diff options
| -rw-r--r-- | usr.sbin/pppd/auth.c | 154 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.c | 106 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap_ms.c | 9 | ||||
| -rw-r--r-- | usr.sbin/pppd/chat/chat.8 | 9 | ||||
| -rw-r--r-- | usr.sbin/pppd/chat/chat.c | 16 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.c | 18 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.h | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipxcp.c | 14 | ||||
| -rw-r--r-- | usr.sbin/pppd/magic.c | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/main.c | 182 | ||||
| -rw-r--r-- | usr.sbin/pppd/options.c | 45 | ||||
| -rw-r--r-- | usr.sbin/pppd/patchlevel.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.8 | 89 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.h | 10 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppstats/pppstats.c | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/sys-bsd.c | 25 |
17 files changed, 527 insertions, 184 deletions
diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index 00fbff43790..f779896bf73 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.14 1998/04/25 00:30:26 millert Exp $ */ +/* $OpenBSD: auth.c,v 1.15 1998/05/08 04:52:18 millert Exp $ */ /* * auth.c - PPP authentication and phase control. @@ -36,9 +36,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: auth.c,v 1.35 1997/11/27 06:49:15 paulus Exp $"; +static char rcsid[] = "Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: auth.c,v 1.14 1998/04/25 00:30:26 millert Exp $"; +static char rcsid[] = "$OpenBSD: auth.c,v 1.15 1998/05/08 04:52:18 millert Exp $"; #endif #endif @@ -64,14 +64,10 @@ static char rcsid[] = "$OpenBSD: auth.c,v 1.14 1998/04/25 00:30:26 millert Exp $ #ifdef USE_PAM #include <security/pam_appl.h> -#include <security/pam_modules.h> #endif #ifdef HAS_SHADOW #include <shadow.h> -#ifndef SVR4 -#include <shadow/pwauth.h> -#endif #ifndef PW_PPP #define PW_PPP PW_LOGIN #endif @@ -362,6 +358,7 @@ auth_peer_success(unit, protocol, name, namelen) namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; + script_setenv("PEERNAME", peer_authname); /* * If there is no more authentication still to be done, @@ -442,6 +439,12 @@ np_up(unit, proto) */ if (maxconnect > 0) TIMEOUT(connect_time_expired, 0, maxconnect); + + /* + * Detach now, if the updetach option was given. + */ + if (nodetach == -1) + detach(); } ++num_np_up; } @@ -592,7 +595,6 @@ auth_reset(unit) if (!have_chap_secret(remote_name, our_name, remote)) go->neg_chap = 0; } - } @@ -700,15 +702,65 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) } /* - * This function is needed for PAM. However, it should not be called. - * If it is, return the error code. + * This function is needed for PAM. */ #ifdef USE_PAM -static int pam_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) +static char *PAM_username = ""; +static char *PAM_password = ""; + +#ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) +#else +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) +#endif + +static int pam_conv (int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) { - return PAM_CONV_ERR; + int count = 0, replies = 0; + struct pam_response *reply = NULL; + int size = 0; + + for (count = 0; count < num_msg; count++) + { + size += sizeof (struct pam_response); + reply = realloc (reply, size); /* ANSI: is malloc() if reply==NULL */ + if (!reply) + return PAM_CONV_ERR; + + switch (msg[count]->msg_style) + { + case PAM_PROMPT_ECHO_ON: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_username); /* never NULL */ + break; + + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_password); /* never NULL */ + break; + + case PAM_TEXT_INFO: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = NULL; + break; + + case PAM_ERROR_MSG: + default: + free (reply); + return PAM_CONV_ERR; + } + } + + if (resp) + *resp = reply; + else + free (reply); + + return PAM_SUCCESS; } #endif @@ -729,14 +781,12 @@ plogin(user, passwd, msg, msglen) char **msg; int *msglen; { - char *tty; #ifdef USE_PAM + struct pam_conv pam_conversation; pam_handle_t *pamh; int pam_error; - char *pass; - char *dev; /* * Fill the pam_conversion structure */ @@ -744,23 +794,33 @@ plogin(user, passwd, msg, msglen) pam_conversation.conv = &pam_conv; pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error != PAM_SUCCESS) { - *msg = (char *) pam_strerror (pam_error); + *msg = MY_PAM_STRERROR (pam_error); return UPAP_AUTHNAK; } /* * Define the fields for the credintial validation */ - (void) pam_set_item (pamh, PAM_AUTHTOK, passwd); (void) pam_set_item (pamh, PAM_TTY, devnam); + PAM_username = user; + PAM_password = passwd; /* * Validate the user */ pam_error = pam_authenticate (pamh, PAM_SILENT); - if (pam_error == PAM_SUCCESS) + if (pam_error == PAM_SUCCESS) { pam_error = pam_acct_mgmt (pamh, PAM_SILENT); - *msg = (char *) pam_strerror (pam_error); + /* start a session for this user. Session closed when link ends. */ + if (pam_error == PAM_SUCCESS) + (void) pam_open_session (pamh, PAM_SILENT); + } + + *msg = MY_PAM_STRERROR (pam_error); + + PAM_username = + PAM_password = ""; /* * Clean up the mess */ @@ -774,14 +834,15 @@ plogin(user, passwd, msg, msglen) #else /* #ifdef USE_PAM */ struct passwd *pw; + char *tty; #ifdef HAS_SHADOW struct spwd *spwd; struct spwd *getspnam(); - extern int isexpired (struct passwd *, struct spwd *); /* in libshadow.a */ #endif pw = getpwnam(user); + endpwent(); if (pw == NULL) { return (UPAP_AUTHNAK); } @@ -791,8 +852,13 @@ plogin(user, passwd, msg, msglen) endspent(); if (spwd) { /* check the age of the password entry */ - if (isexpired(pw, spwd)) { - syslog(LOG_WARNING,"Expired password for %s",user); + long now = time(NULL) / 86400L; + + if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) + || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) + && spwd->sp_lstchg >= 0 + && now >= spwd->sp_lstchg + spwd->sp_max)) { + syslog(LOG_WARNING, "Password for %s has expired", user); return (UPAP_AUTHNAK); } pw->pw_passwd = spwd->sp_pwdp; @@ -806,19 +872,22 @@ plogin(user, passwd, msg, msglen) || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) return (UPAP_AUTHNAK); -#endif /* #ifdef USE_PAM */ - - syslog(LOG_INFO, "user %s logged in", user); + /* These functions are not enabled for PAM. The reason for this is that */ + /* there is not necessarily a "passwd" entry for this user. That is */ + /* real purpose of 'PAM' -- to virtualize the account data from the */ + /* application. If you want to do the same thing, write the entry in */ + /* the 'session' hook. */ /* * Write a wtmp entry for this user. */ + tty = devnam; if (strncmp(tty, "/dev/", 5) == 0) tty += 5; logwtmp(tty, user, remote_name); /* Add wtmp login entry */ -#ifdef _PATH_LASTLOG +#if defined(_PATH_LASTLOG) { struct lastlog ll; int fd; @@ -833,6 +902,10 @@ plogin(user, passwd, msg, msglen) } } #endif + +#endif /* #ifdef USE_PAM */ + + syslog(LOG_INFO, "user %s logged in", user); logged_in = TRUE; return (UPAP_AUTHACK); @@ -844,12 +917,34 @@ plogin(user, passwd, msg, msglen) static void plogout() { +#ifdef USE_PAM + struct pam_conv pam_conversation; + pam_handle_t *pamh; + int pam_error; +/* + * Fill the pam_conversion structure. The PAM specification states that the + * session must be able to be closed by a totally different handle from which + * it was created. Hold the PAM group to their own specification! + */ + memset (&pam_conversation, '\0', sizeof (struct pam_conv)); + pam_conversation.conv = &pam_conv; + + pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error == PAM_SUCCESS) { + (void) pam_set_item (pamh, PAM_TTY, devnam); + (void) pam_close_session (pamh, PAM_SILENT); + (void) pam_end (pamh, PAM_SUCCESS); + } + +#else char *tty; tty = devnam; if (strncmp(tty, "/dev/", 5) == 0) tty += 5; - logwtmp(tty, "", ""); /* Wipe out wtmp logout entry */ + logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ +#endif + logged_in = FALSE; } @@ -1067,8 +1162,7 @@ set_allowed_addrs(unit, addrs) u_int32_t a; struct hostent *hp; - if (wo->hisaddr == 0 && *p != '!' && *p != '-' && !ISWILD(p) && - strchr(p, '/') == NULL) { + if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) { hp = gethostbyname(p); if (hp != NULL && hp->h_addrtype == AF_INET) a = *(u_int32_t *)hp->h_addr; diff --git a/usr.sbin/pppd/ccp.c b/usr.sbin/pppd/ccp.c index 32db770d47f..74b75a92bd3 100644 --- a/usr.sbin/pppd/ccp.c +++ b/usr.sbin/pppd/ccp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp.c,v 1.7 1998/01/17 20:30:18 millert Exp $ */ +/* $OpenBSD: ccp.c,v 1.8 1998/05/08 04:52:19 millert Exp $ */ /* * ccp.c - PPP Compression Control Protocol. @@ -29,9 +29,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: ccp.c,v 1.21 1997/05/22 06:45:59 paulus Exp $"; +static char rcsid[] = "Id: ccp.c,v 1.22 1998/03/25 01:25:02 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: ccp.c,v 1.7 1998/01/17 20:30:18 millert Exp $"; +static char rcsid[] = "$OpenBSD: ccp.c,v 1.8 1998/05/08 04:52:19 millert Exp $"; #endif #endif @@ -39,12 +39,11 @@ static char rcsid[] = "$OpenBSD: ccp.c,v 1.7 1998/01/17 20:30:18 millert Exp $"; #include <syslog.h> #include <sys/ioctl.h> #include <sys/types.h> -#include <net/ppp_defs.h> -#include <net/ppp-comp.h> #include "pppd.h" #include "fsm.h" #include "ccp.h" +#include <net/ppp-comp.h> /* * Protocol entry points from main code. @@ -157,8 +156,12 @@ ccp_init(unit) ccp_wantoptions[0].deflate = 1; ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE; + ccp_wantoptions[0].deflate_correct = 1; + ccp_wantoptions[0].deflate_draft = 1; ccp_allowoptions[0].deflate = 1; ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE; + ccp_allowoptions[0].deflate_correct = 1; + ccp_allowoptions[0].deflate_draft = 1; ccp_wantoptions[0].bsd_compress = 1; ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS; @@ -321,11 +324,23 @@ ccp_resetci(f) go->bsd_compress = 0; } if (go->deflate) { - opt_buf[0] = CI_DEFLATE; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + if (go->deflate_correct) { + opt_buf[0] = CI_DEFLATE; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_correct = 0; + } + if (go->deflate_draft) { + opt_buf[0] = CI_DEFLATE_DRAFT; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_draft = 0; + } + if (!go->deflate_correct && !go->deflate_draft) go->deflate = 0; } if (go->predictor_1) { @@ -376,7 +391,7 @@ ccp_addci(f, p, lenp) * in case it gets Acked. */ if (go->deflate) { - p[0] = CI_DEFLATE; + p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; @@ -393,6 +408,13 @@ ccp_addci(f, p, lenp) --go->deflate_size; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } + if (p != p0 && go->deflate_correct && go->deflate_draft) { + p[0] = CI_DEFLATE_DRAFT; + p[1] = CILEN_DEFLATE; + p[2] = p[2 - CILEN_DEFLATE]; + p[3] = DEFLATE_CHK_SEQUENCE; + p += CILEN_DEFLATE; + } } if (go->bsd_compress) { p[0] = CI_BSD_COMPRESS; @@ -456,7 +478,8 @@ ccp_ackci(f, p, len) if (go->deflate) { if (len < CILEN_DEFLATE - || p[0] != CI_DEFLATE || p[1] != CILEN_DEFLATE + || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + || p[1] != CILEN_DEFLATE || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; @@ -465,6 +488,16 @@ ccp_ackci(f, p, len) /* XXX Cope with first/fast ack */ if (len == 0) return 1; + if (go->deflate_correct && go->deflate_draft) { + if (len < CILEN_DEFLATE + || p[0] != CI_DEFLATE_DRAFT + || p[1] != CILEN_DEFLATE + || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } if (go->bsd_compress) { if (len < CILEN_BSD_COMPRESS @@ -521,7 +554,8 @@ ccp_nakci(f, p, len) try = *go; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { no.deflate = 1; /* * Peer wants us to use a different code size or something. @@ -535,6 +569,12 @@ ccp_nakci(f, p, len) try.deflate_size = DEFLATE_SIZE(p[2]); p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } if (go->bsd_compress && len >= CILEN_BSD_COMPRESS @@ -588,13 +628,29 @@ ccp_rejci(f, p, len) return -1; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; /* Rej is bad */ - try.deflate = 0; + if (go->deflate_correct) + try.deflate_correct = 0; + else + try.deflate_draft = 0; p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; /* Rej is bad */ + try.deflate_draft = 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } + if (!try.deflate_correct && !try.deflate_draft) + try.deflate = 0; } if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { @@ -664,7 +720,10 @@ ccp_reqci(f, p, lenp, dont_nak) switch (type) { case CI_DEFLATE: - if (!ao->deflate || clen != CILEN_DEFLATE) { + case CI_DEFLATE_DRAFT: + if (!ao->deflate || clen != CILEN_DEFLATE + || (!ao->deflate_correct && type == CI_DEFLATE) + || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) { newret = CONFREJ; break; } @@ -817,11 +876,15 @@ method_name(opt, opt2) return "(none)"; switch (opt->method) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) - sprintf(result, "Deflate (%d/%d)", opt->deflate_size, - opt2->deflate_size); + sprintf(result, "Deflate%s (%d/%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size, opt2->deflate_size); else - sprintf(result, "Deflate (%d)", opt->deflate_size); + sprintf(result, "Deflate%s (%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size); break; case CI_BSD_COMPRESS: if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) @@ -938,8 +1001,11 @@ ccp_printpkt(p, plen, printer, arg) optend = p + optlen; switch (code) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { - printer(arg, "deflate %d", DEFLATE_SIZE(p[2])); + printer(arg, "deflate%s %d", + (code == CI_DEFLATE_DRAFT? "(old#)": ""), + DEFLATE_SIZE(p[2])); if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL) printer(arg, " method %d", DEFLATE_METHOD(p[2])); if (p[3] != DEFLATE_CHK_SEQUENCE) diff --git a/usr.sbin/pppd/ccp.h b/usr.sbin/pppd/ccp.h index 169efe213af..33e2cb0d32a 100644 --- a/usr.sbin/pppd/ccp.h +++ b/usr.sbin/pppd/ccp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp.h,v 1.4 1997/09/05 04:32:34 millert Exp $ */ +/* $OpenBSD: ccp.h,v 1.5 1998/05/08 04:52:20 millert Exp $ */ /* * ccp.h - Definitions for PPP Compression Control Protocol. @@ -26,7 +26,7 @@ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, * OR MODIFICATIONS. * - * Id: ccp.h,v 1.7 1996/07/01 01:11:49 paulus Exp + * Id: ccp.h,v 1.8 1998/03/25 01:25:03 paulus Exp $ */ typedef struct ccp_options { @@ -34,6 +34,8 @@ typedef struct ccp_options { u_int deflate: 1; /* do Deflate? */ u_int predictor_1: 1; /* do Predictor-1? */ u_int predictor_2: 1; /* do Predictor-2? */ + u_int deflate_correct: 1; /* use correct code for deflate? */ + u_int deflate_draft: 1; /* use draft RFC code for deflate? */ u_short bsd_bits; /* # bits/code for BSD Compress */ u_short deflate_size; /* lg(window size) for Deflate */ short method; /* code for chosen compression method */ diff --git a/usr.sbin/pppd/chap_ms.c b/usr.sbin/pppd/chap_ms.c index edb1e5b039b..c7525a33e84 100644 --- a/usr.sbin/pppd/chap_ms.c +++ b/usr.sbin/pppd/chap_ms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chap_ms.c,v 1.4 1998/01/17 20:30:20 millert Exp $ */ +/* $OpenBSD: chap_ms.c,v 1.5 1998/05/08 04:52:22 millert Exp $ */ /* * chap_ms.c - Microsoft MS-CHAP compatible implementation. @@ -35,9 +35,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: chap_ms.c,v 1.5 1997/11/27 06:08:10 paulus Exp $"; +static char rcsid[] = "Id: chap_ms.c,v 1.8 1998/04/01 00:15:43 paulus Exp $"; #else -static char rcsid[] = "$Id: chap_ms.c,v 1.4 1998/01/17 20:30:20 millert Exp $"; +static char rcsid[] = "$OpenBSD: chap_ms.c,v 1.5 1998/05/08 04:52:22 millert Exp $"; #endif #endif @@ -51,6 +51,9 @@ static char rcsid[] = "$Id: chap_ms.c,v 1.4 1998/01/17 20:30:20 millert Exp $"; #include <syslog.h> #include <unistd.h> #include <md4.h> +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include "pppd.h" #include "chap.h" diff --git a/usr.sbin/pppd/chat/chat.8 b/usr.sbin/pppd/chat/chat.8 index f9299ec69ea..b5df978c616 100644 --- a/usr.sbin/pppd/chat/chat.8 +++ b/usr.sbin/pppd/chat/chat.8 @@ -1,7 +1,7 @@ .\" -*- nroff -*- .\" manual page [] for chat 1.8 -.\" $OpenBSD: chat.8,v 1.4 1998/01/17 20:30:32 millert Exp $ -.\" Id: chat.8,v 1.6 1997/11/27 06:00:06 paulus Exp $ +.\" $OpenBSD: chat.8,v 1.5 1998/05/08 04:52:35 millert Exp $ +.\" Id: chat.8,v 1.7 1998/02/04 01:35:49 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -62,10 +62,7 @@ Request that the \fIchat\fR script be executed in a stderr verbose mode. The \fIchat\fR program will then log all text received from the modem and the output strings sent to the modem to the stderr device. This device is usually the local console at the station running the chat or -pppd program. This option will not work properly if the stderr is -redirected to the /dev/null location as is the case should pppd be run -in the 'detached' mode. In that case, use the '-v' option to record -the session on the SYSLOG device. +pppd program. .TP .B -s Use stderr. All log messages from '-v' and all error messages will be diff --git a/usr.sbin/pppd/chat/chat.c b/usr.sbin/pppd/chat/chat.c index ba7cb62411b..53120e4c720 100644 --- a/usr.sbin/pppd/chat/chat.c +++ b/usr.sbin/pppd/chat/chat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chat.c,v 1.6 1998/01/17 20:30:33 millert Exp $ */ +/* $OpenBSD: chat.c,v 1.7 1998/05/08 04:52:36 millert Exp $ */ /* * Chat -- a program for automatic session establishment (i.e. dial @@ -81,9 +81,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: chat.c,v 1.17 1997/11/27 06:37:15 paulus Exp $"; +static char rcsid[] = "Id: chat.c,v 1.19 1998/03/24 23:57:48 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: chat.c,v 1.6 1998/01/17 20:30:33 millert Exp $"; +static char rcsid[] = "$OpenBSD: chat.c,v 1.7 1998/05/08 04:52:36 millert Exp $"; #endif #endif @@ -1397,6 +1397,16 @@ register char *string; return (0); } +/* + * Gross kludge to handle Solaris versions >= 2.6 having usleep. + */ +#ifdef SOL2 +#include <sys/param.h> +#if MAXUID > 65536 /* then this is Solaris 2.6 or later */ +#undef NO_USLEEP +#endif +#endif /* SOL2 */ + #ifdef NO_USLEEP #include <sys/types.h> #include <sys/time.h> diff --git a/usr.sbin/pppd/ipcp.c b/usr.sbin/pppd/ipcp.c index dbae923de18..df4e2eabd76 100644 --- a/usr.sbin/pppd/ipcp.c +++ b/usr.sbin/pppd/ipcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcp.c,v 1.5 1997/09/05 04:32:38 millert Exp $ */ +/* $OpenBSD: ipcp.c,v 1.6 1998/05/08 04:52:23 millert Exp $ */ /* * ipcp.c - PPP IP Control Protocol. @@ -21,9 +21,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: ipcp.c,v 1.32 1997/07/14 03:52:56 paulus Exp"; +static char rcsid[] = "Id: ipcp.c,v 1.34 1998/04/28 23:38:09 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: ipcp.c,v 1.5 1997/09/05 04:32:38 millert Exp $"; +static char rcsid[] = "$OpenBSD: ipcp.c,v 1.6 1998/05/08 04:52:23 millert Exp $"; #endif #endif @@ -1163,6 +1163,8 @@ ipcp_up(f) ipcp_close(f->unit, "Could not determine local IP address"); return; } + script_setenv("IPLOCAL", ip_ntoa(go->ouraddr)); + script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr)); /* * Check that the peer is allowed to use the IP address it wants. @@ -1415,9 +1417,9 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDRS) { p += 2; GETLONG(cilong, p); - printer(arg, "addrs %s", ip_ntoa(htonl(cilong))); + printer(arg, "addrs %I", htonl(cilong)); GETLONG(cilong, p); - printer(arg, " %s", ip_ntoa(htonl(cilong))); + printer(arg, " %I", htonl(cilong)); } break; case CI_COMPRESSTYPE: @@ -1441,20 +1443,20 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDR) { p += 2; GETLONG(cilong, p); - printer(arg, "addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "addr %I", htonl(cilong)); } break; case CI_MS_DNS1: case CI_MS_DNS2: p += 2; GETLONG(cilong, p); - printer(arg, "dns-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-dns %I", htonl(cilong)); break; case CI_MS_WINS1: case CI_MS_WINS2: p += 2; GETLONG(cilong, p); - printer(arg, "wins-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-wins %I", htonl(cilong)); break; } while (p < optend) { diff --git a/usr.sbin/pppd/ipcp.h b/usr.sbin/pppd/ipcp.h index 8e3701d5be2..a5143f2f623 100644 --- a/usr.sbin/pppd/ipcp.h +++ b/usr.sbin/pppd/ipcp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcp.h,v 1.4 1997/09/05 04:32:39 millert Exp $ */ +/* $OpenBSD: ipcp.h,v 1.5 1998/05/08 04:52:24 millert Exp $ */ /* * ipcp.h - IP Control Protocol definitions. @@ -18,7 +18,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * Id: ipcp.h,v 1.10 1997/03/04 03:39:20 paulus Exp + * Id: ipcp.h,v 1.11 1998/04/28 23:38:11 paulus Exp $ */ /* @@ -28,10 +28,10 @@ #define CI_COMPRESSTYPE 2 /* Compression Type */ #define CI_ADDR 3 -#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS1 129 /* Primary DNS value */ -#define CI_MS_WINS2 130 /* Secondary WINS value */ +#define CI_MS_WINS1 130 /* Primary WINS value */ #define CI_MS_DNS2 131 /* Secondary DNS value */ +#define CI_MS_WINS2 132 /* Secondary WINS value */ #define MAX_STATES 16 /* from slcompress.h */ diff --git a/usr.sbin/pppd/ipxcp.c b/usr.sbin/pppd/ipxcp.c index aa7702c159d..7b36f2eccf9 100644 --- a/usr.sbin/pppd/ipxcp.c +++ b/usr.sbin/pppd/ipxcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipxcp.c,v 1.4 1998/01/17 20:30:22 millert Exp $ */ +/* $OpenBSD: ipxcp.c,v 1.5 1998/05/08 04:52:25 millert Exp $ */ /* * ipxcp.c - PPP IPX Control Protocol. @@ -22,9 +22,9 @@ #ifdef IPX_CHANGE #ifndef lint #if 0 -static char rcsid[] = "Id: ipxcp.c,v 1.5 1997/03/04 03:39:32 paulus Exp"; +static char rcsid[] = "Id: ipxcp.c,v 1.6 1998/03/25 03:08:16 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: ipxcp.c,v 1.4 1998/01/17 20:30:22 millert Exp $"; +static char rcsid[] = "$OpenBSD: ipxcp.c,v 1.5 1998/05/08 04:52:25 millert Exp $"; #endif #endif @@ -1361,9 +1361,9 @@ ipxcp_printpkt(p, plen, printer, arg) while (p < optend) { GETCHAR(code, p); if (code >= 0x20 && code <= 0x7E) - printer (arg, "%c", code); + printer (arg, "%c", (int) (unsigned int) (unsigned char) code); else - printer (arg, " \\%.2x", code); + printer (arg, " \\%.2x", (int) (unsigned int) (unsigned char) code); } printer (arg, "\""); } @@ -1380,7 +1380,7 @@ ipxcp_printpkt(p, plen, printer, arg) while (p < optend) { GETCHAR(code, p); - printer(arg, " %.2x", code); + printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code); } printer(arg, ">"); } @@ -1400,7 +1400,7 @@ ipxcp_printpkt(p, plen, printer, arg) /* print the rest of the bytes in the packet */ for (; len > 0; --len) { GETCHAR(code, p); - printer(arg, " %.2x", code); + printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code); } return p - pstart; diff --git a/usr.sbin/pppd/magic.c b/usr.sbin/pppd/magic.c index 73fa0f38645..7728ec06fa4 100644 --- a/usr.sbin/pppd/magic.c +++ b/usr.sbin/pppd/magic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: magic.c,v 1.3 1997/09/05 04:32:41 millert Exp $ */ +/* $OpenBSD: magic.c,v 1.4 1998/05/08 04:52:26 millert Exp $ */ /* * magic.c - PPP Magic Number routines. @@ -21,9 +21,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: magic.c,v 1.6 1996/04/04 03:58:41 paulus Exp"; +static char rcsid[] = "Id: magic.c,v 1.7 1998/03/25 03:07:49 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: magic.c,v 1.3 1997/09/05 04:32:41 millert Exp $"; +static char rcsid[] = "$OpenBSD: magic.c,v 1.4 1998/05/08 04:52:26 millert Exp $"; #endif #endif @@ -52,7 +52,7 @@ magic_init() struct timeval t; gettimeofday(&t, NULL); - seed = gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid(); + seed = get_host_seed() ^ t.tv_sec ^ t.tv_usec ^ getpid(); srand48(seed); } diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c index aa69550c03f..9124dd66c18 100644 --- a/usr.sbin/pppd/main.c +++ b/usr.sbin/pppd/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.21 1998/01/17 20:30:25 millert Exp $ */ +/* $OpenBSD: main.c,v 1.22 1998/05/08 04:52:27 millert Exp $ */ /* * main.c - Point-to-Point Protocol main module @@ -21,9 +21,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: main.c,v 1.43 1997/11/27 06:09:20 paulus Exp $"; +static char rcsid[] = "Id: main.c,v 1.49 1998/05/05 05:24:17 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: main.c,v 1.21 1998/01/17 20:30:25 millert Exp $"; +static char rcsid[] = "$OpenBSD: main.c,v 1.22 1998/05/08 04:52:27 millert Exp $"; #endif #endif @@ -92,11 +92,14 @@ int baud_rate; /* Actual bits/second for serial device */ int hungup; /* terminal has been hung up */ int privileged; /* we're running as real uid root */ int need_holdoff; /* need holdoff period before restarting */ +int detached; /* have detached from terminal */ int phase; /* where the link is at */ int kill_link; int open_ccp_flag; -int redirect_stderr; /* Connector's stderr should go to file */ + +char **script_env; /* Env. variable values for scripts */ +int s_env_nalloc; /* # words avail at script_env */ u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */ u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */ @@ -109,6 +112,7 @@ char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n"; /* Prototypes for procedures local to this file. */ +static void create_pidfile __P((void)); static void cleanup __P((void)); static void close_tty __P((void)); static void get_input __P((void)); @@ -169,13 +173,13 @@ main(argc, argv) { int i, fdflags; struct sigaction sa; - FILE *pidfile; char *p; struct passwd *pw; struct timeval timo; sigset_t mask; struct protent *protp; struct stat statbuf; + char numbuf[16]; phase = PHASE_INITIALIZE; p = ttyname(0); @@ -183,6 +187,8 @@ main(argc, argv) strcpy(devnam, p); strcpy(default_devnam, devnam); + script_env = NULL; + /* Initialize syslog facilities */ #ifdef ULTRIX openlog("pppd", LOG_PID); @@ -199,6 +205,8 @@ main(argc, argv) uid = getuid(); privileged = uid == 0; + sprintf(numbuf, "%d", uid); + script_setenv("UID", numbuf); /* * Initialize to the standard option set, then parse, in order, @@ -245,13 +253,18 @@ main(argc, argv) exit(1); } + script_setenv("DEVICE", devnam); + sprintf(numbuf, "%d", baud_rate); + script_setenv("SPEED", numbuf); + /* * If the user has specified the default device name explicitly, * pretend they hadn't. */ if (!default_device && strcmp(devnam, default_devnam) == 0) default_device = 1; - redirect_stderr = !nodetach || default_device; + if (default_device) + nodetach = 1; /* * Initialize system-dependent stuff and magic number package. @@ -265,10 +278,8 @@ main(argc, argv) * Detach ourselves from the terminal, if required, * and identify who is running us. */ - if (!default_device && !nodetach && daemon(0, 0) < 0) { - perror("Couldn't detach from controlling terminal"); - exit(1); - } + if (nodetach == 0) + detach(); pid = getpid(); p = getlogin(); if (p == NULL) { @@ -367,16 +378,9 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); + script_setenv("IFNAME", ifname); - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); - pidfilename[0] = 0; - } + create_pidfile(); /* write pid to file */ /* * Configure the interface and mark it up, etc. @@ -515,17 +519,9 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); + script_setenv("IFNAME", ifname); - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", - pidfilename); - pidfilename[0] = 0; - } + create_pidfile(); /* write pid to file */ } /* @@ -618,6 +614,43 @@ main(argc, argv) } /* + * detach - detach us from the controlling terminal. + */ +void +detach() +{ + if (detached) + return; + if (daemon(0, 0) < 0) { + perror("Couldn't detach from controlling terminal"); + die(1); + } + detached = 1; + pid = getpid(); + /* update pid file if it has been written already */ + if (pidfilename[0]) + create_pidfile(); +} + +/* + * Create a file containing our process ID. + */ +static void +create_pidfile() +{ + FILE *pidfile; + + (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); + if ((pidfile = fopen(pidfilename, "w")) != NULL) { + fprintf(pidfile, "%d\n", pid); + (void) fclose(pidfile); + } else { + syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); + pidfilename[0] = 0; + } +} + +/* * holdoff_end - called via a timeout when the holdoff period ends. */ static void @@ -1014,6 +1047,11 @@ static void bad_signal(sig) int sig; { + static int crashed = 0; + + if (crashed) + _exit(127); + crashed = 1; syslog(LOG_ERR, "Fatal signal %d", sig); if (conn_running) kill_my_pg(SIGTERM); @@ -1064,9 +1102,9 @@ device_script(program, in, out) close(out); } } - if (redirect_stderr) { + if (nodetach == 0) { close(2); - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); if (errfd >= 0 && errfd != 2) { dup2(errfd, 2); close(errfd); @@ -1108,7 +1146,6 @@ run_program(prog, args, must_exist) int must_exist; { int pid; - char *nullenv[1]; pid = fork(); if (pid == -1) { @@ -1153,8 +1190,7 @@ run_program(prog, args, must_exist) /* SysV recommends a second fork at this point. */ /* run the program; give it a null environment */ - nullenv[0] = NULL; - execve(prog, args, nullenv); + execve(prog, args, script_env); if (must_exist || errno != ENOENT) syslog(LOG_WARNING, "Can't execute %s: %m", prog); _exit(-1); @@ -1269,10 +1305,9 @@ pr_log __V((void *arg, char *fmt, ...)) fmt = va_arg(pvar, char *); #endif - vsprintf(buf, fmt, pvar); + n = vfmtmsg(buf, sizeof(buf), fmt, pvar); va_end(pvar); - n = strlen(buf); if (linep + n + 1 > line + sizeof(line)) { syslog(LOG_DEBUG, "%s", line); linep = line; @@ -1579,3 +1614,78 @@ vfmtmsg(buf, buflen, fmt, args) *buf = 0; return buf - buf0; } + +/* + * script_setenv - set an environment variable value to be used + * for scripts that we run (e.g. ip-up, auth-up, etc.) + */ +void +script_setenv(var, value) + char *var, *value; +{ + int vl = strlen(var); + int i; + char *p, *newstring; + + newstring = (char *) malloc(vl + strlen(value) + 2); + if (newstring == 0) + return; + strcpy(newstring, var); + newstring[vl] = '='; + strcpy(newstring+vl+1, value); + + /* check if this variable is already set */ + if (script_env != 0) { + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + script_env[i] = newstring; + return; + } + } + } else { + i = 0; + script_env = (char **) malloc(16 * sizeof(char *)); + if (script_env == 0) + return; + s_env_nalloc = 16; + } + + /* reallocate script_env with more space if needed */ + if (i + 1 >= s_env_nalloc) { + int new_n = i + 17; + char **newenv = (char **) realloc((void *)script_env, + new_n * sizeof(char *)); + if (newenv == 0) + return; + script_env = newenv; + s_env_nalloc = new_n; + } + + script_env[i] = newstring; + script_env[i+1] = 0; +} + +/* + * script_unsetenv - remove a variable from the environment + * for scripts. + */ +void +script_unsetenv(var) + char *var; +{ + int vl = strlen(var); + int i; + char *p; + + if (script_env == 0) + return; + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + while ((script_env[i] = script_env[i+1]) != 0) + ++i; + break; + } + } +} diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c index 6a38bf88f5e..f571d0386a8 100644 --- a/usr.sbin/pppd/options.c +++ b/usr.sbin/pppd/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.11 1998/01/17 20:30:26 millert Exp $ */ +/* $OpenBSD: options.c,v 1.12 1998/05/08 04:52:29 millert Exp $ */ /* * options.c - handles option processing for PPP. @@ -21,9 +21,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: options.c,v 1.40 1997/11/27 06:09:34 paulus Exp $"; +static char rcsid[] = "Id: options.c,v 1.42 1998/03/26 04:46:06 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: options.c,v 1.11 1998/01/17 20:30:26 millert Exp $"; +static char rcsid[] = "$OpenBSD: options.c,v 1.12 1998/05/08 04:52:29 millert Exp $"; #endif #endif @@ -180,6 +180,7 @@ static int setcrtscts __P((char **)); static int setnocrtscts __P((char **)); static int setxonxoff __P((char **)); static int setnodetach __P((char **)); +static int setupdetach __P((char **)); static int setmodem __P((char **)); static int setmodem_chat __P((char **)); static int setlocal __P((char **)); @@ -223,6 +224,7 @@ static int setbsdcomp __P((char **)); static int setnobsdcomp __P((char **)); static int setdeflate __P((char **)); static int setnodeflate __P((char **)); +static int setnodeflatedraft __P((char **)); static int setdemand __P((char **)); static int setpred1comp __P((char **)); static int setnopred1comp __P((char **)); @@ -282,6 +284,7 @@ static struct cmd { {"-d", 0, setdebug}, /* Increase debugging level */ {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */ {"-detach", 0, setnodetach}, /* don't fork */ + {"updetach", 0, setupdetach}, /* Detach once an NP has come up */ {"noip", 0, noip}, /* Disable IP and IPCP */ {"-ip", 0, noip}, /* Disable IP and IPCP */ {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */ @@ -377,6 +380,7 @@ static struct cmd { {"deflate", 1, setdeflate}, /* request Deflate compression */ {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */ + {"nodeflatedraft", 0, setnodeflatedraft}, /* don't use draft deflate # */ {"predictor1", 0, setpred1comp}, /* request Predictor-1 */ {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */ {"-predictor1", 0, setnopred1comp}, /* don't allow Predictor-1 */ @@ -1857,6 +1861,14 @@ setnodetach(argv) } static int +setupdetach(argv) + char **argv; +{ + nodetach = -1; + return (1); +} + +static int setdemand(argv) char **argv; { @@ -2246,6 +2258,15 @@ setnodeflate(argv) } static int +setnodeflatedraft(argv) + char **argv; +{ + ccp_wantoptions[0].deflate_draft = 0; + ccp_allowoptions[0].deflate_draft = 0; + return 1; +} + +static int setpred1comp(argv) char **argv; { @@ -2315,11 +2336,12 @@ setdnsaddr(argv) ina.s_addr = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].dnsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].dnsaddr[0] == 0) ipcp_allowoptions[0].dnsaddr[0] = ina.s_addr; - } else { - ipcp_allowoptions[0].dnsaddr[1] = ina.s_addr; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].dnsaddr[1] = ina.s_addr; return (1); } @@ -2345,11 +2367,12 @@ setwinsaddr(argv) ina.s_addr = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].winsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].winsaddr[0] == 0) ipcp_allowoptions[0].winsaddr[0] = ina.s_addr; - } else { - ipcp_allowoptions[0].winsaddr[1] = ina.s_addr; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].winsaddr[1] = ina.s_addr; return (1); } diff --git a/usr.sbin/pppd/patchlevel.h b/usr.sbin/pppd/patchlevel.h index d32fb0adb33..fea1b84f638 100644 --- a/usr.sbin/pppd/patchlevel.h +++ b/usr.sbin/pppd/patchlevel.h @@ -1,8 +1,8 @@ -/* $OpenBSD: patchlevel.h,v 1.6 1998/01/17 20:30:26 millert Exp $ */ +/* $OpenBSD: patchlevel.h,v 1.7 1998/05/08 04:52:30 millert Exp $ */ /* Id: patchlevel.h,v 1.30 1997/11/27 06:09:44 paulus Exp $ */ -#define PATCHLEVEL 3 +#define PATCHLEVEL 5 #define VERSION "2.3" #define IMPLEMENTATION "" -#define DATE "11 December 1997" +#define DATE "4 May 1998" diff --git a/usr.sbin/pppd/pppd.8 b/usr.sbin/pppd/pppd.8 index b3dfddab88b..f37e44b9211 100644 --- a/usr.sbin/pppd/pppd.8 +++ b/usr.sbin/pppd/pppd.8 @@ -1,6 +1,6 @@ -.\" $OpenBSD: pppd.8,v 1.13 1998/01/17 20:30:27 millert Exp $ +.\" $OpenBSD: pppd.8,v 1.14 1998/05/08 04:52:31 millert Exp $ .\" manual page [] for pppd 2.3 -.\" Id: pppd.8,v 1.26 1997/04/30 05:56:22 paulus Exp $ +.\" Id: pppd.8,v 1.27 1998/03/31 04:31:08 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -655,7 +655,7 @@ the initial /dev/ is removed from the terminal name, and any remaining .PP An options file is parsed into a series of words, delimited by whitespace. Whitespace can be included in a word by enclosing the -word in quotes ("). A backslash (\\) quotes the following character. +word in double-quotes ("). A backslash (\\) quotes the following character. A hash (#) starts a comment, which continues until the end of the line. There is no restriction on using the \fIfile\fR or \fIcall\fR options within an options file. @@ -957,10 +957,46 @@ causes other debugging messages to be logged. .LP Debugging can also be enabled or disabled by sending a SIGUSR1 signal to the pppd process. This signal acts as a toggle. -.SH FILES -.TP -.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) -Process-ID for pppd process on ppp interface unit \fIn\fR. +.SH SCRIPTS +Pppd invokes scripts at various stages in its processing which can be +used to perform site-specific ancillary processing. These scripts are +usually shell scripts, but could be executable code files instead. +Pppd does not wait for the scripts to finish. The scripts are +executed as root (with the real and effective user-id set to 0), so +that they can do things such as update routing tables or run +privileged daemons. Be careful that the contents of these scripts do +not compromise your system's security. Pppd runs the scripts with +standard input, output and error redirected to /dev/null, and with an +environment that is empty except for some environment variables that +give information about the link. The environment variables that pppd +sets are: +.TP +.B DEVICE +The name of the serial tty device being used. +.TP +.B IFNAME +The name of the network interface being used. +.TP +.B IPLOCAL +The IP address for the local end of the link. This is only set when +IPCP has come up. +.TP +.B IPREMOTE +The IP address for the remote end of the link. This is only set when +IPCP has come up. +.TP +.B PEERNAME +The authenticated name of the peer. This is only set if the peer +authenticates itself. +.TP +.B SPEED +The baud rate of the tty device. +.TP +.B UID +The real user-id of the user who invoked pppd. +.P +Pppd invokes the following scripts, if they exist. It is not an error +if they don't exist. .TP .B /etc/ppp/auth-up A program or script which is executed after the remote system @@ -968,11 +1004,8 @@ successfully authenticates itself. It is executed with the parameters .IP \fIinterface-name peer-name user-name tty-device speed\fR .IP -and with its standard input, output and error redirected to -/dev/null. This program or script is executed with the real and -effective user-IDs set to root, and with an empty environment. (Note -that this script is not executed if the peer doesn't authenticate -itself, for example when the \fInoauth\fR option is used.) +Note that this script is not executed if the peer doesn't authenticate +itself, for example when the \fInoauth\fR option is used. .TP .B /etc/ppp/auth-down A program or script which is executed when the link goes down, if @@ -986,25 +1019,13 @@ executed with the parameters .IP \fIinterface-name tty-device speed local-IP-address remote-IP-address ipparam\fR -.IP -and with its standard input, -output and error streams redirected to /dev/null. -.IP -This program or script is executed with the real and effective -user-IDs set to root. This is so that it can be used to manipulate -routes, run privileged daemons (e.g. \fIsendmail\fR), etc. Be -careful that the contents of the /etc/ppp/ip-up and /etc/ppp/ip-down -scripts do not compromise your system's security. -.IP -This program or script is executed with an empty environment, so you -must either specify a PATH or use full pathnames. .TP .B /etc/ppp/ip-down A program or script which is executed when the link is no longer available for sending and receiving IP packets. This script can be used for undoing the effects of the /etc/ppp/ip-up script. It is invoked in the same manner and with the same parameters as the ip-up -script, and the same security considerations apply. +script. .TP .B /etc/ppp/ipx-up A program or script which is executed when the link is available for @@ -1015,10 +1036,6 @@ executed with the parameters remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR .IP -and with its standard input, -output and error streams redirected to /dev/null. -.br -.IP The local-IPX-routing-protocol and remote-IPX-routing-protocol field may be one of the following: .IP @@ -1029,21 +1046,17 @@ RIP to indicate that RIP/SAP should be used NLSP to indicate that Novell NLSP should be used .br RIP NLSP to indicate that both RIP/SAP and NLSP should be used -.br -.IP -This program or script is executed with the real and effective -user-IDs set to root, and with an empty environment. This is so -that it can be used to manipulate routes, run privileged daemons (e.g. -\fIripd\fR), etc. Be careful that the contents of the /etc/ppp/ipx-up -and /etc/ppp/ipx-down scripts do not compromise your system's -security. .TP .B /etc/ppp/ipx-down A program or script which is executed when the link is no longer available for sending and receiving IPX packets. This script can be used for undoing the effects of the /etc/ppp/ipx-up script. It is invoked in the same manner and with the same parameters as the ipx-up -script, and the same security considerations apply. +script. +.SH FILES +.TP +.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) +Process-ID for pppd process on ppp interface unit \fIn\fR. .TP .B /etc/ppp/pap-secrets Usernames, passwords and IP addresses for PAP authentication. This diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h index 9400f09e003..a3f530d6f01 100644 --- a/usr.sbin/pppd/pppd.h +++ b/usr.sbin/pppd/pppd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pppd.h,v 1.8 1998/01/17 20:30:28 millert Exp $ */ +/* $OpenBSD: pppd.h,v 1.9 1998/05/08 04:52:32 millert Exp $ */ /* * pppd.h - PPP daemon global declarations. @@ -18,7 +18,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * Id: pppd.h,v 1.19 1997/04/30 05:56:55 paulus Exp + * Id: pppd.h,v 1.21 1998/03/26 04:46:08 paulus Exp $ */ /* @@ -70,6 +70,8 @@ extern int redirect_stderr;/* Connector's stderr should go to file */ extern char peer_authname[];/* Authenticated name of peer */ extern int privileged; /* We were run by real-uid root */ extern int need_holdoff; /* Need holdoff period after link terminates */ +extern char **script_env; /* Environment variables for scripts */ +extern int detached; /* Have detached from controlling tty */ /* * Variables set by command-line options. @@ -177,6 +179,7 @@ extern struct protent *protocols[]; */ /* Procedures exported from main.c. */ +void detach __P((void)); /* Detach from controlling tty */ void die __P((int)); /* Cleanup and exit */ void quit __P((void)); /* like die(1) */ void novm __P((char *)); /* Say we ran out of memory, and die */ @@ -196,6 +199,8 @@ void print_string __P((char *, int, void (*) (void *, char *, ...), void *)); /* Format a string for output */ int fmtmsg __P((char *, int, char *, ...)); /* sprintf++ */ int vfmtmsg __P((char *, int, char *, va_list)); /* vsprintf++ */ +void script_setenv __P((char *, char *)); /* set script env var */ +void script_unsetenv __P((char *)); /* unset script env var */ /* Procedures exported from auth.c */ void link_required __P((int)); /* we are starting to use the link */ @@ -295,6 +300,7 @@ void unlock __P((void)); /* Delete previously-created lock file */ int daemon __P((int, int)); /* Detach us from terminal session */ void logwtmp __P((const char *, const char *, const char *)); /* Write entry to wtmp file */ +int get_host_seed __P((void)); /* Get host-dependent random number seed */ #ifdef PPP_FILTER int set_filters __P((struct bpf_program *pass, struct bpf_program *active)); /* Set filter programs in kernel */ diff --git a/usr.sbin/pppd/pppstats/pppstats.c b/usr.sbin/pppd/pppstats/pppstats.c index 1689a17034c..ff5ce27bfaf 100644 --- a/usr.sbin/pppd/pppstats/pppstats.c +++ b/usr.sbin/pppd/pppstats/pppstats.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pppstats.c,v 1.4 1997/09/01 22:17:17 millert Exp $ */ +/* $OpenBSD: pppstats.c,v 1.5 1998/05/08 04:52:37 millert Exp $ */ /* * print PPP statistics: @@ -35,9 +35,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: pppstats.c,v 1.19 1997/04/30 06:00:27 paulus Exp"; +static char rcsid[] = "Id: pppstats.c,v 1.22 1998/03/31 23:48:03 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: pppstats.c,v 1.4 1997/09/01 22:17:17 millert Exp $"; +static char rcsid[] = "$OpenBSD: pppstats.c,v 1.5 1998/05/08 04:52:37 millert Exp $"; #endif #endif diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c index a93a77f722d..4d5aac3f7c1 100644 --- a/usr.sbin/pppd/sys-bsd.c +++ b/usr.sbin/pppd/sys-bsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys-bsd.c,v 1.13 1998/03/20 03:10:03 angelos Exp $ */ +/* $OpenBSD: sys-bsd.c,v 1.14 1998/05/08 04:52:33 millert Exp $ */ /* * sys-bsd.c - System-dependent procedures for setting up @@ -24,9 +24,9 @@ #ifndef lint #if 0 -static char rcsid[] = "Id: sys-bsd.c,v 1.29 1997/11/27 06:10:04 paulus Exp $"; +static char rcsid[] = "Id: sys-bsd.c,v 1.31 1998/04/02 12:04:19 paulus Exp $"; #else -static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.13 1998/03/20 03:10:03 angelos Exp $"; +static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.14 1998/05/08 04:52:33 millert Exp $"; #endif #endif @@ -50,7 +50,6 @@ static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.13 1998/03/20 03:10:03 angelos Ex #include <sys/socket.h> #include <sys/time.h> #include <sys/stat.h> -#include <sys/param.h> #ifdef PPP_FILTER #include <net/bpf.h> @@ -63,7 +62,16 @@ static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.13 1998/03/20 03:10:03 angelos Ex #include <netinet/in.h> #if RTM_VERSION >= 3 +#include <sys/param.h> +#if defined(NetBSD) && (NetBSD >= 199703) +#include <netinet/if_inarp.h> +#else /* NetBSD 1.2D or later */ +#if defined(__FreeBSD__) || defined(__OpenBSD__) #include <netinet/if_ether.h> +#else +#include <net/if_ether.h> +#endif +#endif #endif #include "pppd.h" @@ -1521,6 +1529,15 @@ GetMask(addr) } /* + * Use the hostid as part of the random number seed. + */ +int +get_host_seed() +{ + return gethostid(); +} + +/* * lock - create a lock file for the named lock device */ #define LOCK_PREFIX "/var/spool/lock/LCK.." |