diff options
| -rw-r--r-- | usr.sbin/spppcontrol/Makefile | 10 | ||||
| -rw-r--r-- | usr.sbin/spppcontrol/spppcontrol.8 | 229 | ||||
| -rw-r--r-- | usr.sbin/spppcontrol/spppcontrol.c | 239 |
3 files changed, 478 insertions, 0 deletions
diff --git a/usr.sbin/spppcontrol/Makefile b/usr.sbin/spppcontrol/Makefile new file mode 100644 index 00000000000..ed05cc6d0e7 --- /dev/null +++ b/usr.sbin/spppcontrol/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.1 2000/10/16 22:56:39 chris Exp $ + +PROG= spppcontrol +SRCS= spppcontrol.c + +CFLAGS+= -Wall + +MAN= spppcontrol.8 + +.include <bsd.prog.mk> diff --git a/usr.sbin/spppcontrol/spppcontrol.8 b/usr.sbin/spppcontrol/spppcontrol.8 new file mode 100644 index 00000000000..8c2bb7c486e --- /dev/null +++ b/usr.sbin/spppcontrol/spppcontrol.8 @@ -0,0 +1,229 @@ +.\" Copyright (C) 1997 by Joerg Wunsch, Dresden +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS +.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, +.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD: /c/ncvs/src/sbin/spppcontrol/spppcontrol.8,v 1.4.2.4 2000/05/10 10:01:29 sheldonh Exp $ +.\" +.Dd October 11, 1997 +.Os +.Dt SPPPCONTROL 8 +.Sh NAME +.Nm spppcontrol +.Nd display or set parameters for an sppp interface +.Sh SYNOPSIS +.Nm spppcontrol +.Op Fl v +.Ar ifname +.Op Ar parameter Ns Op \&= Ns Ar value +.Op Ar ... +.Sh DESCRIPTION +The +.Xr sppp 4 +driver might require a number of additional arguments or optional +parameters besides the settings that can be adjusted with +.Xr ifconfig 8 . +These are things like authentication protocol parameters, but also +other tunable configuration variables. The +.Nm +utility can be used to display the current settings, or adjust these +parameters as required. +.Pp +For whatever intent +.Nm +is being called, at least the parameter +.Ar ifname +needs to be specified, naming the interface for which the settings +are to be performed or displayed. Use +.Xr ifconfig 8 , +or +.Xr netstat 1 +to see which interfaces are available. +.Pp +If no other parameter is given, +.Nm +will just list the current settings for +.Ar ifname +and exit. The reported settings include the current PPP phase the +interface is in, which can be one of the names +.Em dead , +.Em establish , +.Em authenticate , +.Em network , +or +.Em terminate . +If an authentication protocol is configured for the interface, the +name of the protocol to be used, as well as the system name to be used +or expected will be displayed, plus any possible options to the +authentication protocol if applicable. Note that the authentication +secrets (sometimes also called +.Em keys ) +are not being returned by the underlying system call, and are thus not +displayed. +.Pp +If any additional parameter is supplied, superuser privileges are +required, and the command works in +.Ql set +mode. This is normally done quietly, unless the option +.Fl v +is also enabled, which will cause a final printout of the settings as +described above once all other actions have been taken. Use of this +mode will be rejected if the interface is currently in any other phase +than +.Em dead . +Note that you can force an interface into +.Em dead +phase by calling +.Xr ifconfig 8 +with the parameter +.Ql down . +.Pp +The currently supported parameters include: +.Bl -tag -offset indent -width indent +.It Ar authproto Ns \&= Ns Em protoname +Set both, his and my authentication protocol to +.Em protoname . +The protocol name can be one of +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, the use of an authentication protocol will be +turned off for the named interface. This has the side-effect of +clearing the other authentication-related parameters for this +interface as well (i.e. system name and authentication secret will +be forgotten). +.It Ar myauthproto Ns \&= Ns Em protoname +Same as above, but only for my end of the link. +I.e. this is the +protocol when remote is authenticator, and I am the peer required to +authenticate. +.It Ar hisauthproto Ns \&= Ns Em protoname +Same as above, but only for his end of the link. +.It Ar myauthname Ns \&= Ns Em name +Set my system name for the authentication protocol. +.It Ar hisauthname Ns \&= Ns Em name +Set his system name for the authentication protocol. For CHAP, this +will only be used as a hint, causing a warning message if remote did +supply a different name. For PAP, it's the name remote must use to +authenticate himself (in connection with his secret). +.It Ar myauthsecret Ns \&= Ns Em secret +Set my secret (key, password) for use in the authentication phase. +For CHAP, this will be used to compute the response hash value, based +on remote's challenge. For PAP, it will be transmitted as plain text +together with the system name. Don't forget to quote the secrets from +the shell if they contain shell metacharacters (or white space). +.It Ar myauthkey Ns \&= Ns Em secret +Same as above. +.It Ar hisauthsecret Ns \&= Ns Em secret +Same as above, to be used if we are authenticator and the remote peer +needs to authenticate. +.It Ar hisauthkey Ns \&= Ns Em secret +Same as above. +.It Ar callin +Require remote to authenticate himself only when he's calling in, but +not when we are caller. This is required for some peers that do not +implement the authentication protocols symmetrically (like Ascend +routers, for example). +.It Ar always +The opposite of +.Ar callin . +Require remote to always authenticate, regardless of which side is +placing the call. This is the default, and will not be explicitly +displayed in +.Ql list +mode. +.It Ar norechallenge +Only meaningful with CHAP. Do not re-challenge peer once the initial +CHAP handshake was successful. Used to work around broken peer +implementations that can't grok being re-challenged once the +connection is up. +.It Ar rechallenge +With CHAP, send re-challenges at random intervals while the connection +is in network phase. (The intervals are currently in the range of 300 +through approximately 800 seconds.) This is the default, and will not +be explicitly displayed in +.Ql list +mode. +.El +.Sh EXAMPLES +.Bd -literal +# spppcontrol bppp0 +bppp0: phase=dead + myauthproto=chap myauthname="uriah" + hisauthproto=chap hisauthname="ifb-gw" norechallenge +.Ed +.Pp +Display the settings for bppp0. The interface is currently in +.Em dead +phase, i.e. the LCP layer is down, and no traffic is possible. Both +ends of the connection use the CHAP protocol, my end tells remote the +system name +.Ql uriah , +and remote is expected to authenticate by the name +.Ql ifb-gw . +Once the initial CHAP handshake was successful, no further CHAP +challenges will be transmitted. There are supposedly some known CHAP +secrets for both ends of the link which are not being shown. +.Pp +.Bd -literal +# spppcontrol bppp0 \e + authproto=chap \e + myauthname=uriah myauthsecret='some secret' \e + hisauthname=ifb-gw hisauthsecret='another' \e + norechallenge +.Ed +.Pp +A possible call to +.Nm +that could have been used to bring the interface into the state shown +by the previous example. +.Sh SEE ALSO +.Xr netstat 1 , +.Xr sppp 4 , +.Xr ifconfig 8 +.Rs +.%A B. Lloyd +.%A W. Simpson +.%T "PPP Authentication Protocols" +.%O RFC 1334 +.Re +.Rs +.%A W. Simpson, Editor +.%T "The Point-to-Point Protocol (PPP)" +.%O RFC 1661 +.Re +.Rs +.%A W. Simpson +.%T "PPP Challenge Handshake Authentication Protocol (CHAP)" +.%O RFC 1994 +.Re +.Sh HISTORY +The +.Nm +utility appeared in +.Fx 3.0 . +.Sh AUTHORS +The program was written by +.ie t J\(:org Wunsch, +.el Joerg Wunsch, +Dresden. diff --git a/usr.sbin/spppcontrol/spppcontrol.c b/usr.sbin/spppcontrol/spppcontrol.c new file mode 100644 index 00000000000..6f69873e9c4 --- /dev/null +++ b/usr.sbin/spppcontrol/spppcontrol.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 1997 Joerg Wunsch + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef lint +static const char rcsid[] = + "$FreeBSD: /c/ncvs/src/sbin/spppcontrol/spppcontrol.c,v 1.4.2.2 1999/08/29 15:15:47 peter Exp $"; +#endif /* not lint */ + +#include <sys/param.h> +#include <sys/ioctl.h> +#include <sys/socket.h> + +#include <net/if.h> +#include <net/if_sppp.h> + +#include <err.h> +#include <stdio.h> +#include <string.h> +#include <sysexits.h> +#include <unistd.h> + +static void usage(void); +void print_vals(const char *ifname, struct spppreq *sp); +const char *phase_name(enum ppp_phase phase); +const char *proto_name(u_short proto); +const char *authflags(u_short flags); + +#define PPP_PAP 0xc023 +#define PPP_CHAP 0xc223 + +int +main(int argc, char **argv) +{ + int s, c; + int errs = 0, verbose = 0; + size_t off; + const char *ifname, *cp; + struct ifreq ifr; + struct spppreq spr; + + while ((c = getopt(argc, argv, "v")) != -1) + switch (c) { + case 'v': + verbose++; + break; + + default: + errs++; + break; + } + argv += optind; + argc -= optind; + + if (errs || argc < 1) + usage(); + + ifname = argv[0]; + strncpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name); + + /* use a random AF to create the socket */ + if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + err(EX_UNAVAILABLE, "ifconfig: socket"); + + argc--; + argv++; + + spr.cmd = (int)SPPPIOGDEFS; + ifr.ifr_data = (caddr_t)&spr; + + if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1) + err(EX_OSERR, "SIOCGIFGENERIC(SPPPIOGDEFS)"); + + if (argc == 0) { + /* list only mode */ + print_vals(ifname, &spr); + return 0; + } + +#define startswith(s) strncmp(argv[0], s, (off = strlen(s))) == 0 + + while (argc > 0) { + if (startswith("authproto=")) { + cp = argv[0] + off; + if (strcmp(cp, "pap") == 0) + spr.defs.myauth.proto = + spr.defs.hisauth.proto = PPP_PAP; + else if (strcmp(cp, "chap") == 0) + spr.defs.myauth.proto = + spr.defs.hisauth.proto = PPP_CHAP; + else if (strcmp(cp, "none") == 0) + spr.defs.myauth.proto = + spr.defs.hisauth.proto = 0; + else + errx(EX_DATAERR, "bad auth proto: %s", cp); + } else if (startswith("myauthproto=")) { + cp = argv[0] + off; + if (strcmp(cp, "pap") == 0) + spr.defs.myauth.proto = PPP_PAP; + else if (strcmp(cp, "chap") == 0) + spr.defs.myauth.proto = PPP_CHAP; + else if (strcmp(cp, "none") == 0) + spr.defs.myauth.proto = 0; + else + errx(EX_DATAERR, "bad auth proto: %s", cp); + } else if (startswith("myauthname=")) + strncpy(spr.defs.myauth.name, argv[0] + off, + AUTHNAMELEN); + else if (startswith("myauthsecret=") || + startswith("myauthkey=")) + strncpy(spr.defs.myauth.secret, argv[0] + off, + AUTHKEYLEN); + else if (startswith("hisauthproto=")) { + cp = argv[0] + off; + if (strcmp(cp, "pap") == 0) + spr.defs.hisauth.proto = PPP_PAP; + else if (strcmp(cp, "chap") == 0) + spr.defs.hisauth.proto = PPP_CHAP; + else if (strcmp(cp, "none") == 0) + spr.defs.hisauth.proto = 0; + else + errx(EX_DATAERR, "bad auth proto: %s", cp); + } else if (startswith("hisauthname=")) + strncpy(spr.defs.hisauth.name, argv[0] + off, + AUTHNAMELEN); + else if (startswith("hisauthsecret=") || + startswith("hisauthkey=")) + strncpy(spr.defs.hisauth.secret, argv[0] + off, + AUTHKEYLEN); + else if (strcmp(argv[0], "callin") == 0) + spr.defs.hisauth.flags |= AUTHFLAG_NOCALLOUT; + else if (strcmp(argv[0], "always") == 0) + spr.defs.hisauth.flags &= ~AUTHFLAG_NOCALLOUT; + else if (strcmp(argv[0], "norechallenge") == 0) + spr.defs.hisauth.flags |= AUTHFLAG_NORECHALLENGE; + else if (strcmp(argv[0], "rechallenge") == 0) + spr.defs.hisauth.flags &= ~AUTHFLAG_NORECHALLENGE; + else + errx(EX_DATAERR, "bad parameter: \"%s\"", argv[0]); + + argv++; + argc--; + } + + spr.cmd = (int)SPPPIOSDEFS; + + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(EX_OSERR, "SIOCSIFGENERIC(SPPPIOSDEFS)"); + + if (verbose) + print_vals(ifname, &spr); + + return 0; +} + +static void +usage(void) +{ + fprintf(stderr, "%s\n%s\n", + "usage: spppcontrol [-v] ifname [{my|his}auth{proto|name|secret}=...]", + " spppcontrol [-v] ifname callin|always"); + exit(EX_USAGE); +} + +void +print_vals(const char *ifname, struct spppreq *sp) +{ + printf("%s:\tphase=%s\n", ifname, phase_name(sp->defs.pp_phase)); + if (sp->defs.myauth.proto) { + printf("\tmyauthproto=%s myauthname=\"%.*s\"\n", + proto_name(sp->defs.myauth.proto), + AUTHNAMELEN, sp->defs.myauth.name); + } + if (sp->defs.hisauth.proto) { + printf("\thisauthproto=%s hisauthname=\"%.*s\"%s\n", + proto_name(sp->defs.hisauth.proto), + AUTHNAMELEN, sp->defs.hisauth.name, + authflags(sp->defs.hisauth.flags)); + } +} + +const char * +phase_name(enum ppp_phase phase) +{ + switch (phase) { + case PHASE_DEAD: return "dead"; + case PHASE_ESTABLISH: return "establish"; + case PHASE_TERMINATE: return "terminate"; + case PHASE_AUTHENTICATE: return "authenticate"; + case PHASE_NETWORK: return "network"; + } + return "illegal"; +} + +const char * +proto_name(u_short proto) +{ + static char buf[12]; + switch (proto) { + case PPP_PAP: return "pap"; + case PPP_CHAP: return "chap"; + } + sprintf(buf, "0x%x", (unsigned)proto); + return buf; +} + +const char * +authflags(u_short flags) +{ + static char buf[30]; + buf[0] = '\0'; + if (flags & AUTHFLAG_NOCALLOUT) + strcat(buf, " callin"); + if (flags & AUTHFLAG_NORECHALLENGE) + strcat(buf, " norechallenge"); + return buf; +} |