -#define PW_ACCT_LINK_COUNT 51 /* integer */ - -/* From RFC 2869 */ -#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */ - -/* Merit Experimental Extensions */ - -#define PW_USER_ID 222 /* string */ -#define PW_USER_REALM 223 /* string */ - - -/* Session limits */ -#define PW_SESSION_OCTETS_LIMIT 227 /* integer */ -#define PW_OCTETS_DIRECTION 228 /* integer */ - -/* Integer Translations */ - -/* SERVICE TYPES */ - -#define PW_LOGIN 1 -#define PW_FRAMED 2 -#define PW_CALLBACK_LOGIN 3 -#define PW_CALLBACK_FRAMED 4 -#define PW_OUTBOUND 5 -#define PW_ADMINISTRATIVE 6 -#define PW_NAS_PROMPT 7 -#define PW_AUTHENTICATE_ONLY 8 -#define PW_CALLBACK_NAS_PROMPT 9 - -/* FRAMED PROTOCOLS */ - -#define PW_PPP 1 -#define PW_SLIP 2 -#define PW_ARA 3 -#define PW_GANDALF 4 -#define PW_XYLOGICS 5 - -/* FRAMED ROUTING VALUES */ - -#define PW_NONE 0 -#define PW_BROADCAST 1 -#define PW_LISTEN 2 -#define PW_BROADCAST_LISTEN 3 - -/* FRAMED COMPRESSION TYPES */ - -#define PW_VAN_JACOBSON_TCP_IP 1 -#define PW_IPX_HEADER_COMPRESSION 2 - -/* LOGIN SERVICES */ - -#define PW_TELNET 0 -#define PW_RLOGIN 1 -#define PW_TCP_CLEAR 2 -#define PW_PORTMASTER 3 -#define PW_LAT 4 -#define PW_X25_PAD 5 -#define PW_X25_T3POS 6 - -/* TERMINATION ACTIONS */ - -#define PW_DEFAULT 0 -#define PW_RADIUS_REQUEST 1 - -/* PROHIBIT PROTOCOL */ - -#define PW_DUMB 0 /* 1 and 2 are defined in FRAMED PROTOCOLS */ -#define PW_AUTH_ONLY 3 -#define PW_ALL 255 - -/* ACCOUNTING STATUS TYPES */ - -#define PW_STATUS_START 1 -#define PW_STATUS_STOP 2 -#define PW_STATUS_ALIVE 3 -#define PW_STATUS_MODEM_START 4 -#define PW_STATUS_MODEM_STOP 5 -#define PW_STATUS_CANCEL 6 -#define PW_ACCOUNTING_ON 7 -#define PW_ACCOUNTING_OFF 8 - -/* ACCOUNTING TERMINATION CAUSES */ - -#define PW_USER_REQUEST 1 -#define PW_LOST_CARRIER 2 -#define PW_LOST_SERVICE 3 -#define PW_ACCT_IDLE_TIMEOUT 4 -#define PW_ACCT_SESSION_TIMEOUT 5 -#define PW_ADMIN_RESET 6 -#define PW_ADMIN_REBOOT 7 -#define PW_PORT_ERROR 8 -#define PW_NAS_ERROR 9 -#define PW_NAS_REQUEST 10 -#define PW_NAS_REBOOT 11 -#define PW_PORT_UNNEEDED 12 -#define PW_PORT_PREEMPTED 13 -#define PW_PORT_SUSPENDED 14 -#define PW_SERVICE_UNAVAILABLE 15 -#define PW_CALLBACK 16 -#define PW_USER_ERROR 17 -#define PW_HOST_REQUEST 18 - -/* NAS PORT TYPES */ - -#define PW_ASYNC 0 -#define PW_SYNC 1 -#define PW_ISDN_SYNC 2 -#define PW_ISDN_SYNC_V120 3 -#define PW_ISDN_SYNC_V110 4 -#define PW_VIRTUAL 5 - -/* AUTHENTIC TYPES */ -#define PW_RADIUS 1 -#define PW_LOCAL 2 -#define PW_REMOTE 3 - -/* Session-Octets-Limit */ -#define PW_OCTETS_DIRECTION_SUM 0 -#define PW_OCTETS_DIRECTION_IN 1 -#define PW_OCTETS_DIRECTION_OUT 2 -#define PW_OCTETS_DIRECTION_MAX 3 - - -/* Vendor codes */ -#define VENDOR_NONE (-1) -#define VENDOR_MICROSOFT 311 - -/* Server data structures */ - -typedef struct dict_attr -{ - char name[NAME_LENGTH + 1]; /* attribute name */ - int value; /* attribute index */ - int type; /* string, int, etc. */ - int vendorcode; /* vendor code */ - struct dict_attr *next; -} DICT_ATTR; - -typedef struct dict_value -{ - char attrname[NAME_LENGTH +1]; - char name[NAME_LENGTH + 1]; - int value; - struct dict_value *next; -} DICT_VALUE; - -typedef struct vendor_dict -{ - char vendorname[NAME_LENGTH + 1]; - int vendorcode; - DICT_ATTR *attributes; - struct vendor_dict *next; -} VENDOR_DICT; - -typedef struct value_pair -{ - char name[NAME_LENGTH + 1]; - int attribute; - int vendorcode; - int type; - UINT4 lvalue; - u_char strvalue[AUTH_STRING_LEN + 1]; - struct value_pair *next; -} VALUE_PAIR; - -/* don't change this, as it has to be the same as in the Merit radiusd code */ -#define MGMT_POLL_SECRET "Hardlyasecret" - -/* Define return codes from "SendServer" utility */ - -#define BADRESP_RC -2 -#define ERROR_RC -1 -#define OK_RC 0 -#define TIMEOUT_RC 1 - -typedef struct send_data /* Used to pass information to sendserver() function */ -{ - u_char code; /* RADIUS packet code */ - u_char seq_nbr; /* Packet sequence number */ - char *server; /* Name/addrress of RADIUS server */ - int svc_port; /* RADIUS protocol destination port */ - int timeout; /* Session timeout in seconds */ - int retries; - VALUE_PAIR *send_pairs; /* More a/v pairs to send */ - VALUE_PAIR *receive_pairs; /* Where to place received a/v pairs */ -} SEND_DATA; - -typedef struct request_info -{ - char secret[MAX_SECRET_LENGTH + 1]; - u_char request_vector[AUTH_VECTOR_LEN]; -} REQUEST_INFO; - -#ifndef MIN -#define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif -#ifndef MAX -#define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif - -#ifndef PATH_MAX -#define PATH_MAX 1024 -#endif - -typedef struct env -{ - int maxsize, size; - char **env; -} ENV; - -#define ENV_SIZE 128 - -/* Function prototypes */ - -/* avpair.c */ - -VALUE_PAIR *rc_avpair_add __P((VALUE_PAIR **, int, void *, int, int)); -int rc_avpair_assign __P((VALUE_PAIR *, void *, int)); -VALUE_PAIR *rc_avpair_new __P((int, void *, int, int)); -VALUE_PAIR *rc_avpair_gen __P((AUTH_HDR *)); -VALUE_PAIR *rc_avpair_get __P((VALUE_PAIR *, UINT4)); -VALUE_PAIR *rc_avpair_copy __P((VALUE_PAIR *)); -void rc_avpair_insert __P((VALUE_PAIR **, VALUE_PAIR *, VALUE_PAIR *)); -void rc_avpair_free __P((VALUE_PAIR *)); -int rc_avpair_parse __P((char *, VALUE_PAIR **)); -int rc_avpair_tostr __P((VALUE_PAIR *, char *, int, char *, int)); -VALUE_PAIR *rc_avpair_readin __P((FILE *)); - -/* buildreq.c */ - -void rc_buildreq __P((SEND_DATA *, int, char *, unsigned short, int, int)); -unsigned char rc_get_seqnbr __P((void)); -int rc_auth __P((UINT4, VALUE_PAIR *, VALUE_PAIR **, char *, REQUEST_INFO *)); -int rc_auth_using_server __P((SERVER *, UINT4, VALUE_PAIR *, VALUE_PAIR **, - char *, REQUEST_INFO *)); -int rc_auth_proxy __P((VALUE_PAIR *, VALUE_PAIR **, char *)); -int rc_acct __P((UINT4, VALUE_PAIR *)); -int rc_acct_using_server __P((SERVER *, UINT4, VALUE_PAIR *)); -int rc_acct_proxy __P((VALUE_PAIR *)); -int rc_check __P((char *, unsigned short, char *)); - -/* clientid.c */ - -int rc_read_mapfile __P((char *)); -UINT4 rc_map2id __P((char *)); - -/* config.c */ - -int rc_read_config __P((char *)); -char *rc_conf_str __P((char *)); -int rc_conf_int __P((char *)); -SERVER *rc_conf_srv __P((char *)); -int rc_find_server __P((char *, UINT4 *, char *)); - -/* dict.c */ - -int rc_read_dictionary __P((char *)); -DICT_ATTR *rc_dict_getattr __P((int, int)); -DICT_ATTR *rc_dict_findattr __P((char *)); -DICT_VALUE *rc_dict_findval __P((char *)); -DICT_VALUE * rc_dict_getval __P((UINT4, char *)); -VENDOR_DICT * rc_dict_findvendor __P((char *)); -VENDOR_DICT * rc_dict_getvendor __P((int)); - -/* ip_util.c */ - -UINT4 rc_get_ipaddr __P((char *)); -int rc_good_ipaddr __P((char *)); -const char *rc_ip_hostname __P((UINT4)); -UINT4 rc_own_ipaddress __P((void)); - - -/* sendserver.c */ - -int rc_send_server __P((SEND_DATA *, char *, REQUEST_INFO *)); - -/* util.c */ - -void rc_str2tm __P((char *, struct tm *)); -char *rc_mksid __P((void)); -void rc_mdelay __P((int)); - -/* md5.c */ - -void rc_md5_calc __P((unsigned char *, unsigned char *, unsigned int)); - -#endif /* RADIUSCLIENT_H */ diff --git a/pppd/plugins/radius/radrealms.c b/pppd/plugins/radius/radrealms.c deleted file mode 100644 index 1d8da62..0000000 --- a/pppd/plugins/radius/radrealms.c +++ /dev/null @@ -1,147 +0,0 @@ -/* -* -* radrealms.c -* -* A pppd plugin which is stacked on top of radius.so. This plugin -* allows selection of alternate set of servers based on the user's realm. -* -* Author: Ben McKeegan ben@netservers.co.uk -* -* Copyright (C) 2002 Netservers -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -*/ - -static char const RCSID[] = - "$Id: radrealms.c,v 1.2 2004/11/14 07:26:26 paulus Exp $"; - -#include "pppd.h" -#include "radiusclient.h" -#include -#include -#include - -char pppd_version[] = VERSION; - -char radrealms_config[MAXPATHLEN] = "/etc/radiusclient/realms"; - -static option_t Options[] = { - { "realms-config-file", o_string, &radrealms_config }, - { NULL } -}; - -extern void (*radius_pre_auth_hook)(char const *user, - SERVER **authserver, - SERVER **acctserver); - -static void -lookup_realm(char const *user, - SERVER **authserver, - SERVER **acctserver) -{ - char *realm; - FILE *fd; - SERVER *accts, *auths, *s; - char buffer[512], *p; - int line = 0; - - auths = (SERVER *) malloc(sizeof(SERVER)); - auths->max = 0; - accts = (SERVER *) malloc(sizeof(SERVER)); - accts->max = 0; - - realm = strrchr(user, '@'); - - if (realm) { - info("Looking up servers for realm '%s'", realm); - } else { - info("Looking up servers for DEFAULT realm"); - } - if (realm) { - if (*(++realm) == '\0') { - realm = NULL; - } - } - - if ((fd = fopen(radrealms_config, "r")) == NULL) { - option_error("cannot open %s", radrealms_config); - return; - } - info("Reading %s", radrealms_config); - - while ((fgets(buffer, sizeof(buffer), fd) != NULL)) { - line++; - - if ((*buffer == '\n') || (*buffer == '#') || (*buffer == '\0')) - continue; - - buffer[strlen(buffer)-1] = '\0'; - - p = strtok(buffer, "\t "); - - if (p == NULL || (strcmp(p, "authserver") !=0 - && strcmp(p, "acctserver"))) { - fclose(fd); - option_error("%s: invalid line %d: %s", radrealms_config, - line, buffer); - return; - } - info("Parsing '%s' entry:", p); - s = auths; - if (p[1] == 'c') { - s = accts; - } - if (s->max >= SERVER_MAX) - continue; - - if ((p = strtok(NULL, "\t ")) == NULL) { - fclose(fd); - option_error("%s: realm name missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - - if ((realm != NULL && strcmp(p, realm) == 0) || - (realm == NULL && strcmp(p, "DEFAULT") == 0) ) { - info(" - Matched realm %s", p); - if ((p = strtok(NULL, ":")) == NULL) { - fclose(fd); - option_error("%s: server address missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - s->name[s->max] = strdup(p); - info(" - Address is '%s'",p); - if ((p = strtok(NULL, "\t ")) == NULL) { - fclose(fd); - option_error("%s: server port missing on line %d: %s", - radrealms_config, line, buffer); - return; - } - s->port[s->max] = atoi(p); - info(" - Port is '%d'", s->port[s->max]); - s->max++; - } else - info(" - Skipping realm '%s'", p); - } - fclose(fd); - - if (accts->max) - *acctserver = accts; - - if (auths->max) - *authserver = auths; - - return; -} - -void -plugin_init(void) -{ - radius_pre_auth_hook = lookup_realm; - - add_options(Options); - info("RADIUS Realms plugin initialized."); -} diff --git a/pppd/plugins/radius/sendserver.c b/pppd/plugins/radius/sendserver.c deleted file mode 100644 index 3612b8d..0000000 --- a/pppd/plugins/radius/sendserver.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * $Id: sendserver.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include -#include - -static void rc_random_vector (unsigned char *); -static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char); - -/* - * Function: rc_pack_list - * - * Purpose: Packs an attribute value pair list into a buffer. - * - * Returns: Number of octets packed. - * - */ - -static int rc_pack_list (VALUE_PAIR *vp, char *secret, AUTH_HDR *auth) -{ - int length, i, pc, secretlen, padded_length; - int total_length = 0; - UINT4 lvalue; - unsigned char passbuf[MAX(AUTH_PASS_LEN, CHAP_VALUE_LENGTH)]; - unsigned char md5buf[256]; - unsigned char *buf, *vector, *lenptr; - - buf = auth->data; - - while (vp != (VALUE_PAIR *) NULL) - { - - if (vp->vendorcode != VENDOR_NONE) { - *buf++ = PW_VENDOR_SPECIFIC; - - /* Place-holder for where to put length */ - lenptr = buf++; - - /* Insert vendor code */ - *buf++ = 0; - *buf++ = (((unsigned int) vp->vendorcode) >> 16) & 255; - *buf++ = (((unsigned int) vp->vendorcode) >> 8) & 255; - *buf++ = ((unsigned int) vp->vendorcode) & 255; - - /* Insert vendor-type */ - *buf++ = vp->attribute; - - /* Insert value */ - switch(vp->type) { - case PW_TYPE_STRING: - length = vp->lvalue; - *lenptr = length + 8; - *buf++ = length+2; - memcpy(buf, vp->strvalue, (size_t) length); - buf += length; - total_length += length+8; - break; - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - length = sizeof(UINT4); - *lenptr = length + 8; - *buf++ = length+2; - lvalue = htonl(vp->lvalue); - memcpy(buf, (char *) &lvalue, sizeof(UINT4)); - buf += length; - total_length += length+8; - break; - default: - break; - } - } else { - *buf++ = vp->attribute; - switch (vp->attribute) { - case PW_USER_PASSWORD: - - /* Encrypt the password */ - - /* Chop off password at AUTH_PASS_LEN */ - length = vp->lvalue; - if (length > AUTH_PASS_LEN) length = AUTH_PASS_LEN; - - /* Calculate the padded length */ - padded_length = (length+(AUTH_VECTOR_LEN-1)) & ~(AUTH_VECTOR_LEN-1); - - /* Record the attribute length */ - *buf++ = padded_length + 2; - - /* Pad the password with zeros */ - memset ((char *) passbuf, '\0', AUTH_PASS_LEN); - memcpy ((char *) passbuf, vp->strvalue, (size_t) length); - - secretlen = strlen (secret); - vector = (char *)auth->vector; - for(i = 0; i < padded_length; i += AUTH_VECTOR_LEN) { - /* Calculate the MD5 digest*/ - strcpy ((char *) md5buf, secret); - memcpy ((char *) md5buf + secretlen, vector, - AUTH_VECTOR_LEN); - rc_md5_calc (buf, md5buf, secretlen + AUTH_VECTOR_LEN); - - /* Remeber the start of the digest */ - vector = buf; - - /* Xor the password into the MD5 digest */ - for (pc = i; pc < (i + AUTH_VECTOR_LEN); pc++) { - *buf++ ^= passbuf[pc]; - } - } - - total_length += padded_length + 2; - - break; -#if 0 - case PW_CHAP_PASSWORD: - - *buf++ = CHAP_VALUE_LENGTH + 2; - - /* Encrypt the Password */ - length = vp->lvalue; - if (length > CHAP_VALUE_LENGTH) { - length = CHAP_VALUE_LENGTH; - } - memset ((char *) passbuf, '\0', CHAP_VALUE_LENGTH); - memcpy ((char *) passbuf, vp->strvalue, (size_t) length); - - /* Calculate the MD5 Digest */ - secretlen = strlen (secret); - strcpy ((char *) md5buf, secret); - memcpy ((char *) md5buf + secretlen, (char *) auth->vector, - AUTH_VECTOR_LEN); - rc_md5_calc (buf, md5buf, secretlen + AUTH_VECTOR_LEN); - - /* Xor the password into the MD5 digest */ - for (i = 0; i < CHAP_VALUE_LENGTH; i++) { - *buf++ ^= passbuf[i]; - } - total_length += CHAP_VALUE_LENGTH + 2; - - break; -#endif - default: - switch (vp->type) { - case PW_TYPE_STRING: - length = vp->lvalue; - *buf++ = length + 2; - memcpy (buf, vp->strvalue, (size_t) length); - buf += length; - total_length += length + 2; - break; - - case PW_TYPE_INTEGER: - case PW_TYPE_IPADDR: - *buf++ = sizeof (UINT4) + 2; - lvalue = htonl (vp->lvalue); - memcpy (buf, (char *) &lvalue, sizeof (UINT4)); - buf += sizeof (UINT4); - total_length += sizeof (UINT4) + 2; - break; - - default: - break; - } - break; - } - } - vp = vp->next; - } - return total_length; -} - -/* - * Function: rc_send_server - * - * Purpose: send a request to a RADIUS server and wait for the reply - * - */ - -int rc_send_server (SEND_DATA *data, char *msg, REQUEST_INFO *info) -{ - int sockfd; - struct sockaddr salocal; - struct sockaddr saremote; - struct sockaddr_in *sin; - struct timeval authtime; - fd_set readfds; - AUTH_HDR *auth, *recv_auth; - UINT4 auth_ipaddr; - char *server_name; /* Name of server to query */ - int salen; - int result; - int total_length; - int length; - int retry_max; - int secretlen; - char secret[MAX_SECRET_LENGTH + 1]; - unsigned char vector[AUTH_VECTOR_LEN]; - char recv_buffer[BUFFER_LEN]; - char send_buffer[BUFFER_LEN]; - int retries; - VALUE_PAIR *vp; - - server_name = data->server; - if (server_name == (char *) NULL || server_name[0] == '\0') - return (ERROR_RC); - - if ((vp = rc_avpair_get(data->send_pairs, PW_SERVICE_TYPE)) && \ - (vp->lvalue == PW_ADMINISTRATIVE)) - { - strcpy(secret, MGMT_POLL_SECRET); - if ((auth_ipaddr = rc_get_ipaddr(server_name)) == 0) - return (ERROR_RC); - } - else - { - if (rc_find_server (server_name, &auth_ipaddr, secret) != 0) - { - return (ERROR_RC); - } - } - - sockfd = socket (AF_INET, SOCK_DGRAM, 0); - if (sockfd < 0) - { - memset (secret, '\0', sizeof (secret)); - error("rc_send_server: socket: %s", strerror(errno)); - return (ERROR_RC); - } - - length = sizeof (salocal); - sin = (struct sockaddr_in *) & salocal; - memset ((char *) sin, '\0', (size_t) length); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = htonl(INADDR_ANY); - sin->sin_port = htons ((unsigned short) 0); - if (bind (sockfd, (struct sockaddr *) sin, length) < 0 || - getsockname (sockfd, (struct sockaddr *) sin, &length) < 0) - { - close (sockfd); - memset (secret, '\0', sizeof (secret)); - error("rc_send_server: bind: %s: %m", server_name); - return (ERROR_RC); - } - - retry_max = data->retries; /* Max. numbers to try for reply */ - retries = 0; /* Init retry cnt for blocking call */ - - /* Build a request */ - auth = (AUTH_HDR *) send_buffer; - auth->code = data->code; - auth->id = data->seq_nbr; - - if (data->code == PW_ACCOUNTING_REQUEST) - { - total_length = rc_pack_list(data->send_pairs, secret, auth) + AUTH_HDR_LEN; - - auth->length = htons ((unsigned short) total_length); - - memset((char *) auth->vector, 0, AUTH_VECTOR_LEN); - secretlen = strlen (secret); - memcpy ((char *) auth + total_length, secret, secretlen); - rc_md5_calc (vector, (char *) auth, total_length + secretlen); - memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN); - } - else - { - rc_random_vector (vector); - memcpy (auth->vector, vector, AUTH_VECTOR_LEN); - - total_length = rc_pack_list(data->send_pairs, secret, auth) + AUTH_HDR_LEN; - - auth->length = htons ((unsigned short) total_length); - } - - sin = (struct sockaddr_in *) & saremote; - memset ((char *) sin, '\0', sizeof (saremote)); - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = htonl (auth_ipaddr); - sin->sin_port = htons ((unsigned short) data->svc_port); - - for (;;) - { - sendto (sockfd, (char *) auth, (unsigned int) total_length, (int) 0, - (struct sockaddr *) sin, sizeof (struct sockaddr_in)); - - authtime.tv_usec = 0L; - authtime.tv_sec = (long) data->timeout; - FD_ZERO (&readfds); - FD_SET (sockfd, &readfds); - if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0) - { - if (errno == EINTR) - continue; - error("rc_send_server: select: %m"); - memset (secret, '\0', sizeof (secret)); - close (sockfd); - return (ERROR_RC); - } - if (FD_ISSET (sockfd, &readfds)) - break; - - /* - * Timed out waiting for response. Retry "retry_max" times - * before giving up. If retry_max = 0, don't retry at all. - */ - if (++retries >= retry_max) - { - error("rc_send_server: no reply from RADIUS server %s:%u", - rc_ip_hostname (auth_ipaddr), data->svc_port); - close (sockfd); - memset (secret, '\0', sizeof (secret)); - return (TIMEOUT_RC); - } - } - salen = sizeof (saremote); - length = recvfrom (sockfd, (char *) recv_buffer, - (int) sizeof (recv_buffer), - (int) 0, &saremote, &salen); - - if (length <= 0) - { - error("rc_send_server: recvfrom: %s:%d: %m", server_name,\ - data->svc_port); - close (sockfd); - memset (secret, '\0', sizeof (secret)); - return (ERROR_RC); - } - - recv_auth = (AUTH_HDR *)recv_buffer; - - result = rc_check_reply (recv_auth, BUFFER_LEN, secret, vector, data->seq_nbr); - - data->receive_pairs = rc_avpair_gen(recv_auth); - - close (sockfd); - if (info) - { - memcpy(info->secret, secret, sizeof(info->secret)); - memcpy(info->request_vector, vector, - sizeof(info->request_vector)); - } - memset (secret, '\0', sizeof (secret)); - - if (result != OK_RC) return (result); - - *msg = '\0'; - vp = data->receive_pairs; - while (vp) - { - if ((vp = rc_avpair_get(vp, PW_REPLY_MESSAGE))) - { - strcat(msg, vp->strvalue); - strcat(msg, "\n"); - vp = vp->next; - } - } - - if ((recv_auth->code == PW_ACCESS_ACCEPT) || - (recv_auth->code == PW_PASSWORD_ACK) || - (recv_auth->code == PW_ACCOUNTING_RESPONSE)) - { - result = OK_RC; - } - else - { - result = BADRESP_RC; - } - - return (result); -} - -/* - * Function: rc_check_reply - * - * Purpose: verify items in returned packet. - * - * Returns: OK_RC -- upon success, - * BADRESP_RC -- if anything looks funny. - * - */ - -static int rc_check_reply (AUTH_HDR *auth, int bufferlen, char *secret, - unsigned char *vector, unsigned char seq_nbr) -{ - int secretlen; - int totallen; - unsigned char calc_digest[AUTH_VECTOR_LEN]; - unsigned char reply_digest[AUTH_VECTOR_LEN]; - - totallen = ntohs (auth->length); - - secretlen = strlen (secret); - - /* Do sanity checks on packet length */ - if ((totallen < 20) || (totallen > 4096)) - { - error("rc_check_reply: received RADIUS server response with invalid length"); - return (BADRESP_RC); - } - - /* Verify buffer space, should never trigger with current buffer size and check above */ - if ((totallen + secretlen) > bufferlen) - { - error("rc_check_reply: not enough buffer space to verify RADIUS server response"); - return (BADRESP_RC); - } - /* Verify that id (seq. number) matches what we sent */ - if (auth->id != seq_nbr) - { - error("rc_check_reply: received non-matching id in RADIUS server response"); - return (BADRESP_RC); - } - - /* Verify the reply digest */ - memcpy ((char *) reply_digest, (char *) auth->vector, AUTH_VECTOR_LEN); - memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN); - memcpy ((char *) auth + totallen, secret, secretlen); - rc_md5_calc (calc_digest, (char *) auth, totallen + secretlen); - -#ifdef DIGEST_DEBUG - { - int i; - - fputs("reply_digest: ", stderr); - for (i = 0; i < AUTH_VECTOR_LEN; i++) - { - fprintf(stderr,"%.2x ", (int) reply_digest[i]); - } - fputs("\ncalc_digest: ", stderr); - for (i = 0; i < AUTH_VECTOR_LEN; i++) - { - fprintf(stderr,"%.2x ", (int) calc_digest[i]); - } - fputs("\n", stderr); - } -#endif - - if (memcmp ((char *) reply_digest, (char *) calc_digest, - AUTH_VECTOR_LEN) != 0) - { -#ifdef RADIUS_116 - /* the original Livingston radiusd v1.16 seems to have - a bug in digest calculation with accounting requests, - authentication request are ok. i looked at the code - but couldn't find any bugs. any help to get this - kludge out are welcome. preferably i want to - reproduce the calculation bug here to be compatible - to stock Livingston radiusd v1.16. -lf, 03/14/96 - */ - if (auth->code == PW_ACCOUNTING_RESPONSE) - return (OK_RC); -#endif - error("rc_check_reply: received invalid reply digest from RADIUS server"); - return (BADRESP_RC); - } - - return (OK_RC); - -} - -/* - * Function: rc_random_vector - * - * Purpose: generates a random vector of AUTH_VECTOR_LEN octets. - * - * Returns: the vector (call by reference) - * - */ - -static void rc_random_vector (unsigned char *vector) -{ - int randno; - int i; - int fd; - -/* well, I added this to increase the security for user passwords. - we use /dev/urandom here, as /dev/random might block and we don't - need that much randomness. BTW, great idea, Ted! -lf, 03/18/95 */ - - if ((fd = open(_PATH_DEV_URANDOM, O_RDONLY)) >= 0) - { - unsigned char *pos; - int readcount; - - i = AUTH_VECTOR_LEN; - pos = vector; - while (i > 0) - { - readcount = read(fd, (char *)pos, i); - pos += readcount; - i -= readcount; - } - - close(fd); - return; - } /* else fall through */ - - for (i = 0; i < AUTH_VECTOR_LEN;) - { - randno = magic(); - memcpy ((char *) vector, (char *) &randno, sizeof (int)); - vector += sizeof (int); - i += sizeof (int); - } - - return; -} diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c deleted file mode 100644 index 6f976a7..0000000 --- a/pppd/plugins/radius/util.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * $Id: util.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ - * - * Copyright (C) 1995,1996,1997 Lars Fenneberg - * - * Copyright 1992 Livingston Enterprises, Inc. - * - * Copyright 1992,1993, 1994,1995 The Regents of the University of Michigan - * and Merit Network, Inc. All Rights Reserved - * - * See the file COPYRIGHT for the respective terms and conditions. - * If the file is missing contact me at lf@elemental.net - * and I'll send you a copy. - * - */ - -#include -#include - -/* - * Function: rc_str2tm - * - * Purpose: Turns printable string into correct tm struct entries. - * - */ - -static const char * months[] = - { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" - }; - -void rc_str2tm (char *valstr, struct tm *tm) -{ - int i; - - /* Get the month */ - for (i = 0; i < 12; i++) - { - if (strncmp (months[i], valstr, 3) == 0) - { - tm->tm_mon = i; - i = 13; - } - } - - /* Get the Day */ - tm->tm_mday = atoi (&valstr[4]); - - /* Now the year */ - tm->tm_year = atoi (&valstr[7]) - 1900; -} - -void rc_mdelay(int msecs) -{ - struct timeval tv; - - tv.tv_sec = (int) msecs / 1000; - tv.tv_usec = (msecs % 1000) * 1000; - - select(0,(fd_set *)NULL,(fd_set *)NULL,(fd_set *)NULL, &tv); -} - -/* - * Function: rc_mksid - * - * Purpose: generate a quite unique string - * - * Remarks: not that unique at all... - * - */ - -char * -rc_mksid (void) -{ - static char buf[15]; - static unsigned short int cnt = 0; - sprintf (buf, "%08lX%04X%02hX", - (unsigned long int) time (NULL), - (unsigned int) getpid (), - cnt & 0xFF); - cnt++; - return buf; -} diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux deleted file mode 100644 index 2ffa1c0..0000000 --- a/pppd/plugins/rp-pppoe/Makefile.linux +++ /dev/null @@ -1,66 +0,0 @@ -# Generated automatically from Makefile.in by configure. -#*********************************************************************** -# -# Makefile -# -# Makefile for Roaring Penguin's Linux PPPoE plugin. -# -# Copyright (C) 2001 Roaring Penguin Software Inc. -# -# This program may be distributed according to the terms of the GNU -# General Public License, version 2 or (at your option) any later version. -# -# $Id: Makefile.linux,v 1.6 2004/11/14 07:58:37 paulus Exp $ -#*********************************************************************** - -DESTDIR = @DESTDIR@ -BINDIR = $(DESTDIR)/sbin -LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) - -PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) - -INSTALL = install - -# Version is set ONLY IN THE MAKEFILE! Don't delete this! -VERSION=3.3 - -COPTS=-O2 -g -CFLAGS=$(COPTS) -I../../../include/linux -all: rp-pppoe.so pppoe-discovery - -pppoe-discovery: libplugin.a pppoe-discovery.o - $(CC) -o pppoe-discovery pppoe-discovery.o libplugin.a - -pppoe-discovery.o: pppoe-discovery.c - $(CC) $(CFLAGS) '-DVERSION="$(VERSION)"' -c -o pppoe-discovery.o pppoe-discovery.c - -rp-pppoe.so: libplugin.a plugin.o - $(CC) -o rp-pppoe.so -shared plugin.o libplugin.a - -install: all - $(INSTALL) -d -m 755 $(LIBDIR) - $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) - $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) - -clean: - rm -f *.o *.so - -plugin.o: plugin.c - $(CC) '-DRP_VERSION="$(VERSION)"' $(CFLAGS) -I../../.. -c -o plugin.o -fPIC plugin.c - -libplugin.a: discovery.o if.o common.o debug.o - $(AR) -rc $@ $^ - -discovery.o: discovery.c - $(CC) $(CFLAGS) '-DVERSION="$(VERSION)"' -c -o discovery.o -fPIC discovery.c - -if.o: if.c - $(CC) $(CFLAGS) '-DVERSION="$(VERSION)"' -c -o if.o -fPIC if.c - -debug.o: debug.c - $(CC) $(CFLAGS) '-DVERSION="$(VERSION)"' -c -o debug.o -fPIC debug.c - -common.o: common.c - $(CC) $(CFLAGS) '-DVERSION="$(VERSION)"' -c -o common.o -fPIC common.c - diff --git a/pppd/plugins/rp-pppoe/common.c b/pppd/plugins/rp-pppoe/common.c deleted file mode 100644 index a39e97a..0000000 --- a/pppd/plugins/rp-pppoe/common.c +++ /dev/null @@ -1,504 +0,0 @@ -/*********************************************************************** -* -* common.c -* -* Implementation of user-space PPPoE redirector for Linux. -* -* Common functions used by PPPoE client and server -* -* Copyright (C) 2000 by Roaring Penguin Software Inc. -* -* This program may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: common.c,v 1.2 2004/01/13 04:03:58 paulus Exp $"; - -#include "pppoe.h" - -#ifdef HAVE_SYSLOG_H -#include -#endif - -#include -#include -#include - -#ifdef HAVE_UNISTD_H -#include -#endif - -/********************************************************************** -*%FUNCTION: parsePacket -*%ARGUMENTS: -* packet -- the PPPoE discovery packet to parse -* func -- function called for each tag in the packet -* extra -- an opaque data pointer supplied to parsing function -*%RETURNS: -* 0 if everything went well; -1 if there was an error -*%DESCRIPTION: -* Parses a PPPoE discovery packet, calling "func" for each tag in the packet. -* "func" is passed the additional argument "extra". -***********************************************************************/ -int -parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra) -{ - UINT16_t len = ntohs(packet->length); - unsigned char *curTag; - UINT16_t tagType, tagLen; - - if (packet->ver != 1) { - syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver); - return -1; - } - if (packet->type != 1) { - syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type); - return -1; - } - - /* Do some sanity checks on packet */ - if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */ - syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len); - return -1; - } - - /* Step through the tags */ - curTag = packet->payload; - while(curTag - packet->payload < len) { - /* Alignment is not guaranteed, so do this by hand... */ - tagType = (((UINT16_t) curTag[0]) << 8) + - (UINT16_t) curTag[1]; - tagLen = (((UINT16_t) curTag[2]) << 8) + - (UINT16_t) curTag[3]; - if (tagType == TAG_END_OF_LIST) { - return 0; - } - if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) { - syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen); - return -1; - } - func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra); - curTag = curTag + TAG_HDR_SIZE + tagLen; - } - return 0; -} - -/********************************************************************** -*%FUNCTION: findTag -*%ARGUMENTS: -* packet -- the PPPoE discovery packet to parse -* type -- the type of the tag to look for -* tag -- will be filled in with tag contents -*%RETURNS: -* A pointer to the tag if one of the specified type is found; NULL -* otherwise. -*%DESCRIPTION: -* Looks for a specific tag type. -***********************************************************************/ -unsigned char * -findTag(PPPoEPacket *packet, UINT16_t type, PPPoETag *tag) -{ - UINT16_t len = ntohs(packet->length); - unsigned char *curTag; - UINT16_t tagType, tagLen; - - if (packet->ver != 1) { - syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver); - return NULL; - } - if (packet->type != 1) { - syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type); - return NULL; - } - - /* Do some sanity checks on packet */ - if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */ - syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len); - return NULL; - } - - /* Step through the tags */ - curTag = packet->payload; - while(curTag - packet->payload < len) { - /* Alignment is not guaranteed, so do this by hand... */ - tagType = (((UINT16_t) curTag[0]) << 8) + - (UINT16_t) curTag[1]; - tagLen = (((UINT16_t) curTag[2]) << 8) + - (UINT16_t) curTag[3]; - if (tagType == TAG_END_OF_LIST) { - return NULL; - } - if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) { - syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen); - return NULL; - } - if (tagType == type) { - memcpy(tag, curTag, tagLen + TAG_HDR_SIZE); - return curTag; - } - curTag = curTag + TAG_HDR_SIZE + tagLen; - } - return NULL; -} - -/********************************************************************** -*%FUNCTION: printErr -*%ARGUMENTS: -* str -- error message -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Prints a message to stderr and syslog. -***********************************************************************/ -void -printErr(char const *str) -{ - fprintf(stderr, "pppoe: %s\n", str); - syslog(LOG_ERR, "%s", str); -} - - -/********************************************************************** -*%FUNCTION: strDup -*%ARGUMENTS: -* str -- string to copy -*%RETURNS: -* A malloc'd copy of str. Exits if malloc fails. -***********************************************************************/ -char * -strDup(char const *str) -{ - char *copy = malloc(strlen(str)+1); - if (!copy) { - rp_fatal("strdup failed"); - } - strcpy(copy, str); - return copy; -} - -#ifdef PPPOE_STANDALONE -/********************************************************************** -*%FUNCTION: computeTCPChecksum -*%ARGUMENTS: -* ipHdr -- pointer to IP header -* tcpHdr -- pointer to TCP header -*%RETURNS: -* The computed TCP checksum -***********************************************************************/ -UINT16_t -computeTCPChecksum(unsigned char *ipHdr, unsigned char *tcpHdr) -{ - UINT32_t sum = 0; - UINT16_t count = ipHdr[2] * 256 + ipHdr[3]; - unsigned char *addr = tcpHdr; - unsigned char pseudoHeader[12]; - - /* Count number of bytes in TCP header and data */ - count -= (ipHdr[0] & 0x0F) * 4; - - memcpy(pseudoHeader, ipHdr+12, 8); - pseudoHeader[8] = 0; - pseudoHeader[9] = ipHdr[9]; - pseudoHeader[10] = (count >> 8) & 0xFF; - pseudoHeader[11] = (count & 0xFF); - - /* Checksum the pseudo-header */ - sum += * (UINT16_t *) pseudoHeader; - sum += * ((UINT16_t *) (pseudoHeader+2)); - sum += * ((UINT16_t *) (pseudoHeader+4)); - sum += * ((UINT16_t *) (pseudoHeader+6)); - sum += * ((UINT16_t *) (pseudoHeader+8)); - sum += * ((UINT16_t *) (pseudoHeader+10)); - - /* Checksum the TCP header and data */ - while (count > 1) { - sum += * (UINT16_t *) addr; - addr += 2; - count -= 2; - } - if (count > 0) { - sum += *addr; - } - - while(sum >> 16) { - sum = (sum & 0xffff) + (sum >> 16); - } - return (UINT16_t) (~sum & 0xFFFF); -} - -/********************************************************************** -*%FUNCTION: clampMSS -*%ARGUMENTS: -* packet -- PPPoE session packet -* dir -- either "incoming" or "outgoing" -* clampMss -- clamp value -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Clamps MSS option if TCP SYN flag is set. -***********************************************************************/ -void -clampMSS(PPPoEPacket *packet, char const *dir, int clampMss) -{ - unsigned char *tcpHdr; - unsigned char *ipHdr; - unsigned char *opt; - unsigned char *endHdr; - unsigned char *mssopt = NULL; - UINT16_t csum; - - int len, minlen; - - /* check PPP protocol type */ - if (packet->payload[0] & 0x01) { - /* 8 bit protocol type */ - - /* Is it IPv4? */ - if (packet->payload[0] != 0x21) { - /* Nope, ignore it */ - return; - } - - ipHdr = packet->payload + 1; - minlen = 41; - } else { - /* 16 bit protocol type */ - - /* Is it IPv4? */ - if (packet->payload[0] != 0x00 || - packet->payload[1] != 0x21) { - /* Nope, ignore it */ - return; - } - - ipHdr = packet->payload + 2; - minlen = 42; - } - - /* Is it too short? */ - len = (int) ntohs(packet->length); - if (len < minlen) { - /* 20 byte IP header; 20 byte TCP header; at least 1 or 2 byte PPP protocol */ - return; - } - - /* Verify once more that it's IPv4 */ - if ((ipHdr[0] & 0xF0) != 0x40) { - return; - } - - /* Is it a fragment that's not at the beginning of the packet? */ - if ((ipHdr[6] & 0x1F) || ipHdr[7]) { - /* Yup, don't touch! */ - return; - } - /* Is it TCP? */ - if (ipHdr[9] != 0x06) { - return; - } - - /* Get start of TCP header */ - tcpHdr = ipHdr + (ipHdr[0] & 0x0F) * 4; - - /* Is SYN set? */ - if (!(tcpHdr[13] & 0x02)) { - return; - } - - /* Compute and verify TCP checksum -- do not touch a packet with a bad - checksum */ - csum = computeTCPChecksum(ipHdr, tcpHdr); - if (csum) { - syslog(LOG_ERR, "Bad TCP checksum %x", (unsigned int) csum); - - /* Upper layers will drop it */ - return; - } - - /* Look for existing MSS option */ - endHdr = tcpHdr + ((tcpHdr[12] & 0xF0) >> 2); - opt = tcpHdr + 20; - while (opt < endHdr) { - if (!*opt) break; /* End of options */ - switch(*opt) { - case 1: - opt++; - break; - - case 2: - if (opt[1] != 4) { - /* Something fishy about MSS option length. */ - syslog(LOG_ERR, - "Bogus length for MSS option (%u) from %u.%u.%u.%u", - (unsigned int) opt[1], - (unsigned int) ipHdr[12], - (unsigned int) ipHdr[13], - (unsigned int) ipHdr[14], - (unsigned int) ipHdr[15]); - return; - } - mssopt = opt; - break; - default: - if (opt[1] < 2) { - /* Someone's trying to attack us? */ - syslog(LOG_ERR, - "Bogus TCP option length (%u) from %u.%u.%u.%u", - (unsigned int) opt[1], - (unsigned int) ipHdr[12], - (unsigned int) ipHdr[13], - (unsigned int) ipHdr[14], - (unsigned int) ipHdr[15]); - return; - } - opt += (opt[1]); - break; - } - /* Found existing MSS option? */ - if (mssopt) break; - } - - /* If MSS exists and it's low enough, do nothing */ - if (mssopt) { - unsigned mss = mssopt[2] * 256 + mssopt[3]; - if (mss <= clampMss) { - return; - } - - mssopt[2] = (((unsigned) clampMss) >> 8) & 0xFF; - mssopt[3] = ((unsigned) clampMss) & 0xFF; - } else { - /* No MSS option. Don't add one; we'll have to use 536. */ - return; - } - - /* Recompute TCP checksum */ - tcpHdr[16] = 0; - tcpHdr[17] = 0; - csum = computeTCPChecksum(ipHdr, tcpHdr); - (* (UINT16_t *) (tcpHdr+16)) = csum; -} -#endif /* PPPOE_STANDALONE */ - -/*********************************************************************** -*%FUNCTION: sendPADT -*%ARGUMENTS: -* conn -- PPPoE connection -* msg -- if non-NULL, extra error message to include in PADT packet. -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Sends a PADT packet -***********************************************************************/ -void -sendPADT(PPPoEConnection *conn, char const *msg) -{ - PPPoEPacket packet; - unsigned char *cursor = packet.payload; - - UINT16_t plen = 0; - - /* Do nothing if no session established yet */ - if (!conn->session) return; - - /* Do nothing if no discovery socket */ - if (conn->discoverySocket < 0) return; - - memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN); - memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN); - - packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery); - packet.ver = 1; - packet.type = 1; - packet.code = CODE_PADT; - packet.session = conn->session; - - /* Reset Session to zero so there is no possibility of - recursive calls to this function by any signal handler */ - conn->session = 0; - - /* If we're using Host-Uniq, copy it over */ - if (conn->useHostUniq) { - PPPoETag hostUniq; - pid_t pid = getpid(); - hostUniq.type = htons(TAG_HOST_UNIQ); - hostUniq.length = htons(sizeof(pid)); - memcpy(hostUniq.payload, &pid, sizeof(pid)); - memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); - cursor += sizeof(pid) + TAG_HDR_SIZE; - plen += sizeof(pid) + TAG_HDR_SIZE; - } - - /* Copy error message */ - if (msg) { - PPPoETag err; - size_t elen = strlen(msg); - err.type = htons(TAG_GENERIC_ERROR); - err.length = htons(elen); - strcpy(err.payload, msg); - memcpy(cursor, &err, elen + TAG_HDR_SIZE); - cursor += elen + TAG_HDR_SIZE; - plen += elen + TAG_HDR_SIZE; - } - - /* Copy cookie and relay-ID if needed */ - if (conn->cookie.type) { - CHECK_ROOM(cursor, packet.payload, - ntohs(conn->cookie.length) + TAG_HDR_SIZE); - memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE); - cursor += ntohs(conn->cookie.length) + TAG_HDR_SIZE; - plen += ntohs(conn->cookie.length) + TAG_HDR_SIZE; - } - - if (conn->relayId.type) { - CHECK_ROOM(cursor, packet.payload, - ntohs(conn->relayId.length) + TAG_HDR_SIZE); - memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE); - cursor += ntohs(conn->relayId.length) + TAG_HDR_SIZE; - plen += ntohs(conn->relayId.length) + TAG_HDR_SIZE; - } - - packet.length = htons(plen); - sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE)); - if (conn->debugFile) { - dumpPacket(conn->debugFile, &packet, "SENT"); - fprintf(conn->debugFile, "\n"); - fflush(conn->debugFile); - } - syslog(LOG_INFO,"Sent PADT"); -} - -/********************************************************************** -*%FUNCTION: parseLogErrs -*%ARGUMENTS: -* type -- tag type -* len -- tag length -* data -- tag data -* extra -- extra user data -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Picks error tags out of a packet and logs them. -***********************************************************************/ -void -parseLogErrs(UINT16_t type, UINT16_t len, unsigned char *data, - void *extra) -{ - switch(type) { - case TAG_SERVICE_NAME_ERROR: - syslog(LOG_ERR, "PADT: Service-Name-Error: %.*s", (int) len, data); - fprintf(stderr, "PADT: Service-Name-Error: %.*s\n", (int) len, data); - break; - case TAG_AC_SYSTEM_ERROR: - syslog(LOG_ERR, "PADT: System-Error: %.*s", (int) len, data); - fprintf(stderr, "PADT: System-Error: %.*s\n", (int) len, data); - break; - case TAG_GENERIC_ERROR: - syslog(LOG_ERR, "PADT: Generic-Error: %.*s", (int) len, data); - fprintf(stderr, "PADT: Generic-Error: %.*s\n", (int) len, data); - break; - } -} - diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h deleted file mode 100644 index 644d78e..0000000 --- a/pppd/plugins/rp-pppoe/config.h +++ /dev/null @@ -1,135 +0,0 @@ -/* config.h. Generated automatically by configure. */ -/* config.h.in. Generated automatically from configure.in by autoheader. */ - -/* Define to empty if the keyword does not work. */ -/* #undef const */ - -/* Define if you have that is POSIX.1 compatible. */ -#define HAVE_SYS_WAIT_H 1 - -/* Define to `int' if doesn't define. */ -/* #undef pid_t */ - -/* Define as the return type of signal handlers (int or void). */ -#define RETSIGTYPE void - -/* Define if the setvbuf function takes the buffering type as its second - argument and the buffer pointer as the third, as on System V - before release 3. */ -/* #undef SETVBUF_REVERSED */ - -/* Define if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define if you can safely include both and . */ -#define TIME_WITH_SYS_TIME 1 - -/* Define if your declares struct tm. */ -/* #undef TM_IN_SYS_TIME */ - -#define HAVE_STRUCT_SOCKADDR_LL 1 - -/* The number of bytes in a unsigned int. */ -#define SIZEOF_UNSIGNED_INT 4 - -/* The number of bytes in a unsigned long. */ -#define SIZEOF_UNSIGNED_LONG 4 - -/* The number of bytes in a unsigned short. */ -#define SIZEOF_UNSIGNED_SHORT 2 - -/* Define if you have the select function. */ -#define HAVE_SELECT 1 - -/* Define if you have the socket function. */ -#define HAVE_SOCKET 1 - -/* Define if you have the strerror function. */ -#define HAVE_STRERROR 1 - -/* Define if you have the strtol function. */ -#define HAVE_STRTOL 1 - -/* Define if you have the header file. */ -#define HAVE_ASM_TYPES_H 1 - -/* Define if you have the header file. */ -#define HAVE_FCNTL_H 1 - -/* Define if you have the header file. */ -#define HAVE_GETOPT_H 1 - -/* Define if you have the header file. */ -#define HAVE_LINUX_IF_ETHER_H 1 - -/* Define if you have kernel-mode PPPoE in Linux file. */ -#define HAVE_LINUX_KERNEL_PPPOE 1 - -/* Define if you have the header file. */ -#define HAVE_LINUX_IF_PACKET_H 1 - -/* Define if you have the header file. */ -#define HAVE_LINUX_IF_PPPOX_H 1 - -/* Define if you have the header file. */ -#define HAVE_NET_BPF_H 1 - -/* Define if you have the header file. */ -#define HAVE_NET_IF_ARP_H 1 - -/* Define if you have the header file. */ -#define HAVE_NET_ETHERNET_H 1 - -/* Define if you have the header file. */ -#define HAVE_NET_IF_H 1 - -/* Define if you have the header file. */ -#define HAVE_LINUX_IF_H 1 - -/* Define if you have the header file. */ -/* #undef HAVE_NET_IF_DL_H */ - -/* Define if you have the header file. */ -/* #undef HAVE_NET_IF_ETHER_H */ - -/* Define if you have the header file. */ -/* #undef HAVE_NET_IF_TYPES_H */ - -/* Define if you have the header file. */ -#define HAVE_NETINET_IF_ETHER_H 1 - -/* Define if you have the header file. */ -#define HAVE_NETPACKET_PACKET_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYS_CDEFS_H 1 - -/* Define if you have the header file. */ -/* #undef HAVE_SYS_DLPI_H */ - -/* Define if you have the header file. */ -#define HAVE_SYS_IOCTL_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYS_UIO_H 1 - -/* Define if you have the header file. */ -#define HAVE_SYSLOG_H 1 - -/* Define if you have the header file. */ -#define HAVE_UNISTD_H 1 - -/* Define if you have the N_HDLC line discipline in linux/termios.h */ -#define HAVE_N_HDLC 1 - -/* Define if bitfields are packed in reverse order */ -#define PACK_BITFIELDS_REVERSED 1 diff --git a/pppd/plugins/rp-pppoe/debug.c b/pppd/plugins/rp-pppoe/debug.c deleted file mode 100644 index a443eac..0000000 --- a/pppd/plugins/rp-pppoe/debug.c +++ /dev/null @@ -1,143 +0,0 @@ -/*********************************************************************** -* -* debug.c -* -* Implementation of user-space PPPoE redirector for Linux. -* -* Functions for printing debugging information -* -* Copyright (C) 2000 by Roaring Penguin Software Inc. -* -* This program may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: debug.c,v 1.1 2001/12/14 02:55:20 mostrows Exp $"; - -#include "pppoe.h" -#include -#include -#include -#include - -/********************************************************************** -*%FUNCTION: dumpHex -*%ARGUMENTS: -* fp -- file to dump to -* buf -- buffer to dump -* len -- length of data -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Dumps buffer to fp in an easy-to-read format -***********************************************************************/ -void -dumpHex(FILE *fp, unsigned char const *buf, int len) -{ - int i; - int base; - - if (!fp) return; - - /* do NOT dump PAP packets */ - if (len >= 2 && buf[0] == 0xC0 && buf[1] == 0x23) { - fprintf(fp, "(PAP Authentication Frame -- Contents not dumped)\n"); - return; - } - - for (base=0; baselength); - - /* Sheesh... printing times is a pain... */ - struct timeval tv; - time_t now; - int millisec; - struct tm *lt; - char timebuf[256]; - - UINT16_t type = etherType(packet); - if (!fp) return; - gettimeofday(&tv, NULL); - now = (time_t) tv.tv_sec; - millisec = tv.tv_usec / 1000; - lt = localtime(&now); - strftime(timebuf, 256, "%H:%M:%S", lt); - fprintf(fp, "%s.%03d %s PPPoE ", timebuf, millisec, dir); - if (type == Eth_PPPOE_Discovery) { - fprintf(fp, "Discovery (%x) ", (unsigned) type); - } else if (type == Eth_PPPOE_Session) { - fprintf(fp, "Session (%x) ", (unsigned) type); - } else { - fprintf(fp, "Unknown (%x) ", (unsigned) type); - } - - switch(packet->code) { - case CODE_PADI: fprintf(fp, "PADI "); break; - case CODE_PADO: fprintf(fp, "PADO "); break; - case CODE_PADR: fprintf(fp, "PADR "); break; - case CODE_PADS: fprintf(fp, "PADS "); break; - case CODE_PADT: fprintf(fp, "PADT "); break; - case CODE_SESS: fprintf(fp, "SESS "); break; - } - - fprintf(fp, "sess-id %d length %d\n", - (int) ntohs(packet->session), - len); - - /* Ugly... I apologize... */ - fprintf(fp, - "SourceAddr %02x:%02x:%02x:%02x:%02x:%02x " - "DestAddr %02x:%02x:%02x:%02x:%02x:%02x\n", - (unsigned) packet->ethHdr.h_source[0], - (unsigned) packet->ethHdr.h_source[1], - (unsigned) packet->ethHdr.h_source[2], - (unsigned) packet->ethHdr.h_source[3], - (unsigned) packet->ethHdr.h_source[4], - (unsigned) packet->ethHdr.h_source[5], - (unsigned) packet->ethHdr.h_dest[0], - (unsigned) packet->ethHdr.h_dest[1], - (unsigned) packet->ethHdr.h_dest[2], - (unsigned) packet->ethHdr.h_dest[3], - (unsigned) packet->ethHdr.h_dest[4], - (unsigned) packet->ethHdr.h_dest[5]); - dumpHex(fp, packet->payload, ntohs(packet->length)); -} diff --git a/pppd/plugins/rp-pppoe/discovery.c b/pppd/plugins/rp-pppoe/discovery.c deleted file mode 100644 index 937ea52..0000000 --- a/pppd/plugins/rp-pppoe/discovery.c +++ /dev/null @@ -1,645 +0,0 @@ -/*********************************************************************** -* -* discovery.c -* -* Perform PPPoE discovery -* -* Copyright (C) 1999 by Roaring Penguin Software Inc. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: discovery.c,v 1.3 2004/11/04 10:07:37 paulus Exp $"; - -#include "pppoe.h" - -#ifdef HAVE_SYSLOG_H -#include -#endif - -#include -#include -#include - -#ifdef HAVE_SYS_TIME_H -#include -#endif - -#ifdef HAVE_SYS_UIO_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifdef USE_LINUX_PACKET -#include -#include -#endif - -#include - -/********************************************************************** -*%FUNCTION: parseForHostUniq -*%ARGUMENTS: -* type -- tag type -* len -- tag length -* data -- tag data. -* extra -- user-supplied pointer. This is assumed to be a pointer to int. -*%RETURNS: -* Nothing -*%DESCRIPTION: -* If a HostUnique tag is found which matches our PID, sets *extra to 1. -***********************************************************************/ -void -parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data, - void *extra) -{ - int *val = (int *) extra; - if (type == TAG_HOST_UNIQ && len == sizeof(pid_t)) { - pid_t tmp; - memcpy(&tmp, data, len); - if (tmp == getpid()) { - *val = 1; - } - } -} - -/********************************************************************** -*%FUNCTION: packetIsForMe -*%ARGUMENTS: -* conn -- PPPoE connection info -* packet -- a received PPPoE packet -*%RETURNS: -* 1 if packet is for this PPPoE daemon; 0 otherwise. -*%DESCRIPTION: -* If we are using the Host-Unique tag, verifies that packet contains -* our unique identifier. -***********************************************************************/ -int -packetIsForMe(PPPoEConnection *conn, PPPoEPacket *packet) -{ - int forMe = 0; - - /* If packet is not directed to our MAC address, forget it */ - if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0; - - /* If we're not using the Host-Unique tag, then accept the packet */ - if (!conn->useHostUniq) return 1; - - parsePacket(packet, parseForHostUniq, &forMe); - return forMe; -} - -/********************************************************************** -*%FUNCTION: parsePADOTags -*%ARGUMENTS: -* type -- tag type -* len -- tag length -* data -- tag data -* extra -- extra user data. Should point to a PacketCriteria structure -* which gets filled in according to selected AC name and service -* name. -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Picks interesting tags out of a PADO packet -***********************************************************************/ -void -parsePADOTags(UINT16_t type, UINT16_t len, unsigned char *data, - void *extra) -{ - struct PacketCriteria *pc = (struct PacketCriteria *) extra; - PPPoEConnection *conn = pc->conn; - int i; - - switch(type) { - case TAG_AC_NAME: - pc->seenACName = 1; - if (conn->printACNames) { - printf("Access-Concentrator: %.*s\n", (int) len, data); - } - if (conn->acName && len == strlen(conn->acName) && - !strncmp((char *) data, conn->acName, len)) { - pc->acNameOK = 1; - } - break; - case TAG_SERVICE_NAME: - pc->seenServiceName = 1; - if (conn->printACNames && len > 0) { - printf(" Service-Name: %.*s\n", (int) len, data); - } - if (conn->serviceName && len == strlen(conn->serviceName) && - !strncmp((char *) data, conn->serviceName, len)) { - pc->serviceNameOK = 1; - } - break; - case TAG_AC_COOKIE: - if (conn->printACNames) { - printf("Got a cookie:"); - /* Print first 20 bytes of cookie */ - for (i=0; icookie.type = htons(type); - conn->cookie.length = htons(len); - memcpy(conn->cookie.payload, data, len); - break; - case TAG_RELAY_SESSION_ID: - if (conn->printACNames) { - printf("Got a Relay-ID:"); - /* Print first 20 bytes of relay ID */ - for (i=0; irelayId.type = htons(type); - conn->relayId.length = htons(len); - memcpy(conn->relayId.payload, data, len); - break; - case TAG_SERVICE_NAME_ERROR: - if (conn->printACNames) { - printf("Got a Service-Name-Error tag: %.*s\n", (int) len, data); - } else { - syslog(LOG_ERR, "PADO: Service-Name-Error: %.*s", (int) len, data); - exit(1); - } - break; - case TAG_AC_SYSTEM_ERROR: - if (conn->printACNames) { - printf("Got a System-Error tag: %.*s\n", (int) len, data); - } else { - syslog(LOG_ERR, "PADO: System-Error: %.*s", (int) len, data); - exit(1); - } - break; - case TAG_GENERIC_ERROR: - if (conn->printACNames) { - printf("Got a Generic-Error tag: %.*s\n", (int) len, data); - } else { - syslog(LOG_ERR, "PADO: Generic-Error: %.*s", (int) len, data); - exit(1); - } - break; - } -} - -/********************************************************************** -*%FUNCTION: parsePADSTags -*%ARGUMENTS: -* type -- tag type -* len -- tag length -* data -- tag data -* extra -- extra user data (pointer to PPPoEConnection structure) -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Picks interesting tags out of a PADS packet -***********************************************************************/ -void -parsePADSTags(UINT16_t type, UINT16_t len, unsigned char *data, - void *extra) -{ - PPPoEConnection *conn = (PPPoEConnection *) extra; - switch(type) { - case TAG_SERVICE_NAME: - syslog(LOG_DEBUG, "PADS: Service-Name: '%.*s'", (int) len, data); - break; - case TAG_SERVICE_NAME_ERROR: - syslog(LOG_ERR, "PADS: Service-Name-Error: %.*s", (int) len, data); - fprintf(stderr, "PADS: Service-Name-Error: %.*s\n", (int) len, data); - exit(1); - case TAG_AC_SYSTEM_ERROR: - syslog(LOG_ERR, "PADS: System-Error: %.*s", (int) len, data); - fprintf(stderr, "PADS: System-Error: %.*s\n", (int) len, data); - exit(1); - case TAG_GENERIC_ERROR: - syslog(LOG_ERR, "PADS: Generic-Error: %.*s", (int) len, data); - fprintf(stderr, "PADS: Generic-Error: %.*s\n", (int) len, data); - exit(1); - case TAG_RELAY_SESSION_ID: - conn->relayId.type = htons(type); - conn->relayId.length = htons(len); - memcpy(conn->relayId.payload, data, len); - break; - } -} - -/*********************************************************************** -*%FUNCTION: sendPADI -*%ARGUMENTS: -* conn -- PPPoEConnection structure -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Sends a PADI packet -***********************************************************************/ -void -sendPADI(PPPoEConnection *conn) -{ - PPPoEPacket packet; - unsigned char *cursor = packet.payload; - PPPoETag *svc = (PPPoETag *) (&packet.payload); - UINT16_t namelen = 0; - UINT16_t plen; - - if (conn->serviceName) { - namelen = (UINT16_t) strlen(conn->serviceName); - } - plen = TAG_HDR_SIZE + namelen; - CHECK_ROOM(cursor, packet.payload, plen); - - /* Set destination to Ethernet broadcast address */ - memset(packet.ethHdr.h_dest, 0xFF, ETH_ALEN); - memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN); - - packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery); - packet.ver = 1; - packet.type = 1; - packet.code = CODE_PADI; - packet.session = 0; - - svc->type = TAG_SERVICE_NAME; - svc->length = htons(namelen); - CHECK_ROOM(cursor, packet.payload, namelen+TAG_HDR_SIZE); - - if (conn->serviceName) { - memcpy(svc->payload, conn->serviceName, strlen(conn->serviceName)); - } - cursor += namelen + TAG_HDR_SIZE; - - /* If we're using Host-Uniq, copy it over */ - if (conn->useHostUniq) { - PPPoETag hostUniq; - pid_t pid = getpid(); - hostUniq.type = htons(TAG_HOST_UNIQ); - hostUniq.length = htons(sizeof(pid)); - memcpy(hostUniq.payload, &pid, sizeof(pid)); - CHECK_ROOM(cursor, packet.payload, sizeof(pid) + TAG_HDR_SIZE); - memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); - cursor += sizeof(pid) + TAG_HDR_SIZE; - plen += sizeof(pid) + TAG_HDR_SIZE; - } - - packet.length = htons(plen); - - sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE)); - if (conn->debugFile) { - dumpPacket(conn->debugFile, &packet, "SENT"); - fprintf(conn->debugFile, "\n"); - fflush(conn->debugFile); - } -} - -/********************************************************************** -*%FUNCTION: waitForPADO -*%ARGUMENTS: -* conn -- PPPoEConnection structure -* timeout -- how long to wait (in seconds) -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Waits for a PADO packet and copies useful information -***********************************************************************/ -void -waitForPADO(PPPoEConnection *conn, int timeout) -{ - fd_set readable; - int r; - struct timeval tv; - PPPoEPacket packet; - int len; - - struct PacketCriteria pc; - pc.conn = conn; - pc.acNameOK = (conn->acName) ? 0 : 1; - pc.serviceNameOK = (conn->serviceName) ? 0 : 1; - pc.seenACName = 0; - pc.seenServiceName = 0; - - do { - if (BPF_BUFFER_IS_EMPTY) { - tv.tv_sec = timeout; - tv.tv_usec = 0; - - FD_ZERO(&readable); - FD_SET(conn->discoverySocket, &readable); - - while(1) { - r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv); - if (r >= 0 || errno != EINTR) break; - } - if (r < 0) { - fatalSys("select (waitForPADO)"); - } - if (r == 0) return; /* Timed out */ - } - - /* Get the packet */ - receivePacket(conn->discoverySocket, &packet, &len); - - /* Check length */ - if (ntohs(packet.length) + HDR_SIZE > len) { - syslog(LOG_ERR, "Bogus PPPoE length field (%u)", - (unsigned int) ntohs(packet.length)); - continue; - } - -#ifdef USE_BPF - /* If it's not a Discovery packet, loop again */ - if (etherType(&packet) != Eth_PPPOE_Discovery) continue; -#endif - - if (conn->debugFile) { - dumpPacket(conn->debugFile, &packet, "RCVD"); - fprintf(conn->debugFile, "\n"); - fflush(conn->debugFile); - } - /* If it's not for us, loop again */ - if (!packetIsForMe(conn, &packet)) continue; - - if (packet.code == CODE_PADO) { - if (NOT_UNICAST(packet.ethHdr.h_source)) { - printErr("Ignoring PADO packet from non-unicast MAC address"); - continue; - } - parsePacket(&packet, parsePADOTags, &pc); - if (!pc.seenACName) { - printErr("Ignoring PADO packet with no AC-Name tag"); - continue; - } - if (!pc.seenServiceName) { - printErr("Ignoring PADO packet with no Service-Name tag"); - continue; - } - conn->numPADOs++; - if (conn->printACNames) { - printf("--------------------------------------------------\n"); - } - if (pc.acNameOK && pc.serviceNameOK) { - memcpy(conn->peerEth, packet.ethHdr.h_source, ETH_ALEN); - if (conn->printACNames) { - printf("AC-Ethernet-Address: %02x:%02x:%02x:%02x:%02x:%02x\n", - (unsigned) conn->peerEth[0], - (unsigned) conn->peerEth[1], - (unsigned) conn->peerEth[2], - (unsigned) conn->peerEth[3], - (unsigned) conn->peerEth[4], - (unsigned) conn->peerEth[5]); - continue; - } - conn->discoveryState = STATE_RECEIVED_PADO; - break; - } - } - } while (conn->discoveryState != STATE_RECEIVED_PADO); -} - -/*********************************************************************** -*%FUNCTION: sendPADR -*%ARGUMENTS: -* conn -- PPPoE connection structur -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Sends a PADR packet -***********************************************************************/ -void -sendPADR(PPPoEConnection *conn) -{ - PPPoEPacket packet; - PPPoETag *svc = (PPPoETag *) packet.payload; - unsigned char *cursor = packet.payload; - - UINT16_t namelen = 0; - UINT16_t plen; - - if (conn->serviceName) { - namelen = (UINT16_t) strlen(conn->serviceName); - } - plen = TAG_HDR_SIZE + namelen; - CHECK_ROOM(cursor, packet.payload, plen); - - memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN); - memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN); - - packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery); - packet.ver = 1; - packet.type = 1; - packet.code = CODE_PADR; - packet.session = 0; - - svc->type = TAG_SERVICE_NAME; - svc->length = htons(namelen); - if (conn->serviceName) { - memcpy(svc->payload, conn->serviceName, namelen); - } - cursor += namelen + TAG_HDR_SIZE; - - /* If we're using Host-Uniq, copy it over */ - if (conn->useHostUniq) { - PPPoETag hostUniq; - pid_t pid = getpid(); - hostUniq.type = htons(TAG_HOST_UNIQ); - hostUniq.length = htons(sizeof(pid)); - memcpy(hostUniq.payload, &pid, sizeof(pid)); - CHECK_ROOM(cursor, packet.payload, sizeof(pid)+TAG_HDR_SIZE); - memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); - cursor += sizeof(pid) + TAG_HDR_SIZE; - plen += sizeof(pid) + TAG_HDR_SIZE; - } - - /* Copy cookie and relay-ID if needed */ - if (conn->cookie.type) { - CHECK_ROOM(cursor, packet.payload, - ntohs(conn->cookie.length) + TAG_HDR_SIZE); - memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE); - cursor += ntohs(conn->cookie.length) + TAG_HDR_SIZE; - plen += ntohs(conn->cookie.length) + TAG_HDR_SIZE; - } - - if (conn->relayId.type) { - CHECK_ROOM(cursor, packet.payload, - ntohs(conn->relayId.length) + TAG_HDR_SIZE); - memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE); - cursor += ntohs(conn->relayId.length) + TAG_HDR_SIZE; - plen += ntohs(conn->relayId.length) + TAG_HDR_SIZE; - } - - packet.length = htons(plen); - sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE)); - if (conn->debugFile) { - dumpPacket(conn->debugFile, &packet, "SENT"); - fprintf(conn->debugFile, "\n"); - fflush(conn->debugFile); - } -} - -/********************************************************************** -*%FUNCTION: waitForPADS -*%ARGUMENTS: -* conn -- PPPoE connection info -* timeout -- how long to wait (in seconds) -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Waits for a PADS packet and copies useful information -***********************************************************************/ -void -waitForPADS(PPPoEConnection *conn, int timeout) -{ - fd_set readable; - int r; - struct timeval tv; - PPPoEPacket packet; - int len; - - do { - if (BPF_BUFFER_IS_EMPTY) { - tv.tv_sec = timeout; - tv.tv_usec = 0; - - FD_ZERO(&readable); - FD_SET(conn->discoverySocket, &readable); - - while(1) { - r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv); - if (r >= 0 || errno != EINTR) break; - } - if (r < 0) { - fatalSys("select (waitForPADS)"); - } - if (r == 0) return; - } - - /* Get the packet */ - receivePacket(conn->discoverySocket, &packet, &len); - - /* Check length */ - if (ntohs(packet.length) + HDR_SIZE > len) { - syslog(LOG_ERR, "Bogus PPPoE length field (%u)", - (unsigned int) ntohs(packet.length)); - continue; - } - -#ifdef USE_BPF - /* If it's not a Discovery packet, loop again */ - if (etherType(&packet) != Eth_PPPOE_Discovery) continue; -#endif - if (conn->debugFile) { - dumpPacket(conn->debugFile, &packet, "RCVD"); - fprintf(conn->debugFile, "\n"); - fflush(conn->debugFile); - } - - /* If it's not from the AC, it's not for me */ - if (memcmp(packet.ethHdr.h_source, conn->peerEth, ETH_ALEN)) continue; - - /* If it's not for us, loop again */ - if (!packetIsForMe(conn, &packet)) continue; - - /* Is it PADS? */ - if (packet.code == CODE_PADS) { - /* Parse for goodies */ - parsePacket(&packet, parsePADSTags, conn); - conn->discoveryState = STATE_SESSION; - break; - } - } while (conn->discoveryState != STATE_SESSION); - - /* Don't bother with ntohs; we'll just end up converting it back... */ - conn->session = packet.session; - - syslog(LOG_INFO, "PPP session is %d", (int) ntohs(conn->session)); - - /* RFC 2516 says session id MUST NOT be zero or 0xFFFF */ - if (ntohs(conn->session) == 0 || ntohs(conn->session) == 0xFFFF) { - syslog(LOG_ERR, "Access concentrator used a session value of %x -- the AC is violating RFC 2516", (unsigned int) ntohs(conn->session)); - } -} - -/********************************************************************** -*%FUNCTION: discovery -*%ARGUMENTS: -* conn -- PPPoE connection info structure -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Performs the PPPoE discovery phase -***********************************************************************/ -void -discovery(PPPoEConnection *conn) -{ - int padiAttempts = 0; - int padrAttempts = 0; - int timeout = PADI_TIMEOUT; - - /* Skip discovery and don't open discovery socket? */ - if (conn->skipDiscovery && conn->noDiscoverySocket) { - conn->discoveryState = STATE_SESSION; - return; - } - - conn->discoverySocket = - openInterface(conn->ifName, Eth_PPPOE_Discovery, conn->myEth); - - /* Skip discovery? */ - if (conn->skipDiscovery) { - conn->discoveryState = STATE_SESSION; - return; - } - - do { - padiAttempts++; - if (padiAttempts > MAX_PADI_ATTEMPTS) { - warn("Timeout waiting for PADO packets"); - close(conn->discoverySocket); - conn->discoverySocket = -1; - return; - } - sendPADI(conn); - conn->discoveryState = STATE_SENT_PADI; - waitForPADO(conn, timeout); - - /* If we're just probing for access concentrators, don't do - exponential backoff. This reduces the time for an unsuccessful - probe to 15 seconds. */ - if (!conn->printACNames) { - timeout *= 2; - } - if (conn->printACNames && conn->numPADOs) { - break; - } - } while (conn->discoveryState == STATE_SENT_PADI); - - /* If we're only printing access concentrator names, we're done */ - if (conn->printACNames) { - die(0); - } - - timeout = PADI_TIMEOUT; - do { - padrAttempts++; - if (padrAttempts > MAX_PADI_ATTEMPTS) { - warn("Timeout waiting for PADS packets"); - close(conn->discoverySocket); - conn->discoverySocket = -1; - return; - } - sendPADR(conn); - conn->discoveryState = STATE_SENT_PADR; - waitForPADS(conn, timeout); - timeout *= 2; - } while (conn->discoveryState == STATE_SENT_PADR); - - /* We're done. */ - conn->discoveryState = STATE_SESSION; - return; -} - diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c deleted file mode 100644 index 4e21762..0000000 --- a/pppd/plugins/rp-pppoe/if.c +++ /dev/null @@ -1,1097 +0,0 @@ -/*********************************************************************** -* -* if.c -* -* Implementation of user-space PPPoE redirector for Linux. -* -* Functions for opening a raw socket and reading/writing raw Ethernet frames. -* -* Copyright (C) 2000 by Roaring Penguin Software Inc. -* -* This program may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -static char const RCSID[] = -"$Id: if.c,v 1.1 2001/12/14 02:55:20 mostrows Exp $"; - -#include "pppoe.h" - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifdef HAVE_NETPACKET_PACKET_H -#include -#elif defined(HAVE_LINUX_IF_PACKET_H) -#include -#endif - -#ifdef HAVE_NET_ETHERNET_H -#include -#endif - -#ifdef HAVE_ASM_TYPES_H -#include -#endif - -#ifdef HAVE_SYS_IOCTL_H -#include -#endif - -#ifdef HAVE_SYSLOG_H -#include -#endif - -#include -#include -#include - -#ifdef HAVE_NET_IF_ARP_H -#include -#endif - -#ifdef USE_DLPI - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* function declarations */ - -void dlpromisconreq( int fd, u_long level); -void dlinforeq(int fd); -void dlunitdatareq(int fd, u_char *addrp, int addrlen, u_long minpri, u_long maxpri, u_char *datap, int datalen); -void dlinfoack(int fd, char *bufp); -void dlbindreq(int fd, u_long sap, u_long max_conind, u_long service_mode, u_long conn_mgmt, u_long xidtest); -void dlattachreq(int fd, u_long ppa); -void dlokack(int fd, char *bufp); -void dlbindack(int fd, char *bufp); -int strioctl(int fd, int cmd, int timout, int len, char *dp); -void strgetmsg(int fd, struct strbuf *ctlp, struct strbuf *datap, int *flagsp, char *caller); -void sigalrm(int sig); -void expecting(int prim, union DL_primitives *dlp); -char *dlprim(u_long prim); - -/* #define DL_DEBUG */ - -static int dl_abssaplen; -static int dl_saplen; -static int dl_addrlen; - -#endif - -#ifdef USE_BPF -#include -#include - -unsigned char *bpfBuffer; /* Packet filter buffer */ -int bpfLength = 0; /* Packet filter buffer length */ -int bpfSize = 0; /* Number of unread bytes in buffer */ -int bpfOffset = 0; /* Current offset in bpfBuffer */ -#endif - -/* Initialize frame types to RFC 2516 values. Some broken peers apparently - use different frame types... sigh... */ - -UINT16_t Eth_PPPOE_Discovery = ETH_PPPOE_DISCOVERY; -UINT16_t Eth_PPPOE_Session = ETH_PPPOE_SESSION; - -/********************************************************************** -*%FUNCTION: etherType -*%ARGUMENTS: -* packet -- a received PPPoE packet -*%RETURNS: -* ethernet packet type (see /usr/include/net/ethertypes.h) -*%DESCRIPTION: -* Checks the ethernet packet header to determine its type. -* We should only be receveing DISCOVERY and SESSION types if the BPF -* is set up correctly. Logs an error if an unexpected type is received. -* Note that the ethernet type names come from "pppoe.h" and the packet -* packet structure names use the LINUX dialect to maintain consistency -* with the rest of this file. See the BSD section of "pppoe.h" for -* translations of the data structure names. -***********************************************************************/ -UINT16_t -etherType(PPPoEPacket *packet) -{ - UINT16_t type = (UINT16_t) ntohs(packet->ethHdr.h_proto); - if (type != Eth_PPPOE_Discovery && type != Eth_PPPOE_Session) { - syslog(LOG_ERR, "Invalid ether type 0x%x", type); - } - return type; -} - -#ifdef USE_BPF -/********************************************************************** -*%FUNCTION: getHWaddr -*%ARGUMENTS: -* ifname -- name of interface -* hwaddr -- buffer for ehthernet address -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Locates the Ethernet hardware address for an interface. -***********************************************************************/ -void -getHWaddr(int sock, char const *ifname, unsigned char *hwaddr) -{ - char inbuf[8192]; - const struct sockaddr_dl *sdl; - struct ifconf ifc; - struct ifreq ifreq, *ifr; - int i; - int found = 0; - - ifc.ifc_len = sizeof(inbuf); - ifc.ifc_buf = inbuf; - if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) { - fatalSys("SIOCGIFCONF"); - } - ifr = ifc.ifc_req; - ifreq.ifr_name[0] = '\0'; - for (i = 0; i < ifc.ifc_len; ) { - ifr = (struct ifreq *)((caddr_t)ifc.ifc_req + i); - i += sizeof(ifr->ifr_name) + - (ifr->ifr_addr.sa_len > sizeof(struct sockaddr) - ? ifr->ifr_addr.sa_len - : sizeof(struct sockaddr)); - if (ifr->ifr_addr.sa_family == AF_LINK) { - sdl = (const struct sockaddr_dl *) &ifr->ifr_addr; - if ((sdl->sdl_type == IFT_ETHER) && - (sdl->sdl_alen == ETH_ALEN) && - !strncmp(ifname, ifr->ifr_name, sizeof(ifr->ifr_name))) { - if (found) { - char buffer[256]; - sprintf(buffer, "interface %.16s has more than one ethernet address", ifname); - rp_fatal(buffer); - } else { - found = 1; - memcpy(hwaddr, LLADDR(sdl), ETH_ALEN); - } - } - } - } - if (!found) { - char buffer[256]; - sprintf(buffer, "interface %.16s has no ethernet address", ifname); - rp_fatal(buffer); - } -} - -/********************************************************************** -*%FUNCTION: initFilter -*%ARGUMENTS: -* fd -- file descriptor of BSD device -* type -- Ethernet frame type (0 for watch mode) -* hwaddr -- buffer with ehthernet address -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Initializes the packet filter rules. -***********************************************************************/ -void -initFilter(int fd, UINT16_t type, unsigned char *hwaddr) -{ - /* Packet Filter Instructions: - * Note that the ethernet type names come from "pppoe.h" and are - * used here to maintain consistency with the rest of this file. */ - static struct bpf_insn bpfRun[] = { /* run PPPoE */ - BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 12), /* ethernet type */ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETH_PPPOE_SESSION, 5, 0), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETH_PPPOE_DISCOVERY, 0, 9), - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 0), /* first word of dest. addr */ -#define PPPOE_BCAST_CMPW 4 /* offset of word compare */ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 2), - BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 4), /* next 1/2 word of dest. */ -#define PPPOE_BCAST_CMPH 6 /* offset of 1/2 word compare */ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 4, 0), - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 0), /* first word of dest. addr */ -#define PPPOE_FILTER_CMPW 8 /* offset of word compare */ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 3), - BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 4), /* next 1/2 word of dest. */ -#define PPPOE_FILTER_CMPH 10 /* offset of 1/rd compare */ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 1), - BPF_STMT(BPF_RET+BPF_K, (u_int) -1), /* keep packet */ - BPF_STMT(BPF_RET+BPF_K, 0), /* drop packet */ - }; - - /* Fix the potentially varying parts */ - bpfRun[1].code = (u_short) BPF_JMP+BPF_JEQ+BPF_K; - bpfRun[1].jt = 5; - bpfRun[1].jf = 0; - bpfRun[1].k = Eth_PPPOE_Session; - - bpfRun[2].code = (u_short) BPF_JMP+BPF_JEQ+BPF_K; - bpfRun[2].jt = 0; - bpfRun[2].jf = 9; - bpfRun[2].k = Eth_PPPOE_Discovery; - - { - struct bpf_insn bpfInsn[sizeof(bpfRun) / sizeof(bpfRun[0])]; - struct bpf_program bpfProgram; - memcpy(bpfInsn, bpfRun, sizeof(bpfRun)); - bpfInsn[PPPOE_BCAST_CMPW].k = ((0xff << 24) | (0xff << 16) | - (0xff << 8) | 0xff); - bpfInsn[PPPOE_BCAST_CMPH].k = ((0xff << 8) | 0xff); - bpfInsn[PPPOE_FILTER_CMPW].k = ((hwaddr[0] << 24) | (hwaddr[1] << 16) | - (hwaddr[2] << 8) | hwaddr[3]); - bpfInsn[PPPOE_FILTER_CMPH].k = ((hwaddr[4] << 8) | hwaddr[5]); - bpfProgram.bf_len = (sizeof(bpfInsn) / sizeof(bpfInsn[0])); - bpfProgram.bf_insns = &bpfInsn[0]; - - /* Apply the filter */ - if (ioctl(fd, BIOCSETF, &bpfProgram) < 0) { - fatalSys("ioctl(BIOCSETF)"); - } - } -} - -/********************************************************************** -*%FUNCTION: openInterface -*%ARGUMENTS: -* ifname -- name of interface -* type -- Ethernet frame type (0 for any frame type) -* hwaddr -- if non-NULL, set to the hardware address -*%RETURNS: -* A file descriptor for talking with the Ethernet card. Exits on error. -* Note that the Linux version of this routine returns a socket instead. -*%DESCRIPTION: -* Opens a BPF on an interface for all PPPoE traffic (discovery and -* session). If 'type' is 0, uses promiscuous mode to watch any PPPoE -* traffic on this network. -***********************************************************************/ -int -openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) -{ - static int fd = -1; - char bpfName[32]; - u_int optval; - struct bpf_version bpf_ver; - struct ifreq ifr; - int sock; - int i; - - /* BSD only opens one socket for both Discovery and Session packets */ - if (fd >= 0) { - return fd; - } - - /* Find a free BPF device */ - for (i = 0; i < 256; i++) { - sprintf(bpfName, "/dev/bpf%d", i); - if (((fd = open(bpfName, O_RDWR, 0)) >= 0) || - (errno != EBUSY)) { - break; - } - } - if (fd < 0) { - switch (errno) { - case EACCES: /* permission denied */ - { - char buffer[256]; - sprintf(buffer, "Cannot open %.32s -- pppoe must be run as root.", bpfName); - rp_fatal(buffer); - } - break; - case EBUSY: - case ENOENT: /* no such file */ - if (i == 0) { - rp_fatal("No /dev/bpf* devices (check your kernel configuration for BPF support)"); - } else { - rp_fatal("All /dev/bpf* devices are in use"); - } - break; - } - fatalSys(bpfName); - } - - if ((sock = socket(AF_LOCAL, SOCK_DGRAM, 0)) < 0) { - fatalSys("socket"); - } - - /* Check that the interface is up */ - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock, SIOCGIFFLAGS, &ifr) < 0) { - fatalSys("ioctl(SIOCGIFFLAGS)"); - } - if ((ifr.ifr_flags & IFF_UP) == 0) { - char buffer[256]; - sprintf(buffer, "Interface %.16s is not up\n", ifname); - rp_fatal(buffer); - } - - /* Fill in hardware address and initialize the packet filter rules */ - if (hwaddr == NULL) { - rp_fatal("openInterface: no hwaddr arg."); - } - getHWaddr(sock, ifname, hwaddr); - initFilter(fd, type, hwaddr); - - /* Sanity check on MTU -- apparently does not work on OpenBSD */ -#if !defined(__OpenBSD__) - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock, SIOCGIFMTU, &ifr) < 0) { - fatalSys("ioctl(SIOCGIFMTU)"); - } - if (ifr.ifr_mtu < ETH_DATA_LEN) { - char buffer[256]; - sprintf(buffer, "Interface %.16s has MTU of %d -- should be %d. You may have serious connection problems.", - ifname, ifr.ifr_mtu, ETH_DATA_LEN); - printErr(buffer); - } -#endif - - /* done with the socket */ - if (close(sock) < 0) { - fatalSys("close"); - } - - /* Check the BPF version number */ - if (ioctl(fd, BIOCVERSION, &bpf_ver) < 0) { - fatalSys("ioctl(BIOCVERSION)"); - } - if ((bpf_ver.bv_major != BPF_MAJOR_VERSION) || - (bpf_ver.bv_minor < BPF_MINOR_VERSION)) { - char buffer[256]; - sprintf(buffer, "Unsupported BPF version: %d.%d (kernel: %d.%d)", - BPF_MAJOR_VERSION, BPF_MINOR_VERSION, - bpf_ver.bv_major, bpf_ver.bv_minor); - rp_fatal(buffer); - } - - /* allocate a receive packet buffer */ - if (ioctl(fd, BIOCGBLEN, &bpfLength) < 0) { - fatalSys("ioctl(BIOCGBLEN)"); - } - if (!(bpfBuffer = (unsigned char *) malloc(bpfLength))) { - rp_fatal("malloc"); - } - - /* reads should return as soon as there is a packet available */ - optval = 1; - if (ioctl(fd, BIOCIMMEDIATE, &optval) < 0) { - fatalSys("ioctl(BIOCIMMEDIATE)"); - } - - /* Bind the interface to the filter */ - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(fd, BIOCSETIF, &ifr) < 0) { - char buffer[256]; - sprintf(buffer, "ioctl(BIOCSETIF) can't select interface %.16s", - ifname); - rp_fatal(buffer); - } - - syslog(LOG_INFO, "Interface=%.16s HWaddr=%02X:%02X:%02X:%02X:%02X:%02X Device=%.32s Buffer size=%d", - ifname, - hwaddr[0], hwaddr[1], hwaddr[2], - hwaddr[3], hwaddr[4], hwaddr[5], - bpfName, bpfLength); - return fd; -} - -#endif /* USE_BPF */ - -#ifdef USE_LINUX_PACKET -/********************************************************************** -*%FUNCTION: openInterface -*%ARGUMENTS: -* ifname -- name of interface -* type -- Ethernet frame type -* hwaddr -- if non-NULL, set to the hardware address -*%RETURNS: -* A raw socket for talking to the Ethernet card. Exits on error. -*%DESCRIPTION: -* Opens a raw Ethernet socket -***********************************************************************/ -int -openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) -{ - int optval=1; - int fd; - struct ifreq ifr; - int domain, stype; - -#ifdef HAVE_STRUCT_SOCKADDR_LL - struct sockaddr_ll sa; -#else - struct sockaddr sa; -#endif - - memset(&sa, 0, sizeof(sa)); - -#ifdef HAVE_STRUCT_SOCKADDR_LL - domain = PF_PACKET; - stype = SOCK_RAW; -#else - domain = PF_INET; - stype = SOCK_PACKET; -#endif - - if ((fd = socket(domain, stype, htons(type))) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - rp_fatal("Cannot create raw socket -- pppoe must be run as root."); - } - fatalSys("socket"); - } - - if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &optval, sizeof(optval)) < 0) { - fatalSys("setsockopt"); - } - - /* Fill in hardware address */ - if (hwaddr) { - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFHWADDR, &ifr) < 0) { - fatalSys("ioctl(SIOCGIFHWADDR)"); - } - memcpy(hwaddr, ifr.ifr_hwaddr.sa_data, ETH_ALEN); -#ifdef ARPHRD_ETHER - if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) { - char buffer[256]; - sprintf(buffer, "Interface %.16s is not Ethernet", ifname); - rp_fatal(buffer); - } -#endif - if (NOT_UNICAST(hwaddr)) { - char buffer[256]; - sprintf(buffer, - "Interface %.16s has broadcast/multicast MAC address??", - ifname); - rp_fatal(buffer); - } - } - - /* Sanity check on MTU */ - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFMTU, &ifr) < 0) { - fatalSys("ioctl(SIOCGIFMTU)"); - } - if (ifr.ifr_mtu < ETH_DATA_LEN) { - char buffer[256]; - sprintf(buffer, "Interface %.16s has MTU of %d -- should be %d. You may have serious connection problems.", - ifname, ifr.ifr_mtu, ETH_DATA_LEN); - printErr(buffer); - } - -#ifdef HAVE_STRUCT_SOCKADDR_LL - /* Get interface index */ - sa.sll_family = AF_PACKET; - sa.sll_protocol = htons(type); - - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) { - fatalSys("ioctl(SIOCFIGINDEX): Could not get interface index"); - } - sa.sll_ifindex = ifr.ifr_ifindex; - -#else - strcpy(sa.sa_data, ifname); -#endif - - /* We're only interested in packets on specified interface */ - if (bind(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0) { - fatalSys("bind"); - } - - return fd; -} - -#endif /* USE_LINUX */ - -/*********************************************************************** -*%FUNCTION: sendPacket -*%ARGUMENTS: -* sock -- socket to send to -* pkt -- the packet to transmit -* size -- size of packet (in bytes) -*%RETURNS: -* 0 on success; -1 on failure -*%DESCRIPTION: -* Transmits a packet -***********************************************************************/ -int -sendPacket(PPPoEConnection *conn, int sock, PPPoEPacket *pkt, int size) -{ -#if defined(USE_BPF) - if (write(sock, pkt, size) < 0) { - sysErr("write (sendPacket)"); - return -1; - } -#elif defined(HAVE_STRUCT_SOCKADDR_LL) - if (send(sock, pkt, size, 0) < 0) { - sysErr("send (sendPacket)"); - return -1; - } -#else -#ifdef USE_DLPI - -#define ABS(x) ((x) < 0 ? -(x) : (x)) - - u_char addr[MAXDLADDR]; - u_char phys[MAXDLADDR]; - u_char sap[MAXDLADDR]; - u_char xmitbuf[MAXDLBUF]; - int data_size; - - short tmp_sap; - - tmp_sap = htons(pkt->ethHdr.h_proto); - data_size = size - sizeof(struct ethhdr); - - memcpy((char *)phys, (char *)pkt->ethHdr.h_dest, ETHERADDRL); - memcpy((char *)sap, (char *)&tmp_sap, sizeof(ushort_t)); - memcpy((char *)xmitbuf, (char *)pkt + sizeof(struct ethhdr), data_size); - - if (dl_saplen > 0) { /* order is sap+phys */ - (void) memcpy((char*)addr, (char*)&sap, dl_abssaplen); - (void) memcpy((char*)addr+dl_abssaplen, (char*)phys, ETHERADDRL); - } else { /* order is phys+sap */ - (void) memcpy((char*)addr, (char*)phys, ETHERADDRL); - (void) memcpy((char*)addr+ETHERADDRL, (char*)&sap, dl_abssaplen); - } - -#ifdef DL_DEBUG - printf("%02x:%02x:%02x:%02x:%02x:%02x %02x:%02x\n", - addr[0],addr[1],addr[2],addr[3],addr[4],addr[5], - addr[6],addr[7]); -#endif - - dlunitdatareq(sock, addr, dl_addrlen, 0, 0, xmitbuf, data_size); - - - -#else - struct sockaddr sa; - - if (!conn) { - rp_fatal("relay and server not supported on Linux 2.0 kernels"); - } - strcpy(sa.sa_data, conn->ifName); - if (sendto(sock, pkt, size, 0, &sa, sizeof(sa)) < 0) { - sysErr("sendto (sendPacket)"); - return -1; - } -#endif -#endif - return 0; -} - -#ifdef USE_BPF -/*********************************************************************** -*%FUNCTION: clearPacketHeader -*%ARGUMENTS: -* pkt -- packet that needs its head clearing -*%RETURNS: -* nothing -*%DESCRIPTION: -* Clears a PPPoE packet header after a truncated packet has been -* received. Insures that the packet will fail any integrity tests -* and will be discarded by upper level routines. Also resets the -* bpfSize and bpfOffset variables to force a new read on the next -* call to receivePacket(). -***********************************************************************/ -void -clearPacketHeader(PPPoEPacket *pkt) -{ - bpfSize = bpfOffset = 0; - memset(pkt, 0, HDR_SIZE); -} -#endif - -/*********************************************************************** -*%FUNCTION: receivePacket -*%ARGUMENTS: -* sock -- socket to read from -* pkt -- place to store the received packet -* size -- set to size of packet in bytes -*%RETURNS: -* >= 0 if all OK; < 0 if error -*%DESCRIPTION: -* Receives a packet -***********************************************************************/ -int -receivePacket(int sock, PPPoEPacket *pkt, int *size) -{ -#ifdef USE_BPF - struct bpf_hdr hdr; - int seglen, copylen; - - if (bpfSize <= 0) { - bpfOffset = 0; - if ((bpfSize = read(sock, bpfBuffer, bpfLength)) < 0) { - sysErr("read (receivePacket)"); - return -1; - } - } - if (bpfSize < sizeof(hdr)) { - syslog(LOG_ERR, "Truncated bpf packet header: len=%d", bpfSize); - clearPacketHeader(pkt); /* resets bpfSize and bpfOffset */ - return 0; - } - memcpy(&hdr, bpfBuffer + bpfOffset, sizeof(hdr)); - if (hdr.bh_caplen != hdr.bh_datalen) { - syslog(LOG_ERR, "Truncated bpf packet: caplen=%d, datalen=%d", - hdr.bh_caplen, hdr.bh_datalen); - clearPacketHeader(pkt); /* resets bpfSize and bpfOffset */ - return 0; - } - seglen = hdr.bh_hdrlen + hdr.bh_caplen; - if (seglen > bpfSize) { - syslog(LOG_ERR, "Truncated bpf packet: seglen=%d, bpfSize=%d", - seglen, bpfSize); - clearPacketHeader(pkt); /* resets bpfSize and bpfOffset */ - return 0; - } - seglen = BPF_WORDALIGN(seglen); - *size = copylen = ((hdr.bh_caplen < sizeof(PPPoEPacket)) ? - hdr.bh_caplen : sizeof(PPPoEPacket)); - memcpy(pkt, bpfBuffer + bpfOffset + hdr.bh_hdrlen, copylen); - if (seglen >= bpfSize) { - bpfSize = bpfOffset = 0; - } else { - bpfSize -= seglen; - bpfOffset += seglen; - } -#else -#ifdef USE_DLPI - struct strbuf data; - int flags = 0; - int retval; - - data.buf = (char *) pkt; - data.maxlen = MAXDLBUF; - data.len = 0; - - if ((retval = getmsg(sock, NULL, &data, &flags)) < 0) { - sysErr("read (receivePacket)"); - return -1; - } - - *size = data.len; - -#else - if ((*size = recv(sock, pkt, sizeof(PPPoEPacket), 0)) < 0) { - sysErr("recv (receivePacket)"); - return -1; - } -#endif -#endif - return 0; -} - -#ifdef USE_DLPI -/********************************************************************** -*%FUNCTION: openInterface -*%ARGUMENTS: -* ifname -- name of interface -* type -- Ethernet frame type -* hwaddr -- if non-NULL, set to the hardware address -*%RETURNS: -* A raw socket for talking to the Ethernet card. Exits on error. -*%DESCRIPTION: -* Opens a raw Ethernet socket -***********************************************************************/ -int -openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) -{ - int fd; - long buf[MAXDLBUF]; - - union DL_primitives *dlp; - - char base_dev[PATH_MAX]; - int ppa; - - if(strlen(ifname) > PATH_MAX) { - rp_fatal("socket: string to long"); - } - - ppa = atoi(&ifname[strlen(ifname)-1]); - strncpy(base_dev, ifname, PATH_MAX); - base_dev[strlen(base_dev)-1] = '\0'; - -/* rearranged order of DLPI code - delphys 20010803 */ - dlp = (union DL_primitives*) buf; - - if (( fd = open(base_dev, O_RDWR)) < 0) { - /* Give a more helpful message for the common error case */ - if (errno == EPERM) { - rp_fatal("Cannot create raw socket -- pppoe must be run as root."); - } - fatalSys("socket"); - } - -/* rearranged order of DLPI code - delphys 20010803 */ - dlattachreq(fd, ppa); - dlokack(fd, (char *)buf); - - dlbindreq(fd, type, 0, DL_CLDLS, 0, 0); - dlbindack(fd, (char *)buf); - - dlinforeq(fd); - dlinfoack(fd, (char *)buf); - - dl_abssaplen = ABS(dlp->info_ack.dl_sap_length); - dl_saplen = dlp->info_ack.dl_sap_length; - if (ETHERADDRL != (dlp->info_ack.dl_addr_length - dl_abssaplen)) - fatalSys("invalid destination physical address length"); - dl_addrlen = dl_abssaplen + ETHERADDRL; - -/* ethernet address retrieved as part of DL_INFO_ACK - delphys 20010803 */ - memcpy(hwaddr, (u_char*)((char*)(dlp) + (int)(dlp->info_ack.dl_addr_offset)), ETHERADDRL); - - if ( strioctl(fd, DLIOCRAW, -1, 0, NULL) < 0 ) { - fatalSys("DLIOCRAW"); - } - - if (ioctl(fd, I_FLUSH, FLUSHR) < 0) fatalSys("I_FLUSH"); - - return fd; -} - -/* cloned from dlcommon.c */ - -void dlpromisconreq(int fd, u_long level) -{ - dl_promiscon_req_t promiscon_req; - struct strbuf ctl; - int flags; - - promiscon_req.dl_primitive = DL_PROMISCON_REQ; - promiscon_req.dl_level = level; - - ctl.maxlen = 0; - ctl.len = sizeof (promiscon_req); - ctl.buf = (char *) &promiscon_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - fatalSys("dlpromiscon: putmsg"); - -} - -void dlinforeq(int fd) -{ - dl_info_req_t info_req; - struct strbuf ctl; - int flags; - - info_req.dl_primitive = DL_INFO_REQ; - - ctl.maxlen = 0; - ctl.len = sizeof (info_req); - ctl.buf = (char *) &info_req; - - flags = RS_HIPRI; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - fatalSys("dlinforeq: putmsg"); -} - -void dlunitdatareq(int fd, u_char *addrp, int addrlen, u_long minpri, u_long maxpri, u_char *datap, int datalen) -{ - long buf[MAXDLBUF]; - union DL_primitives *dlp; - struct strbuf data, ctl; - - dlp = (union DL_primitives*) buf; - - dlp->unitdata_req.dl_primitive = DL_UNITDATA_REQ; - dlp->unitdata_req.dl_dest_addr_length = addrlen; - dlp->unitdata_req.dl_dest_addr_offset = sizeof (dl_unitdata_req_t); - dlp->unitdata_req.dl_priority.dl_min = minpri; - dlp->unitdata_req.dl_priority.dl_max = maxpri; - - (void) memcpy(OFFADDR(dlp, sizeof (dl_unitdata_req_t)), addrp, addrlen); - - ctl.maxlen = 0; - ctl.len = sizeof (dl_unitdata_req_t) + addrlen; - ctl.buf = (char *) buf; - - data.maxlen = 0; - data.len = datalen; - data.buf = (char *) datap; - - if (putmsg(fd, &ctl, &data, 0) < 0) - fatalSys("dlunitdatareq: putmsg"); -} - -void dlinfoack(int fd, char *bufp) -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlinfoack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_INFO_ACK, dlp); - - if (ctl.len < sizeof (dl_info_ack_t)) { - char buffer[256]; - sprintf(buffer, "dlinfoack: response ctl.len too short: %d", ctl.len); - rp_fatal(buffer); - } - - if (flags != RS_HIPRI) - rp_fatal("dlinfoack: DL_INFO_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_info_ack_t)) { - char buffer[256]; - sprintf(buffer, "dlinfoack: short response ctl.len: %d", ctl.len); - rp_fatal(buffer); - } -} - -void dlbindreq(int fd, u_long sap, u_long max_conind, u_long service_mode, u_long conn_mgmt, u_long xidtest) -{ - dl_bind_req_t bind_req; - struct strbuf ctl; - int flags; - - bind_req.dl_primitive = DL_BIND_REQ; - bind_req.dl_sap = sap; - bind_req.dl_max_conind = max_conind; - bind_req.dl_service_mode = service_mode; - bind_req.dl_conn_mgmt = conn_mgmt; - bind_req.dl_xidtest_flg = xidtest; - - ctl.maxlen = 0; - ctl.len = sizeof (bind_req); - ctl.buf = (char *) &bind_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - fatalSys("dlbindreq: putmsg"); -} - -void dlattachreq(int fd, u_long ppa) -{ - dl_attach_req_t attach_req; - struct strbuf ctl; - int flags; - - attach_req.dl_primitive = DL_ATTACH_REQ; - attach_req.dl_ppa = ppa; - - ctl.maxlen = 0; - ctl.len = sizeof (attach_req); - ctl.buf = (char *) &attach_req; - - flags = 0; - - if (putmsg(fd, &ctl, (struct strbuf*) NULL, flags) < 0) - fatalSys("dlattachreq: putmsg"); -} - -void dlokack(int fd, char *bufp) -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlokack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_OK_ACK, dlp); - - if (ctl.len < sizeof (dl_ok_ack_t)) { - char buffer[256]; - sprintf(buffer, "dlokack: response ctl.len too short: %d", ctl.len); - rp_fatal(buffer); - } - - if (flags != RS_HIPRI) - rp_fatal("dlokack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_ok_ack_t)) { - char buffer[256]; - sprintf(buffer, "dlokack: short response ctl.len: %d", ctl.len); - rp_fatal(buffer); - } -} - -void dlbindack(int fd, char *bufp) -{ - union DL_primitives *dlp; - struct strbuf ctl; - int flags; - - ctl.maxlen = MAXDLBUF; - ctl.len = 0; - ctl.buf = bufp; - - strgetmsg(fd, &ctl, (struct strbuf*)NULL, &flags, "dlbindack"); - - dlp = (union DL_primitives *) ctl.buf; - - expecting(DL_BIND_ACK, dlp); - - if (flags != RS_HIPRI) - rp_fatal("dlbindack: DL_OK_ACK was not M_PCPROTO"); - - if (ctl.len < sizeof (dl_bind_ack_t)) { - char buffer[256]; - sprintf(buffer, "dlbindack: short response ctl.len: %d", ctl.len); - rp_fatal(buffer); - } -} - -int strioctl(int fd, int cmd, int timout, int len, char *dp) -{ - struct strioctl sioc; - int rc; - - sioc.ic_cmd = cmd; - sioc.ic_timout = timout; - sioc.ic_len = len; - sioc.ic_dp = dp; - rc = ioctl(fd, I_STR, &sioc); - - if (rc < 0) - return (rc); - else - return (sioc.ic_len); -} - -void strgetmsg(int fd, struct strbuf *ctlp, struct strbuf *datap, int *flagsp, char *caller) -{ - int rc; - static char errmsg[80]; - - /* - * Start timer. - */ - (void) signal(SIGALRM, sigalrm); - if (alarm(MAXWAIT) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - fatalSys(errmsg); - } - - /* - * Set flags argument and issue getmsg(). - */ - *flagsp = 0; - if ((rc = getmsg(fd, ctlp, datap, flagsp)) < 0) { - (void) sprintf(errmsg, "%s: getmsg", caller); - fatalSys(errmsg); - } - - /* - * Stop timer. - */ - if (alarm(0) < 0) { - (void) sprintf(errmsg, "%s: alarm", caller); - fatalSys(errmsg); - } - - /* - * Check for MOREDATA and/or MORECTL. - */ - if ((rc & (MORECTL | MOREDATA)) == (MORECTL | MOREDATA)) { - char buffer[256]; - sprintf(buffer, "%s: MORECTL|MOREDATA", caller); - rp_fatal(buffer); - } - - if (rc & MORECTL) { - char buffer[256]; - sprintf(buffer, "%s: MORECTL", caller); - rp_fatal(buffer); - } - - if (rc & MOREDATA) { - char buffer[256]; - sprintf(buffer, "%s: MOREDATA", caller); - rp_fatal(buffer); - } - - /* - * Check for at least sizeof (long) control data portion. - */ - if (ctlp->len < sizeof (long)) { - char buffer[256]; - sprintf(buffer, "getmsg: control portion length < sizeof (long): %d", ctlp->len); - rp_fatal(buffer); - } -} - -void sigalrm(int sig) -{ - (void) rp_fatal("sigalrm: TIMEOUT"); -} - -void expecting(int prim, union DL_primitives *dlp) -{ - if (dlp->dl_primitive != (u_long)prim) { - char buffer[256]; - sprintf(buffer, "expected %s got %s", dlprim(prim), dlprim(dlp->dl_primitive)); - rp_fatal(buffer); - exit(1); - } -} - -char *dlprim(u_long prim) -{ - static char primbuf[80]; - - switch ((int)prim) { - CASERET(DL_INFO_REQ); - CASERET(DL_INFO_ACK); - CASERET(DL_ATTACH_REQ); - CASERET(DL_DETACH_REQ); - CASERET(DL_BIND_REQ); - CASERET(DL_BIND_ACK); - CASERET(DL_UNBIND_REQ); - CASERET(DL_OK_ACK); - CASERET(DL_ERROR_ACK); - CASERET(DL_SUBS_BIND_REQ); - CASERET(DL_SUBS_BIND_ACK); - CASERET(DL_UNITDATA_REQ); - CASERET(DL_UNITDATA_IND); - CASERET(DL_UDERROR_IND); - CASERET(DL_UDQOS_REQ); - CASERET(DL_CONNECT_REQ); - CASERET(DL_CONNECT_IND); - CASERET(DL_CONNECT_RES); - CASERET(DL_CONNECT_CON); - CASERET(DL_TOKEN_REQ); - CASERET(DL_TOKEN_ACK); - CASERET(DL_DISCONNECT_REQ); - CASERET(DL_DISCONNECT_IND); - CASERET(DL_RESET_REQ); - CASERET(DL_RESET_IND); - CASERET(DL_RESET_RES); - CASERET(DL_RESET_CON); - default: - (void) sprintf(primbuf, "unknown primitive 0x%lx", prim); - return (primbuf); - } -} - -#endif /* USE_DLPI */ diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c deleted file mode 100644 index cd93bfa..0000000 --- a/pppd/plugins/rp-pppoe/plugin.c +++ /dev/null @@ -1,440 +0,0 @@ -/*********************************************************************** -* -* plugin.c -* -* pppd plugin for kernel-mode PPPoE on Linux -* -* Copyright (C) 2001 by Roaring Penguin Software Inc., Michal Ostrowski -* and Jamal Hadi Salim. -* -* Much code and many ideas derived from pppoe plugin by Michal -* Ostrowski and Jamal Hadi Salim, which carries this copyright: -* -* Copyright 2000 Michal Ostrowski , -* Jamal Hadi Salim -* Borrows heavily from the PPPoATM plugin by Mitchell Blank Jr., -* which is based in part on work from Jens Axboe and Paul Mackerras. -* -* This program is free software; you can redistribute it and/or -* modify it under the terms of the GNU General Public License -* as published by the Free Software Foundation; either version -* 2 of the License, or (at your option) any later version. -***********************************************************************/ - -static char const RCSID[] = -"$Id: plugin.c,v 1.12 2004/11/04 10:07:37 paulus Exp $"; - -#define _GNU_SOURCE 1 -#include "pppoe.h" - -#include "pppd/pppd.h" -#include "pppd/fsm.h" -#include "pppd/lcp.h" -#include "pppd/ipcp.h" -#include "pppd/ccp.h" -#include "pppd/pathnames.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ppp_defs.h" -#include "if_ppp.h" -#include "if_pppox.h" - -#define _PATH_ETHOPT _ROOT_PATH "/etc/ppp/options." - -char pppd_version[] = VERSION; - -/* From sys-linux.c in pppd -- MUST FIX THIS! */ -extern int new_style_driver; - -char *pppd_pppoe_service = NULL; -static char *acName = NULL; -static char *existingSession = NULL; -static int printACNames = 0; - -static int PPPoEDevnameHook(char *cmd, char **argv, int doit); -static option_t Options[] = { - { "device name", o_wild, (void *) &PPPoEDevnameHook, - "PPPoE device name", - OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, - devnam}, - { "rp_pppoe_service", o_string, &pppd_pppoe_service, - "Desired PPPoE service name" }, - { "rp_pppoe_ac", o_string, &acName, - "Desired PPPoE access concentrator name" }, - { "rp_pppoe_sess", o_string, &existingSession, - "Attach to existing session (sessid:macaddr)" }, - { "rp_pppoe_verbose", o_int, &printACNames, - "Be verbose about discovered access concentrators"}, - { NULL } -}; - -static PPPoEConnection *conn = NULL; - -/********************************************************************** - * %FUNCTION: PPPOEInitDevice - * %ARGUMENTS: - * None - * %RETURNS: - * - * %DESCRIPTION: - * Initializes PPPoE device. - ***********************************************************************/ -static int -PPPOEInitDevice(void) -{ - conn = malloc(sizeof(PPPoEConnection)); - if (!conn) { - fatal("Could not allocate memory for PPPoE session"); - } - memset(conn, 0, sizeof(PPPoEConnection)); - if (acName) { - SET_STRING(conn->acName, acName); - } - if (pppd_pppoe_service) { - SET_STRING(conn->serviceName, pppd_pppoe_service); - } - SET_STRING(conn->ifName, devnam); - conn->discoverySocket = -1; - conn->sessionSocket = -1; - conn->useHostUniq = 1; - conn->printACNames = printACNames; - return 1; -} - -/********************************************************************** - * %FUNCTION: PPPOEConnectDevice - * %ARGUMENTS: - * None - * %RETURNS: - * Non-negative if all goes well; -1 otherwise - * %DESCRIPTION: - * Connects PPPoE device. - ***********************************************************************/ -static int -PPPOEConnectDevice(void) -{ - struct sockaddr_pppox sp; - - strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam)); - if (existingSession) { - unsigned int mac[ETH_ALEN]; - int i, ses; - if (sscanf(existingSession, "%d:%x:%x:%x:%x:%x:%x", - &ses, &mac[0], &mac[1], &mac[2], - &mac[3], &mac[4], &mac[5]) != 7) { - fatal("Illegal value for rp_pppoe_sess option"); - } - conn->session = htons(ses); - for (i=0; ipeerEth[i] = (unsigned char) mac[i]; - } - } else { - discovery(conn); - if (conn->discoveryState != STATE_SESSION) { - error("Unable to complete PPPoE Discovery"); - return -1; - } - } - - /* Set PPPoE session-number for further consumption */ - ppp_session_number = ntohs(conn->session); - - /* Make the session socket */ - conn->sessionSocket = socket(AF_PPPOX, SOCK_STREAM, PX_PROTO_OE); - if (conn->sessionSocket < 0) { - fatal("Failed to create PPPoE socket: %m"); - } - sp.sa_family = AF_PPPOX; - sp.sa_protocol = PX_PROTO_OE; - sp.sa_addr.pppoe.sid = conn->session; - memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ); - memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN); - - /* Set remote_number for ServPoET */ - sprintf(remote_number, "%02X:%02X:%02X:%02X:%02X:%02X", - (unsigned) conn->peerEth[0], - (unsigned) conn->peerEth[1], - (unsigned) conn->peerEth[2], - (unsigned) conn->peerEth[3], - (unsigned) conn->peerEth[4], - (unsigned) conn->peerEth[5]); - - if (connect(conn->sessionSocket, (struct sockaddr *) &sp, - sizeof(struct sockaddr_pppox)) < 0) { - fatal("Failed to connect PPPoE socket: %d %m", errno); - return -1; - } - - return conn->sessionSocket; -} - -static void -PPPOESendConfig(int mtu, - u_int32_t asyncmap, - int pcomp, - int accomp) -{ - int sock; - struct ifreq ifr; - - if (mtu > MAX_PPPOE_MTU) { - warn("Couldn't increase MTU to %d", mtu); - mtu = MAX_PPPOE_MTU; - } - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - error("Couldn't create IP socket: %m"); - return; - } - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - ifr.ifr_mtu = mtu; - if (ioctl(sock, SIOCSIFMTU, &ifr) < 0) { - error("Couldn't set interface MTU to %d: %m", mtu); - return; - } - (void) close (sock); -} - - -static void -PPPOERecvConfig(int mru, - u_int32_t asyncmap, - int pcomp, - int accomp) -{ - if (mru > MAX_PPPOE_MTU) - warn("Couldn't increase MRU to %d", mru); -} - -/********************************************************************** - * %FUNCTION: PPPOEDisconnectDevice - * %ARGUMENTS: - * None - * %RETURNS: - * Nothing - * %DESCRIPTION: - * Disconnects PPPoE device - ***********************************************************************/ -static void -PPPOEDisconnectDevice(void) -{ - struct sockaddr_pppox sp; - - sp.sa_family = AF_PPPOX; - sp.sa_protocol = PX_PROTO_OE; - sp.sa_addr.pppoe.sid = 0; - memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ); - memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN); - if (connect(conn->sessionSocket, (struct sockaddr *) &sp, - sizeof(struct sockaddr_pppox)) < 0) { - fatal("Failed to disconnect PPPoE socket: %d %m", errno); - return; - } - close(conn->sessionSocket); - /* don't send PADT?? */ - close(conn->discoverySocket); -} - -static void -PPPOEDeviceOptions(void) -{ - char buf[256]; - snprintf(buf, 256, _PATH_ETHOPT "%s",devnam); - if(!options_from_file(buf, 0, 0, 1)) - exit(EXIT_OPTION_ERROR); - -} - -struct channel pppoe_channel; - -/********************************************************************** - * %FUNCTION: PPPoEDevnameHook - * %ARGUMENTS: - * cmd -- the command (actually, the device name - * argv -- argument vector - * doit -- if non-zero, set device name. Otherwise, just check if possible - * %RETURNS: - * 1 if we will handle this device; 0 otherwise. - * %DESCRIPTION: - * Checks if name is a valid interface name; if so, returns 1. Also - * sets up devnam (string representation of device). - ***********************************************************************/ -static int -PPPoEDevnameHook(char *cmd, char **argv, int doit) -{ - int r = 1; - int fd; - struct ifreq ifr; - - /* Only do it if name is "ethXXX", "nasXXX", "tapXXX" or "nic-XXXX. - In latter case strip off the "nic-" */ - /* Thanks to Russ Couturier for this fix */ - if (strlen(cmd) > 4 && !strncmp(cmd, "nic-", 4)) { - /* Strip off "nic-" */ - cmd += 4; - } else if (strlen(cmd) < 4 - || (strncmp(cmd, "eth", 3) && strncmp(cmd, "nas", 3) - && strncmp(cmd, "tap", 3) && strncmp(cmd, "br", 2))) { - return 0; - } - - /* Open a socket */ - if ((fd = socket(PF_PACKET, SOCK_RAW, 0)) < 0) { - r = 0; - } - - /* Try getting interface index */ - if (r) { - strncpy(ifr.ifr_name, cmd, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) { - r = 0; - } else { - if (ioctl(fd, SIOCGIFHWADDR, &ifr) < 0) { - r = 0; - } else { - if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) { - error("Interface %s not Ethernet", cmd); - r=0; - } - } - } - } - - /* Close socket */ - close(fd); - if (r) { - strncpy(devnam, cmd, sizeof(devnam)); - if (the_channel != &pppoe_channel) { - - the_channel = &pppoe_channel; - modem = 0; - - lcp_allowoptions[0].neg_accompression = 0; - lcp_wantoptions[0].neg_accompression = 0; - - lcp_allowoptions[0].neg_asyncmap = 0; - lcp_wantoptions[0].neg_asyncmap = 0; - - lcp_allowoptions[0].neg_pcompression = 0; - lcp_wantoptions[0].neg_pcompression = 0; - - ccp_allowoptions[0].deflate = 0 ; - ccp_wantoptions[0].deflate = 0 ; - - ipcp_allowoptions[0].neg_vj=0; - ipcp_wantoptions[0].neg_vj=0; - - ccp_allowoptions[0].bsd_compress = 0; - ccp_wantoptions[0].bsd_compress = 0; - - PPPOEInitDevice(); - } - return 1; - } - - return r; -} - -/********************************************************************** - * %FUNCTION: plugin_init - * %ARGUMENTS: - * None - * %RETURNS: - * Nothing - * %DESCRIPTION: - * Initializes hooks for pppd plugin - ***********************************************************************/ -void -plugin_init(void) -{ - if (!ppp_available() && !new_style_driver) { - fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?"); - } - - add_options(Options); - - info("RP-PPPoE plugin version %s compiled against pppd %s", - RP_VERSION, VERSION); -} - -/********************************************************************** -*%FUNCTION: fatalSys -*%ARGUMENTS: -* str -- error message -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Prints a message plus the errno value to stderr and syslog and exits. -***********************************************************************/ -void -fatalSys(char const *str) -{ - char buf[1024]; - int i = errno; - sprintf(buf, "%.256s: %.256s", str, strerror(i)); - printErr(buf); - sprintf(buf, "RP-PPPoE: %.256s: %.256s", str, strerror(i)); - sendPADT(conn, buf); - exit(1); -} - -/********************************************************************** -*%FUNCTION: rp_fatal -*%ARGUMENTS: -* str -- error message -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Prints a message to stderr and syslog and exits. -***********************************************************************/ -void -rp_fatal(char const *str) -{ - char buf[1024]; - printErr(str); - sprintf(buf, "RP-PPPoE: %.256s", str); - sendPADT(conn, buf); - exit(1); -} -/********************************************************************** -*%FUNCTION: sysErr -*%ARGUMENTS: -* str -- error message -*%RETURNS: -* Nothing -*%DESCRIPTION: -* Prints a message plus the errno value to syslog. -***********************************************************************/ -void -sysErr(char const *str) -{ - rp_fatal(str); -} - - -struct channel pppoe_channel = { - options: Options, - process_extra_options: &PPPOEDeviceOptions, - check_options: NULL, - connect: &PPPOEConnectDevice, - disconnect: &PPPOEDisconnectDevice, - establish_ppp: &generic_establish_ppp, - disestablish_ppp: &generic_disestablish_ppp, - send_config: &PPPOESendConfig, - recv_config: &PPPOERecvConfig, - close: NULL, - cleanup: NULL -}; diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c deleted file mode 100644 index bfb8706..0000000 --- a/pppd/plugins/rp-pppoe/pppoe-discovery.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Perform PPPoE discovery - * - * Copyright (C) 2000-2001 by Roaring Penguin Software Inc. - * Copyright (C) 2004 Marco d'Itri - * - * This program may be distributed according to the terms of the GNU - * General Public License, version 2 or (at your option) any later version. - * - */ - -#include -#include -#include -#include -#include - -#include "pppoe.h" - -char *xstrdup(const char *s); -void usage(void); - -void die(int status) -{ - exit(status); -} - -int main(int argc, char *argv[]) -{ - int opt; - PPPoEConnection *conn; - - conn = malloc(sizeof(PPPoEConnection)); - if (!conn) - fatalSys("malloc"); - - memset(conn, 0, sizeof(PPPoEConnection)); - - while ((opt = getopt(argc, argv, "I:D:VUAS:C:h")) > 0) { - switch(opt) { - case 'S': - conn->serviceName = xstrdup(optarg); - break; - case 'C': - conn->acName = xstrdup(optarg); - break; - case 'U': - conn->useHostUniq = 1; - break; - case 'D': - conn->debugFile = fopen(optarg, "w"); - if (!conn->debugFile) { - fprintf(stderr, "Could not open %s: %s\n", - optarg, strerror(errno)); - exit(1); - } - fprintf(conn->debugFile, "pppoe-discovery %s\n", VERSION); - break; - case 'I': - conn->ifName = xstrdup(optarg); - break; - case 'A': - /* this is the default */ - break; - case 'V': - case 'h': - usage(); - exit(0); - default: - usage(); - exit(1); - } - } - - /* default interface name */ - if (!conn->ifName) - conn->ifName = strdup("eth0"); - - conn->discoverySocket = -1; - conn->sessionSocket = -1; - conn->printACNames = 1; - - discovery(conn); - exit(0); -} - -void rp_fatal(char const *str) -{ - char buf[1024]; - - printErr(str); - sprintf(buf, "pppoe-discovery: %.256s", str); - exit(1); -} - -void fatalSys(char const *str) -{ - char buf[1024]; - int i = errno; - - sprintf(buf, "%.256s: %.256s", str, strerror(i)); - printErr(buf); - sprintf(buf, "pppoe-discovery: %.256s: %.256s", str, strerror(i)); - exit(1); -} - -void sysErr(char const *str) -{ - rp_fatal(str); -} - -char *xstrdup(const char *s) -{ - register char *ret = strdup(s); - if (!ret) - sysErr("strdup"); - return ret; -} - -void usage(void) -{ - fprintf(stderr, "Usage: pppoe-discovery [options]\n"); - fprintf(stderr, "\nVersion " VERSION "\n"); -} diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h deleted file mode 100644 index 2309ad3..0000000 --- a/pppd/plugins/rp-pppoe/pppoe.h +++ /dev/null @@ -1,323 +0,0 @@ -/*********************************************************************** -* -* pppoe.h -* -* Declaration of various PPPoE constants -* -* Copyright (C) 2000 Roaring Penguin Software Inc. -* -* This program may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -* $Id: pppoe.h,v 1.2 2004/11/04 10:07:37 paulus Exp $ -* -***********************************************************************/ - -#ifdef __sun__ -#define __EXTENSIONS__ -#endif - -#include "config.h" - -#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H) -#define _POSIX_SOURCE 1 /* For sigaction defines */ -#endif - -#include /* For FILE */ -#include /* For pid_t */ - -/* How do we access raw Ethernet devices? */ -#undef USE_LINUX_PACKET -#undef USE_BPF - -#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H) -#define USE_LINUX_PACKET 1 -#elif defined(HAVE_SYS_DLPI_H) -#define USE_DLPI -#elif defined(HAVE_NET_BPF_H) -#define USE_BPF 1 -#endif - -/* Sanity check */ -#if !defined(USE_BPF) && !defined(USE_LINUX_PACKET) && !defined(USE_DLPI) -#error Unknown method for accessing raw Ethernet frames -#endif - -#ifdef HAVE_SYS_CDEFS_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -/* Ugly header files on some Linux boxes... */ -#if defined(HAVE_LINUX_IF_H) -#include -#elif defined(HAVE_NET_IF_H) -#include -#endif - -#ifdef HAVE_NET_IF_TYPES_H -#include -#endif - -#ifdef HAVE_NET_IF_DL_H -#include -#endif - -/* I'm not sure why this is needed... I do not have OpenBSD */ -#if defined(__OpenBSD__) -#include -#include -#endif - -#ifdef USE_BPF -extern int bpfSize; -struct PPPoEPacketStruct; -void sessionDiscoveryPacket(struct PPPoEPacketStruct *packet); -#define BPF_BUFFER_IS_EMPTY (bpfSize <= 0) -#define BPF_BUFFER_HAS_DATA (bpfSize > 0) -#define ethhdr ether_header -#define h_dest ether_dhost -#define h_source ether_shost -#define h_proto ether_type -#define ETH_DATA_LEN ETHERMTU -#define ETH_ALEN ETHER_ADDR_LEN -#else -#undef USE_BPF -#define BPF_BUFFER_IS_EMPTY 1 -#define BPF_BUFFER_HAS_DATA 0 -#endif - -#ifdef USE_DLPI -#include -#define ethhdr ether_header -#define ETH_DATA_LEN ETHERMTU -#define ETH_ALEN ETHERADDRL -#define h_dest ether_dhost.ether_addr_octet -#define h_source ether_shost.ether_addr_octet -#define h_proto ether_type - -/* cloned from dltest.h */ -#define MAXDLBUF 8192 -#define MAXDLADDR 1024 -#define MAXWAIT 15 -#define OFFADDR(s, n) (u_char*)((char*)(s) + (int)(n)) -#define CASERET(s) case s: return ("s") - -#endif - -/* Define various integer types -- assumes a char is 8 bits */ -#if SIZEOF_UNSIGNED_SHORT == 2 -typedef unsigned short UINT16_t; -#elif SIZEOF_UNSIGNED_INT == 2 -typedef unsigned int UINT16_t; -#else -#error Could not find a 16-bit integer type -#endif - -#if SIZEOF_UNSIGNED_SHORT == 4 -typedef unsigned short UINT32_t; -#elif SIZEOF_UNSIGNED_INT == 4 -typedef unsigned int UINT32_t; -#elif SIZEOF_UNSIGNED_LONG == 4 -typedef unsigned long UINT32_t; -#else -#error Could not find a 16-bit integer type -#endif - -#ifdef HAVE_LINUX_IF_ETHER_H -#include -#endif - -#include - -#ifdef HAVE_NETINET_IF_ETHER_H -#include - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifndef HAVE_SYS_DLPI_H -#include -#endif -#endif - - - -/* Ethernet frame types according to RFC 2516 */ -#define ETH_PPPOE_DISCOVERY 0x8863 -#define ETH_PPPOE_SESSION 0x8864 - -/* But some brain-dead peers disobey the RFC, so frame types are variables */ -extern UINT16_t Eth_PPPOE_Discovery; -extern UINT16_t Eth_PPPOE_Session; - -/* PPPoE codes */ -#define CODE_PADI 0x09 -#define CODE_PADO 0x07 -#define CODE_PADR 0x19 -#define CODE_PADS 0x65 -#define CODE_PADT 0xA7 -#define CODE_SESS 0x00 - -/* PPPoE Tags */ -#define TAG_END_OF_LIST 0x0000 -#define TAG_SERVICE_NAME 0x0101 -#define TAG_AC_NAME 0x0102 -#define TAG_HOST_UNIQ 0x0103 -#define TAG_AC_COOKIE 0x0104 -#define TAG_VENDOR_SPECIFIC 0x0105 -#define TAG_RELAY_SESSION_ID 0x0110 -#define TAG_SERVICE_NAME_ERROR 0x0201 -#define TAG_AC_SYSTEM_ERROR 0x0202 -#define TAG_GENERIC_ERROR 0x0203 - -/* Discovery phase states */ -#define STATE_SENT_PADI 0 -#define STATE_RECEIVED_PADO 1 -#define STATE_SENT_PADR 2 -#define STATE_SESSION 3 -#define STATE_TERMINATED 4 - -/* How many PADI/PADS attempts? */ -#define MAX_PADI_ATTEMPTS 3 - -/* Initial timeout for PADO/PADS */ -#define PADI_TIMEOUT 5 - -/* States for scanning PPP frames */ -#define STATE_WAITFOR_FRAME_ADDR 0 -#define STATE_DROP_PROTO 1 -#define STATE_BUILDING_PACKET 2 - -/* Special PPP frame characters */ -#define FRAME_ESC 0x7D -#define FRAME_FLAG 0x7E -#define FRAME_ADDR 0xFF -#define FRAME_CTRL 0x03 -#define FRAME_ENC 0x20 - -#define IPV4ALEN 4 -#define SMALLBUF 256 - -/* A PPPoE Packet, including Ethernet headers */ -typedef struct PPPoEPacketStruct { - struct ethhdr ethHdr; /* Ethernet header */ -#ifdef PACK_BITFIELDS_REVERSED - unsigned int type:4; /* PPPoE Type (must be 1) */ - unsigned int ver:4; /* PPPoE Version (must be 1) */ -#else - unsigned int ver:4; /* PPPoE Version (must be 1) */ - unsigned int type:4; /* PPPoE Type (must be 1) */ -#endif - unsigned int code:8; /* PPPoE code */ - unsigned int session:16; /* PPPoE session */ - unsigned int length:16; /* Payload length */ - unsigned char payload[ETH_DATA_LEN]; /* A bit of room to spare */ -} PPPoEPacket; - -/* Header size of a PPPoE packet */ -#define PPPOE_OVERHEAD 6 /* type, code, session, length */ -#define HDR_SIZE (sizeof(struct ethhdr) + PPPOE_OVERHEAD) -#define MAX_PPPOE_PAYLOAD (ETH_DATA_LEN - PPPOE_OVERHEAD) -#define MAX_PPPOE_MTU (MAX_PPPOE_PAYLOAD - 2) - -/* PPPoE Tag */ - -typedef struct PPPoETagStruct { - unsigned int type:16; /* tag type */ - unsigned int length:16; /* Length of payload */ - unsigned char payload[ETH_DATA_LEN]; /* A LOT of room to spare */ -} PPPoETag; -/* Header size of a PPPoE tag */ -#define TAG_HDR_SIZE 4 - -/* Chunk to read from stdin */ -#define READ_CHUNK 4096 - -/* Function passed to parsePacket */ -typedef void ParseFunc(UINT16_t type, - UINT16_t len, - unsigned char *data, - void *extra); - -#define PPPINITFCS16 0xffff /* Initial FCS value */ - -/* Keep track of the state of a connection -- collect everything in - one spot */ - -typedef struct PPPoEConnectionStruct { - int discoveryState; /* Where we are in discovery */ - int discoverySocket; /* Raw socket for discovery frames */ - int sessionSocket; /* Raw socket for session frames */ - unsigned char myEth[ETH_ALEN]; /* My MAC address */ - unsigned char peerEth[ETH_ALEN]; /* Peer's MAC address */ - UINT16_t session; /* Session ID */ - char *ifName; /* Interface name */ - char *serviceName; /* Desired service name, if any */ - char *acName; /* Desired AC name, if any */ - int synchronous; /* Use synchronous PPP */ - int useHostUniq; /* Use Host-Uniq tag */ - int printACNames; /* Just print AC names */ - int skipDiscovery; /* Skip discovery */ - int noDiscoverySocket; /* Don't even open discovery socket */ - FILE *debugFile; /* Debug file for dumping packets */ - int numPADOs; /* Number of PADO packets received */ - PPPoETag cookie; /* We have to send this if we get it */ - PPPoETag relayId; /* Ditto */ -} PPPoEConnection; - -/* Structure used to determine acceptable PADO or PADS packet */ -struct PacketCriteria { - PPPoEConnection *conn; - int acNameOK; - int serviceNameOK; - int seenACName; - int seenServiceName; -}; - -/* Function Prototypes */ -UINT16_t etherType(PPPoEPacket *packet); -int openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr); -int sendPacket(PPPoEConnection *conn, int sock, PPPoEPacket *pkt, int size); -int receivePacket(int sock, PPPoEPacket *pkt, int *size); -void fatalSys(char const *str); -void rp_fatal(char const *str); -void printErr(char const *str); -void sysErr(char const *str); -void dumpPacket(FILE *fp, PPPoEPacket *packet, char const *dir); -void dumpHex(FILE *fp, unsigned char const *buf, int len); -int parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra); -void parseLogErrs(UINT16_t typ, UINT16_t len, unsigned char *data, void *xtra); -void syncReadFromPPP(PPPoEConnection *conn, PPPoEPacket *packet); -void asyncReadFromPPP(PPPoEConnection *conn, PPPoEPacket *packet); -void asyncReadFromEth(PPPoEConnection *conn, int sock, int clampMss); -void syncReadFromEth(PPPoEConnection *conn, int sock, int clampMss); -char *strDup(char const *str); -void sendPADT(PPPoEConnection *conn, char const *msg); -void sendSessionPacket(PPPoEConnection *conn, - PPPoEPacket *packet, int len); -void initPPP(void); -void clampMSS(PPPoEPacket *packet, char const *dir, int clampMss); -UINT16_t computeTCPChecksum(unsigned char *ipHdr, unsigned char *tcpHdr); -UINT16_t pppFCS16(UINT16_t fcs, unsigned char *cp, int len); -void discovery(PPPoEConnection *conn); -unsigned char *findTag(PPPoEPacket *packet, UINT16_t tagType, - PPPoETag *tag); - -#define SET_STRING(var, val) do { if (var) free(var); var = strDup(val); } while(0); - -#define CHECK_ROOM(cursor, start, len) \ -do {\ - if (((cursor)-(start))+(len) > MAX_PPPOE_PAYLOAD) { \ - syslog(LOG_ERR, "Would create too-long packet"); \ - return; \ - } \ -} while(0) - -/* True if Ethernet address is broadcast or multicast */ -#define NOT_UNICAST(e) ((e[0] & 0x01) != 0) -#define BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) == 0xFF) -#define NOT_BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) != 0xFF) diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c deleted file mode 100644 index 3041f17..0000000 --- a/pppd/plugins/winbind.c +++ /dev/null @@ -1,681 +0,0 @@ -/*********************************************************************** -* -* winbind.c -* -* WINBIND plugin for pppd. Performs PAP, CHAP, MS-CHAP, MS-CHAPv2 -* authentication using WINBIND to contact a NT-style PDC. -* -* Based on the structure of the radius module. -* -* Copyright (C) 2003 Andrew Bartlet -* -* Copyright 1999 Paul Mackerras, Alan Curry. -* (pipe read code from passpromt.c) -* -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* Based on a patch for ipppd, which is: -* Copyright (C) 1996, Matjaz Godec -* Copyright (C) 1996, Lars Fenneberg -* Copyright (C) 1997, Miguel A.L. Paraz -* -* Uses radiusclient library, which is: -* Copyright (C) 1995,1996,1997,1998 Lars Fenneberg -* Copyright (C) 2002 Roaring Penguin Software Inc. -* -* MPPE support is by Ralf Hofmann, , with -* modification from Frank Cusack, . -* -* Updated on 2003-12-12 to support updated PPP plugin API from latest CVS -* Copyright (C) 2003, Sean E. Millichamp -* -* This plugin may be distributed according to the terms of the GNU -* General Public License, version 2 or (at your option) any later version. -* -***********************************************************************/ - -#include "pppd.h" -#include "chap-new.h" -#include "chap_ms.h" -#ifdef MPPE -#include "md5.h" -#endif -#include "fsm.h" -#include "ipcp.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define BUF_LEN 1024 - -#define NOT_AUTHENTICATED 0 -#define AUTHENTICATED 1 - -static char *ntlm_auth = NULL; - -static int set_ntlm_auth(char **argv) -{ - char *p; - - p = argv[0]; - if (p[0] != '/') { - option_error("ntlm_auth-helper argument must be full path"); - return 0; - } - p = strdup(p); - if (p == NULL) { - novm("ntlm_auth-helper argument"); - return 0; - } - if (ntlm_auth != NULL) - free(ntlm_auth); - ntlm_auth = p; - return 1; -} - -static option_t Options[] = { - { "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth, - "Path to ntlm_auth executable", OPT_PRIV }, - { NULL } -}; - -static int -winbind_secret_check(void); - -static int winbind_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -static int winbind_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space); -static int winbind_allowed_address(u_int32_t addr); - -char pppd_version[] = VERSION; - -/********************************************************************** -* %FUNCTION: plugin_init -* %ARGUMENTS: -* None -* %RETURNS: -* Nothing -* %DESCRIPTION: -* Initializes WINBIND plugin. -***********************************************************************/ -void -plugin_init(void) -{ - pap_check_hook = winbind_secret_check; - pap_auth_hook = winbind_pap_auth; - - chap_check_hook = winbind_secret_check; - chap_verify_hook = winbind_chap_verify; - - allowed_address_hook = winbind_allowed_address; - - /* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */ - chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT); - - add_options(Options); - - info("WINBIND plugin initialized."); -} - -/** - Routine to get hex characters and turn them into a 16 byte array. - the array can be variable length, and any non-hex-numeric - characters are skipped. "0xnn" or "0Xnn" is specially catered - for. - - valid examples: "0A5D15"; "0x15, 0x49, 0xa2"; "59\ta9\te3\n" - -**/ - -/* - Unix SMB/CIFS implementation. - Samba utility functions - - Copyright (C) Andrew Tridgell 1992-2001 - Copyright (C) Simo Sorce 2001-2002 - Copyright (C) Martin Pool 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -size_t strhex_to_str(char *p, size_t len, const char *strhex) -{ - size_t i; - size_t num_chars = 0; - unsigned char lonybble, hinybble; - const char *hexchars = "0123456789ABCDEF"; - char *p1 = NULL, *p2 = NULL; - - for (i = 0; i < len && strhex[i] != 0; i++) { - if (strncmp(hexchars, "0x", 2) == 0) { - i++; /* skip two chars */ - continue; - } - - if (!(p1 = strchr(hexchars, toupper(strhex[i])))) - break; - - i++; /* next hex digit */ - - if (!(p2 = strchr(hexchars, toupper(strhex[i])))) - break; - - /* get the two nybbles */ - hinybble = (p1 - hexchars); - lonybble = (p2 - hexchars); - - p[num_chars] = (hinybble << 4) | lonybble; - num_chars++; - - p1 = NULL; - p2 = NULL; - } - return num_chars; -} - -static const char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -/** - * Encode a base64 string into a malloc()ed string caller to free. - * - *From SQUID: adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c with adjustments - **/ -char * base64_encode(const char *data) -{ - int bits = 0; - int char_count = 0; - size_t out_cnt = 0; - size_t len = strlen(data); - size_t output_len = strlen(data) * 2; - char *result = malloc(output_len); /* get us plenty of space */ - - while (len-- && out_cnt < (output_len) - 5) { - int c = (unsigned char) *(data++); - bits += c; - char_count++; - if (char_count == 3) { - result[out_cnt++] = b64[bits >> 18]; - result[out_cnt++] = b64[(bits >> 12) & 0x3f]; - result[out_cnt++] = b64[(bits >> 6) & 0x3f]; - result[out_cnt++] = b64[bits & 0x3f]; - bits = 0; - char_count = 0; - } else { - bits <<= 8; - } - } - if (char_count != 0) { - bits <<= 16 - (8 * char_count); - result[out_cnt++] = b64[bits >> 18]; - result[out_cnt++] = b64[(bits >> 12) & 0x3f]; - if (char_count == 1) { - result[out_cnt++] = '='; - result[out_cnt++] = '='; - } else { - result[out_cnt++] = b64[(bits >> 6) & 0x3f]; - result[out_cnt++] = '='; - } - } - result[out_cnt] = '\0'; /* terminate */ - return result; -} - -unsigned int run_ntlm_auth(const char *username, - const char *domain, - const char *full_username, - const char *plaintext_password, - const u_char *challenge, - size_t challenge_length, - const u_char *lm_response, - size_t lm_response_length, - const u_char *nt_response, - size_t nt_response_length, - u_char nt_key[16], - char **error_string) -{ - - pid_t forkret; - int child_in[2]; - int child_out[2]; - int status; - - int authenticated = NOT_AUTHENTICATED; /* not auth */ - int got_user_session_key = 0; /* not got key */ - - char buffer[1024]; - - FILE *pipe_in; - FILE *pipe_out; - - int i; - char *challenge_hex; - char *lm_hex_hash; - char *nt_hex_hash; - - /* First see if we have a program to run... */ - if (ntlm_auth == NULL) - return NOT_AUTHENTICATED; - - /* Make first child */ - if (pipe(child_out) == -1) { - error("pipe creation failed for child OUT!"); - return NOT_AUTHENTICATED; - } - - if (pipe(child_in) == -1) { - error("pipe creation failed for child IN!"); - return NOT_AUTHENTICATED; - } - - forkret = safe_fork(child_in[0], child_out[1], 2); - if (forkret == -1) { - if (error_string) { - *error_string = strdup("fork failed!"); - } - - return NOT_AUTHENTICATED; - } - - if (forkret == 0) { - /* child process */ - close(child_out[0]); - close(child_in[1]); - - /* run winbind as the user that invoked pppd */ - setgid(getgid()); - setuid(getuid()); - execl("/bin/sh", "sh", "-c", ntlm_auth, NULL); - perror("pppd/winbind: could not exec /bin/sh"); - exit(1); - } - - /* parent */ - close(child_out[1]); - close(child_in[0]); - - /* Need to write the User's info onto the pipe */ - - pipe_in = fdopen(child_in[1], "w"); - - pipe_out = fdopen(child_out[0], "r"); - - /* look for session key coming back */ - - if (username) { - char *b64_username = base64_encode(username); - fprintf(pipe_in, "Username:: %s\n", b64_username); - free(b64_username); - } - - if (domain) { - char *b64_domain = base64_encode(domain); - fprintf(pipe_in, "NT-Domain:: %s\n", b64_domain); - free(b64_domain); - } - - if (full_username) { - char *b64_full_username = base64_encode(full_username); - fprintf(pipe_in, "Full-Username:: %s\n", b64_full_username); - free(b64_full_username); - } - - if (plaintext_password) { - char *b64_plaintext_password = base64_encode(plaintext_password); - fprintf(pipe_in, "Password:: %s\n", b64_plaintext_password); - free(b64_plaintext_password); - } - - if (challenge_length) { - fprintf(pipe_in, "Request-User-Session-Key: yes\n"); - - challenge_hex = malloc(challenge_length*2+1); - - for (i = 0; i < challenge_length; i++) - sprintf(challenge_hex + i * 2, "%02X", challenge[i]); - - fprintf(pipe_in, "LANMAN-Challenge: %s\n", challenge_hex); - free(challenge_hex); - } - - if (lm_response_length) { - lm_hex_hash = malloc(lm_response_length*2+1); - - for (i = 0; i < lm_response_length; i++) - sprintf(lm_hex_hash + i * 2, "%02X", lm_response[i]); - - fprintf(pipe_in, "LANMAN-response: %s\n", lm_hex_hash); - free(lm_hex_hash); - } - - if (nt_response_length) { - nt_hex_hash = malloc(nt_response_length*2+1); - - for (i = 0; i < nt_response_length; i++) - sprintf(nt_hex_hash + i * 2, "%02X", nt_response[i]); - - fprintf(pipe_in, "NT-response: %s\n", nt_hex_hash); - free(nt_hex_hash); - } - - fprintf(pipe_in, ".\n"); - fflush(pipe_in); - - while (fgets(buffer, sizeof(buffer)-1, pipe_out) != NULL) { - char *message, *parameter; - if (buffer[strlen(buffer)-1] != '\n') { - break; - } - buffer[strlen(buffer)-1] = '\0'; - message = buffer; - - if (!(parameter = strstr(buffer, ": "))) { - break; - } - - parameter[0] = '\0'; - parameter++; - parameter[0] = '\0'; - parameter++; - - if (strcmp(message, ".") == 0) { - /* end of sequence */ - break; - } else if (strcasecmp(message, "Authenticated") == 0) { - if (strcasecmp(parameter, "Yes") == 0) { - authenticated = AUTHENTICATED; - } else { - notice("Winbind has declined authentication for user!"); - authenticated = NOT_AUTHENTICATED; - } - } else if (strcasecmp(message, "User-session-key") == 0) { - /* length is the number of characters to parse */ - if (nt_key) { - if (strhex_to_str(nt_key, 32, parameter) == 16) { - got_user_session_key = 1; - } else { - notice("NT session key for user was not 16 bytes!"); - } - } - } else if (strcasecmp(message, "Error") == 0) { - authenticated = NOT_AUTHENTICATED; - if (error_string) - *error_string = strdup(parameter); - } else if (strcasecmp(message, "Authentication-Error") == 0) { - authenticated = NOT_AUTHENTICATED; - if (error_string) - *error_string = strdup(parameter); - } else { - notice("unrecognised input from ntlm_auth helper - %s: %s", message, parameter); - } - } - - /* parent */ - if (close(child_out[0]) == -1) { - notice("error closing pipe?!? for child OUT[0]"); - return NOT_AUTHENTICATED; - } - - /* parent */ - if (close(child_in[1]) == -1) { - notice("error closing pipe?!? for child IN[1]"); - return NOT_AUTHENTICATED; - } - - while ((wait(&status) == -1) && errno == EINTR) - ; - - if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) { - notice("Did not get user session key, despite being authenticated!"); - return NOT_AUTHENTICATED; - } - return authenticated; -} - -/********************************************************************** -* %FUNCTION: winbind_secret_check -* %ARGUMENTS: -* None -* %RETURNS: -* 0 if we don't have an ntlm_auth program to run, otherwise 1. -* %DESCRIPTION: -* Tells pppd that we will try to authenticate the peer, and not to -* worry about looking in /etc/ppp/ *-secrets -***********************************************************************/ -static int -winbind_secret_check(void) -{ - return ntlm_auth != NULL; -} - -/********************************************************************** -* %FUNCTION: winbind_pap_auth -* %ARGUMENTS: -* user -- user-name of peer -* passwd -- password supplied by peer -* msgp -- Message which will be sent in PAP response -* paddrs -- set to a list of possible peer IP addresses -* popts -- set to a list of additional pppd options -* %RETURNS: -* 1 if we can authenticate, -1 if we cannot. -* %DESCRIPTION: -* Performs PAP authentication using WINBIND -***********************************************************************/ -static int -winbind_pap_auth(char *user, - char *password, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts) -{ - if (run_ntlm_auth(NULL, NULL, user, password, NULL, 0, NULL, 0, NULL, 0, NULL, msgp) == AUTHENTICATED) { - return 1; - } - return -1; -} - -/********************************************************************** -* %FUNCTION: winbind_chap_auth -* %ARGUMENTS: -* user -- user-name of peer -* remmd -- hash received from peer -* remmd_len -- length of remmd -* cstate -- pppd's chap_state structure -* %RETURNS: -* AUTHENTICATED (1) if we can authenticate, NOT_AUTHENTICATED (0) if we cannot. -* %DESCRIPTION: -* Performs MS-CHAP and MS-CHAPv2 authentication using WINBIND. -***********************************************************************/ - -static int -winbind_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space) -{ - int challenge_len, response_len; - char domainname[256]; - char *domain; - char *username; - char *p; - char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; - - /* The first byte of each of these strings contains their length */ - challenge_len = *challenge++; - response_len = *response++; - - /* remove domain from "domain\username" */ - if ((username = strrchr(user, '\\')) != NULL) - ++username; - else - username = user; - - strlcpy(domainname, user, sizeof(domainname)); - - /* remove domain from "domain\username" */ - if ((p = strrchr(domainname, '\\')) != NULL) { - *p = '\0'; - domain = domainname; - } else { - domain = NULL; - } - - /* generate MD based on negotiated type */ - switch (digest->code) { - - case CHAP_MICROSOFT: - { - char *error_string = NULL; - u_char *nt_response = NULL; - u_char *lm_response = NULL; - int nt_response_size = 0; - int lm_response_size = 0; - MS_ChapResponse *rmd = (MS_ChapResponse *) response; - u_char session_key[16]; - - if (response_len != MS_CHAP_RESPONSE_LEN) - break; /* not even the right length */ - - /* Determine which part of response to verify against */ - if (rmd->UseNT[0]) { - nt_response = rmd->NTResp; - nt_response_size = sizeof(rmd->NTResp); - } else { -#ifdef MSLANMAN - lm_response = rmd->LANManResp; - lm_response_size = sizeof(rmd->LANManResp); -#else - /* Should really propagate this into the error packet. */ - notice("Peer request for LANMAN auth not supported"); - return NOT_AUTHENTICATED; -#endif /* MSLANMAN */ - } - - /* ship off to winbind, and check */ - - if (run_ntlm_auth(username, - domain, - NULL, - NULL, - challenge, - challenge_len, - lm_response, - lm_response ? lm_response_size: 0, - nt_response, - nt_response ? nt_response_size: 0, - session_key, - &error_string) == AUTHENTICATED) { - mppe_set_keys(challenge, session_key); - slprintf(message, message_space, "Access granted"); - return AUTHENTICATED; - - } else { - if (error_string) { - notice(error_string); - free(error_string); - } - slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0", - challenge_len, challenge); - return NOT_AUTHENTICATED; - } - break; - } - - case CHAP_MICROSOFT_V2: - { - MS_Chap2Response *rmd = (MS_Chap2Response *) response; - u_char Challenge[8]; - u_char session_key[MD4_SIGNATURE_SIZE]; - char *error_string = NULL; - - if (response_len != MS_CHAP2_RESPONSE_LEN) - break; /* not even the right length */ - - ChallengeHash(rmd->PeerChallenge, challenge, user, Challenge); - - /* ship off to winbind, and check */ - - if (run_ntlm_auth(username, - domain, - NULL, - NULL, - Challenge, - 8, - NULL, - 0, - rmd->NTResp, - sizeof(rmd->NTResp), - - session_key, - &error_string) == AUTHENTICATED) { - - GenerateAuthenticatorResponse(session_key, - rmd->NTResp, rmd->PeerChallenge, - challenge, user, - saresponse); - mppe_set_keys2(session_key, rmd->NTResp, MS_CHAP2_AUTHENTICATOR); - if (rmd->Flags[0]) { - slprintf(message, message_space, "S=%s", saresponse); - } else { - slprintf(message, message_space, "S=%s M=%s", - saresponse, "Access granted"); - } - return AUTHENTICATED; - - } else { - if (error_string) { - notice(error_string); - slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", - challenge_len, challenge, error_string); - free(error_string); - } else { - slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s", - challenge_len, challenge, "Access denied"); - } - return NOT_AUTHENTICATED; - } - break; - } - - default: - error("WINBIND: Challenge type %u unsupported", digest->code); - } - return NOT_AUTHENTICATED; -} - -static int -winbind_allowed_address(u_int32_t addr) -{ - ipcp_options *wo = &ipcp_wantoptions[0]; - if (wo->hisaddr !=0 && wo->hisaddr == addr) { - return 1; - } - return -1; -} diff --git a/pppd/ppp.pam b/pppd/ppp.pam deleted file mode 100644 index c06f809..0000000 --- a/pppd/ppp.pam +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -# Information for the PPPD process with the 'login' option. -auth required pam_nologin.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c deleted file mode 100644 index 8b85b13..0000000 --- a/pppd/pppcrypt.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 - * - * Extracted from chap_ms.c by James Carlson. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include "pppd.h" -#include "pppcrypt.h" - -static u_char -Get7Bits(input, startBit) -u_char *input; -int startBit; -{ - unsigned int word; - - word = (unsigned)input[startBit / 8] << 8; - word |= (unsigned)input[startBit / 8 + 1]; - - word >>= 15 - (startBit % 8 + 7); - - return word & 0xFE; -} - -static void -MakeKey(key, des_key) -u_char *key; /* IN 56 bit DES key missing parity bits */ -u_char *des_key; /* OUT 64 bit DES key with parity bits added */ -{ - des_key[0] = Get7Bits(key, 0); - des_key[1] = Get7Bits(key, 7); - des_key[2] = Get7Bits(key, 14); - des_key[3] = Get7Bits(key, 21); - des_key[4] = Get7Bits(key, 28); - des_key[5] = Get7Bits(key, 35); - des_key[6] = Get7Bits(key, 42); - des_key[7] = Get7Bits(key, 49); - -#ifndef USE_CRYPT - des_set_odd_parity((des_cblock *)des_key); -#endif -} - -#ifdef USE_CRYPT -/* - * in == 8-byte string (expanded version of the 56-bit key) - * out == 64-byte string where each byte is either 1 or 0 - * Note that the low-order "bit" is always ignored by by setkey() - */ -static void -Expand(in, out) -u_char *in; -u_char *out; -{ - int j, c; - int i; - - for (i = 0; i < 64; in++){ - c = *in; - for (j = 7; j >= 0; j--) - *out++ = (c >> j) & 01; - i += 8; - } -} - -/* The inverse of Expand - */ -static void -Collapse(in, out) -u_char *in; -u_char *out; -{ - int j; - int i; - unsigned int c; - - for (i = 0; i < 64; i += 8, out++) { - c = 0; - for (j = 7; j >= 0; j--, in++) - c |= *in << j; - *out = c & 0xff; - } -} - -bool -DesSetkey(key) -u_char *key; -{ - u_char des_key[8]; - u_char crypt_key[66]; - - MakeKey(key, des_key); - Expand(des_key, crypt_key); - errno = 0; - setkey((const char *)crypt_key); - if (errno != 0) - return (0); - return (1); -} - -bool -DesEncrypt(clear, cipher) -u_char *clear; /* IN 8 octets */ -u_char *cipher; /* OUT 8 octets */ -{ - u_char des_input[66]; - - Expand(clear, des_input); - errno = 0; - encrypt((char *)des_input, 0); - if (errno != 0) - return (0); - Collapse(des_input, cipher); - return (1); -} - -bool -DesDecrypt(cipher, clear) -u_char *cipher; /* IN 8 octets */ -u_char *clear; /* OUT 8 octets */ -{ - u_char des_input[66]; - - Expand(cipher, des_input); - errno = 0; - encrypt((char *)des_input, 1); - if (errno != 0) - return (0); - Collapse(des_input, clear); - return (1); -} - -#else /* USE_CRYPT */ -static des_key_schedule key_schedule; - -bool -DesSetkey(key) -u_char *key; -{ - des_cblock des_key; - MakeKey(key, des_key); - des_set_key(&des_key, key_schedule); - return (1); -} - -bool -DesEncrypt(clear, key, cipher) -u_char *clear; /* IN 8 octets */ -u_char *cipher; /* OUT 8 octets */ -{ - des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, - key_schedule, 1); - return (1); -} - -bool -DesDecrypt(cipher, clear) -u_char *cipher; /* IN 8 octets */ -u_char *clear; /* OUT 8 octets */ -{ - des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, - key_schedule, 0); - return (1); -} - -#endif /* USE_CRYPT */ diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h deleted file mode 100644 index adcdcbc..0000000 --- a/pppd/pppcrypt.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 - * - * Extracted from chap_ms.c by James Carlson. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef PPPCRYPT_H -#define PPPCRYPT_H - -#ifdef HAVE_CRYPT_H -#include -#endif - -#ifndef USE_CRYPT -#include -#endif - -extern bool DesSetkey __P((u_char *)); -extern bool DesEncrypt __P((u_char *, u_char *)); -extern bool DesDecrypt __P((u_char *, u_char *)); - -#endif /* PPPCRYPT_H */ diff --git a/pppd/pppd.8 b/pppd/pppd.8 deleted file mode 100644 index 22b3b26..0000000 --- a/pppd/pppd.8 +++ /dev/null @@ -1,1888 +0,0 @@ -.\" manual page [] for pppd 2.4 -.\" $Id: pppd.8,v 1.83 2004/11/13 12:22:49 paulus Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.\" -.\" Copyright (c) 1993-2003 Paul Mackerras -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH PPPD 8 -.SH NAME -pppd \- Point-to-Point Protocol Daemon -.SH SYNOPSIS -.B pppd -[ -.I options -] -.SH DESCRIPTION -.LP -PPP is the protocol used for establishing internet links over dial-up -modems, DSL connections, and many other types of point-to-point -links. The \fIpppd\fR daemon works together with the kernel PPP -driver to establish and maintain a PPP link with another system -(called the \fIpeer\fR) and to negotiate Internet Protocol (IP) -addresses for each end of the link. Pppd can also authenticate the -peer and/or supply authentication information to the peer. PPP can be -used with other network protocols besides IP, but such use is becoming -increasingly rare. -.SH FREQUENTLY USED OPTIONS -.TP -.I ttyname -Use the serial port called \fIttyname\fR to communicate with the -peer. The string "/dev/" is prepended to \fIttyname\fR to form the -name of the device to open. If no device name is given, or if the -name of the terminal -connected to the standard input is given, pppd will use that terminal, -and will not fork to put itself in the background. A value for this -option from a privileged source cannot be overridden by a -non-privileged user. -.TP -.I speed -An option that is a decimal number is taken as the desired baud rate -for the serial device. On systems such as -4.4BSD and NetBSD, any speed can be specified. Other systems -(e.g. Linux, SunOS) only support the commonly-used baud rates. -.TP -.B asyncmap \fImap -This option sets the Async-Control-Character-Map (ACCM) for this end -of the link. The ACCM is a set of 32 bits, one for each of the -ASCII control characters with values from 0 to 31, where a 1 bit -indicates that the corresponding control character should not be used -in PPP packets sent to this system. The map is encoded as a -hexadecimal number (without a leading 0x) where the least significant -bit (00000001) represents character 0 and the most significant bit -(80000000) represents character 31. -Pppd will ask the peer to send these characters as a 2-byte -escape sequence. -If multiple \fIasyncmap\fR options are given, the values are ORed -together. If no \fIasyncmap\fR option is given, the default is zero, -so pppd will ask the peer not to escape any control characters. -To escape transmitted characters, use the \fIescape\fR option. -.TP -.B auth -Require the peer to authenticate itself before allowing network -packets to be sent or received. This option is the default if the -system has a default route. If neither this option nor the -\fInoauth\fR option is specified, pppd will only allow the peer to use -IP addresses to which the system does not already have a route. -.TP -.B call \fIname -Read options from the file /etc/ppp/peers/\fIname\fR. This file may -contain privileged options, such as \fInoauth\fR, even if pppd -is not being run by root. The \fIname\fR string may not begin with / -or include .. as a pathname component. The format of the options file -is described below. -.TP -.B connect \fIscript -Usually there is something which needs to be done to prepare the link -before the PPP protocol can be started; for instance, with a dial-up -modem, commands need to be sent to the modem to dial the appropriate -phone number. This option specifies an command for pppd to execute -(by passing it to a shell) before attempting to start PPP negotiation. -The chat (8) program is often useful here, as it provides a way to -send arbitrary strings to a modem and respond to received characters. -A value -for this option from a privileged source cannot be overridden by a -non-privileged user. -.TP -.B crtscts -Specifies that pppd should set the serial port to use hardware flow -control using the RTS and CTS signals in the RS-232 interface. -If neither the \fIcrtscts\fR, the -\fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR option -is given, the hardware flow control setting for the serial port is -left unchanged. -Some serial ports (such as Macintosh serial ports) lack a true -RTS output. Such serial ports use this mode to implement -unidirectional flow control. The serial port will -suspend transmission when requested by the modem (via CTS) -but will be unable to request the modem to stop sending to the -computer. This mode retains the ability to use DTR as -a modem control line. -.TP -.B defaultroute -Add a default route to the system routing tables, using the peer as -the gateway, when IPCP negotiation is successfully completed. -This entry is removed when the PPP connection is broken. This option -is privileged if the \fInodefaultroute\fR option has been specified. -.TP -.B disconnect \fIscript -Execute the command specified by \fIscript\fR, by passing it to a -shell, after -pppd has terminated the link. This command could, for example, issue -commands to the modem to cause it to hang up if hardware modem control -signals were not available. The disconnect script is not run if the -modem has already hung up. A value for this option from a privileged -source cannot be overridden by a non-privileged user. -.TP -.B escape \fIxx,yy,... -Specifies that certain characters should be escaped on transmission -(regardless of whether the peer requests them to be escaped with its -async control character map). The characters to be escaped are -specified as a list of hex numbers separated by commas. Note that -almost any character can be specified for the \fIescape\fR option, -unlike the \fIasyncmap\fR option which only allows control characters -to be specified. The characters which may not be escaped are those -with hex values 0x20 - 0x3f or 0x5e. -.TP -.B file \fIname -Read options from file \fIname\fR (the format is described below). -The file must be readable by the user who has invoked pppd. -.TP -.B init \fIscript -Execute the command specified by \fIscript\fR, by passing it to a shell, to -initialize the serial line. This script would typically use the -chat(8) program to configure the modem to enable auto answer. A value -for this option from a privileged source cannot be overridden by a -non-privileged user. -.TP -.B lock -Specifies that pppd should create a UUCP-style lock file for the -serial device to ensure exclusive access to the device. -.TP -.B mru \fIn -Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd -will ask the peer to send packets of no more than \fIn\fR bytes. -The value of \fIn\fR must be between 128 and 16384; the default is 1500. -A value of -296 works well on very slow links (40 bytes for TCP/IP header + 256 -bytes of data). -Note that for the IPv6 protocol, the MRU must be at least 1280. -.TP -.B mtu \fIn -Set the MTU [Maximum Transmit Unit] value to \fIn\fR. Unless the -peer requests a smaller value via MRU negotiation, pppd will -request that the kernel networking code send data packets of no more -than \fIn\fR bytes through the PPP network interface. Note that for -the IPv6 protocol, the MTU must be at least 1280. -.TP -.B passive -Enables the "passive" option in the LCP. With this option, pppd will -attempt to initiate a connection; if no reply is received from the -peer, pppd will then just wait passively for a valid LCP packet from -the peer, instead of exiting, as it would without this option. -.SH OPTIONS -.TP -.I \fB:\fI -Set the local and/or remote interface IP addresses. Either one may be -omitted. The IP addresses can be specified with a host name or in -decimal dot notation (e.g. 150.234.56.78). The default local -address is the (first) IP address of the system (unless the -\fInoipdefault\fR -option is given). The remote address will be obtained from the peer -if not specified in any option. Thus, in simple cases, this option is -not required. If a local and/or remote IP address is specified with -this option, pppd -will not accept a different value from the peer in the IPCP -negotiation, unless the \fIipcp\-accept\-local\fR and/or -\fIipcp\-accept\-remote\fR options are given, respectively. -.TP -.B ipv6 \fI\fR,\fI -Set the local and/or remote 64-bit interface identifier. Either one may be -omitted. The identifier must be specified in standard ascii notation of -IPv6 addresses (e.g. ::dead:beef). If the -\fIipv6cp\-use\-ipaddr\fR -option is given, the local identifier is the local IPv4 address (see above). -On systems which supports a unique persistent id, such as EUI\-48 derived -from the Ethernet MAC address, \fIipv6cp\-use\-persistent\fR option can be -used to replace the \fIipv6 ,\fR option. Otherwise the -identifier is randomized. -.TP -.B active\-filter \fIfilter\-expression -Specifies a packet filter to be applied to data packets to determine -which packets are to be regarded as link activity, and therefore reset -the idle timer, or cause the link to be brought up in demand-dialling -mode. This option is useful in conjunction with the -\fBidle\fR option if there are packets being sent or received -regularly over the link (for example, routing information packets) -which would otherwise prevent the link from ever appearing to be idle. -The \fIfilter\-expression\fR syntax is as described for tcpdump(1), -except that qualifiers which are inappropriate for a PPP link, such as -\fBether\fR and \fBarp\fR, are not permitted. Generally the filter -expression should be enclosed in single-quotes to prevent whitespace -in the expression from being interpreted by the shell. This option -is currently only available under Linux, and requires that the kernel -was configured to include PPP filtering support (CONFIG_PPP_FILTER). -Note that it -is possible to apply different constraints to incoming and outgoing -packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. -.TP -.B allow\-ip \fIaddress(es) -Allow peers to use the given IP address or subnet without -authenticating themselves. The parameter is parsed as for each -element of the list of allowed IP addresses in the secrets files (see -the AUTHENTICATION section below). -.TP -.B allow\-number \fInumber -Allow peers to connect from the given telephone number. A trailing -`*' character will match all numbers beginning with the leading part. -.TP -.B bsdcomp \fInr,nt -Request that the peer compress packets that it sends, using the -BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and -agree to compress packets sent to the peer with a maximum code size of -\fInt\fR bits. If \fInt\fR is not specified, it defaults to the value -given for \fInr\fR. Values in the range 9 to 15 may be used for -\fInr\fR and \fInt\fR; larger values give better compression but -consume more kernel memory for compression dictionaries. -Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables -compression in the corresponding direction. Use \fInobsdcomp\fR or -\fIbsdcomp 0\fR to disable BSD-Compress compression entirely. -.TP -.B cdtrcts -Use a non-standard hardware flow control (i.e. DTR/CTS) to control -the flow of data on the serial port. If neither the \fIcrtscts\fR, -the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR -option is given, the hardware flow control setting for the serial -port is left unchanged. -Some serial ports (such as Macintosh serial ports) lack a true -RTS output. Such serial ports use this mode to implement true -bi-directional flow control. The sacrifice is that this flow -control mode does not permit using DTR as a modem control line. -.TP -.B chap\-interval \fIn -If this option is given, pppd will rechallenge the peer every \fIn\fR -seconds. -.TP -.B chap\-max\-challenge \fIn -Set the maximum number of CHAP challenge transmissions to \fIn\fR -(default 10). -.TP -.B chap\-restart \fIn -Set the CHAP restart interval (retransmission timeout for challenges) -to \fIn\fR seconds (default 3). -.TP -.B child\-timeout \fIn -When exiting, wait for up to \fIn\fR seconds for any child processes -(such as the command specified with the \fBpty\fR command) to exit -before exiting. At the end of the timeout, pppd will send a SIGTERM -signal to any remaining child processes and exit. A value of 0 means -no timeout, that is, pppd will wait until all child processes have -exited. -.TP -.B connect\-delay \fIn -Wait for up to \fIn\fR milliseconds after the connect script finishes for -a valid PPP packet from the peer. At the end of this time, or when a -valid PPP packet is received from the peer, pppd will commence -negotiation by sending its first LCP packet. The default value is -1000 (1 second). This wait period only applies if the \fBconnect\fR -or \fBpty\fR option is used. -.TP -.B debug -Enables connection debugging facilities. -If this option is given, pppd will log the contents of all -control packets sent or received in a readable form. The packets are -logged through syslog with facility \fIdaemon\fR and level -\fIdebug\fR. This information can be directed to a file by setting up -/etc/syslog.conf appropriately (see syslog.conf(5)). -.TP -.B default\-asyncmap -Disable asyncmap negotiation, forcing all control characters to be -escaped for both the transmit and the receive direction. -.TP -.B default\-mru -Disable MRU [Maximum Receive Unit] negotiation. With this option, -pppd will use the default MRU value of 1500 bytes for both the -transmit and receive direction. -.TP -.B deflate \fInr,nt -Request that the peer compress packets that it sends, using the -Deflate scheme, with a maximum window size of \fI2**nr\fR bytes, and -agree to compress packets sent to the peer with a maximum window size -of \fI2**nt\fR bytes. If \fInt\fR is not specified, it defaults to -the value given for \fInr\fR. Values in the range 9 to 15 may be used -for \fInr\fR and \fInt\fR; larger values give better compression but -consume more kernel memory for compression dictionaries. -Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables -compression in the corresponding direction. Use \fInodeflate\fR or -\fIdeflate 0\fR to disable Deflate compression entirely. (Note: pppd -requests Deflate compression in preference to BSD-Compress if the peer -can do either.) -.TP -.B demand -Initiate the link only on demand, i.e. when data traffic is present. -With this option, the remote IP address must be specified by the user -on the command line or in an options file. Pppd will initially -configure the interface and enable it for IP traffic without -connecting to the peer. When traffic is available, pppd will -connect to the peer and perform negotiation, authentication, etc. -When this is completed, pppd will commence passing data packets -(i.e., IP packets) across the link. - -The \fIdemand\fR option implies the \fIpersist\fR option. If this -behaviour is not desired, use the \fInopersist\fR option after the -\fIdemand\fR option. The \fIidle\fR and \fIholdoff\fR -options are also useful in conjuction with the \fIdemand\fR option. -.TP -.B domain \fId -Append the domain name \fId\fR to the local host name for authentication -purposes. For example, if gethostname() returns the name porsche, but -the fully qualified domain name is porsche.Quotron.COM, you could -specify \fIdomain Quotron.COM\fR. Pppd would then use the name -\fIporsche.Quotron.COM\fR for looking up secrets in the secrets file, -and as the default name to send to the peer when authenticating itself -to the peer. This option is privileged. -.TP -.B dryrun -With the \fBdryrun\fR option, pppd will print out all the option -values which have been set and then exit, after parsing the command -line and options files and checking the option values, but before -initiating the link. The option values are logged at level info, and -also printed to standard output unless the device on standard output -is the device that pppd would be using to communicate with the peer. -.TP -.B dump -With the \fBdump\fR option, pppd will print out all the option values -which have been set. This option is like the \fBdryrun\fR option -except that pppd proceeds as normal rather than exiting. -.TP -.B endpoint \fI -Sets the endpoint discriminator sent by the local machine to the peer -during multilink negotiation to \fI\fR. The default is to use -the MAC address of the first ethernet interface on the system, if any, -otherwise the IPv4 address corresponding to the hostname, if any, -provided it is not in the multicast or locally-assigned IP address -ranges, or the localhost address. The endpoint discriminator can be -the string \fBnull\fR or of the form \fItype\fR:\fIvalue\fR, where -type is a decimal number or one of the strings \fBlocal\fR, \fBIP\fR, -\fBMAC\fR, \fBmagic\fR, or \fBphone\fR. The value is an IP address in -dotted-decimal notation for the \fBIP\fR type, or a string of bytes in -hexadecimal, separated by periods or colons for the other types. For -the MAC type, the value may also be the name of an ethernet or similar -network interface. This option is currently only available under -Linux. -.TP -.B eap\-interval \fIn -If this option is given and pppd authenticates the peer with EAP -(i.e., is the server), pppd will restart EAP authentication every -\fIn\fR seconds. For EAP SRP\-SHA1, see also the \fBsrp\-interval\fR -option, which enables lightweight rechallenge. -.TP -.B eap\-max\-rreq \fIn -Set the maximum number of EAP Requests to which pppd will respond (as -a client) without hearing EAP Success or Failure. (Default is 20.) -.TP -.B eap\-max\-sreq \fIn -Set the maximum number of EAP Requests that pppd will issue (as a -server) while attempting authentication. (Default is 10.) -.TP -.B eap\-restart \fIn -Set the retransmit timeout for EAP Requests when acting as a server -(authenticator). (Default is 3 seconds.) -.TP -.B eap\-timeout \fIn -Set the maximum time to wait for the peer to send an EAP Request when -acting as a client (authenticatee). (Default is 20 seconds.) -.TP -.B hide\-password -When logging the contents of PAP packets, this option causes pppd to -exclude the password string from the log. This is the default. -.TP -.B holdoff \fIn -Specifies how many seconds to wait before re-initiating the link after -it terminates. This option only has any effect if the \fIpersist\fR -or \fIdemand\fR option is used. The holdoff period is not applied if -the link was terminated because it was idle. -.TP -.B idle \fIn -Specifies that pppd should disconnect if the link is idle for \fIn\fR -seconds. The link is idle when no data packets (i.e. IP packets) are -being sent or received. Note: it is not advisable to use this option -with the \fIpersist\fR option without the \fIdemand\fR option. -If the \fBactive\-filter\fR -option is given, data packets which are rejected by the specified -activity filter also count as the link being idle. -.TP -.B ipcp\-accept\-local -With this option, pppd will accept the peer's idea of our local IP -address, even if the local IP address was specified in an option. -.TP -.B ipcp\-accept\-remote -With this option, pppd will accept the peer's idea of its (remote) IP -address, even if the remote IP address was specified in an option. -.TP -.B ipcp\-max\-configure \fIn -Set the maximum number of IPCP configure-request transmissions to -\fIn\fR (default 10). -.TP -.B ipcp\-max\-failure \fIn -Set the maximum number of IPCP configure-NAKs returned before starting -to send configure-Rejects instead to \fIn\fR (default 10). -.TP -.B ipcp\-max\-terminate \fIn -Set the maximum number of IPCP terminate-request transmissions to -\fIn\fR (default 3). -.TP -.B ipcp\-restart \fIn -Set the IPCP restart interval (retransmission timeout) to \fIn\fR -seconds (default 3). -.TP -.B ipparam \fIstring -Provides an extra parameter to the ip\-up and ip\-down scripts. If this -option is given, the \fIstring\fR supplied is given as the 6th -parameter to those scripts. -.TP -.B ipv6cp\-max\-configure \fIn -Set the maximum number of IPv6CP configure-request transmissions to -\fIn\fR (default 10). -.TP -.B ipv6cp\-max\-failure \fIn -Set the maximum number of IPv6CP configure-NAKs returned before starting -to send configure-Rejects instead to \fIn\fR (default 10). -.TP -.B ipv6cp\-max\-terminate \fIn -Set the maximum number of IPv6CP terminate-request transmissions to -\fIn\fR (default 3). -.TP -.B ipv6cp\-restart \fIn -Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR -seconds (default 3). -.TP -.B ipx -Enable the IPXCP and IPX protocols. This option is presently only -supported under Linux, and only if your kernel has been configured to -include IPX support. -.TP -.B ipx\-network \fIn -Set the IPX network number in the IPXCP configure request frame to -\fIn\fR, a hexadecimal number (without a leading 0x). There is no -valid default. If this option is not specified, the network number is -obtained from the peer. If the peer does not have the network number, -the IPX protocol will not be started. -.TP -.B ipx\-node \fIn\fB:\fIm -Set the IPX node numbers. The two node numbers are separated from each -other with a colon character. The first number \fIn\fR is the local -node number. The second number \fIm\fR is the peer's node number. Each -node number is a hexadecimal number, at most 10 digits long. The node -numbers on the ipx\-network must be unique. There is no valid -default. If this option is not specified then the node numbers are -obtained from the peer. -.TP -.B ipx\-router\-name \fI -Set the name of the router. This is a string and is sent to the peer -as information data. -.TP -.B ipx\-routing \fIn -Set the routing protocol to be received by this option. More than one -instance of \fIipx\-routing\fR may be specified. The '\fInone\fR' -option (0) may be specified as the only instance of ipx\-routing. The -values may be \fI0\fR for \fINONE\fR, \fI2\fR for \fIRIP/SAP\fR, and -\fI4\fR for \fINLSP\fR. -.TP -.B ipxcp\-accept\-local -Accept the peer's NAK for the node number specified in the ipx\-node -option. If a node number was specified, and non-zero, the default is -to insist that the value be used. If you include this option then you -will permit the peer to override the entry of the node number. -.TP -.B ipxcp\-accept\-network -Accept the peer's NAK for the network number specified in the -ipx\-network option. If a network number was specified, and non-zero, the -default is to insist that the value be used. If you include this -option then you will permit the peer to override the entry of the node -number. -.TP -.B ipxcp\-accept\-remote -Use the peer's network number specified in the configure request -frame. If a node number was specified for the peer and this option was -not specified, the peer will be forced to use the value which you have -specified. -.TP -.B ipxcp\-max\-configure \fIn -Set the maximum number of IPXCP configure request frames which the -system will send to \fIn\fR. The default is 10. -.TP -.B ipxcp\-max\-failure \fIn -Set the maximum number of IPXCP NAK frames which the local system will -send before it rejects the options. The default value is 3. -.TP -.B ipxcp\-max\-terminate \fIn -Set the maximum nuber of IPXCP terminate request frames before the -local system considers that the peer is not listening to them. The -default value is 3. -.TP -.B kdebug \fIn -Enable debugging code in the kernel-level PPP driver. The argument -values depend on the specific kernel driver, but in general a value of -1 will enable general kernel debug messages. (Note that these -messages are usually only useful for debugging the kernel driver -itself.) For the Linux 2.2.x kernel driver, the value is a sum of -bits: 1 to -enable general debug messages, 2 to request that the contents of -received packets be printed, and 4 to request that the contents of -transmitted packets be printed. On most systems, messages printed by -the kernel are logged by syslog(1) to a file as directed in the -/etc/syslog.conf configuration file. -.TP -.B ktune -Enables pppd to alter kernel settings as appropriate. Under Linux, -pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward -to 1) if the \fIproxyarp\fR option is used, and will enable the -dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to -1) in demand mode if the local address changes. -.TP -.B lcp\-echo\-failure \fIn -If this option is given, pppd will presume the peer to be dead -if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP -echo\-reply. If this happens, pppd will terminate the -connection. Use of this option requires a non-zero value for the -\fIlcp\-echo\-interval\fR parameter. This option can be used to enable -pppd to terminate after the physical connection has been broken -(e.g., the modem has hung up) in situations where no hardware modem -control lines are available. -.TP -.B lcp\-echo\-interval \fIn -If this option is given, pppd will send an LCP echo\-request frame to -the peer every \fIn\fR seconds. Normally the peer should respond to -the echo\-request by sending an echo\-reply. This option can be used -with the \fIlcp\-echo\-failure\fR option to detect that the peer is no -longer connected. -.TP -.B lcp\-max\-configure \fIn -Set the maximum number of LCP configure-request transmissions to -\fIn\fR (default 10). -.TP -.B lcp\-max\-failure \fIn -Set the maximum number of LCP configure-NAKs returned before starting -to send configure-Rejects instead to \fIn\fR (default 10). -.TP -.B lcp\-max\-terminate \fIn -Set the maximum number of LCP terminate-request transmissions to -\fIn\fR (default 3). -.TP -.B lcp\-restart \fIn -Set the LCP restart interval (retransmission timeout) to \fIn\fR -seconds (default 3). -.TP -.B linkname \fIname\fR -Sets the logical name of the link to \fIname\fR. Pppd will create a -file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some -systems) containing its process ID. This can be useful in determining -which instance of pppd is responsible for the link to a given peer -system. This is a privileged option. -.TP -.B local -Don't use the modem control lines. With this option, pppd will ignore -the state of the CD (Carrier Detect) signal from the modem and will -not change the state of the DTR (Data Terminal Ready) signal. -.TP -.B logfd \fIn -Send log messages to file descriptor \fIn\fR. Pppd will send log -messages to at most one file or file descriptor (as well as sending -the log messages to syslog), so this option and the \fBlogfile\fR -option are mutually exclusive. The default is for pppd to send log -messages to stdout (file descriptor 1), unless the serial port is -already open on stdout. -.TP -.B logfile \fIfilename -Append log messages to the file \fIfilename\fR (as well as sending the -log messages to syslog). The file is opened with the privileges of -the user who invoked pppd, in append mode. -.TP -.B login -Use the system password database for authenticating the peer using -PAP, and record the user in the system wtmp file. Note that the peer -must have an entry in the /etc/ppp/pap\-secrets file as well as the -system password database to be allowed access. -.TP -.B maxconnect \fIn -Terminate the connection when it has been available for network -traffic for \fIn\fR seconds (i.e. \fIn\fR seconds after the first -network control protocol comes up). -.TP -.B maxfail \fIn -Terminate after \fIn\fR consecutive failed connection attempts. A -value of 0 means no limit. The default value is 10. -.TP -.B modem -Use the modem control lines. This option is the default. With this -option, pppd will wait for the CD (Carrier Detect) signal from the -modem to be asserted when opening the serial device (unless a connect -script is specified), and it will drop the DTR (Data Terminal Ready) -signal briefly when the connection is terminated and before executing -the connect script. On Ultrix, this option implies hardware flow -control, as for the \fIcrtscts\fR option. -.TP -.B mp -Enables the use of PPP multilink; this is an alias for the `multilink' -option. This option is currently only available under Linux. -.TP -.B mppe\-stateful -Allow MPPE to use stateful mode. Stateless mode is still attempted first. -The default is to disallow stateful mode. -.TP -.B mpshortseq -Enables the use of short (12-bit) sequence numbers in multilink -headers, as opposed to 24-bit sequence numbers. This option is only -available under Linux, and only has any effect if multilink is -enabled (see the multilink option). -.TP -.B mrru \fIn -Sets the Maximum Reconstructed Receive Unit to \fIn\fR. The MRRU is -the maximum size for a received packet on a multilink bundle, and is -analogous to the MRU for the individual links. This option is -currently only available under Linux, and only has any effect if -multilink is enabled (see the multilink option). -.TP -.B ms\-dns \fI -If pppd is acting as a server for Microsoft Windows clients, this -option allows pppd to supply one or two DNS (Domain Name Server) -addresses to the clients. The first instance of this option specifies -the primary DNS address; the second instance (if given) specifies the -secondary DNS address. (This option was present in some older -versions of pppd under the name \fBdns\-addr\fR.) -.TP -.B ms\-wins \fI -If pppd is acting as a server for Microsoft Windows or "Samba" -clients, this option allows pppd to supply one or two WINS (Windows -Internet Name Services) server addresses to the clients. The first -instance of this option specifies the primary WINS address; the second -instance (if given) specifies the secondary WINS address. -.TP -.B multilink -Enables the use of the PPP multilink protocol. If the peer also -supports multilink, then this link can become part of a bundle between -the local system and the peer. If there is an existing bundle to the -peer, pppd will join this link to that bundle, otherwise pppd will -create a new bundle. See the MULTILINK section below. This option is -currently only available under Linux. -.TP -.B name \fIname -Set the name of the local system for authentication purposes to -\fIname\fR. This is a privileged option. With this option, pppd will -use lines in the secrets files which have \fIname\fR as the second -field when looking for a secret to use in authenticating the peer. In -addition, unless overridden with the \fIuser\fR option, \fIname\fR -will be used as the name to send to the peer when authenticating the -local system to the peer. (Note that pppd does not append the domain -name to \fIname\fR.) -.TP -.B noaccomp -Disable Address/Control compression in both directions (send and -receive). -.TP -.B noauth -Do not require the peer to authenticate itself. This option is -privileged. -.TP -.B nobsdcomp -Disables BSD-Compress compression; \fBpppd\fR will not request or -agree to compress packets using the BSD-Compress scheme. -.TP -.B noccp -Disable CCP (Compression Control Protocol) negotiation. This option -should only be required if the peer is buggy and gets confused by -requests from pppd for CCP negotiation. -.TP -.B nocrtscts -Disable hardware flow control (i.e. RTS/CTS) on the serial port. -If neither the \fIcrtscts\fR nor the \fInocrtscts\fR nor the -\fIcdtrcts\fR nor the \fInocdtrcts\fR option is given, the hardware -flow control setting for the serial port is left unchanged. -.TP -.B nocdtrcts -This option is a synonym for \fInocrtscts\fR. Either of these options will -disable both forms of hardware flow control. -.TP -.B nodefaultroute -Disable the \fIdefaultroute\fR option. The system administrator who -wishes to prevent users from creating default routes with pppd -can do so by placing this option in the /etc/ppp/options file. -.TP -.B nodeflate -Disables Deflate compression; pppd will not request or agree to -compress packets using the Deflate scheme. -.TP -.B nodetach -Don't detach from the controlling terminal. Without this option, if a -serial device other than the terminal on the standard input is -specified, pppd will fork to become a background process. -.TP -.B noendpoint -Disables pppd from sending an endpoint discriminator to the peer or -accepting one from the peer (see the MULTILINK section below). This -option should only be required if the peer is buggy. -.TP -.B noip -Disable IPCP negotiation and IP communication. This option should -only be required if the peer is buggy and gets confused by requests -from pppd for IPCP negotiation. -.TP -.B noipv6 -Disable IPv6CP negotiation and IPv6 communication. This option should -only be required if the peer is buggy and gets confused by requests -from pppd for IPv6CP negotiation. -.TP -.B noipdefault -Disables the default behaviour when no local IP address is specified, -which is to determine (if possible) the local IP address from the -hostname. With this option, the peer will have to supply the local IP -address during IPCP negotiation (unless it specified explicitly on the -command line or in an options file). -.TP -.B noipx -Disable the IPXCP and IPX protocols. This option should only be -required if the peer is buggy and gets confused by requests from pppd -for IPXCP negotiation. -.TP -.B noktune -Opposite of the \fIktune\fR option; disables pppd from changing system -settings. -.TP -.B nolog -Do not send log messages to a file or file descriptor. This option -cancels the \fBlogfd\fR and \fBlogfile\fR options. -.TP -.B nomagic -Disable magic number negotiation. With this option, pppd cannot -detect a looped-back line. This option should only be needed if the -peer is buggy. -.TP -.B nomp -Disables the use of PPP multilink. This option is currently only -available under Linux. -.TP -.B nomppe -Disables MPPE (Microsoft Point to Point Encryption). This is the default. -.TP -.B nomppe\-40 -Disable 40-bit encryption with MPPE. -.TP -.B nomppe\-128 -Disable 128-bit encryption with MPPE. -.TP -.B nomppe\-stateful -Disable MPPE stateful mode. This is the default. -.TP -.B nompshortseq -Disables the use of short (12-bit) sequence numbers in the PPP -multilink protocol, forcing the use of 24-bit sequence numbers. This -option is currently only available under Linux, and only has any -effect if multilink is enabled. -.TP -.B nomultilink -Disables the use of PPP multilink. This option is currently only -available under Linux. -.TP -.B nopcomp -Disable protocol field compression negotiation in both the receive and -the transmit direction. -.TP -.B nopersist -Exit once a connection has been made and terminated. This is the -default unless the \fIpersist\fR or \fIdemand\fR option has been -specified. -.TP -.B nopredictor1 -Do not accept or agree to Predictor\-1 compression. -.TP -.B noproxyarp -Disable the \fIproxyarp\fR option. The system administrator who -wishes to prevent users from creating proxy ARP entries with pppd can -do so by placing this option in the /etc/ppp/options file. -.TP -.B notty -Normally, pppd requires a terminal device. With this option, pppd -will allocate itself a pseudo-tty master/slave pair and use the slave -as its terminal device. Pppd will create a child process to act as a -`character shunt' to transfer characters between the pseudo-tty master -and its standard input and output. Thus pppd will transmit characters -on its standard output and receive characters on its standard input -even if they are not terminal devices. This option increases the -latency and CPU overhead of transferring data over the ppp interface -as all of the characters sent and received must flow through the -character shunt process. An explicit device name may not be given if -this option is used. -.TP -.B novj -Disable Van Jacobson style TCP/IP header compression in both the -transmit and the receive direction. -.TP -.B novjccomp -Disable the connection-ID compression option in Van Jacobson style -TCP/IP header compression. With this option, pppd will not omit the -connection-ID byte from Van Jacobson compressed TCP/IP headers, nor -ask the peer to do so. -.TP -.B papcrypt -Indicates that all secrets in the /etc/ppp/pap\-secrets file which are -used for checking the identity of the peer are encrypted, and thus -pppd should not accept a password which, before encryption, is -identical to the secret from the /etc/ppp/pap\-secrets file. -.TP -.B pap\-max\-authreq \fIn -Set the maximum number of PAP authenticate-request transmissions to -\fIn\fR (default 10). -.TP -.B pap\-restart \fIn -Set the PAP restart interval (retransmission timeout) to \fIn\fR -seconds (default 3). -.TP -.B pap\-timeout \fIn -Set the maximum time that pppd will wait for the peer to authenticate -itself with PAP to \fIn\fR seconds (0 means no limit). -.TP -.B pass\-filter \fIfilter\-expression -Specifies a packet filter to applied to data packets being sent or -received to determine which packets should be allowed to pass. -Packets which are rejected by the filter are silently discarded. This -option can be used to prevent specific network daemons (such as -routed) using up link bandwidth, or to provide a very basic firewall -capability. -The \fIfilter\-expression\fR syntax is as described for tcpdump(1), -except that qualifiers which are inappropriate for a PPP link, such as -\fBether\fR and \fBarp\fR, are not permitted. Generally the filter -expression should be enclosed in single-quotes to prevent whitespace -in the expression from being interpreted by the shell. Note that it -is possible to apply different constraints to incoming and outgoing -packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This -option is currently only available under Linux, and requires that the -kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER). -.TP -.B password \fIpassword\-string -Specifies the password to use for authenticating to the peer. Use -of this option is discouraged, as the password is likely to be visible -to other users on the system (for example, by using ps(1)). -.TP -.B persist -Do not exit after a connection is terminated; instead try to reopen -the connection. The \fBmaxfail\fR option still has an effect on -persistent connections. -.TP -.B plugin \fIfilename -Load the shared library object file \fIfilename\fR as a plugin. This -is a privileged option. If \fIfilename\fR does not contain a slash -(/), pppd will look in the \fB/usr/lib/pppd/\fIversion\fR directory -for the plugin, where -\fIversion\fR is the version number of pppd (for example, 2.4.2). -.TP -.B predictor1 -Request that the peer compress frames that it sends using Predictor-1 -compression, and agree to compress transmitted frames with Predictor-1 -if requested. This option has no effect unless the kernel driver -supports Predictor-1 compression. -.TP -.B privgroup \fIgroup\-name -Allows members of group \fIgroup\-name\fR to use privileged options. -This is a privileged option. Use of this option requires care as -there is no guarantee that members of \fIgroup\-name\fR cannot use pppd -to become root themselves. Consider it equivalent to putting the -members of \fIgroup\-name\fR in the kmem or disk group. -.TP -.B proxyarp -Add an entry to this system's ARP [Address Resolution Protocol] table -with the IP address of the peer and the Ethernet address of this -system. This will have the effect of making the peer appear to other -systems to be on the local ethernet. -.TP -.B pty \fIscript -Specifies that the command \fIscript\fR is to be used to communicate -rather than a specific terminal device. Pppd will allocate itself a -pseudo-tty master/slave pair and use the slave as its terminal -device. The \fIscript\fR will be run in a child process with the -pseudo-tty master as its standard input and output. An explicit -device name may not be given if this option is used. (Note: if the -\fIrecord\fR option is used in conjuction with the \fIpty\fR option, -the child process will have pipes on its standard input and output.) -.TP -.B receive\-all -With this option, pppd will accept all control characters from the -peer, including those marked in the receive asyncmap. Without this -option, pppd will discard those characters as specified in RFC1662. -This option should only be needed if the peer is buggy. -.TP -.B record \fIfilename -Specifies that pppd should record all characters sent and received to -a file named \fIfilename\fR. This file is opened in append mode, -using the user's user-ID and permissions. This option is implemented -using a pseudo-tty and a process to transfer characters between the -pseudo-tty and the real serial device, so it will increase the latency -and CPU overhead of transferring data over the ppp interface. The -characters are stored in a tagged format with timestamps, which can be -displayed in readable form using the pppdump(8) program. -.TP -.B remotename \fIname -Set the assumed name of the remote system for authentication purposes -to \fIname\fR. -.TP -.B remotenumber \fInumber -Set the assumed telephone number of the remote system for authentication -purposes to \fInumber\fR. -.TP -.B refuse\-chap -With this option, pppd will not agree to authenticate itself to the -peer using CHAP. -.TP -.B refuse\-mschap -With this option, pppd will not agree to authenticate itself to the -peer using MS\-CHAP. -.TP -.B refuse\-mschap\-v2 -With this option, pppd will not agree to authenticate itself to the -peer using MS\-CHAPv2. -.TP -.B refuse\-eap -With this option, pppd will not agree to authenticate itself to the -peer using EAP. -.TP -.B refuse\-pap -With this option, pppd will not agree to authenticate itself to the -peer using PAP. -.TP -.B require\-chap -Require the peer to authenticate itself using CHAP [Challenge -Handshake Authentication Protocol] authentication. -.TP -.B require\-mppe -Require the use of MPPE (Microsoft Point to Point Encryption). This -option disables all other compression types. This option enables -both 40-bit and 128-bit encryption. In order for MPPE to successfully -come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2. -This option is presently only supported under Linux, and only if your -kernel has been configured to include MPPE support. -.TP -.B require\-mppe\-40 -Require the use of MPPE, with 40-bit encryption. -.TP -.B require\-mppe\-128 -Require the use of MPPE, with 128-bit encryption. -.TP -.B require\-mschap -Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge -Handshake Authentication Protocol] authentication. -.TP -.B require\-mschap\-v2 -Require the peer to authenticate itself using MS\-CHAPv2 [Microsoft Challenge -Handshake Authentication Protocol, Version 2] authentication. -.TP -.B require\-eap -Require the peer to authenticate itself using EAP [Extensible -Authentication Protocol] authentication. -.TP -.B require\-pap -Require the peer to authenticate itself using PAP [Password -Authentication Protocol] authentication. -.TP -.B show\-password -When logging the contents of PAP packets, this option causes pppd to -show the password string in the log message. -.TP -.B silent -With this option, pppd will not transmit LCP packets to initiate a -connection until a valid LCP packet is received from the peer (as for -the `passive' option with ancient versions of pppd). -.TP -.B srp\-interval \fIn -If this parameter is given and pppd uses EAP SRP\-SHA1 to authenticate -the peer (i.e., is the server), then pppd will use the optional -lightweight SRP rechallenge mechanism at intervals of \fIn\fR -seconds. This option is faster than \fBeap\-interval\fR -reauthentication because it uses a hash\-based mechanism and does not -derive a new session key. -.TP -.B srp\-pn\-secret \fIstring -Set the long-term pseudonym-generating secret for the server. This -value is optional and if set, needs to be known at the server -(authenticator) side only, and should be different for each server (or -poll of identical servers). It is used along with the current date to -generate a key to encrypt and decrypt the client's identity contained -in the pseudonym. -.TP -.B srp\-use\-pseudonym -When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym -stored in ~/.ppp_psuedonym first as the identity, and save in this -file any pseudonym offered by the peer during authentication. -.TP -.B sync -Use synchronous HDLC serial encoding instead of asynchronous. -The device used by pppd with this option must have sync support. -Currently supports Microgate SyncLink adapters -under Linux and FreeBSD 2.2.8 and later. -.TP -.B unit \fInum -Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound -connections. -.TP -.B updetach -With this option, pppd will detach from its controlling terminal once -it has successfully established the ppp connection (to the point where -the first network control protocol, usually the IP control protocol, -has come up). -.TP -.B usehostname -Enforce the use of the hostname (with domain name appended, if given) -as the name of the local system for authentication purposes (overrides -the \fIname\fR option). This option is not normally needed since the -\fIname\fR option is privileged. -.TP -.B usepeerdns -Ask the peer for up to 2 DNS server addresses. The addresses supplied -by the peer (if any) are passed to the /etc/ppp/ip\-up script in the -environment variables DNS1 and DNS2, and the environment variable -USEPEERDNS will be set to 1. In addition, pppd will create an -/etc/ppp/resolv.conf file containing one or two nameserver lines with -the address(es) supplied by the peer. -.TP -.B user \fIname -Sets the name used for authenticating the local system to the peer to -\fIname\fR. -.TP -.B vj\-max\-slots \fIn -Sets the number of connection slots to be used by the Van Jacobson -TCP/IP header compression and decompression code to \fIn\fR, which -must be between 2 and 16 (inclusive). -.TP -.B welcome \fIscript -Run the executable or shell command specified by \fIscript\fR before -initiating PPP negotiation, after the connect script (if any) has -completed. A value for this option from a privileged source cannot be -overridden by a non-privileged user. -.TP -.B xonxoff -Use software flow control (i.e. XON/XOFF) to control the flow of data on -the serial port. -.SH OPTIONS FILES -Options can be taken from files as well as the command line. Pppd -reads options from the files /etc/ppp/options, ~/.ppprc and -/etc/ppp/options.\fIttyname\fR (in that order) before processing the -options on the command line. (In fact, the command-line options are -scanned to find the terminal name before the options.\fIttyname\fR -file is read.) In forming the name of the options.\fIttyname\fR file, -the initial /dev/ is removed from the terminal name, and any remaining -/ characters are replaced with dots. -.PP -An options file is parsed into a series of words, delimited by -whitespace. Whitespace can be included in a word by enclosing the -word in double-quotes ("). A backslash (\\) quotes the following character. -A hash (#) starts a comment, which continues until the end of the -line. There is no restriction on using the \fIfile\fR or \fIcall\fR -options within an options file. -.SH SECURITY -.I pppd -provides system administrators with sufficient access control that PPP -access to a server machine can be provided to legitimate users without -fear of compromising the security of the server or the network it's -on. This control is provided through restrictions on which IP -addresses the peer may use, based on its authenticated identity (if -any), and through restrictions on which options a non-privileged user -may use. Several of pppd's options are privileged, in particular -those which permit potentially insecure configurations; these options -are only accepted in files which are under the control of the system -administrator, or if pppd is being run by root. -.PP -The default behaviour of pppd is to allow an unauthenticated peer to -use a given IP address only if the system does not already have a -route to that IP address. For example, a system with a -permanent connection to the wider internet will normally have a -default route, and thus all peers will have to authenticate themselves -in order to set up a connection. On such a system, the \fIauth\fR -option is the default. On the other hand, a system where the -PPP link is the only connection to the internet will not normally have -a default route, so the peer will be able to use almost any IP address -without authenticating itself. -.PP -As indicated above, some security-sensitive options are privileged, -which means that they may not be used by an ordinary non-privileged -user running a setuid-root pppd, either on the command line, in the -user's ~/.ppprc file, or in an options file read using the \fIfile\fR -option. Privileged options may be used in /etc/ppp/options file or in -an options file read using the \fIcall\fR option. If pppd is being -run by the root user, privileged options can be used without -restriction. -.PP -When opening the device, pppd uses either the invoking user's user ID -or the root UID (that is, 0), depending on whether the device name was -specified by the user or the system administrator. If the device name -comes from a privileged source, that is, /etc/ppp/options or an -options file read using the \fIcall\fR option, pppd uses full root -privileges when opening the device. Thus, by creating an appropriate -file under /etc/ppp/peers, the system administrator can allow users to -establish a ppp connection via a device which they would not normally -have permission to access. Otherwise pppd uses the invoking user's -real UID when opening the device. -.SH AUTHENTICATION -Authentication is the process whereby one peer convinces the other of -its identity. This involves the first peer sending its name to the -other, together with some kind of secret information which could only -come from the genuine authorized user of that name. In such an -exchange, we will call the first peer the "client" and the other the -"server". The client has a name by which it identifies itself to the -server, and the server also has a name by which it identifies itself -to the client. Generally the genuine client shares some secret (or -password) with the server, and authenticates itself by proving that it -knows that secret. Very often, the names used for authentication -correspond to the internet hostnames of the peers, but this is not -essential. -.LP -At present, pppd supports three authentication protocols: the Password -Authentication Protocol (PAP), Challenge Handshake Authentication -Protocol (CHAP), and Extensible Authentication Protocol (EAP). PAP -involves the client sending its name and a cleartext password to the -server to authenticate itself. In contrast, the server initiates the -CHAP authentication exchange by sending a challenge to the client (the -challenge packet includes the server's name). The client must respond -with a response which includes its name plus a hash value derived from -the shared secret and the challenge, in order to prove that it knows -the secret. EAP supports CHAP-style authentication, and also includes -the SRP\-SHA1 mechanism, which is resistant to dictionary-based attacks -and does not require a cleartext password on the server side. -.LP -The PPP protocol, being symmetrical, allows both peers to require the -other to authenticate itself. In that case, two separate and -independent authentication exchanges will occur. The two exchanges -could use different authentication protocols, and in principle, -different names could be used in the two exchanges. -.LP -The default behaviour of pppd is to agree to authenticate if -requested, and to not require authentication from the peer. However, -pppd will not agree to authenticate itself with a particular protocol -if it has no secrets which could be used to do so. -.LP -Pppd stores secrets for use in authentication in secrets -files (/etc/ppp/pap\-secrets for PAP, /etc/ppp/chap\-secrets for CHAP, -MS\-CHAP, MS\-CHAPv2, and EAP MD5-Challenge, and /etc/ppp/srp\-secrets -for EAP SRP\-SHA1). -All secrets files have the same format. The secrets files can -contain secrets for pppd to use in authenticating itself to other -systems, as well as secrets for pppd to use when authenticating other -systems to itself. -.LP -Each line in a secrets file contains one secret. A given secret is -specific to a particular combination of client and server - it can -only be used by that client to authenticate itself to that server. -Thus each line in a secrets file has at least 3 fields: the name of -the client, the name of the server, and the secret. These fields may -be followed by a list of the IP addresses that the specified client -may use when connecting to the specified server. -.LP -A secrets file is parsed into words as for a options file, so the -client name, server name and secrets fields must each be one word, -with any embedded spaces or other special characters quoted or -escaped. Note that case is significant in the client and server names -and in the secret. -.LP -If the secret starts with an `@', what follows is assumed to be the -name of a file from which to read the secret. A "*" as the client or -server name matches any name. When selecting a secret, pppd takes the -best match, i.e. the match with the fewest wildcards. -.LP -Any following words on the same line are taken to be a list of -acceptable IP addresses for that client. If there are only 3 words on -the line, or if the first word is "\-", then all IP addresses are -disallowed. To allow any address, use "*". A word starting with "!" -indicates that the specified address is \fInot\fR acceptable. An -address may be followed by "/" and a number \fIn\fR, to indicate a -whole subnet, i.e. all addresses which have the same value in the most -significant \fIn\fR bits. In this form, the address may be followed -by a plus sign ("+") to indicate that one address from the subnet is -authorized, based on the ppp network interface unit number in use. -In this case, the host part of the address will be set to the unit -number plus one. -.LP -Thus a secrets file contains both secrets for use in authenticating -other hosts, plus secrets which we use for authenticating ourselves to -others. When pppd is authenticating the peer (checking the peer's -identity), it chooses a secret with the peer's name in the first -field and the name of the local system in the second field. The -name of the local system defaults to the hostname, with the domain -name appended if the \fIdomain\fR option is used. This default can be -overridden with the \fIname\fR option, except when the -\fIusehostname\fR option is used. (For EAP SRP\-SHA1, see the -srp\-entry(8) utility for generating proper validator entries to be -used in the "secret" field.) -.LP -When pppd is choosing a secret to use in authenticating itself to the -peer, it first determines what name it is going to use to identify -itself to the peer. This name can be specified by the user with the -\fIuser\fR option. If this option is not used, the name defaults to -the name of the local system, determined as described in the previous -paragraph. Then pppd looks for a secret with this name in the first -field and the peer's name in the second field. Pppd will know the -name of the peer if CHAP or EAP authentication is being used, because -the peer will have sent it in the challenge packet. However, if PAP -is being used, pppd will have to determine the peer's name from the -options specified by the user. The user can specify the peer's name -directly with the \fIremotename\fR option. Otherwise, if the remote -IP address was specified by a name (rather than in numeric form), that -name will be used as the peer's name. Failing that, pppd will use the -null string as the peer's name. -.LP -When authenticating the peer with PAP, the supplied password is first -compared with the secret from the secrets file. If the password -doesn't match the secret, the password is encrypted using crypt() and -checked against the secret again. Thus secrets for authenticating the -peer can be stored in encrypted form if desired. If the -\fIpapcrypt\fR option is given, the first (unencrypted) comparison is -omitted, for better security. -.LP -Furthermore, if the \fIlogin\fR option was specified, the username and -password are also checked against the system password database. Thus, -the system administrator can set up the pap\-secrets file to allow PPP -access only to certain users, and to restrict the set of IP addresses -that each user can use. Typically, when using the \fIlogin\fR option, -the secret in /etc/ppp/pap\-secrets would be "", which will match any -password supplied by the peer. This avoids the need to have the same -secret in two places. -.LP -Authentication must be satisfactorily completed before IPCP (or any -other Network Control Protocol) can be started. If the peer is -required to authenticate itself, and fails to do so, pppd will -terminated the link (by closing LCP). If IPCP negotiates an -unacceptable IP address for the remote host, IPCP will be closed. IP -packets can only be sent or received when IPCP is open. -.LP -In some cases it is desirable to allow some hosts which can't -authenticate themselves to connect and use one of a restricted set of -IP addresses, even when the local host generally requires -authentication. If the peer refuses to authenticate itself when -requested, pppd takes that as equivalent to authenticating with PAP -using the empty string for the username and password. Thus, by adding -a line to the pap\-secrets file which specifies the empty string for -the client and password, it is possible to allow restricted access to -hosts which refuse to authenticate themselves. -.SH ROUTING -.LP -When IPCP negotiation is completed successfully, pppd will inform the -kernel of the local and remote IP addresses for the ppp interface. -This is sufficient to create a host route to the remote end of the -link, which will enable the peers to exchange IP packets. -Communication with other machines generally requires further -modification to routing tables and/or ARP (Address Resolution -Protocol) tables. In most cases the \fIdefaultroute\fR and/or -\fIproxyarp\fR options are sufficient for this, but in some cases -further intervention is required. The /etc/ppp/ip\-up script can be -used for this. -.LP -Sometimes it is desirable to add a default route through the remote -host, as in the case of a machine whose only connection to the -Internet is through the ppp interface. The \fIdefaultroute\fR option -causes pppd to create such a default route when IPCP comes up, and -delete it when the link is terminated. -.LP -In some cases it is desirable to use proxy ARP, for example on a -server machine connected to a LAN, in order to allow other hosts to -communicate with the remote host. The \fIproxyarp\fR option causes -pppd to look for a network interface on the same subnet as the remote -host (an interface supporting broadcast and ARP, which is up and not a -point-to-point or loopback interface). If found, pppd creates a -permanent, published ARP entry with the IP address of the remote host -and the hardware address of the network interface found. -.LP -When the \fIdemand\fR option is used, the interface IP addresses have -already been set at the point when IPCP comes up. If pppd has not -been able to negotiate the same addresses that it used to configure -the interface (for example when the peer is an ISP that uses dynamic -IP address assignment), pppd has to change the interface IP addresses -to the negotiated addresses. This may disrupt existing connections, -and the use of demand dialling with peers that do dynamic IP address -assignment is not recommended. -.SH MULTILINK -Multilink PPP provides the capability to combine two or more PPP links -between a pair of machines into a single `bundle', which appears as a -single virtual PPP link which has the combined bandwidth of the -individual links. Currently, multilink PPP is only supported under -Linux. -.LP -Pppd detects that the link it is controlling is connected to the same -peer as another link using the peer's endpoint discriminator and the -authenticated identity of the peer (if it authenticates itself). The -endpoint discriminator is a block of data which is hopefully unique -for each peer. Several types of data can be used, including -locally-assigned strings of bytes, IP addresses, MAC addresses, -randomly strings of bytes, or E\-164 phone numbers. The endpoint -discriminator sent to the peer by pppd can be set using the endpoint -option. -.LP -In some circumstances the peer may send no endpoint discriminator or a -non-unique value. The bundle option adds an extra string which is -added to the peer's endpoint discriminator and authenticated identity -when matching up links to be joined together in a bundle. The bundle -option can also be used to allow the establishment of multiple bundles -between the local system and the peer. Pppd uses a TDB database in -/var/run/pppd2.tdb to match up links. -.LP -Assuming that multilink is enabled and the peer is willing to -negotiate multilink, then when pppd is invoked to bring up the first -link to the peer, it will detect that no other link is connected to -the peer and create a new bundle, that is, another ppp network -interface unit. When another pppd is invoked to bring up another link -to the peer, it will detect the existing bundle and join its link to -it. -.LP -If the first link terminates (for example, because of a hangup or a -received LCP terminate-request) the bundle is not destroyed unless -there are no other links remaining in the bundle. Rather than -exiting, the first pppd keeps running after its link terminates, until -all the links in the bundle have terminated. If the first pppd -receives a SIGTERM or SIGINT signal, it will destroy the bundle and -send a SIGHUP to the pppd processes for each of the links in the -bundle. If the first pppd receives a SIGHUP signal, it will terminate -its link but not the bundle. -.LP -Note: demand mode is not currently supported with multilink. -.SH EXAMPLES -.LP -The following examples assume that the /etc/ppp/options file contains -the \fIauth\fR option (as in the default /etc/ppp/options file in the -ppp distribution). -.LP -Probably the most common use of pppd is to dial out to an ISP. This -can be done with a command such as -.IP -pppd call isp -.LP -where the /etc/ppp/peers/isp file is set up by the system -administrator to contain something like this: -.IP -ttyS0 19200 crtscts -.br -connect '/usr/sbin/chat \-v \-f /etc/ppp/chat\-isp' -.br -noauth -.LP -In this example, we are using chat to dial the ISP's modem and go -through any logon sequence required. The /etc/ppp/chat\-isp file -contains the script used by chat; it could for example contain -something like this: -.IP -ABORT "NO CARRIER" -.br -ABORT "NO DIALTONE" -.br -ABORT "ERROR" -.br -ABORT "NO ANSWER" -.br -ABORT "BUSY" -.br -ABORT "Username/Password Incorrect" -.br -"" "at" -.br -OK "at&d0&c1" -.br -OK "atdt2468135" -.br -"name:" "^Umyuserid" -.br -"word:" "\\qmypassword" -.br -"ispts" "\\q^Uppp" -.br -"~\-^Uppp\-~" -.LP -See the chat(8) man page for details of chat scripts. -.LP -Pppd can also be used to provide a dial-in ppp service for users. If -the users already have login accounts, the simplest way to set up the -ppp service is to let the users log in to their accounts and run pppd -(installed setuid-root) with a command such as -.IP -pppd proxyarp -.LP -To allow a user to use the PPP facilities, you need to allocate an IP -address for that user's machine and create an entry in -/etc/ppp/pap\-secrets, /etc/ppp/chap\-secrets, or /etc/ppp/srp\-secrets -(depending on which authentication method the PPP implementation on -the user's machine supports), so that the user's machine can -authenticate itself. For example, if Joe has a machine called -"joespc" that is to be allowed to dial in to the machine called -"server" and use the IP address joespc.my.net, you would add an entry -like this to /etc/ppp/pap\-secrets or /etc/ppp/chap\-secrets: -.IP -joespc server "joe's secret" joespc.my.net -.LP -(See srp\-entry(8) for a means to generate the server's entry when -SRP\-SHA1 is in use.) -Alternatively, you can create a username called (for example) "ppp", -whose login shell is pppd and whose home directory is /etc/ppp. -Options to be used when pppd is run this way can be put in -/etc/ppp/.ppprc. -.LP -If your serial connection is any more complicated than a piece of -wire, you may need to arrange for some control characters to be -escaped. In particular, it is often useful to escape XON (^Q) and -XOFF (^S), using \fIasyncmap a0000\fR. If the path includes a telnet, -you probably should escape ^] as well (\fIasyncmap 200a0000\fR). If -the path includes an rlogin, you will need to use the \fIescape ff\fR -option on the end which is running the rlogin client, since many -rlogin implementations are not transparent; they will remove the -sequence [0xff, 0xff, 0x73, 0x73, followed by any 8 bytes] from the -stream. -.SH DIAGNOSTICS -.LP -Messages are sent to the syslog daemon using facility LOG_DAEMON. -(This can be overridden by recompiling pppd with the macro -LOG_PPP defined as the desired facility.) See the syslog(8) -documentation for details of where the syslog daemon will write the -messages. On most systems, the syslog daemon uses the -/etc/syslog.conf file to specify the destination(s) for syslog -messages. You may need to edit that file to suit. -.LP -The \fIdebug\fR option causes the contents of all control packets sent -or received to be logged, that is, all LCP, PAP, CHAP, EAP, or IPCP packets. -This can be useful if the PPP negotiation does not succeed or if -authentication fails. -If debugging is enabled at compile time, the \fIdebug\fR option also -causes other debugging messages to be logged. -.LP -Debugging can also be enabled or disabled by sending a SIGUSR1 signal -to the pppd process. This signal acts as a toggle. -.SH EXIT STATUS -The exit status of pppd is set to indicate whether any error was -detected, or the reason for the link being terminated. The values -used are: -.TP -.B 0 -Pppd has detached, or otherwise the connection was successfully -established and terminated at the peer's request. -.TP -.B 1 -An immediately fatal error of some kind occurred, such as an essential -system call failing, or running out of virtual memory. -.TP -.B 2 -An error was detected in processing the options given, such as two -mutually exclusive options being used. -.TP -.B 3 -Pppd is not setuid-root and the invoking user is not root. -.TP -.B 4 -The kernel does not support PPP, for example, the PPP kernel driver is -not included or cannot be loaded. -.TP -.B 5 -Pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP -signal. -.TP -.B 6 -The serial port could not be locked. -.TP -.B 7 -The serial port could not be opened. -.TP -.B 8 -The connect script failed (returned a non-zero exit status). -.TP -.B 9 -The command specified as the argument to the \fIpty\fR option could -not be run. -.TP -.B 10 -The PPP negotiation failed, that is, it didn't reach the point where -at least one network protocol (e.g. IP) was running. -.TP -.B 11 -The peer system failed (or refused) to authenticate itself. -.TP -.B 12 -The link was established successfully and terminated because it was -idle. -.TP -.B 13 -The link was established successfully and terminated because the -connect time limit was reached. -.TP -.B 14 -Callback was negotiated and an incoming call should arrive shortly. -.TP -.B 15 -The link was terminated because the peer is not responding to echo -requests. -.TP -.B 16 -The link was terminated by the modem hanging up. -.TP -.B 17 -The PPP negotiation failed because serial loopback was detected. -.TP -.B 18 -The init script failed (returned a non-zero exit status). -.TP -.B 19 -We failed to authenticate ourselves to the peer. -.SH SCRIPTS -Pppd invokes scripts at various stages in its processing which can be -used to perform site-specific ancillary processing. These scripts are -usually shell scripts, but could be executable code files instead. -Pppd does not wait for the scripts to finish. The scripts are -executed as root (with the real and effective user-id set to 0), so -that they can do things such as update routing tables or run -privileged daemons. Be careful that the contents of these scripts do -not compromise your system's security. Pppd runs the scripts with -standard input, output and error redirected to /dev/null, and with an -environment that is empty except for some environment variables that -give information about the link. The environment variables that pppd -sets are: -.TP -.B DEVICE -The name of the serial tty device being used. -.TP -.B IFNAME -The name of the network interface being used. -.TP -.B IPLOCAL -The IP address for the local end of the link. This is only set when -IPCP has come up. -.TP -.B IPREMOTE -The IP address for the remote end of the link. This is only set when -IPCP has come up. -.TP -.B PEERNAME -The authenticated name of the peer. This is only set if the peer -authenticates itself. -.TP -.B SPEED -The baud rate of the tty device. -.TP -.B ORIG_UID -The real user-id of the user who invoked pppd. -.TP -.B PPPLOGNAME -The username of the real user-id that invoked pppd. This is always set. -.P -For the ip-down and auth-down scripts, pppd also sets the following -variables giving statistics for the connection: -.TP -.B CONNECT_TIME -The number of seconds from when the PPP negotiation started until the -connection was terminated. -.TP -.B BYTES_SENT -The number of bytes sent (at the level of the serial port) during the -connection. -.TP -.B BYTES_RCVD -The number of bytes received (at the level of the serial port) during -the connection. -.TP -.B LINKNAME -The logical name of the link, set with the \fIlinkname\fR option. -.TP -.B DNS1 -If the peer supplies DNS server addresses, this variable is set to the -first DNS server address supplied. -.TP -.B DNS2 -If the peer supplies DNS server addresses, this variable is set to the -second DNS server address supplied. -.P -Pppd invokes the following scripts, if they exist. It is not an error -if they don't exist. -.TP -.B /etc/ppp/auth\-up -A program or script which is executed after the remote system -successfully authenticates itself. It is executed with the parameters -.IP -\fIinterface\-name peer\-name user\-name tty\-device speed\fR -.IP -Note that this script is not executed if the peer doesn't authenticate -itself, for example when the \fInoauth\fR option is used. -.TP -.B /etc/ppp/auth\-down -A program or script which is executed when the link goes down, if -/etc/ppp/auth\-up was previously executed. It is executed in the same -manner with the same parameters as /etc/ppp/auth\-up. -.TP -.B /etc/ppp/ip\-up -A program or script which is executed when the link is available for -sending and receiving IP packets (that is, IPCP has come up). It is -executed with the parameters -.IP -\fIinterface\-name tty\-device speed local\-IP\-address -remote\-IP\-address ipparam\fR -.TP -.B /etc/ppp/ip\-down -A program or script which is executed when the link is no longer -available for sending and receiving IP packets. This script can be -used for undoing the effects of the /etc/ppp/ip\-up script. It is -invoked in the same manner and with the same parameters as the ip\-up -script. -.TP -.B /etc/ppp/ipv6\-up -Like /etc/ppp/ip\-up, except that it is executed when the link is available -for sending and receiving IPv6 packets. It is executed with the parameters -.IP -\fIinterface\-name tty\-device speed local\-link\-local\-address -remote\-link\-local\-address ipparam\fR -.TP -.B /etc/ppp/ipv6\-down -Similar to /etc/ppp/ip\-down, but it is executed when IPv6 packets can no -longer be transmitted on the link. It is executed with the same parameters -as the ipv6\-up script. -.TP -.B /etc/ppp/ipx\-up -A program or script which is executed when the link is available for -sending and receiving IPX packets (that is, IPXCP has come up). It is -executed with the parameters -.IP -\fIinterface\-name tty\-device speed network\-number local\-IPX\-node\-address -remote\-IPX\-node\-address local\-IPX\-routing\-protocol remote\-IPX\-routing\-protocol -local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR -.IP -The local\-IPX\-routing\-protocol and remote\-IPX\-routing\-protocol field -may be one of the following: -.IP -NONE to indicate that there is no routing protocol -.br -RIP to indicate that RIP/SAP should be used -.br -NLSP to indicate that Novell NLSP should be used -.br -RIP NLSP to indicate that both RIP/SAP and NLSP should be used -.TP -.B /etc/ppp/ipx\-down -A program or script which is executed when the link is no longer -available for sending and receiving IPX packets. This script can be -used for undoing the effects of the /etc/ppp/ipx\-up script. It is -invoked in the same manner and with the same parameters as the ipx\-up -script. -.SH FILES -.TP -.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) -Process-ID for pppd process on ppp interface unit \fIn\fR. -.TP -.B /var/run/ppp\-\fIname\fB.pid \fR(BSD or Linux), -\fB/etc/ppp/ppp\-\fIname\fB.pid \fR(others) -Process-ID for pppd process for logical link \fIname\fR (see the -\fIlinkname\fR option). -.TP -.B /var/run/pppd2.tdb -Database containing information about pppd processes, interfaces and -links, used for matching links to bundles in multilink operation. May -be examined by external programs to obtain information about running -pppd instances, the interfaces and devices they are using, IP address -assignments, etc. -.B /etc/ppp/pap\-secrets -Usernames, passwords and IP addresses for PAP authentication. This -file should be owned by root and not readable or writable by any other -user. Pppd will log a warning if this is not the case. -.TP -.B /etc/ppp/chap\-secrets -Names, secrets and IP addresses for CHAP/MS\-CHAP/MS\-CHAPv2 authentication. -As for /etc/ppp/pap\-secrets, this file should be owned by root and not -readable or writable by any other user. Pppd will log a warning if -this is not the case. -.TP -.B /etc/ppp/srp\-secrets -Names, secrets, and IP addresses for EAP authentication. As for -/etc/ppp/pap\-secrets, this file should be owned by root and not -readable or writable by any other user. Pppd will log a warning if -this is not the case. -.TP -.B ~/.ppp_pseudonym -Saved client-side SRP\-SHA1 pseudonym. See the \fIsrp\-use\-pseudonym\fR -option for details. -.TP -.B /etc/ppp/options -System default options for pppd, read before user default options or -command-line options. -.TP -.B ~/.ppprc -User default options, read before /etc/ppp/options.\fIttyname\fR. -.TP -.B /etc/ppp/options.\fIttyname -System default options for the serial port being used, read after -~/.ppprc. In forming the \fIttyname\fR part of this -filename, an initial /dev/ is stripped from the port name (if -present), and any slashes in the remaining part are converted to -dots. -.TP -.B /etc/ppp/peers -A directory containing options files which may contain privileged -options, even if pppd was invoked by a user other than root. The -system administrator can create options files in this directory to -permit non-privileged users to dial out without requiring the peer to -authenticate, but only to certain trusted peers. -.SH SEE ALSO -.TP -.B RFC1144 -Jacobson, V. -\fICompressing TCP/IP headers for low-speed serial links.\fR -February 1990. -.TP -.B RFC1321 -Rivest, R. -.I The MD5 Message-Digest Algorithm. -April 1992. -.TP -.B RFC1332 -McGregor, G. -.I PPP Internet Protocol Control Protocol (IPCP). -May 1992. -.TP -.B RFC1334 -Lloyd, B.; Simpson, W.A. -.I PPP authentication protocols. -October 1992. -.TP -.B RFC1661 -Simpson, W.A. -.I The Point-to-Point Protocol (PPP). -July 1994. -.TP -.B RFC1662 -Simpson, W.A. -.I PPP in HDLC-like Framing. -July 1994. -.TP -.B RFC2284 -Blunk, L.; Vollbrecht, J., -.I PPP Extensible Authentication Protocol (EAP). -March 1998. -.TP -.B RFC2472 -Haskin, D. -.I IP Version 6 over PPP -December 1998. -.TP -.B RFC2945 -Wu, T., -.I The SRP Authentication and Key Exchange System -September 2000. -.TP -.B draft\-ietf\-pppext\-eap\-srp\-03.txt -Carlson, J.; et al., -.I EAP SRP\-SHA1 Authentication Protocol. -July 2001. -.SH NOTES -Some limited degree of control can be exercised over a running pppd -process by sending it a signal from the list below. -.TP -.B SIGINT, SIGTERM -These signals cause pppd to terminate the link (by closing LCP), -restore the serial device settings, and exit. -.TP -.B SIGHUP -This signal causes pppd to terminate the link, restore the serial -device settings, and close the serial device. If the \fIpersist\fR or -\fIdemand\fR option has been specified, pppd will try to reopen the -serial device and start another connection (after the holdoff period). -Otherwise pppd will exit. If this signal is received during the -holdoff period, it causes pppd to end the holdoff period immediately. -.TP -.B SIGUSR1 -This signal toggles the state of the \fIdebug\fR option. -.TP -.B SIGUSR2 -This signal causes pppd to renegotiate compression. This can be -useful to re-enable compression after it has been disabled as a result -of a fatal decompression error. (Fatal decompression errors generally -indicate a bug in one or other implementation.) - -.SH AUTHORS -Paul Mackerras (paulus@samba.org), based on earlier work by -Drew Perkins, -Brad Clements, -Karl Fox, -Greg Christy, -and -Brad Parker. - -.SH COPYRIGHT -Pppd is copyrighted and made available under conditions which provide -that it may be copied and used in source or binary forms provided that -the conditions listed below are met. Portions of pppd are covered by -the following copyright notices: -.LP -Copyright (c) 1984-2000 Carnegie Mellon University. All rights -reserved. -.br -Copyright (c) 1993-2004 Paul Mackerras. All rights reserved. -.br -Copyright (c) 1995 Pedro Roque Marques. All rights reserved. -.br -Copyright (c) 1995 Eric Rosenquist. All rights reserved. -.br -Copyright (c) 1999 Tommi Komulainen. All rights reserved. -.br -Copyright (C) Andrew Tridgell 1999 -.br -Copyright (c) 2000 by Sun Microsystems, Inc. All rights reserved. -.br -Copyright (c) 2001 by Sun Microsystems, Inc. All rights reserved. -.br -Copyright (c) 2002 The Android Open Source Project -.LP -The copyright notices contain the following statements. -.LP -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -.LP -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -.LP -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. -.LP -3. The name "Carnegie Mellon University" must not be used to - endorse or promote products derived from this software without - prior written permission. For permission or any legal - details, please contact -.br - Office of Technology Transfer -.br - Carnegie Mellon University -.br - 5000 Forbes Avenue -.br - Pittsburgh, PA 15213-3890 -.br - (412) 268-4387, fax: (412) 268-7395 -.br - tech-transfer@andrew.cmu.edu -.LP -3b. The name(s) of the authors of this software must not be used to - endorse or promote products derived from this software without - prior written permission. -.LP -4. Redistributions of any form whatsoever must retain the following - acknowledgments: -.br - "This product includes software developed by Computing Services - at Carnegie Mellon University (http://www.cmu.edu/computing/)." -.br - "This product includes software developed by Paul Mackerras - ". -.br - "This product includes software developed by Pedro Roque Marques - ". -.br - "This product includes software developed by Tommi Komulainen - ". -.LP -CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE -FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.LP -THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/pppd/pppd.h b/pppd/pppd.h deleted file mode 100644 index 4c18d3d..0000000 --- a/pppd/pppd.h +++ /dev/null @@ -1,905 +0,0 @@ -/* - * pppd.h - PPP daemon global declarations. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: pppd.h,v 1.88 2004/11/13 12:02:22 paulus Exp $ - */ - -/* - * TODO: - */ - -#ifndef __PPPD_H__ -#define __PPPD_H__ - -#include /* for FILE */ -#include /* for NGROUPS_MAX */ -#include /* for MAXPATHLEN and BSD4_4, if defined */ -#include /* for u_int32_t, if defined */ -#include /* for struct timeval */ -#include -#include "patchlevel.h" - -#if defined(__STDC__) -#include -#define __V(x) x -#else -#include -#define __V(x) (va_alist) va_dcl -#define const -#define volatile -#endif - -#ifdef INET6 -#include "eui64.h" -#endif - -/* - * Limits. - */ - -#define NUM_PPP 1 /* One PPP interface supported (per process) */ -#define MAXWORDLEN 1024 /* max length of word in file (incl null) */ -#define MAXARGS 1 /* max # args to a command */ -#define MAXNAMELEN 256 /* max length of hostname or name for auth */ -#define MAXSECRETLEN 256 /* max length of password or secret */ - -/* - * Option descriptor structure. - */ - -typedef unsigned char bool; - -enum opt_type { - o_special_noarg = 0, - o_special = 1, - o_bool, - o_int, - o_uint32, - o_string, - o_wild -}; - -typedef struct { - char *name; /* name of the option */ - enum opt_type type; - void *addr; - char *description; - unsigned int flags; - void *addr2; - int upper_limit; - int lower_limit; - const char *source; - short int priority; - short int winner; -} option_t; - -/* Values for flags */ -#define OPT_VALUE 0xff /* mask for presupplied value */ -#define OPT_HEX 0x100 /* int option is in hex */ -#define OPT_NOARG 0x200 /* option doesn't take argument */ -#define OPT_OR 0x400 /* OR in argument to value */ -#define OPT_INC 0x800 /* increment value */ -#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */ -#define OPT_PRIV 0x1000 /* privileged option */ -#define OPT_STATIC 0x2000 /* string option goes into static array */ -#define OPT_LLIMIT 0x4000 /* check value against lower limit */ -#define OPT_ULIMIT 0x8000 /* check value against upper limit */ -#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT) -#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */ -#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */ -#define OPT_A2LIST 0x10000 /* for o_special, keep list of values */ -#define OPT_A2CLRB 0x10000 /* o_bool, clr val bits in *(u_char *)addr2 */ -#define OPT_NOINCR 0x20000 /* value mustn't be increased */ -#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */ -#define OPT_PRIO 0x80000 /* process option priorities for this option */ -#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */ -#define OPT_ALIAS 0x200000 /* option is alias for previous option */ -#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */ -#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */ -#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */ -#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */ -#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */ -#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */ -#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV) -#define OPT_A2PRINTER 0x10000000 /* *addr2 is a fn for printing option */ -#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */ -#define OPT_NOPRINT 0x40000000 /* don't print this option at all */ - -#define OPT_VAL(x) ((x) & OPT_VALUE) - -/* Values for priority */ -#define OPRIO_DEFAULT 0 /* a default value */ -#define OPRIO_CFGFILE 1 /* value from a configuration file */ -#define OPRIO_CMDLINE 2 /* value from the command line */ -#define OPRIO_SECFILE 3 /* value from options in a secrets file */ -#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */ - -#ifndef GIDSET_TYPE -#define GIDSET_TYPE gid_t -#endif - -/* Structure representing a list of permitted IP addresses. */ -struct permitted_ip { - int permit; /* 1 = permit, 0 = forbid */ - u_int32_t base; /* match if (addr & mask) == base */ - u_int32_t mask; /* base and mask are in network byte order */ -}; - -/* - * Unfortunately, the linux kernel driver uses a different structure - * for statistics from the rest of the ports. - * This structure serves as a common representation for the bits - * pppd needs. - */ -struct pppd_stats { - unsigned int bytes_in; - unsigned int bytes_out; - unsigned int pkts_in; - unsigned int pkts_out; -}; - -/* Used for storing a sequence of words. Usually malloced. */ -struct wordlist { - struct wordlist *next; - char *word; -}; - -/* An endpoint discriminator, used with multilink. */ -#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */ -struct epdisc { - unsigned char class; - unsigned char length; - unsigned char value[MAX_ENDP_LEN]; -}; - -/* values for epdisc.class */ -#define EPD_NULL 0 /* null discriminator, no data */ -#define EPD_LOCAL 1 -#define EPD_IP 2 -#define EPD_MAC 3 -#define EPD_MAGIC 4 -#define EPD_PHONENUM 5 - -typedef void (*notify_func) __P((void *, int)); - -struct notifier { - struct notifier *next; - notify_func func; - void *arg; -}; - -/* - * Global variables. - */ - -extern int hungup; /* Physical layer has disconnected */ -extern int ifunit; /* Interface unit number */ -extern char ifname[]; /* Interface name */ -extern char hostname[]; /* Our hostname */ -extern u_char outpacket_buf[]; /* Buffer for outgoing packets */ -extern int devfd; /* fd of underlying device */ -extern int fd_ppp; /* fd for talking PPP */ -extern int phase; /* Current state of link - see values below */ -extern int baud_rate; /* Current link speed in bits/sec */ -extern char *progname; /* Name of this program */ -extern int redirect_stderr;/* Connector's stderr should go to file */ -extern char peer_authname[];/* Authenticated name of peer */ -extern int auth_done[NUM_PPP]; /* Methods actually used for auth */ -extern int privileged; /* We were run by real-uid root */ -extern int need_holdoff; /* Need holdoff period after link terminates */ -extern char **script_env; /* Environment variables for scripts */ -extern int detached; /* Have detached from controlling tty */ -extern GIDSET_TYPE groups[NGROUPS_MAX]; /* groups the user is in */ -extern int ngroups; /* How many groups valid in groups */ -extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */ -extern int link_stats_valid; /* set if link_stats is valid */ -extern unsigned link_connect_time; /* time the link was up for */ -extern int using_pty; /* using pty as device (notty or pty opt.) */ -extern int log_to_fd; /* logging to this fd as well as syslog */ -extern bool log_default; /* log_to_fd is default (stdout) */ -extern char *no_ppp_msg; /* message to print if ppp not in kernel */ -extern volatile int status; /* exit status for pppd */ -extern bool devnam_fixed; /* can no longer change devnam */ -extern int unsuccess; /* # unsuccessful connection attempts */ -extern int do_callback; /* set if we want to do callback next */ -extern int doing_callback; /* set if this is a callback */ -extern int error_count; /* # of times error() has been called */ -extern char ppp_devnam[MAXPATHLEN]; -extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */ -extern int ppp_session_number; /* Session number (eg PPPoE session) */ -extern int fd_devnull; /* fd open to /dev/null */ - -extern int listen_time; /* time to listen first (ms) */ -extern bool doing_multilink; -extern bool multilink_master; -extern bool bundle_eof; -extern bool bundle_terminating; - -extern struct notifier *pidchange; /* for notifications of pid changing */ -extern struct notifier *phasechange; /* for notifications of phase changes */ -extern struct notifier *exitnotify; /* for notification that we're exiting */ -extern struct notifier *sigreceived; /* notification of received signal */ -extern struct notifier *ip_up_notifier; /* IPCP has come up */ -extern struct notifier *ip_down_notifier; /* IPCP has gone down */ -extern struct notifier *auth_up_notifier; /* peer has authenticated */ -extern struct notifier *link_down_notifier; /* link has gone down */ -extern struct notifier *fork_notifier; /* we are a new child process */ - -/* Values for do_callback and doing_callback */ -#define CALLBACK_DIALIN 1 /* we are expecting the call back */ -#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */ - -/* - * Variables set by command-line options. - */ - -extern int debug; /* Debug flag */ -extern int kdebugflag; /* Tell kernel to print debug messages */ -extern int default_device; /* Using /dev/tty or equivalent */ -extern char devnam[MAXPATHLEN]; /* Device name */ -extern int crtscts; /* Use hardware flow control */ -extern bool modem; /* Use modem control lines */ -extern int inspeed; /* Input/Output speed requested */ -extern u_int32_t netmask; /* IP netmask to set on interface */ -extern bool lockflag; /* Create lock file to lock the serial dev */ -extern bool nodetach; /* Don't detach from controlling tty */ -extern bool updetach; /* Detach from controlling tty when link up */ -extern char *initializer; /* Script to initialize physical link */ -extern char *connect_script; /* Script to establish physical link */ -extern char *disconnect_script; /* Script to disestablish physical link */ -extern char *welcomer; /* Script to welcome client after connection */ -extern char *ptycommand; /* Command to run on other side of pty */ -extern int maxconnect; /* Maximum connect time (seconds) */ -extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */ -extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */ -extern bool auth_required; /* Peer is required to authenticate */ -extern bool persist; /* Reopen link after it goes down */ -extern bool uselogin; /* Use /etc/passwd for checking PAP */ -extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */ -extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ -extern bool explicit_remote;/* remote_name specified with remotename opt */ -extern bool demand; /* Do dial-on-demand */ -extern char *ipparam; /* Extra parameter for ip up/down scripts */ -extern bool cryptpap; /* Others' PAP passwords are encrypted */ -extern int idle_time_limit;/* Shut down link if idle for this long */ -extern int holdoff; /* Dead time before restarting */ -extern bool holdoff_specified; /* true if user gave a holdoff value */ -extern bool notty; /* Stdin/out is not a tty */ -extern char *pty_socket; /* Socket to connect to pty */ -extern char *record_file; /* File to record chars sent/received */ -extern bool sync_serial; /* Device is synchronous serial device */ -extern int maxfail; /* Max # of unsuccessful connection attempts */ -extern char linkname[MAXPATHLEN]; /* logical name for link */ -extern bool tune_kernel; /* May alter kernel settings as necessary */ -extern int connect_delay; /* Time to delay after connect script */ -extern int max_data_rate; /* max bytes/sec through charshunt */ -extern int req_unit; /* interface unit number to use */ -extern bool multilink; /* enable multilink operation */ -extern bool noendpoint; /* don't send or accept endpt. discrim. */ -extern char *bundle_name; /* bundle name for multilink */ -extern bool dump_options; /* print out option values */ -extern bool dryrun; /* check everything, print options, exit */ -extern int child_wait; /* # seconds to wait for children at end */ - -#ifdef MAXOCTETS -extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ -extern int maxoctets_dir; /* Direction : - 0 - in+out (default) - 1 - in - 2 - out - 3 - max(in,out) */ -extern int maxoctets_timeout; /* Timeout for check of octets limit */ -#define PPP_OCTETS_DIRECTION_SUM 0 -#define PPP_OCTETS_DIRECTION_IN 1 -#define PPP_OCTETS_DIRECTION_OUT 2 -#define PPP_OCTETS_DIRECTION_MAXOVERAL 3 -/* same as previos, but little different on RADIUS side */ -#define PPP_OCTETS_DIRECTION_MAXSESSION 4 -#endif - -#ifdef PPP_FILTER -extern struct bpf_program pass_filter; /* Filter for pkts to pass */ -extern struct bpf_program active_filter; /* Filter for link-active pkts */ -#endif - -#ifdef MSLANMAN -extern bool ms_lanman; /* Use LanMan password instead of NT */ - /* Has meaning only with MS-CHAP challenges */ -#endif - -/* Values for auth_pending, auth_done */ -#define PAP_WITHPEER 0x1 -#define PAP_PEER 0x2 -#define CHAP_WITHPEER 0x4 -#define CHAP_PEER 0x8 -#define EAP_WITHPEER 0x10 -#define EAP_PEER 0x20 - -/* Values for auth_done only */ -#define CHAP_MD5_WITHPEER 0x40 -#define CHAP_MD5_PEER 0x80 -#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */ -#define CHAP_MS_WITHPEER 0x100 -#define CHAP_MS_PEER 0x200 -#define CHAP_MS2_WITHPEER 0x400 -#define CHAP_MS2_PEER 0x800 - -extern char *current_option; /* the name of the option being parsed */ -extern int privileged_option; /* set iff the current option came from root */ -extern char *option_source; /* string saying where the option came from */ -extern int option_priority; /* priority of current options */ - -/* - * Values for phase. - */ -#define PHASE_DEAD 0 -#define PHASE_INITIALIZE 1 -#define PHASE_SERIALCONN 2 -#define PHASE_DORMANT 3 -#define PHASE_ESTABLISH 4 -#define PHASE_AUTHENTICATE 5 -#define PHASE_CALLBACK 6 -#define PHASE_NETWORK 7 -#define PHASE_RUNNING 8 -#define PHASE_TERMINATE 9 -#define PHASE_DISCONNECT 10 -#define PHASE_HOLDOFF 11 -#define PHASE_MASTER 12 - -/* - * The following struct gives the addresses of procedures to call - * for a particular protocol. - */ -struct protent { - u_short protocol; /* PPP protocol number */ - /* Initialization procedure */ - void (*init) __P((int unit)); - /* Process a received packet */ - void (*input) __P((int unit, u_char *pkt, int len)); - /* Process a received protocol-reject */ - void (*protrej) __P((int unit)); - /* Lower layer has come up */ - void (*lowerup) __P((int unit)); - /* Lower layer has gone down */ - void (*lowerdown) __P((int unit)); - /* Open the protocol */ - void (*open) __P((int unit)); - /* Close the protocol */ - void (*close) __P((int unit, char *reason)); - /* Print a packet in readable form */ - int (*printpkt) __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); - /* Process a received data packet */ - void (*datainput) __P((int unit, u_char *pkt, int len)); - bool enabled_flag; /* 0 iff protocol is disabled */ - char *name; /* Text name of protocol */ - char *data_name; /* Text name of corresponding data protocol */ - option_t *options; /* List of command-line options */ - /* Check requested options, assign defaults */ - void (*check_options) __P((void)); - /* Configure interface for demand-dial */ - int (*demand_conf) __P((int unit)); - /* Say whether to bring up link for this pkt */ - int (*active_pkt) __P((u_char *pkt, int len)); -}; - -/* Table of pointers to supported protocols */ -extern struct protent *protocols[]; - -/* - * This struct contains pointers to a set of procedures for - * doing operations on a "channel". A channel provides a way - * to send and receive PPP packets - the canonical example is - * a serial port device in PPP line discipline (or equivalently - * with PPP STREAMS modules pushed onto it). - */ -struct channel { - /* set of options for this channel */ - option_t *options; - /* find and process a per-channel options file */ - void (*process_extra_options) __P((void)); - /* check all the options that have been given */ - void (*check_options) __P((void)); - /* get the channel ready to do PPP, return a file descriptor */ - int (*connect) __P((void)); - /* we're finished with the channel */ - void (*disconnect) __P((void)); - /* put the channel into PPP `mode' */ - int (*establish_ppp) __P((int)); - /* take the channel out of PPP `mode', restore loopback if demand */ - void (*disestablish_ppp) __P((int)); - /* set the transmit-side PPP parameters of the channel */ - void (*send_config) __P((int, u_int32_t, int, int)); - /* set the receive-side PPP parameters of the channel */ - void (*recv_config) __P((int, u_int32_t, int, int)); - /* cleanup on error or normal exit */ - void (*cleanup) __P((void)); - /* close the device, called in children after fork */ - void (*close) __P((void)); -}; - -extern struct channel *the_channel; - -/* - * Prototypes. - */ - -/* Procedures exported from main.c. */ -void set_ifunit __P((int)); /* set stuff that depends on ifunit */ -void detach __P((void)); /* Detach from controlling tty */ -void die __P((int)); /* Cleanup and exit */ -void quit __P((void)); /* like die(1) */ -void novm __P((char *)); /* Say we ran out of memory, and die */ -void timeout __P((void (*func)(void *), void *arg, int s, int us)); - /* Call func(arg) after s.us seconds */ -void untimeout __P((void (*func)(void *), void *arg)); - /* Cancel call to func(arg) */ -void record_child __P((int, char *, void (*) (void *), void *)); -pid_t safe_fork __P((int, int, int)); /* Fork & close stuff in child */ -int device_script __P((char *cmd, int in, int out, int dont_wait)); - /* Run `cmd' with given stdin and stdout */ -pid_t run_program __P((char *prog, char **args, int must_exist, - void (*done)(void *), void *arg)); - /* Run program prog with args in child */ -void reopen_log __P((void)); /* (re)open the connection to syslog */ -void print_link_stats __P((void)); /* Print stats, if available */ -void reset_link_stats __P((int)); /* Reset (init) stats when link goes up */ -void update_link_stats __P((int)); /* Get stats at link termination */ -void script_setenv __P((char *, char *, int)); /* set script env var */ -void script_unsetenv __P((char *)); /* unset script env var */ -void new_phase __P((int)); /* signal start of new phase */ -void add_notifier __P((struct notifier **, notify_func, void *)); -void remove_notifier __P((struct notifier **, notify_func, void *)); -void notify __P((struct notifier *, int)); -int ppp_send_config __P((int, int, u_int32_t, int, int)); -int ppp_recv_config __P((int, int, u_int32_t, int, int)); -void remove_pidfiles __P((void)); -void lock_db __P((void)); -void unlock_db __P((void)); - -/* Procedures exported from tty.c. */ -void tty_init __P((void)); - -/* Procedures exported from utils.c. */ -void log_packet __P((u_char *, int, char *, int)); - /* Format a packet and log it with syslog */ -void print_string __P((char *, int, void (*) (void *, char *, ...), - void *)); /* Format a string for output */ -int slprintf __P((char *, int, char *, ...)); /* sprintf++ */ -int vslprintf __P((char *, int, char *, va_list)); /* vsprintf++ */ -size_t strlcpy __P((char *, const char *, size_t)); /* safe strcpy */ -size_t strlcat __P((char *, const char *, size_t)); /* safe strncpy */ -void dbglog __P((char *, ...)); /* log a debug message */ -void info __P((char *, ...)); /* log an informational message */ -void notice __P((char *, ...)); /* log a notice-level message */ -void warn __P((char *, ...)); /* log a warning message */ -void error __P((char *, ...)); /* log an error message */ -void fatal __P((char *, ...)); /* log an error message and die(1) */ -void init_pr_log __P((char *, int)); /* initialize for using pr_log */ -void pr_log __P((void *, char *, ...)); /* printer fn, output to syslog */ -void end_pr_log __P((void)); /* finish up after using pr_log */ -void dump_packet __P((const char *, u_char *, int)); - /* dump packet to debug log if interesting */ -ssize_t complete_read __P((int, void *, size_t)); - /* read a complete buffer */ - -/* Procedures exported from auth.c */ -void link_required __P((int)); /* we are starting to use the link */ -void link_terminated __P((int)); /* we are finished with the link */ -void link_down __P((int)); /* the LCP layer has left the Opened state */ -void upper_layers_down __P((int));/* take all NCPs down */ -void link_established __P((int)); /* the link is up; authenticate now */ -void start_networks __P((int)); /* start all the network control protos */ -void continue_networks __P((int)); /* start network [ip, etc] control protos */ -void np_up __P((int, int)); /* a network protocol has come up */ -void np_down __P((int, int)); /* a network protocol has gone down */ -void np_finished __P((int, int)); /* a network protocol no longer needs link */ -void auth_peer_fail __P((int, int)); - /* peer failed to authenticate itself */ -void auth_peer_success __P((int, int, int, char *, int)); - /* peer successfully authenticated itself */ -void auth_withpeer_fail __P((int, int)); - /* we failed to authenticate ourselves */ -void auth_withpeer_success __P((int, int, int)); - /* we successfully authenticated ourselves */ -void auth_check_options __P((void)); - /* check authentication options supplied */ -void auth_reset __P((int)); /* check what secrets we have */ -int check_passwd __P((int, char *, int, char *, int, char **)); - /* Check peer-supplied username/password */ -int get_secret __P((int, char *, char *, char *, int *, int)); - /* get "secret" for chap */ -int get_srp_secret __P((int unit, char *client, char *server, char *secret, - int am_server)); -int auth_ip_addr __P((int, u_int32_t)); - /* check if IP address is authorized */ -int auth_number __P((void)); /* check if remote number is authorized */ -int bad_ip_adrs __P((u_int32_t)); - /* check if IP address is unreasonable */ - -/* Procedures exported from demand.c */ -void demand_conf __P((void)); /* config interface(s) for demand-dial */ -void demand_block __P((void)); /* set all NPs to queue up packets */ -void demand_unblock __P((void)); /* set all NPs to pass packets */ -void demand_discard __P((void)); /* set all NPs to discard packets */ -void demand_rexmit __P((int)); /* retransmit saved frames for an NP */ -int loop_chars __P((unsigned char *, int)); /* process chars from loopback */ -int loop_frame __P((unsigned char *, int)); /* should we bring link up? */ - -/* Procedures exported from multilink.c */ -#ifdef HAVE_MULTILINK -void mp_check_options __P((void)); /* Check multilink-related options */ -int mp_join_bundle __P((void)); /* join our link to an appropriate bundle */ -void mp_exit_bundle __P((void)); /* have disconnected our link from bundle */ -void mp_bundle_terminated __P((void)); -char *epdisc_to_str __P((struct epdisc *)); /* string from endpoint discrim. */ -int str_to_epdisc __P((struct epdisc *, char *)); /* endpt disc. from str */ -#else -#define mp_bundle_terminated() /* nothing */ -#define mp_exit_bundle() /* nothing */ -#define doing_multilink 0 -#define multilink_master 0 -#endif - -/* Procedures exported from sys-*.c */ -void sys_init __P((void)); /* Do system-dependent initialization */ -void sys_cleanup __P((void)); /* Restore system state before exiting */ -int sys_check_options __P((void)); /* Check options specified */ -void sys_close __P((void)); /* Clean up in a child before execing */ -int ppp_available __P((void)); /* Test whether ppp kernel support exists */ -int get_pty __P((int *, int *, char *, int)); /* Get pty master/slave */ -int open_ppp_loopback __P((void)); /* Open loopback for demand-dialling */ -int tty_establish_ppp __P((int)); /* Turn serial port into a ppp interface */ -void tty_disestablish_ppp __P((int)); /* Restore port to normal operation */ -void generic_disestablish_ppp __P((int dev_fd)); /* Restore device setting */ -int generic_establish_ppp __P((int dev_fd)); /* Make a ppp interface */ -void make_new_bundle __P((int, int, int, int)); /* Create new bundle */ -int bundle_attach __P((int)); /* Attach link to existing bundle */ -void cfg_bundle __P((int, int, int, int)); /* Configure existing bundle */ -void destroy_bundle __P((void)); /* Tell driver to destroy bundle */ -void clean_check __P((void)); /* Check if line was 8-bit clean */ -void set_up_tty __P((int, int)); /* Set up port's speed, parameters, etc. */ -void restore_tty __P((int)); /* Restore port's original parameters */ -void setdtr __P((int, int)); /* Raise or lower port's DTR line */ -void output __P((int, u_char *, int)); /* Output a PPP packet */ -void wait_input __P((struct timeval *)); - /* Wait for input, with timeout */ -void add_fd __P((int)); /* Add fd to set to wait for */ -void remove_fd __P((int)); /* Remove fd from set to wait for */ -int read_packet __P((u_char *)); /* Read PPP packet */ -int get_loop_output __P((void)); /* Read pkts from loopback */ -void tty_send_config __P((int, u_int32_t, int, int)); - /* Configure i/f transmit parameters */ -void tty_set_xaccm __P((ext_accm)); - /* Set extended transmit ACCM */ -void tty_recv_config __P((int, u_int32_t, int, int)); - /* Configure i/f receive parameters */ -int ccp_test __P((int, u_char *, int, int)); - /* Test support for compression scheme */ -void ccp_flags_set __P((int, int, int)); - /* Set kernel CCP state */ -int ccp_fatal_error __P((int)); /* Test for fatal decomp error in kernel */ -int get_idle_time __P((int, struct ppp_idle *)); - /* Find out how long link has been idle */ -int get_ppp_stats __P((int, struct pppd_stats *)); - /* Return link statistics */ -void netif_set_mtu __P((int, int)); /* Set PPP interface MTU */ -int netif_get_mtu __P((int)); /* Get PPP interface MTU */ -int sifvjcomp __P((int, int, int, int)); - /* Configure VJ TCP header compression */ -int sifup __P((int)); /* Configure i/f up for one protocol */ -int sifnpmode __P((int u, int proto, enum NPmode mode)); - /* Set mode for handling packets for proto */ -int sifdown __P((int)); /* Configure i/f down for one protocol */ -int sifaddr __P((int, u_int32_t, u_int32_t, u_int32_t)); - /* Configure IPv4 addresses for i/f */ -int cifaddr __P((int, u_int32_t, u_int32_t)); - /* Reset i/f IP addresses */ -#ifdef INET6 -int sif6addr __P((int, eui64_t, eui64_t)); - /* Configure IPv6 addresses for i/f */ -int cif6addr __P((int, eui64_t, eui64_t)); - /* Remove an IPv6 address from i/f */ -#endif -int sifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Create default route through i/f */ -int cifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Delete default route through i/f */ -int sifproxyarp __P((int, u_int32_t)); - /* Add proxy ARP entry for peer */ -int cifproxyarp __P((int, u_int32_t)); - /* Delete proxy ARP entry for peer */ -u_int32_t GetMask __P((u_int32_t)); /* Get appropriate netmask for address */ -int lock __P((char *)); /* Create lock file for device */ -int relock __P((int)); /* Rewrite lock file with new pid */ -void unlock __P((void)); /* Delete previously-created lock file */ -void logwtmp __P((const char *, const char *, const char *)); - /* Write entry to wtmp file */ -int get_host_seed __P((void)); /* Get host-dependent random number seed */ -int have_route_to __P((u_int32_t)); /* Check if route to addr exists */ -#ifdef PPP_FILTER -int set_filters __P((struct bpf_program *pass, struct bpf_program *active)); - /* Set filter programs in kernel */ -#endif -#ifdef IPX_CHANGE -int sipxfaddr __P((int, unsigned long, unsigned char *)); -int cipxfaddr __P((int)); -#endif -int get_if_hwaddr __P((u_char *addr, char *name)); -char *get_first_ethernet __P((void)); - -/* Procedures exported from options.c */ -int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */ -int parse_args __P((int argc, char **argv)); - /* Parse options from arguments given */ -int options_from_file __P((char *filename, int must_exist, int check_prot, - int privileged)); - /* Parse options from an options file */ -int options_from_user __P((void)); /* Parse options from user's .ppprc */ -int options_for_tty __P((void)); /* Parse options from /etc/ppp/options.tty */ -int options_from_list __P((struct wordlist *, int privileged)); - /* Parse options from a wordlist */ -int getword __P((FILE *f, char *word, int *newlinep, char *filename)); - /* Read a word from a file */ -void option_error __P((char *fmt, ...)); - /* Print an error message about an option */ -int int_option __P((char *, int *)); - /* Simplified number_option for decimal ints */ -void add_options __P((option_t *)); /* Add extra options */ -void check_options __P((void)); /* check values after all options parsed */ -int override_value __P((const char *, int, const char *)); - /* override value if permitted by priority */ -void print_options __P((void (*) __P((void *, char *, ...)), void *)); - /* print out values of all options */ - -int parse_dotted_ip __P((char *, u_int32_t *)); - -/* - * Hooks to enable plugins to change various things. - */ -extern int (*new_phase_hook) __P((int)); -extern int (*idle_time_hook) __P((struct ppp_idle *)); -extern int (*holdoff_hook) __P((void)); -extern int (*pap_check_hook) __P((void)); -extern int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, - struct wordlist **paddrs, - struct wordlist **popts)); -extern void (*pap_logout_hook) __P((void)); -extern int (*pap_passwd_hook) __P((char *user, char *passwd)); -extern int (*allowed_address_hook) __P((u_int32_t addr)); -extern void (*ip_up_hook) __P((void)); -extern void (*ip_down_hook) __P((void)); -extern void (*ip_choose_hook) __P((u_int32_t *)); - -extern int (*chap_check_hook) __P((void)); -extern int (*chap_passwd_hook) __P((char *user, char *passwd)); - -/* Let a plugin snoop sent and received packets. Useful for L2TP */ -extern void (*snoop_recv_hook) __P((unsigned char *p, int len)); -extern void (*snoop_send_hook) __P((unsigned char *p, int len)); - -/* - * Inline versions of get/put char/short/long. - * Pointer is advanced; we assume that both arguments - * are lvalues and will already be in registers. - * cp MUST be u_char *. - */ -#define GETCHAR(c, cp) { \ - (c) = *(cp)++; \ -} -#define PUTCHAR(c, cp) { \ - *(cp)++ = (u_char) (c); \ -} - - -#define GETSHORT(s, cp) { \ - (s) = *(cp)++ << 8; \ - (s) |= *(cp)++; \ -} -#define PUTSHORT(s, cp) { \ - *(cp)++ = (u_char) ((s) >> 8); \ - *(cp)++ = (u_char) (s); \ -} - -#define GETLONG(l, cp) { \ - (l) = *(cp)++ << 8; \ - (l) |= *(cp)++; (l) <<= 8; \ - (l) |= *(cp)++; (l) <<= 8; \ - (l) |= *(cp)++; \ -} -#define PUTLONG(l, cp) { \ - *(cp)++ = (u_char) ((l) >> 24); \ - *(cp)++ = (u_char) ((l) >> 16); \ - *(cp)++ = (u_char) ((l) >> 8); \ - *(cp)++ = (u_char) (l); \ -} - -#define INCPTR(n, cp) ((cp) += (n)) -#define DECPTR(n, cp) ((cp) -= (n)) - -/* - * System dependent definitions for user-level 4.3BSD UNIX implementation. - */ - -#define TIMEOUT(r, f, t) timeout((r), (f), (t), 0) -#define UNTIMEOUT(r, f) untimeout((r), (f)) - -#define BCOPY(s, d, l) memcpy(d, s, l) -#define BZERO(s, n) memset(s, 0, n) -#define BCMP(s1, s2, l) memcmp(s1, s2, l) - -#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); } - -/* - * MAKEHEADER - Add Header fields to a packet. - */ -#define MAKEHEADER(p, t) { \ - PUTCHAR(PPP_ALLSTATIONS, p); \ - PUTCHAR(PPP_UI, p); \ - PUTSHORT(t, p); } - -/* - * Exit status values. - */ -#define EXIT_OK 0 -#define EXIT_FATAL_ERROR 1 -#define EXIT_OPTION_ERROR 2 -#define EXIT_NOT_ROOT 3 -#define EXIT_NO_KERNEL_SUPPORT 4 -#define EXIT_USER_REQUEST 5 -#define EXIT_LOCK_FAILED 6 -#define EXIT_OPEN_FAILED 7 -#define EXIT_CONNECT_FAILED 8 -#define EXIT_PTYCMD_FAILED 9 -#define EXIT_NEGOTIATION_FAILED 10 -#define EXIT_PEER_AUTH_FAILED 11 -#define EXIT_IDLE_TIMEOUT 12 -#define EXIT_CONNECT_TIME 13 -#define EXIT_CALLBACK 14 -#define EXIT_PEER_DEAD 15 -#define EXIT_HANGUP 16 -#define EXIT_LOOPBACK 17 -#define EXIT_INIT_FAILED 18 -#define EXIT_AUTH_TOPEER_FAILED 19 -#ifdef MAXOCTETS -#define EXIT_TRAFFIC_LIMIT 20 -#endif -#define EXIT_CNID_AUTH_FAILED 21 - -/* - * Debug macros. Slightly useful for finding bugs in pppd, not particularly - * useful for finding out why your connection isn't being established. - */ -#ifdef DEBUGALL -#define DEBUGMAIN 1 -#define DEBUGFSM 1 -#define DEBUGLCP 1 -#define DEBUGIPCP 1 -#define DEBUGIPV6CP 1 -#define DEBUGUPAP 1 -#define DEBUGCHAP 1 -#endif - -#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */ -#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \ - || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \ - || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP) -#define LOG_PPP LOG_LOCAL2 -#else -#define LOG_PPP LOG_DAEMON -#endif -#endif /* LOG_PPP */ - -#ifdef DEBUGMAIN -#define MAINDEBUG(x) if (debug) dbglog x -#else -#define MAINDEBUG(x) -#endif - -#ifdef DEBUGSYS -#define SYSDEBUG(x) if (debug) dbglog x -#else -#define SYSDEBUG(x) -#endif - -#ifdef DEBUGFSM -#define FSMDEBUG(x) if (debug) dbglog x -#else -#define FSMDEBUG(x) -#endif - -#ifdef DEBUGLCP -#define LCPDEBUG(x) if (debug) dbglog x -#else -#define LCPDEBUG(x) -#endif - -#ifdef DEBUGIPCP -#define IPCPDEBUG(x) if (debug) dbglog x -#else -#define IPCPDEBUG(x) -#endif - -#ifdef DEBUGIPV6CP -#define IPV6CPDEBUG(x) if (debug) dbglog x -#else -#define IPV6CPDEBUG(x) -#endif - -#ifdef DEBUGUPAP -#define UPAPDEBUG(x) if (debug) dbglog x -#else -#define UPAPDEBUG(x) -#endif - -#ifdef DEBUGCHAP -#define CHAPDEBUG(x) if (debug) dbglog x -#else -#define CHAPDEBUG(x) -#endif - -#ifdef DEBUGIPXCP -#define IPXCPDEBUG(x) if (debug) dbglog x -#else -#define IPXCPDEBUG(x) -#endif - -#ifndef SIGTYPE -#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) -#define SIGTYPE void -#else -#define SIGTYPE int -#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */ -#endif /* SIGTYPE */ - -#ifndef MIN -#define MIN(a, b) ((a) < (b)? (a): (b)) -#endif -#ifndef MAX -#define MAX(a, b) ((a) > (b)? (a): (b)) -#endif - -#ifndef offsetof -#define offsetof(type, member) ((size_t) &((type *)0)->member) -#endif - -#endif /* __PPP_H__ */ diff --git a/pppd/sha1.c b/pppd/sha1.c deleted file mode 100644 index da142f1..0000000 --- a/pppd/sha1.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c - * - * SHA-1 in C - * By Steve Reid - * 100% Public Domain - * - * Test Vectors (from FIPS PUB 180-1) - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F - */ - -/* #define SHA1HANDSOFF * Copies data before messing with it. */ - -#include -#include /* htonl() */ -#include "sha1.h" - -static void -SHA1_Transform(u_int32_t[5], const unsigned char[64]); - -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -#define blk0(i) (block->l[i] = htonl(block->l[i])) -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ - ^block->l[(i+2)&15]^block->l[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - - -/* Hash a single 512-bit block. This is the core of the algorithm. */ - -static void -SHA1_Transform(u_int32_t state[5], const unsigned char buffer[64]) -{ - u_int32_t a, b, c, d, e; - typedef union { - unsigned char c[64]; - u_int32_t l[16]; - } CHAR64LONG16; - CHAR64LONG16 *block; - -#ifdef SHA1HANDSOFF - static unsigned char workspace[64]; - block = (CHAR64LONG16 *) workspace; - memcpy(block, buffer, 64); -#else - block = (CHAR64LONG16 *) buffer; -#endif - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; -} - - -/* SHA1Init - Initialize new context */ - -void -SHA1_Init(SHA1_CTX *context) -{ - /* SHA1 initialization constants */ - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; - context->count[0] = context->count[1] = 0; -} - - -/* Run your data through this. */ - -void -SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len) -{ - unsigned int i, j; - - j = (context->count[0] >> 3) & 63; - if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; - context->count[1] += (len >> 29); - if ((j + len) > 63) { - memcpy(&context->buffer[j], data, (i = 64-j)); - SHA1_Transform(context->state, context->buffer); - for ( ; i + 63 < len; i += 64) { - SHA1_Transform(context->state, &data[i]); - } - j = 0; - } - else - i = 0; - - memcpy(&context->buffer[j], &data[i], len - i); -} - - -/* Add padding and return the message digest. */ - -void -SHA1_Final(unsigned char digest[20], SHA1_CTX *context) -{ - u_int32_t i, j; - unsigned char finalcount[8]; - - for (i = 0; i < 8; i++) { - finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] - >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ - } - SHA1_Update(context, (unsigned char *) "\200", 1); - while ((context->count[0] & 504) != 448) { - SHA1_Update(context, (unsigned char *) "\0", 1); - } - SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ - for (i = 0; i < 20; i++) { - digest[i] = (unsigned char) - ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } - /* Wipe variables */ - i = j = 0; - memset(context->buffer, 0, 64); - memset(context->state, 0, 20); - memset(context->count, 0, 8); - memset(&finalcount, 0, 8); -#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ - SHA1Transform(context->state, context->buffer); -#endif -} - diff --git a/pppd/sha1.h b/pppd/sha1.h deleted file mode 100644 index 83f64df..0000000 --- a/pppd/sha1.h +++ /dev/null @@ -1,31 +0,0 @@ -/* sha1.h */ - -/* If OpenSSL is in use, then use that version of SHA-1 */ -#ifdef OPENSSL -#include -#define __SHA1_INCLUDE_ -#endif - -#ifndef __SHA1_INCLUDE_ - -#ifndef SHA1_SIGNATURE_SIZE -#ifdef SHA_DIGESTSIZE -#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE -#else -#define SHA1_SIGNATURE_SIZE 20 -#endif -#endif - -typedef struct { - u_int32_t state[5]; - u_int32_t count[2]; - unsigned char buffer[64]; -} SHA1_CTX; - -extern void SHA1_Init(SHA1_CTX *); -extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int); -extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *); - -#define __SHA1_INCLUDE_ -#endif /* __SHA1_INCLUDE_ */ - diff --git a/pppd/spinlock.c b/pppd/spinlock.c deleted file mode 100644 index 4df7e47..0000000 --- a/pppd/spinlock.c +++ /dev/null @@ -1,473 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - trivial database library - - Copyright (C) Anton Blanchard 2001 - - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -*/ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "tdb.h" -#include "spinlock.h" - -#define DEBUG - -#ifdef USE_SPINLOCKS - -/* - * ARCH SPECIFIC - */ - -#if defined(SPARC_SPINLOCKS) - -static inline int __spin_trylock(spinlock_t *lock) -{ - unsigned int result; - - asm volatile("ldstub [%1], %0" - : "=r" (result) - : "r" (lock) - : "memory"); - - return (result == 0) ? 0 : EBUSY; -} - -static inline void __spin_unlock(spinlock_t *lock) -{ - asm volatile("":::"memory"); - *lock = 0; -} - -static inline void __spin_lock_init(spinlock_t *lock) -{ - *lock = 0; -} - -static inline int __spin_is_locked(spinlock_t *lock) -{ - return (*lock != 0); -} - -#elif defined(POWERPC_SPINLOCKS) - -static inline int __spin_trylock(spinlock_t *lock) -{ - unsigned int result; - - __asm__ __volatile__( -"1: lwarx %0,0,%1\n\ - cmpwi 0,%0,0\n\ - li %0,0\n\ - bne- 2f\n\ - li %0,1\n\ - stwcx. %0,0,%1\n\ - bne- 1b\n\ - isync\n\ -2:" : "=&r"(result) - : "r"(lock) - : "cr0", "memory"); - - return (result == 1) ? 0 : EBUSY; -} - -static inline void __spin_unlock(spinlock_t *lock) -{ - asm volatile("eieio":::"memory"); - *lock = 0; -} - -static inline void __spin_lock_init(spinlock_t *lock) -{ - *lock = 0; -} - -static inline int __spin_is_locked(spinlock_t *lock) -{ - return (*lock != 0); -} - -#elif defined(INTEL_SPINLOCKS) - -static inline int __spin_trylock(spinlock_t *lock) -{ - int oldval; - - asm volatile("xchgl %0,%1" - : "=r" (oldval), "=m" (*lock) - : "0" (0) - : "memory"); - - return oldval > 0 ? 0 : EBUSY; -} - -static inline void __spin_unlock(spinlock_t *lock) -{ - asm volatile("":::"memory"); - *lock = 1; -} - -static inline void __spin_lock_init(spinlock_t *lock) -{ - *lock = 1; -} - -static inline int __spin_is_locked(spinlock_t *lock) -{ - return (*lock != 1); -} - -#elif defined(MIPS_SPINLOCKS) && defined(sgi) && (_COMPILER_VERSION >= 730) - -/* Implement spinlocks on IRIX using the MIPSPro atomic fetch operations. See - * sync(3) for the details of the intrinsic operations. - * - * "sgi" and "_COMPILER_VERSION" are always defined by MIPSPro. - */ - -#ifdef STANDALONE - -/* MIPSPro 7.3 has "__inline" as an extension, but not "inline. */ -#define inline __inline - -#endif /* STANDALONE */ - -/* Returns 0 if the lock is acquired, EBUSY otherwise. */ -static inline int __spin_trylock(spinlock_t *lock) -{ - unsigned int val; - val = __lock_test_and_set(lock, 1); - return val == 0 ? 0 : EBUSY; -} - -static inline void __spin_unlock(spinlock_t *lock) -{ - __lock_release(lock); -} - -static inline void __spin_lock_init(spinlock_t *lock) -{ - __lock_release(lock); -} - -/* Returns 1 if the lock is held, 0 otherwise. */ -static inline int __spin_is_locked(spinlock_t *lock) -{ - unsigned int val; - val = __add_and_fetch(lock, 0); - return val; -} - -#elif defined(MIPS_SPINLOCKS) - -static inline unsigned int load_linked(unsigned long addr) -{ - unsigned int res; - - __asm__ __volatile__("ll\t%0,(%1)" - : "=r" (res) - : "r" (addr)); - - return res; -} - -static inline unsigned int store_conditional(unsigned long addr, unsigned int value) -{ - unsigned int res; - - __asm__ __volatile__("sc\t%0,(%2)" - : "=r" (res) - : "0" (value), "r" (addr)); - return res; -} - -static inline int __spin_trylock(spinlock_t *lock) -{ - unsigned int mw; - - do { - mw = load_linked(lock); - if (mw) - return EBUSY; - } while (!store_conditional(lock, 1)); - - asm volatile("":::"memory"); - - return 0; -} - -static inline void __spin_unlock(spinlock_t *lock) -{ - asm volatile("":::"memory"); - *lock = 0; -} - -static inline void __spin_lock_init(spinlock_t *lock) -{ - *lock = 0; -} - -static inline int __spin_is_locked(spinlock_t *lock) -{ - return (*lock != 0); -} - -#else -#error Need to implement spinlock code in spinlock.c -#endif - -/* - * OS SPECIFIC - */ - -static void yield_cpu(void) -{ - struct timespec tm; - -#ifdef USE_SCHED_YIELD - sched_yield(); -#else - /* Linux will busy loop for delays < 2ms on real time tasks */ - tm.tv_sec = 0; - tm.tv_nsec = 2000000L + 1; - nanosleep(&tm, NULL); -#endif -} - -static int this_is_smp(void) -{ -#if defined(HAVE_SYSCONF) && defined(SYSCONF_SC_NPROC_ONLN) - return (sysconf(_SC_NPROC_ONLN) > 1) ? 1 : 0; -#else - return 0; -#endif -} - -/* - * GENERIC - */ - -static int smp_machine = 0; - -static inline void __spin_lock(spinlock_t *lock) -{ - int ntries = 0; - - while(__spin_trylock(lock)) { - while(__spin_is_locked(lock)) { - if (smp_machine && ntries++ < MAX_BUSY_LOOPS) - continue; - yield_cpu(); - } - } -} - -static void __read_lock(tdb_rwlock_t *rwlock) -{ - int ntries = 0; - - while(1) { - __spin_lock(&rwlock->lock); - - if (!(rwlock->count & RWLOCK_BIAS)) { - rwlock->count++; - __spin_unlock(&rwlock->lock); - return; - } - - __spin_unlock(&rwlock->lock); - - while(rwlock->count & RWLOCK_BIAS) { - if (smp_machine && ntries++ < MAX_BUSY_LOOPS) - continue; - yield_cpu(); - } - } -} - -static void __write_lock(tdb_rwlock_t *rwlock) -{ - int ntries = 0; - - while(1) { - __spin_lock(&rwlock->lock); - - if (rwlock->count == 0) { - rwlock->count |= RWLOCK_BIAS; - __spin_unlock(&rwlock->lock); - return; - } - - __spin_unlock(&rwlock->lock); - - while(rwlock->count != 0) { - if (smp_machine && ntries++ < MAX_BUSY_LOOPS) - continue; - yield_cpu(); - } - } -} - -static void __write_unlock(tdb_rwlock_t *rwlock) -{ - __spin_lock(&rwlock->lock); - -#ifdef DEBUG - if (!(rwlock->count & RWLOCK_BIAS)) - fprintf(stderr, "bug: write_unlock\n"); -#endif - - rwlock->count &= ~RWLOCK_BIAS; - __spin_unlock(&rwlock->lock); -} - -static void __read_unlock(tdb_rwlock_t *rwlock) -{ - __spin_lock(&rwlock->lock); - -#ifdef DEBUG - if (!rwlock->count) - fprintf(stderr, "bug: read_unlock\n"); - - if (rwlock->count & RWLOCK_BIAS) - fprintf(stderr, "bug: read_unlock\n"); -#endif - - rwlock->count--; - __spin_unlock(&rwlock->lock); -} - -/* TDB SPECIFIC */ - -/* lock a list in the database. list -1 is the alloc list */ -int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type) -{ - tdb_rwlock_t *rwlocks; - - if (!tdb->map_ptr) return -1; - rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks); - - switch(rw_type) { - case F_RDLCK: - __read_lock(&rwlocks[list+1]); - break; - - case F_WRLCK: - __write_lock(&rwlocks[list+1]); - break; - - default: - return TDB_ERRCODE(TDB_ERR_LOCK, -1); - } - return 0; -} - -/* unlock the database. */ -int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type) -{ - tdb_rwlock_t *rwlocks; - - if (!tdb->map_ptr) return -1; - rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks); - - switch(rw_type) { - case F_RDLCK: - __read_unlock(&rwlocks[list+1]); - break; - - case F_WRLCK: - __write_unlock(&rwlocks[list+1]); - break; - - default: - return TDB_ERRCODE(TDB_ERR_LOCK, -1); - } - - return 0; -} - -int tdb_create_rwlocks(int fd, unsigned int hash_size) -{ - unsigned size, i; - tdb_rwlock_t *rwlocks; - - size = TDB_SPINLOCK_SIZE(hash_size); - rwlocks = malloc(size); - if (!rwlocks) - return -1; - - for(i = 0; i < hash_size+1; i++) { - __spin_lock_init(&rwlocks[i].lock); - rwlocks[i].count = 0; - } - - /* Write it out (appending to end) */ - if (write(fd, rwlocks, size) != size) { - free(rwlocks); - return -1; - } - smp_machine = this_is_smp(); - free(rwlocks); - return 0; -} - -int tdb_clear_spinlocks(TDB_CONTEXT *tdb) -{ - tdb_rwlock_t *rwlocks; - unsigned i; - - if (tdb->header.rwlocks == 0) return 0; - if (!tdb->map_ptr) return -1; - - /* We're mmapped here */ - rwlocks = (tdb_rwlock_t *)((char *)tdb->map_ptr + tdb->header.rwlocks); - for(i = 0; i < tdb->header.hash_size+1; i++) { - __spin_lock_init(&rwlocks[i].lock); - rwlocks[i].count = 0; - } - return 0; -} -#else -int tdb_create_rwlocks(int fd, unsigned int hash_size) { return 0; } -int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type) { return -1; } -int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type) { return -1; } - -/* Non-spinlock version: remove spinlock pointer */ -int tdb_clear_spinlocks(TDB_CONTEXT *tdb) -{ - tdb_off off = (tdb_off)((char *)&tdb->header.rwlocks - - (char *)&tdb->header); - - tdb->header.rwlocks = 0; - if (lseek(tdb->fd, off, SEEK_SET) != off - || write(tdb->fd, (void *)&tdb->header.rwlocks, - sizeof(tdb->header.rwlocks)) - != sizeof(tdb->header.rwlocks)) - return -1; - return 0; -} -#endif diff --git a/pppd/spinlock.h b/pppd/spinlock.h deleted file mode 100644 index 967fe37..0000000 --- a/pppd/spinlock.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef __SPINLOCK_H__ -#define __SPINLOCK_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include "tdb.h" - -#ifdef USE_SPINLOCKS - -#define RWLOCK_BIAS 0x1000UL - -/* OS SPECIFIC */ -#define MAX_BUSY_LOOPS 1000 -#undef USE_SCHED_YIELD - -/* ARCH SPECIFIC */ -/* We should make sure these are padded to a cache line */ -#if defined(SPARC_SPINLOCKS) -typedef volatile char spinlock_t; -#elif defined(POWERPC_SPINLOCKS) -typedef volatile unsigned long spinlock_t; -#elif defined(INTEL_SPINLOCKS) -typedef volatile int spinlock_t; -#elif defined(MIPS_SPINLOCKS) -typedef volatile unsigned long spinlock_t; -#else -#error Need to implement spinlock code in spinlock.h -#endif - -typedef struct { - spinlock_t lock; - volatile int count; -} tdb_rwlock_t; - -int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type); -int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type); -int tdb_create_rwlocks(int fd, unsigned int hash_size); -int tdb_clear_spinlocks(TDB_CONTEXT *tdb); - -#define TDB_SPINLOCK_SIZE(hash_size) (((hash_size) + 1) * sizeof(tdb_rwlock_t)) - -#else /* !USE_SPINLOCKS */ -#if 0 -#define tdb_create_rwlocks(fd, hash_size) 0 -#define tdb_spinlock(tdb, list, rw_type) (-1) -#define tdb_spinunlock(tdb, list, rw_type) (-1) -#else -int tdb_spinlock(TDB_CONTEXT *tdb, int list, int rw_type); -int tdb_spinunlock(TDB_CONTEXT *tdb, int list, int rw_type); -int tdb_create_rwlocks(int fd, unsigned int hash_size); -#endif -int tdb_clear_spinlocks(TDB_CONTEXT *tdb); -#define TDB_SPINLOCK_SIZE(hash_size) 0 - -#endif - -#endif diff --git a/pppd/srp-entry.8 b/pppd/srp-entry.8 deleted file mode 100644 index 097281a..0000000 --- a/pppd/srp-entry.8 +++ /dev/null @@ -1,83 +0,0 @@ -.\" manual page [] for srp-entry -.\" $Id: srp-entry.8,v 1.2 2004/11/13 12:22:49 paulus Exp $ -.\" SH section heading -.\" SS subsection heading -.\" LP paragraph -.\" IP indented paragraph -.\" TP hanging label -.TH SRP-ENTRY 8 -.SH NAME -srp\-entry \- Generate a SRP\-SHA1 Server Entry -.SH SYNOPSIS -.B srp\-entry -[ -.I \-i index -] [ -.I clientname -] -.SH DESCRIPTION -.LP -This utility generates an entry suitable for use in the -/etc/ppp/srp\-secrets file on a PPP EAP SRP\-SHA1 authenticator -("server"). This file has the same basic layout as the other pppd(8) -authentication files, /etc/ppp/pap\-secrets and /etc/ppp/chap\-secrets. -Thus, the entry generated has at least four main fields separated by -spaces. The first field is the authenticatee ("client") name. The -second is the server name. The third is the secret. The fourth is -the allowed (or assigned) IP address for the client, and defaults to -"*". Additional fields can contain additional IP addresses or pppd -options; see pppd(8) for details. -.LP -The third field has three subfields, separated by colons. The first -subfield is the index of the modulus and generator from SRP's -/etc/tpasswd.conf. The special value 0 is used to represent the -well-known modulus and generator specified in the EAP SRP\-SHA1 draft. -The second subfield is the password validator. The third is the -password salt. These latter two values are encoded in base64 notation. -.SH OPTIONS -.TP -.I \-i -Specifies the modulus/generator index in /etc/tpasswd.conf. In order -to use this option, you will need to run the "tconf" utility from the -SRP package to generate local entries for this file. Note that if -these values are not known to the client, the client will be forced to -run time-consuming safety tests on the values used. For this reason, -using the well-known values is recommended. -.TP -.I -Specifies the client name. The password validator is a hashed -combination of the client's name and password, and both are required. -If the client name is not supplied on the command line, srp\-entry will -prompt for the client name first. -.SH FILES -.TP -.B /etc/ppp/srp\-secrets -Usernames, passwords and IP addresses for SRP authentication. This -file should be owned by root and not readable or writable by any other -user. Pppd will log a warning if this is not the case. Note that -srp\-entry does not write to this file. The user is responsible for -copying the output of srp\-entry into this file. -.TP -.B /etc/tpasswd.conf -Indexed copies of tested modulus/generator combinations; part of the -SRP package. -.SH SEE ALSO -.TP -pppd(8) -.TP -.B RFC2284 -Blunk, L., Vollbrecht, J., -.I PPP Extensible Authentication Protocol (EAP). -March 1998. -.TP -.B draft\-ietf\-pppext\-eap\-srp\-03.txt -Carlson, J., et al., -.I EAP SRP\-SHA1 Authentication Protocol. -July 2001. -.TP -.B RFC2945 -Wu, T., -.I The SRP Authentication and Key Exchange System -September 2000. -.SH AUTHOR -James Carlson (james.d.carlson@sun.com) diff --git a/pppd/srp-entry.c b/pppd/srp-entry.c deleted file mode 100644 index 8c0e297..0000000 --- a/pppd/srp-entry.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Utility program for generating entries in /etc/ppp/srp-secrets - * - * Copyright (c) 2001 by Sun Microsystems, Inc. - * All rights reserved. - * - * Non-exclusive rights to redistribute, modify, translate, and use - * this software in source and binary forms, in whole or in part, is - * hereby granted, provided that the above copyright notice is - * duplicated in any source form, and that neither the name of the - * copyright holder nor the author is used to endorse or promote - * products derived from this software. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Original version by James Carlson - * - * Usage: - * srp-entry [-i index] [clientname] - * - * Index, if supplied, is the modulus/generator index from - * /etc/tpasswd.conf. If not supplied, then the last (highest - * numbered) entry from that file is used. If the file doesn't exist, - * then the default "well known" EAP SRP-SHA1 modulus/generator is - * used. - * - * The default modulus/generator can be requested as index 0. - */ - -#include -#include -#include -#include -#include -#include - -#ifndef SOL2 -#define getpassphrase getpass -#endif - -#define HAS_SPACE 1 -#define HAS_DQUOTE 2 -#define HAS_SQUOTE 4 -#define HAS_BACKSLASH 8 - -static const u_char wkmodulus[] = { - 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, - 0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, - 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, - 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, - 0xA3, 0x73, 0x29, 0xCB, 0xB4, 0xA0, 0x99, 0xED, - 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, - 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, - 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, 0x50, - 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, - 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, - 0x66, 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, - 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, - 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, - 0xA8, 0x0D, 0x74, 0x0A, 0xDB, 0xF4, 0xFF, 0x74, - 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, - 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, - 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, 0x16, - 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, - 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, - 0x5B, 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, - 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, - 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, - 0x03, 0x2C, 0xFB, 0xDB, 0xF5, 0x2F, 0xB3, 0x78, - 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, - 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, - 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, 0xD8, - 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, - 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, - 0x94, 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, - 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, - 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, - 0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73 -}; - -static const char *myname; - -static void -usage(void) -{ - (void) fprintf(stderr, "Usage:\n\t%s [-i index] [clientname]\n", - myname); - exit(1); -} - -int -main(int argc, char **argv) -{ - struct t_conf *tc; - struct t_confent *tcent, mytce; - struct t_pw pwval; - char *name; - char pname[256]; - char *pass1, *pass2; - int flags, idx; - char *cp; - char delimit; - char strbuf[MAXB64PARAMLEN]; - char saltbuf[MAXB64SALTLEN]; - - if ((myname = *argv) == NULL) - myname = "srp-entry"; - else - argv++; - - idx = -1; - if (*argv != NULL && strcmp(*argv, "-i") == 0) { - if (*++argv == NULL) - usage(); - idx = atoi(*argv++); - } - - tcent = NULL; - if (idx != 0 && (tc = t_openconf(NULL)) != NULL) { - if (idx == -1) - tcent = t_getconflast(tc); - else - tcent = t_getconfbyindex(tc, idx); - } - if (idx <= 0 && tcent == NULL) { - mytce.index = 0; - mytce.modulus.data = (u_char *)wkmodulus; - mytce.modulus.len = sizeof (wkmodulus); - mytce.generator.data = (u_char *)"\002"; - mytce.generator.len = 1; - tcent = &mytce; - } - if (tcent == NULL) { - (void) fprintf(stderr, "SRP modulus/generator %d not found\n", - idx); - exit(1); - } - - if ((name = *argv) == NULL) { - (void) printf("Client name: "); - if (fgets(pname, sizeof (pname), stdin) == NULL) - exit(1); - if ((cp = strchr(pname, '\n')) != NULL) - *cp = '\0'; - name = pname; - } - - for (;;) { - if ((pass1 = getpassphrase("Pass phrase: ")) == NULL) - exit(1); - pass1 = strdup(pass1); - if ((pass2 = getpassphrase("Re-enter phrase: ")) == NULL) - exit(1); - if (strcmp(pass1, pass2) == 0) - break; - free(pass1); - (void) printf("Phrases don't match; try again.\n"); - } - - memset(&pwval, 0, sizeof (pwval)); - t_makepwent(&pwval, name, pass1, NULL, tcent); - flags = 0; - for (cp = name; *cp != '\0'; cp++) - if (isspace(*cp)) - flags |= HAS_SPACE; - else if (*cp == '"') - flags |= HAS_DQUOTE; - else if (*cp == '\'') - flags |= HAS_SQUOTE; - else if (*cp == '\\') - flags |= HAS_BACKSLASH; - delimit = flags == 0 ? '\0' : (flags & HAS_DQUOTE) ? '\'' : '"'; - if (delimit != '\0') - (void) putchar(delimit); - for (cp = name; *cp != '\0'; cp++) { - if (*cp == delimit || *cp == '\\') - (void) putchar('\\'); - (void) putchar(*cp); - } - if (delimit != '\0') - (void) putchar(delimit); - (void) printf(" * %d:%s:%s *\n", - pwval.pebuf.index, t_tob64(strbuf, - (char *)pwval.pebuf.password.data, pwval.pebuf.password.len), - t_tob64(saltbuf, (char *)pwval.pebuf.salt.data, - pwval.pebuf.salt.len)); - return 0; -} diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c deleted file mode 100644 index a4c43d1..0000000 --- a/pppd/sys-linux.c +++ /dev/null @@ -1,2881 +0,0 @@ -/* - * sys-linux.c - System-dependent procedures for setting up - * PPP interfaces on Linux systems - * - * Copyright (c) 1994-2004 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Derived from main.c and pppd.h, which are: - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* This is in netdevice.h. However, this compile will fail miserably if - you attempt to include netdevice.h because it has so many references - to __memcpy functions which it should not attempt to do. So, since I - really don't use it, but it must be defined, define it now. */ - -#ifndef MAX_ADDR_LEN -#define xxMAX_ADDR_LEN 7 -#endif - -#if __GLIBC__ >= 2 -#include /* glibc 2 conflicts with linux/types.h */ -#include -#include -#include -#include -#else -#include -#include -#include -#include -#include -#endif -#include -#include -#include - -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "ipcp.h" - -#ifdef IPX_CHANGE -#include "ipxcp.h" -#if __GLIBC__ >= 2 && \ - !(defined(__powerpc__) && __GLIBC__ == 2 && __GLIBC_MINOR__ == 0) -#include -#else -#include -#endif -#endif /* IPX_CHANGE */ - -#ifdef PPP_FILTER -#include -#include -#endif /* PPP_FILTER */ - -#ifdef LOCKLIB -#include -#endif - -#ifdef INET6 -#ifndef _LINUX_IN6_H -/* - * This is in linux/include/net/ipv6.h. - */ - -struct in6_ifreq { - struct in6_addr ifr6_addr; - __u32 ifr6_prefixlen; - unsigned int ifr6_ifindex; -}; -#endif - -#define IN6_LLADDR_FROM_EUI64(sin6, eui64) do { \ - memset(&sin6.s6_addr, 0, sizeof(struct in6_addr)); \ - sin6.s6_addr16[0] = htons(0xfe80); \ - eui64_copy(eui64, sin6.s6_addr32[2]); \ - } while (0) - -#endif /* INET6 */ - -/* We can get an EIO error on an ioctl if the modem has hung up */ -#define ok_error(num) ((num)==EIO) - -static int tty_disc = N_TTY; /* The TTY discipline */ -static int ppp_disc = N_PPP; /* The PPP discpline */ -static int initfdflags = -1; /* Initial file descriptor flags for fd */ -static int ppp_fd = -1; /* fd which is set to PPP discipline */ -static int sock_fd = -1; /* socket for doing interface ioctls */ -static int slave_fd = -1; /* pty for old-style demand mode, slave */ -static int master_fd = -1; /* pty for old-style demand mode, master */ -#ifdef INET6 -static int sock6_fd = -1; -#endif /* INET6 */ - -/* - * For the old-style kernel driver, this is the same as ppp_fd. - * For the new-style driver, it is the fd of an instance of /dev/ppp - * which is attached to the ppp unit and is used for controlling it. - */ -int ppp_dev_fd = -1; /* fd for /dev/ppp (new style driver) */ - -static int chindex; /* channel index (new style driver) */ - -static fd_set in_fds; /* set of fds that wait_input waits for */ -static int max_in_fd; /* highest fd set in in_fds */ - -static int has_proxy_arp = 0; -static int driver_version = 0; -static int driver_modification = 0; -static int driver_patch = 0; -static int driver_is_old = 0; -static int restore_term = 0; /* 1 => we've munged the terminal */ -static struct termios inittermios; /* Initial TTY termios */ - -int new_style_driver = 0; - -static char loop_name[20]; -static unsigned char inbuf[512]; /* buffer for chars read from loopback */ - -static int if_is_up; /* Interface has been marked up */ -static u_int32_t default_route_gateway; /* Gateway for default route added */ -static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ -static char proxy_arp_dev[16]; /* Device for proxy arp entry */ -static u_int32_t our_old_addr; /* for detecting address changes */ -static int dynaddr_set; /* 1 if ip_dynaddr set */ -static int looped; /* 1 if using loop */ -static int link_mtu; /* mtu for the link (not bundle) */ - -static struct utsname utsname; /* for the kernel version */ -static int kernel_version; -#define KVERSION(j,n,p) ((j)*1000000 + (n)*1000 + (p)) - -#define MAX_IFS 100 - -#define FLAGS_GOOD (IFF_UP | IFF_BROADCAST) -#define FLAGS_MASK (IFF_UP | IFF_BROADCAST | \ - IFF_POINTOPOINT | IFF_LOOPBACK | IFF_NOARP) - -#define SIN_ADDR(x) (((struct sockaddr_in *) (&(x)))->sin_addr.s_addr) - -/* Prototypes for procedures local to this file. */ -static int modify_flags(int fd, int clear_bits, int set_bits); -static int translate_speed (int bps); -static int baud_rate_of (int speed); -static void close_route_table (void); -static int open_route_table (void); -static int read_route_table (struct rtentry *rt); -static int defaultroute_exists (struct rtentry *rt); -static int get_ether_addr (u_int32_t ipaddr, struct sockaddr *hwaddr, - char *name, int namelen); -static void decode_version (char *buf, int *version, int *mod, int *patch); -static int set_kdebugflag(int level); -static int ppp_registered(void); -static int make_ppp_unit(void); - -extern u_char inpacket_buf[]; /* borrowed from main.c */ - -/* - * SET_SA_FAMILY - set the sa_family field of a struct sockaddr, - * if it exists. - */ - -#define SET_SA_FAMILY(addr, family) \ - memset ((char *) &(addr), '\0', sizeof(addr)); \ - addr.sa_family = (family); - -/* - * Determine if the PPP connection should still be present. - */ - -extern int hungup; - -/* new_fd is the fd of a tty */ -static void set_ppp_fd (int new_fd) -{ - ppp_fd = new_fd; - if (!new_style_driver) - ppp_dev_fd = new_fd; -} - -static int still_ppp(void) -{ - if (new_style_driver) - return !hungup && ppp_fd >= 0; - if (!hungup || ppp_fd == slave_fd) - return 1; - if (slave_fd >= 0) { - set_ppp_fd(slave_fd); - return 1; - } - return 0; -} - -/* - * modify_flags - set and clear flag bits controlling the kernel - * PPP driver. - */ -static int modify_flags(int fd, int clear_bits, int set_bits) -{ - int flags; - - if (ioctl(fd, PPPIOCGFLAGS, &flags) == -1) - goto err; - flags = (flags & ~clear_bits) | set_bits; - if (ioctl(fd, PPPIOCSFLAGS, &flags) == -1) - goto err; - - return 0; - - err: - if (errno != EIO) - error("Failed to set PPP kernel option flags: %m"); - return -1; -} - -/******************************************************************** - * - * sys_init - System-dependent initialization. - */ - -void sys_init(void) -{ - /* Get an internet socket for doing socket ioctls. */ - sock_fd = socket(AF_INET, SOCK_DGRAM, 0); - if (sock_fd < 0) - fatal("Couldn't create IP socket: %m(%d)", errno); - -#ifdef INET6 - sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (sock6_fd < 0) - sock6_fd = -errno; /* save errno for later */ -#endif - - FD_ZERO(&in_fds); - max_in_fd = 0; -} - -/******************************************************************** - * - * sys_cleanup - restore any system state we modified before exiting: - * mark the interface down, delete default route and/or proxy arp entry. - * This shouldn't call die() because it's called from die(). - */ - -void sys_cleanup(void) -{ -/* - * Take down the device - */ - if (if_is_up) { - if_is_up = 0; - sifdown(0); - } -/* - * Delete any routes through the device. - */ - if (default_route_gateway != 0) - cifdefaultroute(0, 0, default_route_gateway); - - if (has_proxy_arp) - cifproxyarp(0, proxy_arp_addr); -} - -/******************************************************************** - * - * sys_close - Clean up in a child process before execing. - */ -void -sys_close(void) -{ - if (new_style_driver && ppp_dev_fd >= 0) - close(ppp_dev_fd); - if (sock_fd >= 0) - close(sock_fd); -#ifdef INET6 - if (sock6_fd >= 0) - close(sock6_fd); -#endif - if (slave_fd >= 0) - close(slave_fd); - if (master_fd >= 0) - close(master_fd); -} - -/******************************************************************** - * - * set_kdebugflag - Define the debugging level for the kernel - */ - -static int set_kdebugflag (int requested_level) -{ - if (ppp_dev_fd < 0) - return 1; - if (ioctl(ppp_dev_fd, PPPIOCSDEBUG, &requested_level) < 0) { - if ( ! ok_error (errno) ) - error("ioctl(PPPIOCSDEBUG): %m (line %d)", __LINE__); - return (0); - } - return (1); -} - -/******************************************************************** - * - * tty_establish_ppp - Turn the serial port into a ppp interface. - */ - -int tty_establish_ppp (int tty_fd) -{ - int ret_fd; - -/* - * Ensure that the tty device is in exclusive mode. - */ - if (ioctl(tty_fd, TIOCEXCL, 0) < 0) { - if ( ! ok_error ( errno )) - warn("Couldn't make tty exclusive: %m"); - } -/* - * Demand mode - prime the old ppp device to relinquish the unit. - */ - if (!new_style_driver && looped - && ioctl(slave_fd, PPPIOCXFERUNIT, 0) < 0) { - error("ioctl(transfer ppp unit): %m, line %d", __LINE__); - return -1; - } -/* - * Set the current tty to the PPP discpline - */ - -#ifndef N_SYNC_PPP -#define N_SYNC_PPP 14 -#endif - ppp_disc = (new_style_driver && sync_serial)? N_SYNC_PPP: N_PPP; - if (ioctl(tty_fd, TIOCSETD, &ppp_disc) < 0) { - if ( ! ok_error (errno) ) { - error("Couldn't set tty to PPP discipline: %m"); - return -1; - } - } - - ret_fd = generic_establish_ppp(tty_fd); - -#define SC_RCVB (SC_RCV_B7_0 | SC_RCV_B7_1 | SC_RCV_EVNP | SC_RCV_ODDP) -#define SC_LOGB (SC_DEBUG | SC_LOG_INPKT | SC_LOG_OUTPKT | SC_LOG_RAWIN \ - | SC_LOG_FLUSH) - - if (ret_fd >= 0) { - modify_flags(ppp_fd, SC_RCVB | SC_LOGB, - (kdebugflag * SC_DEBUG) & SC_LOGB); - } else { - if (ioctl(tty_fd, TIOCSETD, &tty_disc) < 0 && !ok_error(errno)) - warn("Couldn't reset tty to normal line discipline: %m"); - } - - return ret_fd; -} - -/******************************************************************** - * - * generic_establish_ppp - Turn the fd into a ppp interface. - */ -int generic_establish_ppp (int fd) -{ - int x; - - if (new_style_driver) { - int flags; - - /* Open an instance of /dev/ppp and connect the channel to it */ - if (ioctl(fd, PPPIOCGCHAN, &chindex) == -1) { - error("Couldn't get channel number: %m"); - goto err; - } - dbglog("using channel %d", chindex); - fd = open("/dev/ppp", O_RDWR); - if (fd < 0) { - error("Couldn't reopen /dev/ppp: %m"); - goto err; - } - (void) fcntl(fd, F_SETFD, FD_CLOEXEC); - if (ioctl(fd, PPPIOCATTCHAN, &chindex) < 0) { - error("Couldn't attach to channel %d: %m", chindex); - goto err_close; - } - flags = fcntl(fd, F_GETFL); - if (flags == -1 || fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("Couldn't set /dev/ppp (channel) to nonblock: %m"); - set_ppp_fd(fd); - - if (!looped) - ifunit = -1; - if (!looped && !multilink) { - /* - * Create a new PPP unit. - */ - if (make_ppp_unit() < 0) - goto err_close; - } - - if (looped) - modify_flags(ppp_dev_fd, SC_LOOP_TRAFFIC, 0); - - if (!multilink) { - add_fd(ppp_dev_fd); - if (ioctl(fd, PPPIOCCONNECT, &ifunit) < 0) { - error("Couldn't attach to PPP unit %d: %m", ifunit); - goto err_close; - } - } - - } else { - /* - * Old-style driver: find out which interface we were given. - */ - set_ppp_fd (fd); - if (ioctl(fd, PPPIOCGUNIT, &x) < 0) { - if (ok_error (errno)) - goto err; - fatal("ioctl(PPPIOCGUNIT): %m (line %d)", __LINE__); - } - /* Check that we got the same unit again. */ - if (looped && x != ifunit) - fatal("transfer_ppp failed: wanted unit %d, got %d", ifunit, x); - ifunit = x; - - /* - * Fetch the initial file flags and reset blocking mode on the file. - */ - initfdflags = fcntl(fd, F_GETFL); - if (initfdflags == -1 || - fcntl(fd, F_SETFL, initfdflags | O_NONBLOCK) == -1) { - if ( ! ok_error (errno)) - warn("Couldn't set device to non-blocking mode: %m"); - } - } - - /* - * Enable debug in the driver if requested. - */ - if (!looped) - set_kdebugflag (kdebugflag); - - looped = 0; - - return ppp_fd; - - err_close: - close(fd); - err: - return -1; -} - -/******************************************************************** - * - * tty_disestablish_ppp - Restore the serial port to normal operation. - * This shouldn't call die() because it's called from die(). - */ - -void tty_disestablish_ppp(int tty_fd) -{ - if (!hungup) { -/* - * Flush the tty output buffer so that the TIOCSETD doesn't hang. - */ - if (tcflush(tty_fd, TCIOFLUSH) < 0) - { - warn("tcflush failed: %m"); - goto flushfailed; - } -/* - * Restore the previous line discipline - */ - if (ioctl(tty_fd, TIOCSETD, &tty_disc) < 0) { - if ( ! ok_error (errno)) - error("ioctl(TIOCSETD, N_TTY): %m (line %d)", __LINE__); - } - - if (ioctl(tty_fd, TIOCNXCL, 0) < 0) { - if ( ! ok_error (errno)) - warn("ioctl(TIOCNXCL): %m (line %d)", __LINE__); - } - - /* Reset non-blocking mode on fd. */ - if (initfdflags != -1 && fcntl(tty_fd, F_SETFL, initfdflags) < 0) { - if ( ! ok_error (errno)) - warn("Couldn't restore device fd flags: %m"); - } - } -flushfailed: - initfdflags = -1; - - generic_disestablish_ppp(tty_fd); -} - -/******************************************************************** - * - * generic_disestablish_ppp - Restore device components to normal - * operation, and reconnect the ppp unit to the loopback if in demand - * mode. This shouldn't call die() because it's called from die(). - */ -void generic_disestablish_ppp(int dev_fd) -{ - if (new_style_driver) { - close(ppp_fd); - ppp_fd = -1; - if (demand) { - modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC); - looped = 1; - } else if (!doing_multilink && ppp_dev_fd >= 0) { - close(ppp_dev_fd); - remove_fd(ppp_dev_fd); - ppp_dev_fd = -1; - } - } else { - /* old-style driver */ - if (demand) - set_ppp_fd(slave_fd); - else - ppp_dev_fd = -1; - } -} - -/* - * make_ppp_unit - make a new ppp unit for ppp_dev_fd. - * Assumes new_style_driver. - */ -static int make_ppp_unit() -{ - int x, flags; - - if (ppp_dev_fd >= 0) { - dbglog("in make_ppp_unit, already had /dev/ppp open?"); - close(ppp_dev_fd); - } - ppp_dev_fd = open("/dev/ppp", O_RDWR); - if (ppp_dev_fd < 0) - fatal("Couldn't open /dev/ppp: %m"); - flags = fcntl(ppp_dev_fd, F_GETFL); - if (flags == -1 - || fcntl(ppp_dev_fd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("Couldn't set /dev/ppp to nonblock: %m"); - - ifunit = req_unit; - x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit); - if (x < 0 && req_unit >= 0 && errno == EEXIST) { - warn("Couldn't allocate PPP unit %d as it is already in use", req_unit); - ifunit = -1; - x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit); - } - if (x < 0) - error("Couldn't create new ppp unit: %m"); - return x; -} - -/* - * cfg_bundle - configure the existing bundle. - * Used in demand mode. - */ -void cfg_bundle(int mrru, int mtru, int rssn, int tssn) -{ - if (!new_style_driver) - return; - - /* set the mrru, mtu and flags */ - if (ioctl(ppp_dev_fd, PPPIOCSMRRU, &mrru) < 0) - error("Couldn't set MRRU: %m"); - - modify_flags(ppp_dev_fd, SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ|SC_MULTILINK, - ((rssn? SC_MP_SHORTSEQ: 0) | (tssn? SC_MP_XSHORTSEQ: 0) - | (mrru? SC_MULTILINK: 0))); - - /* connect up the channel */ - if (ioctl(ppp_fd, PPPIOCCONNECT, &ifunit) < 0) - fatal("Couldn't attach to PPP unit %d: %m", ifunit); - add_fd(ppp_dev_fd); -} - -/* - * make_new_bundle - create a new PPP unit (i.e. a bundle) - * and connect our channel to it. This should only get called - * if `multilink' was set at the time establish_ppp was called. - * In demand mode this uses our existing bundle instead of making - * a new one. - */ -void make_new_bundle(int mrru, int mtru, int rssn, int tssn) -{ - if (!new_style_driver) - return; - - /* make us a ppp unit */ - if (make_ppp_unit() < 0) - die(1); - - /* set the mrru and flags */ - cfg_bundle(mrru, mtru, rssn, tssn); -} - -/* - * bundle_attach - attach our link to a given PPP unit. - * We assume the unit is controlled by another pppd. - */ -int bundle_attach(int ifnum) -{ - int master_fd; - - if (!new_style_driver) - return -1; - - master_fd = open("/dev/ppp", O_RDWR); - if (master_fd < 0) - fatal("Couldn't open /dev/ppp: %m"); - if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { - if (errno == ENXIO) { - close(master_fd); - return 0; /* doesn't still exist */ - } - fatal("Couldn't attach to interface unit %d: %m\n", ifnum); - } - if (ioctl(ppp_fd, PPPIOCCONNECT, &ifnum) < 0) - fatal("Couldn't connect to interface unit %d: %m", ifnum); - modify_flags(master_fd, 0, SC_MULTILINK); - close(master_fd); - - ifunit = ifnum; - return 1; -} - -/* - * destroy_bundle - tell the driver to destroy our bundle. - */ -void destroy_bundle(void) -{ - if (ppp_dev_fd >= 0) { - close(ppp_dev_fd); - remove_fd(ppp_dev_fd); - ppp_dev_fd = -1; - } -} - -/******************************************************************** - * - * clean_check - Fetch the flags for the device and generate - * appropriate error messages. - */ -void clean_check(void) -{ - int x; - char *s; - - if (still_ppp()) { - if (ioctl(ppp_fd, PPPIOCGFLAGS, (caddr_t) &x) == 0) { - s = NULL; - switch (~x & (SC_RCV_B7_0|SC_RCV_B7_1|SC_RCV_EVNP|SC_RCV_ODDP)) { - case SC_RCV_B7_0: - s = "all had bit 7 set to 1"; - break; - - case SC_RCV_B7_1: - s = "all had bit 7 set to 0"; - break; - - case SC_RCV_EVNP: - s = "all had odd parity"; - break; - - case SC_RCV_ODDP: - s = "all had even parity"; - break; - } - - if (s != NULL) { - warn("Receive serial link is not 8-bit clean:"); - warn("Problem: %s", s); - } - } - } -} - - -/* - * List of valid speeds. - */ - -struct speed { - int speed_int, speed_val; -} speeds[] = { -#ifdef B50 - { 50, B50 }, -#endif -#ifdef B75 - { 75, B75 }, -#endif -#ifdef B110 - { 110, B110 }, -#endif -#ifdef B134 - { 134, B134 }, -#endif -#ifdef B150 - { 150, B150 }, -#endif -#ifdef B200 - { 200, B200 }, -#endif -#ifdef B300 - { 300, B300 }, -#endif -#ifdef B600 - { 600, B600 }, -#endif -#ifdef B1200 - { 1200, B1200 }, -#endif -#ifdef B1800 - { 1800, B1800 }, -#endif -#ifdef B2000 - { 2000, B2000 }, -#endif -#ifdef B2400 - { 2400, B2400 }, -#endif -#ifdef B3600 - { 3600, B3600 }, -#endif -#ifdef B4800 - { 4800, B4800 }, -#endif -#ifdef B7200 - { 7200, B7200 }, -#endif -#ifdef B9600 - { 9600, B9600 }, -#endif -#ifdef B19200 - { 19200, B19200 }, -#endif -#ifdef B38400 - { 38400, B38400 }, -#endif -#ifdef B57600 - { 57600, B57600 }, -#endif -#ifdef B76800 - { 76800, B76800 }, -#endif -#ifdef B115200 - { 115200, B115200 }, -#endif -#ifdef EXTA - { 19200, EXTA }, -#endif -#ifdef EXTB - { 38400, EXTB }, -#endif -#ifdef B230400 - { 230400, B230400 }, -#endif -#ifdef B460800 - { 460800, B460800 }, -#endif -#ifdef B921600 - { 921600, B921600 }, -#endif - { 0, 0 } -}; - -/******************************************************************** - * - * Translate from bits/second to a speed_t. - */ - -static int translate_speed (int bps) -{ - struct speed *speedp; - - if (bps != 0) { - for (speedp = speeds; speedp->speed_int; speedp++) { - if (bps == speedp->speed_int) - return speedp->speed_val; - } - warn("speed %d not supported", bps); - } - return 0; -} - -/******************************************************************** - * - * Translate from a speed_t to bits/second. - */ - -static int baud_rate_of (int speed) -{ - struct speed *speedp; - - if (speed != 0) { - for (speedp = speeds; speedp->speed_int; speedp++) { - if (speed == speedp->speed_val) - return speedp->speed_int; - } - } - return 0; -} - -/******************************************************************** - * - * set_up_tty: Set up the serial port on `fd' for 8 bits, no parity, - * at the requested speed, etc. If `local' is true, set CLOCAL - * regardless of whether the modem option was specified. - */ - -void set_up_tty(int tty_fd, int local) -{ - int speed; - struct termios tios; - - setdtr(tty_fd, 1); - if (tcgetattr(tty_fd, &tios) < 0) { - if (!ok_error(errno)) - fatal("tcgetattr: %m (line %d)", __LINE__); - return; - } - - if (!restore_term) - inittermios = tios; - - tios.c_cflag &= ~(CSIZE | CSTOPB | PARENB | CLOCAL); - tios.c_cflag |= CS8 | CREAD | HUPCL; - - tios.c_iflag = IGNBRK | IGNPAR; - tios.c_oflag = 0; - tios.c_lflag = 0; - tios.c_cc[VMIN] = 1; - tios.c_cc[VTIME] = 0; - - if (local || !modem) - tios.c_cflag ^= (CLOCAL | HUPCL); - - switch (crtscts) { - case 1: - tios.c_cflag |= CRTSCTS; - break; - - case -2: - tios.c_iflag |= IXON | IXOFF; - tios.c_cc[VSTOP] = 0x13; /* DC3 = XOFF = ^S */ - tios.c_cc[VSTART] = 0x11; /* DC1 = XON = ^Q */ - break; - - case -1: - tios.c_cflag &= ~CRTSCTS; - break; - - default: - break; - } - - speed = translate_speed(inspeed); - if (speed) { - cfsetospeed (&tios, speed); - cfsetispeed (&tios, speed); - } -/* - * We can't proceed if the serial port speed is B0, - * since that implies that the serial port is disabled. - */ - else { - speed = cfgetospeed(&tios); - if (speed == B0) - fatal("Baud rate for %s is 0; need explicit baud rate", devnam); - } - - while (tcsetattr(tty_fd, TCSAFLUSH, &tios) < 0 && !ok_error(errno)) - if (errno != EINTR) - fatal("tcsetattr: %m (line %d)", __LINE__); - - baud_rate = baud_rate_of(speed); - restore_term = 1; -} - -/******************************************************************** - * - * setdtr - control the DTR line on the serial port. - * This is called from die(), so it shouldn't call die(). - */ - -void setdtr (int tty_fd, int on) -{ - int modembits = TIOCM_DTR; - - ioctl(tty_fd, (on ? TIOCMBIS : TIOCMBIC), &modembits); -} - -/******************************************************************** - * - * restore_tty - restore the terminal to the saved settings. - */ - -void restore_tty (int tty_fd) -{ - if (restore_term) { - restore_term = 0; -/* - * Turn off echoing, because otherwise we can get into - * a loop with the tty and the modem echoing to each other. - * We presume we are the sole user of this tty device, so - * when we close it, it will revert to its defaults anyway. - */ - if (!default_device) - inittermios.c_lflag &= ~(ECHO | ECHONL); - - if (tcsetattr(tty_fd, TCSAFLUSH, &inittermios) < 0) { - if (! ok_error (errno)) - warn("tcsetattr: %m (line %d)", __LINE__); - } - } -} - -/******************************************************************** - * - * output - Output PPP packet. - */ - -void output (int unit, unsigned char *p, int len) -{ - int fd = ppp_fd; - int proto; - - dump_packet("sent", p, len); - if (snoop_send_hook) snoop_send_hook(p, len); - - if (len < PPP_HDRLEN) - return; - if (new_style_driver) { - p += 2; - len -= 2; - proto = (p[0] << 8) + p[1]; - if (ppp_dev_fd >= 0 && !(proto >= 0xc000 || proto == PPP_CCPFRAG)) - fd = ppp_dev_fd; - } - if (write(fd, p, len) < 0) { - if (errno == EWOULDBLOCK || errno == EAGAIN || errno == ENOBUFS - || errno == ENXIO || errno == EIO || errno == EINTR) - warn("write: warning: %m (%d)", errno); - else - error("write: %m (%d)", errno); - } -} - -/******************************************************************** - * - * wait_input - wait until there is data available, - * for the length of time specified by *timo (indefinite - * if timo is NULL). - */ - -void wait_input(struct timeval *timo) -{ - fd_set ready, exc; - int n; - - ready = in_fds; - exc = in_fds; - n = select(max_in_fd + 1, &ready, NULL, &exc, timo); - if (n < 0 && errno != EINTR) - fatal("select: %m"); -} - -/* - * add_fd - add an fd to the set that wait_input waits for. - */ -void add_fd(int fd) -{ - if (fd >= FD_SETSIZE) - fatal("internal error: file descriptor too large (%d)", fd); - FD_SET(fd, &in_fds); - if (fd > max_in_fd) - max_in_fd = fd; -} - -/* - * remove_fd - remove an fd from the set that wait_input waits for. - */ -void remove_fd(int fd) -{ - FD_CLR(fd, &in_fds); -} - - -/******************************************************************** - * - * read_packet - get a PPP packet from the serial device. - */ - -int read_packet (unsigned char *buf) -{ - int len, nr; - - len = PPP_MRU + PPP_HDRLEN; - if (new_style_driver) { - *buf++ = PPP_ALLSTATIONS; - *buf++ = PPP_UI; - len -= 2; - } - nr = -1; - - if (ppp_fd >= 0) { - nr = read(ppp_fd, buf, len); - if (nr < 0 && errno != EWOULDBLOCK && errno != EAGAIN - && errno != EIO && errno != EINTR) - error("read: %m"); - if (nr < 0 && errno == ENXIO) - return 0; - } - if (nr < 0 && new_style_driver && ppp_dev_fd >= 0 && !bundle_eof) { - /* N.B. we read ppp_fd first since LCP packets come in there. */ - nr = read(ppp_dev_fd, buf, len); - if (nr < 0 && errno != EWOULDBLOCK && errno != EAGAIN - && errno != EIO && errno != EINTR) - error("read /dev/ppp: %m"); - if (nr < 0 && errno == ENXIO) - nr = 0; - if (nr == 0 && doing_multilink) { - remove_fd(ppp_dev_fd); - bundle_eof = 1; - } - } - if (new_style_driver && ppp_fd < 0 && ppp_dev_fd < 0) - nr = 0; - return (new_style_driver && nr > 0)? nr+2: nr; -} - -/******************************************************************** - * - * get_loop_output - get outgoing packets from the ppp device, - * and detect when we want to bring the real link up. - * Return value is 1 if we need to bring up the link, 0 otherwise. - */ -int -get_loop_output(void) -{ - int rv = 0; - int n; - - if (new_style_driver) { - while ((n = read_packet(inpacket_buf)) > 0) - if (loop_frame(inpacket_buf, n)) - rv = 1; - return rv; - } - - while ((n = read(master_fd, inbuf, sizeof(inbuf))) > 0) - if (loop_chars(inbuf, n)) - rv = 1; - - if (n == 0) - fatal("eof on loopback"); - - if (errno != EWOULDBLOCK && errno != EAGAIN) - fatal("read from loopback: %m(%d)", errno); - - return rv; -} - -/* - * netif_set_mtu - set the MTU on the PPP network interface. - */ -void -netif_set_mtu(int unit, int mtu) -{ - struct ifreq ifr; - - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); - ifr.ifr_mtu = mtu; - - if (ifunit >= 0 && ioctl(sock_fd, SIOCSIFMTU, (caddr_t) &ifr) < 0) - error("ioctl(SIOCSIFMTU): %m (line %d)", __LINE__); -} - -/* - * netif_get_mtu - get the MTU on the PPP network interface. - */ -int -netif_get_mtu(int unit) -{ - struct ifreq ifr; - - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); - - if (ifunit >= 0 && ioctl(sock_fd, SIOCGIFMTU, (caddr_t) &ifr) < 0) { - error("ioctl(SIOCGIFMTU): %m (line %d)", __LINE__); - return 0; - } - return ifr.ifr_mtu; -} - -/******************************************************************** - * - * tty_send_config - configure the transmit characteristics of - * the ppp interface. - */ - -void tty_send_config(int mtu, u_int32_t asyncmap, int pcomp, int accomp) -{ - int x; - - if (!still_ppp()) - return; - link_mtu = mtu; - if (ioctl(ppp_fd, PPPIOCSASYNCMAP, (caddr_t) &asyncmap) < 0) { - if (errno != EIO && errno != ENOTTY) - error("Couldn't set transmit async character map: %m"); - ++error_count; - return; - } - - x = (pcomp? SC_COMP_PROT: 0) | (accomp? SC_COMP_AC: 0) - | (sync_serial? SC_SYNC: 0); - modify_flags(ppp_fd, SC_COMP_PROT|SC_COMP_AC|SC_SYNC, x); -} - -/******************************************************************** - * - * tty_set_xaccm - set the extended transmit ACCM for the interface. - */ - -void tty_set_xaccm (ext_accm accm) -{ - if (!still_ppp()) - return; - if (ioctl(ppp_fd, PPPIOCSXASYNCMAP, accm) < 0 && errno != ENOTTY) { - if ( ! ok_error (errno)) - warn("ioctl(set extended ACCM): %m (line %d)", __LINE__); - } -} - -/******************************************************************** - * - * tty_recv_config - configure the receive-side characteristics of - * the ppp interface. - */ - -void tty_recv_config(int mru, u_int32_t asyncmap, int pcomp, int accomp) -{ -/* - * If we were called because the link has gone down then there is nothing - * which may be done. Just return without incident. - */ - if (!still_ppp()) - return; -/* - * Set the receiver parameters - */ - if (ioctl(ppp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0) { - if (errno != EIO && errno != ENOTTY) - error("Couldn't set channel receive MRU: %m"); - } - if (new_style_driver && ppp_dev_fd >= 0 - && ioctl(ppp_dev_fd, PPPIOCSMRU, (caddr_t) &mru) < 0) - error("Couldn't set MRU in generic PPP layer: %m"); - - if (ioctl(ppp_fd, PPPIOCSRASYNCMAP, (caddr_t) &asyncmap) < 0) { - if (errno != EIO && errno != ENOTTY) - error("Couldn't set channel receive asyncmap: %m"); - } -} - -/******************************************************************** - * - * ccp_test - ask kernel whether a given compression method - * is acceptable for use. - */ - -int -ccp_test(int unit, u_char *opt_ptr, int opt_len, int for_transmit) -{ - struct ppp_option_data data; - - memset (&data, '\0', sizeof (data)); - data.ptr = opt_ptr; - data.length = opt_len; - data.transmit = for_transmit; - - if (ioctl(ppp_dev_fd, PPPIOCSCOMPRESS, (caddr_t) &data) >= 0) - return 1; - - return (errno == ENOBUFS)? 0: -1; -} - -/******************************************************************** - * - * ccp_flags_set - inform kernel about the current state of CCP. - */ - -void ccp_flags_set (int unit, int isopen, int isup) -{ - int x; - - x = (isopen? SC_CCP_OPEN: 0) | (isup? SC_CCP_UP: 0); - if (still_ppp() && ppp_dev_fd >= 0) - modify_flags(ppp_dev_fd, SC_CCP_OPEN|SC_CCP_UP, x); -} - -#ifdef PPP_FILTER -/* - * set_filters - set the active and pass filters in the kernel driver. - */ -int set_filters(struct bpf_program *pass, struct bpf_program *active) -{ - struct sock_fprog fp; - - fp.len = pass->bf_len; - fp.filter = (struct sock_filter *) pass->bf_insns; - if (ioctl(ppp_dev_fd, PPPIOCSPASS, &fp) < 0) { - if (errno == ENOTTY) - warn("kernel does not support PPP filtering"); - else - error("Couldn't set pass-filter in kernel: %m"); - return 0; - } - fp.len = active->bf_len; - fp.filter = (struct sock_filter *) active->bf_insns; - if (ioctl(ppp_dev_fd, PPPIOCSACTIVE, &fp) < 0) { - error("Couldn't set active-filter in kernel: %m"); - return 0; - } - return 1; -} -#endif /* PPP_FILTER */ - -/******************************************************************** - * - * get_idle_time - return how long the link has been idle. - */ -int -get_idle_time(u, ip) - int u; - struct ppp_idle *ip; -{ - return ioctl(ppp_dev_fd, PPPIOCGIDLE, ip) >= 0; -} - -/******************************************************************** - * - * get_ppp_stats - return statistics for the link. - */ -int -get_ppp_stats(u, stats) - int u; - struct pppd_stats *stats; -{ - struct ifpppstatsreq req; - - memset (&req, 0, sizeof (req)); - - req.stats_ptr = (caddr_t) &req.stats; - strlcpy(req.ifr__name, ifname, sizeof(req.ifr__name)); - if (ioctl(sock_fd, SIOCGPPPSTATS, &req) < 0) { - error("Couldn't get PPP statistics: %m"); - return 0; - } - stats->bytes_in = req.stats.p.ppp_ibytes; - stats->bytes_out = req.stats.p.ppp_obytes; - stats->pkts_in = req.stats.p.ppp_ipackets; - stats->pkts_out = req.stats.p.ppp_opackets; - return 1; -} - -/******************************************************************** - * - * ccp_fatal_error - returns 1 if decompression was disabled as a - * result of an error detected after decompression of a packet, - * 0 otherwise. This is necessary because of patent nonsense. - */ - -int ccp_fatal_error (int unit) -{ - int flags; - - if (ioctl(ppp_dev_fd, PPPIOCGFLAGS, &flags) < 0) { - error("Couldn't read compression error flags: %m"); - flags = 0; - } - return flags & SC_DC_FERROR; -} - -/******************************************************************** - * - * path_to_procfs - find the path to the proc file system mount point - */ -static char proc_path[MAXPATHLEN]; -static int proc_path_len; - -static char *path_to_procfs(const char *tail) -{ - struct mntent *mntent; - FILE *fp; - - if (proc_path_len == 0) { - /* Default the mount location of /proc */ - strlcpy (proc_path, "/proc", sizeof(proc_path)); - proc_path_len = 5; - fp = fopen(_PATH_MOUNTED, "r"); - if (fp != NULL) { - while ((mntent = getmntent(fp)) != NULL) { - if (strcmp(mntent->mnt_type, MNTTYPE_IGNORE) == 0) - continue; - if (strcmp(mntent->mnt_type, "proc") == 0) { - strlcpy(proc_path, mntent->mnt_dir, sizeof(proc_path)); - proc_path_len = strlen(proc_path); - break; - } - } - fclose (fp); - } - } - - strlcpy(proc_path + proc_path_len, tail, - sizeof(proc_path) - proc_path_len); - return proc_path; -} - -/* - * /proc/net/route parsing stuff. - */ -#define ROUTE_MAX_COLS 12 -FILE *route_fd = (FILE *) 0; -static char route_buffer[512]; -static int route_dev_col, route_dest_col, route_gw_col; -static int route_flags_col, route_mask_col; -static int route_num_cols; - -static int open_route_table (void); -static void close_route_table (void); -static int read_route_table (struct rtentry *rt); - -/******************************************************************** - * - * close_route_table - close the interface to the route table - */ - -static void close_route_table (void) -{ - if (route_fd != (FILE *) 0) { - fclose (route_fd); - route_fd = (FILE *) 0; - } -} - -/******************************************************************** - * - * open_route_table - open the interface to the route table - */ -static char route_delims[] = " \t\n"; - -static int open_route_table (void) -{ - char *path; - - close_route_table(); - - path = path_to_procfs("/net/route"); - route_fd = fopen (path, "r"); - if (route_fd == NULL) { - error("can't open routing table %s: %m", path); - return 0; - } - - route_dev_col = 0; /* default to usual columns */ - route_dest_col = 1; - route_gw_col = 2; - route_flags_col = 3; - route_mask_col = 7; - route_num_cols = 8; - - /* parse header line */ - if (fgets(route_buffer, sizeof(route_buffer), route_fd) != 0) { - char *p = route_buffer, *q; - int col; - for (col = 0; col < ROUTE_MAX_COLS; ++col) { - int used = 1; - if ((q = strtok(p, route_delims)) == 0) - break; - if (strcasecmp(q, "iface") == 0) - route_dev_col = col; - else if (strcasecmp(q, "destination") == 0) - route_dest_col = col; - else if (strcasecmp(q, "gateway") == 0) - route_gw_col = col; - else if (strcasecmp(q, "flags") == 0) - route_flags_col = col; - else if (strcasecmp(q, "mask") == 0) - route_mask_col = col; - else - used = 0; - if (used && col >= route_num_cols) - route_num_cols = col + 1; - p = NULL; - } - } - - return 1; -} - -/******************************************************************** - * - * read_route_table - read the next entry from the route table - */ - -static int read_route_table(struct rtentry *rt) -{ - char *cols[ROUTE_MAX_COLS], *p; - int col; - - memset (rt, '\0', sizeof (struct rtentry)); - - if (fgets (route_buffer, sizeof (route_buffer), route_fd) == (char *) 0) - return 0; - - p = route_buffer; - for (col = 0; col < route_num_cols; ++col) { - cols[col] = strtok(p, route_delims); - if (cols[col] == NULL) - return 0; /* didn't get enough columns */ - p = NULL; - } - - SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); - SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); - SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); - - rt->rt_flags = (short) strtoul(cols[route_flags_col], NULL, 16); - rt->rt_dev = cols[route_dev_col]; - - return 1; -} - -/******************************************************************** - * - * defaultroute_exists - determine if there is a default route - */ - -static int defaultroute_exists (struct rtentry *rt) -{ - int result = 0; - - if (!open_route_table()) - return 0; - - while (read_route_table(rt) != 0) { - if ((rt->rt_flags & RTF_UP) == 0) - continue; - - if (kernel_version > KVERSION(2,1,0) && SIN_ADDR(rt->rt_genmask) != 0) - continue; - if (SIN_ADDR(rt->rt_dst) == 0L) { - result = 1; - break; - } - } - - close_route_table(); - return result; -} - -/* - * have_route_to - determine if the system has any route to - * a given IP address. `addr' is in network byte order. - * Return value is 1 if yes, 0 if no, -1 if don't know. - * For demand mode to work properly, we have to ignore routes - * through our own interface. - */ -int have_route_to(u_int32_t addr) -{ - struct rtentry rt; - int result = 0; - - if (!open_route_table()) - return -1; /* don't know */ - - while (read_route_table(&rt)) { - if ((rt.rt_flags & RTF_UP) == 0 || strcmp(rt.rt_dev, ifname) == 0) - continue; - if ((addr & SIN_ADDR(rt.rt_genmask)) == SIN_ADDR(rt.rt_dst)) { - result = 1; - break; - } - } - - close_route_table(); - return result; -} - -/******************************************************************** - * - * sifdefaultroute - assign a default route through the address given. - */ - -int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) -{ - struct rtentry rt; - - if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { - u_int32_t old_gateway = SIN_ADDR(rt.rt_gateway); - - if (old_gateway != gateway) - error("not replacing existing default route to %s [%I]", - rt.rt_dev, old_gateway); - return 0; - } - - memset (&rt, '\0', sizeof (rt)); - SET_SA_FAMILY (rt.rt_dst, AF_INET); - SET_SA_FAMILY (rt.rt_gateway, AF_INET); - - rt.rt_dev = ifname; - - if (kernel_version > KVERSION(2,1,0)) { - SET_SA_FAMILY (rt.rt_genmask, AF_INET); - SIN_ADDR(rt.rt_genmask) = 0L; - } - - SIN_ADDR(rt.rt_gateway) = gateway; - - rt.rt_flags = RTF_UP | RTF_GATEWAY; - if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { - if ( ! ok_error ( errno )) - error("default route ioctl(SIOCADDRT): %m"); - return 0; - } - - default_route_gateway = gateway; - return 1; -} - -/******************************************************************** - * - * cifdefaultroute - delete a default route through the address given. - */ - -int cifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) -{ - struct rtentry rt; - - default_route_gateway = 0; - - memset (&rt, '\0', sizeof (rt)); - SET_SA_FAMILY (rt.rt_dst, AF_INET); - SET_SA_FAMILY (rt.rt_gateway, AF_INET); - - if (kernel_version > KVERSION(2,1,0)) { - SET_SA_FAMILY (rt.rt_genmask, AF_INET); - SIN_ADDR(rt.rt_genmask) = 0L; - } - - SIN_ADDR(rt.rt_gateway) = gateway; - - rt.rt_flags = RTF_UP | RTF_GATEWAY; - if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { - if (still_ppp()) { - if ( ! ok_error ( errno )) - error("default route ioctl(SIOCDELRT): %m"); - return 0; - } - } - - return 1; -} - -/******************************************************************** - * - * sifproxyarp - Make a proxy ARP entry for the peer. - */ - -int sifproxyarp (int unit, u_int32_t his_adr) -{ - struct arpreq arpreq; - char *forw_path; - - if (has_proxy_arp == 0) { - memset (&arpreq, '\0', sizeof(arpreq)); - - SET_SA_FAMILY(arpreq.arp_pa, AF_INET); - SIN_ADDR(arpreq.arp_pa) = his_adr; - arpreq.arp_flags = ATF_PERM | ATF_PUBL; -/* - * Get the hardware address of an interface on the same subnet - * as our local address. - */ - if (!get_ether_addr(his_adr, &arpreq.arp_ha, proxy_arp_dev, - sizeof(proxy_arp_dev))) { - error("Cannot determine ethernet address for proxy ARP"); - return 0; - } - strlcpy(arpreq.arp_dev, proxy_arp_dev, sizeof(arpreq.arp_dev)); - - if (ioctl(sock_fd, SIOCSARP, (caddr_t)&arpreq) < 0) { - if ( ! ok_error ( errno )) - error("ioctl(SIOCSARP): %m"); - return 0; - } - proxy_arp_addr = his_adr; - has_proxy_arp = 1; - - if (tune_kernel) { - forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); - if (forw_path != 0) { - int fd = open(forw_path, O_WRONLY); - if (fd >= 0) { - if (write(fd, "1", 1) != 1) - error("Couldn't enable IP forwarding: %m"); - close(fd); - } - } - } - } - - return 1; -} - -/******************************************************************** - * - * cifproxyarp - Delete the proxy ARP entry for the peer. - */ - -int cifproxyarp (int unit, u_int32_t his_adr) -{ - struct arpreq arpreq; - - if (has_proxy_arp) { - has_proxy_arp = 0; - memset (&arpreq, '\0', sizeof(arpreq)); - SET_SA_FAMILY(arpreq.arp_pa, AF_INET); - SIN_ADDR(arpreq.arp_pa) = his_adr; - arpreq.arp_flags = ATF_PERM | ATF_PUBL; - strlcpy(arpreq.arp_dev, proxy_arp_dev, sizeof(arpreq.arp_dev)); - - if (ioctl(sock_fd, SIOCDARP, (caddr_t)&arpreq) < 0) { - if ( ! ok_error ( errno )) - warn("ioctl(SIOCDARP): %m"); - return 0; - } - } - return 1; -} - -/******************************************************************** - * - * get_ether_addr - get the hardware address of an interface on the - * the same subnet as ipaddr. - */ - -static int get_ether_addr (u_int32_t ipaddr, - struct sockaddr *hwaddr, - char *name, int namelen) -{ - struct ifreq *ifr, *ifend; - u_int32_t ina, mask; - char *aliasp; - struct ifreq ifreq, bestifreq; - struct ifconf ifc; - struct ifreq ifs[MAX_IFS]; - - u_int32_t bestmask=0; - int found_interface = 0; - - ifc.ifc_len = sizeof(ifs); - ifc.ifc_req = ifs; - if (ioctl(sock_fd, SIOCGIFCONF, &ifc) < 0) { - if ( ! ok_error ( errno )) - error("ioctl(SIOCGIFCONF): %m (line %d)", __LINE__); - return 0; - } - -/* - * Scan through looking for an interface with an Internet - * address on the same subnet as `ipaddr'. - */ - ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq)); - for (ifr = ifc.ifc_req; ifr < ifend; ifr++) { - if (ifr->ifr_addr.sa_family == AF_INET) { - ina = SIN_ADDR(ifr->ifr_addr); - strlcpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); -/* - * Check that the interface is up, and not point-to-point - * nor loopback. - */ - if (ioctl(sock_fd, SIOCGIFFLAGS, &ifreq) < 0) - continue; - - if (((ifreq.ifr_flags ^ FLAGS_GOOD) & FLAGS_MASK) != 0) - continue; -/* - * Get its netmask and check that it's on the right subnet. - */ - if (ioctl(sock_fd, SIOCGIFNETMASK, &ifreq) < 0) - continue; - - mask = SIN_ADDR(ifreq.ifr_addr); - - if (((ipaddr ^ ina) & mask) != 0) - continue; /* no match */ - /* matched */ - if (mask >= bestmask) { - /* Compare using >= instead of > -- it is possible for - an interface to have a netmask of 0.0.0.0 */ - found_interface = 1; - bestifreq = ifreq; - bestmask = mask; - } - } - } - - if (!found_interface) return 0; - - strlcpy(name, bestifreq.ifr_name, namelen); - - /* trim off the :1 in eth0:1 */ - aliasp = strchr(name, ':'); - if (aliasp != 0) - *aliasp = 0; - - info("found interface %s for proxy arp", name); -/* - * Now get the hardware address. - */ - memset (&bestifreq.ifr_hwaddr, 0, sizeof (struct sockaddr)); - if (ioctl (sock_fd, SIOCGIFHWADDR, &bestifreq) < 0) { - error("SIOCGIFHWADDR(%s): %m", bestifreq.ifr_name); - return 0; - } - - memcpy (hwaddr, - &bestifreq.ifr_hwaddr, - sizeof (struct sockaddr)); - - return 1; -} - -/* - * get_if_hwaddr - get the hardware address for the specified - * network interface device. - */ -int -get_if_hwaddr(u_char *addr, char *name) -{ - struct ifreq ifreq; - int ret, sock_fd; - - sock_fd = socket(AF_INET, SOCK_DGRAM, 0); - if (sock_fd < 0) - return 0; - memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr)); - strlcpy(ifreq.ifr_name, name, sizeof(ifreq.ifr_name)); - ret = ioctl(sock_fd, SIOCGIFHWADDR, &ifreq); - close(sock_fd); - if (ret >= 0) - memcpy(addr, ifreq.ifr_hwaddr.sa_data, 6); - return ret; -} - -/* - * get_first_ethernet - return the name of the first ethernet-style - * interface on this system. - */ -char * -get_first_ethernet() -{ - return "eth0"; -} - -/******************************************************************** - * - * Return user specified netmask, modified by any mask we might determine - * for address `addr' (in network byte order). - * Here we scan through the system's list of interfaces, looking for - * any non-point-to-point interfaces which might appear to be on the same - * network as `addr'. If we find any, we OR in their netmask to the - * user-specified netmask. - */ - -u_int32_t GetMask (u_int32_t addr) -{ - u_int32_t mask, nmask, ina; - struct ifreq *ifr, *ifend, ifreq; - struct ifconf ifc; - struct ifreq ifs[MAX_IFS]; - - addr = ntohl(addr); - - if (IN_CLASSA(addr)) /* determine network mask for address class */ - nmask = IN_CLASSA_NET; - else if (IN_CLASSB(addr)) - nmask = IN_CLASSB_NET; - else - nmask = IN_CLASSC_NET; - - /* class D nets are disallowed by bad_ip_adrs */ - mask = netmask | htonl(nmask); -/* - * Scan through the system's network interfaces. - */ - ifc.ifc_len = sizeof(ifs); - ifc.ifc_req = ifs; - if (ioctl(sock_fd, SIOCGIFCONF, &ifc) < 0) { - if ( ! ok_error ( errno )) - warn("ioctl(SIOCGIFCONF): %m (line %d)", __LINE__); - return mask; - } - - ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ifr++) { -/* - * Check the interface's internet address. - */ - if (ifr->ifr_addr.sa_family != AF_INET) - continue; - ina = SIN_ADDR(ifr->ifr_addr); - if (((ntohl(ina) ^ addr) & nmask) != 0) - continue; -/* - * Check that the interface is up, and not point-to-point nor loopback. - */ - strlcpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); - if (ioctl(sock_fd, SIOCGIFFLAGS, &ifreq) < 0) - continue; - - if (((ifreq.ifr_flags ^ FLAGS_GOOD) & FLAGS_MASK) != 0) - continue; -/* - * Get its netmask and OR it into our mask. - */ - if (ioctl(sock_fd, SIOCGIFNETMASK, &ifreq) < 0) - continue; - mask |= SIN_ADDR(ifreq.ifr_addr); - break; - } - return mask; -} - -/******************************************************************** - * - * Internal routine to decode the version.modification.patch level - */ - -static void decode_version (char *buf, int *version, - int *modification, int *patch) -{ - char *endp; - - *version = (int) strtoul (buf, &endp, 10); - *modification = 0; - *patch = 0; - - if (endp != buf && *endp == '.') { - buf = endp + 1; - *modification = (int) strtoul (buf, &endp, 10); - if (endp != buf && *endp == '.') { - buf = endp + 1; - *patch = (int) strtoul (buf, &buf, 10); - } - } -} - -/******************************************************************** - * - * Procedure to determine if the PPP line discipline is registered. - */ - -static int -ppp_registered(void) -{ - int local_fd; - int mfd = -1; - int ret = 0; - char slave[16]; - - /* - * We used to open the serial device and set it to the ppp line - * discipline here, in order to create a ppp unit. But that is - * not a good idea - the user might have specified a device that - * they can't open (permission, or maybe it doesn't really exist). - * So we grab a pty master/slave pair and use that. - */ - if (!get_pty(&mfd, &local_fd, slave, 0)) { - no_ppp_msg = "Couldn't determine if PPP is supported (no free ptys)"; - return 0; - } - - /* - * Try to put the device into the PPP discipline. - */ - if (ioctl(local_fd, TIOCSETD, &ppp_disc) < 0) { - error("ioctl(TIOCSETD(PPP)): %m (line %d)", __LINE__); - } else - ret = 1; - - close(local_fd); - close(mfd); - return ret; -} - -/******************************************************************** - * - * ppp_available - check whether the system has any ppp interfaces - * (in fact we check whether we can do an ioctl on ppp0). - */ - -int ppp_available(void) -{ - int s, ok, fd; - struct ifreq ifr; - int size; - int my_version, my_modification, my_patch; - int osmaj, osmin, ospatch; - - no_ppp_msg = - "This system lacks kernel support for PPP. This could be because\n" - "the PPP kernel module could not be loaded, or because PPP was not\n" - "included in the kernel configuration. If PPP was included as a\n" - "module, try `/sbin/modprobe -v ppp'. If that fails, check that\n" - "ppp.o exists in /lib/modules/`uname -r`/net.\n" - "See README.linux file in the ppp distribution for more details.\n"; - - /* get the kernel version now, since we are called before sys_init */ - uname(&utsname); - osmaj = osmin = ospatch = 0; - sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); - kernel_version = KVERSION(osmaj, osmin, ospatch); - - fd = open("/dev/ppp", O_RDWR); -#if 0 - if (fd < 0 && errno == ENOENT) { - /* try making it and see if that helps. */ - if (mknod("/dev/ppp", S_IFCHR | S_IRUSR | S_IWUSR, - makedev(108, 0)) >= 0) { - fd = open("/dev/ppp", O_RDWR); - if (fd >= 0) - info("Created /dev/ppp device node"); - else - unlink("/dev/ppp"); /* didn't work, undo the mknod */ - } else if (errno == EEXIST) { - fd = open("/dev/ppp", O_RDWR); - } - } -#endif /* 0 */ - if (fd >= 0) { - new_style_driver = 1; - - /* XXX should get from driver */ - driver_version = 2; - driver_modification = 4; - driver_patch = 0; - close(fd); - return 1; - } - if (kernel_version >= KVERSION(2,3,13)) { - if (errno == ENOENT) - no_ppp_msg = - "pppd is unable to open the /dev/ppp device.\n" - "You need to create the /dev/ppp device node by\n" - "executing the following command as root:\n" - " mknod /dev/ppp c 108 0\n"; - return 0; - } - -/* - * Open a socket for doing the ioctl operations. - */ - s = socket(AF_INET, SOCK_DGRAM, 0); - if (s < 0) - return 0; - - strlcpy (ifr.ifr_name, "ppp0", sizeof (ifr.ifr_name)); - ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0; -/* - * If the device did not exist then attempt to create one by putting the - * current tty into the PPP discipline. If this works then obtain the - * flags for the device again. - */ - if (!ok) { - if (ppp_registered()) { - strlcpy (ifr.ifr_name, "ppp0", sizeof (ifr.ifr_name)); - ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0; - } - } -/* - * Ensure that the hardware address is for PPP and not something else - */ - if (ok) - ok = ioctl (s, SIOCGIFHWADDR, (caddr_t) &ifr) >= 0; - - if (ok && ((ifr.ifr_hwaddr.sa_family & ~0xFF) != ARPHRD_PPP)) - ok = 0; - -/* - * This is the PPP device. Validate the version of the driver at this - * point to ensure that this program will work with the driver. - */ - if (ok) { - char abBuffer [1024]; - - ifr.ifr_data = abBuffer; - size = ioctl (s, SIOCGPPPVER, (caddr_t) &ifr); - if (size < 0) { - error("Couldn't read driver version: %m"); - ok = 0; - no_ppp_msg = "Sorry, couldn't verify kernel driver version\n"; - - } else { - decode_version(abBuffer, - &driver_version, - &driver_modification, - &driver_patch); -/* - * Validate the version of the driver against the version that we used. - */ - decode_version(VERSION, - &my_version, - &my_modification, - &my_patch); - - /* The version numbers must match */ - if (driver_version != my_version) - ok = 0; - - /* The modification levels must be legal */ - if (driver_modification < 3) { - if (driver_modification >= 2) { - /* we can cope with 2.2.0 and above */ - driver_is_old = 1; - } else { - ok = 0; - } - } - - close (s); - if (!ok) { - slprintf(route_buffer, sizeof(route_buffer), - "Sorry - PPP driver version %d.%d.%d is out of date\n", - driver_version, driver_modification, driver_patch); - - no_ppp_msg = route_buffer; - } - } - } - return ok; -} - -/******************************************************************** - * - * Update the wtmp file with the appropriate user name and tty device. - */ - -void logwtmp (const char *line, const char *name, const char *host) -{ - struct utmp ut, *utp; - pid_t mypid = getpid(); -#if __GLIBC__ < 2 - int wtmp; -#endif - -/* - * Update the signon database for users. - * Christoph Lameter: Copied from poeigl-1.36 Jan 3, 1996 - */ - utmpname(_PATH_UTMP); - setutent(); - while ((utp = getutent()) && (utp->ut_pid != mypid)) - /* nothing */; - - if (utp) - memcpy(&ut, utp, sizeof(ut)); - else - /* some gettys/telnetds don't initialize utmp... */ - memset(&ut, 0, sizeof(ut)); - - if (ut.ut_id[0] == 0) - strncpy(ut.ut_id, line + 3, sizeof(ut.ut_id)); - - strncpy(ut.ut_user, name, sizeof(ut.ut_user)); - strncpy(ut.ut_line, line, sizeof(ut.ut_line)); - - time(&ut.ut_time); - - ut.ut_type = USER_PROCESS; - ut.ut_pid = mypid; - - /* Insert the host name if one is supplied */ - if (*host) - strncpy (ut.ut_host, host, sizeof(ut.ut_host)); - - /* Insert the IP address of the remote system if IP is enabled */ - if (ipcp_protent.enabled_flag && ipcp_hisoptions[0].neg_addr) - memcpy(&ut.ut_addr, (char *) &ipcp_hisoptions[0].hisaddr, - sizeof(ut.ut_addr)); - - /* CL: Makes sure that the logout works */ - if (*host == 0 && *name==0) - ut.ut_host[0]=0; - - pututline(&ut); - endutent(); -/* - * Update the wtmp file. - */ -#if __GLIBC__ >= 2 - updwtmp(_PATH_WTMP, &ut); -#else - wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); - if (wtmp >= 0) { - flock(wtmp, LOCK_EX); - - if (write (wtmp, (char *)&ut, sizeof(ut)) != sizeof(ut)) - warn("error writing %s: %m", _PATH_WTMP); - - flock(wtmp, LOCK_UN); - - close (wtmp); - } -#endif -} - - -/******************************************************************** - * - * sifvjcomp - config tcp header compression - */ - -int sifvjcomp (int u, int vjcomp, int cidcomp, int maxcid) -{ - u_int x; - - if (vjcomp) { - if (ioctl(ppp_dev_fd, PPPIOCSMAXCID, (caddr_t) &maxcid) < 0) - error("Couldn't set up TCP header compression: %m"); - vjcomp = 0; - } - - x = (vjcomp? SC_COMP_TCP: 0) | (cidcomp? 0: SC_NO_TCP_CCID); - modify_flags(ppp_dev_fd, SC_COMP_TCP|SC_NO_TCP_CCID, x); - - return 1; -} - -/******************************************************************** - * - * sifup - Config the interface up and enable IP packets to pass. - */ - -int sifup(int u) -{ - struct ifreq ifr; - - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); - if (ioctl(sock_fd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl (SIOCGIFFLAGS): %m (line %d)", __LINE__); - return 0; - } - - ifr.ifr_flags |= (IFF_UP | IFF_POINTOPOINT); - if (ioctl(sock_fd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl(SIOCSIFFLAGS): %m (line %d)", __LINE__); - return 0; - } - if_is_up++; - - return 1; -} - -/******************************************************************** - * - * sifdown - Disable the indicated protocol and config the interface - * down if there are no remaining protocols. - */ - -int sifdown (int u) -{ - struct ifreq ifr; - - if (if_is_up && --if_is_up > 0) - return 1; - - memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); - if (ioctl(sock_fd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl (SIOCGIFFLAGS): %m (line %d)", __LINE__); - return 0; - } - - ifr.ifr_flags &= ~IFF_UP; - ifr.ifr_flags |= IFF_POINTOPOINT; - if (ioctl(sock_fd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl(SIOCSIFFLAGS): %m (line %d)", __LINE__); - return 0; - } - return 1; -} - -/******************************************************************** - * - * sifaddr - Config the interface IP addresses and netmask. - */ - -int sifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr, - u_int32_t net_mask) -{ - struct ifreq ifr; - struct rtentry rt; - - memset (&ifr, '\0', sizeof (ifr)); - memset (&rt, '\0', sizeof (rt)); - - SET_SA_FAMILY (ifr.ifr_addr, AF_INET); - SET_SA_FAMILY (ifr.ifr_dstaddr, AF_INET); - SET_SA_FAMILY (ifr.ifr_netmask, AF_INET); - - strlcpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); -/* - * Set our IP address - */ - SIN_ADDR(ifr.ifr_addr) = our_adr; - if (ioctl(sock_fd, SIOCSIFADDR, (caddr_t) &ifr) < 0) { - if (errno != EEXIST) { - if (! ok_error (errno)) - error("ioctl(SIOCSIFADDR): %m (line %d)", __LINE__); - } - else { - warn("ioctl(SIOCSIFADDR): Address already exists"); - } - return (0); - } -/* - * Set the gateway address - */ - SIN_ADDR(ifr.ifr_dstaddr) = his_adr; - if (ioctl(sock_fd, SIOCSIFDSTADDR, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl(SIOCSIFDSTADDR): %m (line %d)", __LINE__); - return (0); - } -/* - * Set the netmask. - * For recent kernels, force the netmask to 255.255.255.255. - */ - if (kernel_version >= KVERSION(2,1,16)) - net_mask = ~0L; - if (net_mask != 0) { - SIN_ADDR(ifr.ifr_netmask) = net_mask; - if (ioctl(sock_fd, SIOCSIFNETMASK, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - error("ioctl(SIOCSIFNETMASK): %m (line %d)", __LINE__); - return (0); - } - } -/* - * Add the device route - */ - if (kernel_version < KVERSION(2,1,16)) { - SET_SA_FAMILY (rt.rt_dst, AF_INET); - SET_SA_FAMILY (rt.rt_gateway, AF_INET); - rt.rt_dev = ifname; - - SIN_ADDR(rt.rt_gateway) = 0L; - SIN_ADDR(rt.rt_dst) = his_adr; - rt.rt_flags = RTF_UP | RTF_HOST; - - if (kernel_version > KVERSION(2,1,0)) { - SET_SA_FAMILY (rt.rt_genmask, AF_INET); - SIN_ADDR(rt.rt_genmask) = -1L; - } - - if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { - if (! ok_error (errno)) - error("ioctl(SIOCADDRT) device route: %m (line %d)", __LINE__); - return (0); - } - } - - /* set ip_dynaddr in demand mode if address changes */ - if (demand && tune_kernel && !dynaddr_set - && our_old_addr && our_old_addr != our_adr) { - /* set ip_dynaddr if possible */ - char *path; - int fd; - - path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); - if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { - if (write(fd, "1", 1) != 1) - error("Couldn't enable dynamic IP addressing: %m"); - close(fd); - } - dynaddr_set = 1; /* only 1 attempt */ - } - our_old_addr = 0; - - return 1; -} - -/******************************************************************** - * - * cifaddr - Clear the interface IP addresses, and delete routes - * through the interface if possible. - */ - -int cifaddr (int unit, u_int32_t our_adr, u_int32_t his_adr) -{ - struct ifreq ifr; - - if (kernel_version < KVERSION(2,1,16)) { -/* - * Delete the route through the device - */ - struct rtentry rt; - memset (&rt, '\0', sizeof (rt)); - - SET_SA_FAMILY (rt.rt_dst, AF_INET); - SET_SA_FAMILY (rt.rt_gateway, AF_INET); - rt.rt_dev = ifname; - - SIN_ADDR(rt.rt_gateway) = 0; - SIN_ADDR(rt.rt_dst) = his_adr; - rt.rt_flags = RTF_UP | RTF_HOST; - - if (kernel_version > KVERSION(2,1,0)) { - SET_SA_FAMILY (rt.rt_genmask, AF_INET); - SIN_ADDR(rt.rt_genmask) = -1L; - } - - if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { - if (still_ppp() && ! ok_error (errno)) - error("ioctl(SIOCDELRT) device route: %m (line %d)", __LINE__); - return (0); - } - } - - /* This way it is possible to have an IPX-only or IPv6-only interface */ - memset(&ifr, 0, sizeof(ifr)); - SET_SA_FAMILY(ifr.ifr_addr, AF_INET); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - - if (ioctl(sock_fd, SIOCSIFADDR, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) { - error("ioctl(SIOCSIFADDR): %m (line %d)", __LINE__); - return 0; - } - } - - our_old_addr = our_adr; - - return 1; -} - -#ifdef INET6 -/******************************************************************** - * - * sif6addr - Config the interface with an IPv6 link-local address - */ -int sif6addr (int unit, eui64_t our_eui64, eui64_t his_eui64) -{ - struct in6_ifreq ifr6; - struct ifreq ifr; - struct in6_rtmsg rt6; - - if (sock6_fd < 0) { - errno = -sock6_fd; - error("IPv6 socket creation failed: %m"); - return 0; - } - memset(&ifr, 0, sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock6_fd, SIOCGIFINDEX, (caddr_t) &ifr) < 0) { - error("sif6addr: ioctl(SIOCGIFINDEX): %m (line %d)", __LINE__); - return 0; - } - - /* Local interface */ - memset(&ifr6, 0, sizeof(ifr6)); - IN6_LLADDR_FROM_EUI64(ifr6.ifr6_addr, our_eui64); - ifr6.ifr6_ifindex = ifr.ifr_ifindex; - ifr6.ifr6_prefixlen = 10; - - if (ioctl(sock6_fd, SIOCSIFADDR, &ifr6) < 0) { - error("sif6addr: ioctl(SIOCSIFADDR): %m (line %d)", __LINE__); - return 0; - } - - /* Route to remote host */ - memset(&rt6, 0, sizeof(rt6)); - IN6_LLADDR_FROM_EUI64(rt6.rtmsg_dst, his_eui64); - rt6.rtmsg_flags = RTF_UP; - rt6.rtmsg_dst_len = 10; - rt6.rtmsg_ifindex = ifr.ifr_ifindex; - rt6.rtmsg_metric = 1; - - if (ioctl(sock6_fd, SIOCADDRT, &rt6) < 0) { - error("sif6addr: ioctl(SIOCADDRT): %m (line %d)", __LINE__); - return 0; - } - - return 1; -} - - -/******************************************************************** - * - * cif6addr - Remove IPv6 address from interface - */ -int cif6addr (int unit, eui64_t our_eui64, eui64_t his_eui64) -{ - struct ifreq ifr; - struct in6_ifreq ifr6; - - if (sock6_fd < 0) { - errno = -sock6_fd; - error("IPv6 socket creation failed: %m"); - return 0; - } - memset(&ifr, 0, sizeof(ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(sock6_fd, SIOCGIFINDEX, (caddr_t) &ifr) < 0) { - error("cif6addr: ioctl(SIOCGIFINDEX): %m (line %d)", __LINE__); - return 0; - } - - memset(&ifr6, 0, sizeof(ifr6)); - IN6_LLADDR_FROM_EUI64(ifr6.ifr6_addr, our_eui64); - ifr6.ifr6_ifindex = ifr.ifr_ifindex; - ifr6.ifr6_prefixlen = 10; - - if (ioctl(sock6_fd, SIOCDIFADDR, &ifr6) < 0) { - if (errno != EADDRNOTAVAIL) { - if (! ok_error (errno)) - error("cif6addr: ioctl(SIOCDIFADDR): %m (line %d)", __LINE__); - } - else { - warn("cif6addr: ioctl(SIOCDIFADDR): No such address"); - } - return (0); - } - return 1; -} -#endif /* INET6 */ - -/* - * get_pty - get a pty master/slave pair and chown the slave side - * to the uid given. Assumes slave_name points to >= 16 bytes of space. - */ -int -get_pty(master_fdp, slave_fdp, slave_name, uid) - int *master_fdp; - int *slave_fdp; - char *slave_name; - int uid; -{ - int i, mfd, sfd = -1; - char pty_name[16]; - struct termios tios; - -#ifdef TIOCGPTN - /* - * Try the unix98 way first. - */ - mfd = open("/dev/ptmx", O_RDWR); - if (mfd >= 0) { - int ptn; - if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { - slprintf(pty_name, sizeof(pty_name), "/dev.pts/%d", ptn); - chmod(pty_name, S_IRUSR | S_IWUSR); -#ifdef TIOCSPTLCK - ptn = 0; - if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) - warn("Couldn't unlock pty slave %s: %m", pty_name); -#endif - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) - warn("Couldn't open pty slave %s: %m", pty_name); - } - } -#endif /* TIOCGPTN */ - - if (sfd < 0) { - /* the old way - scan through the pty name space */ - for (i = 0; i < 64; ++i) { - slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", - 'p' + i / 16, i % 16); - mfd = open(pty_name, O_RDWR, 0); - if (mfd >= 0) { - pty_name[5] = 't'; - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); - if (sfd >= 0) { - fchown(sfd, uid, -1); - fchmod(sfd, S_IRUSR | S_IWUSR); - break; - } - close(mfd); - } - } - } - - if (sfd < 0) - return 0; - - strlcpy(slave_name, pty_name, 16); - *master_fdp = mfd; - *slave_fdp = sfd; - if (tcgetattr(sfd, &tios) == 0) { - tios.c_cflag &= ~(CSIZE | CSTOPB | PARENB); - tios.c_cflag |= CS8 | CREAD | CLOCAL; - tios.c_iflag = IGNPAR; - tios.c_oflag = 0; - tios.c_lflag = 0; - if (tcsetattr(sfd, TCSAFLUSH, &tios) < 0) - warn("couldn't set attributes on pty: %m"); - } else - warn("couldn't get attributes on pty: %m"); - - return 1; -} - -/******************************************************************** - * - * open_loopback - open the device we use for getting packets - * in demand mode. Under Linux, we use a pty master/slave pair. - */ -int -open_ppp_loopback(void) -{ - int flags; - - looped = 1; - if (new_style_driver) { - /* allocate ourselves a ppp unit */ - if (make_ppp_unit() < 0) - die(1); - modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC); - set_kdebugflag(kdebugflag); - ppp_fd = -1; - return ppp_dev_fd; - } - - if (!get_pty(&master_fd, &slave_fd, loop_name, 0)) - fatal("No free pty for loopback"); - - set_ppp_fd(slave_fd); - - flags = fcntl(master_fd, F_GETFL); - if (flags == -1 || - fcntl(master_fd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("couldn't set master loopback to nonblock: %m"); - - flags = fcntl(ppp_fd, F_GETFL); - if (flags == -1 || - fcntl(ppp_fd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("couldn't set slave loopback to nonblock: %m"); - - if (ioctl(ppp_fd, TIOCSETD, &ppp_disc) < 0) - fatal("ioctl(TIOCSETD): %m (line %d)", __LINE__); -/* - * Find out which interface we were given. - */ - if (ioctl(ppp_fd, PPPIOCGUNIT, &ifunit) < 0) - fatal("ioctl(PPPIOCGUNIT): %m (line %d)", __LINE__); -/* - * Enable debug in the driver if requested. - */ - set_kdebugflag (kdebugflag); - - return master_fd; -} - -/******************************************************************** - * - * sifnpmode - Set the mode for handling packets for a given NP. - */ - -int -sifnpmode(u, proto, mode) - int u; - int proto; - enum NPmode mode; -{ - struct npioctl npi; - - npi.protocol = proto; - npi.mode = mode; - if (ioctl(ppp_dev_fd, PPPIOCSNPMODE, (caddr_t) &npi) < 0) { - if (! ok_error (errno)) - error("ioctl(PPPIOCSNPMODE, %d, %d): %m", proto, mode); - return 0; - } - return 1; -} - - -/******************************************************************** - * - * sipxfaddr - Config the interface IPX networknumber - */ - -int sipxfaddr (int unit, unsigned long int network, unsigned char * node ) -{ - int result = 1; - -#ifdef IPX_CHANGE - int skfd; - struct ifreq ifr; - struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr; - - skfd = socket (AF_IPX, SOCK_DGRAM, 0); - if (skfd < 0) { - if (! ok_error (errno)) - dbglog("socket(AF_IPX): %m (line %d)", __LINE__); - result = 0; - } - else { - memset (&ifr, '\0', sizeof (ifr)); - strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - - memcpy (sipx->sipx_node, node, IPX_NODE_LEN); - sipx->sipx_family = AF_IPX; - sipx->sipx_port = 0; - sipx->sipx_network = htonl (network); - sipx->sipx_type = IPX_FRAME_ETHERII; - sipx->sipx_action = IPX_CRTITF; -/* - * Set the IPX device - */ - if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) { - result = 0; - if (errno != EEXIST) { - if (! ok_error (errno)) - dbglog("ioctl(SIOCSIFADDR, CRTITF): %m (line %d)", __LINE__); - } - else { - warn("ioctl(SIOCSIFADDR, CRTITF): Address already exists"); - } - } - close (skfd); - } -#endif - return result; -} - -/******************************************************************** - * - * cipxfaddr - Clear the information for the IPX network. The IPX routes - * are removed and the device is no longer able to pass IPX - * frames. - */ - -int cipxfaddr (int unit) -{ - int result = 1; - -#ifdef IPX_CHANGE - int skfd; - struct ifreq ifr; - struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr; - - skfd = socket (AF_IPX, SOCK_DGRAM, 0); - if (skfd < 0) { - if (! ok_error (errno)) - dbglog("socket(AF_IPX): %m (line %d)", __LINE__); - result = 0; - } - else { - memset (&ifr, '\0', sizeof (ifr)); - strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - - sipx->sipx_type = IPX_FRAME_ETHERII; - sipx->sipx_action = IPX_DLTITF; - sipx->sipx_family = AF_IPX; -/* - * Set the IPX device - */ - if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) { - if (! ok_error (errno)) - info("ioctl(SIOCSIFADDR, IPX_DLTITF): %m (line %d)", __LINE__); - result = 0; - } - close (skfd); - } -#endif - return result; -} - -/* - * Use the hostname as part of the random number seed. - */ -int -get_host_seed() -{ - int h; - char *p = hostname; - - h = 407; - for (p = hostname; *p != 0; ++p) - h = h * 37 + *p; - return h; -} - -/******************************************************************** - * - * sys_check_options - check the options that the user specified - */ - -int -sys_check_options(void) -{ -#ifdef IPX_CHANGE -/* - * Disable the IPX protocol if the support is not present in the kernel. - */ - char *path; - - if (ipxcp_protent.enabled_flag) { - struct stat stat_buf; - if ((path = path_to_procfs("/net/ipx/interface")) == 0 - || (path = path_to_procfs("/net/ipx_interface")) == 0 - || lstat(path, &stat_buf) < 0) { - error("IPX support is not present in the kernel\n"); - ipxcp_protent.enabled_flag = 0; - } - } -#endif - if (demand && driver_is_old) { - option_error("demand dialling is not supported by kernel driver " - "version %d.%d.%d", driver_version, driver_modification, - driver_patch); - return 0; - } - if (multilink && !new_style_driver) { - warn("Warning: multilink is not supported by the kernel driver"); - multilink = 0; - } - return 1; -} - -#ifdef INET6 -/* - * ether_to_eui64 - Convert 48-bit Ethernet address into 64-bit EUI - * - * convert the 48-bit MAC address of eth0 into EUI 64. caller also assumes - * that the system has a properly configured Ethernet interface for this - * function to return non-zero. - */ -int -ether_to_eui64(eui64_t *p_eui64) -{ - struct ifreq ifr; - int skfd; - const unsigned char *ptr; - - skfd = socket(PF_INET6, SOCK_DGRAM, 0); - if(skfd == -1) - { - warn("could not open IPv6 socket"); - return 0; - } - - strcpy(ifr.ifr_name, "eth0"); - if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0) - { - close(skfd); - warn("could not obtain hardware address for eth0"); - return 0; - } - close(skfd); - - /* - * And convert the EUI-48 into EUI-64, per RFC 2472 [sec 4.1] - */ - ptr = ifr.ifr_hwaddr.sa_data; - p_eui64->e8[0] = ptr[0] | 0x02; - p_eui64->e8[1] = ptr[1]; - p_eui64->e8[2] = ptr[2]; - p_eui64->e8[3] = 0xFF; - p_eui64->e8[4] = 0xFE; - p_eui64->e8[5] = ptr[3]; - p_eui64->e8[6] = ptr[4]; - p_eui64->e8[7] = ptr[5]; - - return 1; -} -#endif diff --git a/pppd/sys-solaris.c b/pppd/sys-solaris.c deleted file mode 100644 index fb8f0fd..0000000 --- a/pppd/sys-solaris.c +++ /dev/null @@ -1,2778 +0,0 @@ -/* - * System-dependent procedures for pppd under Solaris 2. - * - * Parts re-written by Adi Masputra , based on - * the original sys-svr4.c - * - * Copyright (c) 2000 by Sun Microsystems, Inc. - * All rights reserved. - * - * Permission to use, copy, modify, and distribute this software and its - * documentation is hereby granted, provided that the above copyright - * notice appears in all copies. - * - * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF - * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED - * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A - * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR - * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR - * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES - * - * Copyright (c) 1995-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Derived from main.c and pppd.h, which are: - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: sys-solaris.c,v 1.13 2004/11/04 10:02:26 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef CRTSCTS -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef SOL2 -#include -#include -#include -#include -#include -#endif - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" -#include "ipcp.h" -#include "ccp.h" - -#if !defined(PPP_DRV_NAME) -#define PPP_DRV_NAME "ppp" -#endif /* !defined(PPP_DRV_NAME) */ - -#if !defined(PPP_DEV_NAME) -#define PPP_DEV_NAME "/dev/" PPP_DRV_NAME -#endif /* !defined(PPP_DEV_NAME) */ - -#if !defined(AHDLC_MOD_NAME) -#define AHDLC_MOD_NAME "ppp_ahdl" -#endif /* !defined(AHDLC_MOD_NAME) */ - -#if !defined(COMP_MOD_NAME) -#define COMP_MOD_NAME "ppp_comp" -#endif /* !defined(COMP_MOD_NAME) */ - -#if !defined(IP_DEV_NAME) -#define IP_DEV_NAME "/dev/ip" -#endif /* !defined(IP_DEV_NAME) */ - -#if !defined(IP_MOD_NAME) -#define IP_MOD_NAME "ip" -#endif /* !defined(IP_MOD_NAME) */ - -#if !defined(UDP_DEV_NAME) && defined(SOL2) -#define UDP_DEV_NAME "/dev/udp" -#endif /* !defined(UDP_DEV_NAME) && defined(SOL2) */ - -#if !defined(UDP6_DEV_NAME) && defined(SOL2) -#define UDP6_DEV_NAME "/dev/udp6" -#endif /* !defined(UDP6_DEV_NAME) && defined(SOL2) */ - -static const char rcsid[] = RCSID; - -#if defined(SOL2) -/* - * "/dev/udp" is used as a multiplexor to PLINK the interface stream - * under. It is used in place of "/dev/ip" since STREAMS will not let - * a driver be PLINK'ed under itself, and "/dev/ip" is typically the - * driver at the bottom of the tunneling interfaces stream. - */ -static char *mux_dev_name = UDP_DEV_NAME; -#else -static char *mux_dev_name = IP_DEV_NAME; -#endif -static int pppfd; -static int fdmuxid = -1; -static int ipfd; -static int ipmuxid = -1; - -#if defined(INET6) && defined(SOL2) -static int ip6fd; /* IP file descriptor */ -static int ip6muxid = -1; /* Multiplexer file descriptor */ -static int if6_is_up = 0; /* IPv6 interface has been marked up */ - -#define _IN6_LLX_FROM_EUI64(l, s, eui64, as) do { \ - s->sin6_addr.s6_addr32[0] = htonl(as); \ - eui64_copy(eui64, s->sin6_addr.s6_addr32[2]); \ - s->sin6_family = AF_INET6; \ - l.lifr_addr.ss_family = AF_INET6; \ - l.lifr_addrlen = 10; \ - l.lifr_addr = laddr; \ - } while (0) - -#define IN6_LLADDR_FROM_EUI64(l, s, eui64) \ - _IN6_LLX_FROM_EUI64(l, s, eui64, 0xfe800000) - -#define IN6_LLTOKEN_FROM_EUI64(l, s, eui64) \ - _IN6_LLX_FROM_EUI64(l, s, eui64, 0) - -#endif /* defined(INET6) && defined(SOL2) */ - -#if defined(INET6) && defined(SOL2) -static char first_ether_name[LIFNAMSIZ]; /* Solaris 8 and above */ -#else -static char first_ether_name[IFNAMSIZ]; /* Before Solaris 8 */ -#define MAXIFS 256 /* Max # of interfaces */ -#endif /* defined(INET6) && defined(SOL2) */ - -static int restore_term; -static struct termios inittermios; -#ifndef CRTSCTS -static struct termiox inittermiox; -static int termiox_ok; -#endif -static struct winsize wsinfo; /* Initial window size info */ -static pid_t tty_sid; /* original session ID for terminal */ - -extern u_char inpacket_buf[]; /* borrowed from main.c */ - -#define MAX_POLLFDS 32 -static struct pollfd pollfds[MAX_POLLFDS]; -static int n_pollfds; - -static int link_mtu, link_mru; - -#define NMODULES 32 -static int tty_nmodules; -static char tty_modules[NMODULES][FMNAMESZ+1]; -static int tty_npushed; - -static int if_is_up; /* Interface has been marked up */ -static u_int32_t remote_addr; /* IP address of peer */ -static u_int32_t default_route_gateway; /* Gateway for default route added */ -static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ - -/* Prototypes for procedures local to this file. */ -static int translate_speed __P((int)); -static int baud_rate_of __P((int)); -static int get_ether_addr __P((u_int32_t, struct sockaddr *)); -static int get_hw_addr __P((char *, u_int32_t, struct sockaddr *)); -static int get_hw_addr_dlpi __P((char *, struct sockaddr *)); -static int dlpi_attach __P((int, int)); -static int dlpi_info_req __P((int)); -static int dlpi_get_reply __P((int, union DL_primitives *, int, int)); -static int strioctl __P((int, int, void *, int, int)); - -#ifdef SOL2 -/* - * sifppa - Sets interface ppa - * - * without setting the ppa, ip module will return EINVAL upon setting the - * interface UP (SIOCSxIFFLAGS). This is because ip module in 2.8 expects - * two DLPI_INFO_REQ to be sent down to the driver (below ip) before - * IFF_UP can be set. Plumbing the device causes one DLPI_INFO_REQ to - * be sent down, and the second DLPI_INFO_REQ is sent upon receiving - * IF_UNITSEL (old) or SIOCSLIFNAME (new) ioctls. Such setting of the ppa - * is required because the ppp DLPI provider advertises itself as - * a DLPI style 2 type, which requires a point of attachment to be - * specified. The only way the user can specify a point of attachment - * is via SIOCSLIFNAME or IF_UNITSEL. - * - * Such changes in the behavior of ip module was made to meet new or - * evolving standards requirements. - * - */ -static int -sifppa(fd, ppa) - int fd; - int ppa; -{ - return (int)ioctl(fd, IF_UNITSEL, (char *)&ppa); -} -#endif /* SOL2 */ - -#if defined(SOL2) && defined(INET6) -/* - * get_first_ethernet - returns the first Ethernet interface name found in - * the system, or NULL if none is found - * - * NOTE: This is the lifreq version (Solaris 8 and above) - */ -char * -get_first_ethernet() -{ - struct lifnum lifn; - struct lifconf lifc; - struct lifreq *plifreq; - struct lifreq lifr; - int fd, num_ifs, i, found; - uint_t fl, req_size; - char *req; - - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) { - return 0; - } - - /* - * Find out how many interfaces are running - */ - lifn.lifn_family = AF_UNSPEC; - lifn.lifn_flags = LIFC_NOXMIT; - if (ioctl(fd, SIOCGLIFNUM, &lifn) < 0) { - close(fd); - error("could not determine number of interfaces: %m"); - return 0; - } - - num_ifs = lifn.lifn_count; - req_size = num_ifs * sizeof(struct lifreq); - req = malloc(req_size); - if (req == NULL) { - close(fd); - error("out of memory"); - return 0; - } - - /* - * Get interface configuration info for all interfaces - */ - lifc.lifc_family = AF_UNSPEC; - lifc.lifc_flags = LIFC_NOXMIT; - lifc.lifc_len = req_size; - lifc.lifc_buf = req; - if (ioctl(fd, SIOCGLIFCONF, &lifc) < 0) { - close(fd); - free(req); - error("SIOCGLIFCONF: %m"); - return 0; - } - - /* - * And traverse each interface to look specifically for the first - * occurence of an Ethernet interface which has been marked up - */ - plifreq = lifc.lifc_req; - found = 0; - for (i = lifc.lifc_len / sizeof(struct lifreq); i > 0; i--, plifreq++) { - - if (strchr(plifreq->lifr_name, ':') != NULL) - continue; - - memset(&lifr, 0, sizeof(lifr)); - strncpy(lifr.lifr_name, plifreq->lifr_name, sizeof(lifr.lifr_name)); - if (ioctl(fd, SIOCGLIFFLAGS, &lifr) < 0) { - close(fd); - free(req); - error("SIOCGLIFFLAGS: %m"); - return 0; - } - fl = lifr.lifr_flags; - - if ((fl & (IFF_UP|IFF_BROADCAST|IFF_POINTOPOINT|IFF_LOOPBACK|IFF_NOARP)) - != (IFF_UP | IFF_BROADCAST)) - continue; - - found = 1; - break; - } - free(req); - close(fd); - - if (found) { - strncpy(first_ether_name, lifr.lifr_name, sizeof(first_ether_name)); - return (char *)first_ether_name; - } else - return NULL; -} -#else -/* - * get_first_ethernet - returns the first Ethernet interface name found in - * the system, or NULL if none is found - * - * NOTE: This is the ifreq version (before Solaris 8). - */ -char * -get_first_ethernet() -{ - struct ifconf ifc; - struct ifreq *pifreq; - struct ifreq ifr; - int fd, num_ifs, i, found; - uint_t fl, req_size; - char *req; - - fd = socket(AF_INET, SOCK_DGRAM, 0); - if (fd < 0) { - return 0; - } - - /* - * Find out how many interfaces are running - */ - if (ioctl(fd, SIOCGIFNUM, (char *)&num_ifs) < 0) { - num_ifs = MAXIFS; - } - - req_size = num_ifs * sizeof(struct ifreq); - req = malloc(req_size); - if (req == NULL) { - close(fd); - error("out of memory"); - return 0; - } - - /* - * Get interface configuration info for all interfaces - */ - ifc.ifc_len = req_size; - ifc.ifc_buf = req; - if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { - close(fd); - free(req); - error("SIOCGIFCONF: %m"); - return 0; - } - - /* - * And traverse each interface to look specifically for the first - * occurence of an Ethernet interface which has been marked up - */ - pifreq = ifc.ifc_req; - found = 0; - for (i = ifc.ifc_len / sizeof(struct ifreq); i > 0; i--, pifreq++) { - - if (strchr(pifreq->ifr_name, ':') != NULL) - continue; - - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, pifreq->ifr_name, sizeof(ifr.ifr_name)); - if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0) { - close(fd); - free(req); - error("SIOCGIFFLAGS: %m"); - return 0; - } - fl = ifr.ifr_flags; - - if ((fl & (IFF_UP|IFF_BROADCAST|IFF_POINTOPOINT|IFF_LOOPBACK|IFF_NOARP)) - != (IFF_UP | IFF_BROADCAST)) - continue; - - found = 1; - break; - } - free(req); - close(fd); - - if (found) { - strncpy(first_ether_name, ifr.ifr_name, sizeof(first_ether_name)); - return (char *)first_ether_name; - } else - return NULL; -} -#endif /* defined(SOL2) && defined(INET6) */ - -#if defined(SOL2) -/* - * get_if_hwaddr - get the hardware address for the specified - * network interface device. - */ -int -get_if_hwaddr(u_char *addr, char *if_name) -{ - struct sockaddr s_eth_addr; - struct ether_addr *eth_addr = (struct ether_addr *)&s_eth_addr.sa_data; - - if (if_name == NULL) - return -1; - - /* - * Send DL_INFO_REQ to the driver to solicit its MAC address - */ - if (!get_hw_addr_dlpi(if_name, &s_eth_addr)) { - error("could not obtain hardware address for %s", if_name); - return -1; - } - - memcpy(addr, eth_addr->ether_addr_octet, 6); - return 1; -} -#endif /* SOL2 */ - -#if defined(SOL2) && defined(INET6) -/* - * slifname - Sets interface ppa and flags - * - * in addition to the comments stated in sifppa(), IFF_IPV6 bit must - * be set in order to declare this as an IPv6 interface - */ -static int -slifname(fd, ppa) - int fd; - int ppa; -{ - struct lifreq lifr; - int ret; - - memset(&lifr, 0, sizeof(lifr)); - ret = ioctl(fd, SIOCGLIFFLAGS, &lifr); - if (ret < 0) - goto slifname_done; - - lifr.lifr_flags |= IFF_IPV6; - lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4); - lifr.lifr_ppa = ppa; - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - - ret = ioctl(fd, SIOCSLIFNAME, &lifr); - -slifname_done: - return ret; - - -} - - -/* - * ether_to_eui64 - Convert 48-bit Ethernet address into 64-bit EUI - * - * walks the list of valid ethernet interfaces, and convert the first - * found 48-bit MAC address into EUI 64. caller also assumes that - * the system has a properly configured Ethernet interface for this - * function to return non-zero. - */ -int -ether_to_eui64(eui64_t *p_eui64) -{ - struct sockaddr s_eth_addr; - struct ether_addr *eth_addr = (struct ether_addr *)&s_eth_addr.sa_data; - char *if_name; - - if ((if_name = get_first_ethernet()) == NULL) { - error("no persistent id can be found"); - return 0; - } - - /* - * Send DL_INFO_REQ to the driver to solicit its MAC address - */ - if (!get_hw_addr_dlpi(if_name, &s_eth_addr)) { - error("could not obtain hardware address for %s", if_name); - return 0; - } - - /* - * And convert the EUI-48 into EUI-64, per RFC 2472 [sec 4.1] - */ - p_eui64->e8[0] = (eth_addr->ether_addr_octet[0] & 0xFF) | 0x02; - p_eui64->e8[1] = (eth_addr->ether_addr_octet[1] & 0xFF); - p_eui64->e8[2] = (eth_addr->ether_addr_octet[2] & 0xFF); - p_eui64->e8[3] = 0xFF; - p_eui64->e8[4] = 0xFE; - p_eui64->e8[5] = (eth_addr->ether_addr_octet[3] & 0xFF); - p_eui64->e8[6] = (eth_addr->ether_addr_octet[4] & 0xFF); - p_eui64->e8[7] = (eth_addr->ether_addr_octet[5] & 0xFF); - - return 1; -} -#endif /* defined(SOL2) && defined(INET6) */ - -/* - * sys_init - System-dependent initialization. - */ -void -sys_init() -{ - int ifd, x; - struct ifreq ifr; -#if defined(INET6) && defined(SOL2) - int i6fd; - struct lifreq lifr; -#endif /* defined(INET6) && defined(SOL2) */ -#if !defined(SOL2) - struct { - union DL_primitives prim; - char space[64]; - } reply; -#endif /* !defined(SOL2) */ - - ipfd = open(mux_dev_name, O_RDWR, 0); - if (ipfd < 0) - fatal("Couldn't open IP device: %m"); - -#if defined(INET6) && defined(SOL2) - ip6fd = open(UDP6_DEV_NAME, O_RDWR, 0); - if (ip6fd < 0) - fatal("Couldn't open IP device (2): %m"); -#endif /* defined(INET6) && defined(SOL2) */ - - if (default_device && !notty) - tty_sid = getsid((pid_t)0); - - pppfd = open(PPP_DEV_NAME, O_RDWR | O_NONBLOCK, 0); - if (pppfd < 0) - fatal("Can't open %s: %m", PPP_DEV_NAME); - if (kdebugflag & 1) { - x = PPPDBG_LOG + PPPDBG_DRIVER; - strioctl(pppfd, PPPIO_DEBUG, &x, sizeof(int), 0); - } - - /* Assign a new PPA and get its unit number. */ - if (strioctl(pppfd, PPPIO_NEWPPA, &ifunit, 0, sizeof(int)) < 0) - fatal("Can't create new PPP interface: %m"); - -#if defined(SOL2) - /* - * Since sys_init() is called prior to ifname being set in main(), - * we need to get the ifname now, otherwise slifname(), and others, - * will fail, or maybe, I should move them to a later point ? - * - */ - sprintf(ifname, PPP_DRV_NAME "%d", ifunit); -#endif /* defined(SOL2) */ - /* - * Open the ppp device again and link it under the ip multiplexor. - * IP will assign a unit number which hopefully is the same as ifunit. - * I don't know any way to be certain they will be the same. :-( - */ - ifd = open(PPP_DEV_NAME, O_RDWR, 0); - if (ifd < 0) - fatal("Can't open %s (2): %m", PPP_DEV_NAME); - if (kdebugflag & 1) { - x = PPPDBG_LOG + PPPDBG_DRIVER; - strioctl(ifd, PPPIO_DEBUG, &x, sizeof(int), 0); - } - -#if defined(INET6) && defined(SOL2) - i6fd = open(PPP_DEV_NAME, O_RDWR, 0); - if (i6fd < 0) { - close(ifd); - fatal("Can't open %s (3): %m", PPP_DEV_NAME); - } - if (kdebugflag & 1) { - x = PPPDBG_LOG + PPPDBG_DRIVER; - strioctl(i6fd, PPPIO_DEBUG, &x, sizeof(int), 0); - } -#endif /* defined(INET6) && defined(SOL2) */ - -#if defined(SOL2) - if (ioctl(ifd, I_PUSH, IP_MOD_NAME) < 0) { - close(ifd); -#if defined(INET6) - close(i6fd); -#endif /* defined(INET6) */ - fatal("Can't push IP module: %m"); - } - - /* - * Assign ppa according to the unit number returned by ppp device - * after plumbing is completed above. - */ - if (sifppa(ifd, ifunit) < 0) { - close (ifd); -#if defined(INET6) - close(i6fd); -#endif /* defined(INET6) */ - fatal("Can't set ppa for unit %d: %m", ifunit); - } - -#if defined(INET6) - /* - * An IPv6 interface is created anyway, even when the user does not - * explicitly enable it. Note that the interface will be marked - * IPv6 during slifname(). - */ - if (ioctl(i6fd, I_PUSH, IP_MOD_NAME) < 0) { - close(ifd); - close(i6fd); - fatal("Can't push IP module (2): %m"); - } - - /* - * Assign ppa according to the unit number returned by ppp device - * after plumbing is completed above. In addition, mark the interface - * as an IPv6 interface. - */ - if (slifname(i6fd, ifunit) < 0) { - close(ifd); - close(i6fd); - fatal("Can't set ifname for unit %d: %m", ifunit); - } -#endif /* defined(INET6) */ - - ipmuxid = ioctl(ipfd, I_PLINK, ifd); - close(ifd); - if (ipmuxid < 0) { -#if defined(INET6) - close(i6fd); -#endif /* defined(INET6) */ - fatal("Can't I_PLINK PPP device to IP: %m"); - } - - memset(&ifr, 0, sizeof(ifr)); - sprintf(ifr.ifr_name, "%s", ifname); - ifr.ifr_ip_muxid = ipmuxid; - - /* - * In Sol 8 and later, STREAMS dynamic module plumbing feature exists. - * This is so that an arbitrary module can be inserted, or deleted, - * between ip module and the device driver without tearing down the - * existing stream. Such feature requires the mux ids, which is set - * by SIOCSIFMUXID (or SIOCLSIFMUXID). - */ - if (ioctl(ipfd, SIOCSIFMUXID, &ifr) < 0) { - ioctl(ipfd, I_PUNLINK, ipmuxid); -#if defined(INET6) - close(i6fd); -#endif /* defined(INET6) */ - fatal("SIOCSIFMUXID: %m"); - } - -#else /* else if !defined(SOL2) */ - - if (dlpi_attach(ifd, ifunit) < 0 || - dlpi_get_reply(ifd, &reply.prim, DL_OK_ACK, sizeof(reply)) < 0) { - close(ifd); - fatal("Can't attach to ppp%d: %m", ifunit); - } - - ipmuxid = ioctl(ipfd, I_LINK, ifd); - close(ifd); - if (ipmuxid < 0) - fatal("Can't link PPP device to IP: %m"); -#endif /* defined(SOL2) */ - -#if defined(INET6) && defined(SOL2) - ip6muxid = ioctl(ip6fd, I_PLINK, i6fd); - close(i6fd); - if (ip6muxid < 0) { - ioctl(ipfd, I_PUNLINK, ipmuxid); - fatal("Can't I_PLINK PPP device to IP (2): %m"); - } - - memset(&lifr, 0, sizeof(lifr)); - sprintf(lifr.lifr_name, "%s", ifname); - lifr.lifr_ip_muxid = ip6muxid; - - /* - * Let IP know of the mux id [see comment for SIOCSIFMUXID above] - */ - if (ioctl(ip6fd, SIOCSLIFMUXID, &lifr) < 0) { - ioctl(ipfd, I_PUNLINK, ipmuxid); - ioctl(ip6fd, I_PUNLINK, ip6muxid); - fatal("Can't link PPP device to IP (2): %m"); - } -#endif /* defined(INET6) && defined(SOL2) */ - -#if !defined(SOL2) - /* Set the interface name for the link. */ - slprintf(ifr.ifr_name, sizeof(ifr.ifr_name), PPP_DRV_NAME "%d", ifunit); - ifr.ifr_metric = ipmuxid; - if (strioctl(ipfd, SIOCSIFNAME, (char *)&ifr, sizeof ifr, 0) < 0) - fatal("Can't set interface name %s: %m", ifr.ifr_name); -#endif /* !defined(SOL2) */ - - n_pollfds = 0; -} - -/* - * sys_cleanup - restore any system state we modified before exiting: - * mark the interface down, delete default route and/or proxy arp entry. - * This should call die() because it's called from die(). - */ -void -sys_cleanup() -{ -#if defined(SOL2) - struct ifreq ifr; -#if defined(INET6) - struct lifreq lifr; -#endif /* defined(INET6) */ -#endif /* defined(SOL2) */ - -#if defined(SOL2) && defined(INET6) - if (if6_is_up) - sif6down(0); -#endif /* defined(SOL2) && defined(INET6) */ - if (if_is_up) - sifdown(0); - if (default_route_gateway) - cifdefaultroute(0, default_route_gateway, default_route_gateway); - if (proxy_arp_addr) - cifproxyarp(0, proxy_arp_addr); -#if defined(SOL2) - /* - * Make sure we ask ip what the muxid, because 'ifconfig modlist' will - * unlink and re-link the modules, causing the muxid to change. - */ - memset(&ifr, 0, sizeof(ifr)); - sprintf(ifr.ifr_name, "%s", ifname); - if (ioctl(ipfd, SIOCGIFFLAGS, &ifr) < 0) { - error("SIOCGIFFLAGS: %m"); - return; - } - - if (ioctl(ipfd, SIOCGIFMUXID, &ifr) < 0) { - error("SIOCGIFMUXID: %m"); - return; - } - - ipmuxid = ifr.ifr_ip_muxid; - - if (ioctl(ipfd, I_PUNLINK, ipmuxid) < 0) { - error("Can't I_PUNLINK PPP from IP: %m"); - return; - } -#if defined(INET6) - /* - * Make sure we ask ip what the muxid, because 'ifconfig modlist' will - * unlink and re-link the modules, causing the muxid to change. - */ - memset(&lifr, 0, sizeof(lifr)); - sprintf(lifr.lifr_name, "%s", ifname); - if (ioctl(ip6fd, SIOCGLIFFLAGS, &lifr) < 0) { - error("SIOCGLIFFLAGS: %m"); - return; - } - - if (ioctl(ip6fd, SIOCGLIFMUXID, &lifr) < 0) { - error("SIOCGLIFMUXID: %m"); - return; - } - - ip6muxid = lifr.lifr_ip_muxid; - - if (ioctl(ip6fd, I_PUNLINK, ip6muxid) < 0) { - error("Can't I_PUNLINK PPP from IP (2): %m"); - } -#endif /* defined(INET6) */ -#endif /* defined(SOL2) */ -} - -/* - * sys_close - Clean up in a child process before execing. - */ -void -sys_close() -{ - close(ipfd); -#if defined(INET6) && defined(SOL2) - close(ip6fd); -#endif /* defined(INET6) && defined(SOL2) */ - if (pppfd >= 0) - close(pppfd); -} - -/* - * sys_check_options - check the options that the user specified - */ -int -sys_check_options() -{ - return 1; -} - -#if 0 -/* - * daemon - Detach us from controlling terminal session. - */ -int -daemon(nochdir, noclose) - int nochdir, noclose; -{ - int pid; - - if ((pid = fork()) < 0) - return -1; - if (pid != 0) - exit(0); /* parent dies */ - setsid(); - if (!nochdir) - chdir("/"); - if (!noclose) { - fclose(stdin); /* don't need stdin, stdout, stderr */ - fclose(stdout); - fclose(stderr); - } - return 0; -} -#endif - -/* - * ppp_available - check whether the system has any ppp interfaces - */ -int -ppp_available() -{ - struct stat buf; - - return stat(PPP_DEV_NAME, &buf) >= 0; -} - -/* - * any_compressions - see if compression is enabled or not - * - * In the STREAMS implementation of kernel-portion pppd, - * the comp STREAMS module performs the ACFC, PFC, as well - * CCP and VJ compressions. However, if the user has explicitly - * declare to not enable them from the command line, there is - * no point of having the comp module be pushed on the stream. - */ -static int -any_compressions() -{ - if ((!lcp_wantoptions[0].neg_accompression) && - (!lcp_wantoptions[0].neg_pcompression) && - (!ccp_protent.enabled_flag) && - (!ipcp_wantoptions[0].neg_vj)) { - return 0; - } - return 1; -} - -/* - * tty_establish_ppp - Turn the serial port into a ppp interface. - */ -int -tty_establish_ppp(fd) - int fd; -{ - int i; - - /* Pop any existing modules off the tty stream. */ - for (i = 0;; ++i) - if (ioctl(fd, I_LOOK, tty_modules[i]) < 0 - || strcmp(tty_modules[i], "ptem") == 0 - || ioctl(fd, I_POP, 0) < 0) - break; - tty_nmodules = i; - - /* Push the async hdlc module and the compressor module. */ - tty_npushed = 0; - - if(!sync_serial) { - if (ioctl(fd, I_PUSH, AHDLC_MOD_NAME) < 0) { - error("Couldn't push PPP Async HDLC module: %m"); - return -1; - } - ++tty_npushed; - } - if (kdebugflag & 4) { - i = PPPDBG_LOG + PPPDBG_AHDLC; - strioctl(pppfd, PPPIO_DEBUG, &i, sizeof(int), 0); - } - /* - * There's no need to push comp module if we don't intend - * to compress anything - */ - if (any_compressions()) { - if (ioctl(fd, I_PUSH, COMP_MOD_NAME) < 0) - error("Couldn't push PPP compression module: %m"); - else - ++tty_npushed; - } - - if (kdebugflag & 2) { - i = PPPDBG_LOG; - if (any_compressions()) - i += PPPDBG_COMP; - strioctl(pppfd, PPPIO_DEBUG, &i, sizeof(int), 0); - } - - /* Link the serial port under the PPP multiplexor. */ - if ((fdmuxid = ioctl(pppfd, I_LINK, fd)) < 0) { - error("Can't link tty to PPP mux: %m"); - return -1; - } - - return pppfd; -} - -/* - * tty_disestablish_ppp - Restore the serial port to normal operation. - * It attempts to reconstruct the stream with the previously popped - * modules. This shouldn't call die() because it's called from die(). - */ -void -tty_disestablish_ppp(fd) - int fd; -{ - int i; - - if (fdmuxid >= 0) { - if (ioctl(pppfd, I_UNLINK, fdmuxid) < 0) { - if (!hungup) - error("Can't unlink tty from PPP mux: %m"); - } - fdmuxid = -1; - - if (!hungup) { - while (tty_npushed > 0 && ioctl(fd, I_POP, 0) >= 0) - --tty_npushed; - for (i = tty_nmodules - 1; i >= 0; --i) - if (ioctl(fd, I_PUSH, tty_modules[i]) < 0) - error("Couldn't restore tty module %s: %m", - tty_modules[i]); - } - if (hungup && default_device && tty_sid > 0) { - /* - * If we have received a hangup, we need to send a SIGHUP - * to the terminal's controlling process. The reason is - * that the original stream head for the terminal hasn't - * seen the M_HANGUP message (it went up through the ppp - * driver to the stream head for our fd to /dev/ppp). - */ - kill(tty_sid, SIGHUP); - } - } -} - -/* - * Check whether the link seems not to be 8-bit clean. - */ -void -clean_check() -{ - int x; - char *s; - - if (strioctl(pppfd, PPPIO_GCLEAN, &x, 0, sizeof(x)) < 0) - return; - s = NULL; - switch (~x) { - case RCV_B7_0: - s = "bit 7 set to 1"; - break; - case RCV_B7_1: - s = "bit 7 set to 0"; - break; - case RCV_EVNP: - s = "odd parity"; - break; - case RCV_ODDP: - s = "even parity"; - break; - } - if (s != NULL) { - warn("Serial link is not 8-bit clean:"); - warn("All received characters had %s", s); - } -} - -/* - * List of valid speeds. - */ -struct speed { - int speed_int, speed_val; -} speeds[] = { -#ifdef B50 - { 50, B50 }, -#endif -#ifdef B75 - { 75, B75 }, -#endif -#ifdef B110 - { 110, B110 }, -#endif -#ifdef B134 - { 134, B134 }, -#endif -#ifdef B150 - { 150, B150 }, -#endif -#ifdef B200 - { 200, B200 }, -#endif -#ifdef B300 - { 300, B300 }, -#endif -#ifdef B600 - { 600, B600 }, -#endif -#ifdef B1200 - { 1200, B1200 }, -#endif -#ifdef B1800 - { 1800, B1800 }, -#endif -#ifdef B2000 - { 2000, B2000 }, -#endif -#ifdef B2400 - { 2400, B2400 }, -#endif -#ifdef B3600 - { 3600, B3600 }, -#endif -#ifdef B4800 - { 4800, B4800 }, -#endif -#ifdef B7200 - { 7200, B7200 }, -#endif -#ifdef B9600 - { 9600, B9600 }, -#endif -#ifdef B19200 - { 19200, B19200 }, -#endif -#ifdef B38400 - { 38400, B38400 }, -#endif -#ifdef EXTA - { 19200, EXTA }, -#endif -#ifdef EXTB - { 38400, EXTB }, -#endif -#ifdef B57600 - { 57600, B57600 }, -#endif -#ifdef B76800 - { 76800, B76800 }, -#endif -#ifdef B115200 - { 115200, B115200 }, -#endif -#ifdef B153600 - { 153600, B153600 }, -#endif -#ifdef B230400 - { 230400, B230400 }, -#endif -#ifdef B307200 - { 307200, B307200 }, -#endif -#ifdef B460800 - { 460800, B460800 }, -#endif - { 0, 0 } -}; - -/* - * Translate from bits/second to a speed_t. - */ -static int -translate_speed(bps) - int bps; -{ - struct speed *speedp; - - if (bps == 0) - return 0; - for (speedp = speeds; speedp->speed_int; speedp++) - if (bps == speedp->speed_int) - return speedp->speed_val; - warn("speed %d not supported", bps); - return 0; -} - -/* - * Translate from a speed_t to bits/second. - */ -static int -baud_rate_of(speed) - int speed; -{ - struct speed *speedp; - - if (speed == 0) - return 0; - for (speedp = speeds; speedp->speed_int; speedp++) - if (speed == speedp->speed_val) - return speedp->speed_int; - return 0; -} - -/* - * set_up_tty: Set up the serial port on `fd' for 8 bits, no parity, - * at the requested speed, etc. If `local' is true, set CLOCAL - * regardless of whether the modem option was specified. - */ -void -set_up_tty(fd, local) - int fd, local; -{ - int speed; - struct termios tios; -#if !defined (CRTSCTS) - struct termiox tiox; -#endif - - if (!sync_serial && tcgetattr(fd, &tios) < 0) - fatal("tcgetattr: %m"); - -#ifndef CRTSCTS - termiox_ok = 1; - if (!sync_serial && ioctl (fd, TCGETX, &tiox) < 0) { - termiox_ok = 0; - if (errno != ENOTTY) - error("TCGETX: %m"); - } -#endif - - if (!restore_term) { - inittermios = tios; -#ifndef CRTSCTS - inittermiox = tiox; -#endif - if (!sync_serial) - ioctl(fd, TIOCGWINSZ, &wsinfo); - } - - tios.c_cflag &= ~(CSIZE | CSTOPB | PARENB | CLOCAL); -#ifdef CRTSCTS - if (crtscts > 0) - tios.c_cflag |= CRTSCTS; - else if (crtscts < 0) - tios.c_cflag &= ~CRTSCTS; -#else - if (crtscts != 0 && !termiox_ok) { - error("Can't set RTS/CTS flow control"); - } else if (crtscts > 0) { - tiox.x_hflag |= RTSXOFF|CTSXON; - } else if (crtscts < 0) { - tiox.x_hflag &= ~(RTSXOFF|CTSXON); - } -#endif - - tios.c_cflag |= CS8 | CREAD | HUPCL; - if (local || !modem) - tios.c_cflag |= CLOCAL; - tios.c_iflag = IGNBRK | IGNPAR; - tios.c_oflag = 0; - tios.c_lflag = 0; - tios.c_cc[VMIN] = 1; - tios.c_cc[VTIME] = 0; - - if (crtscts == -2) { - tios.c_iflag |= IXON | IXOFF; - tios.c_cc[VSTOP] = 0x13; /* DC3 = XOFF = ^S */ - tios.c_cc[VSTART] = 0x11; /* DC1 = XON = ^Q */ - } - - speed = translate_speed(inspeed); - if (speed) { - cfsetospeed(&tios, speed); - cfsetispeed(&tios, speed); - } else { - speed = cfgetospeed(&tios); - /* - * We can't proceed if the serial port speed is 0, - * since that implies that the serial port is disabled. - */ - if ((speed == B0) && !sync_serial) - fatal("Baud rate for %s is 0; need explicit baud rate", devnam); - } - - if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &tios) < 0) - fatal("tcsetattr: %m"); - -#ifndef CRTSCTS - if (!sync_serial && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){ - error("TCSETXF: %m"); - } -#endif - - baud_rate = inspeed = baud_rate_of(speed); - if (!sync_serial) - restore_term = 1; -} - -/* - * restore_tty - restore the terminal to the saved settings. - */ -void -restore_tty(fd) - int fd; -{ - if (restore_term) { - if (!default_device) { - /* - * Turn off echoing, because otherwise we can get into - * a loop with the tty and the modem echoing to each other. - * We presume we are the sole user of this tty device, so - * when we close it, it will revert to its defaults anyway. - */ - inittermios.c_lflag &= ~(ECHO | ECHONL); - } - if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0) - if (!hungup && errno != ENXIO) - warn("tcsetattr: %m"); -#ifndef CRTSCTS - if (!sync_serial && ioctl (fd, TCSETXF, &inittermiox) < 0){ - if (!hungup && errno != ENXIO) - error("TCSETXF: %m"); - } -#endif - if (!sync_serial) - ioctl(fd, TIOCSWINSZ, &wsinfo); - restore_term = 0; - } -} - -/* - * setdtr - control the DTR line on the serial port. - * This is called from die(), so it shouldn't call die(). - */ -void -setdtr(fd, on) -int fd, on; -{ - int modembits = TIOCM_DTR; - - ioctl(fd, (on? TIOCMBIS: TIOCMBIC), &modembits); -} - -/* - * open_loopback - open the device we use for getting packets - * in demand mode. Under Solaris 2, we use our existing fd - * to the ppp driver. - */ -int -open_ppp_loopback() -{ - return pppfd; -} - -/* - * output - Output PPP packet. - */ -void -output(unit, p, len) - int unit; - u_char *p; - int len; -{ - struct strbuf data; - int retries; - struct pollfd pfd; - - dump_packet("sent", p, len); - if (snoop_send_hook) snoop_send_hook(p, len); - - data.len = len; - data.buf = (caddr_t) p; - retries = 4; - while (putmsg(pppfd, NULL, &data, 0) < 0) { - if (--retries < 0 || (errno != EWOULDBLOCK && errno != EAGAIN)) { - if (errno != ENXIO) - error("Couldn't send packet: %m"); - break; - } - pfd.fd = pppfd; - pfd.events = POLLOUT; - poll(&pfd, 1, 250); /* wait for up to 0.25 seconds */ - } -} - - -/* - * wait_input - wait until there is data available, - * for the length of time specified by *timo (indefinite - * if timo is NULL). - */ -void -wait_input(timo) - struct timeval *timo; -{ - int t; - - t = timo == NULL? -1: timo->tv_sec * 1000 + timo->tv_usec / 1000; - if (poll(pollfds, n_pollfds, t) < 0 && errno != EINTR) - fatal("poll: %m"); -} - -/* - * add_fd - add an fd to the set that wait_input waits for. - */ -void add_fd(fd) - int fd; -{ - int n; - - for (n = 0; n < n_pollfds; ++n) - if (pollfds[n].fd == fd) - return; - if (n_pollfds < MAX_POLLFDS) { - pollfds[n_pollfds].fd = fd; - pollfds[n_pollfds].events = POLLIN | POLLPRI | POLLHUP; - ++n_pollfds; - } else - error("Too many inputs!"); -} - -/* - * remove_fd - remove an fd from the set that wait_input waits for. - */ -void remove_fd(fd) - int fd; -{ - int n; - - for (n = 0; n < n_pollfds; ++n) { - if (pollfds[n].fd == fd) { - while (++n < n_pollfds) - pollfds[n-1] = pollfds[n]; - --n_pollfds; - break; - } - } -} - -#if 0 -/* - * wait_loop_output - wait until there is data available on the - * loopback, for the length of time specified by *timo (indefinite - * if timo is NULL). - */ -void -wait_loop_output(timo) - struct timeval *timo; -{ - wait_input(timo); -} - -/* - * wait_time - wait for a given length of time or until a - * signal is received. - */ -void -wait_time(timo) - struct timeval *timo; -{ - int n; - - n = select(0, NULL, NULL, NULL, timo); - if (n < 0 && errno != EINTR) - fatal("select: %m"); -} -#endif - - -/* - * read_packet - get a PPP packet from the serial device. - */ -int -read_packet(buf) - u_char *buf; -{ - struct strbuf ctrl, data; - int flags, len; - unsigned char ctrlbuf[sizeof(union DL_primitives) + 64]; - - for (;;) { - data.maxlen = PPP_MRU + PPP_HDRLEN; - data.buf = (caddr_t) buf; - ctrl.maxlen = sizeof(ctrlbuf); - ctrl.buf = (caddr_t) ctrlbuf; - flags = 0; - len = getmsg(pppfd, &ctrl, &data, &flags); - if (len < 0) { - if (errno == EAGAIN || errno == EINTR) - return -1; - fatal("Error reading packet: %m"); - } - - if (ctrl.len <= 0) - return data.len; - - /* - * Got a M_PROTO or M_PCPROTO message. Interpret it - * as a DLPI primitive?? - */ - if (debug) - dbglog("got dlpi prim 0x%x, len=%d", - ((union DL_primitives *)ctrlbuf)->dl_primitive, ctrl.len); - - } -} - -/* - * get_loop_output - get outgoing packets from the ppp device, - * and detect when we want to bring the real link up. - * Return value is 1 if we need to bring up the link, 0 otherwise. - */ -int -get_loop_output() -{ - int len; - int rv = 0; - - while ((len = read_packet(inpacket_buf)) > 0) { - if (loop_frame(inpacket_buf, len)) - rv = 1; - } - return rv; -} - -/* - * netif_set_mtu - set the MTU on the PPP network interface. - */ -void -netif_set_mtu(unit, mtu) - int unit, mtu; -{ - struct ifreq ifr; -#if defined(INET6) && defined(SOL2) - struct lifreq lifr; - int fd; -#endif /* defined(INET6) && defined(SOL2) */ - - memset(&ifr, 0, sizeof(ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - ifr.ifr_metric = link_mtu; - if (ioctl(ipfd, SIOCSIFMTU, &ifr) < 0) { - error("Couldn't set IP MTU (%s): %m", ifr.ifr_name); - } - -#if defined(INET6) && defined(SOL2) - fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd < 0) - error("Couldn't open IPv6 socket: %m"); - - memset(&lifr, 0, sizeof(lifr)); - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - lifr.lifr_mtu = link_mtu; - if (ioctl(fd, SIOCSLIFMTU, &lifr) < 0) { - close(fd); - error("Couldn't set IPv6 MTU (%s): %m", ifr.ifr_name); - } - close(fd); -#endif /* defined(INET6) && defined(SOL2) */ -} - -/* - * tty_send_config - configure the transmit characteristics of - * the ppp interface. - */ -void -tty_send_config(mtu, asyncmap, pcomp, accomp) - int mtu; - u_int32_t asyncmap; - int pcomp, accomp; -{ - int cf[2]; - - link_mtu = mtu; - if (strioctl(pppfd, PPPIO_MTU, &mtu, sizeof(mtu), 0) < 0) { - if (hungup && errno == ENXIO) { - ++error_count; - return; - } - error("Couldn't set MTU: %m"); - } - if (fdmuxid >= 0) { - if (!sync_serial) { - if (strioctl(pppfd, PPPIO_XACCM, &asyncmap, sizeof(asyncmap), 0) < 0) - error("Couldn't set transmit ACCM: %m"); - } - cf[0] = (pcomp? COMP_PROT: 0) + (accomp? COMP_AC: 0); - cf[1] = COMP_PROT | COMP_AC; - if (any_compressions() && - strioctl(pppfd, PPPIO_CFLAGS, cf, sizeof(cf), sizeof(int)) < 0) - error("Couldn't set prot/AC compression: %m"); - } -} - -/* - * tty_set_xaccm - set the extended transmit ACCM for the interface. - */ -void -tty_set_xaccm(accm) - ext_accm accm; -{ - if (sync_serial) - return; - - if (fdmuxid >= 0 - && strioctl(pppfd, PPPIO_XACCM, accm, sizeof(ext_accm), 0) < 0) { - if (!hungup || errno != ENXIO) - warn("Couldn't set extended ACCM: %m"); - } -} - -/* - * tty_recv_config - configure the receive-side characteristics of - * the ppp interface. - */ -void -tty_recv_config(mru, asyncmap, pcomp, accomp) - int mru; - u_int32_t asyncmap; - int pcomp, accomp; -{ - int cf[2]; - - link_mru = mru; - if (strioctl(pppfd, PPPIO_MRU, &mru, sizeof(mru), 0) < 0) { - if (hungup && errno == ENXIO) { - ++error_count; - return; - } - error("Couldn't set MRU: %m"); - } - if (fdmuxid >= 0) { - if (!sync_serial) { - if (strioctl(pppfd, PPPIO_RACCM, &asyncmap, sizeof(asyncmap), 0) < 0) - error("Couldn't set receive ACCM: %m"); - } - cf[0] = (pcomp? DECOMP_PROT: 0) + (accomp? DECOMP_AC: 0); - cf[1] = DECOMP_PROT | DECOMP_AC; - if (any_compressions() && - strioctl(pppfd, PPPIO_CFLAGS, cf, sizeof(cf), sizeof(int)) < 0) - error("Couldn't set prot/AC decompression: %m"); - } -} - -/* - * ccp_test - ask kernel whether a given compression method - * is acceptable for use. - */ -int -ccp_test(unit, opt_ptr, opt_len, for_transmit) - int unit, opt_len, for_transmit; - u_char *opt_ptr; -{ - if (strioctl(pppfd, (for_transmit? PPPIO_XCOMP: PPPIO_RCOMP), - opt_ptr, opt_len, 0) >= 0) - return 1; - return (errno == ENOSR)? 0: -1; -} - -/* - * ccp_flags_set - inform kernel about the current state of CCP. - */ -void -ccp_flags_set(unit, isopen, isup) - int unit, isopen, isup; -{ - int cf[2]; - - cf[0] = (isopen? CCP_ISOPEN: 0) + (isup? CCP_ISUP: 0); - cf[1] = CCP_ISOPEN | CCP_ISUP | CCP_ERROR | CCP_FATALERROR; - if (strioctl(pppfd, PPPIO_CFLAGS, cf, sizeof(cf), sizeof(int)) < 0) { - if (!hungup || errno != ENXIO) - error("Couldn't set kernel CCP state: %m"); - } -} - -/* - * get_idle_time - return how long the link has been idle. - */ -int -get_idle_time(u, ip) - int u; - struct ppp_idle *ip; -{ - return strioctl(pppfd, PPPIO_GIDLE, ip, 0, sizeof(struct ppp_idle)) >= 0; -} - -/* - * get_ppp_stats - return statistics for the link. - */ -int -get_ppp_stats(u, stats) - int u; - struct pppd_stats *stats; -{ - struct ppp_stats s; - - if (!sync_serial && - strioctl(pppfd, PPPIO_GETSTAT, &s, 0, sizeof(s)) < 0) { - error("Couldn't get link statistics: %m"); - return 0; - } - stats->bytes_in = s.p.ppp_ibytes; - stats->bytes_out = s.p.ppp_obytes; - stats->pkts_in = s.p.ppp_ipackets; - stats->pkts_out = s.p.ppp_opackets; - return 1; -} - -#if 0 -/* - * set_filters - transfer the pass and active filters to the kernel. - */ -int -set_filters(pass, active) - struct bpf_program *pass, *active; -{ - int ret = 1; - - if (pass->bf_len > 0) { - if (strioctl(pppfd, PPPIO_PASSFILT, pass, - sizeof(struct bpf_program), 0) < 0) { - error("Couldn't set pass-filter in kernel: %m"); - ret = 0; - } - } - if (active->bf_len > 0) { - if (strioctl(pppfd, PPPIO_ACTIVEFILT, active, - sizeof(struct bpf_program), 0) < 0) { - error("Couldn't set active-filter in kernel: %m"); - ret = 0; - } - } - return ret; -} -#endif - -/* - * ccp_fatal_error - returns 1 if decompression was disabled as a - * result of an error detected after decompression of a packet, - * 0 otherwise. This is necessary because of patent nonsense. - */ -int -ccp_fatal_error(unit) - int unit; -{ - int cf[2]; - - cf[0] = cf[1] = 0; - if (strioctl(pppfd, PPPIO_CFLAGS, cf, sizeof(cf), sizeof(int)) < 0) { - if (errno != ENXIO && errno != EINVAL) - error("Couldn't get compression flags: %m"); - return 0; - } - return cf[0] & CCP_FATALERROR; -} - -/* - * sifvjcomp - config tcp header compression - */ -int -sifvjcomp(u, vjcomp, xcidcomp, xmaxcid) - int u, vjcomp, xcidcomp, xmaxcid; -{ - int cf[2]; - char maxcid[2]; - - if (vjcomp) { - maxcid[0] = xcidcomp; - maxcid[1] = 15; /* XXX should be rmaxcid */ - if (strioctl(pppfd, PPPIO_VJINIT, maxcid, sizeof(maxcid), 0) < 0) { - error("Couldn't initialize VJ compression: %m"); - } - } - - cf[0] = (vjcomp? COMP_VJC + DECOMP_VJC: 0) /* XXX this is wrong */ - + (xcidcomp? COMP_VJCCID + DECOMP_VJCCID: 0); - cf[1] = COMP_VJC + DECOMP_VJC + COMP_VJCCID + DECOMP_VJCCID; - if (strioctl(pppfd, PPPIO_CFLAGS, cf, sizeof(cf), sizeof(int)) < 0) { - if (vjcomp) - error("Couldn't enable VJ compression: %m"); - } - - return 1; -} - -/* - * sifup - Config the interface up and enable IP packets to pass. - */ -int -sifup(u) - int u; -{ - struct ifreq ifr; - - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(ipfd, SIOCGIFFLAGS, &ifr) < 0) { - error("Couldn't mark interface up (get): %m"); - return 0; - } - ifr.ifr_flags |= IFF_UP; - if (ioctl(ipfd, SIOCSIFFLAGS, &ifr) < 0) { - error("Couldn't mark interface up (set): %m"); - return 0; - } - if_is_up = 1; - return 1; -} - -/* - * sifdown - Config the interface down and disable IP. - */ -int -sifdown(u) - int u; -{ - struct ifreq ifr; - - if (ipmuxid < 0) - return 1; - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(ipfd, SIOCGIFFLAGS, &ifr) < 0) { - error("Couldn't mark interface down (get): %m"); - return 0; - } - ifr.ifr_flags &= ~IFF_UP; - if (ioctl(ipfd, SIOCSIFFLAGS, &ifr) < 0) { - error("Couldn't mark interface down (set): %m"); - return 0; - } - if_is_up = 0; - return 1; -} - -/* - * sifnpmode - Set the mode for handling packets for a given NP. - */ -int -sifnpmode(u, proto, mode) - int u; - int proto; - enum NPmode mode; -{ - int npi[2]; - - npi[0] = proto; - npi[1] = (int) mode; - if (strioctl(pppfd, PPPIO_NPMODE, &npi, 2 * sizeof(int), 0) < 0) { - error("ioctl(set NP %d mode to %d): %m", proto, mode); - return 0; - } - return 1; -} - -#if defined(SOL2) && defined(INET6) -/* - * sif6up - Config the IPv6 interface up and enable IPv6 packets to pass. - */ -int -sif6up(u) - int u; -{ - struct lifreq lifr; - int fd; - - fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd < 0) { - return 0; - } - - memset(&lifr, 0, sizeof(lifr)); - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - if (ioctl(fd, SIOCGLIFFLAGS, &lifr) < 0) { - close(fd); - return 0; - } - - lifr.lifr_flags |= IFF_UP; - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - if (ioctl(fd, SIOCSLIFFLAGS, &lifr) < 0) { - close(fd); - return 0; - } - - if6_is_up = 1; - close(fd); - return 1; -} - -/* - * sifdown - Config the IPv6 interface down and disable IPv6. - */ -int -sif6down(u) - int u; -{ - struct lifreq lifr; - int fd; - - fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd < 0) - return 0; - - memset(&lifr, 0, sizeof(lifr)); - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - if (ioctl(fd, SIOCGLIFFLAGS, &lifr) < 0) { - close(fd); - return 0; - } - - lifr.lifr_flags &= ~IFF_UP; - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - if (ioctl(fd, SIOCGLIFFLAGS, &lifr) < 0) { - close(fd); - return 0; - } - - if6_is_up = 0; - close(fd); - return 1; -} - -/* - * sif6addr - Config the interface with an IPv6 link-local address - */ -int -sif6addr(u, o, h) - int u; - eui64_t o, h; -{ - struct lifreq lifr; - struct sockaddr_storage laddr; - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&laddr; - int fd; - - fd = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd < 0) - return 0; - - memset(&lifr, 0, sizeof(lifr)); - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - - /* - * Do this because /dev/ppp responds to DL_PHYS_ADDR_REQ with - * zero values, hence the interface token came to be zero too, - * and without this, in.ndpd will complain - */ - IN6_LLTOKEN_FROM_EUI64(lifr, sin6, o); - if (ioctl(fd, SIOCSLIFTOKEN, &lifr) < 0) { - close(fd); - return 0; - } - - /* - * Set the interface address and destination address - */ - IN6_LLADDR_FROM_EUI64(lifr, sin6, o); - if (ioctl(fd, SIOCSLIFADDR, &lifr) < 0) { - close(fd); - return 0; - } - - memset(&lifr, 0, sizeof(lifr)); - strlcpy(lifr.lifr_name, ifname, sizeof(lifr.lifr_name)); - IN6_LLADDR_FROM_EUI64(lifr, sin6, h); - if (ioctl(fd, SIOCSLIFDSTADDR, &lifr) < 0) { - close(fd); - return 0; - } - - return 1; -} - -/* - * cif6addr - Remove the IPv6 address from interface - */ -int -cif6addr(u, o, h) - int u; - eui64_t o, h; -{ - return 1; -} - -#endif /* defined(SOL2) && defined(INET6) */ - - -#define INET_ADDR(x) (((struct sockaddr_in *) &(x))->sin_addr.s_addr) - -/* - * sifaddr - Config the interface IP addresses and netmask. - */ -int -sifaddr(u, o, h, m) - int u; - u_int32_t o, h, m; -{ - struct ifreq ifr; - int ret = 1; - - memset(&ifr, 0, sizeof(ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - ifr.ifr_addr.sa_family = AF_INET; - INET_ADDR(ifr.ifr_addr) = m; - if (ioctl(ipfd, SIOCSIFNETMASK, &ifr) < 0) { - error("Couldn't set IP netmask: %m"); - ret = 0; - } - ifr.ifr_addr.sa_family = AF_INET; - INET_ADDR(ifr.ifr_addr) = o; - if (ioctl(ipfd, SIOCSIFADDR, &ifr) < 0) { - error("Couldn't set local IP address: %m"); - ret = 0; - } - - /* - * On some systems, we have to explicitly set the point-to-point - * flag bit before we can set a destination address. - */ - if (ioctl(ipfd, SIOCGIFFLAGS, &ifr) >= 0 - && (ifr.ifr_flags & IFF_POINTOPOINT) == 0) { - ifr.ifr_flags |= IFF_POINTOPOINT; - if (ioctl(ipfd, SIOCSIFFLAGS, &ifr) < 0) { - error("Couldn't mark interface pt-to-pt: %m"); - ret = 0; - } - } - ifr.ifr_dstaddr.sa_family = AF_INET; - INET_ADDR(ifr.ifr_dstaddr) = h; - if (ioctl(ipfd, SIOCSIFDSTADDR, &ifr) < 0) { - error("Couldn't set remote IP address: %m"); - ret = 0; - } - - remote_addr = h; - return ret; -} - -/* - * cifaddr - Clear the interface IP addresses, and delete routes - * through the interface if possible. - */ -int -cifaddr(u, o, h) - int u; - u_int32_t o, h; -{ -#if defined(__USLC__) /* was: #if 0 */ - cifroute(unit, ouraddr, hisaddr); - if (ipmuxid >= 0) { - notice("Removing ppp interface unit"); - if (ioctl(ipfd, I_UNLINK, ipmuxid) < 0) { - error("Can't remove ppp interface unit: %m"); - return 0; - } - ipmuxid = -1; - } -#endif - remote_addr = 0; - return 1; -} - -/* - * sifdefaultroute - assign a default route through the address given. - */ -int -sifdefaultroute(u, l, g) - int u; - u_int32_t l, g; -{ - struct rtentry rt; - -#if defined(__USLC__) - g = l; /* use the local address as gateway */ -#endif - memset(&rt, 0, sizeof(rt)); - rt.rt_dst.sa_family = AF_INET; - INET_ADDR(rt.rt_dst) = 0; - rt.rt_gateway.sa_family = AF_INET; - INET_ADDR(rt.rt_gateway) = g; - rt.rt_flags = RTF_GATEWAY; - - if (ioctl(ipfd, SIOCADDRT, &rt) < 0) { - error("Can't add default route: %m"); - return 0; - } - - default_route_gateway = g; - return 1; -} - -/* - * cifdefaultroute - delete a default route through the address given. - */ -int -cifdefaultroute(u, l, g) - int u; - u_int32_t l, g; -{ - struct rtentry rt; - -#if defined(__USLC__) - g = l; /* use the local address as gateway */ -#endif - memset(&rt, 0, sizeof(rt)); - rt.rt_dst.sa_family = AF_INET; - INET_ADDR(rt.rt_dst) = 0; - rt.rt_gateway.sa_family = AF_INET; - INET_ADDR(rt.rt_gateway) = g; - rt.rt_flags = RTF_GATEWAY; - - if (ioctl(ipfd, SIOCDELRT, &rt) < 0) { - error("Can't delete default route: %m"); - return 0; - } - - default_route_gateway = 0; - return 1; -} - -/* - * sifproxyarp - Make a proxy ARP entry for the peer. - */ -int -sifproxyarp(unit, hisaddr) - int unit; - u_int32_t hisaddr; -{ - struct arpreq arpreq; - - memset(&arpreq, 0, sizeof(arpreq)); - if (!get_ether_addr(hisaddr, &arpreq.arp_ha)) - return 0; - - arpreq.arp_pa.sa_family = AF_INET; - INET_ADDR(arpreq.arp_pa) = hisaddr; - arpreq.arp_flags = ATF_PERM | ATF_PUBL; - if (ioctl(ipfd, SIOCSARP, (caddr_t) &arpreq) < 0) { - error("Couldn't set proxy ARP entry: %m"); - return 0; - } - - proxy_arp_addr = hisaddr; - return 1; -} - -/* - * cifproxyarp - Delete the proxy ARP entry for the peer. - */ -int -cifproxyarp(unit, hisaddr) - int unit; - u_int32_t hisaddr; -{ - struct arpreq arpreq; - - memset(&arpreq, 0, sizeof(arpreq)); - arpreq.arp_pa.sa_family = AF_INET; - INET_ADDR(arpreq.arp_pa) = hisaddr; - if (ioctl(ipfd, SIOCDARP, (caddr_t)&arpreq) < 0) { - error("Couldn't delete proxy ARP entry: %m"); - return 0; - } - - proxy_arp_addr = 0; - return 1; -} - -/* - * get_ether_addr - get the hardware address of an interface on the - * the same subnet as ipaddr. - */ -#define MAX_IFS 32 - -static int -get_ether_addr(ipaddr, hwaddr) - u_int32_t ipaddr; - struct sockaddr *hwaddr; -{ - struct ifreq *ifr, *ifend, ifreq; - int nif; - struct ifconf ifc; - u_int32_t ina, mask; - - /* - * Scan through the system's network interfaces. - */ -#ifdef SIOCGIFNUM - if (ioctl(ipfd, SIOCGIFNUM, &nif) < 0) -#endif - nif = MAX_IFS; - ifc.ifc_len = nif * sizeof(struct ifreq); - ifc.ifc_buf = (caddr_t) malloc(ifc.ifc_len); - if (ifc.ifc_buf == 0) - return 0; - if (ioctl(ipfd, SIOCGIFCONF, &ifc) < 0) { - warn("Couldn't get system interface list: %m"); - free(ifc.ifc_buf); - return 0; - } - ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ++ifr) { - if (ifr->ifr_addr.sa_family != AF_INET) - continue; - /* - * Check that the interface is up, and not point-to-point or loopback. - */ - strlcpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); - if (ioctl(ipfd, SIOCGIFFLAGS, &ifreq) < 0) - continue; - if ((ifreq.ifr_flags & - (IFF_UP|IFF_BROADCAST|IFF_POINTOPOINT|IFF_LOOPBACK|IFF_NOARP)) - != (IFF_UP|IFF_BROADCAST)) - continue; - /* - * Get its netmask and check that it's on the right subnet. - */ - if (ioctl(ipfd, SIOCGIFNETMASK, &ifreq) < 0) - continue; - ina = INET_ADDR(ifr->ifr_addr); - mask = INET_ADDR(ifreq.ifr_addr); - if ((ipaddr & mask) == (ina & mask)) - break; - } - - if (ifr >= ifend) { - warn("No suitable interface found for proxy ARP"); - free(ifc.ifc_buf); - return 0; - } - - info("found interface %s for proxy ARP", ifr->ifr_name); - if (!get_hw_addr(ifr->ifr_name, ina, hwaddr)) { - error("Couldn't get hardware address for %s", ifr->ifr_name); - free(ifc.ifc_buf); - return 0; - } - - free(ifc.ifc_buf); - return 1; -} - -/* - * get_hw_addr_dlpi - obtain the hardware address using DLPI - */ -static int -get_hw_addr_dlpi(name, hwaddr) - char *name; - struct sockaddr *hwaddr; -{ - char *p, *q; - int unit, iffd, adrlen; - unsigned char *adrp; - char ifdev[24]; - struct { - union DL_primitives prim; - char space[64]; - } reply; - - /* - * We have to open the device and ask it for its hardware address. - * First split apart the device name and unit. - */ - slprintf(ifdev, sizeof(ifdev), "/dev/%s", name); - for (q = ifdev + strlen(ifdev); --q >= ifdev; ) - if (!isdigit(*q)) - break; - unit = atoi(q+1); - q[1] = 0; - - /* - * Open the device and do a DLPI attach and phys_addr_req. - */ - iffd = open(ifdev, O_RDWR); - if (iffd < 0) { - error("Can't open %s: %m", ifdev); - return 0; - } - if (dlpi_attach(iffd, unit) < 0 - || dlpi_get_reply(iffd, &reply.prim, DL_OK_ACK, sizeof(reply)) < 0 - || dlpi_info_req(iffd) < 0 - || dlpi_get_reply(iffd, &reply.prim, DL_INFO_ACK, sizeof(reply)) < 0) { - close(iffd); - return 0; - } - - adrlen = reply.prim.info_ack.dl_addr_length; - adrp = (unsigned char *)&reply + reply.prim.info_ack.dl_addr_offset; - -#if DL_CURRENT_VERSION >= 2 - if (reply.prim.info_ack.dl_sap_length < 0) - adrlen += reply.prim.info_ack.dl_sap_length; - else - adrp += reply.prim.info_ack.dl_sap_length; -#endif - - hwaddr->sa_family = AF_UNSPEC; - memcpy(hwaddr->sa_data, adrp, adrlen); - - return 1; -} -/* - * get_hw_addr - obtain the hardware address for a named interface. - */ -static int -get_hw_addr(name, ina, hwaddr) - char *name; - u_int32_t ina; - struct sockaddr *hwaddr; -{ - /* New way - get the address by doing an arp request. */ - int s; - struct arpreq req; - - s = socket(AF_INET, SOCK_DGRAM, 0); - if (s < 0) - return 0; - memset(&req, 0, sizeof(req)); - req.arp_pa.sa_family = AF_INET; - INET_ADDR(req.arp_pa) = ina; - if (ioctl(s, SIOCGARP, &req) < 0) { - error("Couldn't get ARP entry for %s: %m", ip_ntoa(ina)); - return 0; - } - *hwaddr = req.arp_ha; - hwaddr->sa_family = AF_UNSPEC; - - return 1; -} - -static int -dlpi_attach(fd, ppa) - int fd, ppa; -{ - dl_attach_req_t req; - struct strbuf buf; - - req.dl_primitive = DL_ATTACH_REQ; - req.dl_ppa = ppa; - buf.len = sizeof(req); - buf.buf = (void *) &req; - return putmsg(fd, &buf, NULL, RS_HIPRI); -} - -static int -dlpi_info_req(fd) - int fd; -{ - dl_info_req_t req; - struct strbuf buf; - - req.dl_primitive = DL_INFO_REQ; - buf.len = sizeof(req); - buf.buf = (void *) &req; - return putmsg(fd, &buf, NULL, RS_HIPRI); -} - -static int -dlpi_get_reply(fd, reply, expected_prim, maxlen) - union DL_primitives *reply; - int fd, expected_prim, maxlen; -{ - struct strbuf buf; - int flags, n; - struct pollfd pfd; - - /* - * Use poll to wait for a message with a timeout. - */ - pfd.fd = fd; - pfd.events = POLLIN | POLLPRI; - do { - n = poll(&pfd, 1, 1000); - } while (n == -1 && errno == EINTR); - if (n <= 0) - return -1; - - /* - * Get the reply. - */ - buf.maxlen = maxlen; - buf.buf = (void *) reply; - flags = 0; - if (getmsg(fd, &buf, NULL, &flags) < 0) - return -1; - - if (buf.len < sizeof(ulong)) { - if (debug) - dbglog("dlpi response short (len=%d)\n", buf.len); - return -1; - } - - if (reply->dl_primitive == expected_prim) - return 0; - - if (debug) { - if (reply->dl_primitive == DL_ERROR_ACK) { - dbglog("dlpi error %d (unix errno %d) for prim %x\n", - reply->error_ack.dl_errno, reply->error_ack.dl_unix_errno, - reply->error_ack.dl_error_primitive); - } else { - dbglog("dlpi unexpected response prim %x\n", - reply->dl_primitive); - } - } - - return -1; -} - -/* - * Return user specified netmask, modified by any mask we might determine - * for address `addr' (in network byte order). - * Here we scan through the system's list of interfaces, looking for - * any non-point-to-point interfaces which might appear to be on the same - * network as `addr'. If we find any, we OR in their netmask to the - * user-specified netmask. - */ -u_int32_t -GetMask(addr) - u_int32_t addr; -{ - u_int32_t mask, nmask, ina; - struct ifreq *ifr, *ifend, ifreq; - int nif; - struct ifconf ifc; - - addr = ntohl(addr); - if (IN_CLASSA(addr)) /* determine network mask for address class */ - nmask = IN_CLASSA_NET; - else if (IN_CLASSB(addr)) - nmask = IN_CLASSB_NET; - else - nmask = IN_CLASSC_NET; - /* class D nets are disallowed by bad_ip_adrs */ - mask = netmask | htonl(nmask); - - /* - * Scan through the system's network interfaces. - */ -#ifdef SIOCGIFNUM - if (ioctl(ipfd, SIOCGIFNUM, &nif) < 0) -#endif - nif = MAX_IFS; - ifc.ifc_len = nif * sizeof(struct ifreq); - ifc.ifc_buf = (caddr_t) malloc(ifc.ifc_len); - if (ifc.ifc_buf == 0) - return mask; - if (ioctl(ipfd, SIOCGIFCONF, &ifc) < 0) { - warn("Couldn't get system interface list: %m"); - free(ifc.ifc_buf); - return mask; - } - ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len); - for (ifr = ifc.ifc_req; ifr < ifend; ++ifr) { - /* - * Check the interface's internet address. - */ - if (ifr->ifr_addr.sa_family != AF_INET) - continue; - ina = INET_ADDR(ifr->ifr_addr); - if ((ntohl(ina) & nmask) != (addr & nmask)) - continue; - /* - * Check that the interface is up, and not point-to-point or loopback. - */ - strlcpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); - if (ioctl(ipfd, SIOCGIFFLAGS, &ifreq) < 0) - continue; - if ((ifreq.ifr_flags & (IFF_UP|IFF_POINTOPOINT|IFF_LOOPBACK)) - != IFF_UP) - continue; - /* - * Get its netmask and OR it into our mask. - */ - if (ioctl(ipfd, SIOCGIFNETMASK, &ifreq) < 0) - continue; - mask |= INET_ADDR(ifreq.ifr_addr); - } - - free(ifc.ifc_buf); - return mask; -} - -/* - * logwtmp - write an accounting record to the /var/adm/wtmp file. - */ -void -logwtmp(line, name, host) - const char *line, *name, *host; -{ - static struct utmpx utmpx; - - if (name[0] != 0) { - /* logging in */ - strncpy(utmpx.ut_user, name, sizeof(utmpx.ut_user)); - strncpy(utmpx.ut_id, ifname, sizeof(utmpx.ut_id)); - strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); - utmpx.ut_pid = getpid(); - utmpx.ut_type = USER_PROCESS; - } else { - utmpx.ut_type = DEAD_PROCESS; - } - gettimeofday(&utmpx.ut_tv, NULL); - updwtmpx("/var/adm/wtmpx", &utmpx); -} - -/* - * get_host_seed - return the serial number of this machine. - */ -int -get_host_seed() -{ - char buf[32]; - - if (sysinfo(SI_HW_SERIAL, buf, sizeof(buf)) < 0) { - error("sysinfo: %m"); - return 0; - } - return (int) strtoul(buf, NULL, 16); -} - -static int -strioctl(fd, cmd, ptr, ilen, olen) - int fd, cmd, ilen, olen; - void *ptr; -{ - struct strioctl str; - - str.ic_cmd = cmd; - str.ic_timout = 0; - str.ic_len = ilen; - str.ic_dp = ptr; - if (ioctl(fd, I_STR, &str) == -1) - return -1; - if (str.ic_len != olen) - dbglog("strioctl: expected %d bytes, got %d for cmd %x\n", - olen, str.ic_len, cmd); - return 0; -} - -#if 0 -/* - * lock - create a lock file for the named lock device - */ - -#define LOCK_PREFIX "/var/spool/locks/LK." -static char lock_file[40]; /* name of lock file created */ - -int -lock(dev) - char *dev; -{ - int n, fd, pid; - struct stat sbuf; - char ascii_pid[12]; - - if (stat(dev, &sbuf) < 0) { - error("Can't get device number for %s: %m", dev); - return -1; - } - if ((sbuf.st_mode & S_IFMT) != S_IFCHR) { - error("Can't lock %s: not a character device", dev); - return -1; - } - slprintf(lock_file, sizeof(lock_file), "%s%03d.%03d.%03d", - LOCK_PREFIX, major(sbuf.st_dev), - major(sbuf.st_rdev), minor(sbuf.st_rdev)); - - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { - if (errno == EEXIST - && (fd = open(lock_file, O_RDONLY, 0)) >= 0) { - /* Read the lock file to find out who has the device locked */ - n = read(fd, ascii_pid, 11); - if (n <= 0) { - error("Can't read pid from lock file %s", lock_file); - close(fd); - } else { - ascii_pid[n] = 0; - pid = atoi(ascii_pid); - if (pid > 0 && kill(pid, 0) == -1 && errno == ESRCH) { - /* pid no longer exists - remove the lock file */ - if (unlink(lock_file) == 0) { - close(fd); - notice("Removed stale lock on %s (pid %d)", - dev, pid); - continue; - } else - warn("Couldn't remove stale lock on %s", - dev); - } else - notice("Device %s is locked by pid %d", - dev, pid); - } - close(fd); - } else - error("Can't create lock file %s: %m", lock_file); - lock_file[0] = 0; - return -1; - } - - slprintf(ascii_pid, sizeof(ascii_pid), "%10d\n", getpid()); - write(fd, ascii_pid, 11); - - close(fd); - return 1; -} - -/* - * unlock - remove our lockfile - */ -void -unlock() -{ - if (lock_file[0]) { - unlink(lock_file); - lock_file[0] = 0; - } -} -#endif - -/* - * cifroute - delete a route through the addresses given. - */ -int -cifroute(u, our, his) - int u; - u_int32_t our, his; -{ - struct rtentry rt; - - memset(&rt, 0, sizeof(rt)); - rt.rt_dst.sa_family = AF_INET; - INET_ADDR(rt.rt_dst) = his; - rt.rt_gateway.sa_family = AF_INET; - INET_ADDR(rt.rt_gateway) = our; - rt.rt_flags = RTF_HOST; - - if (ioctl(ipfd, SIOCDELRT, &rt) < 0) { - error("Can't delete route: %m"); - return 0; - } - - return 1; -} - -/* - * have_route_to - determine if the system has a route to the specified - * IP address. Returns 0 if not, 1 if so, -1 if we can't tell. - * `addr' is in network byte order. - * For demand mode to work properly, we have to ignore routes - * through our own interface. - */ -#ifndef T_CURRENT /* needed for Solaris 2.5 */ -#define T_CURRENT MI_T_CURRENT -#endif - -int -have_route_to(addr) - u_int32_t addr; -{ -#ifdef SOL2 - int fd, r, flags, i; - struct { - struct T_optmgmt_req req; - struct opthdr hdr; - } req; - union { - struct T_optmgmt_ack ack; - unsigned char space[64]; - } ack; - struct opthdr *rh; - struct strbuf cbuf, dbuf; - int nroutes; - mib2_ipRouteEntry_t routes[8]; - mib2_ipRouteEntry_t *rp; - - fd = open(mux_dev_name, O_RDWR); - if (fd < 0) { - warn("have_route_to: couldn't open %s: %m", mux_dev_name); - return -1; - } - - req.req.PRIM_type = T_OPTMGMT_REQ; - req.req.OPT_offset = (char *) &req.hdr - (char *) &req; - req.req.OPT_length = sizeof(req.hdr); - req.req.MGMT_flags = T_CURRENT; - - req.hdr.level = MIB2_IP; - req.hdr.name = 0; - req.hdr.len = 0; - - cbuf.buf = (char *) &req; - cbuf.len = sizeof(req); - - if (putmsg(fd, &cbuf, NULL, 0) == -1) { - warn("have_route_to: putmsg: %m"); - close(fd); - return -1; - } - - for (;;) { - cbuf.buf = (char *) &ack; - cbuf.maxlen = sizeof(ack); - dbuf.buf = (char *) routes; - dbuf.maxlen = sizeof(routes); - flags = 0; - r = getmsg(fd, &cbuf, &dbuf, &flags); - if (r == -1) { - warn("have_route_to: getmsg: %m"); - close(fd); - return -1; - } - - if (cbuf.len < sizeof(struct T_optmgmt_ack) - || ack.ack.PRIM_type != T_OPTMGMT_ACK - || ack.ack.MGMT_flags != T_SUCCESS - || ack.ack.OPT_length < sizeof(struct opthdr)) { - dbglog("have_route_to: bad message len=%d prim=%d", - cbuf.len, ack.ack.PRIM_type); - close(fd); - return -1; - } - - rh = (struct opthdr *) ((char *)&ack + ack.ack.OPT_offset); - if (rh->level == 0 && rh->name == 0) - break; - if (rh->level != MIB2_IP || rh->name != MIB2_IP_21) { - while (r == MOREDATA) - r = getmsg(fd, NULL, &dbuf, &flags); - continue; - } - - for (;;) { - nroutes = dbuf.len / sizeof(mib2_ipRouteEntry_t); - for (rp = routes, i = 0; i < nroutes; ++i, ++rp) { - if (rp->ipRouteMask != ~0) { - dbglog("have_route_to: dest=%x gw=%x mask=%x\n", - rp->ipRouteDest, rp->ipRouteNextHop, - rp->ipRouteMask); - if (((addr ^ rp->ipRouteDest) & rp->ipRouteMask) == 0 - && rp->ipRouteNextHop != remote_addr) - return 1; - } - } - if (r == 0) - break; - r = getmsg(fd, NULL, &dbuf, &flags); - } - } - close(fd); - return 0; -#else - return -1; -#endif /* SOL2 */ -} - -/* - * get_pty - get a pty master/slave pair and chown the slave side to - * the uid given. Assumes slave_name points to MAXPATHLEN bytes of space. - */ -int -get_pty(master_fdp, slave_fdp, slave_name, uid) - int *master_fdp; - int *slave_fdp; - char *slave_name; - int uid; -{ - int mfd, sfd; - char *pty_name; - struct termios tios; - - mfd = open("/dev/ptmx", O_RDWR); - if (mfd < 0) { - error("Couldn't open pty master: %m"); - return 0; - } - - pty_name = ptsname(mfd); - if (pty_name == NULL) { - error("Couldn't get name of pty slave"); - close(mfd); - return 0; - } - if (chown(pty_name, uid, -1) < 0) - warn("Couldn't change owner of pty slave: %m"); - if (chmod(pty_name, S_IRUSR | S_IWUSR) < 0) - warn("Couldn't change permissions on pty slave: %m"); - if (unlockpt(mfd) < 0) - warn("Couldn't unlock pty slave: %m"); - - sfd = open(pty_name, O_RDWR); - if (sfd < 0) { - error("Couldn't open pty slave %s: %m", pty_name); - close(mfd); - return 0; - } - if (ioctl(sfd, I_PUSH, "ptem") < 0) - warn("Couldn't push ptem module on pty slave: %m"); - - dbglog("Using %s", pty_name); - strlcpy(slave_name, pty_name, MAXPATHLEN); - *master_fdp = mfd; - *slave_fdp = sfd; - - return 1; -} diff --git a/pppd/tdb.c b/pppd/tdb.c deleted file mode 100644 index bdc5828..0000000 --- a/pppd/tdb.c +++ /dev/null @@ -1,2009 +0,0 @@ - /* - Unix SMB/CIFS implementation. - - trivial database library - - Copyright (C) Andrew Tridgell 1999-2004 - Copyright (C) Paul `Rusty' Russell 2000 - Copyright (C) Jeremy Allison 2000-2003 - - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -*/ - - -/* NOTE: If you use tdbs under valgrind, and in particular if you run - * tdbtorture, you may get spurious "uninitialized value" warnings. I - * think this is because valgrind doesn't understand that the mmap'd - * area may be written to by other processes. Memory can, from the - * point of view of the grinded process, spontaneously become - * initialized. - * - * I can think of a few solutions. [mbp 20030311] - * - * 1 - Write suppressions for Valgrind so that it doesn't complain - * about this. Probably the most reasonable but people need to - * remember to use them. - * - * 2 - Use IO not mmap when running under valgrind. Not so nice. - * - * 3 - Use the special valgrind macros to mark memory as valid at the - * right time. Probably too hard -- the process just doesn't know. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "tdb.h" -#include "spinlock.h" - -#define TDB_MAGIC_FOOD "TDB file\n" -#define TDB_VERSION (0x26011967 + 6) -#define TDB_MAGIC (0x26011999U) -#define TDB_FREE_MAGIC (~TDB_MAGIC) -#define TDB_DEAD_MAGIC (0xFEE1DEAD) -#define TDB_ALIGNMENT 4 -#define MIN_REC_SIZE (2*sizeof(struct list_struct) + TDB_ALIGNMENT) -#define DEFAULT_HASH_SIZE 131 -#define TDB_PAGE_SIZE 0x2000 -#define FREELIST_TOP (sizeof(struct tdb_header)) -#define TDB_ALIGN(x,a) (((x) + (a)-1) & ~((a)-1)) -#define TDB_BYTEREV(x) (((((x)&0xff)<<24)|((x)&0xFF00)<<8)|(((x)>>8)&0xFF00)|((x)>>24)) -#define TDB_DEAD(r) ((r)->magic == TDB_DEAD_MAGIC) -#define TDB_BAD_MAGIC(r) ((r)->magic != TDB_MAGIC && !TDB_DEAD(r)) -#define TDB_HASH_TOP(hash) (FREELIST_TOP + (BUCKET(hash)+1)*sizeof(tdb_off)) -#define TDB_DATA_START(hash_size) (TDB_HASH_TOP(hash_size-1) + TDB_SPINLOCK_SIZE(hash_size)) - - -/* NB assumes there is a local variable called "tdb" that is the - * current context, also takes doubly-parenthesized print-style - * argument. */ -#define TDB_LOG(x) (tdb->log_fn?((tdb->log_fn x),0) : 0) - -/* lock offsets */ -#define GLOBAL_LOCK 0 -#define ACTIVE_LOCK 4 - -#ifndef MAP_FILE -#define MAP_FILE 0 -#endif - -#ifndef MAP_FAILED -#define MAP_FAILED ((void *)-1) -#endif - -/* free memory if the pointer is valid and zero the pointer */ -#ifndef SAFE_FREE -#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0) -#endif - -#define BUCKET(hash) ((hash) % tdb->header.hash_size) -TDB_DATA tdb_null; - -/* all contexts, to ensure no double-opens (fcntl locks don't nest!) */ -static TDB_CONTEXT *tdbs = NULL; - -static int tdb_munmap(TDB_CONTEXT *tdb) -{ - if (tdb->flags & TDB_INTERNAL) - return 0; - -#ifdef HAVE_MMAP - if (tdb->map_ptr) { - int ret = munmap(tdb->map_ptr, tdb->map_size); - if (ret != 0) - return ret; - } -#endif - tdb->map_ptr = NULL; - return 0; -} - -static void tdb_mmap(TDB_CONTEXT *tdb) -{ - if (tdb->flags & TDB_INTERNAL) - return; - -#ifdef HAVE_MMAP - if (!(tdb->flags & TDB_NOMMAP)) { - tdb->map_ptr = mmap(NULL, tdb->map_size, - PROT_READ|(tdb->read_only? 0:PROT_WRITE), - MAP_SHARED|MAP_FILE, tdb->fd, 0); - - /* - * NB. When mmap fails it returns MAP_FAILED *NOT* NULL !!!! - */ - - if (tdb->map_ptr == MAP_FAILED) { - tdb->map_ptr = NULL; - TDB_LOG((tdb, 2, "tdb_mmap failed for size %d (%s)\n", - tdb->map_size, strerror(errno))); - } - } else { - tdb->map_ptr = NULL; - } -#else - tdb->map_ptr = NULL; -#endif -} - -/* Endian conversion: we only ever deal with 4 byte quantities */ -static void *convert(void *buf, u32 size) -{ - u32 i, *p = buf; - for (i = 0; i < size / 4; i++) - p[i] = TDB_BYTEREV(p[i]); - return buf; -} -#define DOCONV() (tdb->flags & TDB_CONVERT) -#define CONVERT(x) (DOCONV() ? convert(&x, sizeof(x)) : &x) - -/* the body of the database is made of one list_struct for the free space - plus a separate data list for each hash value */ -struct list_struct { - tdb_off next; /* offset of the next record in the list */ - tdb_len rec_len; /* total byte length of record */ - tdb_len key_len; /* byte length of key */ - tdb_len data_len; /* byte length of data */ - u32 full_hash; /* the full 32 bit hash of the key */ - u32 magic; /* try to catch errors */ - /* the following union is implied: - union { - char record[rec_len]; - struct { - char key[key_len]; - char data[data_len]; - } - u32 totalsize; (tailer) - } - */ -}; - -/*************************************************************** - Allow a caller to set a "alarm" flag that tdb can check to abort - a blocking lock on SIGALRM. -***************************************************************/ - -static sig_atomic_t *palarm_fired; - -void tdb_set_lock_alarm(sig_atomic_t *palarm) -{ - palarm_fired = palarm; -} - -/* a byte range locking function - return 0 on success - this functions locks/unlocks 1 byte at the specified offset. - - On error, errno is also set so that errors are passed back properly - through tdb_open(). */ -static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, - int rw_type, int lck_type, int probe) -{ - struct flock fl; - int ret; - - if (tdb->flags & TDB_NOLOCK) - return 0; - if ((rw_type == F_WRLCK) && (tdb->read_only)) { - errno = EACCES; - return -1; - } - - fl.l_type = rw_type; - fl.l_whence = SEEK_SET; - fl.l_start = offset; - fl.l_len = 1; - fl.l_pid = 0; - - do { - ret = fcntl(tdb->fd,lck_type,&fl); - if (ret == -1 && errno == EINTR && palarm_fired && *palarm_fired) - break; - } while (ret == -1 && errno == EINTR); - - if (ret == -1) { - if (!probe && lck_type != F_SETLK) { - /* Ensure error code is set for log fun to examine. */ - if (errno == EINTR && palarm_fired && *palarm_fired) - tdb->ecode = TDB_ERR_LOCK_TIMEOUT; - else - tdb->ecode = TDB_ERR_LOCK; - TDB_LOG((tdb, 5,"tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d\n", - tdb->fd, offset, rw_type, lck_type)); - } - /* Was it an alarm timeout ? */ - if (errno == EINTR && palarm_fired && *palarm_fired) { - TDB_LOG((tdb, 5, "tdb_brlock timed out (fd=%d) at offset %d rw_type=%d lck_type=%d\n", - tdb->fd, offset, rw_type, lck_type)); - return TDB_ERRCODE(TDB_ERR_LOCK_TIMEOUT, -1); - } - /* Otherwise - generic lock error. errno set by fcntl. - * EAGAIN is an expected return from non-blocking - * locks. */ - if (errno != EAGAIN) { - TDB_LOG((tdb, 5, "tdb_brlock failed (fd=%d) at offset %d rw_type=%d lck_type=%d: %s\n", - tdb->fd, offset, rw_type, lck_type, - strerror(errno))); - } - return TDB_ERRCODE(TDB_ERR_LOCK, -1); - } - return 0; -} - -/* lock a list in the database. list -1 is the alloc list */ -static int tdb_lock(TDB_CONTEXT *tdb, int list, int ltype) -{ - if (list < -1 || list >= (int)tdb->header.hash_size) { - TDB_LOG((tdb, 0,"tdb_lock: invalid list %d for ltype=%d\n", - list, ltype)); - return -1; - } - if (tdb->flags & TDB_NOLOCK) - return 0; - - /* Since fcntl locks don't nest, we do a lock for the first one, - and simply bump the count for future ones */ - if (tdb->locked[list+1].count == 0) { - if (!tdb->read_only && tdb->header.rwlocks) { - if (tdb_spinlock(tdb, list, ltype)) { - TDB_LOG((tdb, 0, "tdb_lock spinlock failed on list %d ltype=%d\n", - list, ltype)); - return -1; - } - } else if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW, 0)) { - TDB_LOG((tdb, 0,"tdb_lock failed on list %d ltype=%d (%s)\n", - list, ltype, strerror(errno))); - return -1; - } - tdb->locked[list+1].ltype = ltype; - } - tdb->locked[list+1].count++; - return 0; -} - -/* unlock the database: returns void because it's too late for errors. */ - /* changed to return int it may be interesting to know there - has been an error --simo */ -static int tdb_unlock(TDB_CONTEXT *tdb, int list, int ltype) -{ - int ret = -1; - - if (tdb->flags & TDB_NOLOCK) - return 0; - - /* Sanity checks */ - if (list < -1 || list >= (int)tdb->header.hash_size) { - TDB_LOG((tdb, 0, "tdb_unlock: list %d invalid (%d)\n", list, tdb->header.hash_size)); - return ret; - } - - if (tdb->locked[list+1].count==0) { - TDB_LOG((tdb, 0, "tdb_unlock: count is 0\n")); - return ret; - } - - if (tdb->locked[list+1].count == 1) { - /* Down to last nested lock: unlock underneath */ - if (!tdb->read_only && tdb->header.rwlocks) { - ret = tdb_spinunlock(tdb, list, ltype); - } else { - ret = tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW, 0); - } - } else { - ret = 0; - } - tdb->locked[list+1].count--; - - if (ret) - TDB_LOG((tdb, 0,"tdb_unlock: An error occurred unlocking!\n")); - return ret; -} - -/* check for an out of bounds access - if it is out of bounds then - see if the database has been expanded by someone else and expand - if necessary - note that "len" is the minimum length needed for the db -*/ -static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe) -{ - struct stat st; - if (len <= tdb->map_size) - return 0; - if (tdb->flags & TDB_INTERNAL) { - if (!probe) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_IO; - TDB_LOG((tdb, 0,"tdb_oob len %d beyond internal malloc size %d\n", - (int)len, (int)tdb->map_size)); - } - return TDB_ERRCODE(TDB_ERR_IO, -1); - } - - if (fstat(tdb->fd, &st) == -1) - return TDB_ERRCODE(TDB_ERR_IO, -1); - - if (st.st_size < (size_t)len) { - if (!probe) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_IO; - TDB_LOG((tdb, 0,"tdb_oob len %d beyond eof at %d\n", - (int)len, (int)st.st_size)); - } - return TDB_ERRCODE(TDB_ERR_IO, -1); - } - - /* Unmap, update size, remap */ - if (tdb_munmap(tdb) == -1) - return TDB_ERRCODE(TDB_ERR_IO, -1); - tdb->map_size = st.st_size; - tdb_mmap(tdb); - return 0; -} - -/* write a lump of data at a specified offset */ -static int tdb_write(TDB_CONTEXT *tdb, tdb_off off, void *buf, tdb_len len) -{ - if (tdb_oob(tdb, off + len, 0) != 0) - return -1; - - if (tdb->map_ptr) - memcpy(off + (char *)tdb->map_ptr, buf, len); -#ifdef HAVE_PWRITE - else if (pwrite(tdb->fd, buf, len, off) != (ssize_t)len) { -#else - else if (lseek(tdb->fd, off, SEEK_SET) != off - || write(tdb->fd, buf, len) != (ssize_t)len) { -#endif - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_IO; - TDB_LOG((tdb, 0,"tdb_write failed at %d len=%d (%s)\n", - off, len, strerror(errno))); - return TDB_ERRCODE(TDB_ERR_IO, -1); - } - return 0; -} - -/* read a lump of data at a specified offset, maybe convert */ -static int tdb_read(TDB_CONTEXT *tdb,tdb_off off,void *buf,tdb_len len,int cv) -{ - if (tdb_oob(tdb, off + len, 0) != 0) - return -1; - - if (tdb->map_ptr) - memcpy(buf, off + (char *)tdb->map_ptr, len); -#ifdef HAVE_PREAD - else if (pread(tdb->fd, buf, len, off) != (ssize_t)len) { -#else - else if (lseek(tdb->fd, off, SEEK_SET) != off - || read(tdb->fd, buf, len) != (ssize_t)len) { -#endif - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_IO; - TDB_LOG((tdb, 0,"tdb_read failed at %d len=%d (%s)\n", - off, len, strerror(errno))); - return TDB_ERRCODE(TDB_ERR_IO, -1); - } - if (cv) - convert(buf, len); - return 0; -} - -/* read a lump of data, allocating the space for it */ -static char *tdb_alloc_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_len len) -{ - char *buf; - - if (!(buf = malloc(len))) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_OOM; - TDB_LOG((tdb, 0,"tdb_alloc_read malloc failed len=%d (%s)\n", - len, strerror(errno))); - return TDB_ERRCODE(TDB_ERR_OOM, buf); - } - if (tdb_read(tdb, offset, buf, len, 0) == -1) { - SAFE_FREE(buf); - return NULL; - } - return buf; -} - -/* read/write a tdb_off */ -static int ofs_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d) -{ - return tdb_read(tdb, offset, (char*)d, sizeof(*d), DOCONV()); -} -static int ofs_write(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d) -{ - tdb_off off = *d; - return tdb_write(tdb, offset, CONVERT(off), sizeof(*d)); -} - -/* read/write a record */ -static int rec_read(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec) -{ - if (tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1) - return -1; - if (TDB_BAD_MAGIC(rec)) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_CORRUPT; - TDB_LOG((tdb, 0,"rec_read bad magic 0x%x at offset=%d\n", rec->magic, offset)); - return TDB_ERRCODE(TDB_ERR_CORRUPT, -1); - } - return tdb_oob(tdb, rec->next+sizeof(*rec), 0); -} -static int rec_write(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec) -{ - struct list_struct r = *rec; - return tdb_write(tdb, offset, CONVERT(r), sizeof(r)); -} - -/* read a freelist record and check for simple errors */ -static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct *rec) -{ - if (tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1) - return -1; - - if (rec->magic == TDB_MAGIC) { - /* this happens when a app is showdown while deleting a record - we should - not completely fail when this happens */ - TDB_LOG((tdb, 0,"rec_free_read non-free magic 0x%x at offset=%d - fixing\n", - rec->magic, off)); - rec->magic = TDB_FREE_MAGIC; - if (tdb_write(tdb, off, rec, sizeof(*rec)) == -1) - return -1; - } - - if (rec->magic != TDB_FREE_MAGIC) { - /* Ensure ecode is set for log fn. */ - tdb->ecode = TDB_ERR_CORRUPT; - TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", - rec->magic, off)); - return TDB_ERRCODE(TDB_ERR_CORRUPT, -1); - } - if (tdb_oob(tdb, rec->next+sizeof(*rec), 0) != 0) - return -1; - return 0; -} - -/* update a record tailer (must hold allocation lock) */ -static int update_tailer(TDB_CONTEXT *tdb, tdb_off offset, - const struct list_struct *rec) -{ - tdb_off totalsize; - - /* Offset of tailer from record header */ - totalsize = sizeof(*rec) + rec->rec_len; - return ofs_write(tdb, offset + totalsize - sizeof(tdb_off), - &totalsize); -} - -static tdb_off tdb_dump_record(TDB_CONTEXT *tdb, tdb_off offset) -{ - struct list_struct rec; - tdb_off tailer_ofs, tailer; - - if (tdb_read(tdb, offset, (char *)&rec, sizeof(rec), DOCONV()) == -1) { - printf("ERROR: failed to read record at %u\n", offset); - return 0; - } - - printf(" rec: offset=%u next=%d rec_len=%d key_len=%d data_len=%d full_hash=0x%x magic=0x%x\n", - offset, rec.next, rec.rec_len, rec.key_len, rec.data_len, rec.full_hash, rec.magic); - - tailer_ofs = offset + sizeof(rec) + rec.rec_len - sizeof(tdb_off); - if (ofs_read(tdb, tailer_ofs, &tailer) == -1) { - printf("ERROR: failed to read tailer at %u\n", tailer_ofs); - return rec.next; - } - - if (tailer != rec.rec_len + sizeof(rec)) { - printf("ERROR: tailer does not match record! tailer=%u totalsize=%u\n", - (unsigned)tailer, (unsigned)(rec.rec_len + sizeof(rec))); - } - return rec.next; -} - -static int tdb_dump_chain(TDB_CONTEXT *tdb, int i) -{ - tdb_off rec_ptr, top; - - top = TDB_HASH_TOP(i); - - if (tdb_lock(tdb, i, F_WRLCK) != 0) - return -1; - - if (ofs_read(tdb, top, &rec_ptr) == -1) - return tdb_unlock(tdb, i, F_WRLCK); - - if (rec_ptr) - printf("hash=%d\n", i); - - while (rec_ptr) { - rec_ptr = tdb_dump_record(tdb, rec_ptr); - } - - return tdb_unlock(tdb, i, F_WRLCK); -} - -void tdb_dump_all(TDB_CONTEXT *tdb) -{ - int i; - for (i=0;iheader.hash_size;i++) { - tdb_dump_chain(tdb, i); - } - printf("freelist:\n"); - tdb_dump_chain(tdb, -1); -} - -int tdb_printfreelist(TDB_CONTEXT *tdb) -{ - int ret; - long total_free = 0; - tdb_off offset, rec_ptr; - struct list_struct rec; - - if ((ret = tdb_lock(tdb, -1, F_WRLCK)) != 0) - return ret; - - offset = FREELIST_TOP; - - /* read in the freelist top */ - if (ofs_read(tdb, offset, &rec_ptr) == -1) { - tdb_unlock(tdb, -1, F_WRLCK); - return 0; - } - - printf("freelist top=[0x%08x]\n", rec_ptr ); - while (rec_ptr) { - if (tdb_read(tdb, rec_ptr, (char *)&rec, sizeof(rec), DOCONV()) == -1) { - tdb_unlock(tdb, -1, F_WRLCK); - return -1; - } - - if (rec.magic != TDB_FREE_MAGIC) { - printf("bad magic 0x%08x in free list\n", rec.magic); - tdb_unlock(tdb, -1, F_WRLCK); - return -1; - } - - printf("entry offset=[0x%08x], rec.rec_len = [0x%08x (%d)]\n", rec.next, rec.rec_len, rec.rec_len ); - total_free += rec.rec_len; - - /* move to the next record */ - rec_ptr = rec.next; - } - printf("total rec_len = [0x%08x (%d)]\n", (int)total_free, - (int)total_free); - - return tdb_unlock(tdb, -1, F_WRLCK); -} - -/* Remove an element from the freelist. Must have alloc lock. */ -static int remove_from_freelist(TDB_CONTEXT *tdb, tdb_off off, tdb_off next) -{ - tdb_off last_ptr, i; - - /* read in the freelist top */ - last_ptr = FREELIST_TOP; - while (ofs_read(tdb, last_ptr, &i) != -1 && i != 0) { - if (i == off) { - /* We've found it! */ - return ofs_write(tdb, last_ptr, &next); - } - /* Follow chain (next offset is at start of record) */ - last_ptr = i; - } - TDB_LOG((tdb, 0,"remove_from_freelist: not on list at off=%d\n", off)); - return TDB_ERRCODE(TDB_ERR_CORRUPT, -1); -} - -/* Add an element into the freelist. Merge adjacent records if - neccessary. */ -static int tdb_free(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec) -{ - tdb_off right, left; - - /* Allocation and tailer lock */ - if (tdb_lock(tdb, -1, F_WRLCK) != 0) - return -1; - - /* set an initial tailer, so if we fail we don't leave a bogus record */ - if (update_tailer(tdb, offset, rec) != 0) { - TDB_LOG((tdb, 0, "tdb_free: upfate_tailer failed!\n")); - goto fail; - } - - /* Look right first (I'm an Australian, dammit) */ - right = offset + sizeof(*rec) + rec->rec_len; - if (right + sizeof(*rec) <= tdb->map_size) { - struct list_struct r; - - if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1) { - TDB_LOG((tdb, 0, "tdb_free: right read failed at %u\n", right)); - goto left; - } - - /* If it's free, expand to include it. */ - if (r.magic == TDB_FREE_MAGIC) { - if (remove_from_freelist(tdb, right, r.next) == -1) { - TDB_LOG((tdb, 0, "tdb_free: right free failed at %u\n", right)); - goto left; - } - rec->rec_len += sizeof(r) + r.rec_len; - } - } - -left: - /* Look left */ - left = offset - sizeof(tdb_off); - if (left > TDB_DATA_START(tdb->header.hash_size)) { - struct list_struct l; - tdb_off leftsize; - - /* Read in tailer and jump back to header */ - if (ofs_read(tdb, left, &leftsize) == -1) { - TDB_LOG((tdb, 0, "tdb_free: left offset read failed at %u\n", left)); - goto update; - } - left = offset - leftsize; - - /* Now read in record */ - if (tdb_read(tdb, left, &l, sizeof(l), DOCONV()) == -1) { - TDB_LOG((tdb, 0, "tdb_free: left read failed at %u (%u)\n", left, leftsize)); - goto update; - } - - /* If it's free, expand to include it. */ - if (l.magic == TDB_FREE_MAGIC) { - if (remove_from_freelist(tdb, left, l.next) == -1) { - TDB_LOG((tdb, 0, "tdb_free: left free failed at %u\n", left)); - goto update; - } else { - offset = left; - rec->rec_len += leftsize; - } - } - } - -update: - if (update_tailer(tdb, offset, rec) == -1) { - TDB_LOG((tdb, 0, "tdb_free: update_tailer failed at %u\n", offset)); - goto fail; - } - - /* Now, prepend to free list */ - rec->magic = TDB_FREE_MAGIC; - - if (ofs_read(tdb, FREELIST_TOP, &rec->next) == -1 || - rec_write(tdb, offset, rec) == -1 || - ofs_write(tdb, FREELIST_TOP, &offset) == -1) { - TDB_LOG((tdb, 0, "tdb_free record write failed at offset=%d\n", offset)); - goto fail; - } - - /* And we're done. */ - tdb_unlock(tdb, -1, F_WRLCK); - return 0; - - fail: - tdb_unlock(tdb, -1, F_WRLCK); - return -1; -} - - -/* expand a file. we prefer to use ftruncate, as that is what posix - says to use for mmap expansion */ -static int expand_file(TDB_CONTEXT *tdb, tdb_off size, tdb_off addition) -{ - char buf[1024]; -#if HAVE_FTRUNCATE_EXTEND - if (ftruncate(tdb->fd, size+addition) != 0) { - TDB_LOG((tdb, 0, "expand_file ftruncate to %d failed (%s)\n", - size+addition, strerror(errno))); - return -1; - } -#else - char b = 0; - -#ifdef HAVE_PWRITE - if (pwrite(tdb->fd, &b, 1, (size+addition) - 1) != 1) { -#else - if (lseek(tdb->fd, (size+addition) - 1, SEEK_SET) != (size+addition) - 1 || - write(tdb->fd, &b, 1) != 1) { -#endif - TDB_LOG((tdb, 0, "expand_file to %d failed (%s)\n", - size+addition, strerror(errno))); - return -1; - } -#endif - - /* now fill the file with something. This ensures that the file isn't sparse, which would be - very bad if we ran out of disk. This must be done with write, not via mmap */ - memset(buf, 0x42, sizeof(buf)); - while (addition) { - int n = addition>sizeof(buf)?sizeof(buf):addition; -#ifdef HAVE_PWRITE - int ret = pwrite(tdb->fd, buf, n, size); -#else - int ret; - if (lseek(tdb->fd, size, SEEK_SET) != size) - return -1; - ret = write(tdb->fd, buf, n); -#endif - if (ret != n) { - TDB_LOG((tdb, 0, "expand_file write of %d failed (%s)\n", - n, strerror(errno))); - return -1; - } - addition -= n; - size += n; - } - return 0; -} - - -/* expand the database at least size bytes by expanding the underlying - file and doing the mmap again if necessary */ -static int tdb_expand(TDB_CONTEXT *tdb, tdb_off size) -{ - struct list_struct rec; - tdb_off offset; - - if (tdb_lock(tdb, -1, F_WRLCK) == -1) { - TDB_LOG((tdb, 0, "lock failed in tdb_expand\n")); - return -1; - } - - /* must know about any previous expansions by another process */ - tdb_oob(tdb, tdb->map_size + 1, 1); - - /* always make room for at least 10 more records, and round - the database up to a multiple of TDB_PAGE_SIZE */ - size = TDB_ALIGN(tdb->map_size + size*10, TDB_PAGE_SIZE) - tdb->map_size; - - if (!(tdb->flags & TDB_INTERNAL)) - tdb_munmap(tdb); - - /* - * We must ensure the file is unmapped before doing this - * to ensure consistency with systems like OpenBSD where - * writes and mmaps are not consistent. - */ - - /* expand the file itself */ - if (!(tdb->flags & TDB_INTERNAL)) { - if (expand_file(tdb, tdb->map_size, size) != 0) - goto fail; - } - - tdb->map_size += size; - - if (tdb->flags & TDB_INTERNAL) - tdb->map_ptr = realloc(tdb->map_ptr, tdb->map_size); - else { - /* - * We must ensure the file is remapped before adding the space - * to ensure consistency with systems like OpenBSD where - * writes and mmaps are not consistent. - */ - - /* We're ok if the mmap fails as we'll fallback to read/write */ - tdb_mmap(tdb); - } - - /* form a new freelist record */ - memset(&rec,'\0',sizeof(rec)); - rec.rec_len = size - sizeof(rec); - - /* link it into the free list */ - offset = tdb->map_size - size; - if (tdb_free(tdb, offset, &rec) == -1) - goto fail; - - tdb_unlock(tdb, -1, F_WRLCK); - return 0; - fail: - tdb_unlock(tdb, -1, F_WRLCK); - return -1; -} - -/* allocate some space from the free list. The offset returned points - to a unconnected list_struct within the database with room for at - least length bytes of total data - - 0 is returned if the space could not be allocated - */ -static tdb_off tdb_allocate(TDB_CONTEXT *tdb, tdb_len length, - struct list_struct *rec) -{ - tdb_off rec_ptr, last_ptr, newrec_ptr; - struct list_struct newrec; - - memset(&newrec, '\0', sizeof(newrec)); - - if (tdb_lock(tdb, -1, F_WRLCK) == -1) - return 0; - - /* Extra bytes required for tailer */ - length += sizeof(tdb_off); - - again: - last_ptr = FREELIST_TOP; - - /* read in the freelist top */ - if (ofs_read(tdb, FREELIST_TOP, &rec_ptr) == -1) - goto fail; - - /* keep looking until we find a freelist record big enough */ - while (rec_ptr) { - if (rec_free_read(tdb, rec_ptr, rec) == -1) - goto fail; - - if (rec->rec_len >= length) { - /* found it - now possibly split it up */ - if (rec->rec_len > length + MIN_REC_SIZE) { - /* Length of left piece */ - length = TDB_ALIGN(length, TDB_ALIGNMENT); - - /* Right piece to go on free list */ - newrec.rec_len = rec->rec_len - - (sizeof(*rec) + length); - newrec_ptr = rec_ptr + sizeof(*rec) + length; - - /* And left record is shortened */ - rec->rec_len = length; - } else - newrec_ptr = 0; - - /* Remove allocated record from the free list */ - if (ofs_write(tdb, last_ptr, &rec->next) == -1) - goto fail; - - /* Update header: do this before we drop alloc - lock, otherwise tdb_free() might try to - merge with us, thinking we're free. - (Thanks Jeremy Allison). */ - rec->magic = TDB_MAGIC; - if (rec_write(tdb, rec_ptr, rec) == -1) - goto fail; - - /* Did we create new block? */ - if (newrec_ptr) { - /* Update allocated record tailer (we - shortened it). */ - if (update_tailer(tdb, rec_ptr, rec) == -1) - goto fail; - - /* Free new record */ - if (tdb_free(tdb, newrec_ptr, &newrec) == -1) - goto fail; - } - - /* all done - return the new record offset */ - tdb_unlock(tdb, -1, F_WRLCK); - return rec_ptr; - } - /* move to the next record */ - last_ptr = rec_ptr; - rec_ptr = rec->next; - } - /* we didn't find enough space. See if we can expand the - database and if we can then try again */ - if (tdb_expand(tdb, length + sizeof(*rec)) == 0) - goto again; - fail: - tdb_unlock(tdb, -1, F_WRLCK); - return 0; -} - -/* initialise a new database with a specified hash size */ -static int tdb_new_database(TDB_CONTEXT *tdb, int hash_size) -{ - struct tdb_header *newdb; - int size, ret = -1; - - /* We make it up in memory, then write it out if not internal */ - size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off); - if (!(newdb = calloc(size, 1))) - return TDB_ERRCODE(TDB_ERR_OOM, -1); - - /* Fill in the header */ - newdb->version = TDB_VERSION; - newdb->hash_size = hash_size; - if (tdb->flags & TDB_INTERNAL) { - tdb->map_size = size; - tdb->map_ptr = (char *)newdb; - memcpy(&tdb->header, newdb, sizeof(tdb->header)); - /* Convert the `ondisk' version if asked. */ - CONVERT(*newdb); - return 0; - } - if (lseek(tdb->fd, 0, SEEK_SET) == -1) - goto fail; - - if (ftruncate(tdb->fd, 0) == -1) - goto fail; - - /* This creates an endian-converted header, as if read from disk */ - CONVERT(*newdb); - memcpy(&tdb->header, newdb, sizeof(tdb->header)); - /* Don't endian-convert the magic food! */ - memcpy(newdb->magic_food, TDB_MAGIC_FOOD, strlen(TDB_MAGIC_FOOD)+1); - if (write(tdb->fd, newdb, size) != size) - ret = -1; - else - ret = tdb_create_rwlocks(tdb->fd, hash_size); - - fail: - SAFE_FREE(newdb); - return ret; -} - -/* Returns 0 on fail. On success, return offset of record, and fills - in rec */ -static tdb_off tdb_find(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, - struct list_struct *r) -{ - tdb_off rec_ptr; - - /* read in the hash top */ - if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) - return 0; - - /* keep looking until we find the right record */ - while (rec_ptr) { - if (rec_read(tdb, rec_ptr, r) == -1) - return 0; - - if (!TDB_DEAD(r) && hash==r->full_hash && key.dsize==r->key_len) { - char *k; - /* a very likely hit - read the key */ - k = tdb_alloc_read(tdb, rec_ptr + sizeof(*r), - r->key_len); - if (!k) - return 0; - - if (memcmp(key.dptr, k, key.dsize) == 0) { - SAFE_FREE(k); - return rec_ptr; - } - SAFE_FREE(k); - } - rec_ptr = r->next; - } - return TDB_ERRCODE(TDB_ERR_NOEXIST, 0); -} - -/* As tdb_find, but if you succeed, keep the lock */ -static tdb_off tdb_find_lock_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, int locktype, - struct list_struct *rec) -{ - u32 rec_ptr; - - if (tdb_lock(tdb, BUCKET(hash), locktype) == -1) - return 0; - if (!(rec_ptr = tdb_find(tdb, key, hash, rec))) - tdb_unlock(tdb, BUCKET(hash), locktype); - return rec_ptr; -} - -enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb) -{ - return tdb->ecode; -} - -static struct tdb_errname { - enum TDB_ERROR ecode; const char *estring; -} emap[] = { {TDB_SUCCESS, "Success"}, - {TDB_ERR_CORRUPT, "Corrupt database"}, - {TDB_ERR_IO, "IO Error"}, - {TDB_ERR_LOCK, "Locking error"}, - {TDB_ERR_OOM, "Out of memory"}, - {TDB_ERR_EXISTS, "Record exists"}, - {TDB_ERR_NOLOCK, "Lock exists on other keys"}, - {TDB_ERR_NOEXIST, "Record does not exist"} }; - -/* Error string for the last tdb error */ -const char *tdb_errorstr(TDB_CONTEXT *tdb) -{ - u32 i; - for (i = 0; i < sizeof(emap) / sizeof(struct tdb_errname); i++) - if (tdb->ecode == emap[i].ecode) - return emap[i].estring; - return "Invalid error code"; -} - -/* update an entry in place - this only works if the new data size - is <= the old data size and the key exists. - on failure return -1. -*/ - -static int tdb_update_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, TDB_DATA dbuf) -{ - struct list_struct rec; - tdb_off rec_ptr; - - /* find entry */ - if (!(rec_ptr = tdb_find(tdb, key, hash, &rec))) - return -1; - - /* must be long enough key, data and tailer */ - if (rec.rec_len < key.dsize + dbuf.dsize + sizeof(tdb_off)) { - tdb->ecode = TDB_SUCCESS; /* Not really an error */ - return -1; - } - - if (tdb_write(tdb, rec_ptr + sizeof(rec) + rec.key_len, - dbuf.dptr, dbuf.dsize) == -1) - return -1; - - if (dbuf.dsize != rec.data_len) { - /* update size */ - rec.data_len = dbuf.dsize; - return rec_write(tdb, rec_ptr, &rec); - } - - return 0; -} - -/* find an entry in the database given a key */ -/* If an entry doesn't exist tdb_err will be set to - * TDB_ERR_NOEXIST. If a key has no data attached - * tdb_err will not be set. Both will return a - * zero pptr and zero dsize. - */ - -TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key) -{ - tdb_off rec_ptr; - struct list_struct rec; - TDB_DATA ret; - u32 hash; - - /* find which hash bucket it is in */ - hash = tdb->hash_fn(&key); - if (!(rec_ptr = tdb_find_lock_hash(tdb,key,hash,F_RDLCK,&rec))) - return tdb_null; - - if (rec.data_len) - ret.dptr = tdb_alloc_read(tdb, rec_ptr + sizeof(rec) + rec.key_len, - rec.data_len); - else - ret.dptr = NULL; - ret.dsize = rec.data_len; - tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK); - return ret; -} - -/* check if an entry in the database exists - - note that 1 is returned if the key is found and 0 is returned if not found - this doesn't match the conventions in the rest of this module, but is - compatible with gdbm -*/ -static int tdb_exists_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash) -{ - struct list_struct rec; - - if (tdb_find_lock_hash(tdb, key, hash, F_RDLCK, &rec) == 0) - return 0; - tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK); - return 1; -} - -int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key) -{ - u32 hash = tdb->hash_fn(&key); - return tdb_exists_hash(tdb, key, hash); -} - -/* record lock stops delete underneath */ -static int lock_record(TDB_CONTEXT *tdb, tdb_off off) -{ - return off ? tdb_brlock(tdb, off, F_RDLCK, F_SETLKW, 0) : 0; -} -/* - Write locks override our own fcntl readlocks, so check it here. - Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not - an error to fail to get the lock here. -*/ - -static int write_lock_record(TDB_CONTEXT *tdb, tdb_off off) -{ - struct tdb_traverse_lock *i; - for (i = &tdb->travlocks; i; i = i->next) - if (i->off == off) - return -1; - return tdb_brlock(tdb, off, F_WRLCK, F_SETLK, 1); -} - -/* - Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not - an error to fail to get the lock here. -*/ - -static int write_unlock_record(TDB_CONTEXT *tdb, tdb_off off) -{ - return tdb_brlock(tdb, off, F_UNLCK, F_SETLK, 0); -} -/* fcntl locks don't stack: avoid unlocking someone else's */ -static int unlock_record(TDB_CONTEXT *tdb, tdb_off off) -{ - struct tdb_traverse_lock *i; - u32 count = 0; - - if (off == 0) - return 0; - for (i = &tdb->travlocks; i; i = i->next) - if (i->off == off) - count++; - return (count == 1 ? tdb_brlock(tdb, off, F_UNLCK, F_SETLKW, 0) : 0); -} - -/* actually delete an entry in the database given the offset */ -static int do_delete(TDB_CONTEXT *tdb, tdb_off rec_ptr, struct list_struct*rec) -{ - tdb_off last_ptr, i; - struct list_struct lastrec; - - if (tdb->read_only) return -1; - - if (write_lock_record(tdb, rec_ptr) == -1) { - /* Someone traversing here: mark it as dead */ - rec->magic = TDB_DEAD_MAGIC; - return rec_write(tdb, rec_ptr, rec); - } - if (write_unlock_record(tdb, rec_ptr) != 0) - return -1; - - /* find previous record in hash chain */ - if (ofs_read(tdb, TDB_HASH_TOP(rec->full_hash), &i) == -1) - return -1; - for (last_ptr = 0; i != rec_ptr; last_ptr = i, i = lastrec.next) - if (rec_read(tdb, i, &lastrec) == -1) - return -1; - - /* unlink it: next ptr is at start of record. */ - if (last_ptr == 0) - last_ptr = TDB_HASH_TOP(rec->full_hash); - if (ofs_write(tdb, last_ptr, &rec->next) == -1) - return -1; - - /* recover the space */ - if (tdb_free(tdb, rec_ptr, rec) == -1) - return -1; - return 0; -} - -/* Uses traverse lock: 0 = finish, -1 = error, other = record offset */ -static int tdb_next_lock(TDB_CONTEXT *tdb, struct tdb_traverse_lock *tlock, - struct list_struct *rec) -{ - int want_next = (tlock->off != 0); - - /* Lock each chain from the start one. */ - for (; tlock->hash < tdb->header.hash_size; tlock->hash++) { - if (tdb_lock(tdb, tlock->hash, F_WRLCK) == -1) - return -1; - - /* No previous record? Start at top of chain. */ - if (!tlock->off) { - if (ofs_read(tdb, TDB_HASH_TOP(tlock->hash), - &tlock->off) == -1) - goto fail; - } else { - /* Otherwise unlock the previous record. */ - if (unlock_record(tdb, tlock->off) != 0) - goto fail; - } - - if (want_next) { - /* We have offset of old record: grab next */ - if (rec_read(tdb, tlock->off, rec) == -1) - goto fail; - tlock->off = rec->next; - } - - /* Iterate through chain */ - while( tlock->off) { - tdb_off current; - if (rec_read(tdb, tlock->off, rec) == -1) - goto fail; - if (!TDB_DEAD(rec)) { - /* Woohoo: we found one! */ - if (lock_record(tdb, tlock->off) != 0) - goto fail; - return tlock->off; - } - /* Try to clean dead ones from old traverses */ - current = tlock->off; - tlock->off = rec->next; - if (!tdb->read_only && - do_delete(tdb, current, rec) != 0) - goto fail; - } - tdb_unlock(tdb, tlock->hash, F_WRLCK); - want_next = 0; - } - /* We finished iteration without finding anything */ - return TDB_ERRCODE(TDB_SUCCESS, 0); - - fail: - tlock->off = 0; - if (tdb_unlock(tdb, tlock->hash, F_WRLCK) != 0) - TDB_LOG((tdb, 0, "tdb_next_lock: On error unlock failed!\n")); - return -1; -} - -/* traverse the entire database - calling fn(tdb, key, data) on each element. - return -1 on error or the record count traversed - if fn is NULL then it is not called - a non-zero return value from fn() indicates that the traversal should stop - */ -int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *private) -{ - TDB_DATA key, dbuf; - struct list_struct rec; - struct tdb_traverse_lock tl = { NULL, 0, 0 }; - int ret, count = 0; - - /* This was in the initializaton, above, but the IRIX compiler - * did not like it. crh - */ - tl.next = tdb->travlocks.next; - - /* fcntl locks don't stack: beware traverse inside traverse */ - tdb->travlocks.next = &tl; - - /* tdb_next_lock places locks on the record returned, and its chain */ - while ((ret = tdb_next_lock(tdb, &tl, &rec)) > 0) { - count++; - /* now read the full record */ - key.dptr = tdb_alloc_read(tdb, tl.off + sizeof(rec), - rec.key_len + rec.data_len); - if (!key.dptr) { - ret = -1; - if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0) - goto out; - if (unlock_record(tdb, tl.off) != 0) - TDB_LOG((tdb, 0, "tdb_traverse: key.dptr == NULL and unlock_record failed!\n")); - goto out; - } - key.dsize = rec.key_len; - dbuf.dptr = key.dptr + rec.key_len; - dbuf.dsize = rec.data_len; - - /* Drop chain lock, call out */ - if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0) { - ret = -1; - goto out; - } - if (fn && fn(tdb, key, dbuf, private)) { - /* They want us to terminate traversal */ - ret = count; - if (unlock_record(tdb, tl.off) != 0) { - TDB_LOG((tdb, 0, "tdb_traverse: unlock_record failed!\n"));; - ret = -1; - } - tdb->travlocks.next = tl.next; - SAFE_FREE(key.dptr); - return count; - } - SAFE_FREE(key.dptr); - } -out: - tdb->travlocks.next = tl.next; - if (ret < 0) - return -1; - else - return count; -} - -/* find the first entry in the database and return its key */ -TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb) -{ - TDB_DATA key; - struct list_struct rec; - - /* release any old lock */ - if (unlock_record(tdb, tdb->travlocks.off) != 0) - return tdb_null; - tdb->travlocks.off = tdb->travlocks.hash = 0; - - if (tdb_next_lock(tdb, &tdb->travlocks, &rec) <= 0) - return tdb_null; - /* now read the key */ - key.dsize = rec.key_len; - key.dptr =tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec),key.dsize); - if (tdb_unlock(tdb, BUCKET(tdb->travlocks.hash), F_WRLCK) != 0) - TDB_LOG((tdb, 0, "tdb_firstkey: error occurred while tdb_unlocking!\n")); - return key; -} - -/* find the next entry in the database, returning its key */ -TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA oldkey) -{ - u32 oldhash; - TDB_DATA key = tdb_null; - struct list_struct rec; - char *k = NULL; - - /* Is locked key the old key? If so, traverse will be reliable. */ - if (tdb->travlocks.off) { - if (tdb_lock(tdb,tdb->travlocks.hash,F_WRLCK)) - return tdb_null; - if (rec_read(tdb, tdb->travlocks.off, &rec) == -1 - || !(k = tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec), - rec.key_len)) - || memcmp(k, oldkey.dptr, oldkey.dsize) != 0) { - /* No, it wasn't: unlock it and start from scratch */ - if (unlock_record(tdb, tdb->travlocks.off) != 0) - return tdb_null; - if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0) - return tdb_null; - tdb->travlocks.off = 0; - } - - SAFE_FREE(k); - } - - if (!tdb->travlocks.off) { - /* No previous element: do normal find, and lock record */ - tdb->travlocks.off = tdb_find_lock_hash(tdb, oldkey, tdb->hash_fn(&oldkey), F_WRLCK, &rec); - if (!tdb->travlocks.off) - return tdb_null; - tdb->travlocks.hash = BUCKET(rec.full_hash); - if (lock_record(tdb, tdb->travlocks.off) != 0) { - TDB_LOG((tdb, 0, "tdb_nextkey: lock_record failed (%s)!\n", strerror(errno))); - return tdb_null; - } - } - oldhash = tdb->travlocks.hash; - - /* Grab next record: locks chain and returned record, - unlocks old record */ - if (tdb_next_lock(tdb, &tdb->travlocks, &rec) > 0) { - key.dsize = rec.key_len; - key.dptr = tdb_alloc_read(tdb, tdb->travlocks.off+sizeof(rec), - key.dsize); - /* Unlock the chain of this new record */ - if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0) - TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock failed!\n")); - } - /* Unlock the chain of old record */ - if (tdb_unlock(tdb, BUCKET(oldhash), F_WRLCK) != 0) - TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock failed!\n")); - return key; -} - -/* delete an entry in the database given a key */ -static int tdb_delete_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash) -{ - tdb_off rec_ptr; - struct list_struct rec; - int ret; - - if (!(rec_ptr = tdb_find_lock_hash(tdb, key, hash, F_WRLCK, &rec))) - return -1; - ret = do_delete(tdb, rec_ptr, &rec); - if (tdb_unlock(tdb, BUCKET(rec.full_hash), F_WRLCK) != 0) - TDB_LOG((tdb, 0, "tdb_delete: WARNING tdb_unlock failed!\n")); - return ret; -} - -int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key) -{ - u32 hash = tdb->hash_fn(&key); - return tdb_delete_hash(tdb, key, hash); -} - -/* store an element in the database, replacing any existing element - with the same key - - return 0 on success, -1 on failure -*/ -int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag) -{ - struct list_struct rec; - u32 hash; - tdb_off rec_ptr; - char *p = NULL; - int ret = 0; - - /* find which hash bucket it is in */ - hash = tdb->hash_fn(&key); - if (tdb_lock(tdb, BUCKET(hash), F_WRLCK) == -1) - return -1; - - /* check for it existing, on insert. */ - if (flag == TDB_INSERT) { - if (tdb_exists_hash(tdb, key, hash)) { - tdb->ecode = TDB_ERR_EXISTS; - goto fail; - } - } else { - /* first try in-place update, on modify or replace. */ - if (tdb_update_hash(tdb, key, hash, dbuf) == 0) - goto out; - if (tdb->ecode == TDB_ERR_NOEXIST && - flag == TDB_MODIFY) { - /* if the record doesn't exist and we are in TDB_MODIFY mode then - we should fail the store */ - goto fail; - } - } - /* reset the error code potentially set by the tdb_update() */ - tdb->ecode = TDB_SUCCESS; - - /* delete any existing record - if it doesn't exist we don't - care. Doing this first reduces fragmentation, and avoids - coalescing with `allocated' block before it's updated. */ - if (flag != TDB_INSERT) - tdb_delete_hash(tdb, key, hash); - - /* Copy key+value *before* allocating free space in case malloc - fails and we are left with a dead spot in the tdb. */ - - if (!(p = (char *)malloc(key.dsize + dbuf.dsize))) { - tdb->ecode = TDB_ERR_OOM; - goto fail; - } - - memcpy(p, key.dptr, key.dsize); - if (dbuf.dsize) - memcpy(p+key.dsize, dbuf.dptr, dbuf.dsize); - - /* we have to allocate some space */ - if (!(rec_ptr = tdb_allocate(tdb, key.dsize + dbuf.dsize, &rec))) - goto fail; - - /* Read hash top into next ptr */ - if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec.next) == -1) - goto fail; - - rec.key_len = key.dsize; - rec.data_len = dbuf.dsize; - rec.full_hash = hash; - rec.magic = TDB_MAGIC; - - /* write out and point the top of the hash chain at it */ - if (rec_write(tdb, rec_ptr, &rec) == -1 - || tdb_write(tdb, rec_ptr+sizeof(rec), p, key.dsize+dbuf.dsize)==-1 - || ofs_write(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) { - /* Need to tdb_unallocate() here */ - goto fail; - } - out: - SAFE_FREE(p); - tdb_unlock(tdb, BUCKET(hash), F_WRLCK); - return ret; -fail: - ret = -1; - goto out; -} - -/* Attempt to append data to an entry in place - this only works if the new data size - is <= the old data size and the key exists. - on failure return -1. Record must be locked before calling. -*/ -static int tdb_append_inplace(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, TDB_DATA new_dbuf) -{ - struct list_struct rec; - tdb_off rec_ptr; - - /* find entry */ - if (!(rec_ptr = tdb_find(tdb, key, hash, &rec))) - return -1; - - /* Append of 0 is always ok. */ - if (new_dbuf.dsize == 0) - return 0; - - /* must be long enough for key, old data + new data and tailer */ - if (rec.rec_len < key.dsize + rec.data_len + new_dbuf.dsize + sizeof(tdb_off)) { - /* No room. */ - tdb->ecode = TDB_SUCCESS; /* Not really an error */ - return -1; - } - - if (tdb_write(tdb, rec_ptr + sizeof(rec) + rec.key_len + rec.data_len, - new_dbuf.dptr, new_dbuf.dsize) == -1) - return -1; - - /* update size */ - rec.data_len += new_dbuf.dsize; - return rec_write(tdb, rec_ptr, &rec); -} - -/* Append to an entry. Create if not exist. */ - -int tdb_append(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA new_dbuf) -{ - struct list_struct rec; - u32 hash; - tdb_off rec_ptr; - char *p = NULL; - int ret = 0; - size_t new_data_size = 0; - - /* find which hash bucket it is in */ - hash = tdb->hash_fn(&key); - if (tdb_lock(tdb, BUCKET(hash), F_WRLCK) == -1) - return -1; - - /* first try in-place. */ - if (tdb_append_inplace(tdb, key, hash, new_dbuf) == 0) - goto out; - - /* reset the error code potentially set by the tdb_append_inplace() */ - tdb->ecode = TDB_SUCCESS; - - /* find entry */ - if (!(rec_ptr = tdb_find(tdb, key, hash, &rec))) { - if (tdb->ecode != TDB_ERR_NOEXIST) - goto fail; - - /* Not found - create. */ - - ret = tdb_store(tdb, key, new_dbuf, TDB_INSERT); - goto out; - } - - new_data_size = rec.data_len + new_dbuf.dsize; - - /* Copy key+old_value+value *before* allocating free space in case malloc - fails and we are left with a dead spot in the tdb. */ - - if (!(p = (char *)malloc(key.dsize + new_data_size))) { - tdb->ecode = TDB_ERR_OOM; - goto fail; - } - - /* Copy the key in place. */ - memcpy(p, key.dptr, key.dsize); - - /* Now read the old data into place. */ - if (rec.data_len && - tdb_read(tdb, rec_ptr + sizeof(rec) + rec.key_len, p + key.dsize, rec.data_len, 0) == -1) - goto fail; - - /* Finally append the new data. */ - if (new_dbuf.dsize) - memcpy(p+key.dsize+rec.data_len, new_dbuf.dptr, new_dbuf.dsize); - - /* delete any existing record - if it doesn't exist we don't - care. Doing this first reduces fragmentation, and avoids - coalescing with `allocated' block before it's updated. */ - - tdb_delete_hash(tdb, key, hash); - - if (!(rec_ptr = tdb_allocate(tdb, key.dsize + new_data_size, &rec))) - goto fail; - - /* Read hash top into next ptr */ - if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec.next) == -1) - goto fail; - - rec.key_len = key.dsize; - rec.data_len = new_data_size; - rec.full_hash = hash; - rec.magic = TDB_MAGIC; - - /* write out and point the top of the hash chain at it */ - if (rec_write(tdb, rec_ptr, &rec) == -1 - || tdb_write(tdb, rec_ptr+sizeof(rec), p, key.dsize+new_data_size)==-1 - || ofs_write(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) { - /* Need to tdb_unallocate() here */ - goto fail; - } - - out: - SAFE_FREE(p); - tdb_unlock(tdb, BUCKET(hash), F_WRLCK); - return ret; - -fail: - ret = -1; - goto out; -} - -static int tdb_already_open(dev_t device, - ino_t ino) -{ - TDB_CONTEXT *i; - - for (i = tdbs; i; i = i->next) { - if (i->device == device && i->inode == ino) { - return 1; - } - } - - return 0; -} - -/* This is based on the hash algorithm from gdbm */ -static u32 default_tdb_hash(TDB_DATA *key) -{ - u32 value; /* Used to compute the hash value. */ - u32 i; /* Used to cycle through random values. */ - - /* Set the initial value from the key size. */ - for (value = 0x238F13AF * key->dsize, i=0; i < key->dsize; i++) - value = (value + (key->dptr[i] << (i*5 % 24))); - - return (1103515243 * value + 12345); -} - -/* open the database, creating it if necessary - - The open_flags and mode are passed straight to the open call on the - database file. A flags value of O_WRONLY is invalid. The hash size - is advisory, use zero for a default value. - - Return is NULL on error, in which case errno is also set. Don't - try to call tdb_error or tdb_errname, just do strerror(errno). - - @param name may be NULL for internal databases. */ -TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags, - int open_flags, mode_t mode) -{ - return tdb_open_ex(name, hash_size, tdb_flags, open_flags, mode, NULL, NULL); -} - - -TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, - int open_flags, mode_t mode, - tdb_log_func log_fn, - tdb_hash_func hash_fn) -{ - TDB_CONTEXT *tdb; - struct stat st; - int rev = 0, locked = 0; - unsigned char *vp; - u32 vertest; - - if (!(tdb = calloc(1, sizeof *tdb))) { - /* Can't log this */ - errno = ENOMEM; - goto fail; - } - tdb->fd = -1; - tdb->name = NULL; - tdb->map_ptr = NULL; - tdb->flags = tdb_flags; - tdb->open_flags = open_flags; - tdb->log_fn = log_fn; - tdb->hash_fn = hash_fn ? hash_fn : default_tdb_hash; - - if ((open_flags & O_ACCMODE) == O_WRONLY) { - TDB_LOG((tdb, 0, "tdb_open_ex: can't open tdb %s write-only\n", - name)); - errno = EINVAL; - goto fail; - } - - if (hash_size == 0) - hash_size = DEFAULT_HASH_SIZE; - if ((open_flags & O_ACCMODE) == O_RDONLY) { - tdb->read_only = 1; - /* read only databases don't do locking or clear if first */ - tdb->flags |= TDB_NOLOCK; - tdb->flags &= ~TDB_CLEAR_IF_FIRST; - } - - /* internal databases don't mmap or lock, and start off cleared */ - if (tdb->flags & TDB_INTERNAL) { - tdb->flags |= (TDB_NOLOCK | TDB_NOMMAP); - tdb->flags &= ~TDB_CLEAR_IF_FIRST; - if (tdb_new_database(tdb, hash_size) != 0) { - TDB_LOG((tdb, 0, "tdb_open_ex: tdb_new_database failed!")); - goto fail; - } - goto internal; - } - - if ((tdb->fd = open(name, open_flags, mode)) == -1) { - TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", - name, strerror(errno))); - goto fail; /* errno set by open(2) */ - } - - /* ensure there is only one process initialising at once */ - if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) { - TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: %s\n", - name, strerror(errno))); - goto fail; /* errno set by tdb_brlock */ - } - - /* we need to zero database if we are the only one with it open */ - if ((tdb_flags & TDB_CLEAR_IF_FIRST) && - (locked = (tdb_brlock(tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK, 0) == 0))) { - open_flags |= O_CREAT; - if (ftruncate(tdb->fd, 0) == -1) { - TDB_LOG((tdb, 0, "tdb_open_ex: " - "failed to truncate %s: %s\n", - name, strerror(errno))); - goto fail; /* errno set by ftruncate */ - } - } - - if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != sizeof(tdb->header) - || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0 - || (tdb->header.version != TDB_VERSION - && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) { - /* its not a valid database - possibly initialise it */ - if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) == -1) { - errno = EIO; /* ie bad format or something */ - goto fail; - } - rev = (tdb->flags & TDB_CONVERT); - } - vp = (unsigned char *)&tdb->header.version; - vertest = (((u32)vp[0]) << 24) | (((u32)vp[1]) << 16) | - (((u32)vp[2]) << 8) | (u32)vp[3]; - tdb->flags |= (vertest==TDB_VERSION) ? TDB_BIGENDIAN : 0; - if (!rev) - tdb->flags &= ~TDB_CONVERT; - else { - tdb->flags |= TDB_CONVERT; - convert(&tdb->header, sizeof(tdb->header)); - } - if (fstat(tdb->fd, &st) == -1) - goto fail; - - /* Is it already in the open list? If so, fail. */ - if (tdb_already_open(st.st_dev, st.st_ino)) { - TDB_LOG((tdb, 2, "tdb_open_ex: " - "%s (%d,%d) is already open in this process\n", - name, (int)st.st_dev, (int)st.st_ino)); - errno = EBUSY; - goto fail; - } - - if (!(tdb->name = (char *)strdup(name))) { - errno = ENOMEM; - goto fail; - } - - tdb->map_size = st.st_size; - tdb->device = st.st_dev; - tdb->inode = st.st_ino; - tdb->locked = calloc(tdb->header.hash_size+1, sizeof(tdb->locked[0])); - if (!tdb->locked) { - TDB_LOG((tdb, 2, "tdb_open_ex: " - "failed to allocate lock structure for %s\n", - name)); - errno = ENOMEM; - goto fail; - } - tdb_mmap(tdb); - if (locked) { - if (!tdb->read_only) - if (tdb_clear_spinlocks(tdb) != 0) { - TDB_LOG((tdb, 0, "tdb_open_ex: " - "failed to clear spinlock\n")); - goto fail; - } - if (tdb_brlock(tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK, 0) == -1) { - TDB_LOG((tdb, 0, "tdb_open_ex: " - "failed to take ACTIVE_LOCK on %s: %s\n", - name, strerror(errno))); - goto fail; - } - - } - - /* We always need to do this if the CLEAR_IF_FIRST flag is set, even if - we didn't get the initial exclusive lock as we need to let all other - users know we're using it. */ - - if (tdb_flags & TDB_CLEAR_IF_FIRST) { - /* leave this lock in place to indicate it's in use */ - if (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1) - goto fail; - } - - - internal: - /* Internal (memory-only) databases skip all the code above to - * do with disk files, and resume here by releasing their - * global lock and hooking into the active list. */ - if (tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0) == -1) - goto fail; - tdb->next = tdbs; - tdbs = tdb; - return tdb; - - fail: - { int save_errno = errno; - - if (!tdb) - return NULL; - - if (tdb->map_ptr) { - if (tdb->flags & TDB_INTERNAL) - SAFE_FREE(tdb->map_ptr); - else - tdb_munmap(tdb); - } - SAFE_FREE(tdb->name); - if (tdb->fd != -1) - if (close(tdb->fd) != 0) - TDB_LOG((tdb, 5, "tdb_open_ex: failed to close tdb->fd on error!\n")); - SAFE_FREE(tdb->locked); - SAFE_FREE(tdb); - errno = save_errno; - return NULL; - } -} - -/** - * Close a database. - * - * @returns -1 for error; 0 for success. - **/ -int tdb_close(TDB_CONTEXT *tdb) -{ - TDB_CONTEXT **i; - int ret = 0; - - if (tdb->map_ptr) { - if (tdb->flags & TDB_INTERNAL) - SAFE_FREE(tdb->map_ptr); - else - tdb_munmap(tdb); - } - SAFE_FREE(tdb->name); - if (tdb->fd != -1) - ret = close(tdb->fd); - SAFE_FREE(tdb->locked); - - /* Remove from contexts list */ - for (i = &tdbs; *i; i = &(*i)->next) { - if (*i == tdb) { - *i = tdb->next; - break; - } - } - - memset(tdb, 0, sizeof(*tdb)); - SAFE_FREE(tdb); - - return ret; -} - -/* lock/unlock entire database */ -int tdb_lockall(TDB_CONTEXT *tdb) -{ - u32 i; - - /* There are no locks on read-only dbs */ - if (tdb->read_only) - return TDB_ERRCODE(TDB_ERR_LOCK, -1); - for (i = 0; i < tdb->header.hash_size; i++) - if (tdb_lock(tdb, i, F_WRLCK)) - break; - - /* If error, release locks we have... */ - if (i < tdb->header.hash_size) { - u32 j; - - for ( j = 0; j < i; j++) - tdb_unlock(tdb, j, F_WRLCK); - return TDB_ERRCODE(TDB_ERR_NOLOCK, -1); - } - - return 0; -} -void tdb_unlockall(TDB_CONTEXT *tdb) -{ - u32 i; - for (i=0; i < tdb->header.hash_size; i++) - tdb_unlock(tdb, i, F_WRLCK); -} - -/* lock/unlock one hash chain. This is meant to be used to reduce - contention - it cannot guarantee how many records will be locked */ -int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key) -{ - return tdb_lock(tdb, BUCKET(tdb->hash_fn(&key)), F_WRLCK); -} - -int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key) -{ - return tdb_unlock(tdb, BUCKET(tdb->hash_fn(&key)), F_WRLCK); -} - -int tdb_chainlock_read(TDB_CONTEXT *tdb, TDB_DATA key) -{ - return tdb_lock(tdb, BUCKET(tdb->hash_fn(&key)), F_RDLCK); -} - -int tdb_chainunlock_read(TDB_CONTEXT *tdb, TDB_DATA key) -{ - return tdb_unlock(tdb, BUCKET(tdb->hash_fn(&key)), F_RDLCK); -} - - -/* register a loging function */ -void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , const char *, ...)) -{ - tdb->log_fn = fn; -} - -/* reopen a tdb - this can be used after a fork to ensure that we have an independent - seek pointer from our parent and to re-establish locks */ -int tdb_reopen(TDB_CONTEXT *tdb) -{ - struct stat st; - - if (tdb->flags & TDB_INTERNAL) - return 0; /* Nothing to do. */ - if (tdb_munmap(tdb) != 0) { - TDB_LOG((tdb, 0, "tdb_reopen: munmap failed (%s)\n", strerror(errno))); - goto fail; - } - if (close(tdb->fd) != 0) - TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); - tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); - if (tdb->fd == -1) { - TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); - goto fail; - } - if (fstat(tdb->fd, &st) != 0) { - TDB_LOG((tdb, 0, "tdb_reopen: fstat failed (%s)\n", strerror(errno))); - goto fail; - } - if (st.st_ino != tdb->inode || st.st_dev != tdb->device) { - TDB_LOG((tdb, 0, "tdb_reopen: file dev/inode has changed!\n")); - goto fail; - } - tdb_mmap(tdb); - if ((tdb->flags & TDB_CLEAR_IF_FIRST) && (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1)) { - TDB_LOG((tdb, 0, "tdb_reopen: failed to obtain active lock\n")); - goto fail; - } - - return 0; - -fail: - tdb_close(tdb); - return -1; -} - -/* reopen all tdb's */ -int tdb_reopen_all(void) -{ - TDB_CONTEXT *tdb; - - for (tdb=tdbs; tdb; tdb = tdb->next) { - /* Ensure no clear-if-first. */ - tdb->flags &= ~TDB_CLEAR_IF_FIRST; - if (tdb_reopen(tdb) != 0) - return -1; - } - - return 0; -} diff --git a/pppd/tdb.h b/pppd/tdb.h deleted file mode 100644 index 153b6e9..0000000 --- a/pppd/tdb.h +++ /dev/null @@ -1,164 +0,0 @@ -#ifndef __TDB_H__ -#define __TDB_H__ - -/* - Unix SMB/CIFS implementation. - - trivial database library - - Copyright (C) Andrew Tridgell 1999-2004 - - ** NOTE! The following LGPL license applies to the tdb - ** library. This does NOT imply that all of Samba is released - ** under the LGPL - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef PRINTF_ATTRIBUTE -/** Use gcc attribute to check printf fns. a1 is the 1-based index of - * the parameter containing the format, and a2 the index of the first - * argument. Note that some gcc 2.x versions don't handle this - * properly **/ -#if (__GNUC__ >= 3) -#define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2))) -#else -#define PRINTF_ATTRIBUTE(a1, a2) -#endif -#endif - -/* flags to tdb_store() */ -#define TDB_REPLACE 1 -#define TDB_INSERT 2 -#define TDB_MODIFY 3 - -/* flags for tdb_open() */ -#define TDB_DEFAULT 0 /* just a readability place holder */ -#define TDB_CLEAR_IF_FIRST 1 -#define TDB_INTERNAL 2 /* don't store on disk */ -#define TDB_NOLOCK 4 /* don't do any locking */ -#define TDB_NOMMAP 8 /* don't use mmap */ -#define TDB_CONVERT 16 /* convert endian (internal use) */ -#define TDB_BIGENDIAN 32 /* header is big-endian (internal use) */ - -#define TDB_ERRCODE(code, ret) ((tdb->ecode = (code)), ret) - -/* error codes */ -enum TDB_ERROR {TDB_SUCCESS=0, TDB_ERR_CORRUPT, TDB_ERR_IO, TDB_ERR_LOCK, - TDB_ERR_OOM, TDB_ERR_EXISTS, TDB_ERR_NOLOCK, TDB_ERR_LOCK_TIMEOUT, - TDB_ERR_NOEXIST}; - -#ifndef u32 -#define u32 unsigned -#endif - -typedef struct { - char *dptr; - size_t dsize; -} TDB_DATA; - -typedef u32 tdb_len; -typedef u32 tdb_off; - -/* this is stored at the front of every database */ -struct tdb_header { - char magic_food[32]; /* for /etc/magic */ - u32 version; /* version of the code */ - u32 hash_size; /* number of hash entries */ - tdb_off rwlocks; - tdb_off reserved[31]; -}; - -struct tdb_lock_type { - u32 count; - u32 ltype; -}; - -struct tdb_traverse_lock { - struct tdb_traverse_lock *next; - u32 off; - u32 hash; -}; - -/* this is the context structure that is returned from a db open */ -typedef struct tdb_context { - char *name; /* the name of the database */ - void *map_ptr; /* where it is currently mapped */ - int fd; /* open file descriptor for the database */ - tdb_len map_size; /* how much space has been mapped */ - int read_only; /* opened read-only */ - struct tdb_lock_type *locked; /* array of chain locks */ - enum TDB_ERROR ecode; /* error code for last tdb error */ - struct tdb_header header; /* a cached copy of the header */ - u32 flags; /* the flags passed to tdb_open */ - struct tdb_traverse_lock travlocks; /* current traversal locks */ - struct tdb_context *next; /* all tdbs to avoid multiple opens */ - dev_t device; /* uniquely identifies this tdb */ - ino_t inode; /* uniquely identifies this tdb */ - void (*log_fn)(struct tdb_context *tdb, int level, const char *, ...) PRINTF_ATTRIBUTE(3,4); /* logging function */ - u32 (*hash_fn)(TDB_DATA *key); - int open_flags; /* flags used in the open - needed by reopen */ -} TDB_CONTEXT; - -typedef int (*tdb_traverse_func)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *); -typedef void (*tdb_log_func)(TDB_CONTEXT *, int , const char *, ...); -typedef u32 (*tdb_hash_func)(TDB_DATA *key); - -TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags, - int open_flags, mode_t mode); -TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, - int open_flags, mode_t mode, - tdb_log_func log_fn, - tdb_hash_func hash_fn); - -int tdb_reopen(TDB_CONTEXT *tdb); -int tdb_reopen_all(void); -void tdb_logging_function(TDB_CONTEXT *tdb, tdb_log_func); -enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb); -const char *tdb_errorstr(TDB_CONTEXT *tdb); -TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag); -int tdb_append(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA new_dbuf); -int tdb_close(TDB_CONTEXT *tdb); -TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb); -TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *); -int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[]); -void tdb_unlockkeys(TDB_CONTEXT *tdb); -int tdb_lockall(TDB_CONTEXT *tdb); -void tdb_unlockall(TDB_CONTEXT *tdb); - -/* Low level locking functions: use with care */ -void tdb_set_lock_alarm(sig_atomic_t *palarm); -int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key); -int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key); - -/* Debug functions. Not used in production. */ -void tdb_dump_all(TDB_CONTEXT *tdb); -int tdb_printfreelist(TDB_CONTEXT *tdb); - -extern TDB_DATA tdb_null; - -#ifdef __cplusplus -} -#endif - -#endif /* tdb.h */ diff --git a/pppd/tty.c b/pppd/tty.c deleted file mode 100644 index a911fde..0000000 --- a/pppd/tty.c +++ /dev/null @@ -1,1263 +0,0 @@ -/* - * tty.c - code for handling serial ports in pppd. - * - * Copyright (C) 2000-2004 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * Portions derived from main.c, which is: - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: tty.c,v 1.22 2004/11/13 12:07:29 paulus Exp $" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" - -void tty_process_extra_options __P((void)); -void tty_check_options __P((void)); -int connect_tty __P((void)); -void disconnect_tty __P((void)); -void tty_close_fds __P((void)); -void cleanup_tty __P((void)); -void tty_do_send_config __P((int, u_int32_t, int, int)); - -static int setdevname __P((char *, char **, int)); -static int setspeed __P((char *, char **, int)); -static int setxonxoff __P((char **)); -static int setescape __P((char **)); -static void printescape __P((option_t *, void (*)(void *, char *,...),void *)); -static void finish_tty __P((void)); -static int start_charshunt __P((int, int)); -static void stop_charshunt __P((void *, int)); -static void charshunt_done __P((void *)); -static void charshunt __P((int, int, char *)); -static int record_write __P((FILE *, int code, u_char *buf, int nb, - struct timeval *)); -static int open_socket __P((char *)); -static void maybe_relock __P((void *, int)); - -static int pty_master; /* fd for master side of pty */ -static int pty_slave; /* fd for slave side of pty */ -static int real_ttyfd; /* fd for actual serial port (not pty) */ -static int ttyfd; /* Serial port file descriptor */ -static char speed_str[16]; /* Serial port speed as string */ - -mode_t tty_mode = (mode_t)-1; /* Original access permissions to tty */ -int baud_rate; /* Actual bits/second for serial device */ -char *callback_script; /* script for doing callback */ -int charshunt_pid; /* Process ID for charshunt */ -int locked; /* lock() has succeeded */ -struct stat devstat; /* result of stat() on devnam */ - -/* option variables */ -int crtscts = 0; /* Use hardware flow control */ -bool modem = 1; /* Use modem control lines */ -int inspeed = 0; /* Input/Output speed requested */ -bool lockflag = 0; /* Create lock file to lock the serial dev */ -char *initializer = NULL; /* Script to initialize physical link */ -char *connect_script = NULL; /* Script to establish physical link */ -char *disconnect_script = NULL; /* Script to disestablish physical link */ -char *welcomer = NULL; /* Script to run after phys link estab. */ -char *ptycommand = NULL; /* Command to run on other side of pty */ -bool notty = 0; /* Stdin/out is not a tty */ -char *record_file = NULL; /* File to record chars sent/received */ -int max_data_rate; /* max bytes/sec through charshunt */ -bool sync_serial = 0; /* Device is synchronous serial device */ -char *pty_socket = NULL; /* Socket to connect to pty */ -int using_pty = 0; /* we're allocating a pty as the device */ - -extern uid_t uid; -extern int kill_link; -extern int asked_to_quit; -extern int got_sigterm; - -/* XXX */ -extern int privopen; /* don't lock, open device as root */ - -u_int32_t xmit_accm[8]; /* extended transmit ACCM */ - -/* option descriptors */ -option_t tty_options[] = { - /* device name must be first, or change connect_tty() below! */ - { "device name", o_wild, (void *) &setdevname, - "Serial port device name", - OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, - devnam}, - - { "tty speed", o_wild, (void *) &setspeed, - "Baud rate for serial port", - OPT_PRIO | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, speed_str }, - - { "lock", o_bool, &lockflag, - "Lock serial device with UUCP-style lock file", OPT_PRIO | 1 }, - { "nolock", o_bool, &lockflag, - "Don't lock serial device", OPT_PRIOSUB | OPT_PRIV }, - - { "init", o_string, &initializer, - "A program to initialize the device", OPT_PRIO | OPT_PRIVFIX }, - - { "connect", o_string, &connect_script, - "A program to set up a connection", OPT_PRIO | OPT_PRIVFIX }, - - { "disconnect", o_string, &disconnect_script, - "Program to disconnect serial device", OPT_PRIO | OPT_PRIVFIX }, - - { "welcome", o_string, &welcomer, - "Script to welcome client", OPT_PRIO | OPT_PRIVFIX }, - - { "pty", o_string, &ptycommand, - "Script to run on pseudo-tty master side", - OPT_PRIO | OPT_PRIVFIX | OPT_DEVNAM }, - - { "notty", o_bool, ¬ty, - "Input/output is not a tty", OPT_DEVNAM | 1 }, - - { "socket", o_string, &pty_socket, - "Send and receive over socket, arg is host:port", - OPT_PRIO | OPT_DEVNAM }, - - { "record", o_string, &record_file, - "Record characters sent/received to file", OPT_PRIO }, - - { "crtscts", o_int, &crtscts, - "Set hardware (RTS/CTS) flow control", - OPT_PRIO | OPT_NOARG | OPT_VAL(1) }, - { "cdtrcts", o_int, &crtscts, - "Set alternate hardware (DTR/CTS) flow control", - OPT_PRIOSUB | OPT_NOARG | OPT_VAL(2) }, - { "nocrtscts", o_int, &crtscts, - "Disable hardware flow control", - OPT_PRIOSUB | OPT_NOARG | OPT_VAL(-1) }, - { "-crtscts", o_int, &crtscts, - "Disable hardware flow control", - OPT_PRIOSUB | OPT_ALIAS | OPT_NOARG | OPT_VAL(-1) }, - { "nocdtrcts", o_int, &crtscts, - "Disable hardware flow control", - OPT_PRIOSUB | OPT_ALIAS | OPT_NOARG | OPT_VAL(-1) }, - { "xonxoff", o_special_noarg, (void *)setxonxoff, - "Set software (XON/XOFF) flow control", OPT_PRIOSUB }, - - { "modem", o_bool, &modem, - "Use modem control lines", OPT_PRIO | 1 }, - { "local", o_bool, &modem, - "Don't use modem control lines", OPT_PRIOSUB | 0 }, - - { "sync", o_bool, &sync_serial, - "Use synchronous HDLC serial encoding", 1 }, - - { "datarate", o_int, &max_data_rate, - "Maximum data rate in bytes/sec (with pty, notty or record option)", - OPT_PRIO }, - - { "escape", o_special, (void *)setescape, - "List of character codes to escape on transmission", - OPT_A2PRINTER, (void *)printescape }, - - { NULL } -}; - - -struct channel tty_channel = { - tty_options, - &tty_process_extra_options, - &tty_check_options, - &connect_tty, - &disconnect_tty, - &tty_establish_ppp, - &tty_disestablish_ppp, - &tty_do_send_config, - &tty_recv_config, - &cleanup_tty, - &tty_close_fds -}; - -/* - * setspeed - Set the serial port baud rate. - * If doit is 0, the call is to check whether this option is - * potentially a speed value. - */ -static int -setspeed(arg, argv, doit) - char *arg; - char **argv; - int doit; -{ - char *ptr; - int spd; - - spd = strtol(arg, &ptr, 0); - if (ptr == arg || *ptr != 0 || spd == 0) - return 0; - if (doit) { - inspeed = spd; - slprintf(speed_str, sizeof(speed_str), "%d", spd); - } - return 1; -} - - -/* - * setdevname - Set the device name. - * If doit is 0, the call is to check whether this option is - * potentially a device name. - */ -static int -setdevname(cp, argv, doit) - char *cp; - char **argv; - int doit; -{ - struct stat statbuf; - char dev[MAXPATHLEN]; - - if (*cp == 0) - return 0; - - if (*cp != '/') { - strlcpy(dev, "/dev/", sizeof(dev)); - strlcat(dev, cp, sizeof(dev)); - cp = dev; - } - - /* - * Check if there is a character device by this name. - */ - if (stat(cp, &statbuf) < 0) { - if (!doit) - return errno != ENOENT; - option_error("Couldn't stat %s: %m", cp); - return 0; - } - if (!S_ISCHR(statbuf.st_mode)) { - if (doit) - option_error("%s is not a character device", cp); - return 0; - } - - if (doit) { - strlcpy(devnam, cp, sizeof(devnam)); - devstat = statbuf; - default_device = 0; - } - - return 1; -} - -static int -setxonxoff(argv) - char **argv; -{ - lcp_wantoptions[0].asyncmap |= 0x000A0000; /* escape ^S and ^Q */ - lcp_wantoptions[0].neg_asyncmap = 1; - - crtscts = -2; - return 1; -} - -/* - * setescape - add chars to the set we escape on transmission. - */ -static int -setescape(argv) - char **argv; -{ - int n, ret; - char *p, *endp; - - p = *argv; - ret = 1; - while (*p) { - n = strtol(p, &endp, 16); - if (p == endp) { - option_error("escape parameter contains invalid hex number '%s'", - p); - return 0; - } - p = endp; - if (n < 0 || n == 0x5E || n > 0xFF) { - option_error("can't escape character 0x%x", n); - ret = 0; - } else - xmit_accm[n >> 5] |= 1 << (n & 0x1F); - while (*p == ',' || *p == ' ') - ++p; - } - lcp_allowoptions[0].asyncmap = xmit_accm[0]; - return ret; -} - -static void -printescape(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int n; - int first = 1; - - for (n = 0; n < 256; ++n) { - if (n == 0x7d) - n += 2; /* skip 7d, 7e */ - if (xmit_accm[n >> 5] & (1 << (n & 0x1f))) { - if (!first) - printer(arg, ","); - else - first = 0; - printer(arg, "%x", n); - } - } - if (first) - printer(arg, "oops # nothing escaped"); -} - -/* - * tty_init - do various tty-related initializations. - */ -void tty_init() -{ - add_notifier(&pidchange, maybe_relock, 0); - the_channel = &tty_channel; - xmit_accm[3] = 0x60000000; -} - -/* - * tty_process_extra_options - work out which tty device we are using - * and read its options file. - */ -void tty_process_extra_options() -{ - using_pty = notty || ptycommand != NULL || pty_socket != NULL; - if (using_pty) - return; - if (default_device) { - char *p; - if (!isatty(0) || (p = ttyname(0)) == NULL) { - option_error("no device specified and stdin is not a tty"); - exit(EXIT_OPTION_ERROR); - } - strlcpy(devnam, p, sizeof(devnam)); - if (stat(devnam, &devstat) < 0) - fatal("Couldn't stat default device %s: %m", devnam); - } - - - /* - * Parse the tty options file. - * The per-tty options file should not change - * ptycommand, pty_socket, notty or devnam. - * options_for_tty doesn't override options set on the command line, - * except for some privileged options. - */ - if (!options_for_tty()) - exit(EXIT_OPTION_ERROR); -} - -/* - * tty_check_options - do consistency checks on the options we were given. - */ -void -tty_check_options() -{ - struct stat statbuf; - int fdflags; - - if (demand && notty) { - option_error("demand-dialling is incompatible with notty"); - exit(EXIT_OPTION_ERROR); - } - if (demand && connect_script == 0 && ptycommand == NULL - && pty_socket == NULL) { - option_error("connect script is required for demand-dialling\n"); - exit(EXIT_OPTION_ERROR); - } - /* default holdoff to 0 if no connect script has been given */ - if (connect_script == 0 && !holdoff_specified) - holdoff = 0; - - if (using_pty) { - if (!default_device) { - option_error("%s option precludes specifying device name", - pty_socket? "socket": notty? "notty": "pty"); - exit(EXIT_OPTION_ERROR); - } - if (ptycommand != NULL && notty) { - option_error("pty option is incompatible with notty option"); - exit(EXIT_OPTION_ERROR); - } - if (pty_socket != NULL && (ptycommand != NULL || notty)) { - option_error("socket option is incompatible with pty and notty"); - exit(EXIT_OPTION_ERROR); - } - default_device = notty; - lockflag = 0; - modem = 0; - if (notty && log_to_fd <= 1) - log_to_fd = -1; - } else { - /* - * If the user has specified a device which is the same as - * the one on stdin, pretend they didn't specify any. - * If the device is already open read/write on stdin, - * we assume we don't need to lock it, and we can open it - * as root. - */ - if (fstat(0, &statbuf) >= 0 && S_ISCHR(statbuf.st_mode) - && statbuf.st_rdev == devstat.st_rdev) { - default_device = 1; - fdflags = fcntl(0, F_GETFL); - if (fdflags != -1 && (fdflags & O_ACCMODE) == O_RDWR) - privopen = 1; - } - } - if (default_device) - nodetach = 1; - - /* - * Don't send log messages to the serial port, it tends to - * confuse the peer. :-) - */ - if (log_to_fd >= 0 && fstat(log_to_fd, &statbuf) >= 0 - && S_ISCHR(statbuf.st_mode) && statbuf.st_rdev == devstat.st_rdev) - log_to_fd = -1; -} - -/* - * connect_tty - get the serial port ready to start doing PPP. - * That is, open the serial port, set its speed and mode, and run - * the connector and/or welcomer. - */ -int connect_tty() -{ - char *connector; - int fdflags; -#ifndef __linux__ - struct stat statbuf; -#endif - char numbuf[16]; - - /* - * Get a pty master/slave pair if the pty, notty, socket, - * or record options were specified. - */ - strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam)); - pty_master = -1; - pty_slave = -1; - real_ttyfd = -1; - if (using_pty || record_file != NULL) { - if (!get_pty(&pty_master, &pty_slave, ppp_devnam, uid)) { - error("Couldn't allocate pseudo-tty"); - status = EXIT_FATAL_ERROR; - return -1; - } - set_up_tty(pty_slave, 1); - } - - /* - * Lock the device if we've been asked to. - */ - status = EXIT_LOCK_FAILED; - if (lockflag && !privopen) { - if (lock(devnam) < 0) - goto errret; - locked = 1; - } - - /* - * Open the serial device and set it up to be the ppp interface. - * First we open it in non-blocking mode so we can set the - * various termios flags appropriately. If we aren't dialling - * out and we want to use the modem lines, we reopen it later - * in order to wait for the carrier detect signal from the modem. - */ - hungup = 0; - got_sigterm = 0; - connector = doing_callback? callback_script: connect_script; - if (devnam[0] != 0) { - for (;;) { - /* If the user specified the device name, become the - user before opening it. */ - int err, prio; - - prio = privopen? OPRIO_ROOT: tty_options[0].priority; - if (prio < OPRIO_ROOT) - seteuid(uid); - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); - err = errno; - if (prio < OPRIO_ROOT) - seteuid(0); - if (real_ttyfd >= 0) - break; - errno = err; - if (err != EINTR) { - error("Failed to open %s: %m", devnam); - status = EXIT_OPEN_FAILED; - } - if (!persist || err != EINTR) - goto errret; - } - ttyfd = real_ttyfd; - if ((fdflags = fcntl(ttyfd, F_GETFL)) == -1 - || fcntl(ttyfd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) - warn("Couldn't reset non-blocking mode on device: %m"); - -#ifndef __linux__ - /* - * Linux 2.4 and above blocks normal writes to the tty - * when it is in PPP line discipline, so this isn't needed. - */ - /* - * Do the equivalent of `mesg n' to stop broadcast messages. - */ - if (fstat(ttyfd, &statbuf) < 0 - || fchmod(ttyfd, statbuf.st_mode & ~(S_IWGRP | S_IWOTH)) < 0) { - warn("Couldn't restrict write permissions to %s: %m", devnam); - } else - tty_mode = statbuf.st_mode; -#endif /* __linux__ */ - - /* - * Set line speed, flow control, etc. - * If we have a non-null connection or initializer script, - * on most systems we set CLOCAL for now so that we can talk - * to the modem before carrier comes up. But this has the - * side effect that we might miss it if CD drops before we - * get to clear CLOCAL below. On systems where we can talk - * successfully to the modem with CLOCAL clear and CD down, - * we could clear CLOCAL at this point. - */ - set_up_tty(ttyfd, ((connector != NULL && connector[0] != 0) - || initializer != NULL)); - } - - /* - * If the pty, socket, notty and/or record option was specified, - * start up the character shunt now. - */ - status = EXIT_PTYCMD_FAILED; - if (ptycommand != NULL) { - if (record_file != NULL) { - int ipipe[2], opipe[2], ok; - - if (pipe(ipipe) < 0 || pipe(opipe) < 0) - fatal("Couldn't create pipes for record option: %m"); - - /* don't leak these to the ptycommand */ - (void) fcntl(ipipe[0], F_SETFD, FD_CLOEXEC); - (void) fcntl(opipe[1], F_SETFD, FD_CLOEXEC); - - ok = device_script(ptycommand, opipe[0], ipipe[1], 1) == 0 - && start_charshunt(ipipe[0], opipe[1]); - close(ipipe[0]); - close(ipipe[1]); - close(opipe[0]); - close(opipe[1]); - if (!ok) - goto errret; - } else { - if (device_script(ptycommand, pty_master, pty_master, 1) < 0) - goto errret; - } - } else if (pty_socket != NULL) { - int fd = open_socket(pty_socket); - if (fd < 0) - goto errret; - if (!start_charshunt(fd, fd)) - goto errret; - close(fd); - } else if (notty) { - if (!start_charshunt(0, 1)) - goto errret; - dup2(fd_devnull, 0); - dup2(fd_devnull, 1); - if (log_to_fd == 1) - log_to_fd = -1; - if (log_to_fd != 2) - dup2(fd_devnull, 2); - } else if (record_file != NULL) { - int fd = dup(ttyfd); - if (!start_charshunt(fd, fd)) - goto errret; - } - - if (using_pty || record_file != NULL) { - ttyfd = pty_slave; - close(pty_master); - pty_master = -1; - } - - /* run connection script */ - if ((connector && connector[0]) || initializer) { - if (real_ttyfd != -1) { - /* XXX do this if doing_callback == CALLBACK_DIALIN? */ - if (!default_device && modem) { - setdtr(real_ttyfd, 0); /* in case modem is off hook */ - sleep(1); - setdtr(real_ttyfd, 1); - } - } - - if (initializer && initializer[0]) { - if (device_script(initializer, ttyfd, ttyfd, 0) < 0) { - error("Initializer script failed"); - status = EXIT_INIT_FAILED; - goto errret; - } - if (got_sigterm) { - disconnect_tty(); - goto errret; - } - info("Serial port initialized."); - } - - if (connector && connector[0]) { - if (device_script(connector, ttyfd, ttyfd, 0) < 0) { - error("Connect script failed"); - status = EXIT_CONNECT_FAILED; - goto errret; - } - if (got_sigterm) { - disconnect_tty(); - goto errret; - } - info("Serial connection established."); - } - - /* set line speed, flow control, etc.; - clear CLOCAL if modem option */ - if (real_ttyfd != -1) - set_up_tty(real_ttyfd, 0); - - if (doing_callback == CALLBACK_DIALIN) - connector = NULL; - } - - /* reopen tty if necessary to wait for carrier */ - if (connector == NULL && modem && devnam[0] != 0) { - int i; - for (;;) { - if ((i = open(devnam, O_RDWR)) >= 0) - break; - if (errno != EINTR) { - error("Failed to reopen %s: %m", devnam); - status = EXIT_OPEN_FAILED; - } - if (!persist || errno != EINTR || hungup || got_sigterm) - goto errret; - } - close(i); - } - - slprintf(numbuf, sizeof(numbuf), "%d", baud_rate); - script_setenv("SPEED", numbuf, 0); - - /* run welcome script, if any */ - if (welcomer && welcomer[0]) { - if (device_script(welcomer, ttyfd, ttyfd, 0) < 0) - warn("Welcome script failed"); - } - - /* - * If we are initiating this connection, wait for a short - * time for something from the peer. This can avoid bouncing - * our packets off his tty before he has it set up. - */ - if (connector != NULL || ptycommand != NULL || pty_socket != NULL) - listen_time = connect_delay; - - return ttyfd; - - errret: - if (pty_master >= 0) { - close(pty_master); - pty_master = -1; - } - if (pty_slave >= 0) { - close(pty_slave); - pty_slave = -1; - } - if (real_ttyfd >= 0) { - close(real_ttyfd); - real_ttyfd = -1; - } - ttyfd = -1; - if (got_sigterm) - asked_to_quit = 1; - return -1; -} - - -void disconnect_tty() -{ - if (disconnect_script == NULL || hungup) - return; - if (real_ttyfd >= 0) - set_up_tty(real_ttyfd, 1); - if (device_script(disconnect_script, ttyfd, ttyfd, 0) < 0) { - warn("disconnect script failed"); - } else { - info("Serial link disconnected."); - } -} - -void tty_close_fds() -{ - if (pty_slave >= 0) - close(pty_slave); - if (real_ttyfd >= 0) { - close(real_ttyfd); - real_ttyfd = -1; - } - /* N.B. ttyfd will == either pty_slave or real_ttyfd */ -} - -void cleanup_tty() -{ - if (real_ttyfd >= 0) - finish_tty(); - tty_close_fds(); - if (locked) { - unlock(); - locked = 0; - } -} - -/* - * tty_do_send_config - set transmit-side PPP configuration. - * We set the extended transmit ACCM here as well. - */ -void -tty_do_send_config(mtu, accm, pcomp, accomp) - int mtu; - u_int32_t accm; - int pcomp, accomp; -{ - tty_set_xaccm(xmit_accm); - tty_send_config(mtu, accm, pcomp, accomp); -} - -/* - * finish_tty - restore the terminal device to its original settings - */ -static void -finish_tty() -{ - /* drop dtr to hang up */ - if (!default_device && modem) { - setdtr(real_ttyfd, 0); - /* - * This sleep is in case the serial port has CLOCAL set by default, - * and consequently will reassert DTR when we close the device. - */ - sleep(1); - } - - restore_tty(real_ttyfd); - -#ifndef __linux__ - if (tty_mode != (mode_t) -1) { - if (fchmod(real_ttyfd, tty_mode) != 0) - error("Couldn't restore tty permissions"); - } -#endif /* __linux__ */ - - close(real_ttyfd); - real_ttyfd = -1; -} - -/* - * maybe_relock - our PID has changed, maybe update the lock file. - */ -static void -maybe_relock(arg, pid) - void *arg; - int pid; -{ - if (locked) - relock(pid); -} - -/* - * open_socket - establish a stream socket connection to the nominated - * host and port. - */ -static int -open_socket(dest) - char *dest; -{ - char *sep, *endp = NULL; - int sock, port = -1; - u_int32_t host; - struct hostent *hent; - struct sockaddr_in sad; - - /* parse host:port and resolve host to an IP address */ - sep = strchr(dest, ':'); - if (sep != NULL) - port = strtol(sep+1, &endp, 10); - if (port < 0 || endp == sep+1 || sep == dest) { - error("Can't parse host:port for socket destination"); - return -1; - } - *sep = 0; - host = inet_addr(dest); - if (host == (u_int32_t) -1) { - hent = gethostbyname(dest); - if (hent == NULL) { - error("%s: unknown host in socket option", dest); - *sep = ':'; - return -1; - } - host = *(u_int32_t *)(hent->h_addr_list[0]); - } - *sep = ':'; - - /* get a socket and connect it to the other end */ - sock = socket(PF_INET, SOCK_STREAM, 0); - if (sock < 0) { - error("Can't create socket: %m"); - return -1; - } - memset(&sad, 0, sizeof(sad)); - sad.sin_family = AF_INET; - sad.sin_port = htons(port); - sad.sin_addr.s_addr = host; - if (connect(sock, (struct sockaddr *)&sad, sizeof(sad)) < 0) { - error("Can't connect to %s: %m", dest); - close(sock); - return -1; - } - - return sock; -} - - -/* - * start_charshunt - create a child process to run the character shunt. - */ -static int -start_charshunt(ifd, ofd) - int ifd, ofd; -{ - int cpid; - - cpid = safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2)); - if (cpid == -1) { - error("Can't fork process for character shunt: %m"); - return 0; - } - if (cpid == 0) { - /* child */ - reopen_log(); - if (!nodetach) - log_to_fd = -1; - else if (log_to_fd >= 0) - log_to_fd = 2; - setgid(getgid()); - setuid(uid); - if (getuid() != uid) - fatal("setuid failed"); - charshunt(0, 1, record_file); - exit(0); - } - charshunt_pid = cpid; - add_notifier(&sigreceived, stop_charshunt, 0); - record_child(cpid, "pppd (charshunt)", charshunt_done, NULL); - return 1; -} - -static void -charshunt_done(arg) - void *arg; -{ - charshunt_pid = 0; -} - -static void -stop_charshunt(arg, sig) - void *arg; - int sig; -{ - if (charshunt_pid) - kill(charshunt_pid, (sig == SIGINT? sig: SIGTERM)); -} - -/* - * charshunt - the character shunt, which passes characters between - * the pty master side and the serial port (or stdin/stdout). - * This runs as the user (not as root). - * (We assume ofd >= ifd which is true the way this gets called. :-). - */ -static void -charshunt(ifd, ofd, record_file) - int ifd, ofd; - char *record_file; -{ - int n, nfds; - fd_set ready, writey; - u_char *ibufp, *obufp; - int nibuf, nobuf; - int flags; - int pty_readable, stdin_readable; - struct timeval lasttime; - FILE *recordf = NULL; - int ilevel, olevel, max_level; - struct timeval levelt, tout, *top; - extern u_char inpacket_buf[]; - - /* - * Reset signal handlers. - */ - signal(SIGHUP, SIG_IGN); /* Hangup */ - signal(SIGINT, SIG_DFL); /* Interrupt */ - signal(SIGTERM, SIG_DFL); /* Terminate */ - signal(SIGCHLD, SIG_DFL); - signal(SIGUSR1, SIG_DFL); - signal(SIGUSR2, SIG_DFL); - signal(SIGABRT, SIG_DFL); - signal(SIGALRM, SIG_DFL); - signal(SIGFPE, SIG_DFL); - signal(SIGILL, SIG_DFL); - signal(SIGPIPE, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGSEGV, SIG_DFL); -#ifdef SIGBUS - signal(SIGBUS, SIG_DFL); -#endif -#ifdef SIGEMT - signal(SIGEMT, SIG_DFL); -#endif -#ifdef SIGPOLL - signal(SIGPOLL, SIG_DFL); -#endif -#ifdef SIGPROF - signal(SIGPROF, SIG_DFL); -#endif -#ifdef SIGSYS - signal(SIGSYS, SIG_DFL); -#endif -#ifdef SIGTRAP - signal(SIGTRAP, SIG_DFL); -#endif -#ifdef SIGVTALRM - signal(SIGVTALRM, SIG_DFL); -#endif -#ifdef SIGXCPU - signal(SIGXCPU, SIG_DFL); -#endif -#ifdef SIGXFSZ - signal(SIGXFSZ, SIG_DFL); -#endif - - /* - * Check that the fds won't overrun the fd_sets - */ - if (ifd >= FD_SETSIZE || ofd >= FD_SETSIZE || pty_master >= FD_SETSIZE) - fatal("internal error: file descriptor too large (%d, %d, %d)", - ifd, ofd, pty_master); - - /* - * Open the record file if required. - */ - if (record_file != NULL) { - recordf = fopen(record_file, "a"); - if (recordf == NULL) - error("Couldn't create record file %s: %m", record_file); - } - - /* set all the fds to non-blocking mode */ - flags = fcntl(pty_master, F_GETFL); - if (flags == -1 - || fcntl(pty_master, F_SETFL, flags | O_NONBLOCK) == -1) - warn("couldn't set pty master to nonblock: %m"); - flags = fcntl(ifd, F_GETFL); - if (flags == -1 - || fcntl(ifd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("couldn't set %s to nonblock: %m", (ifd==0? "stdin": "tty")); - if (ofd != ifd) { - flags = fcntl(ofd, F_GETFL); - if (flags == -1 - || fcntl(ofd, F_SETFL, flags | O_NONBLOCK) == -1) - warn("couldn't set stdout to nonblock: %m"); - } - - nibuf = nobuf = 0; - ibufp = obufp = NULL; - pty_readable = stdin_readable = 1; - - ilevel = olevel = 0; - gettimeofday(&levelt, NULL); - if (max_data_rate) { - max_level = max_data_rate / 10; - if (max_level < 100) - max_level = 100; - } else - max_level = PPP_MRU + PPP_HDRLEN + 1; - - nfds = (ofd > pty_master? ofd: pty_master) + 1; - if (recordf != NULL) { - gettimeofday(&lasttime, NULL); - putc(7, recordf); /* put start marker */ - putc(lasttime.tv_sec >> 24, recordf); - putc(lasttime.tv_sec >> 16, recordf); - putc(lasttime.tv_sec >> 8, recordf); - putc(lasttime.tv_sec, recordf); - lasttime.tv_usec = 0; - } - - while (nibuf != 0 || nobuf != 0 || pty_readable || stdin_readable) { - top = 0; - tout.tv_sec = 0; - tout.tv_usec = 10000; - FD_ZERO(&ready); - FD_ZERO(&writey); - if (nibuf != 0) { - if (ilevel >= max_level) - top = &tout; - else - FD_SET(pty_master, &writey); - } else if (stdin_readable) - FD_SET(ifd, &ready); - if (nobuf != 0) { - if (olevel >= max_level) - top = &tout; - else - FD_SET(ofd, &writey); - } else if (pty_readable) - FD_SET(pty_master, &ready); - if (select(nfds, &ready, &writey, NULL, top) < 0) { - if (errno != EINTR) - fatal("select"); - continue; - } - if (max_data_rate) { - double dt; - int nbt; - struct timeval now; - - gettimeofday(&now, NULL); - dt = (now.tv_sec - levelt.tv_sec - + (now.tv_usec - levelt.tv_usec) / 1e6); - nbt = (int)(dt * max_data_rate); - ilevel = (nbt < 0 || nbt > ilevel)? 0: ilevel - nbt; - olevel = (nbt < 0 || nbt > olevel)? 0: olevel - nbt; - levelt = now; - } else - ilevel = olevel = 0; - if (FD_ISSET(ifd, &ready)) { - ibufp = inpacket_buf; - nibuf = read(ifd, ibufp, PPP_MRU + PPP_HDRLEN); - if (nibuf < 0 && errno == EIO) - nibuf = 0; - if (nibuf < 0) { - if (!(errno == EINTR || errno == EAGAIN)) { - error("Error reading standard input: %m"); - break; - } - nibuf = 0; - } else if (nibuf == 0) { - /* end of file from stdin */ - stdin_readable = 0; - if (recordf) - if (!record_write(recordf, 4, NULL, 0, &lasttime)) - recordf = NULL; - } else { - FD_SET(pty_master, &writey); - if (recordf) - if (!record_write(recordf, 2, ibufp, nibuf, &lasttime)) - recordf = NULL; - } - } - if (FD_ISSET(pty_master, &ready)) { - obufp = outpacket_buf; - nobuf = read(pty_master, obufp, PPP_MRU + PPP_HDRLEN); - if (nobuf < 0 && errno == EIO) - nobuf = 0; - if (nobuf < 0) { - if (!(errno == EINTR || errno == EAGAIN)) { - error("Error reading pseudo-tty master: %m"); - break; - } - nobuf = 0; - } else if (nobuf == 0) { - /* end of file from the pty - slave side has closed */ - pty_readable = 0; - stdin_readable = 0; /* pty is not writable now */ - nibuf = 0; - close(ofd); - if (recordf) - if (!record_write(recordf, 3, NULL, 0, &lasttime)) - recordf = NULL; - } else { - FD_SET(ofd, &writey); - if (recordf) - if (!record_write(recordf, 1, obufp, nobuf, &lasttime)) - recordf = NULL; - } - } else if (!stdin_readable) - pty_readable = 0; - if (FD_ISSET(ofd, &writey)) { - n = nobuf; - if (olevel + n > max_level) - n = max_level - olevel; - n = write(ofd, obufp, n); - if (n < 0) { - if (errno == EIO) { - pty_readable = 0; - nobuf = 0; - } else if (errno != EAGAIN && errno != EINTR) { - error("Error writing standard output: %m"); - break; - } - } else { - obufp += n; - nobuf -= n; - olevel += n; - } - } - if (FD_ISSET(pty_master, &writey)) { - n = nibuf; - if (ilevel + n > max_level) - n = max_level - ilevel; - n = write(pty_master, ibufp, n); - if (n < 0) { - if (errno == EIO) { - stdin_readable = 0; - nibuf = 0; - } else if (errno != EAGAIN && errno != EINTR) { - error("Error writing pseudo-tty master: %m"); - break; - } - } else { - ibufp += n; - nibuf -= n; - ilevel += n; - } - } - } - exit(0); -} - -static int -record_write(f, code, buf, nb, tp) - FILE *f; - int code; - u_char *buf; - int nb; - struct timeval *tp; -{ - struct timeval now; - int diff; - - gettimeofday(&now, NULL); - now.tv_usec /= 100000; /* actually 1/10 s, not usec now */ - diff = (now.tv_sec - tp->tv_sec) * 10 + (now.tv_usec - tp->tv_usec); - if (diff > 0) { - if (diff > 255) { - putc(5, f); - putc(diff >> 24, f); - putc(diff >> 16, f); - putc(diff >> 8, f); - putc(diff, f); - } else { - putc(6, f); - putc(diff, f); - } - *tp = now; - } - putc(code, f); - if (buf != NULL) { - putc(nb >> 8, f); - putc(nb, f); - fwrite(buf, nb, 1, f); - } - fflush(f); - if (ferror(f)) { - error("Error writing record file: %m"); - return 0; - } - return 1; -} diff --git a/pppd/upap.c b/pppd/upap.c deleted file mode 100644 index 02fd8f8..0000000 --- a/pppd/upap.c +++ /dev/null @@ -1,683 +0,0 @@ -/* - * upap.c - User/Password Authentication Protocol. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: upap.c,v 1.29 2002/12/04 23:03:33 paulus Exp $" - -/* - * TODO: - */ - -#include -#include - -#include "pppd.h" -#include "upap.h" - -static const char rcsid[] = RCSID; - -static bool hide_password = 1; - -/* - * Command-line options. - */ -static option_t pap_option_list[] = { - { "hide-password", o_bool, &hide_password, - "Don't output passwords to log", OPT_PRIO | 1 }, - { "show-password", o_bool, &hide_password, - "Show password string in debug log messages", OPT_PRIOSUB | 0 }, - - { "pap-restart", o_int, &upap[0].us_timeouttime, - "Set retransmit timeout for PAP", OPT_PRIO }, - { "pap-max-authreq", o_int, &upap[0].us_maxtransmits, - "Set max number of transmissions for auth-reqs", OPT_PRIO }, - { "pap-timeout", o_int, &upap[0].us_reqtimeout, - "Set time limit for peer PAP authentication", OPT_PRIO }, - - { NULL } -}; - -/* - * Protocol entry points. - */ -static void upap_init __P((int)); -static void upap_lowerup __P((int)); -static void upap_lowerdown __P((int)); -static void upap_input __P((int, u_char *, int)); -static void upap_protrej __P((int)); -static int upap_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); - -struct protent pap_protent = { - PPP_PAP, - upap_init, - upap_input, - upap_protrej, - upap_lowerup, - upap_lowerdown, - NULL, - NULL, - upap_printpkt, - NULL, - 1, - "PAP", - NULL, - pap_option_list, - NULL, - NULL, - NULL -}; - -upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ - -static void upap_timeout __P((void *)); -static void upap_reqtimeout __P((void *)); -static void upap_rauthreq __P((upap_state *, u_char *, int, int)); -static void upap_rauthack __P((upap_state *, u_char *, int, int)); -static void upap_rauthnak __P((upap_state *, u_char *, int, int)); -static void upap_sauthreq __P((upap_state *)); -static void upap_sresp __P((upap_state *, int, int, char *, int)); - - -/* - * upap_init - Initialize a UPAP unit. - */ -static void -upap_init(unit) - int unit; -{ - upap_state *u = &upap[unit]; - - u->us_unit = unit; - u->us_user = NULL; - u->us_userlen = 0; - u->us_passwd = NULL; - u->us_passwdlen = 0; - u->us_clientstate = UPAPCS_INITIAL; - u->us_serverstate = UPAPSS_INITIAL; - u->us_id = 0; - u->us_timeouttime = UPAP_DEFTIMEOUT; - u->us_maxtransmits = 10; - u->us_reqtimeout = UPAP_DEFREQTIME; -} - - -/* - * upap_authwithpeer - Authenticate us with our peer (start client). - * - * Set new state and send authenticate's. - */ -void -upap_authwithpeer(unit, user, password) - int unit; - char *user, *password; -{ - upap_state *u = &upap[unit]; - - /* Save the username and password we're given */ - u->us_user = user; - u->us_userlen = strlen(user); - u->us_passwd = password; - u->us_passwdlen = strlen(password); - u->us_transmits = 0; - - /* Lower layer up yet? */ - if (u->us_clientstate == UPAPCS_INITIAL || - u->us_clientstate == UPAPCS_PENDING) { - u->us_clientstate = UPAPCS_PENDING; - return; - } - - upap_sauthreq(u); /* Start protocol */ -} - - -/* - * upap_authpeer - Authenticate our peer (start server). - * - * Set new state. - */ -void -upap_authpeer(unit) - int unit; -{ - upap_state *u = &upap[unit]; - - /* Lower layer up yet? */ - if (u->us_serverstate == UPAPSS_INITIAL || - u->us_serverstate == UPAPSS_PENDING) { - u->us_serverstate = UPAPSS_PENDING; - return; - } - - u->us_serverstate = UPAPSS_LISTEN; - if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); -} - - -/* - * upap_timeout - Retransmission timer for sending auth-reqs expired. - */ -static void -upap_timeout(arg) - void *arg; -{ - upap_state *u = (upap_state *) arg; - - if (u->us_clientstate != UPAPCS_AUTHREQ) - return; - - if (u->us_transmits >= u->us_maxtransmits) { - /* give up in disgust */ - error("No response to PAP authenticate-requests"); - u->us_clientstate = UPAPCS_BADAUTH; - auth_withpeer_fail(u->us_unit, PPP_PAP); - return; - } - - upap_sauthreq(u); /* Send Authenticate-Request */ -} - - -/* - * upap_reqtimeout - Give up waiting for the peer to send an auth-req. - */ -static void -upap_reqtimeout(arg) - void *arg; -{ - upap_state *u = (upap_state *) arg; - - if (u->us_serverstate != UPAPSS_LISTEN) - return; /* huh?? */ - - auth_peer_fail(u->us_unit, PPP_PAP); - u->us_serverstate = UPAPSS_BADAUTH; -} - - -/* - * upap_lowerup - The lower layer is up. - * - * Start authenticating if pending. - */ -static void -upap_lowerup(unit) - int unit; -{ - upap_state *u = &upap[unit]; - - if (u->us_clientstate == UPAPCS_INITIAL) - u->us_clientstate = UPAPCS_CLOSED; - else if (u->us_clientstate == UPAPCS_PENDING) { - upap_sauthreq(u); /* send an auth-request */ - } - - if (u->us_serverstate == UPAPSS_INITIAL) - u->us_serverstate = UPAPSS_CLOSED; - else if (u->us_serverstate == UPAPSS_PENDING) { - u->us_serverstate = UPAPSS_LISTEN; - if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); - } -} - - -/* - * upap_lowerdown - The lower layer is down. - * - * Cancel all timeouts. - */ -static void -upap_lowerdown(unit) - int unit; -{ - upap_state *u = &upap[unit]; - - if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ - UNTIMEOUT(upap_timeout, u); /* Cancel timeout */ - if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) - UNTIMEOUT(upap_reqtimeout, u); - - u->us_clientstate = UPAPCS_INITIAL; - u->us_serverstate = UPAPSS_INITIAL; -} - - -/* - * upap_protrej - Peer doesn't speak this protocol. - * - * This shouldn't happen. In any case, pretend lower layer went down. - */ -static void -upap_protrej(unit) - int unit; -{ - upap_state *u = &upap[unit]; - - if (u->us_clientstate == UPAPCS_AUTHREQ) { - error("PAP authentication failed due to protocol-reject"); - auth_withpeer_fail(unit, PPP_PAP); - } - if (u->us_serverstate == UPAPSS_LISTEN) { - error("PAP authentication of peer failed (protocol-reject)"); - auth_peer_fail(unit, PPP_PAP); - } - upap_lowerdown(unit); -} - - -/* - * upap_input - Input UPAP packet. - */ -static void -upap_input(unit, inpacket, l) - int unit; - u_char *inpacket; - int l; -{ - upap_state *u = &upap[unit]; - u_char *inp; - u_char code, id; - int len; - - /* - * Parse header (code, id and length). - * If packet too short, drop it. - */ - inp = inpacket; - if (l < UPAP_HEADERLEN) { - UPAPDEBUG(("pap_input: rcvd short header.")); - return; - } - GETCHAR(code, inp); - GETCHAR(id, inp); - GETSHORT(len, inp); - if (len < UPAP_HEADERLEN) { - UPAPDEBUG(("pap_input: rcvd illegal length.")); - return; - } - if (len > l) { - UPAPDEBUG(("pap_input: rcvd short packet.")); - return; - } - len -= UPAP_HEADERLEN; - - /* - * Action depends on code. - */ - switch (code) { - case UPAP_AUTHREQ: - upap_rauthreq(u, inp, id, len); - break; - - case UPAP_AUTHACK: - upap_rauthack(u, inp, id, len); - break; - - case UPAP_AUTHNAK: - upap_rauthnak(u, inp, id, len); - break; - - default: /* XXX Need code reject */ - break; - } -} - - -/* - * upap_rauth - Receive Authenticate. - */ -static void -upap_rauthreq(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ - u_char ruserlen, rpasswdlen; - char *ruser, *rpasswd; - char rhostname[256]; - int retcode; - char *msg; - int msglen; - - if (u->us_serverstate < UPAPSS_LISTEN) - return; - - /* - * If we receive a duplicate authenticate-request, we are - * supposed to return the same status as for the first request. - */ - if (u->us_serverstate == UPAPSS_OPEN) { - upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */ - return; - } - if (u->us_serverstate == UPAPSS_BADAUTH) { - upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */ - return; - } - - /* - * Parse user/passwd. - */ - if (len < 1) { - UPAPDEBUG(("pap_rauth: rcvd short packet.")); - return; - } - GETCHAR(ruserlen, inp); - len -= sizeof (u_char) + ruserlen + sizeof (u_char); - if (len < 0) { - UPAPDEBUG(("pap_rauth: rcvd short packet.")); - return; - } - ruser = (char *) inp; - INCPTR(ruserlen, inp); - GETCHAR(rpasswdlen, inp); - if (len < rpasswdlen) { - UPAPDEBUG(("pap_rauth: rcvd short packet.")); - return; - } - rpasswd = (char *) inp; - - /* - * Check the username and password given. - */ - retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, - rpasswdlen, &msg); - BZERO(rpasswd, rpasswdlen); - - /* - * Check remote number authorization. A plugin may have filled in - * the remote number or added an allowed number, and rather than - * return an authenticate failure, is leaving it for us to verify. - */ - if (retcode == UPAP_AUTHACK) { - if (!auth_number()) { - /* We do not want to leak info about the pap result. */ - retcode = UPAP_AUTHNAK; /* XXX exit value will be "wrong" */ - warn("calling number %q is not authorized", remote_number); - } - } - - msglen = strlen(msg); - if (msglen > 255) - msglen = 255; - upap_sresp(u, retcode, id, msg, msglen); - - /* Null terminate and clean remote name. */ - slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser); - - if (retcode == UPAP_AUTHACK) { - u->us_serverstate = UPAPSS_OPEN; - notice("PAP peer authentication succeeded for %q", rhostname); - auth_peer_success(u->us_unit, PPP_PAP, 0, ruser, ruserlen); - } else { - u->us_serverstate = UPAPSS_BADAUTH; - warn("PAP peer authentication failed for %q", rhostname); - auth_peer_fail(u->us_unit, PPP_PAP); - } - - if (u->us_reqtimeout > 0) - UNTIMEOUT(upap_reqtimeout, u); -} - - -/* - * upap_rauthack - Receive Authenticate-Ack. - */ -static void -upap_rauthack(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ - u_char msglen; - char *msg; - - if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ - return; - - /* - * Parse message. - */ - if (len < 1) { - UPAPDEBUG(("pap_rauthack: ignoring missing msg-length.")); - } else { - GETCHAR(msglen, inp); - if (msglen > 0) { - len -= sizeof (u_char); - if (len < msglen) { - UPAPDEBUG(("pap_rauthack: rcvd short packet.")); - return; - } - msg = (char *) inp; - PRINTMSG(msg, msglen); - } - } - - u->us_clientstate = UPAPCS_OPEN; - - notice("PAP authentication succeeded"); - auth_withpeer_success(u->us_unit, PPP_PAP, 0); -} - - -/* - * upap_rauthnak - Receive Authenticate-Nak. - */ -static void -upap_rauthnak(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ - u_char msglen; - char *msg; - - if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ - return; - - /* - * Parse message. - */ - if (len < 1) { - UPAPDEBUG(("pap_rauthnak: ignoring missing msg-length.")); - } else { - GETCHAR(msglen, inp); - if (msglen > 0) { - len -= sizeof (u_char); - if (len < msglen) { - UPAPDEBUG(("pap_rauthnak: rcvd short packet.")); - return; - } - msg = (char *) inp; - PRINTMSG(msg, msglen); - } - } - - u->us_clientstate = UPAPCS_BADAUTH; - - error("PAP authentication failed"); - auth_withpeer_fail(u->us_unit, PPP_PAP); -} - - -/* - * upap_sauthreq - Send an Authenticate-Request. - */ -static void -upap_sauthreq(u) - upap_state *u; -{ - u_char *outp; - int outlen; - - outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + - u->us_userlen + u->us_passwdlen; - outp = outpacket_buf; - - MAKEHEADER(outp, PPP_PAP); - - PUTCHAR(UPAP_AUTHREQ, outp); - PUTCHAR(++u->us_id, outp); - PUTSHORT(outlen, outp); - PUTCHAR(u->us_userlen, outp); - BCOPY(u->us_user, outp, u->us_userlen); - INCPTR(u->us_userlen, outp); - PUTCHAR(u->us_passwdlen, outp); - BCOPY(u->us_passwd, outp, u->us_passwdlen); - - output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); - - TIMEOUT(upap_timeout, u, u->us_timeouttime); - ++u->us_transmits; - u->us_clientstate = UPAPCS_AUTHREQ; -} - - -/* - * upap_sresp - Send a response (ack or nak). - */ -static void -upap_sresp(u, code, id, msg, msglen) - upap_state *u; - u_char code, id; - char *msg; - int msglen; -{ - u_char *outp; - int outlen; - - outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen; - outp = outpacket_buf; - MAKEHEADER(outp, PPP_PAP); - - PUTCHAR(code, outp); - PUTCHAR(id, outp); - PUTSHORT(outlen, outp); - PUTCHAR(msglen, outp); - BCOPY(msg, outp, msglen); - output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); -} - -/* - * upap_printpkt - print the contents of a PAP packet. - */ -static char *upap_codenames[] = { - "AuthReq", "AuthAck", "AuthNak" -}; - -static int -upap_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int code, id, len; - int mlen, ulen, wlen; - char *user, *pwd, *msg; - u_char *pstart; - - if (plen < UPAP_HEADERLEN) - return 0; - pstart = p; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < UPAP_HEADERLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(upap_codenames) / sizeof(char *)) - printer(arg, " %s", upap_codenames[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= UPAP_HEADERLEN; - switch (code) { - case UPAP_AUTHREQ: - if (len < 1) - break; - ulen = p[0]; - if (len < ulen + 2) - break; - wlen = p[ulen + 1]; - if (len < ulen + wlen + 2) - break; - user = (char *) (p + 1); - pwd = (char *) (p + ulen + 2); - p += ulen + wlen + 2; - len -= ulen + wlen + 2; - printer(arg, " user="); - print_string(user, ulen, printer, arg); - printer(arg, " password="); - if (!hide_password) - print_string(pwd, wlen, printer, arg); - else - printer(arg, ""); - break; - case UPAP_AUTHACK: - case UPAP_AUTHNAK: - if (len < 1) - break; - mlen = p[0]; - if (len < mlen + 1) - break; - msg = (char *) (p + 1); - p += mlen + 1; - len -= mlen + 1; - printer(arg, " "); - print_string(msg, mlen, printer, arg); - break; - } - - /* print the rest of the bytes in the packet */ - for (; len > 0; --len) { - GETCHAR(code, p); - printer(arg, " %.2x", code); - } - - return p - pstart; -} diff --git a/pppd/upap.h b/pppd/upap.h deleted file mode 100644 index 5cb59e9..0000000 --- a/pppd/upap.h +++ /dev/null @@ -1,110 +0,0 @@ -/* - * upap.h - User/Password Authentication Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: upap.h,v 1.8 2002/12/04 23:03:33 paulus Exp $ - */ - -/* - * Packet header = Code, id, length. - */ -#define UPAP_HEADERLEN 4 - - -/* - * UPAP codes. - */ -#define UPAP_AUTHREQ 1 /* Authenticate-Request */ -#define UPAP_AUTHACK 2 /* Authenticate-Ack */ -#define UPAP_AUTHNAK 3 /* Authenticate-Nak */ - - -/* - * Each interface is described by upap structure. - */ -typedef struct upap_state { - int us_unit; /* Interface unit number */ - char *us_user; /* User */ - int us_userlen; /* User length */ - char *us_passwd; /* Password */ - int us_passwdlen; /* Password length */ - int us_clientstate; /* Client state */ - int us_serverstate; /* Server state */ - u_char us_id; /* Current id */ - int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */ - int us_transmits; /* Number of auth-reqs sent */ - int us_maxtransmits; /* Maximum number of auth-reqs to send */ - int us_reqtimeout; /* Time to wait for auth-req from peer */ -} upap_state; - - -/* - * Client states. - */ -#define UPAPCS_INITIAL 0 /* Connection down */ -#define UPAPCS_CLOSED 1 /* Connection up, haven't requested auth */ -#define UPAPCS_PENDING 2 /* Connection down, have requested auth */ -#define UPAPCS_AUTHREQ 3 /* We've sent an Authenticate-Request */ -#define UPAPCS_OPEN 4 /* We've received an Ack */ -#define UPAPCS_BADAUTH 5 /* We've received a Nak */ - -/* - * Server states. - */ -#define UPAPSS_INITIAL 0 /* Connection down */ -#define UPAPSS_CLOSED 1 /* Connection up, haven't requested auth */ -#define UPAPSS_PENDING 2 /* Connection down, have requested auth */ -#define UPAPSS_LISTEN 3 /* Listening for an Authenticate */ -#define UPAPSS_OPEN 4 /* We've sent an Ack */ -#define UPAPSS_BADAUTH 5 /* We've sent a Nak */ - - -/* - * Timeouts. - */ -#define UPAP_DEFTIMEOUT 3 /* Timeout (seconds) for retransmitting req */ -#define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */ - -extern upap_state upap[]; - -void upap_authwithpeer __P((int, char *, char *)); -void upap_authpeer __P((int)); - -extern struct protent pap_protent; diff --git a/pppd/utils.c b/pppd/utils.c deleted file mode 100644 index 6f668b8..0000000 --- a/pppd/utils.c +++ /dev/null @@ -1,1089 +0,0 @@ -/* - * utils.c - various utility functions used in pppd. - * - * Copyright (c) 1999-2002 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: utils.c,v 1.24 2004/11/04 10:02:26 paulus Exp $" -#define LOG_TAG "pppd" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef SVR4 -#include -#endif - -#include "pppd.h" -#include "fsm.h" -#include "lcp.h" - -#ifdef ANDROID_CHANGES -#include -#endif - -static const char rcsid[] = RCSID; - -#if defined(SUNOS4) -extern char *strerror(); -#endif - -static void logit __P((int, char *, va_list)); -static void log_write __P((int, char *)); -static void vslp_printer __P((void *, char *, ...)); -static void format_packet __P((u_char *, int, void (*) (void *, char *, ...), - void *)); - -struct buffer_info { - char *ptr; - int len; -}; - -/* - * strlcpy - like strcpy/strncpy, doesn't overflow destination buffer, - * always leaves destination null-terminated (for len > 0). - */ -size_t -strlcpy(dest, src, len) - char *dest; - const char *src; - size_t len; -{ - size_t ret = strlen(src); - - if (len != 0) { - if (ret < len) - strcpy(dest, src); - else { - strncpy(dest, src, len - 1); - dest[len-1] = 0; - } - } - return ret; -} - -/* - * strlcat - like strcat/strncat, doesn't overflow destination buffer, - * always leaves destination null-terminated (for len > 0). - */ -size_t -strlcat(dest, src, len) - char *dest; - const char *src; - size_t len; -{ - size_t dlen = strlen(dest); - - return dlen + strlcpy(dest + dlen, src, (len > dlen? len - dlen: 0)); -} - - -/* - * slprintf - format a message into a buffer. Like sprintf except we - * also specify the length of the output buffer, and we handle - * %m (error message), %v (visible string), - * %q (quoted string), %t (current time) and %I (IP address) formats. - * Doesn't do floating-point formats. - * Returns the number of chars put into buf. - */ -int -slprintf __V((char *buf, int buflen, char *fmt, ...)) -{ - va_list args; - int n; - -#if defined(__STDC__) - va_start(args, fmt); -#else - char *buf; - int buflen; - char *fmt; - va_start(args); - buf = va_arg(args, char *); - buflen = va_arg(args, int); - fmt = va_arg(args, char *); -#endif - n = vslprintf(buf, buflen, fmt, args); - va_end(args); - return n; -} - -/* - * vslprintf - like slprintf, takes a va_list instead of a list of args. - */ -#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0) - -int -vslprintf(buf, buflen, fmt, args) - char *buf; - int buflen; - char *fmt; - va_list args; -{ - int c, i, n; - int width, prec, fillch; - int base, len, neg, quoted; - unsigned long val = 0; - char *str, *f, *buf0; - unsigned char *p; - char num[32]; - time_t t; - u_int32_t ip; - static char hexchars[] = "0123456789abcdef"; - struct buffer_info bufinfo; - - buf0 = buf; - --buflen; - while (buflen > 0) { - for (f = fmt; *f != '%' && *f != 0; ++f) - ; - if (f > fmt) { - len = f - fmt; - if (len > buflen) - len = buflen; - memcpy(buf, fmt, len); - buf += len; - buflen -= len; - fmt = f; - } - if (*fmt == 0) - break; - c = *++fmt; - width = 0; - prec = -1; - fillch = ' '; - if (c == '0') { - fillch = '0'; - c = *++fmt; - } - if (c == '*') { - width = va_arg(args, int); - c = *++fmt; - } else { - while (isdigit(c)) { - width = width * 10 + c - '0'; - c = *++fmt; - } - } - if (c == '.') { - c = *++fmt; - if (c == '*') { - prec = va_arg(args, int); - c = *++fmt; - } else { - prec = 0; - while (isdigit(c)) { - prec = prec * 10 + c - '0'; - c = *++fmt; - } - } - } - str = 0; - base = 0; - neg = 0; - ++fmt; - switch (c) { - case 'l': - c = *fmt++; - switch (c) { - case 'd': - val = va_arg(args, long); - if ((long)val < 0) { - neg = 1; - val = (unsigned long)(-(long)val); - } - base = 10; - break; - case 'u': - val = va_arg(args, unsigned long); - base = 10; - break; - default: - *buf++ = '%'; --buflen; - *buf++ = 'l'; --buflen; - --fmt; /* so %lz outputs %lz etc. */ - continue; - } - break; - case 'd': - i = va_arg(args, int); - if (i < 0) { - neg = 1; - val = -i; - } else - val = i; - base = 10; - break; - case 'u': - val = va_arg(args, unsigned int); - base = 10; - break; - case 'o': - val = va_arg(args, unsigned int); - base = 8; - break; - case 'x': - case 'X': - val = va_arg(args, unsigned int); - base = 16; - break; - case 'p': - val = (unsigned long) va_arg(args, void *); - base = 16; - neg = 2; - break; - case 's': - str = va_arg(args, char *); - break; - case 'c': - num[0] = va_arg(args, int); - num[1] = 0; - str = num; - break; - case 'm': - str = strerror(errno); - break; - case 'I': - ip = va_arg(args, u_int32_t); - ip = ntohl(ip); - slprintf(num, sizeof(num), "%d.%d.%d.%d", (ip >> 24) & 0xff, - (ip >> 16) & 0xff, (ip >> 8) & 0xff, ip & 0xff); - str = num; - break; -#if 0 /* not used, and breaks on S/390, apparently */ - case 'r': - f = va_arg(args, char *); -#ifndef __powerpc__ - n = vslprintf(buf, buflen + 1, f, va_arg(args, va_list)); -#else - /* On the powerpc, a va_list is an array of 1 structure */ - n = vslprintf(buf, buflen + 1, f, va_arg(args, void *)); -#endif - buf += n; - buflen -= n; - continue; -#endif - case 't': - time(&t); - str = ctime(&t); - str += 4; /* chop off the day name */ - str[15] = 0; /* chop off year and newline */ - break; - case 'v': /* "visible" string */ - case 'q': /* quoted string */ - quoted = c == 'q'; - p = va_arg(args, unsigned char *); - if (fillch == '0' && prec >= 0) { - n = prec; - } else { - n = strlen((char *)p); - if (prec >= 0 && n > prec) - n = prec; - } - while (n > 0 && buflen > 0) { - c = *p++; - --n; - if (!quoted && c >= 0x80) { - OUTCHAR('M'); - OUTCHAR('-'); - c -= 0x80; - } - if (quoted && (c == '"' || c == '\\')) - OUTCHAR('\\'); - if (c < 0x20 || (0x7f <= c && c < 0xa0)) { - if (quoted) { - OUTCHAR('\\'); - switch (c) { - case '\t': OUTCHAR('t'); break; - case '\n': OUTCHAR('n'); break; - case '\b': OUTCHAR('b'); break; - case '\f': OUTCHAR('f'); break; - default: - OUTCHAR('x'); - OUTCHAR(hexchars[c >> 4]); - OUTCHAR(hexchars[c & 0xf]); - } - } else { - if (c == '\t') - OUTCHAR(c); - else { - OUTCHAR('^'); - OUTCHAR(c ^ 0x40); - } - } - } else - OUTCHAR(c); - } - continue; - case 'P': /* print PPP packet */ - bufinfo.ptr = buf; - bufinfo.len = buflen + 1; - p = va_arg(args, unsigned char *); - n = va_arg(args, int); - format_packet(p, n, vslp_printer, &bufinfo); - buf = bufinfo.ptr; - buflen = bufinfo.len - 1; - continue; - case 'B': - p = va_arg(args, unsigned char *); - for (n = prec; n > 0; --n) { - c = *p++; - if (fillch == ' ') - OUTCHAR(' '); - OUTCHAR(hexchars[(c >> 4) & 0xf]); - OUTCHAR(hexchars[c & 0xf]); - } - continue; - default: - *buf++ = '%'; - if (c != '%') - --fmt; /* so %z outputs %z etc. */ - --buflen; - continue; - } - if (base != 0) { - str = num + sizeof(num); - *--str = 0; - while (str > num + neg) { - *--str = hexchars[val % base]; - val = val / base; - if (--prec <= 0 && val == 0) - break; - } - switch (neg) { - case 1: - *--str = '-'; - break; - case 2: - *--str = 'x'; - *--str = '0'; - break; - } - len = num + sizeof(num) - 1 - str; - } else { - len = strlen(str); - if (prec >= 0 && len > prec) - len = prec; - } - if (width > 0) { - if (width > buflen) - width = buflen; - if ((n = width - len) > 0) { - buflen -= n; - for (; n > 0; --n) - *buf++ = fillch; - } - } - if (len > buflen) - len = buflen; - memcpy(buf, str, len); - buf += len; - buflen -= len; - } - *buf = 0; - return buf - buf0; -} - -/* - * vslp_printer - used in processing a %P format - */ -static void -vslp_printer __V((void *arg, char *fmt, ...)) -{ - int n; - va_list pvar; - struct buffer_info *bi; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - void *arg; - char *fmt; - va_start(pvar); - arg = va_arg(pvar, void *); - fmt = va_arg(pvar, char *); -#endif - - bi = (struct buffer_info *) arg; - n = vslprintf(bi->ptr, bi->len, fmt, pvar); - va_end(pvar); - - bi->ptr += n; - bi->len -= n; -} - -#ifdef unused -/* - * log_packet - format a packet and log it. - */ - -void -log_packet(p, len, prefix, level) - u_char *p; - int len; - char *prefix; - int level; -{ - init_pr_log(prefix, level); - format_packet(p, len, pr_log, &level); - end_pr_log(); -} -#endif /* unused */ - -/* - * format_packet - make a readable representation of a packet, - * calling `printer(arg, format, ...)' to output it. - */ -static void -format_packet(p, len, printer, arg) - u_char *p; - int len; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int i, n; - u_short proto; - struct protent *protp; - - if (len >= PPP_HDRLEN && p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) { - p += 2; - GETSHORT(proto, p); - len -= PPP_HDRLEN; - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (proto == protp->protocol) - break; - if (protp != NULL) { - printer(arg, "[%s", protp->name); - n = (*protp->printpkt)(p, len, printer, arg); - printer(arg, "]"); - p += n; - len -= n; - } else { - for (i = 0; (protp = protocols[i]) != NULL; ++i) - if (proto == (protp->protocol & ~0x8000)) - break; - if (protp != 0 && protp->data_name != 0) { - printer(arg, "[%s data]", protp->data_name); - if (len > 8) - printer(arg, "%.8B ...", p); - else - printer(arg, "%.*B", len, p); - len = 0; - } else - printer(arg, "[proto=0x%x]", proto); - } - } - - if (len > 32) - printer(arg, "%.32B ...", p); - else - printer(arg, "%.*B", len, p); -} - -/* - * init_pr_log, end_pr_log - initialize and finish use of pr_log. - */ - -static char line[256]; /* line to be logged accumulated here */ -static char *linep; /* current pointer within line */ -static int llevel; /* level for logging */ - -void -init_pr_log(prefix, level) - char *prefix; - int level; -{ - linep = line; - if (prefix != NULL) { - strlcpy(line, prefix, sizeof(line)); - linep = line + strlen(line); - } - llevel = level; -} - -void -end_pr_log() -{ - if (linep != line) { - *linep = 0; - log_write(llevel, line); - } -} - -/* - * pr_log - printer routine for outputting to syslog - */ -void -pr_log __V((void *arg, char *fmt, ...)) -{ - int l, n; - va_list pvar; - char *p, *eol; - char buf[256]; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - void *arg; - char *fmt; - va_start(pvar); - arg = va_arg(pvar, void *); - fmt = va_arg(pvar, char *); -#endif - - n = vslprintf(buf, sizeof(buf), fmt, pvar); - va_end(pvar); - - p = buf; - eol = strchr(buf, '\n'); - if (linep != line) { - l = (eol == NULL)? n: eol - buf; - if (linep + l < line + sizeof(line)) { - if (l > 0) { - memcpy(linep, buf, l); - linep += l; - } - if (eol == NULL) - return; - p = eol + 1; - eol = strchr(p, '\n'); - } - *linep = 0; - log_write(llevel, line); - linep = line; - } - - while (eol != NULL) { - *eol = 0; - log_write(llevel, p); - p = eol + 1; - eol = strchr(p, '\n'); - } - - /* assumes sizeof(buf) <= sizeof(line) */ - l = buf + n - p; - if (l > 0) { - memcpy(line, p, n); - linep = line + l; - } -} - -/* - * print_string - print a readable representation of a string using - * printer. - */ -void -print_string(p, len, printer, arg) - char *p; - int len; - void (*printer) __P((void *, char *, ...)); - void *arg; -{ - int c; - - printer(arg, "\""); - for (; len > 0; --len) { - c = *p++; - if (' ' <= c && c <= '~') { - if (c == '\\' || c == '"') - printer(arg, "\\"); - printer(arg, "%c", c); - } else { - switch (c) { - case '\n': - printer(arg, "\\n"); - break; - case '\r': - printer(arg, "\\r"); - break; - case '\t': - printer(arg, "\\t"); - break; - default: - printer(arg, "\\%.3o", c); - } - } - } - printer(arg, "\""); -} - -/* - * logit - does the hard work for fatal et al. - */ -static void -logit(level, fmt, args) - int level; - char *fmt; - va_list args; -{ - int n; - char buf[1024]; - - n = vslprintf(buf, sizeof(buf), fmt, args); - log_write(level, buf); -} - -static void -log_write(level, buf) - int level; - char *buf; -{ - syslog(level, "%s", buf); - - fprintf(stderr, buf); - - if (log_to_fd >= 0 && (level != LOG_DEBUG || debug)) { - int n = strlen(buf); - - if (n > 0 && buf[n-1] == '\n') - --n; - if (write(log_to_fd, buf, n) != n - || write(log_to_fd, "\n", 1) != 1) - log_to_fd = -1; - } -} - -/* - * fatal - log an error message and die horribly. - */ -void -fatal __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_ERROR, LOG_TAG, fmt, pvar); -#else - logit(LOG_ERR, fmt, pvar); -#endif - va_end(pvar); - - die(1); /* as promised */ -} - -/* - * error - log an error message. - */ -void -error __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_ERROR, LOG_TAG, fmt, pvar); -#else - logit(LOG_ERR, fmt, pvar); -#endif - - va_end(pvar); - ++error_count; -} - -/* - * warn - log a warning message. - */ -void -warn __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_WARN, LOG_TAG, fmt, pvar); -#else - logit(LOG_WARNING, fmt, pvar); -#endif - - va_end(pvar); -} - -/* - * notice - log a notice-level message. - */ -void -notice __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_INFO, LOG_TAG, fmt, pvar); -#else - logit(LOG_NOTICE, fmt, pvar); -#endif - va_end(pvar); -} - -/* - * info - log an informational message. - */ -void -info __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_INFO, LOG_TAG, fmt, pvar); -#else - logit(LOG_INFO, fmt, pvar); -#endif - - va_end(pvar); -} - -/* - * dbglog - log a debug message. - */ -void -dbglog __V((char *fmt, ...)) -{ - va_list pvar; - -#if defined(__STDC__) - va_start(pvar, fmt); -#else - char *fmt; - va_start(pvar); - fmt = va_arg(pvar, char *); -#endif - -#ifdef ANDROID_CHANGES - __android_log_vprint(ANDROID_LOG_DEBUG, LOG_TAG, fmt, pvar); -#else - logit(LOG_DEBUG, fmt, pvar); -#endif - va_end(pvar); -} - -/* - * dump_packet - print out a packet in readable form if it is interesting. - * Assumes len >= PPP_HDRLEN. - */ -void -dump_packet(const char *tag, unsigned char *p, int len) -{ - int proto; - - if (!debug) - return; - - /* - * don't print LCP echo request/reply packets if debug <= 1 - * and the link is up. - */ - proto = (p[2] << 8) + p[3]; - if (debug <= 1 && unsuccess == 0 && proto == PPP_LCP - && len >= PPP_HDRLEN + HEADERLEN) { - unsigned char *lcp = p + PPP_HDRLEN; - int l = (lcp[2] << 8) + lcp[3]; - - if ((lcp[0] == ECHOREQ || lcp[0] == ECHOREP) - && l >= HEADERLEN && l <= len - PPP_HDRLEN) - return; - } - - dbglog("%s %P", tag, p, len); -} - -/* - * complete_read - read a full `count' bytes from fd, - * unless end-of-file or an error other than EINTR is encountered. - */ -ssize_t -complete_read(int fd, void *buf, size_t count) -{ - size_t done; - ssize_t nb; - char *ptr = buf; - - for (done = 0; done < count; ) { - nb = read(fd, ptr, count - done); - if (nb < 0) { - if (errno == EINTR) - continue; - return -1; - } - if (nb == 0) - break; - done += nb; - ptr += nb; - } - return done; -} - -/* Procedures for locking the serial device using a lock file. */ -#ifndef LOCK_DIR -#ifdef __linux__ -#define LOCK_DIR "/var/lock" -#else -#ifdef SVR4 -#define LOCK_DIR "/var/spool/locks" -#else -#define LOCK_DIR "/var/spool/lock" -#endif -#endif -#endif /* LOCK_DIR */ - -static char lock_file[MAXPATHLEN]; - -/* - * lock - create a lock file for the named device - */ -int -lock(dev) - char *dev; -{ -#ifdef LOCKLIB - int result; - - result = mklock (dev, (void *) 0); - if (result == 0) { - strlcpy(lock_file, dev, sizeof(lock_file)); - return 0; - } - - if (result > 0) - notice("Device %s is locked by pid %d", dev, result); - else - error("Can't create lock file %s", lock_file); - return -1; - -#else /* LOCKLIB */ - - char lock_buffer[12]; - int fd, pid, n; - -#ifdef SVR4 - struct stat sbuf; - - if (stat(dev, &sbuf) < 0) { - error("Can't get device number for %s: %m", dev); - return -1; - } - if ((sbuf.st_mode & S_IFMT) != S_IFCHR) { - error("Can't lock %s: not a character device", dev); - return -1; - } - slprintf(lock_file, sizeof(lock_file), "%s/LK.%03d.%03d.%03d", - LOCK_DIR, major(sbuf.st_dev), - major(sbuf.st_rdev), minor(sbuf.st_rdev)); -#else - char *p; - char lockdev[MAXPATHLEN]; - - if ((p = strstr(dev, "dev/")) != NULL) { - dev = p + 4; - strncpy(lockdev, dev, MAXPATHLEN-1); - lockdev[MAXPATHLEN-1] = 0; - while ((p = strrchr(lockdev, '/')) != NULL) { - *p = '_'; - } - dev = lockdev; - } else - if ((p = strrchr(dev, '/')) != NULL) - dev = p + 1; - - slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); -#endif - - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { - if (errno != EEXIST) { - error("Can't create lock file %s: %m", lock_file); - break; - } - - /* Read the lock file to find out who has the device locked. */ - fd = open(lock_file, O_RDONLY, 0); - if (fd < 0) { - if (errno == ENOENT) /* This is just a timing problem. */ - continue; - error("Can't open existing lock file %s: %m", lock_file); - break; - } -#ifndef LOCK_BINARY - n = read(fd, lock_buffer, 11); -#else - n = read(fd, &pid, sizeof(pid)); -#endif /* LOCK_BINARY */ - close(fd); - fd = -1; - if (n <= 0) { - error("Can't read pid from lock file %s", lock_file); - break; - } - - /* See if the process still exists. */ -#ifndef LOCK_BINARY - lock_buffer[n] = 0; - pid = atoi(lock_buffer); -#endif /* LOCK_BINARY */ - if (pid == getpid()) - return 1; /* somebody else locked it for us */ - if (pid == 0 - || (kill(pid, 0) == -1 && errno == ESRCH)) { - if (unlink (lock_file) == 0) { - notice("Removed stale lock on %s (pid %d)", dev, pid); - continue; - } - warn("Couldn't remove stale lock on %s", dev); - } else - notice("Device %s is locked by pid %d", dev, pid); - break; - } - - if (fd < 0) { - lock_file[0] = 0; - return -1; - } - - pid = getpid(); -#ifndef LOCK_BINARY - slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid); - write (fd, lock_buffer, 11); -#else - write(fd, &pid, sizeof (pid)); -#endif - close(fd); - return 0; - -#endif -} - -/* - * relock - called to update our lockfile when we are about to detach, - * thus changing our pid (we fork, the child carries on, and the parent dies). - * Note that this is called by the parent, with pid equal to the pid - * of the child. This avoids a potential race which would exist if - * we had the child rewrite the lockfile (the parent might die first, - * and another process could think the lock was stale if it checked - * between when the parent died and the child rewrote the lockfile). - */ -int -relock(pid) - int pid; -{ -#ifdef LOCKLIB - /* XXX is there a way to do this? */ - return -1; -#else /* LOCKLIB */ - - int fd; - char lock_buffer[12]; - - if (lock_file[0] == 0) - return -1; - fd = open(lock_file, O_WRONLY, 0); - if (fd < 0) { - error("Couldn't reopen lock file %s: %m", lock_file); - lock_file[0] = 0; - return -1; - } - -#ifndef LOCK_BINARY - slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid); - write (fd, lock_buffer, 11); -#else - write(fd, &pid, sizeof(pid)); -#endif /* LOCK_BINARY */ - close(fd); - return 0; - -#endif /* LOCKLIB */ -} - -/* - * unlock - remove our lockfile - */ -void -unlock() -{ - if (lock_file[0]) { -#ifdef LOCKLIB - (void) rmlock(lock_file, (void *) 0); -#else - unlink(lock_file); -#endif - lock_file[0] = 0; - } -} - -- 2.11.0