From a807f14a489dbde079bbf3334b1fc6935ef23a3f Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Wed, 17 May 2006 03:29:56 +0000 Subject: implement support for sppp(4) in ifconfig. have a look at the updated manual pages pppoe(4) and sppp(4) for examples. the spppcontrol(8) utility is not required anymore and will probably be removed in the near future. ok deraadt@ --- sbin/ifconfig/ifconfig.8 | 91 +++++++++++++++++++- sbin/ifconfig/ifconfig.c | 215 ++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 300 insertions(+), 6 deletions(-) (limited to 'sbin/ifconfig') diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 71577371e3a..943d5cd1f3f 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.119 2006/04/12 14:15:03 aanriot Exp $ +.\" $OpenBSD: ifconfig.8,v 1.120 2006/05/17 03:29:55 reyk Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -87,6 +87,36 @@ .Cm pppoeac .Ar access-concentrator .Oc +.Nm +.Ar sppp-interface +.Oo +.Cm authproto +.Ar proto +.Oc +.Oo +.Cm authname +.Ar name +.Oc +.Oo +.Cm authkey +.Ar key +.Oc +.Oo +.Cm peerproto +.Ar proto +.Oc +.Oo +.Cm peername +.Ar name +.Oc +.Oo +.Cm peerkey +.Ar key +.Oc +.Oo +.Oo Fl Oc Ns Cm peerflag +.Ar flag +.Oc .Nm ifconfig .Ar trunk-interface .Oo @@ -314,6 +344,23 @@ Internet addresses and Ethernet addresses. .It Fl arp Disable the use of ARP. +.It Cm authproto Ar proto +(PPP devices only) +Set the PPP authentication protocol on the specified +.Xr sppp 4 +interface acting as a client. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.It Cm authname +(PPP devices only) +Set the client name for the PPP authentication protocol. +.It Cm authkey +(PPP devices only) +Set the client key or password for the PPP authentication protocol. .It Cm broadcast Ar addr (inet only) Specify the address to use to represent broadcasts to the @@ -598,6 +645,45 @@ If the driver is a pseudo-device, set the authentication key to .Ar passphrase . There is no passphrase by default. +.It Cm peerflag Ar flag +(PPP devices only) +Set a specified PPP flag for the remote authenticator. +The flag name can be either +.Ql callin +or +.Ql norechallenge . +The +.Ql callin +flag will require the remote peer to authenticate only when he's +calling in, but not when the peer is called by the local client. +This is required for some peers that do not implement the +authentication protocols symmetrically. +The +.Ql norechallenge +flag is only meaningful with the CHAP protocol to not re-challenge +once the the initial CHAP handshake was successful. +This is used to work around broken peer implementations that can't +grok being re-challenged once the connection is up. +.It Fl peerflag Ar flag +(PPP devices only) +Remove a specified PPP flag for the remote authenticator. +.It Cm peerproto Ar proto +(PPP devices only) +Set the PPP authentication protocol on the specified +.Xr sppp 4 +interface acting as an authenticator. +The protocol name can be either +.Ql chap , +.Ql pap , +or +.Ql none . +In the latter case, authentication will be turned off. +.It Cm peername +(PPP devices only) +Set the authenticator name for the PPP authentication protocol. +.It Cm peerkey +(PPP devices only) +Set the authenticator key or password for the PPP authentication protocol. .It Cm phase Ar n The argument .Ar n @@ -678,7 +764,7 @@ traffic can be protected using .Xr ipsec 4 . .It Fl syncpeer If the driver is a -.Xr pfsync 4 +.Xr pfsync 4;5A pseudo-device, broadcast the packets using multicast. .It Cm tentative (inet6 only) @@ -878,6 +964,7 @@ tried to alter an interface's configuration. .Xr ppp 4 , .Xr pppoe 4 , .Xr sl 4 , +.Xr sppp 4 , .Xr trunk 4 , .Xr tun 4 , .Xr vlan 4 , diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index a33454c2e31..634af6f08a7 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.159 2006/03/23 14:20:09 mcbride Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.160 2006/05/17 03:29:55 reyk Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -88,6 +88,8 @@ #include #include #include +#include +#include #include @@ -207,6 +209,17 @@ void setpppoe_dev(const char *,int); void setpppoe_svc(const char *,int); void setpppoe_ac(const char *,int); void pppoe_status(void); +void setspppproto(const char *, int); +void setspppname(const char *, int); +void setspppkey(const char *, int); +void setsppppeerproto(const char *, int); +void setsppppeername(const char *, int); +void setsppppeerkey(const char *, int); +void setsppppeerflag(const char *, int); +void unsetsppppeerflag(const char *, int); +void spppinfo(struct spppreq *); +void sppp_status(void); +void sppp_printproto(const char *, struct sauth *); void settrunkport(const char *, int); void unsettrunkport(const char *, int); void settrunkproto(const char *, int); @@ -328,6 +341,14 @@ const struct cmd { { "trunkport", NEXTARG, 0, settrunkport }, { "-trunkport", NEXTARG, 0, unsettrunkport }, { "trunkproto", NEXTARG, 0, settrunkproto }, + { "authproto", NEXTARG, 0, setspppproto }, + { "authname", NEXTARG, 0, setspppname }, + { "authkey", NEXTARG, 0, setspppkey }, + { "peerproto", NEXTARG, 0, setsppppeerproto }, + { "peername", NEXTARG, 0, setsppppeername }, + { "peerkey", NEXTARG, 0, setsppppeerkey }, + { "peerflag", NEXTARG, 0, setsppppeerflag }, + { "-peerflag", NEXTARG, 0, unsetsppppeerflag }, #endif /* SMALL */ #if 0 /* XXX `create' special-cased below */ @@ -2159,6 +2180,7 @@ status(int link, struct sockaddr_dl *sdl) pfsync_status(); pppoe_status(); timeslot_status(); + sppp_status(); trunk_status(); #endif getifgroups(); @@ -3268,6 +3290,188 @@ setpppoe_ac(const char *val, int d) err(1, "PPPOESETPARMS"); } +void +spppinfo(struct spppreq *spr) +{ + bzero(spr, sizeof(struct spppreq)); + + ifr.ifr_data = (caddr_t)spr; + spr->cmd = (int)SPPPIOGDEFS; + if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1) + err(1, "SIOCGIFGENERIC(SPPPIOGDEFS)"); +} + +void +setspppproto(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (strcmp(val, "pap") == 0) + auth->proto = PPP_PAP; + else if (strcmp(val, "chap") == 0) + auth->proto = PPP_CHAP; + else if (strcmp(val, "none") == 0) + auth->proto = 0; + else + errx(1, "setpppproto"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeerproto(const char *val, int d) +{ + setspppproto(val, 1); +} + +void +setspppname(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strlcpy((char *)auth->name, val, AUTHNAMELEN) >= AUTHNAMELEN) + errx(1, "setspppname"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeername(const char *val, int d) +{ + setspppname(val, 1); +} + +void +setspppkey(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + + spppinfo(&spr); + auth = d == 0 ? &spr.defs.myauth : &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strlcpy((char *)auth->secret, val, AUTHKEYLEN) >= AUTHKEYLEN) + errx(1, "setspppname"); + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +setsppppeerkey(const char *val, int d) +{ + setspppkey(val, 1); +} + +void +setsppppeerflag(const char *val, int d) +{ + struct spppreq spr; + struct sauth *auth; + int flag; + + spppinfo(&spr); + auth = &spr.defs.hisauth; + if (auth->proto == 0) + errx(1, "unspecified protocol"); + if (strcmp(val, "callin") == 0) + flag = AUTHFLAG_NOCALLOUT; + else if (strcmp(val, "norechallenge") == 0) + flag = AUTHFLAG_NORECHALLENGE; + else + errx(1, "setppppeerflags"); + + if (d) + auth->flags &= ~flag; + else + auth->flags |= flag; + + spr.cmd = (int)SPPPIOSDEFS; + if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1) + err(1, "SIOCSIFGENERIC(SPPPIOSDEFS)"); +} + +void +unsetsppppeerflag(const char *val, int d) +{ + setsppppeerflag(val, 1); +} + +void +sppp_printproto(const char *name, struct sauth *auth) +{ + if (auth->proto == 0) + return; + printf("%sproto ", name); + switch (auth->proto) { + case PPP_PAP: + printf("pap "); + break; + case PPP_CHAP: + printf("chap "); + break; + default: + printf("0x%04x ", auth->proto); + break; + } + printf("%sname \"%.*s\" ", name, AUTHNAMELEN, auth->name); +} + +void +sppp_status(void) +{ + struct spppreq spr; + + bzero(&spr, sizeof(spr)); + + ifr.ifr_data = (caddr_t)&spr; + spr.cmd = (int)SPPPIOGDEFS; + if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1) + return; + if (spr.defs.pp_phase == PHASE_DEAD) + return; + printf("\tsppp: phase "); + switch (spr.defs.pp_phase) { + case PHASE_ESTABLISH: + printf("establish "); + break; + case PHASE_TERMINATE: + printf("terminate "); + break; + case PHASE_AUTHENTICATE: + printf("authenticate "); + break; + case PHASE_NETWORK: + printf("network "); + break; + default: + printf("illegal "); + break; + } + + sppp_printproto("auth", &spr.defs.myauth); + sppp_printproto("peer", &spr.defs.hisauth); + if (spr.defs.hisauth.flags & AUTHFLAG_NOCALLOUT) + printf("callin "); + if (spr.defs.hisauth.flags & AUTHFLAG_NORECHALLENGE) + printf("norechallenge "); + putchar('\n'); +} + void settrunkport(const char *val, int d) { @@ -3332,7 +3536,7 @@ trunk_status(void) strlcpy(rp.rp_ifname, name, sizeof(rp.rp_ifname)); strlcpy(rp.rp_portname, name, sizeof(rp.rp_portname)); - + if (ioctl(s, SIOCGTRUNKPORT, &rp) == 0) isport = 1; @@ -3580,7 +3784,8 @@ void usage(int value) { fprintf(stderr, - "usage: ifconfig [interface] [address_family] [address [dest_address]]\n" + "usage: ifconfig " + "[interface] [address_family] [address [dest_address]]\n" "\t[[-]alias] [[-]arp] [broadcast addr]\n" "\t[[-]debug] [delete] [up] [down] [ipdst addr]\n" "\t[tunnel src_address dest_address] [deletetunnel]\n" @@ -3602,7 +3807,9 @@ usage(int value) "\t[phase n] [range netrange] [timeslot timeslot_range]\n" "\t[802.2] [802.2tr] [802.3] [snap] [EtherII]\n" "\t[pppoeac access-concentrator] [-pppoeac]\n" - "\t[pppoesvc service] [-pppoesvc]\n" + "\t[pppoesvc service] [-pppoesvc] [authproto proto]\n" + "\t[authname name] [authkey key] [peerproto proto]\n" + "\t[peername name] [peerkey key] [[-]peerflag flag]\n" " ifconfig [-AaCMm] [interface] [address_family]\n" " ifconfig interface create\n" " ifconfig interface destroy\n"); -- cgit v1.2.3