| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.5.0 (#379)
This commit does several things, being a squash-and-merge of a series
of changes; squashed in order not to break bisection.
* Clean up pppd.h, moving declarations that should only be accessed by
pppd code (not by users of pppd) to a new pppd-private.h. Also,
other parts of pppd.h were moved to multilink.h, chap.h, eap.h,
eui64.h, and a new options.h.
* Provide an API for access to data that is needed by plugins (in no
particular order):
- ifname
- ifunit
- remote_name
- remote_number
- peer_authname
- status (now called "code" internally)
- phase
- doing_multilink
- multilink_master
- idle_time_limit
- link_connect_time
- max_connect_time
- link_stats
- ipparam
- hostname
- got_sigterm
- got_sigusr2
- got_sighup
- session_number
- maxoctets
- maxoctets_dir
- debug
- persist
- devnam
- modem
- peer_authname
- sync_serial
* Update the version number to 2.5.0.
* Detect availability of stddef.h and stdarg.h.
* Rename some headers:
- pppcrypt.c/h to crypto_ms.c/h
- ppp-crypto.c/h to crypto.c/h
- ppp-crypto-priv.h to crypto-priv.h
- chap-new.c/h to chap.c/h
* Remove chap-md5.h, crypto-priv.h, eap-tls.h, etc. from the list of
header files to be installed.
* Provide typedefs for the hook functions.
* Provide a typedef for the "phase" variable.
* Provide a typedef for the link statistics array.
* Remove the option_t typedef.
* Rename the following functions by adding a "ppp_" prefix (with the
intention that these are a "public" API for use by plugins):
- option_error
- add_options
- int_option,
- options_from_file
- script_setenv
- bad_ip_adrs,
- netif_get/set_mtu (renamed to ppp_get/set_mtu)
- get_time
- timeout
- untimeout
- safe_fork
- sys_close
- set_session_number
- update_link_stats (renamed to ppp_get_link_stats)
- add_notifier (renamed to ppp_add_notify)
- remove_notifier (renamed to ppp_del_notify)
- generic_[dis]establish_ppp (to ppp_generic_[dis]establish)
* Rename ppp_devnam to ppp_devname.
* Rename ppp_available() to ppp_check_kernel_support().
* Use unsigned char instead of u_char, unsigned short instead of
u_short, uint32_t instead of u_int32_t.
* Add const to some declarations
* Update comments
* Change the interface for notifiers to use an enum to identify which
notifier is to be modified.
* Provide an API for getting the path to a file, with an enum to
identify different types of file.
* Link plugins with the -DPLUGIN flag
[paulus@ozlabs.org - wrote commit message]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
|
| |
|
|
|
|
| |
Avoid using these variables in function descriptors.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
| |
This re-introduces the missing DES encryption functions copied from Openssl 3.0 project. Incorporates a new API for performing MD4/MD5/SHA and encryption using DES-ECB mode.
Unit tests are included for respective digest/encryption functions using this new API. With this change, you can pass configure --without-openssl to use the internally provided functions. If you do have openssl, then it will default to use these functions. This also provides a framework to allow other vendors to provide crypto.
This closes #333, partially addresses #242 (except the pkcs11 engine support). Word has it that openssl is working on support for this, and the libp11 / opensc project are inclined not to support this.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes adds to his contribution by
* Adding options to perform CA/CRL checking and certificate validation
consistent with what is already been done for EAP-TLS
* Certificate validation is now in line with what is already been done
for EAP-TLS. Users can now set "remotename" and "tls-verify-method" to
control these.
* Validation of certificate purpose and extended key usage is controlled
by the option "tls-verify-key-usage".
* Fixing up MPPE key generation to use the new API for handling MPPE keys
* Man page is updated where appropriate for the new options.
* Added unit-tests for the PEAP code in case of crypto or parameters would
change in the future.
* Added the peap feature to configure scripts. Users can now control the
feature by specifying --enable-peap/--disable-peap.
To acheive feature parity with the EAP-TLS change, the EAP-TLS common code was
refactored into tls.c/.h such that it could be re-used in both instances.
Using PEAP/MSCHAPv2 is now supported in PPPD with this change.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change brings in autoconf/automake scripts to configure the ppp project. Current change doesn't eliminate the previous build system, but the new script autogen.sh will overwrite configure, and generate the basic Makefile.in and Makefile files.
Features can now be enabled by command line:
* Microsoft Extensions,
- MSCHAP
- MPPE
- MS LAN Manager support
* IPXCP protocol
* CBCP protocol
* PAM support
* EAP-TLS support
* EAP-SRP support
* Max session lifetime by byte count
* Plugins
* Packet activity filter support
* Multilink
* IPv6 support
Control linkage with
* OpenSSL (-lssl -lcrypto)
* systemd (-lsystemd)
* libatm (-latm)
* libsrp (-lsrp)
* pam (-lpam)
Also, the configure script is made sensitive to features of OpenSSL. Like the presence or absence of DES, SHA, MD4 and MD5 crypto support. In the cases where either of these are missing, the support will be directly compiled into pppd and plugins.
In addition, package maintainers can now control the installation paths with standard --prefix=, or --localstatedir=, or --sysconfdir= to configure. On top of that, they can now control the following directories:
* runtime directory w/--with-runtime-dir
* logfile directory w/--with-logfile-dir
* plugin directory w/--with-plugin-dir
In the case where automake isn't the right solution, namely: SunOS kernel module build, the original Makefile infrastructure is preserved and reused.
Care was taken to only cosmetically touchup the source files in this change. This means:
* Insert HAVE_CONFIG_H and include config.h in all .c files.
* Change HAS_SHADOW to HAVE_SHADOW_H
* Change HAVE_LOGWTMP to HAVE_UTMP_H
* Introduce HAVE_CRYPT_H into the source code where appropriate
* Added ifdef MPPE where appropriate
* USE_SRP required a few changes as it didn't compile
* Touchup some compile warning in pppstats directory on SunOS
Introduced a new pppdconf.h file that exports the appropriate defines to a module that wants to provide a module that pppd can dynamically load. This will define/undef features like MPPE, CHAPMS such that the project doesn't have to guess what features pppd is compiled with.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
|
|
The lengthy part of this fix is to refactor the handling of MPPE keys
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
It does so by renaming the mppe_set_keys/2 to the corresponding
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
functions.
Having done so, it conveniently allows the name "mppe_set_keys" to be
re-used for this new purpose which will copy the key material up to
its size and then clear the input parameters (avoids leaving the MPPE
keys on the stack).
Additional functiions added to the MPPE code allow plugins et al. to
access the MPPE keys, clear the keys, and check if they are set. All
plugin and CCP code has been updated to use this API.
This fixes GitHub Issue #258
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
|
