diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/pppd/Makefile | 19 | ||||
| -rw-r--r-- | usr.sbin/pppd/auth.c | 341 | ||||
| -rw-r--r-- | usr.sbin/pppd/cbcp.c | 26 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.c | 113 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap.c | 73 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap.h | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap_ms.c | 189 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap_ms.h | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/demand.c | 50 | ||||
| -rw-r--r-- | usr.sbin/pppd/fsm.c | 26 | ||||
| -rw-r--r-- | usr.sbin/pppd/fsm.h | 60 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.c | 166 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.h | 7 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipxcp.c | 281 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipxcp.h | 11 | ||||
| -rw-r--r-- | usr.sbin/pppd/lcp.c | 78 | ||||
| -rw-r--r-- | usr.sbin/pppd/lcp.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/magic.c | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/magic.h | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/main.c | 702 | ||||
| -rw-r--r-- | usr.sbin/pppd/options.c | 645 | ||||
| -rw-r--r-- | usr.sbin/pppd/patchlevel.h | 9 | ||||
| -rw-r--r-- | usr.sbin/pppd/pathnames.h | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.h | 62 | ||||
| -rw-r--r-- | usr.sbin/pppd/sys-bsd.c | 97 | ||||
| -rw-r--r-- | usr.sbin/pppd/upap.c | 15 | ||||
| -rw-r--r-- | usr.sbin/pppd/upap.h | 5 |
28 files changed, 1838 insertions, 1181 deletions
diff --git a/usr.sbin/pppd/Makefile b/usr.sbin/pppd/Makefile index 2dcdccd2c6a..8ef3ab38712 100644 --- a/usr.sbin/pppd/Makefile +++ b/usr.sbin/pppd/Makefile @@ -1,20 +1,21 @@ -# $OpenBSD: Makefile,v 1.9 1997/03/26 00:35:57 deraadt Exp $ -# $NetBSD: Makefile,v 1.12 1996/03/19 03:03:04 jtc Exp $ +# $OpenBSD: Makefile,v 1.10 1997/09/05 04:32:32 millert Exp $ +# $NetBSD: Makefile,v 1.13 1996/12/18 16:54:57 christos Exp $ + +PCAPDIR=${.CURDIR}/../../lib/libpcap PROG= pppd -SRCS= main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c ccp.c \ - auth.c options.c sys-bsd.c demand.c gencode.c grammar.c scanner.c \ - nametoaddr.c optimize.c bpf_filter.c chap_ms.c ipxcp.c +SRCS= auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \ + ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c upap.c + .PATH: ${.CURDIR}/../../lib/libpcap ${.CURDIR}/../../sys/net MAN= pppd.8 SUBDIR= pppstats chat BINMODE=4555 BINOWN= root -LDADD= -lutil -DPADD= ${LIBUTIL} -CFLAGS+= -I. -I${.CURDIR} -DHAVE_PATHS_H -DIPX_CHANGE -CLEANFILES=y.tab.h grammar.c scanner.c +LDADD= -lpcap -lutil +DPADD= ${LIBPCAP} ${LIBUTIL} +CFLAGS+= -I. -I${PCAPDIR} -DHAVE_PATHS_H -DIPX_CHANGE -DPPP_FILTER -DUSE_CRYPT MLINKS= pppd.8 ppp.8 diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index 9089b480cdd..a40c8e5143e 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.9 1997/06/08 17:57:24 deraadt Exp $ */ +/* $OpenBSD: auth.c,v 1.10 1997/09/05 04:32:33 millert Exp $ */ /* * auth.c - PPP authentication and phase control. @@ -35,7 +35,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: auth.c,v 1.9 1997/06/08 17:57:24 deraadt Exp $"; +#if 0 +static char rcsid[] = "Id: auth.c,v 1.32 1997/07/14 03:52:33 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: auth.c,v 1.10 1997/09/05 04:32:33 millert Exp $"; +#endif #endif #include <stdio.h> @@ -56,12 +60,13 @@ static char rcsid[] = "$OpenBSD: auth.c,v 1.9 1997/06/08 17:57:24 deraadt Exp $" #ifdef USE_PAM #include <security/pam_appl.h> #include <security/pam_modules.h> -int isexpired (struct passwd *, struct spwd *); #endif #ifdef HAS_SHADOW #include <shadow.h> +#ifndef SVR4 #include <shadow/pwauth.h> +#endif #ifndef PW_PPP #define PW_PPP PW_LOGIN #endif @@ -78,10 +83,6 @@ int isexpired (struct passwd *, struct spwd *); #endif #include "pathnames.h" -#if defined(sun) && defined(sparc) -#include <alloca.h> -#endif /*sparc*/ - /* Used for storing a sequence of words. Usually malloced. */ struct wordlist { struct wordlist *next; @@ -127,10 +128,13 @@ static int passwd_from_file; #define CHAP_WITHPEER 4 #define CHAP_PEER 8 +extern char *crypt __P((const char *, const char *)); + /* Prototypes for procedures local to this file. */ static void network_phase __P((int)); static void check_idle __P((caddr_t)); +static void connect_time_expired __P((caddr_t)); static int login __P((char *, char *, char **, int *)); static void logout __P((void)); static int null_login __P((int)); @@ -142,6 +146,7 @@ static int scan_authfile __P((FILE *, char *, char *, u_int32_t, char *, struct wordlist **, char *)); static void free_wordlist __P((struct wordlist *)); static void auth_script __P((char *)); +static void set_allowed_addrs __P((int, struct wordlist *)); #ifdef CBCP_SUPPORT static void callback_phase __P((int)); #endif @@ -183,8 +188,8 @@ link_down(unit) struct protent *protp; if (did_authup) { - auth_script(_PATH_AUTHDOWN); - did_authup = 0; + auth_script(_PATH_AUTHDOWN); + did_authup = 0; } for (i = 0; (protp = protocols[i]) != NULL; ++i) { if (!protp->enabled_flag) @@ -196,7 +201,8 @@ link_down(unit) } num_np_open = 0; num_np_up = 0; - phase = PHASE_TERMINATE; + if (phase != PHASE_DEAD) + phase = PHASE_TERMINATE; } /* @@ -248,11 +254,11 @@ link_established(unit) ChapAuthWithPeer(unit, user, ho->chap_mdtype); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { - if (passwd[0] == 0) { - passwd_from_file = 1; - if (!get_pap_passwd(passwd)) - syslog(LOG_ERR, "No secret found for PAP login"); - } + if (passwd[0] == 0) { + passwd_from_file = 1; + if (!get_pap_passwd(passwd)) + syslog(LOG_ERR, "No secret found for PAP login"); + } upap_authwithpeer(unit, user, passwd); auth |= PAP_WITHPEER; } @@ -277,8 +283,8 @@ network_phase(unit) * If the peer had to authenticate, run the auth-up script now. */ if ((go->neg_chap || go->neg_upap) && !did_authup) { - auth_script(_PATH_AUTHUP); - did_authup = 1; + auth_script(_PATH_AUTHUP); + did_authup = 1; } #ifdef CBCP_SUPPORT @@ -286,9 +292,9 @@ network_phase(unit) * If we negotiated callback, do it now. */ if (go->neg_cbcp) { - phase = PHASE_CALLBACK; - (*cbcp_protent.open)(unit); - return; + phase = PHASE_CALLBACK; + (*cbcp_protent.open)(unit); + return; } #endif @@ -304,6 +310,10 @@ network_phase(unit) if (protp->protocol != PPP_CCP) ++num_np_open; } + + if (num_np_open == 0) + /* nothing to do */ + lcp_close(0, "No network protocols running"); } /* @@ -347,7 +357,7 @@ auth_peer_success(unit, protocol, name, namelen) * Save the authenticated name of the peer for later. */ if (namelen > sizeof(peer_authname) - 1) - namelen = sizeof(peer_authname) - 1; + namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; @@ -367,8 +377,7 @@ auth_withpeer_fail(unit, protocol) int unit, protocol; { if (passwd_from_file) - BZERO(passwd, MAXSECRETLEN); - + BZERO(passwd, MAXSECRETLEN); /* * We've failed to authenticate ourselves to our peer. * He'll probably take the link down, and there's not much @@ -390,8 +399,8 @@ auth_withpeer_success(unit, protocol) bit = CHAP_WITHPEER; break; case PPP_PAP: - if (passwd_from_file) - BZERO(passwd, MAXSECRETLEN); + if (passwd_from_file) + BZERO(passwd, MAXSECRETLEN); bit = PAP_WITHPEER; break; default: @@ -416,8 +425,21 @@ void np_up(unit, proto) int unit, proto; { - if (num_np_up == 0 && idle_time_limit > 0) { - TIMEOUT(check_idle, NULL, idle_time_limit); + if (num_np_up == 0) { + /* + * At this point we consider that the link has come up successfully. + */ + need_holdoff = 0; + + if (idle_time_limit > 0) + TIMEOUT(check_idle, NULL, idle_time_limit); + + /* + * Set a timeout to close the connection once the maximum + * connect time has expired. + */ + if (maxconnect > 0) + TIMEOUT(connect_time_expired, 0, maxconnect); } ++num_np_up; } @@ -464,7 +486,6 @@ check_idle(arg) if (itime >= idle_time_limit) { /* link is idle: shut it down. */ syslog(LOG_INFO, "Terminating connection due to lack of activity."); - need_holdoff = 0; lcp_close(0, "Link inactive"); } else { TIMEOUT(check_idle, NULL, idle_time_limit - itime); @@ -472,6 +493,17 @@ check_idle(arg) } /* + * connect_time_expired - log a message and close the connection. + */ +static void +connect_time_expired(arg) + caddr_t arg; +{ + syslog(LOG_INFO, "Connect time expired"); + lcp_close(0, "Connect time expired"); /* Close connection */ +} + +/* * auth_check_options - called to check authentication options. */ void @@ -500,17 +532,17 @@ auth_check_options() */ can_auth = wo->neg_upap && (uselogin || have_pap_secret()); if (!can_auth && wo->neg_chap) { - remote = ipwo->accept_remote? 0: ipwo->hisaddr; - can_auth = have_chap_secret(remote_name, our_name, remote); + remote = ipwo->accept_remote? 0: ipwo->hisaddr; + can_auth = have_chap_secret(remote_name, our_name, remote); } if (auth_required && !can_auth) { - option_error("peer authentication required but no suitable secret(s) found\n"); - if (remote_name[0] == 0) - option_error("for authenticating any peer to us (%s)\n", our_name); - else - option_error("for authenticating peer %s to us (%s)\n", - remote_name, our_name); + option_error("peer authentication required but no suitable secret(s) found\n"); + if (remote_name[0] == 0) + option_error("for authenticating any peer to us (%s)\n", our_name); + else + option_error("for authenticating peer %s to us (%s)\n", + remote_name, our_name); exit(1); } @@ -523,9 +555,9 @@ auth_check_options() option_error("can't override device name when noauth option used"); exit(1); } - if (connector != NULL && connector_info.priv == 0 - || disconnector != NULL && disconnector_info.priv == 0 - || welcomer != NULL && welcomer_info.priv == 0) { + if ((connector != NULL && connector_info.priv == 0) + || (disconnector != NULL && disconnector_info.priv == 0) + || (welcomer != NULL && welcomer_info.priv == 0)) { option_error("can't override connect, disconnect or welcome"); option_error("option values when noauth option used"); exit(1); @@ -546,17 +578,17 @@ auth_reset(unit) lcp_options *ao = &lcp_allowoptions[0]; ipcp_options *ipwo = &ipcp_wantoptions[0]; u_int32_t remote; - + ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); ao->neg_chap = !refuse_chap && have_chap_secret(user, remote_name, (u_int32_t)0); - + if (go->neg_upap && !uselogin && !have_pap_secret()) - go->neg_upap = 0; + go->neg_upap = 0; if (go->neg_chap) { - remote = ipwo->accept_remote? 0: ipwo->hisaddr; - if (!have_chap_secret(remote_name, our_name, remote)) - go->neg_chap = 0; + remote = ipwo->accept_remote? 0: ipwo->hisaddr; + if (!have_chap_secret(remote_name, our_name, remote)) + go->neg_chap = 0; } } @@ -614,7 +646,6 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); ret = UPAP_AUTHNAK; } - } else { check_access(f, filename); remote = ipwo->accept_remote? 0: ipwo->hisaddr; @@ -656,94 +687,30 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) } else { attempts = 0; /* Reset count */ - if (*msg == (char *) 0) + if (*msg == (char *) 0) *msg = "Login ok"; *msglen = strlen(*msg); - if (addresses[unit] != NULL) - free_wordlist(addresses[unit]); - addresses[unit] = addrs; + set_allowed_addrs(unit, addrs); } - BZERO(passwd, sizeof(passwd)); + BZERO(passwd, sizeof(passwd)); BZERO(secret, sizeof(secret)); return ret; } -#ifdef HAS_SHADOW -/************** - * This function was lifted from the shadow-3.3.2 version by John Haugh II. - * It is included because the function was not in the standard libshadow - * library. If it is included in the library then I can remove it from here. - */ - -#define DAY (24L*3600L) -/* - * isexpired - determine if account is expired yet - * - * isexpired calculates the expiration date based on the - * password expiration criteria. - */ - -/*ARGSUSED*/ -int -isexpired (pw, sp) -struct passwd *pw; -struct spwd *sp; -{ - long clock; - - clock = time ((time_t *) 0) / DAY; - - /* - * Quick and easy - there is an expired account field - * along with an inactive account field. Do the expired - * one first since it is worse. - */ - - if (sp->sp_expire > 0 && sp->sp_expire < clock) - return 3; - - if (sp->sp_inact > 0 && sp->sp_lstchg > 0 && sp->sp_max > 0 && - sp->sp_inact + sp->sp_lstchg + sp->sp_max < clock) - return 2; - - /* - * The last and max fields must be present for an account - * to have an expired password. A maximum of >10000 days - * is considered to be infinite. - */ - - if (sp->sp_lstchg == -1 || - sp->sp_max == -1 || sp->sp_max >= 10000L) - return 0; - - /* - * Calculate today's day and the day on which the password - * is going to expire. If that date has already passed, - * the password has expired. - */ - - if (sp->sp_lstchg + sp->sp_max < clock) - return 1; - - return 0; -} -#endif - /* * This function is needed for PAM. However, it should not be called. * If it is, return the error code. */ - + #ifdef USE_PAM static int pam_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) + struct pam_response **resp, void *appdata_ptr) { return PAM_CONV_ERR; } -#endif - +#endif /* * login - Check the user name and password against the system @@ -775,13 +742,13 @@ login(user, passwd, msg, msglen) */ memset (&pam_conversation, '\0', sizeof (struct pam_conv)); pam_conversation.conv = &pam_conv; - + pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); if (pam_error != PAM_SUCCESS) { - *msg = (char *) pam_strerror (pam_error); - return UPAP_AUTHNAK; + *msg = (char *) pam_strerror (pam_error); + return UPAP_AUTHNAK; } -/* +/* * Define the fields for the credintial validation */ (void) pam_set_item (pamh, PAM_AUTHTOK, passwd); @@ -792,34 +759,34 @@ login(user, passwd, msg, msglen) pam_error = pam_authenticate (pamh, PAM_SILENT); if (pam_error == PAM_SUCCESS) pam_error = pam_acct_mgmt (pamh, PAM_SILENT); - + *msg = (char *) pam_strerror (pam_error); /* * Clean up the mess */ (void) pam_end (pamh, pam_error); - + if (pam_error != PAM_SUCCESS) return UPAP_AUTHNAK; -/* +/* * Use the non-PAM methods directly */ #else /* #ifdef USE_PAM */ - + struct passwd *pw; - char *epasswd; - + #ifdef HAS_SHADOW struct spwd *spwd; struct spwd *getspnam(); + extern int isexpired (struct passwd *, struct spwd *); /* in libshadow.a */ #endif - + pw = getpwnam(user); if (pw == NULL) { - return (UPAP_AUTHNAK); - } - -#ifdef HAS_SHADOW + return (UPAP_AUTHNAK); + } + +#ifdef HAS_SHADOW spwd = getspnam(user); endspent(); if (spwd) { @@ -828,20 +795,18 @@ login(user, passwd, msg, msglen) syslog(LOG_WARNING,"Expired password for %s",user); return (UPAP_AUTHNAK); } - pw->pw_passwd = spwd->sp_pwdp; + pw->pw_passwd = spwd->sp_pwdp; } #endif - + /* - * XXX If no passwd, let them login without one. + * If no passwd, don't let them login. */ - if (pw->pw_passwd != NULL && *pw->pw_passwd != '\0') { - epasswd = crypt(passwd, pw->pw_passwd); - if (strcmp(epasswd, pw->pw_passwd) != 0) { - return (UPAP_AUTHNAK); - } - } -#endif /* #ifdef USE_PAM */ + if (pw->pw_passwd == NULL || *pw->pw_passwd == '\0' + || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) + return (UPAP_AUTHNAK); + +#endif /* #ifdef USE_PAM */ syslog(LOG_INFO, "user %s logged in", user); @@ -903,11 +868,10 @@ null_login(unit) ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0; BZERO(secret, sizeof(secret)); - if (ret) { - if (addresses[unit] != NULL) - free_wordlist(addresses[unit]); - addresses[unit] = addrs; - } + if (ret) + set_allowed_addrs(unit, addrs); + else + free_wordlist(addrs); fclose(f); return ret; @@ -925,6 +889,7 @@ get_pap_passwd(passwd) { char *filename; FILE *f; + int ret; struct wordlist *addrs; char secret[MAXWORDLEN]; @@ -934,17 +899,16 @@ get_pap_passwd(passwd) if (f == NULL) return 0; check_access(f, filename); - if (scan_authfile(f, user, - remote_name[0]? remote_name: NULL, - (u_int32_t)0, secret, NULL, filename) < 0) { - fclose(f); - return 0; - } + ret = scan_authfile(f, user, + remote_name[0]? remote_name: NULL, + (u_int32_t)0, secret, NULL, filename); fclose(f); + if (ret < 0) + return 0; if (passwd != NULL) { - strncpy(passwd, secret, MAXSECRETLEN); - passwd[MAXSECRETLEN-1] = 0; - } + strncpy(passwd, secret, MAXSECRETLEN - 1); + passwd[MAXSECRETLEN - 1] = '\0'; + } BZERO(secret, sizeof(secret)); return 1; } @@ -1050,11 +1014,8 @@ get_secret(unit, client, server, secret, secret_len, save_addrs) if (ret < 0) return 0; - if (save_addrs) { - if (addresses[unit] != NULL) - free_wordlist(addresses[unit]); - addresses[unit] = addrs; - } + if (save_addrs) + set_allowed_addrs(unit, addrs); len = strlen(secbuf); if (len > MAXSECRETLEN) { @@ -1069,6 +1030,41 @@ get_secret(unit, client, server, secret, secret_len, save_addrs) } /* + * set_allowed_addrs() - set the list of allowed addresses. + */ +static void +set_allowed_addrs(unit, addrs) + int unit; + struct wordlist *addrs; +{ + if (addresses[unit] != NULL) + free_wordlist(addresses[unit]); + addresses[unit] = addrs; + + /* + * If there's only one authorized address we might as well + * ask our peer for that one right away + */ + if (addrs != NULL && addrs->next == NULL) { + char *p = addrs->word; + struct ipcp_options *wo = &ipcp_wantoptions[unit]; + u_int32_t a; + struct hostent *hp; + + if (wo->hisaddr == 0 && *p != '!' && *p != '-' + && strchr(p, '/') == NULL) { + hp = gethostbyname(p); + if (hp != NULL && hp->h_addrtype == AF_INET) + a = *(u_int32_t *)hp->h_addr; + else + a = inet_addr(p); + if (a != (u_int32_t) -1) + wo->hisaddr = a; + } + } +} + +/* * auth_ip_addr - check whether the peer is authorized to use * a given IP address. Returns 1 if authorized, 0 otherwise. */ @@ -1097,13 +1093,15 @@ ip_addr_check(addr, addrs) return 0; if (addrs == NULL) - return 1; /* no restriction */ + return !auth_required; /* no addresses authorized */ for (; addrs != NULL; addrs = addrs->next) { - /* "-" means no addresses authorized */ + /* "-" means no addresses authorized, "*" means any address allowed */ ptr_word = addrs->word; if (strcmp(ptr_word, "-") == 0) break; + if (strcmp(ptr_word, "*") == 0) + return 1; accept = 1; if (*ptr_word == '!') { @@ -1157,6 +1155,8 @@ ip_addr_check(addr, addrs) "unknown host %s in auth. address list", addrs->word); else + /* Here ina.s_addr and addr are in network byte order, + and mask is in host order. */ if (((addr ^ ina.s_addr) & htonl(mask)) == 0) return accept; } @@ -1202,7 +1202,7 @@ check_access(f, filename) * NONWILD_CLIENT set if the secret didn't have "*" for the client, and * NONWILD_SERVER set if the secret didn't have "*" for the server. * Any following words on the line (i.e. address authorization - * info) are placed in a wordlist and returned in *addrs. + * info) are placed in a wordlist and returned in *addrs. */ static int scan_authfile(f, client, server, ipaddr, secret, addrs, filename) @@ -1375,17 +1375,17 @@ auth_script(script) char strspeed[32]; struct passwd *pw; char struid[32]; - char *user_name; + char *user_name; char *argv[8]; - + if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) - user_name = pw->pw_name; + user_name = pw->pw_name; else { - sprintf(struid, "%d", getuid()); - user_name = struid; + sprintf(struid, "%d", getuid()); + user_name = struid; } sprintf(strspeed, "%d", baud_rate); - + argv[0] = script; argv[1] = ifname; argv[2] = peer_authname; @@ -1393,7 +1393,6 @@ auth_script(script) argv[4] = devnam; argv[5] = strspeed; argv[6] = NULL; - + run_program(script, argv, 0); } - diff --git a/usr.sbin/pppd/cbcp.c b/usr.sbin/pppd/cbcp.c index 2ee07283e50..6c98ff29232 100644 --- a/usr.sbin/pppd/cbcp.c +++ b/usr.sbin/pppd/cbcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cbcp.c,v 1.1 1996/12/23 13:22:37 mickey Exp $ */ +/* $OpenBSD: cbcp.c,v 1.2 1997/09/05 04:32:33 millert Exp $ */ /* * cbcp - Call Back Configuration Protocol. @@ -21,7 +21,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: cbcp.c,v 1.1 1996/12/23 13:22:37 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: cbcp.c,v 1.2 1997/04/30 05:50:26 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: cbcp.c,v 1.2 1997/09/05 04:32:33 millert Exp $"; +#endif #endif #include <stdio.h> @@ -70,11 +74,11 @@ cbcp_state cbcp[NUM_PPP]; /* internal prototypes */ -static void cbcp_recvreq(cbcp_state *us, char *pckt, int len); -static void cbcp_resp(cbcp_state *us); -static void cbcp_up(cbcp_state *us); -static void cbcp_recvack(cbcp_state *us, char *pckt, int len); -static void cbcp_send(cbcp_state *us, u_char code, u_char *buf, int len); +static void cbcp_recvreq __P((cbcp_state *us, char *pckt, int len)); +static void cbcp_resp __P((cbcp_state *us)); +static void cbcp_up __P((cbcp_state *us)); +static void cbcp_recvack __P((cbcp_state *us, char *pckt, int len)); +static void cbcp_send __P((cbcp_state *us, u_char code, u_char *buf, int len)); /* init state */ static void @@ -191,9 +195,7 @@ cbcp_printpkt(p, plen, printer, arg) void *arg; { int code, opt, id, len, olen, delay; - u_char *pstart, *optend; - u_short cishort; - u_long cilong; + u_char *pstart; if (plen < HEADERLEN) return 0; @@ -362,7 +364,7 @@ cbcp_resp(us) PUTCHAR(len , bufp); PUTCHAR(0, bufp); cbcp_send(us, CBCP_RESP, buf, len); - ipcp_open(us->us_unit); + (*ipcp_protent.open)(us->us_unit); return; } } @@ -430,5 +432,5 @@ cbcp_up(us) cbcp_state *us; { persist = 0; - lcp_close(0,0); + lcp_close(0, "Call me back, please"); } diff --git a/usr.sbin/pppd/ccp.c b/usr.sbin/pppd/ccp.c index 35d19385240..19dc97ad8a5 100644 --- a/usr.sbin/pppd/ccp.c +++ b/usr.sbin/pppd/ccp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp.c,v 1.5 1996/12/23 13:22:38 mickey Exp $ */ +/* $OpenBSD: ccp.c,v 1.6 1997/09/05 04:32:34 millert Exp $ */ /* * ccp.c - PPP Compression Control Protocol. @@ -28,7 +28,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: ccp.c,v 1.5 1996/12/23 13:22:38 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: ccp.c,v 1.21 1997/05/22 06:45:59 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: ccp.c,v 1.6 1997/09/05 04:32:34 millert Exp $"; +#endif #endif #include <string.h> @@ -53,8 +57,8 @@ static void ccp_lowerdown __P((int)); static void ccp_input __P((int unit, u_char *pkt, int len)); static void ccp_protrej __P((int unit)); static int ccp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); + void (*printer) __P((void *, char *, ...)), + void *arg)); static void ccp_datainput __P((int unit, u_char *pkt, int len)); struct protent ccp_protent = { @@ -65,7 +69,7 @@ struct protent ccp_protent = { ccp_lowerup, ccp_lowerdown, ccp_open, - ccp_close, + ccp_close, ccp_printpkt, ccp_datainput, 1, @@ -94,7 +98,7 @@ static int ccp_reqci __P((fsm *, u_char *, int *, int)); static void ccp_up __P((fsm *)); static void ccp_down __P((fsm *)); static int ccp_extcode __P((fsm *, int, int, u_char *, int)); -static void ccp_rack_timeout __P(()); +static void ccp_rack_timeout __P((caddr_t)); static char *method_name __P((ccp_options *, ccp_options *)); static fsm_callbacks ccp_callbacks = { @@ -528,7 +532,7 @@ ccp_nakci(f, p, len) || p[3] != DEFLATE_CHK_SEQUENCE) try.deflate = 0; else if (DEFLATE_SIZE(p[2]) < go->deflate_size) - go->deflate_size = DEFLATE_SIZE(p[2]); + try.deflate_size = DEFLATE_SIZE(p[2]); p += CILEN_DEFLATE; len -= CILEN_DEFLATE; } @@ -674,8 +678,9 @@ ccp_reqci(f, p, lenp, dont_nak) if (!dont_nak) { p[2] = DEFLATE_MAKE_OPT(ao->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; - } - break; + /* fall through to test this #bits below */ + } else + break; } /* @@ -712,9 +717,11 @@ ccp_reqci(f, p, lenp, dont_nak) if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION || nb > ao->bsd_bits || nb < BSD_MIN_BITS) { newret = CONFNAK; - if (!dont_nak) + if (!dont_nak) { p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, ao->bsd_bits); - break; + /* fall through to test this #bits below */ + } else + break; } /* @@ -774,7 +781,7 @@ ccp_reqci(f, p, lenp, dont_nak) if (newret == CONFNAK && dont_nak) newret = CONFREJ; - if (!(newret == CONFACK || newret == CONFNAK && ret == CONFREJ)) { + if (!(newret == CONFACK || (newret == CONFNAK && ret == CONFREJ))) { /* we're returning this option */ if (newret == CONFREJ && ret == CONFNAK) retp = p0; @@ -805,34 +812,34 @@ method_name(opt, opt2) ccp_options *opt, *opt2; { static char result[64]; - + if (!ANY_COMPRESS(*opt)) - return "(none)"; + return "(none)"; switch (opt->method) { case CI_DEFLATE: - if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) - sprintf(result, "Deflate (%d/%d)", opt->deflate_size, - opt2->deflate_size); - else - sprintf(result, "Deflate (%d)", opt->deflate_size); - break; + if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) + sprintf(result, "Deflate (%d/%d)", opt->deflate_size, + opt2->deflate_size); + else + sprintf(result, "Deflate (%d)", opt->deflate_size); + break; case CI_BSD_COMPRESS: - if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) - sprintf(result, "BSD-Compress (%d/%d)", opt->bsd_bits, - opt2->bsd_bits); - else - sprintf(result, "BSD-Compress (%d)", opt->bsd_bits); - break; + if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) + sprintf(result, "BSD-Compress (%d/%d)", opt->bsd_bits, + opt2->bsd_bits); + else + sprintf(result, "BSD-Compress (%d)", opt->bsd_bits); + break; case CI_PREDICTOR_1: - return "Predictor 1"; + return "Predictor 1"; case CI_PREDICTOR_2: - return "Predictor 2"; + return "Predictor 2"; default: - sprintf(result, "Method %d", opt->method); + sprintf(result, "Method %d", opt->method); } return result; } - + /* * CCP has come up - inform the kernel driver and log a message. */ @@ -842,27 +849,26 @@ ccp_up(f) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options *ho = &ccp_hisoptions[f->unit]; - char method1[64]; - + ccp_flags_set(f->unit, 1, 1); if (ANY_COMPRESS(*go)) { - if (ANY_COMPRESS(*ho)) { - if (go->method == ho->method) { - syslog(LOG_NOTICE, "%s compression enabled", - method_name(go, ho)); - } else { - strcpy(method1, method_name(go, NULL)); - syslog(LOG_NOTICE, "%s / %s compression enabled", - method1, method_name(ho, NULL)); - } - } else - syslog(LOG_NOTICE, "%s receive compression enabled", - method_name(go, NULL)); + if (ANY_COMPRESS(*ho)) { + if (go->method == ho->method) { + syslog(LOG_NOTICE, "%s compression enabled", + method_name(go, ho)); + } else { + strcpy(method1, method_name(go, NULL)); + syslog(LOG_NOTICE, "%s / %s compression enabled", + method1, method_name(ho, NULL)); + } + } else + syslog(LOG_NOTICE, "%s receive compression enabled", + method_name(go, NULL)); } else if (ANY_COMPRESS(*ho)) - syslog(LOG_NOTICE, "%s transmit compression enabled", - method_name(ho, NULL)); -} + syslog(LOG_NOTICE, "%s transmit compression enabled", + method_name(ho, NULL)); +} /* * CCP has gone down - inform the kernel driver. @@ -969,13 +975,12 @@ ccp_printpkt(p, plen, printer, arg) case TERMACK: case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - print_string(p, len, printer, arg); - p += len; - len = 0; - } - break; - + if (len > 0 && *p >= ' ' && *p < 0x7f) { + print_string(p, len, printer, arg); + p += len; + len = 0; + } + break; } /* dump out the rest of the packet in hex */ diff --git a/usr.sbin/pppd/ccp.h b/usr.sbin/pppd/ccp.h index 95bf811035f..169efe213af 100644 --- a/usr.sbin/pppd/ccp.h +++ b/usr.sbin/pppd/ccp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ccp.h,v 1.3 1996/07/20 12:02:05 joshd Exp $ */ +/* $OpenBSD: ccp.h,v 1.4 1997/09/05 04:32:34 millert Exp $ */ /* * ccp.h - Definitions for PPP Compression Control Protocol. @@ -25,6 +25,8 @@ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, * OR MODIFICATIONS. + * + * Id: ccp.h,v 1.7 1996/07/01 01:11:49 paulus Exp */ typedef struct ccp_options { @@ -34,7 +36,7 @@ typedef struct ccp_options { u_int predictor_2: 1; /* do Predictor-2? */ u_short bsd_bits; /* # bits/code for BSD Compress */ u_short deflate_size; /* lg(window size) for Deflate */ - short method; /* code for chosen compression method */ + short method; /* code for chosen compression method */ } ccp_options; extern fsm ccp_fsm[]; diff --git a/usr.sbin/pppd/chap.c b/usr.sbin/pppd/chap.c index bc22d59d169..59ed468d4db 100644 --- a/usr.sbin/pppd/chap.c +++ b/usr.sbin/pppd/chap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chap.c,v 1.5 1997/01/03 20:32:11 millert Exp $ */ +/* $OpenBSD: chap.c,v 1.6 1997/09/05 04:32:35 millert Exp $ */ /* * chap.c - Challenge Handshake Authentication Protocol. @@ -36,7 +36,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: chap.c,v 1.5 1997/01/03 20:32:11 millert Exp $"; +#if 0 +static char rcsid[] = "Id: chap.c,v 1.14 1997/04/30 05:51:08 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: chap.c,v 1.6 1997/09/05 04:32:35 millert Exp $"; +#endif #endif /* @@ -56,7 +60,7 @@ static char rcsid[] = "$OpenBSD: chap.c,v 1.5 1997/01/03 20:32:11 millert Exp $" #ifdef CHAPMS #include "chap_ms.h" #endif - + /* * Protocol entry points. */ @@ -74,7 +78,7 @@ struct protent chap_protent = { ChapInput, ChapProtocolReject, ChapLowerUp, - ChapLowerDown, + ChapLowerDown, NULL, NULL, ChapPrintPkt, @@ -86,12 +90,12 @@ struct protent chap_protent = { NULL }; - chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */ static void ChapChallengeTimeout __P((caddr_t)); static void ChapResponseTimeout __P((caddr_t)); static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int)); +static void ChapRechallenge __P((caddr_t)); static void ChapReceiveResponse __P((chap_state *, u_char *, int, int)); static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int)); static void ChapReceiveFailure __P((chap_state *, u_char *, int, int)); @@ -146,7 +150,7 @@ ChapAuthWithPeer(unit, our_name, digest) /* * We get here as a result of LCP coming up. - * So even if CHAP was open before, we will + * So even if CHAP was open before, we will * have to re-authenticate ourselves. */ cstate->clientstate = CHAPCS_LISTEN; @@ -163,7 +167,7 @@ ChapAuthPeer(unit, our_name, digest) int digest; { chap_state *cstate = &chap[unit]; - + cstate->chal_name = our_name; cstate->chal_type = digest; @@ -188,7 +192,7 @@ ChapChallengeTimeout(arg) caddr_t arg; { chap_state *cstate = (chap_state *) arg; - + /* if we aren't sending challenges, don't worry. then again we */ /* probably shouldn't be here either */ if (cstate->serverstate != CHAPSS_INITIAL_CHAL && @@ -253,7 +257,7 @@ ChapLowerUp(unit) int unit; { chap_state *cstate = &chap[unit]; - + if (cstate->clientstate == CHAPCS_INITIAL) cstate->clientstate = CHAPCS_CLOSED; else if (cstate->clientstate == CHAPCS_PENDING) @@ -279,7 +283,7 @@ ChapLowerDown(unit) int unit; { chap_state *cstate = &chap[unit]; - + /* Timeout(s) pending? Cancel if so. */ if (cstate->serverstate == CHAPSS_INITIAL_CHAL || cstate->serverstate == CHAPSS_RECHALLENGE) @@ -327,7 +331,7 @@ ChapInput(unit, inpacket, packet_len) u_char *inp; u_char code, id; int len; - + /* * Parse header (code, id and length). * If packet too short, drop it. @@ -349,7 +353,7 @@ ChapInput(unit, inpacket, packet_len) return; } len -= CHAP_HEADERLEN; - + /* * Action depends on code (as in fact it usually does :-). */ @@ -357,11 +361,11 @@ ChapInput(unit, inpacket, packet_len) case CHAP_CHALLENGE: ChapReceiveChallenge(cstate, inp, id, len); break; - + case CHAP_RESPONSE: ChapReceiveResponse(cstate, inp, id, len); break; - + case CHAP_FAILURE: ChapReceiveFailure(cstate, inp, id, len); break; @@ -393,7 +397,8 @@ ChapReceiveChallenge(cstate, inp, id, len) char secret[MAXSECRETLEN]; char rhostname[256]; MD5_CTX mdContext; - + u_char hash[MD5_SIGNATURE_SIZE]; + CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id)); if (cstate->clientstate == CHAPCS_CLOSED || cstate->clientstate == CHAPCS_PENDING) { @@ -425,10 +430,11 @@ ChapReceiveChallenge(cstate, inp, id, len) rhostname)); /* Microsoft doesn't send their name back in the PPP packet */ - if (rhostname[0] == 0 && cstate->resp_type == CHAP_MICROSOFT) { - strcpy(rhostname, remote_name); - CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name", - rhostname)); + if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) { + strncpy(rhostname, remote_name, sizeof(rhostname) - 1); + rhostname[sizeof(rhostname) - 1] = 0; + CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name", + rhostname)); } /* get secret for authenticating ourselves with the specified host */ @@ -447,21 +453,22 @@ ChapReceiveChallenge(cstate, inp, id, len) cstate->resp_transmits = 0; /* generate MD based on negotiated type */ - switch (cstate->resp_type) { + switch (cstate->resp_type) { case CHAP_DIGEST_MD5: MD5Init(&mdContext); MD5Update(&mdContext, &cstate->resp_id, 1); MD5Update(&mdContext, secret, secret_len); MD5Update(&mdContext, rchallenge, rchallenge_len); - MD5Final(cstate->response, &mdContext); + MD5Final(hash, &mdContext); + BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE); cstate->resp_length = MD5_SIGNATURE_SIZE; break; #ifdef CHAPMS - case CHAP_MICROSOFT: - ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len); - break; + case CHAP_MICROSOFT: + ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len); + break; #endif default: @@ -490,7 +497,7 @@ ChapReceiveResponse(cstate, inp, id, len) char rhostname[256]; MD5_CTX mdContext; char secret[MAXSECRETLEN]; - unsigned char digest[MD5_SIGNATURE_SIZE]; + u_char hash[MD5_SIGNATURE_SIZE]; CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id)); @@ -554,7 +561,7 @@ ChapReceiveResponse(cstate, inp, id, len) } else { /* generate MD based on negotiated type */ - switch (cstate->chal_type) { + switch (cstate->chal_type) { case CHAP_DIGEST_MD5: /* only MD5 is defined for now */ if (remmd_len != MD5_SIGNATURE_SIZE) @@ -563,10 +570,10 @@ ChapReceiveResponse(cstate, inp, id, len) MD5Update(&mdContext, &cstate->chal_id, 1); MD5Update(&mdContext, secret, secret_len); MD5Update(&mdContext, cstate->challenge, cstate->chal_len); - MD5Final(digest, &mdContext); + MD5Final(hash, &mdContext); /* compare local and remote MDs and send the appropriate status */ - if (memcmp (digest, remmd, MD5_SIGNATURE_SIZE) == 0) + if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) code = CHAP_SUCCESS; /* they are the same! */ break; @@ -693,7 +700,7 @@ ChapSendChallenge(cstate) BCOPY(cstate->chal_name, outp, name_len); /* append hostname */ output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); - + CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id)); TIMEOUT(ChapChallengeTimeout, (caddr_t) cstate, cstate->timeouttime); @@ -723,13 +730,13 @@ ChapSendStatus(cstate, code) outp = outpacket_buf; MAKEHEADER(outp, PPP_CHAP); /* paste in a header */ - + PUTCHAR(code, outp); PUTCHAR(cstate->chal_id, outp); PUTSHORT(outlen, outp); BCOPY(msg, outp, msglen); output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); - + CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code, cstate->chal_id)); } @@ -749,8 +756,8 @@ ChapGenChallenge(cstate) u_char *ptr = cstate->challenge; unsigned int i; - /* pick a random challenge length between MIN_CHALLENGE_LENGTH and - MAX_CHALLENGE_LENGTH */ + /* pick a random challenge length between MIN_CHALLENGE_LENGTH and + MAX_CHALLENGE_LENGTH */ chal_len = (unsigned) ((drand48() * (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) + MIN_CHALLENGE_LENGTH); diff --git a/usr.sbin/pppd/chap.h b/usr.sbin/pppd/chap.h index a0839748f3e..115ea46d0d2 100644 --- a/usr.sbin/pppd/chap.h +++ b/usr.sbin/pppd/chap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: chap.h,v 1.5 1996/12/23 13:22:39 mickey Exp $ */ +/* $OpenBSD: chap.h,v 1.6 1997/09/05 04:32:35 millert Exp $ */ /* * chap.h - Challenge Handshake Authentication Protocol definitions. @@ -31,6 +31,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: chap.h,v 1.7 1996/10/08 06:43:27 paulus Exp */ #ifndef __CHAP_INCLUDE__ @@ -44,8 +46,8 @@ #define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */ #define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */ -#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */ -#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ +#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */ +#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ #define CHAP_CHALLENGE 1 #define CHAP_RESPONSE 2 diff --git a/usr.sbin/pppd/chap_ms.c b/usr.sbin/pppd/chap_ms.c index 7eed95b894b..88b923fd696 100644 --- a/usr.sbin/pppd/chap_ms.c +++ b/usr.sbin/pppd/chap_ms.c @@ -1,3 +1,5 @@ +/* $OpenBSD: chap_ms.c,v 1.3 1997/09/05 04:32:36 millert Exp $ */ + /* * chap_ms.c - Microsoft MS-CHAP compatible implementation. * @@ -20,10 +22,27 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997 + * + * Implemented LANManager type password response to MS-CHAP challenges. + * Now pppd provides both NT style and LANMan style blocks, and the + * prefered is set by option "ms-lanman". Default is to use NT. + * The hash text (StdText) was taken from Win95 RASAPI32.DLL. + * + * You should also use DOMAIN\\USERNAME as described in README.MSCHAP80 + */ + #ifndef lint -static char rcsid[] = "$Id: chap_ms.c,v 1.2 1997/01/03 20:42:04 millert Exp $"; +#if 0 +static char rcsid[] = "Id: chap_ms.c,v 1.4 1997/05/22 06:46:19 paulus Exp"; +#else +static char rcsid[] = "$Id: chap_ms.c,v 1.3 1997/09/05 04:32:36 millert Exp $"; +#endif #endif +#ifdef CHAPMS + #include <stdio.h> #include <sys/types.h> #include <sys/time.h> @@ -34,9 +53,9 @@ static char rcsid[] = "$Id: chap_ms.c,v 1.2 1997/01/03 20:42:04 millert Exp $"; #include "chap.h" #include "chap_ms.h" - -#ifdef CHAPMS +#ifndef USE_CRYPT #include <des.h> +#endif typedef struct { u_char LANManResp[24]; @@ -50,6 +69,10 @@ typedef struct { static void DesEncrypt __P((u_char *, u_char *, u_char *)); static void MakeKey __P((u_char *, u_char *)); +#ifdef USE_CRYPT +static void Expand __P((u_char *, u_char *)); +static void Collapse __P((u_char *, u_char *)); +#endif static void ChallengeResponse(challenge, pwHash, response) @@ -63,7 +86,7 @@ ChallengeResponse(challenge, pwHash, response) BCOPY(pwHash, ZPasswordHash, 16); #if 0 - log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash"); + log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash", LOG_DEBUG); #endif DesEncrypt(challenge, ZPasswordHash + 0, response + 0); @@ -71,11 +94,44 @@ ChallengeResponse(challenge, pwHash, response) DesEncrypt(challenge, ZPasswordHash + 14, response + 16); #if 0 - log_packet(response, 24, "ChallengeResponse - response"); + log_packet(response, 24, "ChallengeResponse - response", LOG_DEBUG); #endif } +#ifdef USE_CRYPT +static void +DesEncrypt(clear, key, cipher) + u_char *clear; /* IN 8 octets */ + u_char *key; /* IN 7 octets */ + u_char *cipher; /* OUT 8 octets */ +{ + u_char des_key[8]; + u_char crypt_key[66]; + u_char des_input[66]; + + MakeKey(key, des_key); + + Expand(des_key, crypt_key); + setkey(crypt_key); + +#if 0 + CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X", + clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7])); +#endif + + Expand(clear, des_input); + encrypt(des_input, 0); + Collapse(des_input, cipher); + +#if 0 + CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X", + cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7])); +#endif +} + +#else /* USE_CRYPT */ + static void DesEncrypt(clear, key, cipher) u_char *clear; /* IN 8 octets */ @@ -102,6 +158,8 @@ DesEncrypt(clear, key, cipher) #endif } +#endif /* USE_CRYPT */ + static u_char Get7Bits(input, startBit) u_char *input; @@ -117,6 +175,45 @@ static u_char Get7Bits(input, startBit) return word & 0xFE; } +#ifdef USE_CRYPT + +/* in == 8-byte string (expanded version of the 56-bit key) + * out == 64-byte string where each byte is either 1 or 0 + * Note that the low-order "bit" is always ignored by by setkey() + */ +static void Expand(in, out) + u_char *in; + u_char *out; +{ + int j, c; + int i; + + for(i = 0; i < 64; in++){ + c = *in; + for(j = 7; j >= 0; j--) + *out++ = (c >> j) & 01; + i += 8; + } +} + +/* The inverse of Expand + */ +static void Collapse(in, out) + u_char *in; + u_char *out; +{ + int j; + int i; + unsigned int c; + + for (i = 0; i < 64; i += 8, out++) { + c = 0; + for (j = 7; j >= 0; j--, in++) + c |= *in << j; + *out = c & 0xff; + } +} +#endif static void MakeKey(key, des_key) u_char *key; /* IN 56 bit DES key missing parity bits */ @@ -131,7 +228,9 @@ static void MakeKey(key, des_key) des_key[6] = Get7Bits(key, 42); des_key[7] = Get7Bits(key, 49); +#ifndef USE_CRYPT des_set_odd_parity((des_cblock *)des_key); +#endif #if 0 CHAPDEBUG((LOG_INFO, "MakeKey: 56-bit input : %02X%02X%02X%02X%02X%02X%02X", @@ -141,29 +240,18 @@ static void MakeKey(key, des_key) #endif } -#endif /* CHAPMS */ - - -void -ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len) - chap_state *cstate; +static void +ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, response) char *rchallenge; int rchallenge_len; char *secret; int secret_len; + MS_ChapResponse *response; { -#ifdef CHAPMS int i; MD4_CTX md4Context; - MS_ChapResponse response; u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char digest[16]; - -#if 0 - CHAPDEBUG((LOG_INFO, "ChapMS: secret is '%.*s'", secret_len, secret)); -#endif - - BZERO(&response, sizeof(response)); + u_char hash[16]; /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports 8-bit ISO8859/1 characters. */ @@ -173,13 +261,68 @@ ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len) MD4Init(&md4Context); MD4Update(&md4Context, unicodePassword, secret_len * 2 * 8); /* Unicode is 2 bytes/char, *8 for bit count */ - MD4Final(digest, &md4Context); /* Tell MD4 we're done */ - ChallengeResponse(rchallenge, (char *)digest, response.NTResp); + MD4Final(hash, &md4Context); /* Tell MD4 we're done */ + + ChallengeResponse(rchallenge, (char *)hash, response->NTResp); +} + +#ifdef MSLANMAN +static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */ + +static ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, response) + char *rchallenge; + int rchallenge_len; + char *secret; + int secret_len; + MS_ChapResponse *response; +{ + int i; + u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ + u_char PasswordHash[16]; + /* LANMan password is case insensitive */ + BZERO(UcasePassword, sizeof(UcasePassword)); + for (i = 0; i < secret_len; i++) + UcasePassword[i] = (u_char)toupper(secret[i]); + DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 ); + DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 ); + ChallengeResponse(rchallenge, PasswordHash, response->LANManResp); +} +#endif + +void +ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len) + chap_state *cstate; + char *rchallenge; + int rchallenge_len; + char *secret; + int secret_len; +{ + MS_ChapResponse response; +#ifdef MSLANMAN + extern int ms_lanman; +#endif + +#if 0 + CHAPDEBUG((LOG_INFO, "ChapMS: secret is '%.*s'", secret_len, secret)); +#endif + BZERO(&response, sizeof(response)); + + /* Calculate both always */ + ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, &response); + +#ifdef MSLANMAN + ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, &response); + + /* prefered method is set by option */ + response.UseNT = !ms_lanman; +#else response.UseNT = 1; +#endif BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN); cstate->resp_length = MS_CHAP_RESPONSE_LEN; -#endif /* CHAPMS */ } + +#endif /* CHAPMS */ diff --git a/usr.sbin/pppd/chap_ms.h b/usr.sbin/pppd/chap_ms.h index 6697cba328d..c9e6aa5314c 100644 --- a/usr.sbin/pppd/chap_ms.h +++ b/usr.sbin/pppd/chap_ms.h @@ -1,3 +1,5 @@ +/* $OpenBSD: chap_ms.h,v 1.2 1997/09/05 04:32:36 millert Exp $ */ + /* * chap.h - Challenge Handshake Authentication Protocol definitions. * @@ -19,7 +21,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap_ms.h,v 1.1 1996/07/20 12:02:07 joshd Exp $ + * Id: chap_ms.h,v 1.1 1996/05/28 00:42:31 paulus Exp */ #ifndef __CHAPMS_INCLUDE__ diff --git a/usr.sbin/pppd/demand.c b/usr.sbin/pppd/demand.c index dfe8212a729..f249bceb375 100644 --- a/usr.sbin/pppd/demand.c +++ b/usr.sbin/pppd/demand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: demand.c,v 1.3 1996/12/23 13:22:40 mickey Exp $ */ +/* $OpenBSD: demand.c,v 1.4 1997/09/05 04:32:37 millert Exp $ */ /* * demand.c - Support routines for demand-dialling. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: demand.c,v 1.3 1996/12/23 13:22:40 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: demand.c,v 1.6 1997/04/30 05:51:56 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: demand.c,v 1.4 1997/09/05 04:32:37 millert Exp $"; +#endif #endif #include <stdio.h> @@ -38,12 +42,15 @@ static char rcsid[] = "$OpenBSD: demand.c,v 1.3 1996/12/23 13:22:40 mickey Exp $ #include <sys/stat.h> #include <sys/socket.h> #include <net/if.h> +#ifdef PPP_FILTER +#include <net/bpf.h> +#include <pcap.h> +#endif #include "pppd.h" #include "fsm.h" #include "ipcp.h" #include "lcp.h" -#include "bpf_compile.h" char *frame; int framelen; @@ -88,7 +95,7 @@ demand_conf() ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0); ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0); -#if 0 +#ifdef PPP_FILTER set_filters(&pass_filter, &active_filter); #endif @@ -249,6 +256,10 @@ loop_chars(p, n) * decide whether to bring up the link or not, and, if we want * to transmit this frame later, put it on the pending queue. * Return value is 1 if we need to bring up the link, 0 otherwise. + * We assume that the kernel driver has already applied the + * pass_filter, so we won't get packets it rejected. + * We apply the active_filter to see if we want this packet to + * bring up the link. */ int loop_frame(frame, len) @@ -257,7 +268,7 @@ loop_frame(frame, len) { struct packet *pkt; - /* log_packet(frame, len, "from loop: "); */ + /* log_packet(frame, len, "from loop: ", LOG_DEBUG); */ if (len < PPP_HDRLEN) return 0; if ((PPP_PROTOCOL(frame) & 0x8000) != 0) @@ -321,20 +332,23 @@ active_packet(p, len) { int proto, i; struct protent *protp; - + if (len < PPP_HDRLEN) - return 0; + return 0; proto = PPP_PROTOCOL(p); +#ifdef PPP_FILTER + if (active_filter.bf_len != 0 + && bpf_filter(active_filter.bf_insns, frame, len, len) == 0) + return 0; +#endif for (i = 0; (protp = protocols[i]) != NULL; ++i) { - if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) { - if (!protp->enabled_flag) - return 0; - if (protp->active_pkt == NULL) - return 1; - return (*protp->active_pkt)(p, len); - } + if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) { + if (!protp->enabled_flag) + return 0; + if (protp->active_pkt == NULL) + return 1; + return (*protp->active_pkt)(p, len); + } } - return 0; /* not a supported protocol !!?? */ -} - - + return 0; /* not a supported protocol !!?? */ +} diff --git a/usr.sbin/pppd/fsm.c b/usr.sbin/pppd/fsm.c index af467df0807..a31b3f68d00 100644 --- a/usr.sbin/pppd/fsm.c +++ b/usr.sbin/pppd/fsm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsm.c,v 1.3 1996/07/20 12:02:08 joshd Exp $ */ +/* $OpenBSD: fsm.c,v 1.4 1997/09/05 04:32:37 millert Exp $ */ /* * fsm.c - {Link, IP} Control Protocol Finite State Machine. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: fsm.c,v 1.3 1996/07/20 12:02:08 joshd Exp $"; +#if 0 +static char rcsid[] = "Id: fsm.c,v 1.13 1997/04/30 05:52:17 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: fsm.c,v 1.4 1997/09/05 04:32:37 millert Exp $"; +#endif #endif /* @@ -37,8 +41,6 @@ static char rcsid[] = "$OpenBSD: fsm.c,v 1.3 1996/07/20 12:02:08 joshd Exp $"; #include "pppd.h" #include "fsm.h" -extern char *proto_name(); - static void fsm_timeout __P((caddr_t)); static void fsm_rconfreq __P((fsm *, int, u_char *, int)); static void fsm_rconfack __P((fsm *, int, u_char *, int)); @@ -349,7 +351,7 @@ fsm_input(f, inpacket, l) break; case TERMREQ: - fsm_rtermreq(f, id, inp, len); + fsm_rtermreq(f, id, inp, len); break; case TERMACK: @@ -458,6 +460,7 @@ fsm_rconfack(f, id, inp, len) if( !(f->callbacks->ackci? (*f->callbacks->ackci)(f, inp, len): (len == 0)) ){ /* Ack is bad - ignore it */ + log_packet(inp, len, "Received bad configure-ack: ", LOG_ERR); FSMDEBUG((LOG_INFO, "%s: received bad Ack (length %d)", PROTO_NAME(f), len)); return; @@ -511,7 +514,7 @@ fsm_rconfnakrej(f, code, id, inp, len) u_char *inp; int len; { - int (*proc)(); + int (*proc) __P((fsm *, u_char *, int)); int ret; FSMDEBUG((LOG_INFO, "fsm_rconfnakrej(%s): Rcvd id %d.", @@ -522,6 +525,7 @@ fsm_rconfnakrej(f, code, id, inp, len) proc = (code == CONFNAK)? f->callbacks->nakci: f->callbacks->rejci; if (!proc || !(ret = proc(f, inp, len))) { /* Nak/reject is bad - ignore it */ + log_packet(inp, len, "Received bad configure-nak/rej: ", LOG_ERR); FSMDEBUG((LOG_INFO, "%s: received bad %s (length %d)", PROTO_NAME(f), (code==CONFNAK? "Nak": "reject"), len)); return; @@ -584,11 +588,11 @@ fsm_rtermreq(f, id, p, len) break; case OPENED: - if (len > 0) { - fmtmsg(str, sizeof(str), "%0.*v", len, p); - syslog(LOG_INFO, "%s terminated by peer (%s)", PROTO_NAME(f), str); - } else - syslog(LOG_INFO, "%s terminated by peer", PROTO_NAME(f)); + if (len > 0) { + fmtmsg(str, sizeof(str), "%0.*v", len, p); + syslog(LOG_INFO, "%s terminated by peer (%s)", PROTO_NAME(f), str); + } else + syslog(LOG_INFO, "%s terminated by peer", PROTO_NAME(f)); if (f->callbacks->down) (*f->callbacks->down)(f); /* Inform upper layers */ f->retransmits = 0; diff --git a/usr.sbin/pppd/fsm.h b/usr.sbin/pppd/fsm.h index bf54f43ec84..eac650e57f1 100644 --- a/usr.sbin/pppd/fsm.h +++ b/usr.sbin/pppd/fsm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: fsm.h,v 1.2 1996/03/25 15:55:39 niklas Exp $ */ +/* $OpenBSD: fsm.h,v 1.3 1997/09/05 04:32:38 millert Exp $ */ /* * fsm.h - {Link, IP} Control Protocol Finite State Machine definitions. @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: fsm.h,v 1.7 1997/04/30 05:52:37 paulus Exp */ /* @@ -38,27 +40,8 @@ /* - * Each FSM is described by a fsm_callbacks and a fsm structure. + * Each FSM is described by an fsm structure and fsm callbacks. */ -typedef struct fsm_callbacks { - void (*resetci)(); /* Reset our Configuration Information */ - int (*cilen)(); /* Length of our Configuration Information */ - void (*addci)(); /* Add our Configuration Information */ - int (*ackci)(); /* ACK our Configuration Information */ - int (*nakci)(); /* NAK our Configuration Information */ - int (*rejci)(); /* Reject our Configuration Information */ - int (*reqci)(); /* Request peer's Configuration Information */ - void (*up)(); /* Called when fsm reaches OPENED state */ - void (*down)(); /* Called when fsm leaves OPENED state */ - void (*starting)(); /* Called when we want the lower layer */ - void (*finished)(); /* Called when we don't want the lower layer */ - void (*protreject)(); /* Called when Protocol-Reject received */ - void (*retransmit)(); /* Retransmission is necessary */ - int (*extcode)(); /* Called when unknown code received */ - char *proto_name; /* String name for protocol (for messages) */ -} fsm_callbacks; - - typedef struct fsm { int unit; /* Interface unit number */ int protocol; /* Data Link Layer Protocol field value */ @@ -73,12 +56,45 @@ typedef struct fsm { int maxtermtransmits; /* Maximum Terminate-Request transmissions */ int nakloops; /* Number of nak loops since last ack */ int maxnakloops; /* Maximum number of nak loops tolerated */ - fsm_callbacks *callbacks; /* Callback routines */ + struct fsm_callbacks *callbacks; /* Callback routines */ char *term_reason; /* Reason for closing protocol */ int term_reason_len; /* Length of term_reason */ } fsm; +typedef struct fsm_callbacks { + void (*resetci) /* Reset our Configuration Information */ + __P((fsm *)); + int (*cilen) /* Length of our Configuration Information */ + __P((fsm *)); + void (*addci) /* Add our Configuration Information */ + __P((fsm *, u_char *, int *)); + int (*ackci) /* ACK our Configuration Information */ + __P((fsm *, u_char *, int)); + int (*nakci) /* NAK our Configuration Information */ + __P((fsm *, u_char *, int)); + int (*rejci) /* Reject our Configuration Information */ + __P((fsm *, u_char *, int)); + int (*reqci) /* Request peer's Configuration Information */ + __P((fsm *, u_char *, int *, int)); + void (*up) /* Called when fsm reaches OPENED state */ + __P((fsm *)); + void (*down) /* Called when fsm leaves OPENED state */ + __P((fsm *)); + void (*starting) /* Called when we want the lower layer */ + __P((fsm *)); + void (*finished) /* Called when we don't want the lower layer */ + __P((fsm *)); + void (*protreject) /* Called when Protocol-Reject received */ + __P((int)); + void (*retransmit) /* Retransmission is necessary */ + __P((fsm *)); + int (*extcode) /* Called when unknown code received */ + __P((fsm *, int, int, u_char *, int)); + char *proto_name; /* String name for protocol (for messages) */ +} fsm_callbacks; + + /* * Link states. */ diff --git a/usr.sbin/pppd/ipcp.c b/usr.sbin/pppd/ipcp.c index c0c581702db..dbae923de18 100644 --- a/usr.sbin/pppd/ipcp.c +++ b/usr.sbin/pppd/ipcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcp.c,v 1.4 1996/12/23 13:22:41 mickey Exp $ */ +/* $OpenBSD: ipcp.c,v 1.5 1997/09/05 04:32:38 millert Exp $ */ /* * ipcp.c - PPP IP Control Protocol. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: ipcp.c,v 1.4 1996/12/23 13:22:41 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: ipcp.c,v 1.32 1997/07/14 03:52:56 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: ipcp.c,v 1.5 1997/09/05 04:32:38 millert Exp $"; +#endif #endif /* @@ -98,11 +102,11 @@ static void ipcp_lowerdown __P((int)); static void ipcp_input __P((int, u_char *, int)); static void ipcp_protrej __P((int)); static int ipcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); + void (*) __P((void *, char *, ...)), void *)); static void ip_check_options __P((void)); static int ip_demand_conf __P((int)); static int ip_active_pkt __P((u_char *, int)); - + struct protent ipcp_protent = { PPP_IPCP, ipcp_init, @@ -121,6 +125,7 @@ struct protent ipcp_protent = { ip_active_pkt }; +static void ipcp_clear_addrs __P((int)); /* * Lengths of configuration options. @@ -605,7 +610,7 @@ ipcp_nakci(f, p, len) no.neg_vj = 1; break; case CI_ADDRS: - if (go->neg_addr && go->old_addrs || no.old_addrs + if ((go->neg_addr && go->old_addrs) || no.old_addrs || cilen != CILEN_ADDRS) goto bad; try.neg_addr = 1; @@ -780,7 +785,7 @@ ipcp_reqci(f, inp, len, reject_if_disagree) * Reset all his options. */ BZERO(ho, sizeof(*ho)); - + /* * Process all his options. */ @@ -897,7 +902,7 @@ ipcp_reqci(f, inp, len, reject_if_disagree) wo->req_addr = 0; /* don't NAK with 0.0.0.0 later */ break; } - + ho->neg_addr = 1; ho->hisaddr = ciaddr1; break; @@ -922,7 +927,28 @@ ipcp_reqci(f, inp, len, reject_if_disagree) orc = CONFNAK; } break; - + + case CI_MS_WINS1: + case CI_MS_WINS2: + /* Microsoft primary or secondary WINS request */ + d = citype == CI_MS_WINS2; + IPCPDEBUG((LOG_INFO, "ipcp: received WINS%d Request ", d+1)); + + /* If we do not have a DNS address then we cannot send it */ + if (ao->winsaddr[d] == 0 || + cilen != CILEN_ADDR) { /* Check CI length */ + orc = CONFREJ; /* Reject CI */ + break; + } + GETLONG(tl, p); + if (htonl(tl) != ao->winsaddr[d]) { + DECPTR(sizeof(u_int32_t), p); + tl = ntohl(ao->winsaddr[d]); + PUTLONG(tl, p); + orc = CONFNAK; + } + break; + case CI_COMPRESSTYPE: IPCPDEBUG((LOG_INFO, "ipcp: received COMPRESSTYPE ")); if (!ao->neg_vj || @@ -943,7 +969,7 @@ ipcp_reqci(f, inp, len, reject_if_disagree) ho->vj_protocol = cishort; if (cilen == CILEN_VJ) { GETCHAR(maxslotindex, p); - if (maxslotindex > ao->maxslotindex) { + if (maxslotindex > ao->maxslotindex) { orc = CONFNAK; if (!reject_if_disagree){ DECPTR(1, p); @@ -1065,10 +1091,12 @@ ip_check_options() option_error("remote IP address required for demand-dialling\n"); exit(1); } +#if 0 if (demand && wo->accept_remote) { option_error("ipcp-accept-remote is incompatible with demand\n"); exit(1); } +#endif } @@ -1089,7 +1117,7 @@ ip_demand_conf(u) if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) return 0; if (wo->default_route) - if (sifdefaultroute(u, wo->hisaddr)) + if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) default_route_set[u] = 1; if (wo->proxy_arp) if (sifproxyarp(u, wo->hisaddr)) @@ -1156,15 +1184,37 @@ ipcp_up(f) */ if (demand) { if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { - syslog(LOG_ERR, "Failed to negotiate desired IP addresses"); - ipcp_close(f->unit, "Wrong IP addresses"); - return; + if (go->ouraddr != wo->ouraddr) + syslog(LOG_WARNING, "Local IP address changed to %s", + ip_ntoa(go->ouraddr)); + if (ho->hisaddr != wo->hisaddr) + syslog(LOG_WARNING, "Remote IP address changed to %s", + ip_ntoa(ho->hisaddr)); + ipcp_clear_addrs(f->unit); + + /* Set the interface to the new addresses */ + mask = GetMask(go->ouraddr); + if (!sifaddr(f->unit, go->ouraddr, ho->hisaddr, mask)) { + IPCPDEBUG((LOG_WARNING, "sifaddr failed")); + ipcp_close(f->unit, "Interface configuration failed"); + return; + } + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ + if (ipcp_wantoptions[f->unit].proxy_arp) + if (sifproxyarp(f->unit, ho->hisaddr)) + proxy_arp_set[f->unit] = 1; + } demand_rexmit(PPP_IP); sifnpmode(f->unit, PPP_IP, NPMODE_PASS); } else { - /* * Set IP addresses and (if specified) netmask. */ @@ -1192,11 +1242,11 @@ ipcp_up(f) return; } #endif - sifnpmode(f->unit, PPP_IP, NPMODE_PASS); + sifnpmode(f->unit, PPP_IP, NPMODE_PASS); /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) - if (sifdefaultroute(f->unit, ho->hisaddr)) + if (ipcp_wantoptions[f->unit].default_route) + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) default_route_set[f->unit] = 1; /* Make a proxy ARP entry if requested. */ @@ -1227,8 +1277,6 @@ static void ipcp_down(f) fsm *f; { - u_int32_t ouraddr, hisaddr; - IPCPDEBUG((LOG_INFO, "ipcp: down")); np_down(f->unit, PPP_IP); sifvjcomp(f->unit, 0, 0, 0); @@ -1239,20 +1287,9 @@ ipcp_down(f) */ if (demand) { sifnpmode(f->unit, PPP_IP, NPMODE_QUEUE); - } else { - ouraddr = ipcp_gotoptions[f->unit].ouraddr; - hisaddr = ipcp_hisoptions[f->unit].hisaddr; - if (proxy_arp_set[f->unit]) { - cifproxyarp(f->unit, hisaddr); - proxy_arp_set[f->unit] = 0; - } - if (default_route_set[f->unit]) { - cifdefaultroute(f->unit, hisaddr); - default_route_set[f->unit] = 0; - } sifdown(f->unit); - cifaddr(f->unit, ouraddr, hisaddr); + ipcp_clear_addrs(f->unit); } /* Execute the ip-down script */ @@ -1261,6 +1298,30 @@ ipcp_down(f) /* + * ipcp_clear_addrs() - clear the interface addresses, routes, + * proxy arp entries, etc. + */ +static void +ipcp_clear_addrs(unit) + int unit; +{ + u_int32_t ouraddr, hisaddr; + + ouraddr = ipcp_gotoptions[unit].ouraddr; + hisaddr = ipcp_hisoptions[unit].hisaddr; + if (proxy_arp_set[unit]) { + cifproxyarp(unit, hisaddr); + proxy_arp_set[unit] = 0; + } + if (default_route_set[unit]) { + cifdefaultroute(unit, ouraddr, hisaddr); + default_route_set[unit] = 0; + } + cifaddr(unit, ouraddr, hisaddr); +} + + +/* * ipcp_finished - possibly shut down the lower layers. */ static void @@ -1383,6 +1444,18 @@ ipcp_printpkt(p, plen, printer, arg) printer(arg, "addr %s", ip_ntoa(htonl(cilong))); } break; + case CI_MS_DNS1: + case CI_MS_DNS2: + p += 2; + GETLONG(cilong, p); + printer(arg, "dns-addr %s", ip_ntoa(htonl(cilong))); + break; + case CI_MS_WINS1: + case CI_MS_WINS2: + p += 2; + GETLONG(cilong, p); + printer(arg, "wins-addr %s", ip_ntoa(htonl(cilong))); + break; } while (p < optend) { GETCHAR(code, p); @@ -1394,13 +1467,13 @@ ipcp_printpkt(p, plen, printer, arg) case TERMACK: case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string(p, len, printer, arg); - p += len; - len = 0; - } - break; + if (len > 0 && *p >= ' ' && *p < 0x7f) { + printer(arg, " "); + print_string(p, len, printer, arg); + p += len; + len = 0; + } + break; } /* print the rest of the bytes in the packet */ @@ -1418,11 +1491,11 @@ ipcp_printpkt(p, plen, printer, arg) * with no data. */ #define IP_HDRLEN 20 /* bytes */ -#define IP_OFFMASK 0x1fff +#define IP_OFFMASK 0x1fff #define IPPROTO_TCP 6 #define TCP_HDRLEN 20 #define TH_FIN 0x01 - + /* * We use these macros because the IP header may be at an odd address, * and some compilers might use word loads to get th_off or ip_hl. @@ -1442,21 +1515,20 @@ ip_active_pkt(pkt, len) { u_char *tcp; int hlen; - + len -= PPP_HDRLEN; pkt += PPP_HDRLEN; if (len < IP_HDRLEN) - return 0; + return 0; if ((get_ipoff(pkt) & IP_OFFMASK) != 0) - return 0; + return 0; if (get_ipproto(pkt) != IPPROTO_TCP) - return 1; + return 1; hlen = get_iphl(pkt) * 4; if (len < hlen + TCP_HDRLEN) - return 0; + return 0; tcp = pkt + hlen; if ((get_tcpflags(tcp) & TH_FIN) != 0 && len == hlen + get_tcpoff(tcp) * 4) - return 0; + return 0; return 1; } - diff --git a/usr.sbin/pppd/ipcp.h b/usr.sbin/pppd/ipcp.h index 9b54252b76f..8e3701d5be2 100644 --- a/usr.sbin/pppd/ipcp.h +++ b/usr.sbin/pppd/ipcp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcp.h,v 1.3 1996/07/20 12:02:09 joshd Exp $ */ +/* $OpenBSD: ipcp.h,v 1.4 1997/09/05 04:32:39 millert Exp $ */ /* * ipcp.h - IP Control Protocol definitions. @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: ipcp.h,v 1.10 1997/03/04 03:39:20 paulus Exp */ /* @@ -26,7 +28,9 @@ #define CI_COMPRESSTYPE 2 /* Compression Type */ #define CI_ADDR 3 +#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS1 129 /* Primary DNS value */ +#define CI_MS_WINS2 130 /* Secondary WINS value */ #define CI_MS_DNS2 131 /* Secondary DNS value */ #define MAX_STATES 16 /* from slcompress.h */ @@ -54,6 +58,7 @@ typedef struct ipcp_options { u_char maxslotindex, cflag; /* values for RFC1332 VJ compression neg. */ u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */ u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */ + u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */ } ipcp_options; extern fsm ipcp_fsm[]; diff --git a/usr.sbin/pppd/ipxcp.c b/usr.sbin/pppd/ipxcp.c index 15fec2acbf5..86387bd8add 100644 --- a/usr.sbin/pppd/ipxcp.c +++ b/usr.sbin/pppd/ipxcp.c @@ -1,3 +1,5 @@ +/* $OpenBSD: ipxcp.c,v 1.3 1997/09/05 04:32:39 millert Exp $ */ + /* * ipxcp.c - PPP IPX Control Protocol. * @@ -19,7 +21,11 @@ #ifdef IPX_CHANGE #ifndef lint -static char rcsid[] = "$OpenBSD: ipxcp.c,v 1.2 1996/12/23 13:22:42 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: ipxcp.c,v 1.5 1997/03/04 03:39:32 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: ipxcp.c,v 1.3 1997/09/05 04:32:39 millert Exp $"; +#endif #endif /* @@ -115,7 +121,6 @@ struct protent ipxcp_protent = { NULL }; - /* * Lengths of configuration options. */ @@ -138,6 +143,24 @@ struct protent ipxcp_protent = { #define BIT(num) (1 << (num)) /* + * Convert from internal to external notation + */ + +static short int +to_external(internal) +short int internal; +{ + short int external; + + if (internal & IPX_NONE) + external = IPX_NONE; + else + external = RIP_SAP; + + return external; +} + +/* * Make a string representation of a network IP address. */ @@ -182,6 +205,9 @@ ipxcp_init(unit) ao->accept_local = 0; ao->accept_remote = 0; ao->accept_network = 0; + + wo->tried_rip = 0; + wo->tried_nlsp = 0; } /* @@ -342,16 +368,17 @@ ipxcp_resetci(f) ao->accept_remote = 1; } /* - * Unless router protocol is suppressed then assume that we can do RIP. - */ - if (! (wo->router & BIT(0))) - wo->router |= BIT(2); -/* - * Router protocol is only negotiated if requested. Others force the - * negotiation. + * If no routing agent was specified then we do RIP/SAP according to the + * RFC documents. If you have specified something then OK. Otherwise, we + * do RIP/SAP. */ - if (wo->router & (BIT(2) | BIT(4))) - wo->neg_router = 1; + if (ao->router == 0) { + ao->router |= BIT(RIP_SAP); + wo->router |= BIT(RIP_SAP); + } + + /* Always specify a routing protocol unless it was REJected. */ + wo->neg_router = 1; /* * Start with these default values */ @@ -361,6 +388,7 @@ ipxcp_resetci(f) /* * ipxcp_cilen - Return length of our CI. */ + static int ipxcp_cilen(f) fsm *f; @@ -371,20 +399,10 @@ ipxcp_cilen(f) len = go->neg_nn ? CILEN_NETN : 0; len += go->neg_node ? CILEN_NODEN : 0; len += go->neg_name ? CILEN_NAME + strlen (go->name) - 1 : 0; - len += go->neg_complete ? CILEN_COMPLETE : 0; -/* - * Router protocol 0 is mutually exclusive with the others. - */ - if (go->neg_router) { - if (go->router & BIT(0)) - len += CILEN_PROTOCOL; - else { - if (go->router & BIT(2)) - len += CILEN_PROTOCOL; - if (go->router & BIT(4)) - len += CILEN_PROTOCOL; - } - } + + /* RFC says that defaults should not be included. */ + if (go->neg_router && to_external(go->router) != RIP_SAP) + len += CILEN_PROTOCOL; return (len); } @@ -427,15 +445,13 @@ ipxcp_addci(f, ucp, lenp) PUTCHAR (go->name [indx], ucp); } - if (go->neg_router && (go->router & (BIT(0) | BIT(2) | BIT(4)))) { + if (go->neg_router) { + short external = to_external (go->router); + if (external != RIP_SAP) { PUTCHAR (IPX_ROUTER_PROTOCOL, ucp); - PUTCHAR (CILEN_PROTOCOL, ucp); - PUTSHORT (go->router, ucp); - } - - if (go->neg_complete) { - PUTCHAR (IPX_COMPLETE, ucp); - PUTCHAR (CILEN_COMPLETE, ucp); + PUTCHAR (CILEN_PROTOCOL, ucp); + PUTSHORT (external, ucp); + } } } @@ -508,12 +524,18 @@ ipxcp_ackci(f, p, len) } #define ACKCIPROTO(opt, neg, val) \ - if (neg && p[1] == CILEN_PROTOCOL && len >= p[1] && p[0] == opt) \ - { \ - INCPTR(2, p); \ - len -= CILEN_PROTOCOL; \ + if (neg) { \ + if (len < 2) \ + break; \ + GETCHAR(citype, p); \ + GETCHAR(cilen, p); \ + if (cilen != CILEN_PROTOCOL || citype != opt) \ + break; \ + len -= cilen; \ + if (len < 0) \ + break; \ GETSHORT(cishort, p); \ - if (cishort != (val)) \ + if (cishort != to_external (val) || cishort == RIP_SAP) \ break; \ } /* @@ -524,7 +546,8 @@ ipxcp_ackci(f, p, len) ACKCINODE (IPX_NODE_NUMBER, go->neg_node, go->our_node); ACKCINAME (IPX_ROUTER_NAME, go->neg_name, go->name); ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router); - ACKCICOMPLETE (IPX_COMPLETE, go->neg_complete); + ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router); + ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router); /* * This is the end of the record. */ @@ -598,7 +621,7 @@ ipxcp_nakci(f, p, len) copy_node (p, try.our_node); break; - /* These have never been sent. Ignore the NAK frame */ + /* This has never been sent. Ignore the NAK frame */ case IPX_COMPRESSION_PROTOCOL: goto bad; @@ -607,16 +630,18 @@ ipxcp_nakci(f, p, len) goto bad; GETSHORT (s, p); - if ((s != 0) && (s != 2) && (s != 4)) - goto bad; + if (s > 15) /* This is just bad, but ignore for now. */ + break; - if (no.router & BIT(s)) + s = BIT(s); + if (no.router & s) /* duplicate NAKs are always bad */ goto bad; if (no.router == 0) /* Reset on first NAK only */ try.router = 0; - no.router |= BIT(s); - try.router |= BIT(s); + + no.router |= s; + try.router |= s; try.neg_router = 1; IPXCPDEBUG((LOG_INFO, "Router protocol number %d", s)); @@ -640,14 +665,15 @@ ipxcp_nakci(f, p, len) /* * Do not permit the peer to force a router protocol which we do not - * support. + * support. However, default to the condition that will accept "NONE". */ - try.router &= go->router; - if (try.router == 0 && go->router != 0) { + try.router &= (ao->router | BIT(IPX_NONE)); + if (try.router == 0 && ao->router != 0) + try.router = BIT(IPX_NONE); + + if (try.router != 0) try.neg_router = 1; - try.router = BIT(0); - } - + /* * OK, the Nak is good. Now we can update state. */ @@ -677,22 +703,32 @@ ipxcp_rejci(f, p, len) ipxcp_options try; /* options to request next time */ #define REJCINETWORK(opt, neg, val) \ - if (neg && p[1] == CILEN_NETN && len >= p[1] && p[0] == opt) { \ - neg = 0; \ - INCPTR(2, p); \ - len -= CILEN_NETN; \ + if (neg && p[0] == opt) { \ + if ((len -= CILEN_NETN) < 0) \ + break; \ + GETCHAR(citype, p); \ + GETCHAR(cilen, p); \ + if (cilen != CILEN_NETN || \ + citype != opt) \ + break; \ GETLONG(cilong, p); \ if (cilong != val) \ break; \ - IPXCPDEBUG((LOG_INFO,"ipxcp_rejci rejected network 0x%08x", val)); \ + IPXCPDEBUG((LOG_INFO,"ipxcp_rejci rejected long opt %d", opt)); \ + neg = 0; \ } #define REJCICHARS(opt, neg, val, cnt) \ - if (neg && p[1] == cnt + 2 && p[1] >= len && p[0] == opt) { \ + if (neg && p[0] == opt) { \ int indx, count = cnt; \ - neg = 0; \ - INCPTR(2, p); \ - len -= (cnt + 2); \ + len -= (count + 2); \ + if (len < 0) \ + break; \ + GETCHAR(citype, p); \ + GETCHAR(cilen, p); \ + if (cilen != (count + 2) || \ + citype != opt) \ + break; \ for (indx = 0; indx < count; ++indx) {\ GETCHAR(cichar, p); \ if (cichar != ((u_char *) &val)[indx]) \ @@ -701,33 +737,40 @@ ipxcp_rejci(f, p, len) if (indx != count) \ break; \ IPXCPDEBUG((LOG_INFO,"ipxcp_rejci rejected opt %d", opt)); \ + neg = 0; \ } #define REJCINODE(opt,neg,val) REJCICHARS(opt,neg,val,sizeof(val)) #define REJCINAME(opt,neg,val) REJCICHARS(opt,neg,val,strlen(val)) #define REJCIVOID(opt, neg) \ - if (neg && p[1] == CILEN_VOID && len >= p[1] && p[0] == opt) { \ - neg = 0; \ - INCPTR(2, p); \ - len -= CILEN_VOID; \ + if (neg && p[0] == opt) { \ + if ((len -= CILEN_VOID) < 0) \ + break; \ + GETCHAR(citype, p); \ + GETCHAR(cilen, p); \ + if (cilen != CILEN_VOID || citype != opt) \ + break; \ IPXCPDEBUG((LOG_INFO, "ipxcp_rejci rejected void opt %d", opt)); \ + neg = 0; \ } -#define REJCIPROTO(opt, neg, val) \ - if (neg && p[1] == CILEN_PROTOCOL && len >= p[1] && p[0] == opt) \ - { \ - INCPTR(2, p); \ - len -= CILEN_PROTOCOL; \ +/* a reject for RIP/SAP is invalid since we don't send it and you can't + reject something which is not sent. (You can NAK, but you can't REJ.) */ +#define REJCIPROTO(opt, neg, val, bit) \ + if (neg && p[0] == opt) { \ + if ((len -= CILEN_PROTOCOL) < 0) \ + break; \ + GETCHAR(citype, p); \ + GETCHAR(cilen, p); \ + if (cilen != CILEN_PROTOCOL) \ + break; \ GETSHORT(cishort, p); \ - IPXCPDEBUG((LOG_INFO, "ipxcp_rejci rejected router proto 0x%04x", cishort)); \ - if ((cishort & val) == 0) \ + if (cishort != to_external (val) || cishort == RIP_SAP) \ break; \ - val &= ~cishort; \ - if (val == 0) \ - neg = 0; \ - } - + IPXCPDEBUG((LOG_INFO, "ipxcp_rejci short opt %d", opt)); \ + neg = 0; \ + } /* * Any Rejected CIs must be in exactly the same order that we sent. * Check packet length and CI length at each step. @@ -738,9 +781,8 @@ ipxcp_rejci(f, p, len) do { REJCINETWORK (IPX_NETWORK_NUMBER, try.neg_nn, try.our_network); REJCINODE (IPX_NODE_NUMBER, try.neg_node, try.our_node); - REJCIPROTO (IPX_ROUTER_PROTOCOL, try.neg_router, try.router); REJCINAME (IPX_ROUTER_NAME, try.neg_name, try.name); - REJCIVOID (IPX_COMPLETE, try.neg_complete); + REJCIPROTO (IPX_ROUTER_PROTOCOL, try.neg_router, try.router, 0); /* * This is the end of the record. */ @@ -787,7 +829,7 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) * Reset all his options. */ BZERO(ho, sizeof(*ho)); - + /* * Process all his options. */ @@ -815,7 +857,7 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) */ case IPX_NETWORK_NUMBER: IPXCPDEBUG((LOG_INFO, "ipxcp: received Network Number request")); - + /* if we wont negotiate the network number or the length is wrong then reject the option */ if ( !ao->neg_nn || cilen != CILEN_NETN ) { @@ -924,8 +966,8 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) break; /* * The routing protocol is a bitmask of various types. Any combination - * of the values 2 and 4 are permissible. '0' for no routing protocol must - * be specified only once. + * of the values RIP_SAP and NLSP are permissible. 'IPX_NONE' for no + * routing protocol must be specified only once. */ case IPX_ROUTER_PROTOCOL: if ( !ao->neg_router || cilen < CILEN_PROTOCOL ) { @@ -935,26 +977,47 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) GETSHORT (cishort, p); IPXCPDEBUG((LOG_INFO, - "Remote router protocol number %d", + "Remote router protocol number 0x%04x", cishort)); - if ((cishort == 0 && ho->router != 0) || (ho->router & BIT(0))) { - orc = CONFREJ; - break; + if (wo->neg_router == 0) { + wo->neg_router = 1; + wo->router = BIT(IPX_NONE); } - if (cishort != 0 && cishort != 2 && cishort != 4) { + if ((cishort == IPX_NONE && ho->router != 0) || + (ho->router & BIT(IPX_NONE))) { orc = CONFREJ; break; } - if (ho->router & BIT (cishort)) { + cishort = BIT(cishort); + if (ho->router & cishort) { orc = CONFREJ; break; } - ho->router |= BIT (cishort); + ho->router |= cishort; ho->neg_router = 1; + + /* Finally do not allow a router protocol which we do not + support. */ + + if ((cishort & (ao->router | BIT(IPX_NONE))) == 0) { + int protocol; + + if (cishort == BIT(NLSP) && + (ao->router & BIT(RIP_SAP)) && + !wo->tried_rip) { + protocol = RIP_SAP; + wo->tried_rip = 1; + } else + protocol = IPX_NONE; + + DECPTR (sizeof (u_int16_t), p); + PUTSHORT (protocol, p); + orc = CONFNAK; + } break; /* * The router name is advisorary. Just accept it if it is not too large. @@ -1072,6 +1135,14 @@ ipxcp_up(f) IPXCPDEBUG((LOG_INFO, "ipxcp: up")); + /* The default router protocol is RIP/SAP. */ + if (ho->router == 0) + ho->router = BIT(RIP_SAP); + + if (go->router == 0) + go->router = BIT(RIP_SAP); + + /* Fetch the network number */ if (!ho->neg_nn) ho->his_network = wo->his_network; @@ -1082,8 +1153,9 @@ ipxcp_up(f) copy_node (wo->our_node, go->our_node); if (zero_node (go->our_node)) { - IPXCPDEBUG((LOG_ERR, "Could not determine local IPX node address")); - ipxcp_close(f->unit, "Could not determine local IPX node address"); + static char errmsg[] = "Could not determine local IPX node address"; + IPXCPDEBUG((LOG_ERR, errmsg)); + ipxcp_close(f->unit, errmsg); return; } @@ -1092,8 +1164,9 @@ ipxcp_up(f) go->network = ho->his_network; if (go->network == 0) { - IPXCPDEBUG((LOG_ERR, "Could not determine network number")); - ipxcp_close (unit, "Could not determine network number"); + static char errmsg[] = "Can not determine network number"; + IPXCPDEBUG((LOG_ERR, errmsg)); + ipxcp_close (unit, errmsg); return; } @@ -1158,11 +1231,11 @@ ipxcp_script(f, script) sprintf (strspeed, "%d", baud_rate); strproto_lcl[0] = '\0'; - if (go->neg_router) { - if (go->router & BIT(2)) + if (go->neg_router && ((go->router & BIT(IPX_NONE)) == 0)) { + if (go->router & BIT(RIP_SAP)) strcpy (strproto_lcl, "RIP "); - if (go->router & BIT(4)) - strcpy (strproto_lcl, "NLSP "); + if (go->router & BIT(NLSP)) + strcat (strproto_lcl, "NLSP "); } if (strproto_lcl[0] == '\0') @@ -1171,11 +1244,11 @@ ipxcp_script(f, script) strproto_lcl[strlen (strproto_lcl)-1] = '\0'; strproto_rmt[0] = '\0'; - if (ho->neg_router) { - if (ho->router & BIT(2)) + if (ho->neg_router && ((ho->router & BIT(IPX_NONE)) == 0)) { + if (ho->router & BIT(RIP_SAP)) strcpy (strproto_rmt, "RIP "); - if (ho->router & BIT(4)) - strcpy (strproto_rmt, "NLSP "); + if (ho->router & BIT(NLSP)) + strcat (strproto_rmt, "NLSP "); } if (strproto_rmt[0] == '\0') @@ -1283,14 +1356,14 @@ ipxcp_printpkt(p, plen, printer, arg) if (olen == CILEN_COMPRESS) { p += CILEN_VOID; GETSHORT (cishort, p); - printer (arg, "compression %d", cishort); + printer (arg, "compression %d", (int) cishort); } break; case IPX_ROUTER_PROTOCOL: if (olen == CILEN_PROTOCOL) { p += CILEN_VOID; GETSHORT (cishort, p); - printer (arg, "router proto %d", cishort); + printer (arg, "router proto %d", (int) cishort); } break; case IPX_ROUTER_NAME: @@ -1299,7 +1372,7 @@ ipxcp_printpkt(p, plen, printer, arg) printer (arg, "router name \""); while (p < optend) { GETCHAR(code, p); - if (code >= 0x20 && code < 0x7E) + if (code >= 0x20 && code <= 0x7E) printer (arg, "%c", code); else printer (arg, " \\%.2x", code); diff --git a/usr.sbin/pppd/ipxcp.h b/usr.sbin/pppd/ipxcp.h index 6dac3f865e8..2d7e941d7cb 100644 --- a/usr.sbin/pppd/ipxcp.h +++ b/usr.sbin/pppd/ipxcp.h @@ -1,3 +1,5 @@ +/* $OpenBSD: ipxcp.h,v 1.2 1997/09/05 04:32:40 millert Exp $ */ + /* * ipxcp.h - IPX Control Protocol definitions. * @@ -16,7 +18,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipxcp.h,v 1.1 1996/07/20 12:02:09 joshd Exp $ + * Id: ipxcp.h,v 1.3 1997/03/04 03:39:33 paulus Exp */ /* @@ -29,6 +31,10 @@ #define IPX_ROUTER_NAME 5 #define IPX_COMPLETE 6 +/* Values for the router protocol */ +#define IPX_NONE 0 +#define RIP_SAP 2 +#define NLSP 4 typedef struct ipxcp_options { int neg_node : 1; /* Negotiate IPX node number? */ @@ -45,6 +51,9 @@ typedef struct ipxcp_options { int accept_remote : 1; /* accept peer's value for hisnode */ int accept_network : 1; /* accept network number */ + int tried_nlsp : 1; /* I have suggested NLSP already */ + int tried_rip : 1; /* I have suggested RIP/SAP already */ + u_int32_t his_network; /* base network number */ u_int32_t our_network; /* our value for network number */ u_int32_t network; /* the final network number */ diff --git a/usr.sbin/pppd/lcp.c b/usr.sbin/pppd/lcp.c index db600552892..7900fbd43b3 100644 --- a/usr.sbin/pppd/lcp.c +++ b/usr.sbin/pppd/lcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lcp.c,v 1.4 1996/12/23 13:22:43 mickey Exp $ */ +/* $OpenBSD: lcp.c,v 1.5 1997/09/05 04:32:40 millert Exp $ */ /* * lcp.c - PPP Link Control Protocol. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: lcp.c,v 1.4 1996/12/23 13:22:43 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: lcp.c,v 1.30 1997/04/30 05:52:59 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: lcp.c,v 1.5 1997/09/05 04:32:40 millert Exp $"; +#endif #endif /* @@ -84,6 +88,7 @@ static void LcpEchoTimeout __P((caddr_t)); static void lcp_received_echo_reply __P((fsm *, int, u_char *, int)); static void LcpSendEchoRequest __P((fsm *)); static void LcpLinkFailure __P((fsm *)); +static void LcpEchoCheck __P((fsm *)); static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ lcp_resetci, /* Reset our Configuration Information */ @@ -112,7 +117,7 @@ static void lcp_init __P((int)); static void lcp_input __P((int, u_char *, int)); static void lcp_protrej __P((int)); static int lcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); + void (*) __P((void *, char *, ...)), void *)); struct protent lcp_protent = { PPP_LCP, @@ -130,7 +135,7 @@ struct protent lcp_protent = { NULL, NULL, NULL -}; +}; int lcp_loopbackfail = DEFLOOPBACKFAIL; @@ -234,7 +239,8 @@ lcp_close(unit, reason) { fsm *f = &lcp_fsm[unit]; - phase = PHASE_TERMINATE; + if (phase != PHASE_DEAD) + phase = PHASE_TERMINATE; if (f->state == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT)) { /* * This action is not strictly according to the FSM in RFC1548, @@ -317,7 +323,7 @@ lcp_extcode(f, code, id, inp, len) case PROTREJ: lcp_rprotrej(f, inp, len); break; - + case ECHOREQ: if (f->state != OPENED) break; @@ -326,7 +332,7 @@ lcp_extcode(f, code, id, inp, len) PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp); fsm_sdata(f, ECHOREP, id, inp, len); break; - + case ECHOREP: lcp_received_echo_reply(f, id, inp, len); break; @@ -340,7 +346,7 @@ lcp_extcode(f, code, id, inp, len) return 1; } - + /* * lcp_rprotrej - Receive an Protocol-Reject. * @@ -806,11 +812,11 @@ lcp_nakci(f, p, len) */ if ((go->neg_chap || go->neg_upap) && len >= CILEN_SHORT - && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { + && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { cilen = p[1]; - len -= cilen; - no.neg_chap = go->neg_chap; - no.neg_upap = go->neg_upap; + len -= cilen; + no.neg_chap = go->neg_chap; + no.neg_upap = go->neg_upap; INCPTR(2, p); GETSHORT(cishort, p); if (cishort == PPP_PAP && cilen == CILEN_SHORT) { @@ -821,7 +827,7 @@ lcp_nakci(f, p, len) */ if (!go->neg_chap) goto bad; - try.neg_chap = 0; + try.neg_chap = 0; } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { GETCHAR(cichar, p); @@ -832,7 +838,7 @@ lcp_nakci(f, p, len) * asking for CHAP. */ if (cichar != go->chap_mdtype) - try.neg_chap = 0; + try.neg_chap = 0; } else { /* * Stop asking for PAP if we were asking for it. @@ -879,6 +885,7 @@ lcp_nakci(f, p, len) try.magicnumber = magic(); looped_back = 1; ); + /* * Peer shouldn't send Nak for protocol compression or * address/control compression requests; they should send @@ -910,13 +917,13 @@ lcp_nakci(f, p, len) while (len > CILEN_VOID) { GETCHAR(citype, p); GETCHAR(cilen, p); - if (cilen < CILEN_VOID || (len -= cilen) < 0) + if (cilen < CILEN_VOID || (len -= cilen) < 0) goto bad; next = p + cilen - 2; switch (citype) { case CI_MRU: - if (go->neg_mru && go->mru != DEFMRU + if ((go->neg_mru && go->mru != DEFMRU) || no.neg_mru || cilen != CILEN_SHORT) goto bad; GETSHORT(cishort, p); @@ -924,7 +931,7 @@ lcp_nakci(f, p, len) try.mru = cishort; break; case CI_ASYNCMAP: - if (go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF + if ((go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) || no.neg_asyncmap || cilen != CILEN_LONG) goto bad; break; @@ -1291,11 +1298,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) break; } GETCHAR(cichar, p); /* get digest type*/ - if (cichar != CHAP_DIGEST_MD5 + if (cichar != CHAP_DIGEST_MD5 #ifdef CHAPMS - && cichar != CHAP_MICROSOFT + && cichar != CHAP_MICROSOFT #endif - ) { + ) { orc = CONFNAK; PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CILEN_CHAP, nakp); @@ -1566,7 +1573,6 @@ lcp_printpkt(p, plen, printer, arg) u_char *pstart, *optend; u_short cishort; u_int32_t cilong; - int fascii; if (plen < HEADERLEN) return 0; @@ -1689,24 +1695,24 @@ lcp_printpkt(p, plen, printer, arg) case TERMACK: case TERMREQ: - if (len > 0 && *p >= ' ' && *p < 0x7f) { - printer(arg, " "); - print_string(p, len, printer, arg); - p += len; - len = 0; - } - break; + if (len > 0 && *p >= ' ' && *p < 0x7f) { + printer(arg, " "); + print_string(p, len, printer, arg); + p += len; + len = 0; + } + break; case ECHOREQ: case ECHOREP: case DISCREQ: - if (len >= 4) { - GETLONG(cilong, p); - printer(arg, " magic=0x%x", cilong); - p += 4; - len -= 4; - } - break; + if (len >= 4) { + GETLONG(cilong, p); + printer(arg, " magic=0x%x", cilong); + p += 4; + len -= 4; + } + break; } /* print the rest of the bytes in the packet */ @@ -1838,7 +1844,7 @@ lcp_echo_lowerup (unit) lcp_echos_pending = 0; lcp_echo_number = 0; lcp_echo_timer_running = 0; - + /* If a timeout interval is specified then start the timer */ if (lcp_echo_interval != 0) LcpEchoCheck (f); diff --git a/usr.sbin/pppd/lcp.h b/usr.sbin/pppd/lcp.h index 6c6f7910f2c..727b2de00bc 100644 --- a/usr.sbin/pppd/lcp.h +++ b/usr.sbin/pppd/lcp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: lcp.h,v 1.4 1996/12/23 13:22:43 mickey Exp $ */ +/* $OpenBSD: lcp.h,v 1.5 1997/09/05 04:32:41 millert Exp $ */ /* * lcp.h - Link Control Protocol definitions. @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: lcp.h,v 1.12 1996/10/08 04:35:02 paulus Exp */ /* @@ -79,7 +81,7 @@ void lcp_open __P((int)); void lcp_close __P((int, char *)); void lcp_lowerup __P((int)); void lcp_lowerdown __P((int)); -void lcp_sprotrej __P((int, u_char *, int)); /* send protocol reject */ +void lcp_sprotrej __P((int, u_char *, int)); /* send protocol reject */ extern struct protent lcp_protent; diff --git a/usr.sbin/pppd/magic.c b/usr.sbin/pppd/magic.c index ab84ff70ad3..73fa0f38645 100644 --- a/usr.sbin/pppd/magic.c +++ b/usr.sbin/pppd/magic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: magic.c,v 1.2 1996/03/25 15:55:48 niklas Exp $ */ +/* $OpenBSD: magic.c,v 1.3 1997/09/05 04:32:41 millert Exp $ */ /* * magic.c - PPP Magic Number routines. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: magic.c,v 1.2 1996/03/25 15:55:48 niklas Exp $"; +#if 0 +static char rcsid[] = "Id: magic.c,v 1.6 1996/04/04 03:58:41 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: magic.c,v 1.3 1997/09/05 04:32:41 millert Exp $"; +#endif #endif #include <stdio.h> diff --git a/usr.sbin/pppd/magic.h b/usr.sbin/pppd/magic.h index 68f3a3a1799..ec990214457 100644 --- a/usr.sbin/pppd/magic.h +++ b/usr.sbin/pppd/magic.h @@ -1,3 +1,5 @@ +/* $OpenBSD: magic.h,v 1.2 1997/09/05 04:32:42 millert Exp $ */ + /* * magic.h - PPP Magic Number definitions. * @@ -16,7 +18,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: magic.h,v 1.1 1995/10/18 08:47:59 deraadt Exp $ + * Id: magic.h,v 1.3 1994/09/21 06:47:37 paulus Exp */ void magic_init __P((void)); /* Initialize the magic number generator */ diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c index dc8b1983ed5..e1dc38c16a1 100644 --- a/usr.sbin/pppd/main.c +++ b/usr.sbin/pppd/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.17 1997/08/04 19:26:18 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.18 1997/09/05 04:32:42 millert Exp $ */ /* * main.c - Point-to-Point Protocol main module @@ -20,10 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: main.c,v 1.17 1997/08/04 19:26:18 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: main.c,v 1.18 1997/09/05 04:32:42 millert Exp $"; #endif #include <stdio.h> +#include <ctype.h> #include <stdlib.h> #include <string.h> #include <unistd.h> @@ -65,6 +66,9 @@ extern char *strerror(); #ifdef IPX_CHANGE #include "ipxcp.h" #endif /* IPX_CHANGE */ +#ifdef AT_CHANGE +#include "atcp.h" +#endif /* interface vars */ char ifname[IFNAMSIZ]; /* Interface name */ @@ -79,16 +83,16 @@ static uid_t uid; /* Our real user-id */ static int conn_running; /* we have a [dis]connector running */ int ttyfd = -1; /* Serial port file descriptor */ -mode_t tty_mode = -1; /* Original access permissions to tty */ -int baud_rate; /* Actual bits/second for serial device */ -int hungup; /* terminal has been hung up */ +mode_t tty_mode = -1; /* Original access permissions to tty */ +int baud_rate; /* Actual bits/second for serial device */ +int hungup; /* terminal has been hung up */ int privileged; /* we're running as real uid root */ int need_holdoff; /* need holdoff period before restarting */ int phase; /* where the link is at */ int kill_link; int open_ccp_flag; -int redirect_stderr; /* Connector's stderr should go to file */ +int redirect_stderr; /* Connector's stderr should go to file */ u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */ u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */ @@ -104,22 +108,23 @@ char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n"; static void cleanup __P((void)); static void close_tty __P((void)); static void get_input __P((void)); -static void connect_time_expired __P((caddr_t)); static void calltimeout __P((void)); static struct timeval *timeleft __P((struct timeval *)); +static void kill_my_pg __P((int)); static void hup __P((int)); static void term __P((int)); static void chld __P((int)); static void toggle_debug __P((int)); static void open_ccp __P((int)); static void bad_signal __P((int)); -static void holdoff_end __P((void *)); +static void holdoff_end __P((caddr_t)); static int device_script __P((char *, int, int)); static void reap_kids __P((void)); static void pr_log __P((void *, char *, ...)); extern char *ttyname __P((int)); extern char *getlogin __P((void)); +int main __P((int, char *[])); #ifdef ultrix #undef O_NONBLOCK @@ -147,6 +152,9 @@ struct protent *protocols[] = { #ifdef IPX_CHANGE &ipxcp_protent, #endif +#ifdef AT_CHANGE + &atcp_protent, +#endif NULL }; @@ -194,23 +202,18 @@ main(argc, argv) * the tty's options file, and the command line arguments. */ for (i = 0; (protp = protocols[i]) != NULL; ++i) - (*protp->init)(0); - + (*protp->init)(0); + progname = *argv; if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1) - || !options_from_user()) - exit(1); - scan_args(argc-1, argv+1); /* look for tty name on command line */ + || !options_from_user()) + exit(1); + scan_args(argc-1, argv+1); /* look for tty name on command line */ if (!options_for_tty() - || !parse_args(argc-1, argv+1)) + || !parse_args(argc-1, argv+1)) exit(1); - if (!ppp_available()) { - option_error(no_ppp_msg); - exit(1); - } - /* * Check that we are running as root. */ @@ -220,6 +223,11 @@ main(argc, argv) die(1); } + if (!ppp_available()) { + option_error(no_ppp_msg); + exit(1); + } + /* * Check that the options given are valid and consistent. */ @@ -241,15 +249,13 @@ main(argc, argv) default_device = 1; redirect_stderr = !nodetach || default_device; - /* * Initialize system-dependent stuff and magic number package. */ sys_init(); magic_init(); if (debug) - setlogmask(LOG_UPTO(LOG_DEBUG)); - + setlogmask(LOG_UPTO(LOG_DEBUG)); /* * Detach ourselves from the terminal, if required, @@ -268,8 +274,8 @@ main(argc, argv) else p = "(unknown)"; } - syslog(LOG_NOTICE, "pppd %s.%d started by %s, uid %d", - VERSION, PATCHLEVEL, p, uid); + syslog(LOG_NOTICE, "pppd %s.%d%s started by %s, uid %d", + VERSION, PATCHLEVEL, IMPLEMENTATION, p, uid); /* * Compute mask of all interesting signals and install signal handlers @@ -416,41 +422,46 @@ main(argc, argv) /* * Open the serial device and set it up to be the ppp interface. - * If we're dialling out, or we don't want to use the modem lines, - * we open it in non-blocking mode, but then we need to clear - * the non-blocking I/O bit. + * First we open it in non-blocking mode so we can set the + * various termios flags appropriately. If we aren't dialling + * out and we want to use the modem lines, we reopen it later + * in order to wait for the carrier detect signal from the modem. */ - nonblock = (connector || !modem)? O_NONBLOCK: 0; - if ((ttyfd = open(devnam, nonblock | O_RDWR, 0)) < 0) { - syslog(LOG_ERR, "Failed to open %s: %m", devnam); - goto fail; - } - if (nonblock) { - if ((fdflags = fcntl(ttyfd, F_GETFL)) == -1 - || fcntl(ttyfd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) - syslog(LOG_WARNING, - "Couldn't reset non-blocking mode on device: %m"); + while ((ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0)) < 0) { + if (errno != EINTR) + syslog(LOG_ERR, "Failed to open %s: %m", devnam); + if (!persist || errno != EINTR) + goto fail; } + if ((fdflags = fcntl(ttyfd, F_GETFL)) == -1 + || fcntl(ttyfd, F_SETFL, fdflags & ~O_NONBLOCK) < 0) + syslog(LOG_WARNING, + "Couldn't reset non-blocking mode on device: %m"); hungup = 0; kill_link = 0; - /* - * Do the equivalent of `mesg n' to stop broadcast messages. - */ - if (fstat(ttyfd, &statbuf) < 0 - || fchmod(ttyfd, statbuf.st_mode & ~(S_IWGRP | S_IWOTH)) < 0) { - syslog(LOG_WARNING, - "Couldn't restrict write permissions to %s: %m", devnam); - } else - tty_mode = statbuf.st_mode; + /* + * Do the equivalent of `mesg n' to stop broadcast messages. + */ + if (fstat(ttyfd, &statbuf) < 0 + || fchmod(ttyfd, statbuf.st_mode & ~(S_IWGRP | S_IWOTH)) < 0) { + syslog(LOG_WARNING, + "Couldn't restrict write permissions to %s: %m", devnam); + } else + tty_mode = statbuf.st_mode; + + /* + * Set line speed, flow control, etc. + * Previously, if we had a connection script, we would set CLOCAL + * while the script was running. But then, if CD was negated + * before the script finished, we would miss it. + */ + set_up_tty(ttyfd, 0); /* run connection script */ if (connector && connector[0]) { MAINDEBUG((LOG_INFO, "Connecting with <%s>", connector)); - /* set line speed, flow control, etc.; set CLOCAL for now */ - set_up_tty(ttyfd, 1); - /* drop dtr to hang up in case modem is off hook */ if (!default_device && modem) { setdtr(ttyfd, FALSE); @@ -468,8 +479,16 @@ main(argc, argv) sleep(1); /* give it time to set up its terminal */ } - /* set line speed, flow control, etc.; clear CLOCAL if modem option */ - set_up_tty(ttyfd, 0); + /* reopen tty if necessary to wait for carrier */ + if (connector == NULL && modem) { + while ((i = open(devnam, O_RDWR)) < 0) { + if (errno != EINTR) + syslog(LOG_ERR, "Failed to reopen %s: %m", devnam); + if (!persist || errno != EINTR || hungup || kill_link) + goto fail; + } + close(i); + } /* run welcome script, if any */ if (welcomer && welcomer[0]) { @@ -481,10 +500,10 @@ main(argc, argv) establish_ppp(ttyfd); if (!demand) { - + syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); - + /* write pid to file */ (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); if ((pidfile = fopen(pidfilename, "w")) != NULL) { @@ -498,13 +517,6 @@ main(argc, argv) } /* - * Set a timeout to close the connection once the maximum - * connect time has expired. - */ - if (maxconnect > 0) - TIMEOUT(connect_time_expired, 0, maxconnect); - - /* * Start opening the connection and wait for * incoming events (reply, timeout, etc.). */ @@ -522,7 +534,7 @@ main(argc, argv) if (open_ccp_flag) { if (phase == PHASE_NETWORK) { ccp_fsm[0].flags = OPT_RESTART; /* clears OPT_SILENT */ - (*ccp_protent.open)(0); + (*ccp_protent.open)(0); } open_ccp_flag = 0; } @@ -553,15 +565,16 @@ main(argc, argv) } fail: - close_tty(); + if (ttyfd >= 0) + close_tty(); if (locked) { unlock(); locked = 0; } if (!demand) { - if (pidfilename[0] != 0 - && unlink(pidfilename) < 0 && errno != ENOENT) + if (pidfilename[0] != 0 + && unlink(pidfilename) < 0 && errno != ENOENT) syslog(LOG_WARNING, "unable to delete pid file: %m"); pidfilename[0] = 0; } @@ -589,6 +602,7 @@ main(argc, argv) } die(0); + return 0; } /* @@ -596,7 +610,7 @@ main(argc, argv) */ static void holdoff_end(arg) - void *arg; + caddr_t arg; { phase = PHASE_DORMANT; } @@ -627,7 +641,7 @@ get_input() } if (debug /*&& (debugflags & DBG_INPACKET)*/) - log_packet(p, len, "rcvd "); + log_packet(p, len, "rcvd ", LOG_DEBUG); if (len < PPP_HDRLEN) { MAINDEBUG((LOG_INFO, "io(): Received short packet.")); @@ -643,7 +657,19 @@ get_input() */ if (protocol != PPP_LCP && lcp_fsm[0].state != OPENED) { MAINDEBUG((LOG_INFO, - "io(): Received non-LCP packet when LCP not open.")); + "get_input: Received non-LCP packet when LCP not open.")); + return; + } + + /* + * Until we get past the authentication phase, toss all packets + * except LCP, LQR and authentication packets. + */ + if (phase <= PHASE_AUTHENTICATE + && !(protocol == PPP_LCP || protocol == PPP_LQR + || protocol == PPP_PAP || protocol == PPP_CHAP)) { + MAINDEBUG((LOG_INFO, "get_input: discarding proto 0x%x in phase %d", + protocol, phase)); return; } @@ -655,7 +681,7 @@ get_input() (*protp->input)(0, p, len); return; } - if (protocol == (protp->protocol & ~0x8000) && protp->enabled_flag + if (protocol == (protp->protocol & ~0x8000) && protp->enabled_flag && protp->datainput != NULL) { (*protp->datainput)(0, p, len); return; @@ -671,7 +697,7 @@ get_input() /* * quit - Clean up state and exit (with an error indication). */ -void +void quit() { die(1); @@ -690,17 +716,6 @@ die(status) } /* - * connect_time_expired - log a message and close the connection. - */ -static void -connect_time_expired(arg) - caddr_t arg; -{ - syslog(LOG_INFO, "Connect time expired"); - lcp_close(0, "Connect time expired"); /* Close connection */ -} - -/* * cleanup - restore anything which needs to be restored before we exit */ /* ARGSUSED */ @@ -712,7 +727,7 @@ cleanup() if (ttyfd >= 0) close_tty(); - if (pidfilename[0] != 0 && unlink(pidfilename) < 0 && errno != ENOENT) + if (pidfilename[0] != 0 && unlink(pidfilename) < 0 && errno != ENOENT) syslog(LOG_WARNING, "unable to delete pid file: %m"); pidfilename[0] = 0; @@ -741,7 +756,7 @@ close_tty() restore_tty(ttyfd); if (tty_mode != (mode_t) -1) - chmod(devnam, tty_mode); + chmod(devnam, tty_mode); close(ttyfd); ttyfd = -1; @@ -751,7 +766,7 @@ close_tty() struct callout { struct timeval c_time; /* time at which to call routine */ caddr_t c_arg; /* argument to routine */ - void (*c_func)(); /* routine */ + void (*c_func) __P((caddr_t)); /* routine */ struct callout *c_next; }; @@ -766,15 +781,15 @@ static struct timeval timenow; /* Current time */ */ void timeout(func, arg, time) - void (*func)(); + void (*func) __P((caddr_t)); caddr_t arg; int time; { struct callout *newp, *p, **pp; - + MAINDEBUG((LOG_DEBUG, "Timeout %lx:%lx in %d seconds.", (long) func, (long) arg, time)); - + /* * Allocate timeout. */ @@ -787,7 +802,7 @@ timeout(func, arg, time) gettimeofday(&timenow, NULL); newp->c_time.tv_sec = timenow.tv_sec + time; newp->c_time.tv_usec = timenow.tv_usec; - + /* * Find correct place and link it in. */ @@ -806,13 +821,13 @@ timeout(func, arg, time) */ void untimeout(func, arg) - void (*func)(); + void (*func) __P((caddr_t)); caddr_t arg; { struct callout **copp, *freep; - + MAINDEBUG((LOG_DEBUG, "Untimeout %lx:%lx.", (long) func, (long) arg)); - + /* * Find first matching timeout and remove it from the list. */ @@ -875,7 +890,7 @@ timeleft(tvp) return tvp; } - + /* * kill_my_pg - send a signal to our process group, and ignore it ourselves. @@ -888,8 +903,8 @@ kill_my_pg(sig) act.sa_handler = SIG_IGN; act.sa_flags = 0; + kill(0, sig); sigaction(sig, &act, &oldact); - kill(-getpgrp(), sig); sigaction(sig, &oldact, NULL); } @@ -959,9 +974,9 @@ toggle_debug(sig) { debug = !debug; if (debug) { - setlogmask(LOG_UPTO(LOG_DEBUG)); + setlogmask(LOG_UPTO(LOG_DEBUG)); } else { - setlogmask(LOG_UPTO(LOG_WARNING)); + setlogmask(LOG_UPTO(LOG_WARNING)); } } @@ -1018,33 +1033,33 @@ device_script(program, in, out) if (pid == 0) { sys_close(); - closelog(); - if (in == out) { - if (in != 0) { - dup2(in, 0); - close(in); - } - dup2(0, 1); - } else { - if (out == 0) - out = dup(out); - if (in != 0) { - dup2(in, 0); - close(in); - } - if (out != 1) { - dup2(out, 1); - close(out); - } - } - if (redirect_stderr) { - close(2); - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); - if (errfd >= 0 && errfd != 2) { - dup2(errfd, 2); - close(errfd); - } - } + closelog(); + if (in == out) { + if (in != 0) { + dup2(in, 0); + close(in); + } + dup2(0, 1); + } else { + if (out == 0) + out = dup(out); + if (in != 0) { + dup2(in, 0); + close(in); + } + if (out != 1) { + dup2(out, 1); + close(out); + } + } + if (redirect_stderr) { + close(2); + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + if (errfd >= 0 && errfd != 2) { + dup2(errfd, 2); + close(errfd); + } + } /* revoke privs */ seteuid(getuid()); setuid(getuid()); @@ -1100,17 +1115,17 @@ run_program(prog, args, must_exist) /* Ensure that nothing of our device environment is inherited. */ sys_close(); - closelog(); + closelog(); close (0); close (1); close (2); close (ttyfd); /* tty interface to the ppp device */ - /* Don't pass handles to the PPP device, even by accident. */ + /* Don't pass handles to the PPP device, even by accident. */ new_fd = open (_PATH_DEVNULL, O_RDWR); if (new_fd >= 0) { if (new_fd != 0) { - dup2 (new_fd, 0); /* stdin <- /dev/null */ + dup2 (new_fd, 0); /* stdin <- /dev/null */ close (new_fd); } dup2 (0, 1); /* stdout -> /dev/null */ @@ -1120,12 +1135,12 @@ run_program(prog, args, must_exist) #ifdef BSD /* Force the priority back to zero if pppd is running higher. */ if (setpriority (PRIO_PROCESS, 0, 0) < 0) - syslog (LOG_WARNING, "can't reset priority to 0: %m"); + syslog (LOG_WARNING, "can't reset priority to 0: %m"); #endif /* SysV recommends a second fork at this point. */ - /* run the program; give it a null environment */ + /* run the program; give it a null environment */ nullenv[0] = NULL; execve(prog, args, nullenv); if (must_exist || errno != ENOENT) @@ -1172,16 +1187,17 @@ char line[256]; /* line to be logged accumulated here */ char *linep; void -log_packet(p, len, prefix) +log_packet(p, len, prefix, level) u_char *p; int len; char *prefix; + int level; { strcpy(line, prefix); linep = line + strlen(line); format_packet(p, len, pr_log, NULL); if (linep != line) - syslog(LOG_DEBUG, "%s", line); + syslog(level, "%s", line); } /* @@ -1269,27 +1285,26 @@ print_string(p, len, printer, arg) printer(arg, "\""); for (; len > 0; --len) { c = *p++; - if (' ' <= c && c <= '~') { - if (c == '\\' || c == '"') - printer(arg, "\\"); + if (' ' <= c && c <= '~') { + if (c == '\\' || c == '"') + printer(arg, "\\"); printer(arg, "%c", c); - } else { - switch (c) { - case '\n': - printer(arg, "\\n"); - break; - case '\r': - printer(arg, "\\r"); - break; - case '\t': - printer(arg, "\\t"); - break; - default: - printer(arg, "\\%.3o", c); - } - } + } else { + switch (c) { + case '\n': + printer(arg, "\\n"); + break; + case '\r': + printer(arg, "\\r"); + break; + case '\t': + printer(arg, "\\t"); + break; + default: + printer(arg, "\\%.3o", c); + } + } } - printer(arg, "\""); } @@ -1316,7 +1331,7 @@ fmtmsg __V((char *buf, int buflen, char *fmt, ...)) { va_list args; int n; - + #ifdef __STDC__ va_start(args, fmt); #else @@ -1332,12 +1347,12 @@ fmtmsg __V((char *buf, int buflen, char *fmt, ...)) va_end(args); return n; } - + /* * vfmtmsg - like fmtmsg, takes a va_list instead of a list of args. */ -#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0) - +#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0) + int vfmtmsg(buf, buflen, fmt, args) char *buf; @@ -1348,207 +1363,206 @@ vfmtmsg(buf, buflen, fmt, args) int c, i, n; int width, prec, fillch; int base, len, neg, quoted; - unsigned long val; + unsigned long val = 0; char *str, *f, *buf0; unsigned char *p; - va_list a; char num[32]; time_t t; static char hexchars[] = "0123456789abcdef"; - + buf0 = buf; --buflen; while (buflen > 0) { - for (f = fmt; *f != '%' && *f != 0; ++f) - ; - if (f > fmt) { - len = f - fmt; - if (len > buflen) - len = buflen; - memcpy(buf, fmt, len); - buf += len; - buflen -= len; - fmt = f; - } - if (*fmt == 0) - break; - c = *++fmt; - width = prec = 0; - fillch = ' '; - if (c == '0') { - fillch = '0'; - c = *++fmt; - } - if (c == '*') { - width = va_arg(args, int); - c = *++fmt; - } else { - while (isdigit(c)) { - width = width * 10 + c - '0'; - c = *++fmt; - } - } - if (c == '.') { - c = *++fmt; - if (c == '*') { - prec = va_arg(args, int); - c = *++fmt; - } else { - while (isdigit(c)) { - prec = prec * 10 + c - '0'; - c = *++fmt; - } - } - } - str = 0; - base = 0; - neg = 0; - ++fmt; - switch (c) { - case 'd': - i = va_arg(args, int); - if (i < 0) { - neg = 1; - val = -i; - } else - val = i; - base = 10; - break; - case 'o': - val = va_arg(args, unsigned int); - base = 8; - break; - case 'x': - val = va_arg(args, unsigned int); - base = 16; - break; - case 'p': - val = (unsigned long) va_arg(args, void *); - base = 16; - neg = 2; - break; - case 's': - str = va_arg(args, char *); - break; - case 'c': - num[0] = va_arg(args, int); - num[1] = 0; - str = num; - break; - case 'm': - str = strerror(errno); - break; - case 'I': - str = ip_ntoa(va_arg(args, u_int32_t)); - break; - case 'r': - f = va_arg(args, char *); - /* - * XXX We assume a va_list is either a pointer or an array, so - * what gets passed for a va_list is like a void * in some sense. - */ - a = va_arg(args, va_list); - n = vfmtmsg(buf, buflen + 1, f, a); - buf += n; - buflen -= n; - continue; - case 't': - time(&t); - str = ctime(&t); - str += 4; /* chop off the day name */ - str[15] = 0; /* chop off year and newline */ - break; - case 'v': /* "visible" string */ - case 'q': /* quoted string */ - quoted = c == 'q'; - p = va_arg(args, unsigned char *); - if (fillch == '0' && prec > 0) { - n = prec; - } else { - n = strlen((char *)p); - if (prec > 0 && prec < n) - n = prec; - } - while (n > 0 && buflen > 0) { - c = *p++; - --n; - if (!quoted && c >= 0x80) { - OUTCHAR('M'); - OUTCHAR('-'); - c -= 0x80; - } - if (quoted && (c == '"' || c == '\\')) - OUTCHAR('\\'); - if (c < 0x20 || 0x7f <= c && c < 0xa0) { - if (quoted) { - OUTCHAR('\\'); - switch (c) { - case '\t': OUTCHAR('t'); break; - case '\n': OUTCHAR('n'); break; - case '\b': OUTCHAR('b'); break; - case '\f': OUTCHAR('f'); break; - default: - OUTCHAR('x'); - OUTCHAR(hexchars[c >> 4]); - OUTCHAR(hexchars[c & 0xf]); - } - } else { - if (c == '\t') - OUTCHAR(c); - else { - OUTCHAR('^'); - OUTCHAR(c ^ 0x40); - } - } - } else - OUTCHAR(c); - } - continue; - default: - *buf++ = '%'; - if (c != '%') - --fmt; /* so %z outputs %z etc. */ - --buflen; - continue; - } - if (base != 0) { - str = num + sizeof(num); - *--str = 0; - while (str > num + neg) { - *--str = hexchars[val % base]; - val = val / base; - if (--prec <= 0 && val == 0) - break; - } - switch (neg) { - case 1: - *--str = '-'; - break; - case 2: - *--str = 'x'; - *--str = '0'; - break; - } - len = num + sizeof(num) - 1 - str; - } else { - len = strlen(str); - if (prec > 0 && len > prec) - len = prec; - } - if (width > 0) { - if (width > buflen) - width = buflen; - if ((n = width - len) > 0) { - buflen -= n; - for (; n > 0; --n) - *buf++ = fillch; - } - } - if (len > buflen) - len = buflen; - memcpy(buf, str, len); - buf += len; - buflen -= len; + for (f = fmt; *f != '%' && *f != 0; ++f) + ; + if (f > fmt) { + len = f - fmt; + if (len > buflen) + len = buflen; + memcpy(buf, fmt, len); + buf += len; + buflen -= len; + fmt = f; + } + if (*fmt == 0) + break; + c = *++fmt; + width = prec = 0; + fillch = ' '; + if (c == '0') { + fillch = '0'; + c = *++fmt; + } + if (c == '*') { + width = va_arg(args, int); + c = *++fmt; + } else { + while (isdigit(c)) { + width = width * 10 + c - '0'; + c = *++fmt; + } + } + if (c == '.') { + c = *++fmt; + if (c == '*') { + prec = va_arg(args, int); + c = *++fmt; + } else { + while (isdigit(c)) { + prec = prec * 10 + c - '0'; + c = *++fmt; + } + } + } + str = 0; + base = 0; + neg = 0; + ++fmt; + switch (c) { + case 'd': + i = va_arg(args, int); + if (i < 0) { + neg = 1; + val = -i; + } else + val = i; + base = 10; + break; + case 'o': + val = va_arg(args, unsigned int); + base = 8; + break; + case 'x': + val = va_arg(args, unsigned int); + base = 16; + break; + case 'p': + val = (unsigned long) va_arg(args, void *); + base = 16; + neg = 2; + break; + case 's': + str = va_arg(args, char *); + break; + case 'c': + num[0] = va_arg(args, int); + num[1] = 0; + str = num; + break; + case 'm': + str = strerror(errno); + break; + case 'I': + str = ip_ntoa(va_arg(args, u_int32_t)); + break; + case 'r': + f = va_arg(args, char *); +#ifndef __powerpc__ + n = vfmtmsg(buf, buflen + 1, f, va_arg(args, va_list)); +#else + /* On the powerpc, a va_list is an array of 1 structure */ + n = vfmtmsg(buf, buflen + 1, f, va_arg(args, void *)); +#endif + buf += n; + buflen -= n; + continue; + case 't': + time(&t); + str = ctime(&t); + str += 4; /* chop off the day name */ + str[15] = 0; /* chop off year and newline */ + break; + case 'v': /* "visible" string */ + case 'q': /* quoted string */ + quoted = c == 'q'; + p = va_arg(args, unsigned char *); + if (fillch == '0' && prec > 0) { + n = prec; + } else { + n = strlen((char *)p); + if (prec > 0 && prec < n) + n = prec; + } + while (n > 0 && buflen > 0) { + c = *p++; + --n; + if (!quoted && c >= 0x80) { + OUTCHAR('M'); + OUTCHAR('-'); + c -= 0x80; + } + if (quoted && (c == '"' || c == '\\')) + OUTCHAR('\\'); + if (c < 0x20 || (0x7f <= c && c < 0xa0)) { + if (quoted) { + OUTCHAR('\\'); + switch (c) { + case '\t': OUTCHAR('t'); break; + case '\n': OUTCHAR('n'); break; + case '\b': OUTCHAR('b'); break; + case '\f': OUTCHAR('f'); break; + default: + OUTCHAR('x'); + OUTCHAR(hexchars[c >> 4]); + OUTCHAR(hexchars[c & 0xf]); + } + } else { + if (c == '\t') + OUTCHAR(c); + else { + OUTCHAR('^'); + OUTCHAR(c ^ 0x40); + } + } + } else + OUTCHAR(c); + } + continue; + default: + *buf++ = '%'; + if (c != '%') + --fmt; /* so %z outputs %z etc. */ + --buflen; + continue; + } + if (base != 0) { + str = num + sizeof(num); + *--str = 0; + while (str > num + neg) { + *--str = hexchars[val % base]; + val = val / base; + if (--prec <= 0 && val == 0) + break; + } + switch (neg) { + case 1: + *--str = '-'; + break; + case 2: + *--str = 'x'; + *--str = '0'; + break; + } + len = num + sizeof(num) - 1 - str; + } else { + len = strlen(str); + if (prec > 0 && len > prec) + len = prec; + } + if (width > 0) { + if (width > buflen) + width = buflen; + if ((n = width - len) > 0) { + buflen -= n; + for (; n > 0; --n) + *buf++ = fillch; + } + } + if (len > buflen) + len = buflen; + memcpy(buf, str, len); + buf += len; + buflen -= len; } *buf = 0; return buf - buf0; diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c index 4ea831cde71..878c3b9c52b 100644 --- a/usr.sbin/pppd/options.c +++ b/usr.sbin/pppd/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.8 1997/07/25 20:12:15 mickey Exp $ */ +/* $OpenBSD: options.c,v 1.9 1997/09/05 04:32:43 millert Exp $ */ /* * options.c - handles option processing for PPP. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: options.c,v 1.8 1997/07/25 20:12:15 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: options.c,v 1.39 1997/07/14 03:53:34 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: options.c,v 1.9 1997/09/05 04:32:43 millert Exp $"; +#endif #endif #include <ctype.h> @@ -38,6 +42,10 @@ static char rcsid[] = "$OpenBSD: options.c,v 1.8 1997/07/25 20:12:15 mickey Exp #include <sys/stat.h> #include <netinet/in.h> #include <arpa/inet.h> +#ifdef PPP_FILTER +#include <pcap.h> +#include <pcap-int.h> /* XXX: To get struct pcap */ +#endif #include "pppd.h" #include "pathnames.h" @@ -72,6 +80,9 @@ char *strdup __P((char *)); /* * Option variables and default values. */ +#ifdef PPP_FILTER +int dflag = 0; /* Tell libpcap we want debugging */ +#endif int debug = 0; /* Debug flag */ int kdebugflag = 0; /* Tell kernel to print debug messages */ int default_device = 1; /* Using /dev/tty or equivalent */ @@ -97,6 +108,7 @@ int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ +int explicit_remote = 0; /* User specified explicit remote name */ int usehostname = 0; /* Use hostname for our_name */ int disable_defaultip = 0; /* Don't use hostname for default IP adrs */ int demand = 0; /* do dial-on-demand */ @@ -104,78 +116,88 @@ char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ int cryptpap; /* Passwords in pap-secrets are encrypted */ int idle_time_limit = 0; /* Disconnect if idle for this many seconds */ int holdoff = 30; /* # seconds to pause before reconnecting */ -int refuse_pap = 0; /* Set to say we won't do PAP */ -int refuse_chap = 0; /* Set to say we won't do CHAP */ +int refuse_pap = 0; /* Set to say we won't do PAP */ +int refuse_chap = 0; /* Set to say we won't do CHAP */ + +#ifdef MSLANMAN +int ms_lanman = 0; /* Nonzero if use LanMan password instead of NT */ + /* Has meaning only with MS-CHAP challenges */ +#endif struct option_info auth_req_info; struct option_info connector_info; struct option_info disconnector_info; struct option_info welcomer_info; struct option_info devnam_info; +#ifdef PPP_FILTER +struct bpf_program pass_filter;/* Filter program for packets to pass */ +struct bpf_program active_filter; /* Filter program for link-active pkts */ +pcap_t pc; /* Fake struct pcap so we can compile expr */ +#endif /* * Prototypes */ static int setdevname __P((char *, int)); static int setipaddr __P((char *)); -static int setdebug __P((void)); +static int setspeed __P((char *)); +static int setdebug __P((char **)); static int setkdebug __P((char **)); -static int setpassive __P((void)); -static int setsilent __P((void)); -static int noopt __P((void)); -static int setnovj __P((void)); -static int setnovjccomp __P((void)); +static int setpassive __P((char **)); +static int setsilent __P((char **)); +static int noopt __P((char **)); +static int setnovj __P((char **)); +static int setnovjccomp __P((char **)); static int setvjslots __P((char **)); -static int reqpap __P((void)); -static int nopap __P((void)); +static int reqpap __P((char **)); +static int nopap __P((char **)); #ifdef OLD_OPTIONS static int setupapfile __P((char **)); #endif -static int nochap __P((void)); -static int reqchap __P((void)); -static int setspeed __P((char *)); -static int noaccomp __P((void)); -static int noasyncmap __P((void)); -static int noip __P((void)); -static int nomagicnumber __P((void)); +static int nochap __P((char **)); +static int reqchap __P((char **)); +static int noaccomp __P((char **)); +static int noasyncmap __P((char **)); +static int noip __P((char **)); +static int nomagicnumber __P((char **)); static int setasyncmap __P((char **)); static int setescape __P((char **)); static int setmru __P((char **)); static int setmtu __P((char **)); #ifdef CBCP_SUPPORT -static int setcbcp __P((char **)); +static int setcbcp __P((char *)); #endif -static int nomru __P((void)); -static int nopcomp __P((void)); +static int nomru __P((char **)); +static int nopcomp __P((char **)); static int setconnector __P((char **)); static int setdisconnector __P((char **)); static int setwelcomer __P((char **)); static int setmaxconnect __P((char **)); static int setdomain __P((char **)); static int setnetmask __P((char **)); -static int setcrtscts __P((void)); -static int setnocrtscts __P((void)); -static int setxonxoff __P((void)); -static int setnodetach __P((void)); -static int setmodem __P((void)); -static int setlocal __P((void)); -static int setlock __P((void)); +static int setcrtscts __P((char **)); +static int setnocrtscts __P((char **)); +static int setxonxoff __P((char **)); +static int setnodetach __P((char **)); +static int setmodem __P((char **)); +static int setlocal __P((char **)); +static int setlock __P((char **)); static int setname __P((char **)); static int setuser __P((char **)); static int setremote __P((char **)); -static int setauth __P((void)); -static int setnoauth __P((void)); +static int setauth __P((char **)); +static int setnoauth __P((char **)); static int readfile __P((char **)); static int callfile __P((char **)); -static int setdefaultroute __P((void)); -static int setnodefaultroute __P((void)); -static int setproxyarp __P((void)); -static int setnoproxyarp __P((void)); -static int setpersist __P((void)); -static int setnopersist __P((void)); -static int setdologin __P((void)); -static int setusehostname __P((void)); -static int setnoipdflt __P((void)); +static int setdefaultroute __P((char **)); +static int setnodefaultroute __P((char **)); +static int setproxyarp __P((char **)); +static int setnoproxyarp __P((char **)); +static int setpersist __P((char **)); +static int setnopersist __P((char **)); +static int setdologin __P((char **)); +static int setusehostname __P((char **)); +static int setnoipdflt __P((char **)); static int setlcptimeout __P((char **)); static int setlcpterm __P((char **)); static int setlcpconf __P((char **)); @@ -190,30 +212,39 @@ static int setpapreqtime __P((char **)); static int setchaptimeout __P((char **)); static int setchapchal __P((char **)); static int setchapintv __P((char **)); -static int setipcpaccl __P((void)); -static int setipcpaccr __P((void)); +static int setipcpaccl __P((char **)); +static int setipcpaccr __P((char **)); static int setlcpechointv __P((char **)); static int setlcpechofails __P((char **)); -static int noccp __P((void)); +static int noccp __P((char **)); static int setbsdcomp __P((char **)); -static int setnobsdcomp __P((void)); +static int setnobsdcomp __P((char **)); static int setdeflate __P((char **)); -static int setnodeflate __P((void)); -static int setdemand __P((void)); -static int setpred1comp __P((void)); -static int setnopred1comp __P((void)); +static int setnodeflate __P((char **)); +static int setdemand __P((char **)); +static int setpred1comp __P((char **)); +static int setnopred1comp __P((char **)); static int setipparam __P((char **)); -static int setpapcrypt __P((void)); +static int setpapcrypt __P((char **)); static int setidle __P((char **)); static int setholdoff __P((char **)); static int setdnsaddr __P((char **)); -static int resetipxproto __P((void)); +static int resetipxproto __P((char **)); +static int setwinsaddr __P((char **)); +static int showversion __P((char **)); +static int showhelp __P((char **)); + +#ifdef PPP_FILTER +static int setpdebug __P((char **)); +static int setpassfilter __P((char **)); +static int setactivefilter __P((char **)); +#endif #ifdef IPX_CHANGE -static int setipxproto __P((void)); -static int setipxanet __P((void)); -static int setipxalcl __P((void)); -static int setipxarmt __P((void)); +static int setipxproto __P((char **)); +static int setipxanet __P((char **)); +static int setipxalcl __P((char **)); +static int setipxarmt __P((char **)); static int setipxnetwork __P((char **)); static int setipxnode __P((char **)); static int setipxrouter __P((char **)); @@ -224,6 +255,10 @@ static int setipxcpconf __P((char **)); static int setipxcpfails __P((char **)); #endif /* IPX_CHANGE */ +#ifdef MSLANMAN +static int setmslanman __P((void)); +#endif + static int number_option __P((char *, u_int32_t *, int)); static int int_option __P((char *, int *)); static int readable __P((int fd)); @@ -234,10 +269,10 @@ static int readable __P((int fd)); static struct cmd { char *cmd_name; int num_args; - int (*cmd_func)(); + int (*cmd_func) __P((char **)); } cmds[] = { - {"-all", 0, noopt}, /* Don't request/allow any options (useless) */ - {"noaccomp", 0, noaccomp}, /* Disable Address/Control compression */ + {"-all", 0, noopt}, /* Don't request/allow any options (useless) */ + {"noaccomp", 0, noaccomp}, /* Disable Address/Control compression */ {"-ac", 0, noaccomp}, /* Disable Address/Control compress */ {"default-asyncmap", 0, noasyncmap}, /* Disable asyncmap negoatiation */ {"-am", 0, noasyncmap}, /* Disable asyncmap negotiation */ @@ -245,27 +280,27 @@ static struct cmd { {"-d", 0, setdebug}, /* Increase debugging level */ {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */ {"-detach", 0, setnodetach}, /* don't fork */ - {"noip", 0, noip}, /* Disable IP and IPCP */ + {"noip", 0, noip}, /* Disable IP and IPCP */ {"-ip", 0, noip}, /* Disable IP and IPCP */ {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */ {"-mn", 0, nomagicnumber}, /* Disable magic number negotiation */ - {"default-mru", 0, nomru}, /* Disable MRU negotiation */ + {"default-mru", 0, nomru}, /* Disable MRU negotiation */ {"-mru", 0, nomru}, /* Disable mru negotiation */ {"-p", 0, setpassive}, /* Set passive mode */ - {"nopcomp", 0, nopcomp}, /* Disable protocol field compression */ + {"nopcomp", 0, nopcomp}, /* Disable protocol field compression */ {"-pc", 0, nopcomp}, /* Disable protocol field compress */ #if OLD_OPTIONS {"+ua", 1, setupapfile}, /* Get PAP user and password from file */ #endif {"require-pap", 0, reqpap}, /* Require PAP authentication from peer */ {"+pap", 0, reqpap}, /* Require PAP auth from peer */ - {"refuse-pap", 0, nopap}, /* Don't agree to auth to peer with PAP */ + {"refuse-pap", 0, nopap}, /* Don't agree to auth to peer with PAP */ {"-pap", 0, nopap}, /* Don't allow UPAP authentication with peer */ {"require-chap", 0, reqchap}, /* Require CHAP authentication from peer */ {"+chap", 0, reqchap}, /* Require CHAP authentication from peer */ - {"refuse-chap", 0, nochap}, /* Don't agree to auth to peer with CHAP */ + {"refuse-chap", 0, nochap}, /* Don't agree to auth to peer with CHAP */ {"-chap", 0, nochap}, /* Don't allow CHAP authentication with peer */ - {"novj", 0, setnovj}, /* Disable VJ compression */ + {"novj", 0, setnovj}, /* Disable VJ compression */ {"-vj", 0, setnovj}, /* disable VJ compression */ {"novjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */ {"-vjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */ @@ -331,13 +366,13 @@ static struct cmd { {"chap-interval", 1, setchapintv}, /* Set interval for rechallenge */ {"ipcp-accept-local", 0, setipcpaccl}, /* Accept peer's address for us */ {"ipcp-accept-remote", 0, setipcpaccr}, /* Accept peer's address for it */ - {"noccp", 0, noccp}, /* Disable CCP negotiation */ + {"noccp", 0, noccp}, /* Disable CCP negotiation */ {"-ccp", 0, noccp}, /* Disable CCP negotiation */ {"bsdcomp", 1, setbsdcomp}, /* request BSD-Compress */ - {"nobsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */ + {"nobsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */ {"-bsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */ {"deflate", 1, setdeflate}, /* request Deflate compression */ - {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ + {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */ {"predictor1", 0, setpred1comp}, /* request Predictor-1 */ {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */ @@ -347,8 +382,18 @@ static struct cmd { {"idle", 1, setidle}, /* idle time limit (seconds) */ {"holdoff", 1, setholdoff}, /* set holdoff time (seconds) */ {"ms-dns", 1, setdnsaddr}, /* DNS address for the peer's use */ + {"ms-wins", 1, setwinsaddr}, /* Nameserver for SMB over TCP/IP for peer */ {"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */ {"-ipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */ + {"--version", 0, showversion}, /* Show version number */ + {"--help", 0, showhelp}, /* Show brief listing of options */ + {"-h", 0, showhelp}, /* ditto */ + +#ifdef PPP_FILTER + {"pdebug", 1, setpdebug}, /* libpcap debugging */ + {"pass-filter", 1, setpassfilter}, /* set filter for packets to pass */ + {"active-filter", 1, setactivefilter}, /* set filter for active pkts */ +#endif #ifdef IPX_CHANGE {"ipx-network", 1, setipxnetwork}, /* IPX network number */ @@ -365,10 +410,14 @@ static struct cmd { #if 0 {"ipx-compression", 1, setipxcompression}, /* IPX compression number */ #endif - {"ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */ + {"ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */ {"+ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */ #endif /* IPX_CHANGE */ +#ifdef MSLANMAN + {"ms-lanman", 0, setmslanman}, /* Use LanMan psswd when using MS-CHAP */ +#endif + {NULL, 0, NULL} }; @@ -396,7 +445,7 @@ Usage: %s [ options ], where options are:\n\ See pppd(8) for more options.\n\ "; -static char *current_option; /* the name of the option being parsed */ +static char *current_option; /* the name of the option being parsed */ static int privileged_option; /* set iff the current option came from root */ static char *option_source; /* string saying where the option came from */ @@ -427,10 +476,10 @@ parse_args(argc, argv) if (cmdp->cmd_name != NULL) { if (argc < cmdp->num_args) { - option_error("too few parameters for option %s", arg); + option_error("too few parameters for option %s", arg); return 0; } - current_option = arg; + current_option = arg; if (!(*cmdp->cmd_func)(argv)) return 0; argc -= cmdp->num_args; @@ -440,10 +489,10 @@ parse_args(argc, argv) /* * Maybe a tty name, speed or IP address? */ - if ((ret = setdevname(arg, 0)) == 0 + if ((ret = setdevname(arg, 0)) == 0 && (ret = setspeed(arg)) == 0 && (ret = setipaddr(arg)) == 0) { - option_error("unrecognized option '%s'", arg); + option_error("unrecognized option '%s'", arg); usage(); return 0; } @@ -467,25 +516,24 @@ scan_args(argc, argv) struct cmd *cmdp; while (argc > 0) { - arg = *argv++; - --argc; - - /* Skip options and their arguments */ - for (cmdp = cmds; cmdp->cmd_name; cmdp++) - if (!strcmp(arg, cmdp->cmd_name)) - break; - - if (cmdp->cmd_name != NULL) { - argc -= cmdp->num_args; - argv += cmdp->num_args; - continue; - } - - /* Check if it's a tty name and copy it if so */ - (void) setdevname(arg, 1); - } -} + arg = *argv++; + --argc; + + /* Skip options and their arguments */ + for (cmdp = cmds; cmdp->cmd_name; cmdp++) + if (!strcmp(arg, cmdp->cmd_name)) + break; + if (cmdp->cmd_name != NULL) { + argc -= cmdp->num_args; + argv += cmdp->num_args; + continue; + } + + /* Check if it's a tty name and copy it if so */ + (void) setdevname(arg, 1); + } +} /* * usage - print out a message telling how to use the program. @@ -494,8 +542,37 @@ void usage() { if (phase == PHASE_INITIALIZE) - fprintf(stderr, usage_string, VERSION, PATCHLEVEL, IMPLEMENTATION, - progname); + fprintf(stderr, usage_string, VERSION, PATCHLEVEL, IMPLEMENTATION, + progname); +} + +/* + * showhelp - print out usage message and exit. + */ +static int +showhelp(argv) + char **argv; +{ + if (phase == PHASE_INITIALIZE) { + usage(); + exit(0); + } + return 0; +} + +/* + * showversion - print out the version number and exit. + */ +static int +showversion(argv) + char **argv; +{ + if (phase == PHASE_INITIALIZE) { + fprintf(stderr, "pppd version %s patch level %d%s\n", + VERSION, PATCHLEVEL, IMPLEMENTATION); + exit(0); + } + return 0; } /* @@ -520,11 +597,11 @@ options_from_file(filename, must_exist, check_prot, priv) if ((f = fopen(filename, "r")) == NULL) { if (!must_exist && errno == ENOENT) return 1; - option_error("Can't open options file %s: %m", filename); + option_error("Can't open options file %s: %m", filename); return 0; } if (check_prot && !readable(fileno(f))) { - option_error("Can't open options file %s: access denied", filename); + option_error("Can't open options file %s: access denied", filename); fclose(f); return 0; } @@ -543,14 +620,14 @@ options_from_file(filename, must_exist, check_prot, priv) if (cmdp->cmd_name != NULL) { for (i = 0; i < cmdp->num_args; ++i) { if (!getword(f, args[i], &newline, filename)) { - option_error( - "In file %s: too few parameters for option '%s'", - filename, cmd); + option_error( + "In file %s: too few parameters for option '%s'", + filename, cmd); goto err; } argv[i] = args[i]; } - current_option = cmd; + current_option = cmd; if (!(*cmdp->cmd_func)(argv)) goto err; @@ -561,8 +638,8 @@ options_from_file(filename, must_exist, check_prot, priv) if ((i = setdevname(cmd, 0)) == 0 && (i = setspeed(cmd)) == 0 && (i = setipaddr(cmd)) == 0) { - option_error("In file %s: unrecognized option '%s'", - filename, cmd); + option_error("In file %s: unrecognized option '%s'", + filename, cmd); goto err; } if (i < 0) /* error */ @@ -632,7 +709,7 @@ options_for_tty() } /* - * option_error - print a message about an error in an option. + * option_error - print a message about an error in an option. * The message is logged, and also sent to * stderr if phase == PHASE_INITIALIZE. */ @@ -640,9 +717,8 @@ void option_error __V((char *fmt, ...)) { va_list args; - int n; char buf[256]; - + #ifdef __STDC__ va_start(args, fmt); #else @@ -653,11 +729,10 @@ option_error __V((char *fmt, ...)) vfmtmsg(buf, sizeof(buf), fmt, args); va_end(args); if (phase == PHASE_INITIALIZE) - fprintf(stderr, "%s: %s\n", progname, buf); + fprintf(stderr, "%s: %s\n", progname, buf); syslog(LOG_ERR, "%s", buf); } - /* * readable - check if a file is readable by the real user. */ @@ -905,7 +980,7 @@ getword(f, word, newlinep, filename) if (ferror(f)) { if (errno == 0) errno = EIO; - option_error("Error reading %s: %m", filename); + option_error("Error reading %s: %m", filename); die(1); } /* @@ -920,8 +995,8 @@ getword(f, word, newlinep, filename) * Warn if the word was too long, and append a terminating null. */ if (len >= MAXWORDLEN) { - option_error("warning: word in file %s too long (%.20s...)", - filename, word); + option_error("warning: word in file %s too long (%.20s...)", + filename, word); len = MAXWORDLEN - 1; } word[len] = 0; @@ -945,8 +1020,8 @@ number_option(str, valp, base) *valp = strtoul(str, &ptr, base); if (ptr == str) { - option_error("invalid numeric parameter '%s' for %s option", - str, current_option); + option_error("invalid numeric parameter '%s' for %s option", + str, current_option); return 0; } return 1; @@ -1035,7 +1110,8 @@ callfile(argv) * setdebug - Set debug (command line argument). */ static int -setdebug() +setdebug(argv) + char **argv; { debug++; return (1); @@ -1051,11 +1127,56 @@ setkdebug(argv) return int_option(*argv, &kdebugflag); } +#ifdef PPP_FILTER +/* + * setpdebug - Set libpcap debugging level. + */ +static int +setpdebug(argv) + char **argv; +{ + return int_option(*argv, &dflag); +} + +/* + * setpassfilter - Set the pass filter for packets + */ +static int +setpassfilter(argv) + char **argv; +{ + pc.linktype = DLT_PPP; + pc.snapshot = PPP_HDRLEN; + + if (pcap_compile(&pc, &pass_filter, *argv, 1, netmask) == 0) + return 1; + option_error("error in pass-filter expression: %s\n", pcap_geterr(&pc)); + return 0; +} + +/* + * setactivefilter - Set the active filter for packets + */ +static int +setactivefilter(argv) + char **argv; +{ + pc.linktype = DLT_PPP; + pc.snapshot = PPP_HDRLEN; + + if (pcap_compile(&pc, &active_filter, *argv, 1, netmask) == 0) + return 1; + option_error("error in active-filter expression: %s\n", pcap_geterr(&pc)); + return 0; +} +#endif + /* * noopt - Disable all options. */ static int -noopt() +noopt(argv) + char **argv; { BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options)); BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options)); @@ -1074,7 +1195,8 @@ noopt() * noaccomp - Disable Address/Control field compression negotiation. */ static int -noaccomp() +noaccomp(argv) + char **argv; { lcp_wantoptions[0].neg_accompression = 0; lcp_allowoptions[0].neg_accompression = 0; @@ -1086,7 +1208,8 @@ noaccomp() * noasyncmap - Disable async map negotiation. */ static int -noasyncmap() +noasyncmap(argv) + char **argv; { lcp_wantoptions[0].neg_asyncmap = 0; lcp_allowoptions[0].neg_asyncmap = 0; @@ -1098,7 +1221,8 @@ noasyncmap() * noip - Disable IP and IPCP. */ static int -noip() +noip(argv) + char **argv; { ipcp_protent.enabled_flag = 0; return (1); @@ -1109,7 +1233,8 @@ noip() * nomagicnumber - Disable magic number negotiation. */ static int -nomagicnumber() +nomagicnumber(argv) + char **argv; { lcp_wantoptions[0].neg_magicnumber = 0; lcp_allowoptions[0].neg_magicnumber = 0; @@ -1121,7 +1246,8 @@ nomagicnumber() * nomru - Disable mru negotiation. */ static int -nomru() +nomru(argv) + char **argv; { lcp_wantoptions[0].neg_mru = 0; lcp_allowoptions[0].neg_mru = 0; @@ -1158,8 +1284,8 @@ setmtu(argv) if (!number_option(*argv, &mtu, 0)) return 0; if (mtu < MINMRU || mtu > MAXMRU) { - option_error("mtu option value of %u is too %s", mtu, - (mtu < MINMRU? "small": "large")); + option_error("mtu option value of %u is too %s", mtu, + (mtu < MINMRU? "small": "large")); return 0; } lcp_allowoptions[0].mru = mtu; @@ -1186,7 +1312,8 @@ setcbcp(argv) * nopcomp - Disable Protocol field compression negotiation. */ static int -nopcomp() +nopcomp(argv) + char **argv; { lcp_wantoptions[0].neg_pcompression = 0; lcp_allowoptions[0].neg_pcompression = 0; @@ -1199,7 +1326,8 @@ nopcomp() * LCP configure-requests). */ static int -setpassive() +setpassive(argv) + char **argv; { lcp_wantoptions[0].passive = 1; return (1); @@ -1211,7 +1339,8 @@ setpassive() * until we get one from the peer). */ static int -setsilent() +setsilent(argv) + char **argv; { lcp_wantoptions[0].silent = 1; return 1; @@ -1222,7 +1351,8 @@ setsilent() * nopap - Disable PAP authentication with peer. */ static int -nopap() +nopap(argv) + char **argv; { refuse_pap = 1; return (1); @@ -1233,14 +1363,14 @@ nopap() * reqpap - Require PAP authentication from peer. */ static int -reqpap() +reqpap(argv) + char **argv; { lcp_wantoptions[0].neg_upap = 1; - setauth(); + setauth(NULL); return 1; } - #if OLD_OPTIONS /* * setupapfile - specifies UPAP info for authenticating with peer. @@ -1285,12 +1415,12 @@ setupapfile(argv) } #endif - /* * nochap - Disable CHAP authentication with peer. */ static int -nochap() +nochap(argv) + char **argv; { refuse_chap = 1; return (1); @@ -1301,10 +1431,11 @@ nochap() * reqchap - Require CHAP authentication from peer. */ static int -reqchap() +reqchap(argv) + char **argv; { lcp_wantoptions[0].neg_chap = 1; - setauth(); + setauth(NULL); return (1); } @@ -1313,7 +1444,8 @@ reqchap() * setnovj - disable vj compression */ static int -setnovj() +setnovj(argv) + char **argv; { ipcp_wantoptions[0].neg_vj = 0; ipcp_allowoptions[0].neg_vj = 0; @@ -1325,7 +1457,8 @@ setnovj() * setnovjccomp - disable VJ connection-ID compression */ static int -setnovjccomp() +setnovjccomp(argv) + char **argv; { ipcp_wantoptions[0].cflag = 0; ipcp_allowoptions[0].cflag = 0; @@ -1345,7 +1478,7 @@ setvjslots(argv) if (!int_option(*argv, &value)) return 0; if (value < 2 || value > 16) { - option_error("vj-max-slots value must be between 2 and 16"); + option_error("vj-max-slots value must be between 2 and 16"); return 0; } ipcp_wantoptions [0].maxslotindex = @@ -1366,7 +1499,7 @@ setconnector(argv) novm("connect script"); connector_info.priv = privileged_option; connector_info.source = option_source; - + return (1); } @@ -1398,7 +1531,7 @@ setwelcomer(argv) novm("welcome script"); welcomer_info.priv = privileged_option; welcomer_info.source = option_source; - + return (1); } @@ -1412,10 +1545,10 @@ setmaxconnect(argv) int value; if (!int_option(*argv, &value)) - return 0; + return 0; if (value < 0) { - option_error("maxconnect time must be positive"); - return 0; + option_error("maxconnect time must be positive"); + return 0; } if (maxconnect > 0 && (value == 0 || value > maxconnect)) { option_error("maxconnect time cannot be increased"); @@ -1479,13 +1612,13 @@ setescape(argv) while (*p) { n = strtol(p, &endp, 16); if (p == endp) { - option_error("escape parameter contains invalid hex number '%s'", - p); + option_error("escape parameter contains invalid hex number '%s'", + p); return 0; } p = endp; - if (n < 0 || 0x20 <= n && n <= 0x3F || n == 0x5E || n > 0xFF) { - option_error("can't escape character 0x%x", n); + if (n < 0 || (0x20 <= n && n <= 0x3F) || n == 0x5E || n > 0xFF) { + option_error("can't escape character 0x%x", n); ret = 0; } else xmit_accm[0][n >> 5] |= 1 << (n & 0x1F); @@ -1520,13 +1653,13 @@ setspeed(arg) static int setdevname(cp, quiet) char *cp; - int quiet; + int quiet; { struct stat statbuf; char dev[MAXPATHLEN]; if (*cp == 0) - return 0; + return 0; if (strncmp("/dev/", cp, 5) != 0) { strcpy(dev, "/dev/"); @@ -1539,14 +1672,14 @@ setdevname(cp, quiet) * Check if there is a device by this name. */ if (stat(cp, &statbuf) < 0) { - if (errno == ENOENT || quiet) + if (errno == ENOENT || quiet) return 0; - option_error("Couldn't stat %s: %m", cp); + option_error("Couldn't stat %s: %m", cp); return -1; } - - (void) strncpy(devnam, cp, MAXPATHLEN); - devnam[MAXPATHLEN-1] = 0; + + (void) strncpy(devnam, cp, MAXPATHLEN - 1); + devnam[MAXPATHLEN - 1] = '\0'; default_device = FALSE; devnam_info.priv = privileged_option; devnam_info.source = option_source; @@ -1581,19 +1714,19 @@ setipaddr(arg) *colon = '\0'; if (inet_aton(arg, &ina) == 0) { if ((hp = gethostbyname(arg)) == NULL) { - option_error("unknown host: %s", arg); + option_error("unknown host: %s", arg); return -1; } else { local = *(u_int32_t *)hp->h_addr; if (our_name[0] == 0) { - strncpy(our_name, arg, MAXNAMELEN); - our_name[MAXNAMELEN-1] = 0; + strncpy(our_name, arg, MAXNAMELEN - 1); + our_name[MAXNAMELEN - 1] = '\0'; } } } else local = ina.s_addr; if (bad_ip_adrs(local)) { - option_error("bad local IP address %s", ip_ntoa(local)); + option_error("bad local IP address %s", ip_ntoa(local)); return -1; } if (local != 0) @@ -1607,19 +1740,19 @@ setipaddr(arg) if (*++colon != '\0') { if (inet_aton(colon, &ina) == 0) { if ((hp = gethostbyname(colon)) == NULL) { - option_error("unknown host: %s", colon); + option_error("unknown host: %s", colon); return -1; } else { remote = *(u_int32_t *)hp->h_addr; if (remote_name[0] == 0) { - strncpy(remote_name, colon, MAXNAMELEN); - remote_name[MAXNAMELEN-1] = 0; + strncpy(remote_name, colon, MAXNAMELEN - 1); + remote_name[MAXNAMELEN - 1] = '\0'; } } } else remote = ina.s_addr; if (bad_ip_adrs(remote)) { - option_error("bad remote IP address %s", ip_ntoa(remote)); + option_error("bad remote IP address %s", ip_ntoa(remote)); return -1; } if (remote != 0) @@ -1634,7 +1767,8 @@ setipaddr(arg) * setnoipdflt - disable setipdefault() */ static int -setnoipdflt() +setnoipdflt(argv) + char **argv; { disable_defaultip = 1; return 1; @@ -1645,7 +1779,8 @@ setnoipdflt() * setipcpaccl - accept peer's idea of our address */ static int -setipcpaccl() +setipcpaccl(argv) + char **argv; { ipcp_wantoptions[0].accept_local = 1; return 1; @@ -1656,7 +1791,8 @@ setipcpaccl() * setipcpaccr - accept peer's idea of its address */ static int -setipcpaccr() +setipcpaccr(argv) + char **argv; { ipcp_wantoptions[0].accept_remote = 1; return 1; @@ -1673,8 +1809,8 @@ setnetmask(argv) struct in_addr ina; if (inet_aton(*argv, &ina) == 0 || (netmask & ~ina.s_addr) != 0) { - option_error("invalid netmask value '%s'", *argv); - return 0; + option_error("invalid netmask value '%s'", *argv); + return (0); } netmask = ina.s_addr; @@ -1682,21 +1818,24 @@ setnetmask(argv) } static int -setcrtscts() +setcrtscts(argv) + char **argv; { crtscts = 1; return (1); } static int -setnocrtscts() +setnocrtscts(argv) + char **argv; { crtscts = -1; return (1); } static int -setxonxoff() +setxonxoff(argv) + char **argv; { lcp_wantoptions[0].asyncmap |= 0x000A0000; /* escape ^S and ^Q */ lcp_wantoptions[0].neg_asyncmap = 1; @@ -1706,14 +1845,16 @@ setxonxoff() } static int -setnodetach() +setnodetach(argv) + char **argv; { nodetach = 1; return (1); } static int -setdemand() +setdemand(argv) + char **argv; { demand = 1; persist = 1; @@ -1721,28 +1862,32 @@ setdemand() } static int -setmodem() +setmodem(argv) + char **argv; { modem = 1; return 1; } static int -setlocal() +setlocal(argv) + char **argv; { modem = 0; return 1; } static int -setlock() +setlock(argv) + char **argv; { lockflag = 1; return 1; } static int -setusehostname() +setusehostname(argv) + char **argv; { usehostname = 1; return 1; @@ -1756,8 +1901,8 @@ setname(argv) option_error("using the name option requires root privilege"); return 0; } - strncpy(our_name, argv[0], MAXNAMELEN); - our_name[MAXNAMELEN-1] = 0; + strncpy(our_name, argv[0], MAXNAMELEN - 1); + our_name[MAXNAMELEN - 1] = '\0'; return 1; } @@ -1765,8 +1910,8 @@ static int setuser(argv) char **argv; { - strncpy(user, argv[0], MAXNAMELEN); - user[MAXNAMELEN-1] = 0; + strncpy(user, argv[0], MAXNAMELEN - 1); + user[MAXNAMELEN - 1] = '\0'; return 1; } @@ -1774,13 +1919,14 @@ static int setremote(argv) char **argv; { - strncpy(remote_name, argv[0], MAXNAMELEN); - remote_name[MAXNAMELEN-1] = 0; + strncpy(remote_name, argv[0], MAXNAMELEN - 1); + remote_name[MAXNAMELEN - 1] = '\0'; return 1; } static int -setauth() +setauth(argv) + char **argv; { auth_required = 1; if (privileged_option > auth_req_info.priv) { @@ -1791,7 +1937,8 @@ setauth() } static int -setnoauth() +setnoauth(argv) + char **argv; { if (auth_required && privileged_option < auth_req_info.priv) { option_error("cannot override auth option set by %s", @@ -1803,10 +1950,11 @@ setnoauth() } static int -setdefaultroute() +setdefaultroute(argv) + char **argv; { if (!ipcp_allowoptions[0].default_route) { - option_error("defaultroute option is disabled"); + option_error("defaultroute option is disabled"); return 0; } ipcp_wantoptions[0].default_route = 1; @@ -1814,7 +1962,8 @@ setdefaultroute() } static int -setnodefaultroute() +setnodefaultroute(argv) + char **argv; { ipcp_allowoptions[0].default_route = 0; ipcp_wantoptions[0].default_route = 0; @@ -1822,10 +1971,11 @@ setnodefaultroute() } static int -setproxyarp() +setproxyarp(argv) + char **argv; { if (!ipcp_allowoptions[0].proxy_arp) { - option_error("proxyarp option is disabled"); + option_error("proxyarp option is disabled"); return 0; } ipcp_wantoptions[0].proxy_arp = 1; @@ -1833,7 +1983,8 @@ setproxyarp() } static int -setnoproxyarp() +setnoproxyarp(argv) + char **argv; { ipcp_wantoptions[0].proxy_arp = 0; ipcp_allowoptions[0].proxy_arp = 0; @@ -1841,21 +1992,24 @@ setnoproxyarp() } static int -setpersist() +setpersist(argv) + char **argv; { persist = 1; return 1; } static int -setnopersist() +setnopersist(argv) + char **argv; { persist = 0; return 1; } static int -setdologin() +setdologin(argv) + char **argv; { uselogin = 1; return 1; @@ -1981,7 +2135,8 @@ setchapintv(argv) } static int -noccp() +noccp(argv) + char **argv; { ccp_protent.enabled_flag = 0; return 1; @@ -2001,13 +2156,13 @@ setbsdcomp(argv) abits = strtol(str, &endp, 0); } if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for bsdcomp option", *argv); + option_error("invalid parameter '%s' for bsdcomp option", *argv); return 0; } - if (rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS) - || abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS)) { - option_error("bsdcomp option values must be 0 or %d .. %d", - BSD_MIN_BITS, BSD_MAX_BITS); + if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS)) + || (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) { + option_error("bsdcomp option values must be 0 or %d .. %d", + BSD_MIN_BITS, BSD_MAX_BITS); return 0; } if (rbits > 0) { @@ -2024,7 +2179,8 @@ setbsdcomp(argv) } static int -setnobsdcomp() +setnobsdcomp(argv) + char **argv; { ccp_wantoptions[0].bsd_compress = 0; ccp_allowoptions[0].bsd_compress = 0; @@ -2045,14 +2201,14 @@ setdeflate(argv) abits = strtol(str, &endp, 0); } if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for deflate option", *argv); + option_error("invalid parameter '%s' for deflate option", *argv); return 0; } - if (rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE) - || abits != 0 && (abits < DEFLATE_MIN_SIZE - || abits > DEFLATE_MAX_SIZE)) { - option_error("deflate option values must be 0 or %d .. %d", - DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE); + if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE)) + || (abits != 0 && (abits < DEFLATE_MIN_SIZE + || abits > DEFLATE_MAX_SIZE))) { + option_error("deflate option values must be 0 or %d .. %d", + DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE); return 0; } if (rbits > 0) { @@ -2069,7 +2225,8 @@ setdeflate(argv) } static int -setnodeflate() +setnodeflate(argv) + char **argv; { ccp_wantoptions[0].deflate = 0; ccp_allowoptions[0].deflate = 0; @@ -2077,7 +2234,8 @@ setnodeflate() } static int -setpred1comp() +setpred1comp(argv) + char **argv; { ccp_wantoptions[0].predictor_1 = 1; ccp_allowoptions[0].predictor_1 = 1; @@ -2085,7 +2243,8 @@ setpred1comp() } static int -setnopred1comp() +setnopred1comp(argv) + char **argv; { ccp_wantoptions[0].predictor_1 = 0; ccp_allowoptions[0].predictor_1 = 0; @@ -2104,7 +2263,8 @@ setipparam(argv) } static int -setpapcrypt() +setpapcrypt(argv) + char **argv; { cryptpap = 1; return 1; @@ -2138,7 +2298,7 @@ setdnsaddr(argv) if ((hp = gethostbyname(*argv)) == NULL) { option_error("invalid address parameter '%s' for ms-dns option", *argv); - return 0; + return (0); } ina.s_addr = *(u_int32_t *)hp->h_addr; } @@ -2152,6 +2312,36 @@ setdnsaddr(argv) return (1); } +/* + * setwinsaddr - set the wins address(es) + * This is primrarly used with the Samba package under UNIX or for pointing + * the caller to the existing WINS server on a Windows NT platform. + */ +static int +setwinsaddr(argv) + char **argv; +{ + struct in_addr ina; + struct hostent *hp; + + if (inet_aton(*argv, &ina) == 0) { + if ((hp = gethostbyname(*argv)) == NULL) { + option_error("invalid address parameter '%s' for ms-wins option", + *argv); + return (0); + } + ina.s_addr = *(u_int32_t *)hp->h_addr; + } + + if (ipcp_allowoptions[0].winsaddr[0] == 0) { + ipcp_allowoptions[0].winsaddr[0] = ina.s_addr; + } else { + ipcp_allowoptions[0].winsaddr[1] = ina.s_addr; + } + + return (1); +} + #ifdef IPX_CHANGE static int setipxrouter (argv) @@ -2179,13 +2369,13 @@ setipxname (argv) while (*src) { ch = *src++; if (! isalnum (ch) && ch != '_') { - option_error("IPX router name must be alphanumeric or _"); + option_error("IPX router name must be alphanumeric or _"); return 0; } if (count >= sizeof (ipxcp_wantoptions[0].name)) { - option_error("IPX router name is limited to %d characters", - sizeof (ipxcp_wantoptions[0].name) - 1); + option_error("IPX router name is limited to %d characters", + sizeof (ipxcp_wantoptions[0].name) - 1); return 0; } @@ -2227,26 +2417,35 @@ static int setipxnetwork(argv) char **argv; { - ipxcp_wantoptions[0].neg_nn = 1; - return int_option(*argv, &ipxcp_wantoptions[0].our_network); + u_int32_t v; + + if (!number_option(*argv, &v, 16)) + return 0; + + ipxcp_wantoptions[0].our_network = (int) v; + ipxcp_wantoptions[0].neg_nn = 1; + return 1; } static int -setipxanet() +setipxanet(argv) + char **argv; { ipxcp_wantoptions[0].accept_network = 1; ipxcp_allowoptions[0].accept_network = 1; } static int -setipxalcl() +setipxalcl(argv) + char **argv; { ipxcp_wantoptions[0].accept_local = 1; ipxcp_allowoptions[0].accept_local = 1; } static int -setipxarmt() +setipxarmt(argv) + char **argv; { ipxcp_wantoptions[0].accept_remote = 1; ipxcp_allowoptions[0].accept_remote = 1; @@ -2301,14 +2500,16 @@ setipxnode(argv) } static int -setipxproto() +setipxproto(argv) + char **argv; { ipxcp_protent.enabled_flag = 1; return 1; } static int -resetipxproto() +resetipxproto(argv) + char **argv; { ipxcp_protent.enabled_flag = 0; return 1; @@ -2316,8 +2517,18 @@ resetipxproto() #else static int -resetipxproto() +resetipxproto(argv) + char **argv; { return 1; } #endif /* IPX_CHANGE */ + +#ifdef MSLANMAN +static int +setmslanman() +{ + ms_lanman = 1; + return (1); +} +#endif diff --git a/usr.sbin/pppd/patchlevel.h b/usr.sbin/pppd/patchlevel.h index dcb8acbf046..b7c40c8be37 100644 --- a/usr.sbin/pppd/patchlevel.h +++ b/usr.sbin/pppd/patchlevel.h @@ -1,7 +1,8 @@ -/* $OpenBSD: patchlevel.h,v 1.4 1996/12/23 13:22:46 mickey Exp $ */ +/* $OpenBSD: patchlevel.h,v 1.5 1997/09/05 04:32:44 millert Exp $ */ +/* Id: patchlevel.h,v 1.29 1997/07/14 03:53:42 paulus Exp */ -#define PATCHLEVEL 0 +#define PATCHLEVEL 1 #define VERSION "2.3" -#define IMPLEMENTATION "beta3" -#define DATE "8 Oct 96" +#define IMPLEMENTATION "" +#define DATE "27 June 97" diff --git a/usr.sbin/pppd/pathnames.h b/usr.sbin/pppd/pathnames.h index 1879ed453b5..2478a489e5f 100644 --- a/usr.sbin/pppd/pathnames.h +++ b/usr.sbin/pppd/pathnames.h @@ -1,7 +1,9 @@ -/* $OpenBSD: pathnames.h,v 1.4 1996/12/23 13:22:46 mickey Exp $ */ +/* $OpenBSD: pathnames.h,v 1.5 1997/09/05 04:32:44 millert Exp $ */ /* * define path names + * + * Id: pathnames.h,v 1.9 1996/08/28 06:41:46 paulus Exp */ #ifdef HAVE_PATHS_H @@ -17,8 +19,8 @@ #define _PATH_SYSOPTIONS "/etc/ppp/options" #define _PATH_IPUP "/etc/ppp/ip-up" #define _PATH_IPDOWN "/etc/ppp/ip-down" -#define _PATH_AUTHUP "/etc/ppp/auth-up" -#define _PATH_AUTHDOWN "/etc/ppp/auth-down" +#define _PATH_AUTHUP "/etc/ppp/auth-up" +#define _PATH_AUTHDOWN "/etc/ppp/auth-down" #define _PATH_TTYOPT "/etc/ppp/options." #define _PATH_CONNERRS "/etc/ppp/connect-errors" #define _PATH_USEROPT ".ppprc" diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h index fd7eaa1975b..5c831402576 100644 --- a/usr.sbin/pppd/pppd.h +++ b/usr.sbin/pppd/pppd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pppd.h,v 1.5 1997/07/25 20:12:17 mickey Exp $ */ +/* $OpenBSD: pppd.h,v 1.6 1997/09/05 04:32:45 millert Exp $ */ /* * pppd.h - PPP daemon global declarations. @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: pppd.h,v 1.19 1997/04/30 05:56:55 paulus Exp */ /* @@ -38,6 +40,7 @@ #else #include <varargs.h> #define __V(x) (va_alist) va_dcl +#define const #endif /* @@ -96,6 +99,7 @@ extern int lcp_echo_interval; /* Interval between LCP echo-requests */ extern int lcp_echo_fails; /* Tolerance to unanswered echo-requests */ extern char our_name[]; /* Our name for authentication purposes */ extern char remote_name[]; /* Peer's name for authentication */ +extern int explicit_remote;/* remote_name specified with remotename opt */ extern int usehostname; /* Use hostname for our_name */ extern int disable_defaultip; /* Don't use hostname for default IP adrs */ extern int demand; /* Do dial-on-demand */ @@ -103,18 +107,26 @@ extern char *ipparam; /* Extra parameter for ip up/down scripts */ extern int cryptpap; /* Others' PAP passwords are encrypted */ extern int idle_time_limit;/* Shut down link if idle for this long */ extern int holdoff; /* Dead time before restarting */ -extern int refuse_pap; /* Don't wanna auth. ourselves with PAP */ -extern int refuse_chap; /* Don't wanna auth. ourselves with CHAP */ +extern int refuse_pap; /* Don't wanna auth. ourselves with PAP */ +extern int refuse_chap; /* Don't wanna auth. ourselves with CHAP */ +#ifdef PPP_FILTER +extern struct bpf_program pass_filter; /* Filter for pkts to pass */ +extern struct bpf_program active_filter; /* Filter for link-active pkts */ +#endif +#ifdef MSLANMAN +extern int ms_lanman; /* Nonzero if use LanMan password instead of NT */ + /* Has meaning only with MS-CHAP challenges */ +#endif /* * Values for phase. */ #define PHASE_DEAD 0 -#define PHASE_INITIALIZE 1 -#define PHASE_DORMANT 2 -#define PHASE_ESTABLISH 3 -#define PHASE_AUTHENTICATE 4 +#define PHASE_INITIALIZE 1 +#define PHASE_DORMANT 2 +#define PHASE_ESTABLISH 3 +#define PHASE_AUTHENTICATE 4 #define PHASE_CALLBACK 5 #define PHASE_NETWORK 6 #define PHASE_TERMINATE 7 @@ -128,13 +140,13 @@ struct protent { u_short protocol; /* PPP protocol number */ /* Initialization procedure */ void (*init) __P((int unit)); - /* Process a received packet */ + /* Process a received packet */ void (*input) __P((int unit, u_char *pkt, int len)); /* Process a received protocol-reject */ void (*protrej) __P((int unit)); /* Lower layer has come up */ void (*lowerup) __P((int unit)); - /* Lower layer has gone down */ + /* Lower layer has gone down */ void (*lowerdown) __P((int unit)); /* Open the protocol */ void (*open) __P((int unit)); @@ -142,8 +154,8 @@ struct protent { void (*close) __P((int unit, char *reason)); /* Print a packet in readable form */ int (*printpkt) __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); + void (*printer) __P((void *, char *, ...)), + void *arg)); /* Process a received data packet */ void (*datainput) __P((int unit, u_char *pkt, int len)); int enabled_flag; /* 0 iff protocol is disabled */ @@ -167,9 +179,9 @@ extern struct protent *protocols[]; void die __P((int)); /* Cleanup and exit */ void quit __P((void)); /* like die(1) */ void novm __P((char *)); /* Say we ran out of memory, and die */ -void timeout __P((void (*func)(), caddr_t arg, int t)); +void timeout __P((void (*func)(caddr_t), caddr_t arg, int t)); /* Call func(arg) after t seconds */ -void untimeout __P((void (*func)(), caddr_t arg)); +void untimeout __P((void (*func)(caddr_t), caddr_t arg)); /* Cancel call to func(arg) */ int run_program __P((char *prog, char **args, int must_exist)); /* Run program prog with args in child */ @@ -177,13 +189,12 @@ void demuxprotrej __P((int, int)); /* Demultiplex a Protocol-Reject */ void format_packet __P((u_char *, int, void (*) (void *, char *, ...), void *)); /* Format a packet in human-readable form */ -void log_packet __P((u_char *, int, char *)); +void log_packet __P((u_char *, int, char *, int)); /* Format a packet and log it with syslog */ void print_string __P((char *, int, void (*) (void *, char *, ...), void *)); /* Format a string for output */ -int fmtmsg __P((char *, int, char *, ...)); /* sprintf++ */ -int vfmtmsg __P((char *, int, char *, va_list)); /* vsprintf++ */ - +int fmtmsg __P((char *, int, char *, ...)); /* sprintf++ */ +int vfmtmsg __P((char *, int, char *, va_list)); /* vsprintf++ */ /* Procedures exported from auth.c */ void link_required __P((int)); /* we are starting to use the link */ @@ -203,8 +214,7 @@ void auth_withpeer_success __P((int, int)); /* we successfully authenticated ourselves */ void auth_check_options __P((void)); /* check authentication options supplied */ -void auth_reset __P((int)); /* check what secrets we have */ - +void auth_reset __P((int)); /* check what secrets we have */ int check_passwd __P((int, char *, int, char *, int, char **, int *)); /* Check peer-supplied username/password */ int get_secret __P((int, char *, char *, char *, int *, int)); @@ -270,9 +280,9 @@ int sifaddr __P((int, u_int32_t, u_int32_t, u_int32_t)); /* Configure IP addresses for i/f */ int cifaddr __P((int, u_int32_t, u_int32_t)); /* Reset i/f IP addresses */ -int sifdefaultroute __P((int, u_int32_t)); +int sifdefaultroute __P((int, u_int32_t, u_int32_t)); /* Create default route through i/f */ -int cifdefaultroute __P((int, u_int32_t)); +int cifdefaultroute __P((int, u_int32_t, u_int32_t)); /* Delete default route through i/f */ int sifproxyarp __P((int, u_int32_t)); /* Add proxy ARP entry for peer */ @@ -282,20 +292,24 @@ u_int32_t GetMask __P((u_int32_t)); /* Get appropriate netmask for address */ int lock __P((char *)); /* Create lock file for device */ void unlock __P((void)); /* Delete previously-created lock file */ int daemon __P((int, int)); /* Detach us from terminal session */ -int logwtmp __P((char *, char *, char *)); +void logwtmp __P((const char *, const char *, const char *)); /* Write entry to wtmp file */ +#ifdef PPP_FILTER +int set_filters __P((struct bpf_program *pass, struct bpf_program *active)); + /* Set filter programs in kernel */ +#endif /* Procedures exported from options.c */ int parse_args __P((int argc, char **argv)); /* Parse options from arguments given */ void usage __P((void)); /* Print a usage message */ int options_from_file __P((char *filename, int must_exist, int check_prot, - int privileged)); + int privileged)); /* Parse options from an options file */ int options_from_user __P((void)); /* Parse options from user's .ppprc */ int options_for_tty __P((void)); /* Parse options from /etc/ppp/options.tty */ void scan_args __P((int argc, char **argv)); - /* Look for tty name in command-line args */ + /* Look for tty name in command-line args */ int getword __P((FILE *f, char *word, int *newlinep, char *filename)); /* Read a word from a file */ void option_error __P((char *fmt, ...)); diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c index 8ec932dcb71..3ded09d9a2a 100644 --- a/usr.sbin/pppd/sys-bsd.c +++ b/usr.sbin/pppd/sys-bsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys-bsd.c,v 1.7 1997/06/27 02:16:23 deraadt Exp $ */ +/* $OpenBSD: sys-bsd.c,v 1.8 1997/09/05 04:32:45 millert Exp $ */ /* * sys-bsd.c - System-dependent procedures for setting up @@ -23,7 +23,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.7 1997/06/27 02:16:23 deraadt Exp $"; +#if 0 +static char rcsid[] = "Id: sys-bsd.c,v 1.28 1997/04/30 05:57:46 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.8 1997/09/05 04:32:45 millert Exp $"; +#endif #endif /* @@ -39,12 +43,17 @@ static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.7 1997/06/27 02:16:23 deraadt Exp #include <fcntl.h> #include <termios.h> #include <signal.h> +#include <util.h> #include <sys/ioctl.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> #include <sys/stat.h> +#include <sys/param.h> +#ifdef PPP_FILTER +#include <net/bpf.h> +#endif #include <net/if.h> #include <net/ppp_defs.h> #include <net/if_ppp.h> @@ -58,6 +67,7 @@ static char rcsid[] = "$OpenBSD: sys-bsd.c,v 1.7 1997/06/27 02:16:23 deraadt Exp #include "pppd.h" #include "fsm.h" +#include "ipcp.h" #ifdef IPX_CHANGE #include <netipx/ipx.h> @@ -102,11 +112,6 @@ static int get_ether_addr __P((u_int32_t, struct sockaddr_dl *)); void sys_init() { - openlog("pppd", LOG_PID | LOG_NDELAY, LOG_PPP); - setlogmask(LOG_UPTO(LOG_INFO)); - if (debug) - setlogmask(LOG_UPTO(LOG_DEBUG)); - /* Get an internet socket for doing socket ioctl's on. */ if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { syslog(LOG_ERR, "Couldn't create IP socket: %m"); @@ -125,7 +130,8 @@ sys_cleanup() struct ifreq ifr; if (if_is_up) { - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; if (ioctl(sockfd, SIOCGIFFLAGS, &ifr) >= 0 && ((ifr.ifr_flags & IFF_UP) != 0)) { ifr.ifr_flags &= ~IFF_UP; @@ -135,7 +141,7 @@ sys_cleanup() if (ifaddrs[0] != 0) cifaddr(0, ifaddrs[0], ifaddrs[1]); if (default_route_gateway) - cifdefaultroute(0, default_route_gateway); + cifdefaultroute(0, 0, default_route_gateway); if (proxy_arp_addr) cifproxyarp(0, proxy_arp_addr); } @@ -151,7 +157,6 @@ sys_close() close(loop_slave); close(loop_master); } - closelog(); } /* @@ -162,7 +167,6 @@ sys_check_options() { } - /* * ppp_available - check whether the system has any ppp interfaces * (in fact we check whether we can do an ioctl on ppp0). @@ -177,7 +181,8 @@ ppp_available() if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) return 1; /* can't tell */ - strncpy(ifr.ifr_name, "ppp0", sizeof (ifr.ifr_name)); + strncpy(ifr.ifr_name, "ppp0", sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0; close(s); @@ -328,8 +333,9 @@ sipxfaddr(unit, network, node) syslog (LOG_DEBUG, "socket(AF_IPX): %m(%d)", errno); result = 0; } else { - bzero (&ifr, sizeof (ifr)); + bzero (&ifr, sizeof(ifr)); strncpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; sipx->sipx_len = sizeof(*sipx); sipx->sipx_family = AF_IPX; @@ -379,8 +385,9 @@ cipxfaddr(unit) syslog (LOG_DEBUG, "socket(AF_IPX): %m(%d)", errno); result = 0; } else { - bzero (&ifr, sizeof (ifr)); - strncpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); + bzero (&ifr, sizeof(ifr)); + strncpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; sipx->sipx_len = sizeof(*sipx); sipx->sipx_family = AF_IPX; @@ -637,7 +644,7 @@ output(unit, p, len) int len; { if (debug) - log_packet(p, len, "sent "); + log_packet(p, len, "sent ", LOG_DEBUG); if (write(ttyfd, p, len) < 0) { if (errno != EIO) @@ -768,7 +775,8 @@ ppp_send_config(unit, mtu, asyncmap, pcomp, accomp) u_int x; struct ifreq ifr; - strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; ifr.ifr_mtu = mtu; if (ioctl(sockfd, SIOCSIFMTU, (caddr_t) &ifr) < 0) { syslog(LOG_ERR, "ioctl(SIOCSIFMTU): %m"); @@ -907,6 +915,32 @@ get_idle_time(u, ip) } +#ifdef PPP_FILTER +/* + * set_filters - transfer the pass and active filters to the kernel. + */ +int +set_filters(pass, active) + struct bpf_program *pass, *active; +{ + int ret = 1; + + if (pass->bf_len > 0) { + if (ioctl(ppp_fd, PPPIOCSPASS, pass) < 0) { + syslog(LOG_ERR, "Couldn't set pass-filter in kernel: %m"); + ret = 0; + } + } + if (active->bf_len > 0) { + if (ioctl(ppp_fd, PPPIOCSACTIVE, active) < 0) { + syslog(LOG_ERR, "Couldn't set active-filter in kernel: %m"); + ret = 0; + } + } + return ret; +} +#endif + /* * sifvjcomp - config tcp header compression */ @@ -942,7 +976,8 @@ sifup(u) { struct ifreq ifr; - strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; if (ioctl(sockfd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { syslog(LOG_ERR, "ioctl (SIOCGIFFLAGS): %m"); return 0; @@ -993,7 +1028,8 @@ sifdown(u) ioctl(ppp_fd, PPPIOCSNPMODE, (caddr_t) &npi); /* ignore errors, because ppp_fd might have been closed by now. */ - strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); + ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; if (ioctl(sockfd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { syslog(LOG_ERR, "ioctl (SIOCGIFFLAGS): %m"); rv = 0; @@ -1027,7 +1063,8 @@ sifaddr(u, o, h, m) { struct ifaliasreq ifra; - strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name)); + strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name) - 1); + ifra.ifra_name[sizeof(ifra.ifra_name) - 1] = '\0'; SET_SA_FAMILY(ifra.ifra_addr, AF_INET); ((struct sockaddr_in *) &ifra.ifra_addr)->sin_addr.s_addr = o; SET_SA_FAMILY(ifra.ifra_broadaddr, AF_INET); @@ -1043,7 +1080,8 @@ sifaddr(u, o, h, m) return 0; } syslog(LOG_WARNING, - "Couldn't set interface address: Address already exists"); + "Couldn't set interface address: Address %s already exists", + ip_ntoa(o)); } ifaddrs[0] = o; ifaddrs[1] = h; @@ -1062,7 +1100,8 @@ cifaddr(u, o, h) struct ifaliasreq ifra; ifaddrs[0] = 0; - strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name)); + strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name) - 1); + ifra.ifra_name[sizeof(ifra.ifra_name) - 1] = '\0'; SET_SA_FAMILY(ifra.ifra_addr, AF_INET); ((struct sockaddr_in *) &ifra.ifra_addr)->sin_addr.s_addr = o; SET_SA_FAMILY(ifra.ifra_broadaddr, AF_INET); @@ -1080,9 +1119,9 @@ cifaddr(u, o, h) * sifdefaultroute - assign a default route through the address given. */ int -sifdefaultroute(u, g) +sifdefaultroute(u, l, g) int u; - u_int32_t g; + u_int32_t l, g; { return dodefaultroute(g, 's'); } @@ -1091,9 +1130,9 @@ sifdefaultroute(u, g) * cifdefaultroute - delete a default route through the address given. */ int -cifdefaultroute(u, g) +cifdefaultroute(u, l, g) int u; - u_int32_t g; + u_int32_t l, g; { return dodefaultroute(g, 'c'); } @@ -1340,7 +1379,8 @@ get_ether_addr(ipaddr, hwaddr) ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) { if (ifr->ifr_addr.sa_family == AF_INET) { ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr; - strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); + strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name) - 1); + ifreq.ifr_name[sizeof(ifreq.ifr_name) - 1] = '\0'; /* * Check that the interface is up, and not point-to-point * or loopback. @@ -1439,7 +1479,8 @@ GetMask(addr) /* * Check that the interface is up, and not point-to-point or loopback. */ - strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name)); + strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name) - 1); + ifreq.ifr_name[sizeof(ifreq.ifr_name) - 1] = '\0'; if (ioctl(sockfd, SIOCGIFFLAGS, &ifreq) < 0) continue; if ((ifreq.ifr_flags & (IFF_UP|IFF_POINTOPOINT|IFF_LOOPBACK)) diff --git a/usr.sbin/pppd/upap.c b/usr.sbin/pppd/upap.c index e5ffcbb2212..2e1b57b2d4b 100644 --- a/usr.sbin/pppd/upap.c +++ b/usr.sbin/pppd/upap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: upap.c,v 1.4 1996/12/23 13:22:49 mickey Exp $ */ +/* $OpenBSD: upap.c,v 1.5 1997/09/05 04:32:46 millert Exp $ */ /* * upap.c - User/Password Authentication Protocol. @@ -20,7 +20,11 @@ */ #ifndef lint -static char rcsid[] = "$OpenBSD: upap.c,v 1.4 1996/12/23 13:22:49 mickey Exp $"; +#if 0 +static char rcsid[] = "Id: upap.c,v 1.11 1997/04/30 05:59:56 paulus Exp"; +#else +static char rcsid[] = "$OpenBSD: upap.c,v 1.5 1997/09/05 04:32:46 millert Exp $"; +#endif #endif /* @@ -45,7 +49,7 @@ static void upap_lowerdown __P((int)); static void upap_input __P((int, u_char *, int)); static void upap_protrej __P((int)); static int upap_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); + void (*) __P((void *, char *, ...)), void *)); struct protent pap_protent = { PPP_PAP, @@ -63,7 +67,6 @@ struct protent pap_protent = { NULL, NULL, NULL - }; upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ @@ -385,13 +388,13 @@ upap_rauthreq(u, inp, id, len) */ retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen); - BZERO(rpasswd, rpasswdlen); + upap_sresp(u, retcode, id, msg, msglen); if (retcode == UPAP_AUTHACK) { u->us_serverstate = UPAPSS_OPEN; - auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen); + auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen); } else { u->us_serverstate = UPAPSS_BADAUTH; auth_peer_fail(u->us_unit, PPP_PAP); diff --git a/usr.sbin/pppd/upap.h b/usr.sbin/pppd/upap.h index d38b74bf145..f95a93a8ddb 100644 --- a/usr.sbin/pppd/upap.h +++ b/usr.sbin/pppd/upap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: upap.h,v 1.3 1996/07/20 12:02:15 joshd Exp $ */ +/* $OpenBSD: upap.h,v 1.4 1997/09/05 04:32:46 millert Exp $ */ /* * upap.h - User/Password Authentication Protocol definitions. @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * Id: upap.h,v 1.6 1996/07/01 01:21:45 paulus Exp */ /* @@ -79,7 +81,6 @@ typedef struct upap_state { #define UPAP_DEFTIMEOUT 3 /* Timeout (seconds) for retransmitting req */ #define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */ - extern upap_state upap[]; void upap_authwithpeer __P((int, char *, char *)); |