diff options
| author | peter <peter@FreeBSD.org> | 1998-06-20 18:02:16 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1998-06-20 18:02:16 +0000 |
| commit | 5cb66c6885ce2fb21048949b4aa0af165ec63e16 (patch) | |
| tree | e335188d886ace2e1696ed1573aaf22490a6097c | |
| parent | a63a049b7c08070a2a25b3dd460c29d65dfe6d19 (diff) | |
| download | FreeBSD-src-5cb66c6885ce2fb21048949b4aa0af165ec63e16.zip FreeBSD-src-5cb66c6885ce2fb21048949b4aa0af165ec63e16.tar.gz | |
Merge ppp 2.3.3 -> 2.3.5 changes onto mainline.
| -rw-r--r-- | usr.sbin/pppd/auth.c | 185 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.c | 261 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.h | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap_ms.c | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.c | 14 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipxcp.c | 23 | ||||
| -rw-r--r-- | usr.sbin/pppd/magic.c | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/main.c | 181 | ||||
| -rw-r--r-- | usr.sbin/pppd/options.c | 44 | ||||
| -rw-r--r-- | usr.sbin/pppd/patchlevel.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.8 | 87 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.h | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/sys-bsd.c | 14 |
14 files changed, 488 insertions, 355 deletions
diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index 70b9ac2..880a65d 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.21 1997/12/13 05:27:29 jdp Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.22 1998/03/22 05:32:43 peter Exp $"; #endif #include <stdio.h> @@ -60,14 +60,10 @@ static char rcsid[] = "$Id: auth.c,v 1.21 1997/12/13 05:27:29 jdp Exp $"; #ifdef USE_PAM #include <security/pam_appl.h> -#include <security/pam_modules.h> #endif #ifdef HAS_SHADOW #include <shadow.h> -#ifndef SVR4 -#include <shadow/pwauth.h> -#endif #ifndef PW_PPP #define PW_PPP PW_LOGIN #endif @@ -375,6 +371,8 @@ auth_peer_success(unit, protocol, name, namelen) */ auth_set_ip_addr(unit); + script_setenv("PEERNAME", peer_authname); + /* * If there is no more authentication still to be done, * proceed to the network (or callback) phase. @@ -460,6 +458,12 @@ np_up(unit, proto) */ if (maxconnect > 0) TIMEOUT(connect_time_expired, 0, maxconnect); + + /* + * Detach now, if the updetach option was given. + */ + if (nodetach == -1) + detach(); } ++num_np_up; } @@ -610,7 +614,6 @@ auth_reset(unit) if (!have_chap_secret(remote_name, our_name, remote)) go->neg_chap = 0; } - } @@ -754,15 +757,65 @@ checkfile(fname, name) } /* - * This function is needed for PAM. However, it should not be called. - * If it is, return the error code. + * This function is needed for PAM. */ #ifdef USE_PAM -static int pam_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) +static char *PAM_username = ""; +static char *PAM_password = ""; + +#ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) +#else +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) +#endif + +static int pam_conv (int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) { - return PAM_CONV_ERR; + int count = 0, replies = 0; + struct pam_response *reply = NULL; + int size = 0; + + for (count = 0; count < num_msg; count++) + { + size += sizeof (struct pam_response); + reply = realloc (reply, size); /* ANSI: is malloc() if reply==NULL */ + if (!reply) + return PAM_CONV_ERR; + + switch (msg[count]->msg_style) + { + case PAM_PROMPT_ECHO_ON: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_username); /* never NULL */ + break; + + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_password); /* never NULL */ + break; + + case PAM_TEXT_INFO: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = NULL; + break; + + case PAM_ERROR_MSG: + default: + free (reply); + return PAM_CONV_ERR; + } + } + + if (resp) + *resp = reply; + else + free (reply); + + return PAM_SUCCESS; } #endif @@ -785,14 +838,12 @@ plogin(user, passwd, msg, msglen) char **msg; int *msglen; { - char *tty; #ifdef USE_PAM + struct pam_conv pam_conversation; pam_handle_t *pamh; int pam_error; - char *pass; - char *dev; /* * Fill the pam_conversion structure */ @@ -800,23 +851,33 @@ plogin(user, passwd, msg, msglen) pam_conversation.conv = &pam_conv; pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error != PAM_SUCCESS) { - *msg = (char *) pam_strerror (pam_error); + *msg = MY_PAM_STRERROR (pam_error); return UPAP_AUTHNAK; } /* * Define the fields for the credintial validation */ - (void) pam_set_item (pamh, PAM_AUTHTOK, passwd); - (void) pam_set_item (pamh, PAM_TTY, devnam); + (void) pam_set_item (pamh, PAM_TTY, devnam); + PAM_username = user; + PAM_password = passwd; /* * Validate the user */ pam_error = pam_authenticate (pamh, PAM_SILENT); - if (pam_error == PAM_SUCCESS) + if (pam_error == PAM_SUCCESS) { pam_error = pam_acct_mgmt (pamh, PAM_SILENT); - *msg = (char *) pam_strerror (pam_error); + /* start a session for this user. Session closed when link ends. */ + if (pam_error == PAM_SUCCESS) + (void) pam_open_session (pamh, PAM_SILENT); + } + + *msg = MY_PAM_STRERROR (pam_error); + + PAM_username = + PAM_password = ""; /* * Clean up the mess */ @@ -832,15 +893,15 @@ plogin(user, passwd, msg, msglen) struct passwd *pw; struct utmp utmp; struct timeval tp; - char *epasswd; + char *tty; #ifdef HAS_SHADOW struct spwd *spwd; struct spwd *getspnam(); - extern int isexpired (struct passwd *, struct spwd *); /* in libshadow.a */ #endif pw = getpwnam(user); + endpwent(); if (pw == NULL) { return (UPAP_AUTHNAK); } @@ -867,8 +928,13 @@ plogin(user, passwd, msg, msglen) endspent(); if (spwd) { /* check the age of the password entry */ - if (isexpired(pw, spwd)) { - syslog(LOG_WARNING,"Expired password for %s",user); + long now = time(NULL) / 86400L; + + if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) + || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) + && spwd->sp_lstchg >= 0 + && now >= spwd->sp_lstchg + spwd->sp_max)) { + syslog(LOG_WARNING, "Password for %s has expired", user); return (UPAP_AUTHNAK); } pw->pw_passwd = spwd->sp_pwdp; @@ -878,32 +944,23 @@ plogin(user, passwd, msg, msglen) /* * If no passwd, don't let them login. */ - if (pw->pw_passwd[0] != '\0') { - -#ifdef HAS_SHADOW - if ((pw->pw_passwd && pw->pw_passwd[0] == '@' - && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_PPP, NULL)) - || !valid (passwd, pw)) { - return (UPAP_AUTHNAK); - } -#else - epasswd = crypt(passwd, pw->pw_passwd); - if (strcmp(epasswd, pw->pw_passwd)) { - return (UPAP_AUTHNAK); - } -#endif + if (pw->pw_passwd == NULL || *pw->pw_passwd == '\0' + || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) + return (UPAP_AUTHNAK); - if (pw->pw_expire) { - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (tp.tv_sec >= pw->pw_expire) { - syslog(LOG_INFO, "pap user %s account expired", user); - return (UPAP_AUTHNAK); - } + if (pw->pw_expire) { + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (tp.tv_sec >= pw->pw_expire) { + syslog(LOG_INFO, "pap user %s account expired", user); + return (UPAP_AUTHNAK); } - } /* if password */ -#endif /* #ifdef USE_PAM */ + } - syslog(LOG_INFO, "user %s logged in", user); + /* These functions are not enabled for PAM. The reason for this is that */ + /* there is not necessarily a "passwd" entry for this user. That is */ + /* real purpose of 'PAM' -- to virtualize the account data from the */ + /* application. If you want to do the same thing, write the entry in */ + /* the 'session' hook. */ /* Log in wtmp and utmp using login() */ @@ -914,7 +971,7 @@ plogin(user, passwd, msg, msglen) if (logout(tty)) /* Already entered (by login?) */ logwtmp(tty, "", ""); -#ifdef _PATH_LASTLOG +#if defined(_PATH_LASTLOG) { struct lastlog ll; int fd; @@ -929,7 +986,6 @@ plogin(user, passwd, msg, msglen) } } #endif - logged_in = TRUE; memset((void *)&utmp, 0, sizeof(utmp)); (void)time(&utmp.ut_time); @@ -938,6 +994,11 @@ plogin(user, passwd, msg, msglen) (void)strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line)); login(&utmp); /* This logs us in wtmp too */ +#endif /* #ifdef USE_PAM */ + + syslog(LOG_INFO, "user %s logged in", user); + logged_in = TRUE; + return (UPAP_AUTHACK); } @@ -947,15 +1008,36 @@ plogin(user, passwd, msg, msglen) static void plogout() { +#ifdef USE_PAM + struct pam_conv pam_conversation; + pam_handle_t *pamh; + int pam_error; +/* + * Fill the pam_conversion structure. The PAM specification states that the + * session must be able to be closed by a totally different handle from which + * it was created. Hold the PAM group to their own specification! + */ + memset (&pam_conversation, '\0', sizeof (struct pam_conv)); + pam_conversation.conv = &pam_conv; + + pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error == PAM_SUCCESS) { + (void) pam_set_item (pamh, PAM_TTY, devnam); + (void) pam_close_session (pamh, PAM_SILENT); + (void) pam_end (pamh, PAM_SUCCESS); + } + +#else char *tty; tty = devnam; if (strncmp(tty, "/dev/", 5) == 0) tty += 5; logwtmp(tty, "", ""); /* Wipe out wtmp logout entry */ - logged_in = FALSE; - logout(tty); /* Wipe out utmp */ +#endif + + logged_in = FALSE; } @@ -1172,8 +1254,7 @@ set_allowed_addrs(unit, addrs) u_int32_t a; struct hostent *hp; - if (wo->hisaddr == 0 && *p != '!' && *p != '-' - && strchr(p, '/') == NULL) { + if (*p != '!' && *p != '-' && strchr(p, '/') == NULL) { hp = gethostbyname(p); if (hp != NULL && hp->h_addrtype == AF_INET) a = *(u_int32_t *)hp->h_addr; diff --git a/usr.sbin/pppd/ccp.c b/usr.sbin/pppd/ccp.c index 08e5ddf..2f4f05f 100644 --- a/usr.sbin/pppd/ccp.c +++ b/usr.sbin/pppd/ccp.c @@ -26,19 +26,18 @@ */ #ifndef lint -static char rcsid[] = "$Id: ccp.c,v 1.7 1997/08/19 17:52:33 peter Exp $"; +static char rcsid[] = "$Id: ccp.c,v 1.8 1998/03/22 06:57:18 peter Exp $"; #endif #include <string.h> #include <syslog.h> #include <sys/ioctl.h> #include <sys/types.h> -#include <net/ppp_defs.h> -#include <net/ppp_comp.h> #include "pppd.h" #include "fsm.h" #include "ccp.h" +#include <net/ppp_comp.h> /* * Protocol entry points from main code. @@ -116,14 +115,8 @@ static fsm_callbacks ccp_callbacks = { /* * Do we want / did we get any compression? */ -#ifdef CI_BADDEFLATE -#define ANY_COMPRESS(opt) ((opt).deflate || (opt).baddeflate \ - || (opt).bsd_compress \ - || (opt).predictor_1 || (opt).predictor_2) -#else #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \ || (opt).predictor_1 || (opt).predictor_2) -#endif /* * Local state (mainly for handling reset-reqs and reset-acks). @@ -157,15 +150,12 @@ ccp_init(unit) ccp_wantoptions[0].deflate = 1; ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE; + ccp_wantoptions[0].deflate_correct = 1; + ccp_wantoptions[0].deflate_draft = 1; ccp_allowoptions[0].deflate = 1; ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE; - -#ifdef CI_BADDEFLATE - ccp_wantoptions[0].baddeflate = 1; - ccp_wantoptions[0].baddeflate_size = DEFLATE_MAX_SIZE; - ccp_allowoptions[0].baddeflate = 1; - ccp_allowoptions[0].baddeflate_size = DEFLATE_MAX_SIZE; -#endif + ccp_allowoptions[0].deflate_correct = 1; + ccp_allowoptions[0].deflate_draft = 1; ccp_wantoptions[0].bsd_compress = 1; ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS; @@ -328,23 +318,25 @@ ccp_resetci(f) go->bsd_compress = 0; } if (go->deflate) { - opt_buf[0] = CI_DEFLATE; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + if (go->deflate_correct) { + opt_buf[0] = CI_DEFLATE; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_correct = 0; + } + if (go->deflate_draft) { + opt_buf[0] = CI_DEFLATE_DRAFT; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_draft = 0; + } + if (!go->deflate_correct && !go->deflate_draft) go->deflate = 0; } -#ifdef CI_BADDEFLATE - if (go->baddeflate) { - opt_buf[0] = CI_BADDEFLATE; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) - go->baddeflate = 0; - } -#endif if (go->predictor_1) { opt_buf[0] = CI_PREDICTOR_1; opt_buf[1] = CILEN_PREDICTOR_1; @@ -370,9 +362,6 @@ ccp_cilen(f) return (go->bsd_compress? CILEN_BSD_COMPRESS: 0) + (go->deflate? CILEN_DEFLATE: 0) -#ifdef CI_BADDEFLATE - + (go->baddeflate? CILEN_DEFLATE: 0) -#endif + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0); } @@ -396,7 +385,7 @@ ccp_addci(f, p, lenp) * in case it gets Acked. */ if (go->deflate) { - p[0] = CI_DEFLATE; + p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; @@ -413,32 +402,14 @@ ccp_addci(f, p, lenp) --go->deflate_size; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } - } -#ifdef CI_BADDEFLATE - if (go->baddeflate) { - p[0] = CI_BADDEFLATE; - p[1] = CILEN_DEFLATE; - p[2] = DEFLATE_MAKE_OPT(go->baddeflate_size); - p[3] = DEFLATE_CHK_SEQUENCE; - if (p != p0) { - p += CILEN_DEFLATE; /* not the first option */ - } else { - for (;;) { - res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); - if (res > 0) { - p += CILEN_DEFLATE; - break; - } - if (res < 0 || go->baddeflate_size <= DEFLATE_MIN_SIZE) { - go->baddeflate = 0; - break; - } - --go->baddeflate_size; - p[2] = DEFLATE_MAKE_OPT(go->baddeflate_size); - } + if (p != p0 && go->deflate_correct && go->deflate_draft) { + p[0] = CI_DEFLATE_DRAFT; + p[1] = CILEN_DEFLATE; + p[2] = p[2 - CILEN_DEFLATE]; + p[3] = DEFLATE_CHK_SEQUENCE; + p += CILEN_DEFLATE; } } -#endif if (go->bsd_compress) { p[0] = CI_BSD_COMPRESS; p[1] = CILEN_BSD_COMPRESS; @@ -501,7 +472,8 @@ ccp_ackci(f, p, len) if (go->deflate) { if (len < CILEN_DEFLATE - || p[0] != CI_DEFLATE || p[1] != CILEN_DEFLATE + || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + || p[1] != CILEN_DEFLATE || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; @@ -510,21 +482,17 @@ ccp_ackci(f, p, len) /* XXX Cope with first/fast ack */ if (len == 0) return 1; + if (go->deflate_correct && go->deflate_draft) { + if (len < CILEN_DEFLATE + || p[0] != CI_DEFLATE_DRAFT + || p[1] != CILEN_DEFLATE + || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } -#ifdef CI_BADDEFLATE - if (go->baddeflate) { - if (len < CILEN_DEFLATE - || p[0] != CI_BADDEFLATE || p[1] != CILEN_DEFLATE - || p[2] != DEFLATE_MAKE_OPT(go->baddeflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - /* XXX Cope with first/fast ack */ - if (p == p0 && len == 0) - return 1; - } -#endif if (go->bsd_compress) { if (len < CILEN_BSD_COMPRESS || p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS @@ -580,7 +548,8 @@ ccp_nakci(f, p, len) try = *go; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { no.deflate = 1; /* * Peer wants us to use a different code size or something. @@ -594,27 +563,14 @@ ccp_nakci(f, p, len) try.deflate_size = DEFLATE_SIZE(p[2]); p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } -#ifdef CI_BADDEFLATE - if (go->baddeflate && len >= CILEN_DEFLATE - && p[0] == CI_BADDEFLATE && p[1] == CILEN_DEFLATE) { - no.baddeflate = 1; - /* - * Peer wants us to use a different code size or something. - * Stop asking for Deflate if we don't understand his suggestion. - */ - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL - || DEFLATE_SIZE(p[2]) < DEFLATE_MIN_SIZE - || p[3] != DEFLATE_CHK_SEQUENCE) - try.baddeflate = 0; - else if (DEFLATE_SIZE(p[2]) < go->baddeflate_size) - try.baddeflate_size = DEFLATE_SIZE(p[2]); - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } -#endif - if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { no.bsd_compress = 1; @@ -666,25 +622,30 @@ ccp_rejci(f, p, len) return -1; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; /* Rej is bad */ - try.deflate = 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } -#ifdef CI_BADDEFLATE - if (go->baddeflate && len >= CILEN_DEFLATE - && p[0] == CI_BADDEFLATE && p[1] == CILEN_DEFLATE) { - if (p[2] != DEFLATE_MAKE_OPT(go->baddeflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; /* Rej is bad */ - try.baddeflate = 0; + if (go->deflate_correct) + try.deflate_correct = 0; + else + try.deflate_draft = 0; p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; /* Rej is bad */ + try.deflate_draft = 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } + if (!try.deflate_correct && !try.deflate_draft) + try.deflate = 0; } -#endif if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits)) @@ -753,7 +714,10 @@ ccp_reqci(f, p, lenp, dont_nak) switch (type) { case CI_DEFLATE: - if (!ao->deflate || clen != CILEN_DEFLATE) { + case CI_DEFLATE_DRAFT: + if (!ao->deflate || clen != CILEN_DEFLATE + || (!ao->deflate_correct && type == CI_DEFLATE) + || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) { newret = CONFREJ; break; } @@ -795,51 +759,6 @@ ccp_reqci(f, p, lenp, dont_nak) } break; -#ifdef CI_BADDEFLATE - case CI_BADDEFLATE: - if (!ao->baddeflate || clen != CILEN_DEFLATE) { - newret = CONFREJ; - break; - } - - ho->baddeflate = 1; - ho->baddeflate_size = nb = DEFLATE_SIZE(p[2]); - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL - || p[3] != DEFLATE_CHK_SEQUENCE - || nb > ao->baddeflate_size || nb < DEFLATE_MIN_SIZE) { - newret = CONFNAK; - if (!dont_nak) { - p[2] = DEFLATE_MAKE_OPT(ao->baddeflate_size); - p[3] = DEFLATE_CHK_SEQUENCE; - /* fall through to test this #bits below */ - } else - break; - } - - /* - * Check whether we can do Deflate with the window - * size they want. If the window is too big, reduce - * it until the kernel can cope and nak with that. - * We only check this for the first option. - */ - if (p == p0) { - for (;;) { - res = ccp_test(f->unit, p, CILEN_DEFLATE, 1); - if (res > 0) - break; /* it's OK now */ - if (res < 0 || nb == DEFLATE_MIN_SIZE || dont_nak) { - newret = CONFREJ; - p[2] = DEFLATE_MAKE_OPT(ho->baddeflate_size); - break; - } - newret = CONFNAK; - --nb; - p[2] = DEFLATE_MAKE_OPT(nb); - } - } - break; -#endif - case CI_BSD_COMPRESS: if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) { newret = CONFREJ; @@ -951,21 +870,16 @@ method_name(opt, opt2) return "(none)"; switch (opt->method) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) - sprintf(result, "Deflate (%d/%d)", opt->deflate_size, - opt2->deflate_size); - else - sprintf(result, "Deflate (%d)", opt->deflate_size); - break; -#ifdef CI_BADDEFLATE - case CI_BADDEFLATE: - if (opt2 != NULL && opt2->baddeflate_size != opt->baddeflate_size) - sprintf(result, "Bad-Deflate (%d/%d)", opt->baddeflate_size, - opt2->baddeflate_size); + sprintf(result, "Deflate%s (%d/%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size, opt2->deflate_size); else - sprintf(result, "Bad-Deflate (%d)", opt->baddeflate_size); + sprintf(result, "Deflate%s (%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size); break; -#endif case CI_BSD_COMPRESS: if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) sprintf(result, "BSD-Compress (%d/%d)", opt->bsd_bits, @@ -1081,8 +995,11 @@ ccp_printpkt(p, plen, printer, arg) optend = p + optlen; switch (code) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { - printer(arg, "deflate %d", DEFLATE_SIZE(p[2])); + printer(arg, "deflate%s %d", + (code == CI_DEFLATE_DRAFT? "(old#)": ""), + DEFLATE_SIZE(p[2])); if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL) printer(arg, " method %d", DEFLATE_METHOD(p[2])); if (p[3] != DEFLATE_CHK_SEQUENCE) @@ -1090,18 +1007,6 @@ ccp_printpkt(p, plen, printer, arg) p += CILEN_DEFLATE; } break; -#ifdef CI_BADDEFLATE - case CI_BADDEFLATE: - if (optlen >= CILEN_DEFLATE) { - printer(arg, "baddeflate %d", DEFLATE_SIZE(p[2])); - if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL) - printer(arg, " method %d", DEFLATE_METHOD(p[2])); - if (p[3] != DEFLATE_CHK_SEQUENCE) - printer(arg, " check %d", p[3]); - p += CILEN_DEFLATE; - } - break; -#endif case CI_BSD_COMPRESS: if (optlen >= CILEN_BSD_COMPRESS) { printer(arg, "bsd v%d %d", BSD_VERSION(p[2]), diff --git a/usr.sbin/pppd/ccp.h b/usr.sbin/pppd/ccp.h index 843bddd..c196edf 100644 --- a/usr.sbin/pppd/ccp.h +++ b/usr.sbin/pppd/ccp.h @@ -24,7 +24,7 @@ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, * OR MODIFICATIONS. * - * $Id: ccp.h,v 1.5 1997/08/19 17:52:33 peter Exp $ + * $Id: ccp.h,v 1.6 1998/03/22 06:57:19 peter Exp $ */ typedef struct ccp_options { @@ -33,6 +33,8 @@ typedef struct ccp_options { u_int baddeflate: 1; /* do Deflate? (Magnalink!) */ u_int predictor_1: 1; /* do Predictor-1? */ u_int predictor_2: 1; /* do Predictor-2? */ + u_int deflate_correct: 1; /* use correct code for deflate? */ + u_int deflate_draft: 1; /* use draft RFC code for deflate? */ u_short bsd_bits; /* # bits/code for BSD Compress */ u_short deflate_size; /* lg(window size) for Deflate */ u_short baddeflate_size; /* lg(window size) for Deflate */ diff --git a/usr.sbin/pppd/chap_ms.c b/usr.sbin/pppd/chap_ms.c index 744e14b..343f462 100644 --- a/usr.sbin/pppd/chap_ms.c +++ b/usr.sbin/pppd/chap_ms.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: chap_ms.c,v 1.3 1997/08/19 17:52:35 peter Exp $"; +static char rcsid[] = "$Id: chap_ms.c,v 1.4 1998/03/22 05:32:48 peter Exp $"; #endif #ifdef CHAPMS @@ -44,6 +44,9 @@ static char rcsid[] = "$Id: chap_ms.c,v 1.3 1997/08/19 17:52:35 peter Exp $"; #include <sys/time.h> #include <syslog.h> #include <unistd.h> +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include "pppd.h" #include "chap.h" @@ -255,7 +258,6 @@ ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, response) MD4_CTX md4Context; u_char hash[MD4_SIGNATURE_SIZE]; u_char unicodePassword[MAX_NT_PASSWORD * 2]; - static int low_byte_first = -1; /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports 8-bit ISO8859/1 characters. */ diff --git a/usr.sbin/pppd/ipcp.c b/usr.sbin/pppd/ipcp.c index b3973cf..2ce87a5 100644 --- a/usr.sbin/pppd/ipcp.c +++ b/usr.sbin/pppd/ipcp.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: ipcp.c,v 1.9 1997/08/19 17:52:38 peter Exp $"; +static char rcsid[] = "$Id: ipcp.c,v 1.10 1997/08/22 12:03:54 peter Exp $"; #endif /* @@ -1157,6 +1157,8 @@ ipcp_up(f) ipcp_close(f->unit, "Could not determine local IP address"); return; } + script_setenv("IPLOCAL", ip_ntoa(go->ouraddr)); + script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr)); /* * Check that the peer is allowed to use the IP address it wants. @@ -1409,9 +1411,9 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDRS) { p += 2; GETLONG(cilong, p); - printer(arg, "addrs %s", ip_ntoa(htonl(cilong))); + printer(arg, "addrs %I", htonl(cilong)); GETLONG(cilong, p); - printer(arg, " %s", ip_ntoa(htonl(cilong))); + printer(arg, " %I", htonl(cilong)); } break; case CI_COMPRESSTYPE: @@ -1435,20 +1437,20 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDR) { p += 2; GETLONG(cilong, p); - printer(arg, "addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "addr %I", htonl(cilong)); } break; case CI_MS_DNS1: case CI_MS_DNS2: p += 2; GETLONG(cilong, p); - printer(arg, "dns-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-dns %I", htonl(cilong)); break; case CI_MS_WINS1: case CI_MS_WINS2: p += 2; GETLONG(cilong, p); - printer(arg, "wins-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-wins %I", htonl(cilong)); break; } while (p < optend) { diff --git a/usr.sbin/pppd/ipcp.h b/usr.sbin/pppd/ipcp.h index 90a625a..165a5a1 100644 --- a/usr.sbin/pppd/ipcp.h +++ b/usr.sbin/pppd/ipcp.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id$ + * $Id: ipcp.h,v 1.8 1997/08/19 17:52:38 peter Exp $ */ /* @@ -26,10 +26,10 @@ #define CI_COMPRESSTYPE 2 /* Compression Type */ #define CI_ADDR 3 -#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS1 129 /* Primary DNS value */ -#define CI_MS_WINS2 130 /* Secondary WINS value */ +#define CI_MS_WINS1 130 /* Primary WINS value */ #define CI_MS_DNS2 131 /* Secondary DNS value */ +#define CI_MS_WINS2 132 /* Secondary WINS value */ #define MAX_STATES 16 /* from slcompress.h */ diff --git a/usr.sbin/pppd/ipxcp.c b/usr.sbin/pppd/ipxcp.c index 9390643..ea0e2c0 100644 --- a/usr.sbin/pppd/ipxcp.c +++ b/usr.sbin/pppd/ipxcp.c @@ -19,7 +19,7 @@ #ifdef IPX_CHANGE #ifndef lint -static char rcsid[] = "$Id$"; +static char rcsid[] = "$Id: ipxcp.c,v 1.3 1997/08/19 17:52:39 peter Exp $"; #endif /* @@ -163,7 +163,7 @@ ipx_ntoa(ipxaddr) u_int32_t ipxaddr; { static char b[64]; - sprintf(b, "%lx", ipxaddr); + sprintf(b, "%x", ipxaddr); return b; } @@ -336,9 +336,6 @@ static void ipxcp_resetci(f) fsm *f; { - u_int32_t network; - int unit = f->unit; - wo->req_node = wo->neg_node && ao->neg_node; wo->req_nn = wo->neg_nn && ao->neg_nn; @@ -387,7 +384,6 @@ static int ipxcp_cilen(f) fsm *f; { - int unit = f->unit; int len; len = go->neg_nn ? CILEN_NETN : 0; @@ -411,8 +407,6 @@ ipxcp_addci(f, ucp, lenp) u_char *ucp; int *lenp; { - int len = *lenp; - int unit = f->unit; /* * Add the options to the record. */ @@ -462,7 +456,6 @@ ipxcp_ackci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_short cilen, citype, cishort; u_char cichar; u_int32_t cilong; @@ -571,7 +564,6 @@ ipxcp_nakci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_char citype, cilen, *next; u_short s; u_int32_t l; @@ -690,7 +682,6 @@ ipxcp_rejci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_short cilen, citype, cishort; u_char cichar; u_int32_t cilong; @@ -807,17 +798,15 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) int *len; /* Length of requested CIs */ int reject_if_disagree; { - int unit = f->unit; u_char *cip, *next; /* Pointer to current and next CIs */ u_short cilen, citype; /* Parsed len, type */ - u_short cishort, ts; /* Parsed short value */ - u_int32_t tl, cinetwork, outnet;/* Parsed address values */ + u_short cishort; /* Parsed short value */ + u_int32_t cinetwork; /* Parsed address values */ int rc = CONFACK; /* Final packet return code */ int orc; /* Individual option return code */ u_char *p; /* Pointer to next char to parse */ u_char *ucp = inp; /* Pointer to current output char */ int l = *len; /* Length left */ - u_char maxslotindex, cflag; /* * Reset all his options. @@ -1094,7 +1083,6 @@ endswitch: if (rc != CONFREJ && !ho->neg_node && wo->req_nn && !reject_if_disagree) { - u_char *ps; if (rc == CONFACK) { rc = CONFNAK; wo->req_nn = 0; /* don't ask again */ @@ -1197,8 +1185,6 @@ static void ipxcp_down(f) fsm *f; { - u_int32_t ournn, network; - IPXCPDEBUG((LOG_INFO, "ipxcp: down")); cipxfaddr (f->unit); @@ -1216,7 +1202,6 @@ ipxcp_script(f, script) fsm *f; char *script; { - int unit = f->unit; char strspeed[32], strlocal[32], strremote[32]; char strnetwork[32], strpid[32]; char *argv[14], strproto_lcl[32], strproto_rmt[32]; diff --git a/usr.sbin/pppd/magic.c b/usr.sbin/pppd/magic.c index be3b503..7ff35ad 100644 --- a/usr.sbin/pppd/magic.c +++ b/usr.sbin/pppd/magic.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id$"; +static char rcsid[] = "$Id: magic.c,v 1.6 1997/08/19 17:52:42 peter Exp $"; #endif #include <stdio.h> @@ -46,7 +46,7 @@ magic_init() struct timeval t; gettimeofday(&t, NULL); - seed = gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid(); + seed = get_host_seed() ^ t.tv_sec ^ t.tv_usec ^ getpid(); srand48(seed); } diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c index 26c648b..313b2ab 100644 --- a/usr.sbin/pppd/main.c +++ b/usr.sbin/pppd/main.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: main.c,v 1.15 1997/10/10 09:28:37 peter Exp $"; +static char rcsid[] = "$Id: main.c,v 1.16 1998/03/22 05:33:00 peter Exp $"; #endif #include <stdio.h> @@ -88,11 +88,14 @@ int baud_rate; /* Actual bits/second for serial device */ int hungup; /* terminal has been hung up */ int privileged; /* we're running as real uid root */ int need_holdoff; /* need holdoff period before restarting */ +int detached; /* have detached from terminal */ int phase; /* where the link is at */ int kill_link; int open_ccp_flag; -int redirect_stderr; /* Connector's stderr should go to file */ + +char **script_env; /* Env. variable values for scripts */ +int s_env_nalloc; /* # words avail at script_env */ u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */ u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */ @@ -105,6 +108,7 @@ char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n"; /* Prototypes for procedures local to this file. */ +static void create_pidfile __P((void)); static void cleanup __P((void)); static void close_tty __P((void)); static void get_input __P((void)); @@ -165,7 +169,6 @@ main(argc, argv) { int i, n, fdflags; struct sigaction sa; - FILE *pidfile; FILE *iffile; char *p; struct passwd *pw; @@ -174,6 +177,7 @@ main(argc, argv) struct protent *protp; struct stat statbuf; int connect_attempts = 0; + char numbuf[16]; phase = PHASE_INITIALIZE; p = ttyname(0); @@ -181,6 +185,8 @@ main(argc, argv) strcpy(devnam, p); strcpy(default_devnam, devnam); + script_env = NULL; + /* Initialize syslog facilities */ #ifdef ULTRIX openlog("pppd", LOG_PID); @@ -197,6 +203,8 @@ main(argc, argv) uid = getuid(); privileged = uid == 0; + sprintf(numbuf, "%d", uid); + script_setenv("UID", numbuf); /* * Initialize to the standard option set, then parse, in order, @@ -205,7 +213,7 @@ main(argc, argv) */ for (i = 0; (protp = protocols[i]) != NULL; ++i) (*protp->init)(0); - + progname = *argv; if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1) @@ -243,13 +251,18 @@ main(argc, argv) exit(1); } + script_setenv("DEVICE", devnam); + sprintf(numbuf, "%d", baud_rate); + script_setenv("SPEED", numbuf); + /* * If the user has specified the default device name explicitly, * pretend they hadn't. */ if (!default_device && strcmp(devnam, default_devnam) == 0) default_device = 1; - redirect_stderr = !nodetach || default_device; + if (default_device) + nodetach = 1; /* * Initialize system-dependent stuff and magic number package. @@ -263,10 +276,8 @@ main(argc, argv) * Detach ourselves from the terminal, if required, * and identify who is running us. */ - if (!default_device && !nodetach && daemon(0, 0) < 0) { - perror("Couldn't detach from controlling terminal"); - exit(1); - } + if (nodetach == 0) + detach(); pid = getpid(); p = getlogin(); stime = time((time_t *) NULL); @@ -366,16 +377,9 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); + script_setenv("IFNAME", ifname); - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); - pidfilename[0] = 0; - } + create_pidfile(); /* write pid to file */ /* * Configure the interface and mark it up, etc. @@ -519,16 +523,7 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", - pidfilename); - pidfilename[0] = 0; - } + create_pidfile(); /* write pid to file */ /* write interface unit number to file */ for (n = strlen(devnam); n > 0 ; n--) @@ -544,6 +539,8 @@ main(argc, argv) syslog(LOG_ERR, "Failed to create if file %s: %m", iffilename); iffilename[0] = 0; } + + script_setenv("IFNAME", ifname); } /* @@ -646,6 +643,43 @@ main(argc, argv) } /* + * detach - detach us from the controlling terminal. + */ +void +detach() +{ + if (detached) + return; + if (daemon(0, 0) < 0) { + perror("Couldn't detach from controlling terminal"); + die(1); + } + detached = 1; + pid = getpid(); + /* update pid file if it has been written already */ + if (pidfilename[0]) + create_pidfile(); +} + +/* + * Create a file containing our process ID. + */ +static void +create_pidfile() +{ + FILE *pidfile; + + (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); + if ((pidfile = fopen(pidfilename, "w")) != NULL) { + fprintf(pidfile, "%d\n", pid); + (void) fclose(pidfile); + } else { + syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); + pidfilename[0] = 0; + } +} + +/* * holdoff_end - called via a timeout when the holdoff period ends. */ static void @@ -1041,6 +1075,11 @@ static void bad_signal(sig) int sig; { + static int crashed = 0; + + if (crashed) + _exit(127); + crashed = 1; syslog(LOG_ERR, "Fatal signal %d", sig); if (conn_running) kill_my_pg(SIGTERM); @@ -1091,9 +1130,9 @@ device_script(program, in, out) close(out); } } - if (redirect_stderr) { + if (nodetach == 0) { close(2); - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); if (errfd >= 0 && errfd != 2) { dup2(errfd, 2); close(errfd); @@ -1132,7 +1171,6 @@ run_program(prog, args, must_exist) int must_exist; { int pid; - char *nullenv[1]; pid = fork(); if (pid == -1) { @@ -1177,8 +1215,7 @@ run_program(prog, args, must_exist) /* SysV recommends a second fork at this point. */ /* run the program; give it a null environment */ - nullenv[0] = NULL; - execve(prog, args, nullenv); + execve(prog, args, script_env); if (must_exist || errno != ENOENT) syslog(LOG_WARNING, "Can't execute %s: %m", prog); _exit(-1); @@ -1293,10 +1330,9 @@ pr_log __V((void *arg, char *fmt, ...)) fmt = va_arg(pvar, char *); #endif - vsprintf(buf, fmt, pvar); + n = vfmtmsg(buf, sizeof(buf), fmt, pvar); va_end(pvar); - n = strlen(buf); if (linep + n + 1 > line + sizeof(line)) { syslog(LOG_DEBUG, "%s", line); linep = line; @@ -1603,3 +1639,78 @@ vfmtmsg(buf, buflen, fmt, args) *buf = 0; return buf - buf0; } + +/* + * script_setenv - set an environment variable value to be used + * for scripts that we run (e.g. ip-up, auth-up, etc.) + */ +void +script_setenv(var, value) + char *var, *value; +{ + int vl = strlen(var); + int i; + char *p, *newstring; + + newstring = (char *) malloc(vl + strlen(value) + 2); + if (newstring == 0) + return; + strcpy(newstring, var); + newstring[vl] = '='; + strcpy(newstring+vl+1, value); + + /* check if this variable is already set */ + if (script_env != 0) { + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + script_env[i] = newstring; + return; + } + } + } else { + i = 0; + script_env = (char **) malloc(16 * sizeof(char *)); + if (script_env == 0) + return; + s_env_nalloc = 16; + } + + /* reallocate script_env with more space if needed */ + if (i + 1 >= s_env_nalloc) { + int new_n = i + 17; + char **newenv = (char **) realloc((void *)script_env, + new_n * sizeof(char *)); + if (newenv == 0) + return; + script_env = newenv; + s_env_nalloc = new_n; + } + + script_env[i] = newstring; + script_env[i+1] = 0; +} + +/* + * script_unsetenv - remove a variable from the environment + * for scripts. + */ +void +script_unsetenv(var) + char *var; +{ + int vl = strlen(var); + int i; + char *p; + + if (script_env == 0) + return; + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + while ((script_env[i] = script_env[i+1]) != 0) + ++i; + break; + } + } +} diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c index a148b81..8d24c35 100644 --- a/usr.sbin/pppd/options.c +++ b/usr.sbin/pppd/options.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: options.c,v 1.17 1998/03/22 05:33:03 peter Exp $"; +static char rcsid[] = "$Id: options.c,v 1.18 1998/03/22 06:57:20 peter Exp $"; #endif #include <ctype.h> @@ -174,6 +174,7 @@ static int setcrtscts __P((char **)); static int setnocrtscts __P((char **)); static int setxonxoff __P((char **)); static int setnodetach __P((char **)); +static int setupdetach __P((char **)); static int setmodem __P((char **)); static int setlocal __P((char **)); static int setlock __P((char **)); @@ -216,7 +217,7 @@ static int setbsdcomp __P((char **)); static int setnobsdcomp __P((char **)); static int setdeflate __P((char **)); static int setnodeflate __P((char **)); -static int setnobaddeflate __P((char **)); +static int setnodeflatedraft __P((char **)); static int setdemand __P((char **)); static int setpred1comp __P((char **)); static int setnopred1comp __P((char **)); @@ -276,6 +277,7 @@ static struct cmd { {"-d", 0, setdebug}, /* Increase debugging level */ {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */ {"-detach", 0, setnodetach}, /* don't fork */ + {"updetach", 0, setupdetach}, /* Detach once an NP has come up */ {"noip", 0, noip}, /* Disable IP and IPCP */ {"-ip", 0, noip}, /* Disable IP and IPCP */ {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */ @@ -371,8 +373,7 @@ static struct cmd { {"deflate", 1, setdeflate}, /* request Deflate compression */ {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */ - {"nobaddeflate", 0, setnobaddeflate}, /* don't allow (wrong) Deflate */ - {"-baddeflate", 0, setnobaddeflate}, /* don't allow (wrong) Deflate */ + {"nodeflatedraft", 0, setnodeflatedraft}, /* don't use draft deflate # */ {"predictor1", 0, setpred1comp}, /* request Predictor-1 */ {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */ {"-predictor1", 0, setnopred1comp}, /* don't allow Predictor-1 */ @@ -1855,6 +1856,14 @@ setnodetach(argv) } static int +setupdetach(argv) + char **argv; +{ + nodetach = -1; + return (1); +} + +static int setdemand(argv) char **argv; { @@ -2243,11 +2252,11 @@ setnodeflate(argv) } static int -setnobaddeflate(argv) +setnodeflatedraft(argv) char **argv; { - ccp_wantoptions[0].baddeflate = 0; - ccp_allowoptions[0].baddeflate = 0; + ccp_wantoptions[0].deflate_draft = 0; + ccp_allowoptions[0].deflate_draft = 0; return 1; } @@ -2322,11 +2331,12 @@ setdnsaddr(argv) dns = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].dnsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].dnsaddr[0] == 0) ipcp_allowoptions[0].dnsaddr[0] = dns; - } else { - ipcp_allowoptions[0].dnsaddr[1] = dns; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].dnsaddr[1] = dns; return (1); } @@ -2353,11 +2363,12 @@ setwinsaddr(argv) wins = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].winsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].winsaddr[0] == 0) ipcp_allowoptions[0].winsaddr[0] = wins; - } else { - ipcp_allowoptions[0].winsaddr[1] = wins; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].winsaddr[1] = wins; return (1); } @@ -2453,6 +2464,7 @@ setipxanet(argv) { ipxcp_wantoptions[0].accept_network = 1; ipxcp_allowoptions[0].accept_network = 1; + return 1; } static int @@ -2461,6 +2473,7 @@ setipxalcl(argv) { ipxcp_wantoptions[0].accept_local = 1; ipxcp_allowoptions[0].accept_local = 1; + return 1; } static int @@ -2469,6 +2482,7 @@ setipxarmt(argv) { ipxcp_wantoptions[0].accept_remote = 1; ipxcp_allowoptions[0].accept_remote = 1; + return 1; } static u_char * diff --git a/usr.sbin/pppd/patchlevel.h b/usr.sbin/pppd/patchlevel.h index 84e8828..0525280 100644 --- a/usr.sbin/pppd/patchlevel.h +++ b/usr.sbin/pppd/patchlevel.h @@ -1,6 +1,6 @@ -/* $Id: patchlevel.h,v 1.7 1997/08/22 12:03:57 peter Exp $ */ -#define PATCHLEVEL 3 +/* $Id: patchlevel.h,v 1.8 1998/03/22 05:33:05 peter Exp $ */ +#define PATCHLEVEL 5 #define VERSION "2.3" #define IMPLEMENTATION "" -#define DATE "11 December 1997" +#define DATE "4 May 1998" diff --git a/usr.sbin/pppd/pppd.8 b/usr.sbin/pppd/pppd.8 index 57bffe6..e13f01c 100644 --- a/usr.sbin/pppd/pppd.8 +++ b/usr.sbin/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.3 -.\" $Id: pppd.8,v 1.16 1997/10/10 09:28:38 peter Exp $ +.\" $Id: pppd.8,v 1.17 1997/10/18 01:29:18 peter Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -654,7 +654,7 @@ the initial /dev/ is removed from the terminal name, and any remaining .PP An options file is parsed into a series of words, delimited by whitespace. Whitespace can be included in a word by enclosing the -word in quotes ("). A backslash (\\) quotes the following character. +word in double-quotes ("). A backslash (\\) quotes the following character. A hash (#) starts a comment, which continues until the end of the line. There is no restriction on using the \fIfile\fR or \fIcall\fR options within an options file. @@ -965,10 +965,46 @@ causes other debugging messages to be logged. .LP Debugging can also be enabled or disabled by sending a SIGUSR1 signal to the pppd process. This signal acts as a toggle. -.SH FILES -.TP -.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) -Process-ID for pppd process on ppp interface unit \fIn\fR. +.SH SCRIPTS +Pppd invokes scripts at various stages in its processing which can be +used to perform site-specific ancillary processing. These scripts are +usually shell scripts, but could be executable code files instead. +Pppd does not wait for the scripts to finish. The scripts are +executed as root (with the real and effective user-id set to 0), so +that they can do things such as update routing tables or run +privileged daemons. Be careful that the contents of these scripts do +not compromise your system's security. Pppd runs the scripts with +standard input, output and error redirected to /dev/null, and with an +environment that is empty except for some environment variables that +give information about the link. The environment variables that pppd +sets are: +.TP +.B DEVICE +The name of the serial tty device being used. +.TP +.B IFNAME +The name of the network interface being used. +.TP +.B IPLOCAL +The IP address for the local end of the link. This is only set when +IPCP has come up. +.TP +.B IPREMOTE +The IP address for the remote end of the link. This is only set when +IPCP has come up. +.TP +.B PEERNAME +The authenticated name of the peer. This is only set if the peer +authenticates itself. +.TP +.B SPEED +The baud rate of the tty device. +.TP +.B UID +The real user-id of the user who invoked pppd. +.P +Pppd invokes the following scripts, if they exist. It is not an error +if they don't exist. .TP .B /etc/ppp/auth-up A program or script which is executed after the remote system @@ -976,11 +1012,8 @@ successfully authenticates itself. It is executed with the parameters .IP \fIinterface-name peer-name user-name tty-device speed\fR .IP -and with its standard input, output and error redirected to -/dev/null. This program or script is executed with the real and -effective user-IDs set to root, and with an empty environment. (Note -that this script is not executed if the peer doesn't authenticate -itself, for example when the \fInoauth\fR option is used.) +Note that this script is not executed if the peer doesn't authenticate +itself, for example when the \fInoauth\fR option is used. .TP .B /etc/ppp/auth-down A program or script which is executed when the link goes down, if @@ -994,25 +1027,13 @@ executed with the parameters .IP \fIinterface-name tty-device speed local-IP-address remote-IP-address ipparam\fR -.IP -and with its standard input, -output and error streams redirected to /dev/null. -.IP -This program or script is executed with the real and effective -user-IDs set to root. This is so that it can be used to manipulate -routes, run privileged daemons (e.g. \fIsendmail\fR), etc. Be -careful that the contents of the /etc/ppp/ip-up and /etc/ppp/ip-down -scripts do not compromise your system's security. -.IP -This program or script is executed with an empty environment, so you -must either specify a PATH or use full pathnames. .TP .B /etc/ppp/ip-down A program or script which is executed when the link is no longer available for sending and receiving IP packets. This script can be used for undoing the effects of the /etc/ppp/ip-up script. It is invoked in the same manner and with the same parameters as the ip-up -script, and the same security considerations apply. +script. .TP .B /etc/ppp/ipx-up A program or script which is executed when the link is available for @@ -1023,10 +1044,6 @@ executed with the parameters remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR .IP -and with its standard input, -output and error streams redirected to /dev/null. -.br -.IP The local-IPX-routing-protocol and remote-IPX-routing-protocol field may be one of the following: .IP @@ -1037,21 +1054,17 @@ RIP to indicate that RIP/SAP should be used NLSP to indicate that Novell NLSP should be used .br RIP NLSP to indicate that both RIP/SAP and NLSP should be used -.br -.IP -This program or script is executed with the real and effective -user-IDs set to root, and with an empty environment. This is so -that it can be used to manipulate routes, run privileged daemons (e.g. -\fIripd\fR), etc. Be careful that the contents of the /etc/ppp/ipx-up -and /etc/ppp/ipx-down scripts do not compromise your system's -security. .TP .B /etc/ppp/ipx-down A program or script which is executed when the link is no longer available for sending and receiving IPX packets. This script can be used for undoing the effects of the /etc/ppp/ipx-up script. It is invoked in the same manner and with the same parameters as the ipx-up -script, and the same security considerations apply. +script. +.SH FILES +.TP +.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) +Process-ID for pppd process on ppp interface unit \fIn\fR. .TP .B /etc/ppp/pap-secrets Usernames, passwords and IP addresses for PAP authentication. This diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h index e1a63b7..ce3a757 100644 --- a/usr.sbin/pppd/pppd.h +++ b/usr.sbin/pppd/pppd.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pppd.h,v 1.10 1997/10/10 06:02:57 peter Exp $ + * $Id: pppd.h,v 1.11 1997/10/10 09:28:38 peter Exp $ */ /* @@ -68,6 +68,8 @@ extern int redirect_stderr;/* Connector's stderr should go to file */ extern char peer_authname[];/* Authenticated name of peer */ extern int privileged; /* We were run by real-uid root */ extern int need_holdoff; /* Need holdoff period after link terminates */ +extern char **script_env; /* Environment variables for scripts */ +extern int detached; /* Have detached from controlling tty */ /* * Variables set by command-line options. @@ -176,6 +178,7 @@ extern struct protent *protocols[]; */ /* Procedures exported from main.c. */ +void detach __P((void)); /* Detach from controlling tty */ void die __P((int)); /* Cleanup and exit */ void quit __P((void)); /* like die(1) */ void novm __P((char *)); /* Say we ran out of memory, and die */ @@ -195,6 +198,8 @@ void print_string __P((char *, int, void (*) (void *, char *, ...), void *)); /* Format a string for output */ int fmtmsg __P((char *, int, char *, ...)); /* sprintf++ */ int vfmtmsg __P((char *, int, char *, va_list)); /* vsprintf++ */ +void script_setenv __P((char *, char *)); /* set script env var */ +void script_unsetenv __P((char *)); /* unset script env var */ /* Procedures exported from auth.c */ void link_required __P((int)); /* we are starting to use the link */ @@ -294,6 +299,7 @@ void unlock __P((void)); /* Delete previously-created lock file */ int daemon __P((int, int)); /* Detach us from terminal session */ void logwtmp __P((const char *, const char *, const char *)); /* Write entry to wtmp file */ +int get_host_seed __P((void)); /* Get host-dependent random number seed */ #ifdef PPP_FILTER int set_filters __P((struct bpf_program *pass, struct bpf_program *active)); /* Set filter programs in kernel */ diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c index 2838bc3..852acf1 100644 --- a/usr.sbin/pppd/sys-bsd.c +++ b/usr.sbin/pppd/sys-bsd.c @@ -21,7 +21,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: sys-bsd.c,v 1.12 1998/01/16 17:38:53 bde Exp $"; +static char rcsid[] = "$Id: sys-bsd.c,v 1.13 1998/03/22 05:33:08 peter Exp $"; #endif /* $NetBSD: sys-bsd.c,v 1.1.1.3 1997/09/26 18:53:04 christos Exp $ */ @@ -68,6 +68,9 @@ static char rcsid[] = "$Id: sys-bsd.c,v 1.12 1998/01/16 17:38:53 bde Exp $"; #if (NetBSD >= 199703) #include <netinet/if_inarp.h> #else /* NetBSD 1.2D or later */ +#ifdef __FreeBSD__ +#include <netinet/if_ether.h> +#else #include <net/if_ether.h> #endif #else @@ -1499,6 +1502,15 @@ GetMask(addr) } /* + * Use the hostid as part of the random number seed. + */ +int +get_host_seed() +{ + return gethostid(); +} + +/* * lock - create a lock file for the named lock device */ #define LOCK_PREFIX "/var/spool/lock/LCK.." |
