summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ppp
Commit message (Collapse)AuthorAgeFilesLines
* Don't use SignalBundle if it's not setbrian2002-06-281-3/+6
| | | | Submitted by: Federico G. Schwindt <fgsch@olimpo.com.br>
* Complain about (and fix) misformatted RADIUS attributes rather than silentlybrian2002-06-281-2/+6
| | | | fixing them.
* When a RADIUS server is being used, don't use MPPE unless the RADIUSbrian2002-06-281-6/+19
| | | | server says it's ok.
* Add a hack to handle RADIUS responses from peers that forget thatbrian2002-06-231-4/+20
| | | | | | | there's an ``Ident'' field in the MS-CHAP2-Response and MS-CHAP-Error attributes. The RADIATOR server seems to be guilty of this.
* Don't expect NUL terminated data in all netgraph messages received.brian2002-06-221-2/+8
| | | | Only display message hook values we understand.
* Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the codebrian2002-06-175-29/+34
| | | | | | | | | | | | | | | | path... after we've talked to any RADIUS servers involved, so that we haven't touched the data before it gets to the server. Make it clearer in the code that this compensation is done by setting a flag to a value of zero, a flag which rfc2759 says *MUST* be zero. While we're here, don't bother passing the peer challenge into radius_Authenticate(). It's already part of the key we're passing in (this becomes obvious now that I've structured that data...). This ``fix'' doesn't help to authenticate Win98/WinME users in my test environment as ports/net/freeradius seems to ignore the flag completely anyway, but it may help with other RADIUS servers.
* A better prinflike fix...brian2002-06-151-2/+2
|
* Remove whitespace at the end of lines.brian2002-06-1531-89/+89
|
* Fix a printflike format errorbrian2002-06-151-1/+1
|
* Remove a forgotten diagnosticbrian2002-06-151-1/+0
|
* If a RAD_FILTER_ID is supplied by the RADIUS server, treat it as anbrian2002-06-122-1/+20
| | | | | | additional label from ppp.linkup & ppp.linkdown to load. Suggested and mostly submitted by: andrew pavlov <and@kremenchug.net>
* Bump the version number to reflect the recent RADIUS commitsbrian2002-06-121-1/+1
|
* Don't forget to process the Ident field on the front ofbrian2002-06-122-16/+26
| | | | | | | | | | | RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS messages, and remove the hack in chap.c to ignore that ident field on the client side. This anomoly was hacked around during development, and I forgot to go back and fix it properly. Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
* Understand the following Microsoft Vendor Specific RADIUS attributes:brian2002-06-128-55/+329
| | | | | | | | | | | | | | | | | RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES RAD_MICROSOFT_MS_MPPE_RECV_KEY RAD_MICROSOFT_MS_MPPE_SEND_KEY These attributes may be supplied by a RADIUS server when MSCHAPv2 is used to authenticate. It *should* now be possible to build ppp with -DNODES and still support CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet smart enough to do that (building with -DNODES just looses these facilities). Sponsored by: Monzoon
* Cast pid_t to long for printf()ingbrian2002-06-061-2/+2
| | | | Obtained from: OpenBSD
* Add a missing ``a''.brian2002-06-031-1/+1
|
* Don't send a RAD_NAS_IP_ADDRESS attribute as RAD_NAS_IDENTIFIER isbrian2002-06-021-0/+8
| | | | | | | | | | | | | | | | | sufficient. In fact, using both breaks the radiator RADIUS daemon when used with a db as it maps both attributes to the same field value and then fails the insert. I decided to remove RAD_NAS_IP_ADDRESS on the basis that rfc2138 says: An Access-Request MUST contain a User-Name attribute. It SHOULD contain either a NAS-IP-Address attribute or NAS-Identifier attribute (or both, although that is not recommended). It MUST despite the fact that this not recommended bit was removed from the updated rfc.
* Coerce pid_t to long rather than int for better portability.brian2002-05-274-17/+17
| | | | Suggested by: Theo de Raadt <deraadt@openbsd.org>
* Increase the maximum FSM option length to 50brian2002-05-222-3/+3
|
* Add some missing #includes that weren't required due to namespace polutionbrian2002-05-223-2/+3
| | | | | | in our headers. Submitted by: bde
* Mention our support of the authentication side of rfc2548brian2002-05-211-1/+1
|
* Document RAD_MICROSOFT_MS_CHAP2_SUCCESS.brian2002-05-181-0/+5
|
* Put back <string.h>brian2002-05-171-0/+1
|
* Add some OpenBSD includesbrian2002-05-161-0/+4
|
* Fix a mis-placed #else/#endifbrian2002-05-161-2/+1
|
* Handle MS-CHAPv2 authentication correctly via the RADIUS server (if it'sbrian2002-05-165-48/+114
| | | | | | | | | | configured). Handle internal failures in radius_Authenticate() correctly. Bump the ppp version number. This doesn't yet work with MPPE. More will follow. Sponsored by: Mozoon
* Fix an include for NetBSDbrian2002-05-141-0/+3
|
* Avoid a rather bizarre warning from gcc 3.1:brian2002-05-141-1/+1
| | | | /usr/src/usr.sbin/ppp/cbcp.c:566:61: warning: trigraph ??! ignored
* o Clean up some #includesbrian2002-05-1442-133/+163
| | | | | | | | | | | | | | | | | | o Bump version number to 3.0.4 o When talking to a RADIUS server, provide a NAS-Port-Type. When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal to the SESSIONID from the environment in direct mode or the NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found, default to the interface index in client mode or zero in server mode. When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number of the physical device (ie, the N in /dev/i4brbchN). This makes it easier for the RADIUS server to identify the client WRT accounting data etc. Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>
* Calculate the number of open links properly when deciding on whether tobrian2002-05-141-11/+10
| | | | | | | | just send PROTO_IP packets when we've got only one link up in multi-link mode. Problem noted by: Adrian Close <adrian@fernhilltec.com.au> MFC after: 1 week
* Fix a syntax errorbrian2002-05-131-0/+1
|
* We don't need to include arpa/inet.h here. In fact, only FreeBSD needsbrian2002-05-111-2/+1
| | | | netinet/in.h.
* #include netinet/in.h when !__FreeBSD__ to silence some warnings frombrian2002-05-111-0/+3
| | | | the inclusion of arpa/inet.h
* NetBSD keeps des.h in /usr/include/openssl these daysbrian2002-05-111-0/+4
|
* Add support for MS-CHAP authentication via a RADIUS server.brian2002-05-106-42/+200
| | | | | | Add support for Reply-Message and MS-CHAP-Error. Sponsored by: Monzoon
* Don't corrupt MP fragments when they're put back on the front of ourbrian2002-05-071-5/+6
| | | | | | | | | | inbound queue. Submitted by: "Amit K. Rao" <arao@niksun.com> PR: 37813 MFC after: 1 week Also fix a typo while I'm here.
* Understand the Session-Timeout RADIUS attributebrian2002-05-075-4/+109
| | | | | | Store the Filter-Id attribute (we don't do anything with it yet) Submitted mostly by: andrew pavlov <and@kremenchug.net>
* Tweak a data type from char * to u_char *brian2002-05-041-2/+2
|
* Make ``set mru'' require a context. In multi-link mode, there's nobrian2002-05-041-1/+1
| | | | | | | point in being allowed to ``set mru'' for the MP lcp layer. Spotted by: Richard Browne <richb@timestone.com.au> MFC after: 1 month
* Bump the version to mark the fixed FSM TLD orderingbrian2002-05-011-1/+1
|
* If we receive a config request while Open, call TLD *before* decodingbrian2002-05-011-3/+7
| | | | | | | the request as TLD may initialise fields that are set when decoding the request. MFC after: 1 week
* Allow the peer to modify the LQR intervalbrian2002-05-011-0/+1
|
* Usage style sweep: spell "usage" with a small 'u'.des2002-04-224-9/+9
| | | | | Also change one case of blatant __progname abuse (several more remain) This commit does not touch anything in src/{contrib,crypto,gnu}/.
* Don't load the netgraph line discipline. When it's in use, TIOCMGETbrian2002-04-211-0/+7
| | | | | | | fails and on loss of carrier, the device doesn't become selectable with 0 bytes to read. Problem reported by: ache
* Add variable substitutions for SOCKNAME, IPOCTETSIN, IPOCTETSOUT, IPPACKETSIN,brian2002-04-172-32/+136
| | | | | IPPACKETSOUT, IPV6OCTETSIN, IPV6OCTETSOUT, IPV6PACKETSIN, IPV6PACKETSOUT, OCTETSIN, OCTETSOUT, PACKETSIN, PACKETSOUT and SOCKNAME.
* Don't display an extraneous ``: '' with some packets in/packets out diagnosticsbrian2002-04-161-1/+1
|
* Make the way FSM options are processed easier to read by using structuresbrian2002-04-1612-731/+746
| | | | | | | | | | | instead of u_char *. The changes are cosmetic except: RecvConfigAck() now displays the options that are being ACK'd Huge (bogus) options sent from the peer won't cause an infinite loop SendIdent and ReceiveIdent are displayed consistenlty with other FSM data LCP AUTHPROTO options that aren't understood are NAK'd, not REJ'd
* When it's necessary to kldload tun(4), don't forget to re-try to openbrian2002-04-153-8/+15
| | | | | | tun0. Submitted by: qhwt@myrealbox.com
* Get tun P2P address from the local pool if RADIUS server returnedhosokawa2002-04-042-1/+5
| | | | | | 255.255.255.254 as client ipaddr. Reviewed-By: freebsd-net mailing list
* Fix a typobrian2002-03-311-1/+1
|
OpenPOWER on IntegriCloud