| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.5.0 (#379)
This commit does several things, being a squash-and-merge of a series
of changes; squashed in order not to break bisection.
* Clean up pppd.h, moving declarations that should only be accessed by
pppd code (not by users of pppd) to a new pppd-private.h. Also,
other parts of pppd.h were moved to multilink.h, chap.h, eap.h,
eui64.h, and a new options.h.
* Provide an API for access to data that is needed by plugins (in no
particular order):
- ifname
- ifunit
- remote_name
- remote_number
- peer_authname
- status (now called "code" internally)
- phase
- doing_multilink
- multilink_master
- idle_time_limit
- link_connect_time
- max_connect_time
- link_stats
- ipparam
- hostname
- got_sigterm
- got_sigusr2
- got_sighup
- session_number
- maxoctets
- maxoctets_dir
- debug
- persist
- devnam
- modem
- peer_authname
- sync_serial
* Update the version number to 2.5.0.
* Detect availability of stddef.h and stdarg.h.
* Rename some headers:
- pppcrypt.c/h to crypto_ms.c/h
- ppp-crypto.c/h to crypto.c/h
- ppp-crypto-priv.h to crypto-priv.h
- chap-new.c/h to chap.c/h
* Remove chap-md5.h, crypto-priv.h, eap-tls.h, etc. from the list of
header files to be installed.
* Provide typedefs for the hook functions.
* Provide a typedef for the "phase" variable.
* Provide a typedef for the link statistics array.
* Remove the option_t typedef.
* Rename the following functions by adding a "ppp_" prefix (with the
intention that these are a "public" API for use by plugins):
- option_error
- add_options
- int_option,
- options_from_file
- script_setenv
- bad_ip_adrs,
- netif_get/set_mtu (renamed to ppp_get/set_mtu)
- get_time
- timeout
- untimeout
- safe_fork
- sys_close
- set_session_number
- update_link_stats (renamed to ppp_get_link_stats)
- add_notifier (renamed to ppp_add_notify)
- remove_notifier (renamed to ppp_del_notify)
- generic_[dis]establish_ppp (to ppp_generic_[dis]establish)
* Rename ppp_devnam to ppp_devname.
* Rename ppp_available() to ppp_check_kernel_support().
* Use unsigned char instead of u_char, unsigned short instead of
u_short, uint32_t instead of u_int32_t.
* Add const to some declarations
* Update comments
* Change the interface for notifiers to use an enum to identify which
notifier is to be modified.
* Provide an API for getting the path to a file, with an enum to
identify different types of file.
* Link plugins with the -DPLUGIN flag
[paulus@ozlabs.org - wrote commit message]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
|
|
|
|
|
|
|
| |
To avoid bleeding over to third party projects. They are all
defined and exported by pppdconf.h either way. These projects
will stil have a consistent view of how pppd was compiled.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change brings in autoconf/automake scripts to configure the ppp project. Current change doesn't eliminate the previous build system, but the new script autogen.sh will overwrite configure, and generate the basic Makefile.in and Makefile files.
Features can now be enabled by command line:
* Microsoft Extensions,
- MSCHAP
- MPPE
- MS LAN Manager support
* IPXCP protocol
* CBCP protocol
* PAM support
* EAP-TLS support
* EAP-SRP support
* Max session lifetime by byte count
* Plugins
* Packet activity filter support
* Multilink
* IPv6 support
Control linkage with
* OpenSSL (-lssl -lcrypto)
* systemd (-lsystemd)
* libatm (-latm)
* libsrp (-lsrp)
* pam (-lpam)
Also, the configure script is made sensitive to features of OpenSSL. Like the presence or absence of DES, SHA, MD4 and MD5 crypto support. In the cases where either of these are missing, the support will be directly compiled into pppd and plugins.
In addition, package maintainers can now control the installation paths with standard --prefix=, or --localstatedir=, or --sysconfdir= to configure. On top of that, they can now control the following directories:
* runtime directory w/--with-runtime-dir
* logfile directory w/--with-logfile-dir
* plugin directory w/--with-plugin-dir
In the case where automake isn't the right solution, namely: SunOS kernel module build, the original Makefile infrastructure is preserved and reused.
Care was taken to only cosmetically touchup the source files in this change. This means:
* Insert HAVE_CONFIG_H and include config.h in all .c files.
* Change HAS_SHADOW to HAVE_SHADOW_H
* Change HAVE_LOGWTMP to HAVE_UTMP_H
* Introduce HAVE_CRYPT_H into the source code where appropriate
* Added ifdef MPPE where appropriate
* USE_SRP required a few changes as it didn't compile
* Touchup some compile warning in pppstats directory on SunOS
Introduced a new pppdconf.h file that exports the appropriate defines to a module that wants to provide a module that pppd can dynamically load. This will define/undef features like MPPE, CHAPMS such that the project doesn't have to guess what features pppd is compiled with.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
|
|
|
|
|
| |
Code duplication.
Signed-off-by: Tijs Van Buggenhout <tvbuggen@gmail.com>
|
|
|
|
| |
Signed-off-by: Tijs Van Buggenhout <tvbuggen@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Adding EAP-MSCHAPv2 support #175
Implementation based on the RFC: draft-kamath-pppext-eap-mschapv2-02.
Adding support for MSCHAPv2 inside extensible authentication protocol (EAP).
Signed-off-by: Thomas Omerzu <thomas@omerzu.de>
* Removing empty "TODO" in comment section
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
* Add support for EAP-MSCHAPv2 #138
Rewrote the original patch to use the chap-new.c API for caching request/responses. Also incorporate feedback from @paulusmack for input validation and function signatures.
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
* Adding length checks per Paul's request
Signed-off-by: Eivind Naess, eivnaes@yahoo.com
Co-authored-by: Thomas Omerzu <thomas@omerzu.de>
|
|
|
|
|
|
|
|
| |
Some Windows 9x/ME clients might be erroneously transmitting the MS domain
along the login name. This allows to strip them on the server side.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
|
|\
| |
| |
| | |
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If CHAP authentication is required with the peer but this is never
completed (either because the server never sends the challenge or
because the client doesn't receive the outcome) then the client
will wait forever, relying on the server to terminate the connection.
There are options for server side retries but a client side timeout
option is required to prevent the client from getting stuck if the
server won't terminate the connection. This is defaulted to 60 seconds.
Signed-off-by: Simon Arlott <git@sa.me.uk>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This gets rid of the __P and __V macros that were used so that the
code was in theory compilable by a K&R C compiler, and converts the
function definitions to ANSI C style. In fact there were already
quite a few function definitions in the ANSI C style, so it would not
have been compilable by a K&R C compiler in fact.
The Solaris and BSD kernel code modules have had __P removed but the
function definitions have not been converted.
There are some other minor changes here to remove warnings.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements response caching for MSCHAP-v2. It caches our
responses and the responses we expect from the peer. MSCHAP-v2 is
unusual in that the authenticatee's CHAP-Response contains what is
effectively a challenge to the authenticator, and the authenticator's
CHAP-Success packet contains a response to that challenge. Having
the response cache lets us (a) answer challenges consistently and
(b) cope with a CHAP-Success packet that corresponds to one of our
CHAP-Responses that wasn't the last one we sent.
This solves a problem where MSCHAP-v2 does not handle replay/retry
properly. Here's what a typical normal session looks like:
Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Challenge id=0x37 <7ac9de47e66fc440e4b142e28c1a2064>, name = "jeeves"]
Mar 31 02:47:40 nbm pppd[12895]: sent [CHAP Response id=0x37 <12986c68266e0d60e7e0de9c8326073200000000000000005da37272ed71b6743f65bc00f7ae2ca148db9210627b646500>, name = "murka"]
Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Success id=0x37 "S=ED8FB5829C8049C331AAE0C570F63F8B558DEA2C M=Access granted"]
Mar 31 02:47:40 nbm pppd[12895]: CHAP authentication succeeded
however, this breaks down if, for whatever reason - packet loss,
reordering or whatnot - server sends a second challenge that arrives
before the response - it changes client's expectation and the
authentication fails. Here's how it looks in the logs:
Mar 31 02:47:47 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"]
Mar 31 02:47:47 nbm pppd[13014]: sent [CHAP Response id=0x8a <14d788f835add58b60d2aff362c183160000000000000000d780f3849076e9e013272f67bcb8c8cfa0e9b51c0fe3ee2100>, name = "murka"]
Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"]
Mar 31 02:47:48 nbm pppd[13014]: sent [CHAP Response id=0x8a <df950da43b90e235048810469d3283dd0000000000000000ace042b145f5eb9f118349b5672d4829eb5038192050a90b00>, name = "murka"]
Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Success id=0x8a "S=ABAEA4DF5601FADF25F8729455D39BF6D971D501 M=Access granted"]
Mar 31 02:47:48 nbm pppd[13014]: MS-CHAPv2 mutual authentication failed.
Signed-off-by: Paul Mackerras <paulus@samba.org>
|
|
|
|
|
|
|
| |
logging without system-based authentication (works with all PPP
authentication types, including CHAP, unlike the "login" option), and
repaired misuse of wtmpx data in Solaris port.
Contributed by Diego Rivera <diego@rivera.net>.
|
|
|
|
|
|
|
| |
to the peer. The message in the success case is printed in
auth_withpeer_success, but the message in the failure case is
printed by the caller of auth_withpeer_fail (since there are
many possible reasons for failure).
|
|
|
|
|
|
| |
it would ignore the response (except to send a reply with a bogus
message) and retransmit the rechallenge every 3 seconds until it
eventually timed out and took down the link.
|
|
|
|
|
| |
the copyright conditions in documentation from my copyright notice.
It still remains in CMU's and others' copyright notices.
|
|
|
|
|
| |
Fix bug in filling in mdtype field when we NAK and suggest CHAP.
Ask for/suggest MD5 before MSCHAP{v2,} digest.
|
|
|
|
|
|
|
|
|
|
| |
in makefile).
Updated ppp_mod so that it will work with Solaris 10 and beyond
(identify entry point is now obsolete).
Fixed warnings in chat, bsd-comp, deflate, vjcompress, chap-new,
sys-solaris, tty, pppdump, ppp_comp.
|
| |
|
|
|
|
|
|
|
| |
existing makefiles still refer to chap.c for all but Linux.
Fixed unsolicited Configure-Nak handling in *_nakci -- usenet report
that 'while' loop terminates too early if there's a boolean.
Fixed tiny typo in chap-new.c comment.
|
|
copyrighted by the uncontactable Gregory Christy. The new code is
much cleaner and splits out all the digest-specific code to separate
files. Thus the CHAP-MD5 stuff is now in chap-md5.c and all the
CHAP-MS and CHAP-MSv2 stuff has moved into chap_ms.c, instead of
having half of it in chap.c.
There are a few minor differences in this implementation; we don't
retransmit responses, but instead just wait for a new challenge.
The success/failure messages are more boring as well. In fact the
digest code now sets the success/failure message.
CHAP_DIGEST_MD5 has been renamed to CHAP_MD5 for consistency.
There is a new function random_bytes() in magic.c, which generates
a string of random bytes.
|