started to apply radius patch
ifmtu problem for slave devices fixed corrupted MPdiscr problem fixed minor patches
This commit is contained in:
parent
a01069cb84
commit
246e05c6d0
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# pppd makefile for Linux
|
||||
# $Id: Makefile.ORIG,v 1.1 1997/03/24 01:17:55 fritz Exp $
|
||||
# $Id: Makefile.ORIG,v 1.2 1998/03/08 13:01:26 hipp Exp $
|
||||
#
|
||||
|
||||
# These are set from the main Makefile
|
||||
|
@ -29,6 +29,7 @@ endif
|
|||
DEBUG_FLAGS = -DDEBUGALL
|
||||
# USE_MSCHAP = 1
|
||||
# HAS_SHADOW = 1
|
||||
# RADIUS = 1
|
||||
|
||||
COMPILE_FLAGS = -D_linux_=1 -DHAVE_PATHS_H -Wall -Dlint # -DDEBUGALL
|
||||
COPTS = -O2 -fomit-frame-pointer -m486 # -g
|
||||
|
@ -46,6 +47,12 @@ CFLAGS += -DUSE_MSCHAP
|
|||
LIBS += -ldes
|
||||
endif
|
||||
|
||||
ifdef RADIUS
|
||||
CFLAGS += -DRADIUS -I/usr/local/include
|
||||
CFLAGS += -D_PATH_ETC_RADIUSCLIENT_CONF=\"/usr/local/etc/radclient/radiusclient.conf\"
|
||||
LIBS += -L/usr/local/lib -lradclient
|
||||
PPPDOBJS += radius.o
|
||||
endif
|
||||
|
||||
ifdef USE_MS_DNS
|
||||
CFLAGS += -DUSE_MS_DNS=1
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# ipppd makefile for Linux
|
||||
# $Id: Makefile.in,v 1.5 1997/10/26 23:06:06 fritz Exp $
|
||||
# $Id: Makefile.in,v 1.6 1998/03/08 13:01:27 hipp Exp $
|
||||
#
|
||||
|
||||
HAVE_LIBDES := @HAVE_LIBDES@
|
||||
|
@ -18,6 +18,10 @@ INSTALL_DATA := $(INSTALL) -m 0644 -o 0 -g 0
|
|||
ifeq (@CONFIG_IPPPD_MSCHAP@,y)
|
||||
USE_MSCHAP := 1
|
||||
endif
|
||||
ifeq ($(CONFIG_IPPPD_RADIUS),y)
|
||||
RADIUS :=1
|
||||
endif
|
||||
|
||||
|
||||
PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
|
||||
ipxcp.c auth.c options.c sys-linux.c cbcp.c
|
||||
|
@ -27,6 +31,10 @@ MANPAGES = ipppd.8
|
|||
PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
|
||||
auth.o options.o sys-linux.o cbcp.o ipxcp.o
|
||||
|
||||
ifdef CONFIG_RADIUS_WTMP_LOGGING
|
||||
CFLAGS += -DRADIUS_WTMP_LOGGING
|
||||
endif
|
||||
|
||||
all: ipppd
|
||||
|
||||
%.man: %.8
|
||||
|
@ -84,6 +92,21 @@ ifdef USE_MSCHAP
|
|||
endif
|
||||
endif
|
||||
|
||||
ifdef RADIUS
|
||||
CFLAGS += -DRADIUS -I/usr/local/radius/src
|
||||
CFLAGS += -D_PATH_ETC_RADIUSCLIENT_CONF=\"/usr/local/radius\"
|
||||
LIBS += -L/usr/local/lib -lradclient
|
||||
PPPDOBJS += radius.o
|
||||
endif
|
||||
|
||||
ifdef RADIUS_WTMP_LOGGING
|
||||
CFLAGS += -DRADIUS_WTMP_LOGGING
|
||||
endif
|
||||
|
||||
ifdef OPTIONS_TTY_FIRST
|
||||
CFLAGS += -DOPTIONS_TTY_FIRST
|
||||
endif
|
||||
|
||||
ifeq ($(HAVE_SHADOW_H),1)
|
||||
PPPDOBJS += isexpired.o
|
||||
PPPDSRCS += isexpired.c
|
||||
|
|
|
@ -60,6 +60,10 @@ CHANGELOG:
|
|||
- added remote number as parameter for auth script
|
||||
- found (hopefully) the 'bad filenumber ..' problem
|
||||
- fixed pidfile problem
|
||||
08.03.98:
|
||||
- started to add radius patch .. not tested
|
||||
- SIGUSR2 should reload user password (untested)
|
||||
- minor bug with corrupted MPdiscr fixed
|
||||
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
|
|
@ -14,4 +14,6 @@ some of the following values must be changed to fields:
|
|||
hungup
|
||||
(baud_rate isn't necessary)
|
||||
|
||||
MPmrru and mru handling
|
||||
|
||||
|
||||
|
|
316
ipppd/auth.c
316
ipppd/auth.c
|
@ -1,4 +1,4 @@
|
|||
/*
|
||||
/*
|
||||
* auth.c - PPP authentication and phase control.
|
||||
*
|
||||
* Fairly patched version for isdn4linux
|
||||
|
@ -36,7 +36,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.8 1997/06/10 14:39:20 hipp Exp $";
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.9 1998/03/08 13:01:28 hipp Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stddef.h>
|
||||
|
@ -59,11 +59,27 @@ char auth_rcsid[] = "$Id: auth.c,v 1.8 1997/06/10 14:39:20 hipp Exp $";
|
|||
#include "config.h"
|
||||
#ifdef HAVE_SHADOW_H
|
||||
#include <shadow.h>
|
||||
#endif
|
||||
|
||||
#ifdef RADIUS
|
||||
#include <radius.h>
|
||||
|
||||
int radius_auth_order __P((void));
|
||||
int radius_pap_auth __P((char *, char *, char **, int *, int));
|
||||
void radius_acct_stop __P((int));
|
||||
|
||||
extern int radius_in;
|
||||
#endif
|
||||
|
||||
#ifndef PW_PPP
|
||||
#define PW_PPP PW_LOGIN
|
||||
#endif
|
||||
#ifndef PW_PPP
|
||||
#define PW_PPP PW_LOGIN
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#include "fsm.h"
|
||||
#include "ipppd.h"
|
||||
#include "lcp.h"
|
||||
|
@ -90,9 +106,9 @@ char auth_rcsid[] = "$Id: auth.c,v 1.8 1997/06/10 14:39:20 hipp Exp $";
|
|||
#define TRUE 1
|
||||
|
||||
/* Bits in auth_pending[] */
|
||||
#define UPAP_WITHPEER 1
|
||||
#define UPAP_WITHPEER 1
|
||||
#define UPAP_PEER 2
|
||||
#define CHAP_WITHPEER 4
|
||||
#define CHAP_WITHPEER 4
|
||||
#define CHAP_PEER 8
|
||||
|
||||
/* Prototypes */
|
||||
|
@ -108,7 +124,7 @@ static int get_upap_passwd __P((void));
|
|||
static int have_upap_secret __P((void));
|
||||
static int have_chap_secret __P((char *, char *));
|
||||
static int scan_authfile __P((FILE *, char *, char *, char *,
|
||||
struct wordlist **, char *));
|
||||
struct wordlist **, char *));
|
||||
static void free_wordlist __P((struct wordlist *));
|
||||
static void auth_script __P((int,char *));
|
||||
|
||||
|
@ -128,7 +144,10 @@ void link_terminated(int linkunit)
|
|||
{
|
||||
if(lns[linkunit].auth_up_script)
|
||||
auth_script(linkunit,_PATH_AUTHDOWN);
|
||||
|
||||
#ifdef RADIUS
|
||||
if (radius_in)
|
||||
radius_acct_stop(linkunit);
|
||||
#endif
|
||||
if (lns[linkunit].phase == PHASE_DEAD)
|
||||
return;
|
||||
if (lns[linkunit].logged_in) {
|
||||
|
@ -217,7 +236,10 @@ void link_established(int linkunit)
|
|||
lcp_options *wo = &lcp_wantoptions[ lns[linkunit].lcp_unit ];
|
||||
lcp_options *go = &lcp_gotoptions[ lns[linkunit].lcp_unit ];
|
||||
lcp_options *ho = &lcp_hisoptions[ lns[linkunit].lcp_unit ];
|
||||
|
||||
|
||||
fprintf(stderr,"@mla@: link_established\n");
|
||||
fprintf(stderr,"@mla@: go->neg_chap = %d\n", go->neg_chap);
|
||||
fprintf(stderr,"@mla@: go->neg_upap = %d\n", go->neg_upap);
|
||||
if (auth_required && !(go->neg_chap || go->neg_upap)) {
|
||||
/*
|
||||
* We wanted the peer to authenticate itself, and it refused:
|
||||
|
@ -234,22 +256,30 @@ void link_established(int linkunit)
|
|||
|
||||
lns[linkunit].phase = PHASE_AUTHENTICATE;
|
||||
auth = 0;
|
||||
fprintf(stderr,"@mla@: link_established: go->neg_chap = %d\n", go->neg_chap);
|
||||
fprintf(stderr,"@mla@: link_established: go->neg_upap = %d\n", go->neg_upap);
|
||||
fprintf(stderr,"@mla@: link_established: ho->neg_chap = %d\n", ho->neg_chap);
|
||||
fprintf(stderr,"@mla@: link_established: ho->neg_upap = %d\n", ho->neg_upap);
|
||||
if (go->neg_chap) {
|
||||
fprintf(stderr,"@mla@: link_established: Calling ChapAuthPeer()\n");
|
||||
ChapAuthPeer(lns[linkunit].chap_unit, our_name, go->chap_mdtype);
|
||||
auth |= CHAP_PEER;
|
||||
} else if (go->neg_upap) {
|
||||
fprintf(stderr,"@mla@: link_established: Calling upap_authpeer()\n");
|
||||
upap_authpeer(lns[linkunit].upap_unit);
|
||||
auth |= UPAP_PEER;
|
||||
}
|
||||
if (ho->neg_chap) {
|
||||
fprintf(stderr,"@mla@: link_established: Calling ChapAuthWithPeer()\n");
|
||||
ChapAuthWithPeer(lns[linkunit].chap_unit, our_name, ho->chap_mdtype);
|
||||
auth |= CHAP_WITHPEER;
|
||||
} else if (ho->neg_upap) {
|
||||
fprintf(stderr,"@mla@: link_established: Calling upap_authwithpeer()\n");
|
||||
upap_authwithpeer(lns[linkunit].upap_unit, user, passwd);
|
||||
auth |= UPAP_WITHPEER;
|
||||
}
|
||||
lns[linkunit].auth_pending = auth;
|
||||
|
||||
fprintf(stderr,"@mla@: link_established: at end, auth = %d\n", auth);
|
||||
if (!auth)
|
||||
callback_phase(linkunit);
|
||||
}
|
||||
|
@ -327,6 +357,7 @@ static void network_phase(int linkunit)
|
|||
lns[linkunit].bundle_next = lns[i].bundle_next;
|
||||
lns[i].bundle_next = &lns[linkunit];
|
||||
lns[linkunit].ifunit = lns[i].ifunit;
|
||||
lns[linkunit].master = i;
|
||||
lns[linkunit].ipcp_unit = lns[i].ipcp_unit; /* use fsm state of other link */
|
||||
/*
|
||||
* same fsm state for ccp, too???
|
||||
|
@ -414,7 +445,7 @@ void auth_peer_fail(int unit,int protocol)
|
|||
/*
|
||||
* The peer has been successfully authenticated using `protocol'.
|
||||
*/
|
||||
void auth_peer_success(int unit,int protocol)
|
||||
void auth_peer_success(int linkunit,int protocol)
|
||||
{
|
||||
int bit;
|
||||
|
||||
|
@ -434,8 +465,9 @@ void auth_peer_success(int unit,int protocol)
|
|||
* If there is no more authentication still to be done,
|
||||
* proceed to the network phase. (via callback phase)
|
||||
*/
|
||||
if ((lns[unit].auth_pending &= ~bit) == 0) {
|
||||
callback_phase(unit);
|
||||
if ((lns[linkunit].auth_pending &= ~bit) == 0 &&
|
||||
lns[linkunit].phase == PHASE_AUTHENTICATE) {
|
||||
callback_phase(linkunit);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -454,48 +486,64 @@ void auth_withpeer_fail(int unit,int protocol)
|
|||
/*
|
||||
* We have successfully authenticated ourselves with the peer using `protocol'.
|
||||
*/
|
||||
void auth_withpeer_success(int unit,int protocol)
|
||||
void auth_withpeer_success(int linkunit,int protocol)
|
||||
{
|
||||
int bit;
|
||||
|
||||
switch (protocol) {
|
||||
case PPP_CHAP:
|
||||
bit = CHAP_WITHPEER;
|
||||
break;
|
||||
case PPP_PAP:
|
||||
bit = UPAP_WITHPEER;
|
||||
break;
|
||||
default:
|
||||
syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",protocol);
|
||||
bit = 0;
|
||||
case PPP_CHAP:
|
||||
bit = CHAP_WITHPEER;
|
||||
break;
|
||||
case PPP_PAP:
|
||||
bit = UPAP_WITHPEER;
|
||||
break;
|
||||
default:
|
||||
syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",protocol);
|
||||
bit = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If there is no more authentication still being done,
|
||||
* proceed to the network phase.
|
||||
*/
|
||||
if ((lns[unit].auth_pending &= ~bit) == 0)
|
||||
callback_phase(unit);
|
||||
/*
|
||||
* If there is no more authentication still being done,
|
||||
* proceed to the network phase.
|
||||
*/
|
||||
if ((lns[linkunit].auth_pending &= ~bit) == 0 &&
|
||||
lns[linkunit].phase == PHASE_AUTHENTICATE)
|
||||
callback_phase(linkunit);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* check_auth_options - called to check authentication options.
|
||||
*/
|
||||
void check_auth_options()
|
||||
{
|
||||
int i;
|
||||
int i;
|
||||
|
||||
lcp_options *wo = &lcp_wantoptions[0];
|
||||
lcp_options *ao = &lcp_allowoptions[0];
|
||||
|
||||
#ifdef RADIUS
|
||||
fprintf(stderr,"@mla@: check_auth_options called\n");
|
||||
fprintf(stderr,"@mla@: our_name = <%s>\n", our_name);
|
||||
fprintf(stderr,"@mls@: remote_name = <%s>\n", remote_name);
|
||||
#endif
|
||||
|
||||
/* Default our_name to hostname, and user to our_name */
|
||||
if (our_name[0] == 0 || usehostname)
|
||||
strcpy(our_name, hostname);
|
||||
if (user[0] == 0)
|
||||
strcpy(user, our_name);
|
||||
|
||||
#ifdef RADIUS
|
||||
fprintf(stderr,"@mla@: auth_required = %d\n",auth_required);
|
||||
fprintf(stderr,"@mla@: wo->neg_chap = %d\n",wo->neg_chap);
|
||||
fprintf(stderr,"@mls@: wo->neg_upap = %d\n",wo->neg_upap);
|
||||
#endif
|
||||
|
||||
/* If authentication is required, ask peer for CHAP or PAP. */
|
||||
if (auth_required && !wo->neg_chap && !wo->neg_upap) {
|
||||
#ifdef RADIUS
|
||||
fprintf(stderr,"@mla@: Ask peer for CHAP or PAP\n");
|
||||
#endif
|
||||
wo->neg_chap = 1;
|
||||
wo->neg_upap = 1;
|
||||
}
|
||||
|
@ -504,21 +552,21 @@ void check_auth_options()
|
|||
* Check whether we have appropriate secrets to use
|
||||
* to authenticate ourselves and/or the peer.
|
||||
*/
|
||||
if (ao->neg_upap && passwd[0] == 0 && !get_upap_passwd()) {
|
||||
if (ao->neg_upap && passwd[0] == 0 && !useradius && !get_upap_passwd()) {
|
||||
syslog(LOG_INFO,"info: no PAP secret entry for this user!\n");
|
||||
ao->neg_upap = 0;
|
||||
}
|
||||
if (wo->neg_upap && !uselogin && !have_upap_secret())
|
||||
if (wo->neg_upap && !uselogin && !useradius && !have_upap_secret())
|
||||
wo->neg_upap = 0;
|
||||
if (ao->neg_chap && !have_chap_secret(our_name, remote_name)) {
|
||||
if (ao->neg_chap && !useradius && !have_chap_secret(our_name, remote_name)) {
|
||||
syslog(LOG_INFO,"info: no CHAP secret entry for this user!\n");
|
||||
ao->neg_chap = 0;
|
||||
}
|
||||
if (wo->neg_chap && !have_chap_secret(remote_name, our_name))
|
||||
if (wo->neg_chap && !useradius && !have_chap_secret(remote_name, our_name))
|
||||
wo->neg_chap = 0;
|
||||
|
||||
if (auth_required && !wo->neg_chap && !wo->neg_upap) {
|
||||
fprintf(stderr, "ipppd: peer authentication required but no authentication files accessible\n");
|
||||
fprintf(stderr,"ipppd: peer authentication required but no authentication files accessible\n or user %s not found in auth files",user);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -532,6 +580,14 @@ void check_auth_options()
|
|||
|
||||
}
|
||||
|
||||
/*
|
||||
* reload PW
|
||||
*/
|
||||
void auth_reload_upap_pw(void)
|
||||
{
|
||||
if(lcp_allowoptions[0].neg_upap)
|
||||
get_upap_passwd();
|
||||
}
|
||||
|
||||
/*
|
||||
* check_passwd - Check the user name and passwd against the PAP secrets
|
||||
|
@ -543,84 +599,120 @@ void check_auth_options()
|
|||
* UPAP_AUTHACK: Authentication succeeded.
|
||||
* In either case, msg points to an appropriate message.
|
||||
*/
|
||||
int check_passwd(int linkunit,char *auser,int userlen,char *apasswd,int passwdlen,char **msg,int *msglen)
|
||||
int check_passwd(int linkunit,char *auser,int userlen,char *apasswd,
|
||||
int passwdlen,char **msg,int *msglen)
|
||||
{
|
||||
int ret;
|
||||
char *filename;
|
||||
FILE *f;
|
||||
struct wordlist *addrs;
|
||||
char passwd[256], user[256];
|
||||
char secret[MAXWORDLEN];
|
||||
int ret;
|
||||
char *filename;
|
||||
FILE *f;
|
||||
struct wordlist *addrs;
|
||||
char passwd[256], user[256];
|
||||
char secret[MAXWORDLEN];
|
||||
|
||||
/*
|
||||
* Make copies of apasswd and auser, then null-terminate them.
|
||||
*/
|
||||
BCOPY(apasswd, passwd, passwdlen);
|
||||
passwd[passwdlen] = '\0';
|
||||
BCOPY(auser, user, userlen);
|
||||
user[userlen] = '\0';
|
||||
/*
|
||||
* Make copies of apasswd and auser, then null-terminate them.
|
||||
*/
|
||||
BCOPY(apasswd, passwd, passwdlen);
|
||||
passwd[passwdlen] = '\0';
|
||||
BCOPY(auser, user, userlen);
|
||||
user[userlen] = '\0';
|
||||
|
||||
strcpy(lns[linkunit].peer_authname,user);
|
||||
syslog(LOG_INFO,"Check_passwd called with user=%s\n",user);
|
||||
|
||||
/*
|
||||
* Open the file of upap secrets and scan for a suitable secret
|
||||
* for authenticating this user.
|
||||
*/
|
||||
filename = _PATH_UPAPFILE;
|
||||
addrs = NULL;
|
||||
ret = UPAP_AUTHACK;
|
||||
f = fopen(filename, "r");
|
||||
if (f == NULL) {
|
||||
if (!uselogin) {
|
||||
syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename);
|
||||
ret = UPAP_AUTHNAK;
|
||||
}
|
||||
} else {
|
||||
check_access(f, filename);
|
||||
if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
|
||||
|| (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
|
||||
&& strcmp(crypt(passwd, secret), secret) != 0)) {
|
||||
syslog(LOG_WARNING, "PAP authentication failure for %s", user);
|
||||
ret = UPAP_AUTHNAK;
|
||||
}
|
||||
fclose(f);
|
||||
strcpy(lns[linkunit].peer_authname,user);
|
||||
|
||||
/*
|
||||
* Open the file of upap secrets and scan for a suitable secret
|
||||
* for authenticating this user.
|
||||
*/
|
||||
filename = _PATH_UPAPFILE;
|
||||
addrs = NULL;
|
||||
ret = UPAP_AUTHACK;
|
||||
f = fopen(filename, "r");
|
||||
if (f == NULL) {
|
||||
if (!uselogin && !useradius) {
|
||||
syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename);
|
||||
ret = UPAP_AUTHNAK;
|
||||
}
|
||||
|
||||
if (uselogin && ret == UPAP_AUTHACK) {
|
||||
ret = check_login(user, passwd, msg, msglen,linkunit);
|
||||
if (ret == UPAP_AUTHNAK) {
|
||||
syslog(LOG_WARNING, "PAP login failure for %s", user);
|
||||
}
|
||||
else
|
||||
lns[linkunit].logged_in = TRUE;
|
||||
} else {
|
||||
check_access(f, filename);
|
||||
if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
|
||||
|| (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
|
||||
&& strcmp(crypt(passwd, secret), secret) != 0)) {
|
||||
syslog(LOG_WARNING, "PAP authentication failure for %s", user);
|
||||
ret = UPAP_AUTHNAK;
|
||||
}
|
||||
fclose(f);
|
||||
}
|
||||
|
||||
#ifndef RADIUS
|
||||
if (uselogin && ret == UPAP_AUTHACK) {
|
||||
ret = check_login(user, passwd, msg, msglen,linkunit);
|
||||
if (ret == UPAP_AUTHNAK) {
|
||||
*msg = "Login incorrect";
|
||||
*msglen = strlen(*msg);
|
||||
if (lns[linkunit].attempts++ >= 10) {
|
||||
syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s",
|
||||
lns[linkunit].attempts, lns[linkunit].devnam, user);
|
||||
lcp_close(lns[linkunit].lcp_unit,"max auth exceed");
|
||||
lns[linkunit].phase = PHASE_TERMINATE;
|
||||
}
|
||||
#if 0
|
||||
if (attempts > 3)
|
||||
sleep((u_int) (attempts - 3) * 5);
|
||||
#endif
|
||||
if (addrs != NULL)
|
||||
free_wordlist(addrs);
|
||||
} else {
|
||||
lns[linkunit].attempts = 0; /* Reset count */
|
||||
*msg = "Login ok";
|
||||
*msglen = strlen(*msg);
|
||||
if (lns[linkunit].addresses != NULL)
|
||||
free_wordlist(lns[linkunit].addresses);
|
||||
lns[linkunit].addresses = addrs;
|
||||
auth_script(linkunit,_PATH_AUTHUP);
|
||||
lns[linkunit].auth_up_script = 1;
|
||||
syslog(LOG_WARNING, "PAP login failure for %s", user);
|
||||
}
|
||||
else
|
||||
lns[linkunit].logged_in = TRUE;
|
||||
}
|
||||
#else
|
||||
{
|
||||
int auth_order = radius_auth_order();
|
||||
syslog(LOG_INFO,": auth_order = 0x%x\n", auth_order);
|
||||
syslog(LOG_INFO,": AUTH_LOCAL_FST = 0x%x\n", AUTH_LOCAL_FST);
|
||||
syslog(LOG_INFO,": AUTH_LOCAL_SND = 0x%x\n", AUTH_LOCAL_SND);
|
||||
syslog(LOG_INFO,": AUTH_RADIUS_SND = 0x%x\n", AUTH_RADIUS_SND);
|
||||
syslog(LOG_INFO,": AUTH_RADIUS_FST = 0x%x\n", AUTH_RADIUS_FST);
|
||||
if (ret == UPAP_AUTHACK) {
|
||||
if (uselogin && useradius) {
|
||||
if (auth_order & AUTH_LOCAL_FST) {
|
||||
ret = login(user, passwd, msg, msglen, linkunit);
|
||||
if ((auth_order & AUTH_RADIUS_SND) && (ret == UPAP_AUTHNAK))
|
||||
ret = radius_pap_auth( user, passwd, msg, msglen, linkunit);
|
||||
}
|
||||
else if (auth_order & AUTH_RADIUS_FST) {
|
||||
ret = radius_pap_auth( user, passwd, msg, msglen, linkunit );
|
||||
if ((auth_order & AUTH_LOCAL_SND) && (ret == UPAP_AUTHNAK))
|
||||
ret = login(user, passwd, msg, msglen, linkunit );
|
||||
}
|
||||
}
|
||||
else if (uselogin) {
|
||||
ret = login(user, passwd, msg, msglen, linkunit);
|
||||
}
|
||||
else if (useradius) {
|
||||
ret = radius_pap_auth( user, passwd, msg, msglen, linkunit);
|
||||
}
|
||||
}
|
||||
if (ret == UPAP_AUTHNAK) {
|
||||
syslog(LOG_WARNING, "PAP login failure for %s", user);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret == UPAP_AUTHNAK) {
|
||||
*msg = "Login incorrect";
|
||||
*msglen = strlen(*msg);
|
||||
if (lns[linkunit].attempts++ >= 10) {
|
||||
syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s",
|
||||
lns[linkunit].attempts, lns[linkunit].devnam, user);
|
||||
lcp_close(lns[linkunit].lcp_unit,"max auth exceed");
|
||||
lns[linkunit].phase = PHASE_TERMINATE;
|
||||
}
|
||||
#if 0
|
||||
if (attempts > 3)
|
||||
sleep((u_int) (attempts - 3) * 5);
|
||||
#endif
|
||||
if (addrs != NULL)
|
||||
free_wordlist(addrs);
|
||||
} else {
|
||||
lns[linkunit].attempts = 0; /* Reset count */
|
||||
*msg = "Login ok";
|
||||
*msglen = strlen(*msg);
|
||||
if (lns[linkunit].addresses != NULL)
|
||||
free_wordlist(lns[linkunit].addresses);
|
||||
lns[linkunit].addresses = addrs;
|
||||
auth_script(linkunit,_PATH_AUTHUP);
|
||||
lns[linkunit].auth_up_script = 1;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -645,7 +737,8 @@ static int check_login(char *user,char *passwd,char **msg,int *msglen,int unit)
|
|||
extern int isexpired (struct passwd *, struct spwd *);
|
||||
#endif
|
||||
|
||||
if ((pw = getpwnam(user)) == NULL) {
|
||||
fprintf(stderr,"@mla@: login called\n");
|
||||
if ((pw = getpwnam(user)) == NULL) {
|
||||
return (UPAP_AUTHNAK);
|
||||
}
|
||||
|
||||
|
@ -719,6 +812,7 @@ static int null_login(int unit)
|
|||
* Open the file of upap secrets and scan for a suitable secret.
|
||||
* We don't accept a wildcard client.
|
||||
*/
|
||||
fprintf(stderr,"@mla@: null_login called\n");
|
||||
filename = _PATH_UPAPFILE;
|
||||
addrs = NULL;
|
||||
f = fopen(filename, "r");
|
||||
|
@ -796,10 +890,7 @@ static int have_upap_secret(void)
|
|||
* on `server'. Either can be the null string, meaning we don't
|
||||
* know the identity yet.
|
||||
*/
|
||||
static int
|
||||
have_chap_secret(client, server)
|
||||
char *client;
|
||||
char *server;
|
||||
static int have_chap_secret(char *client,char *server)
|
||||
{
|
||||
FILE *f;
|
||||
int ret;
|
||||
|
@ -941,7 +1032,7 @@ int auth_ip_addr(int unit,u_int32_t addr)
|
|||
if (ptr_mask)
|
||||
*ptr_mask = '/';
|
||||
|
||||
if (a == -1L)
|
||||
if (a == (u_int32_t)-1L)
|
||||
syslog (LOG_WARNING,
|
||||
"unknown host %s in auth. address list",
|
||||
addrs->word);
|
||||
|
@ -1084,8 +1175,7 @@ static int scan_authfile(FILE *f,char *client,char *server,char *secret,struct w
|
|||
for (;;) {
|
||||
if (!getword(f, word, &newline, filename) || newline)
|
||||
break;
|
||||
ap = (struct wordlist *) malloc(sizeof(struct wordlist)
|
||||
+ strlen(word));
|
||||
ap = (struct wordlist *) malloc(sizeof(struct wordlist) + strlen(word));
|
||||
if (ap == NULL)
|
||||
novm("authorized addresses");
|
||||
ap->next = NULL;
|
||||
|
@ -1111,9 +1201,7 @@ static int scan_authfile(FILE *f,char *client,char *server,char *secret,struct w
|
|||
/*
|
||||
* free_wordlist - release memory allocated for a wordlist.
|
||||
*/
|
||||
static void
|
||||
free_wordlist(wp)
|
||||
struct wordlist *wp;
|
||||
static void free_wordlist(struct wordlist *wp)
|
||||
{
|
||||
struct wordlist *next;
|
||||
|
||||
|
@ -1153,7 +1241,7 @@ static void auth_script(int linkunit,char *script)
|
|||
argv[6] = lns[linkunit].pci.remote_num;
|
||||
argv[7] = NULL;
|
||||
|
||||
run_program(script, argv, 0,linkunit);
|
||||
run_program(script, argv, debug,linkunit);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ in the developr/rfc directory.
|
|||
|
||||
#define PPP_CBCP 0xc029 /* Callback Control Protocol */
|
||||
|
||||
char cbcp_rcsid[] = "$Id: cbcp.c,v 1.4 1997/05/19 10:15:31 hipp Exp $";
|
||||
char cbcp_rcsid[] = "$Id: cbcp.c,v 1.5 1998/03/08 13:01:30 hipp Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
@ -401,7 +401,7 @@ void cbcp_send(cbcp_state *us, u_char code, u_char *buf, int len)
|
|||
if (len)
|
||||
BCOPY(buf, outp, len);
|
||||
|
||||
output(us->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(us->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
}
|
||||
|
||||
void cbcp_recvack(cbcp_state *us, char *pckt, int len)
|
||||
|
|
53
ipppd/chap.c
53
ipppd/chap.c
|
@ -18,7 +18,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char chap_rcsid[] = "$Id: chap.c,v 1.3 1997/05/19 10:15:38 hipp Exp $";
|
||||
char chap_rcsid[] = "$Id: chap.c,v 1.4 1998/03/08 13:01:31 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -36,7 +36,12 @@ char chap_rcsid[] = "$Id: chap.c,v 1.3 1997/05/19 10:15:38 hipp Exp $";
|
|||
#ifdef USE_MSCHAP
|
||||
#include "chap_ms.h"
|
||||
#endif /* USE_MSCHAP */
|
||||
#include "md5.h"
|
||||
#include "md5.c"
|
||||
|
||||
#ifdef RADIUS
|
||||
int radius_chap_auth __P((char *, u_char *, chap_state *, int));
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Protocol entry points.
|
||||
|
@ -72,7 +77,8 @@ chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */
|
|||
static void ChapChallengeTimeout __P((caddr_t));
|
||||
static void ChapResponseTimeout __P((caddr_t));
|
||||
static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
|
||||
static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
|
||||
static void ChapReceiveResponse __P((chap_state *, u_char *, int, int,
|
||||
int));
|
||||
static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
|
||||
static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
|
||||
static void ChapSendStatus __P((chap_state *, int));
|
||||
|
@ -335,7 +341,7 @@ void ChapInput(int linkunit,u_char *inpacket,int packet_len)
|
|||
break;
|
||||
|
||||
case CHAP_RESPONSE:
|
||||
ChapReceiveResponse(cstate, inp, id, len);
|
||||
ChapReceiveResponse(cstate, inp, id, len, linkunit);
|
||||
break;
|
||||
|
||||
case CHAP_FAILURE:
|
||||
|
@ -368,7 +374,7 @@ ChapReceiveChallenge(cstate, inp, id, len)
|
|||
int secret_len;
|
||||
char secret[MAXSECRETLEN];
|
||||
char rhostname[256];
|
||||
MD5_CTX mdContext;
|
||||
MD5_CTX_ppp mdContext;
|
||||
|
||||
CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
|
||||
if (cstate->clientstate == CHAPCS_CLOSED ||
|
||||
|
@ -428,11 +434,11 @@ ChapReceiveChallenge(cstate, inp, id, len)
|
|||
switch (cstate->resp_type) {
|
||||
|
||||
case CHAP_DIGEST_MD5:
|
||||
MD5Init(&mdContext);
|
||||
MD5Update(&mdContext, &cstate->resp_id, 1);
|
||||
MD5Update(&mdContext, secret, secret_len);
|
||||
MD5Update(&mdContext, rchallenge, rchallenge_len);
|
||||
MD5Final(&mdContext);
|
||||
MD5Init_ppp(&mdContext);
|
||||
MD5Update_ppp(&mdContext, &cstate->resp_id, 1);
|
||||
MD5Update_ppp(&mdContext, secret, secret_len);
|
||||
MD5Update_ppp(&mdContext, rchallenge, rchallenge_len);
|
||||
MD5Final_ppp(&mdContext);
|
||||
BCOPY(mdContext.digest, cstate->response, MD5_SIGNATURE_SIZE);
|
||||
cstate->resp_length = MD5_SIGNATURE_SIZE;
|
||||
break;
|
||||
|
@ -454,13 +460,14 @@ ChapReceiveChallenge(cstate, inp, id, len)
|
|||
/*
|
||||
* ChapReceiveResponse - Receive and process response.
|
||||
*/
|
||||
static void ChapReceiveResponse(chap_state *cstate,u_char *inp,int id,int len)
|
||||
static void ChapReceiveResponse(chap_state *cstate,u_char *inp,int
|
||||
id,int len, int linkunit)
|
||||
{
|
||||
u_char *remmd, remmd_len;
|
||||
int secret_len, old_state;
|
||||
int code;
|
||||
char rhostname[256];
|
||||
MD5_CTX mdContext;
|
||||
MD5_CTX_ppp mdContext;
|
||||
char secret[MAXSECRETLEN];
|
||||
|
||||
CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
|
||||
|
@ -522,19 +529,23 @@ static void ChapReceiveResponse(chap_state *cstate,u_char *inp,int id,int len)
|
|||
secret, &secret_len, 1)) {
|
||||
syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
|
||||
rhostname);
|
||||
#ifdef RADIUS
|
||||
} if (radius_chap_auth(rhostname, remmd, cstate, linkunit) == 0) {
|
||||
code = CHAP_SUCCESS;
|
||||
#else
|
||||
} else {
|
||||
|
||||
#endif
|
||||
/* generate MD based on negotiated type */
|
||||
switch (cstate->chal_type) {
|
||||
|
||||
case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
|
||||
if (remmd_len != MD5_SIGNATURE_SIZE)
|
||||
break; /* it's not even the right length */
|
||||
MD5Init(&mdContext);
|
||||
MD5Update(&mdContext, &cstate->chal_id, 1);
|
||||
MD5Update(&mdContext, secret, secret_len);
|
||||
MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
|
||||
MD5Final(&mdContext);
|
||||
MD5Init_ppp(&mdContext);
|
||||
MD5Update_ppp(&mdContext, &cstate->chal_id, 1);
|
||||
MD5Update_ppp(&mdContext, secret, secret_len);
|
||||
MD5Update_ppp(&mdContext, cstate->challenge, cstate->chal_len);
|
||||
MD5Final_ppp(&mdContext);
|
||||
|
||||
/* compare local and remote MDs and send the appropriate status */
|
||||
if (memcmp (mdContext.digest, remmd, MD5_SIGNATURE_SIZE) == 0)
|
||||
|
@ -662,7 +673,7 @@ ChapSendChallenge(cstate)
|
|||
|
||||
BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
|
||||
|
||||
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
|
||||
|
||||
|
@ -698,7 +709,7 @@ ChapSendStatus(cstate, code)
|
|||
PUTCHAR(cstate->chal_id, outp);
|
||||
PUTSHORT(outlen, outp);
|
||||
BCOPY(msg, outp, msglen);
|
||||
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
|
||||
cstate->chal_id));
|
||||
|
@ -763,7 +774,7 @@ ChapSendResponse(cstate)
|
|||
BCOPY(cstate->resp_name, outp, name_len); /* append our name */
|
||||
|
||||
/* send the packet */
|
||||
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
cstate->clientstate = CHAPCS_RESPONSE;
|
||||
TIMEOUT(ChapResponseTimeout, (caddr_t) cstate, cstate->timeouttime);
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char fsm_rcsid[] = "$Id: fsm.c,v 1.3 1997/05/19 10:15:43 hipp Exp $";
|
||||
char fsm_rcsid[] = "$Id: fsm.c,v 1.4 1998/03/08 13:01:32 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -734,7 +734,7 @@ void fsm_sdata(fsm *f,int code,int id,u_char *data,int datalen)
|
|||
PUTCHAR(code, outp);
|
||||
PUTCHAR(id, outp);
|
||||
PUTSHORT(outlen, outp);
|
||||
output(f->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(f->unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
FSMDEBUG((LOG_INFO, "fsm_sdata(%s): Sent code %d, id %d.",
|
||||
PROTO_NAME(f), code, id));
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char ipcp_rcsid[] = "$Id: ipcp.c,v 1.3 1997/05/19 10:15:46 hipp Exp $";
|
||||
char ipcp_rcsid[] = "$Id: ipcp.c,v 1.4 1998/03/08 13:01:33 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -1199,7 +1199,7 @@ static void ipcp_script(fsm *f,char *script)
|
|||
argv[5] = strremote;
|
||||
argv[6] = ipparam;
|
||||
argv[7] = NULL;
|
||||
run_program(script, argv, 0,f->unit);
|
||||
run_program(script, argv, debug,f->unit);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ipppd.h,v 1.8 1997/06/10 14:39:22 hipp Exp $
|
||||
* $Id: ipppd.h,v 1.9 1998/03/08 13:01:34 hipp Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -46,13 +46,16 @@
|
|||
# include <utmp.h>
|
||||
#endif
|
||||
|
||||
#define NUM_PPP 16 /* 16 PPP interface supported (per process) */
|
||||
#define NUM_PPP 64 /* 64 PPP interface supported (per process) */
|
||||
|
||||
struct wordlist {
|
||||
struct wordlist *next;
|
||||
char word[1];
|
||||
};
|
||||
|
||||
#define MAXUSERNAME 255
|
||||
#define MAXSESSIONID 32
|
||||
|
||||
struct link_struct {
|
||||
struct link_struct *bundle_next;
|
||||
int fd; /* link file descriptor */
|
||||
|
@ -61,6 +64,7 @@ struct link_struct {
|
|||
int auth_pending;
|
||||
struct wordlist *addresses;
|
||||
int unit; /* link unit */
|
||||
int master; /* 'master' link unit */
|
||||
int lcp_unit;
|
||||
int ipcp_unit;
|
||||
int ccp_unit;
|
||||
|
@ -82,6 +86,11 @@ struct link_struct {
|
|||
struct pppcallinfo pci;
|
||||
int has_proxy_arp;
|
||||
int attempts;
|
||||
int rx_bytes;
|
||||
int tx_bytes;
|
||||
char session_id[MAXSESSIONID+1];
|
||||
char username[MAXUSERNAME+1];
|
||||
time_t start_time;
|
||||
};
|
||||
|
||||
extern struct link_struct lns[NUM_PPP];
|
||||
|
@ -99,6 +108,7 @@ extern struct link_struct lns[NUM_PPP];
|
|||
* Global variables.
|
||||
*/
|
||||
|
||||
extern int useradius; /* Use RADIUS server for checking PAP */
|
||||
extern char hostname[]; /* Our hostname */
|
||||
extern u_char outpacket_buf[]; /* Buffer for outgoing packets */
|
||||
extern int baud_rate; /* Current link speed in bits/sec */
|
||||
|
@ -218,7 +228,7 @@ void timeout __P((void (*)(), caddr_t, int));
|
|||
/* Look-alike of kernel's timeout() */
|
||||
void untimeout __P((void (*)(), caddr_t));
|
||||
/* Look-alike of kernel's untimeout() */
|
||||
void output __P((int, u_char *, int));
|
||||
void output_ppp __P((int, u_char *, int));
|
||||
/* Output a PPP packet */
|
||||
void demuxprotrej __P((int,u_short));
|
||||
/* Demultiplex a Protocol-Reject */
|
||||
|
@ -398,7 +408,7 @@ extern struct option_info devnam_info;
|
|||
#define DEBUGUPAP 1
|
||||
#define DEBUGCHAP 1
|
||||
#endif
|
||||
|
||||
#define DEBUGCHAP 1
|
||||
#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
|
||||
#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUG) \
|
||||
|| defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char ipxcp_rcsid[] = "$Id: ipxcp.c,v 1.3 1997/05/19 10:15:57 hipp Exp $";
|
||||
char ipxcp_rcsid[] = "$Id: ipxcp.c,v 1.4 1998/03/08 13:01:35 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -1217,7 +1217,7 @@ static void ipxcp_script(fsm *f,char *script)
|
|||
argv[11] = ipparam;
|
||||
argv[12] = strpid;
|
||||
argv[13] = NULL;
|
||||
run_program(script, argv, 0 , linkunit);
|
||||
run_program(script, argv, debug , linkunit);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
27
ipppd/lcp.c
27
ipppd/lcp.c
|
@ -21,7 +21,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char lcp_rcsid[] = "$Id: lcp.c,v 1.5 1997/10/26 23:06:16 fritz Exp $";
|
||||
char lcp_rcsid[] = "$Id: lcp.c,v 1.6 1998/03/08 13:01:36 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -221,6 +221,7 @@ static void lcp_init(int unit)
|
|||
wo->mp_mrru = DEFMRU;
|
||||
wo->mp_class = our_discr_class;
|
||||
wo->mp_alen = sizeof(our_discr_addr);
|
||||
wo->numloops = 0;
|
||||
memcpy(wo->mp_addr,our_discr_addr,wo->mp_alen);
|
||||
|
||||
ao->neg_mru = 1;
|
||||
|
@ -371,16 +372,14 @@ void lcp_lowerup(int unit)
|
|||
{
|
||||
fsm *f = &lcp_fsm[unit];
|
||||
struct link_struct *tlns = &lns[f->unit];
|
||||
#ifndef ISDN4LINUX_PATCH
|
||||
sifdown(f->unit);
|
||||
#endif
|
||||
ppp_set_xaccm(f->unit, xmit_accm[unit]);
|
||||
ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0);
|
||||
ppp_recv_config(f->unit, PPP_MRU, 0x00000000, 0, 0);
|
||||
tlns->peer_mru = PPP_MRU;
|
||||
lcp_allowoptions[tlns->lcp_unit].asyncmap = xmit_accm[unit][0];
|
||||
|
||||
fsm_lowerup(&lcp_fsm[unit]);
|
||||
ppp_set_xaccm(f->unit, xmit_accm[unit]);
|
||||
ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0);
|
||||
ppp_recv_config(f->unit, PPP_MRU, 0x00000000, 0, 0);
|
||||
|
||||
tlns->peer_mru = PPP_MRU;
|
||||
lcp_allowoptions[tlns->lcp_unit].asyncmap = xmit_accm[unit][0];
|
||||
fsm_lowerup(&lcp_fsm[unit]);
|
||||
}
|
||||
|
||||
|
||||
|
@ -538,7 +537,9 @@ static void lcp_resetci(fsm *f)
|
|||
struct link_struct *tlns = &lns[f->unit];
|
||||
|
||||
lcp_wantoptions[tlns->lcp_unit].magicnumber = magic();
|
||||
#if 0
|
||||
lcp_wantoptions[tlns->lcp_unit].numloops = 0;
|
||||
#endif
|
||||
lcp_gotoptions[tlns->lcp_unit] = lcp_wantoptions[tlns->lcp_unit];
|
||||
tlns->peer_mru = PPP_MRU;
|
||||
}
|
||||
|
@ -1601,8 +1602,7 @@ static int lcp_reqci(fsm *f,u_char *inp,int *lenp,int reject_if_disagree)
|
|||
break;
|
||||
case CI_MPDISCRIMINATOR:
|
||||
LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd MP Discriminator"));
|
||||
if(!ao->neg_mpdiscr)
|
||||
{
|
||||
if(!ao->neg_mpdiscr || cilen < 3) {
|
||||
orc = CONFREJ;
|
||||
break;
|
||||
}
|
||||
|
@ -1618,8 +1618,7 @@ static int lcp_reqci(fsm *f,u_char *inp,int *lenp,int reject_if_disagree)
|
|||
ho->mp_alen = cilen-3;
|
||||
break;
|
||||
case CI_MPMRRU:
|
||||
if(!ao->neg_mpmrru || cilen != CILEN_SHORT)
|
||||
{
|
||||
if(!ao->neg_mpmrru || cilen != CILEN_SHORT) {
|
||||
orc = CONFREJ;
|
||||
break;
|
||||
}
|
||||
|
|
51
ipppd/main.c
51
ipppd/main.c
|
@ -25,7 +25,7 @@
|
|||
* PATCHLEVEL 9
|
||||
*/
|
||||
|
||||
char main_rcsid[] = "$Id: main.c,v 1.9 1997/10/26 23:06:19 fritz Exp $";
|
||||
char main_rcsid[] = "$Id: main.c,v 1.10 1998/03/08 13:01:38 hipp Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
@ -108,6 +108,7 @@ static int init_unit(int);
|
|||
static int exit_unit(int);
|
||||
|
||||
void remote_sys_options __P((void));
|
||||
void reload_config(void);
|
||||
|
||||
extern char *ttyname __P((int));
|
||||
extern char *getlogin __P((void));
|
||||
|
@ -147,7 +148,12 @@ void main(int argc,char **argv)
|
|||
struct protent *protp;
|
||||
|
||||
if(argc > 1 && !strcmp(argv[1],"-version")) {
|
||||
#ifndef RADIUS
|
||||
fprintf(stderr,"ipppd %s.%d (isdn4linux version of pppd by MH) started\n", VERSION, PATCHLEVEL);
|
||||
#else
|
||||
fprintf(stderr,"ipppd %s.%d (isdn4linux version of pppd with RADIUS extension by mla) started\n", VERSION, PATCHLEVEL);
|
||||
#endif
|
||||
|
||||
fprintf(stderr,"%s\n%s\n%s\n%s\n%s\n",lcp_rcsid,ipcp_rcsid,ipxcp_rcsid,ccp_rcsid,magic_rcsid);
|
||||
fprintf(stderr,"%s\n%s\n%s\n%s\n",chap_rcsid,upap_rcsid,main_rcsid,options_rcsid);
|
||||
fprintf(stderr,"%s\n%s\n%s\n",fsm_rcsid,cbcp_rcsid,sys_rcsid);
|
||||
|
@ -164,7 +170,9 @@ void main(int argc,char **argv)
|
|||
lns[i].bundle_next = &lns[i];
|
||||
lns[i].ifname[0] = 0;
|
||||
lns[i].ifunit = -1;
|
||||
#if 0
|
||||
lns[i].open_ccp_flag = 0;
|
||||
#endif
|
||||
lns[i].phase = PHASE_WAIT;
|
||||
lns[i].fd = -1;
|
||||
lns[i].logged_in = 0;
|
||||
|
@ -183,7 +191,7 @@ void main(int argc,char **argv)
|
|||
}
|
||||
hostname[MAXNAMELEN-1] = 0;
|
||||
|
||||
pidfilename[0] = 0;
|
||||
pidfilename[0] = 0;
|
||||
uid = getuid();
|
||||
|
||||
/*
|
||||
|
@ -197,8 +205,14 @@ void main(int argc,char **argv)
|
|||
for(j=0;j<NUM_PPP;j++)
|
||||
(*protp->init)(j); /* modifies our options .. !!!! */
|
||||
|
||||
#ifdef OPTIONS_TTY_FIRST
|
||||
if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) ||
|
||||
!options_for_tty() ||
|
||||
!parse_args(argc-1, argv+1))
|
||||
#else
|
||||
if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0 , 0) ||
|
||||
!parse_args(argc-1, argv+1) || !options_for_tty() )
|
||||
#endif
|
||||
die(1);
|
||||
|
||||
/*
|
||||
|
@ -225,11 +239,12 @@ void main(int argc,char **argv)
|
|||
else
|
||||
{
|
||||
char devstr[1024];
|
||||
sprintf(devstr,"Found %d devices: ",numdev);
|
||||
sprintf(devstr,"Found %d device%s: ",numdev, numdev==1?"":"s");
|
||||
for(i=0;i<numdev;i++)
|
||||
{
|
||||
strcat(devstr,lns[i].devnam);
|
||||
strcat(devstr,", ");
|
||||
if (i < numdev - 1)
|
||||
strcat(devstr,", ");
|
||||
}
|
||||
syslog(LOG_NOTICE,devstr);
|
||||
}
|
||||
|
@ -270,7 +285,11 @@ void main(int argc,char **argv)
|
|||
|
||||
/* write pid to file */
|
||||
if(!strlen(pidfilename))
|
||||
#if 1
|
||||
sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, "ipppd" );
|
||||
#else
|
||||
sprintf(pidfilename, "%s%s.%s.pid", _PATH_VARRUN, "ipppd", lns[0].devnam);
|
||||
#endif
|
||||
|
||||
if ((pidfile = fopen(pidfilename, "w")) != NULL) {
|
||||
fprintf(pidfile, "%d\n", pid);
|
||||
|
@ -395,7 +414,7 @@ void main(int argc,char **argv)
|
|||
lns[i].hungup = 0;
|
||||
establish_ppp(i);
|
||||
if(maxconnect > 0)
|
||||
timeout(connect_time_expired, (void *)i, maxconnect);
|
||||
timeout(connect_time_expired, (void *)(long)i, maxconnect);
|
||||
|
||||
syslog(LOG_NOTICE,"PHASE_WAIT -> PHASE_ESTABLISHED, ifunit: %d, linkunit: %d, fd: %d",lns[i].ifunit,i,lns[i].fd);
|
||||
lcp_open(lns[i].lcp_unit);
|
||||
|
@ -403,8 +422,8 @@ void main(int argc,char **argv)
|
|||
}
|
||||
get_input(i);
|
||||
}
|
||||
if (lns[i].open_ccp_flag) /* ugly: set by SIGUSR2 signal for all units */
|
||||
{
|
||||
#if 0
|
||||
if (lns[i].open_ccp_flag) { /* ugly: set by SIGUSR2 signal for all units */
|
||||
if (lns[i].phase == PHASE_NETWORK)
|
||||
{
|
||||
ccp_fsm[lns[i].ccp_unit].flags = OPT_RESTART; /* clears OPT_SILENT */
|
||||
|
@ -412,6 +431,7 @@ void main(int argc,char **argv)
|
|||
}
|
||||
lns[i].open_ccp_flag = 0;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
reap_kids(); /* Don't leave dead kids lying around */
|
||||
for(i=0;i<numdev;i++)
|
||||
|
@ -419,7 +439,7 @@ void main(int argc,char **argv)
|
|||
{
|
||||
if(!kill_link)
|
||||
syslog(LOG_NOTICE,"taking down PHASE_DEAD link %d, linkunit: %d",i,lns[i].unit);
|
||||
untimeout(connect_time_expired,(void *) i);
|
||||
untimeout(connect_time_expired,(void *) (long)i);
|
||||
lcp_close(lns[i].lcp_unit,"link closed");
|
||||
lcp_lowerdown(lns[i].lcp_unit);
|
||||
lcp_freeunit(lns[i].lcp_unit);
|
||||
|
@ -882,9 +902,7 @@ static void toggle_debug(int sig)
|
|||
/*ARGSUSED*/
|
||||
static void open_ccp(int sig)
|
||||
{
|
||||
int i;
|
||||
for(i=0;i<NUM_PPP;i++)
|
||||
lns[i].open_ccp_flag = 1;
|
||||
reload_config();
|
||||
}
|
||||
|
||||
|
||||
|
@ -1233,7 +1251,11 @@ int vfmtmsg(char *buf,int buflen,char *fmt,va_list args)
|
|||
* what gets passed for a va_list is like a void * in some sense.
|
||||
*/
|
||||
a = va_arg(args, void *);
|
||||
n = vfmtmsg(buf, buflen + 1, f, a);
|
||||
#ifdef __alpha__ /* always do this? */
|
||||
n = fmtmsg(buf, buflen + 1, f, a);
|
||||
#else
|
||||
n = vfmtmsg(buf, buflen + 1, f, a);
|
||||
#endif
|
||||
buf += n;
|
||||
buflen -= n;
|
||||
continue;
|
||||
|
@ -1339,4 +1361,9 @@ int vfmtmsg(char *buf,int buflen,char *fmt,va_list args)
|
|||
return buf - buf0;
|
||||
}
|
||||
|
||||
void reload_config(void)
|
||||
{
|
||||
auth_reload_upap_pw();
|
||||
}
|
||||
|
||||
|
||||
|
|
14
ipppd/md5.c
14
ipppd/md5.c
|
@ -101,8 +101,8 @@ static unsigned char PADDING[64] = {
|
|||
/* The routine MD5Init initializes the message-digest context
|
||||
mdContext. All fields are set to zero.
|
||||
*/
|
||||
void MD5Init (mdContext)
|
||||
MD5_CTX *mdContext;
|
||||
static void MD5Init_ppp (mdContext)
|
||||
MD5_CTX_ppp *mdContext;
|
||||
{
|
||||
mdContext->i[0] = mdContext->i[1] = (UINT4)0;
|
||||
|
||||
|
@ -118,8 +118,8 @@ MD5_CTX *mdContext;
|
|||
account for the presence of each of the characters inBuf[0..inLen-1]
|
||||
in the message whose digest is being computed.
|
||||
*/
|
||||
void MD5Update (mdContext, inBuf, inLen)
|
||||
MD5_CTX *mdContext;
|
||||
static void MD5Update_ppp (mdContext, inBuf, inLen)
|
||||
MD5_CTX_ppp *mdContext;
|
||||
unsigned char *inBuf;
|
||||
unsigned int inLen;
|
||||
{
|
||||
|
@ -156,8 +156,8 @@ unsigned int inLen;
|
|||
/* The routine MD5Final terminates the message-digest computation and
|
||||
ends with the desired message digest in mdContext->digest[0...15].
|
||||
*/
|
||||
void MD5Final (mdContext)
|
||||
MD5_CTX *mdContext;
|
||||
static void MD5Final_ppp (mdContext)
|
||||
MD5_CTX_ppp *mdContext;
|
||||
{
|
||||
UINT4 in[16];
|
||||
int mdi;
|
||||
|
@ -173,7 +173,7 @@ MD5_CTX *mdContext;
|
|||
|
||||
/* pad out to 56 mod 64 */
|
||||
padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
|
||||
MD5Update (mdContext, PADDING, padLen);
|
||||
MD5Update_ppp (mdContext, PADDING, padLen);
|
||||
|
||||
/* append length in bits and transform */
|
||||
for (i = 0, ii = 0; i < 14; i++, ii += 4)
|
||||
|
|
|
@ -48,11 +48,11 @@ typedef struct {
|
|||
UINT4 buf[4]; /* scratch buffer */
|
||||
unsigned char in[64]; /* input buffer */
|
||||
unsigned char digest[16]; /* actual digest after MD5Final call */
|
||||
} MD5_CTX;
|
||||
} MD5_CTX_ppp;
|
||||
|
||||
void MD5Init ();
|
||||
void MD5Update ();
|
||||
void MD5Final ();
|
||||
static void MD5Init_ppp (MD5_CTX_ppp*);
|
||||
static void MD5Update_ppp (MD5_CTX_ppp*, unsigned char*, unsigned int);
|
||||
static void MD5Final_ppp (MD5_CTX_ppp*);
|
||||
|
||||
#define __MD5_INCLUDE__
|
||||
#endif /* __MD5_INCLUDE__ */
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char options_rcsid[] = "$Id: options.c,v 1.5 1997/05/28 10:07:36 hipp Exp $";
|
||||
char options_rcsid[] = "$Id: options.c,v 1.6 1998/03/08 13:01:41 hipp Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
|
@ -87,6 +87,7 @@ int auth_required = 0; /* Peer is required to authenticate */
|
|||
int defaultroute = 0; /* assign default route through interface */
|
||||
int hostroute = 1;
|
||||
int uselogin = 0; /* Use /etc/passwd for checking PAP */
|
||||
int useradius = 0; /* Use RADIUS server checking PAP */
|
||||
int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
|
||||
int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
|
||||
char our_name[MAXNAMELEN]; /* Our name for authentication purposes */
|
||||
|
@ -173,6 +174,9 @@ static int setnodefaultroute __P((int));
|
|||
static int setproxyarp __P((int));
|
||||
static int setnoproxyarp __P((int));
|
||||
static int setdologin __P((int));
|
||||
#ifdef RADIUS
|
||||
static int setdoradius __P((void));
|
||||
#endif
|
||||
static int setusehostname __P((int));
|
||||
static int setnoipdflt __P((int));
|
||||
static int setlcptimeout __P((int,char **));
|
||||
|
@ -314,6 +318,9 @@ static struct cmd {
|
|||
{"noproxyarp", 0, setnoproxyarp}, /* disable proxyarp option */
|
||||
{"-proxyarp", 0, setnoproxyarp}, /* disable proxyarp option */
|
||||
{"login", 0, setdologin}, /* Use system password database for UPAP */
|
||||
#ifdef RADIUS
|
||||
{"radius", 0, setdoradius}, /* Use RADIUS server for UPAP */
|
||||
#endif
|
||||
{"noipdefault", 0, setnoipdflt}, /* Don't use name for default IP adrs */
|
||||
{"lcp-echo-failure", 1, setlcpechofails}, /* consecutive echo failures */
|
||||
{"lcp-echo-interval", 1, setlcpechointv}, /* time for lcp echo events */
|
||||
|
@ -708,11 +715,7 @@ readable(int lfd)
|
|||
* \<newline> is ignored.
|
||||
*/
|
||||
|
||||
int getword(f, word, newlinep, filename)
|
||||
FILE *f;
|
||||
char *word;
|
||||
int *newlinep;
|
||||
char *filename;
|
||||
int getword(FILE *f,char *word,int *newlinep,char *filename)
|
||||
{
|
||||
int c, len, escape;
|
||||
int quoted, comment;
|
||||
|
@ -1809,6 +1812,16 @@ static int setdologin(int slot)
|
|||
return 1;
|
||||
}
|
||||
|
||||
|
||||
#ifdef RADIUS
|
||||
static int setdoradius()
|
||||
{
|
||||
useradius = 1;
|
||||
fprintf(stderr,"@mla@: useradius called\n");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Functions to set the echo interval for modem-less monitors
|
||||
*/
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char sys_rcsid[] = "$Id: sys-linux.c,v 1.7 1997/10/26 23:06:26 fritz Exp $";
|
||||
char sys_rcsid[] = "$Id: sys-linux.c,v 1.8 1998/03/08 13:01:43 hipp Exp $";
|
||||
|
||||
#define _LINUX_STRING_H_
|
||||
|
||||
|
@ -57,6 +57,7 @@ char sys_rcsid[] = "$Id: sys-linux.c,v 1.7 1997/10/26 23:06:26 fritz Exp $";
|
|||
# include </usr/include/net/ppp_defs.h>
|
||||
# include </usr/include/net/if_ppp.h>
|
||||
# include </usr/include/net/ethernet.h>
|
||||
# include "route.h"
|
||||
#else
|
||||
# include <linux/ppp_defs.h>
|
||||
# include <linux/if_ppp.h>
|
||||
|
@ -238,6 +239,7 @@ void establish_ppp (int linkunit)
|
|||
lns[linkunit].ifunit = -1;
|
||||
return;
|
||||
}
|
||||
lns[linkunit].master = -1;
|
||||
sprintf(lns[linkunit].ifname,"%s%d","ippp",lns[linkunit].ifunit);
|
||||
|
||||
if( ioctl(lns[linkunit].fd, PPPIOCGCALLINFO, &lns[linkunit].pci) == 0) {
|
||||
|
@ -266,7 +268,7 @@ void establish_ppp (int linkunit)
|
|||
/*
|
||||
* output - Output PPP packet.
|
||||
*/
|
||||
void output (int linkunit, unsigned char *p, int len)
|
||||
void output_ppp (int linkunit, unsigned char *p, int len)
|
||||
{
|
||||
if (debug)
|
||||
log_packet(p, len, "sent ",linkunit);
|
||||
|
@ -313,12 +315,14 @@ void ppp_send_config (int unit,int mtu,u_int32_t asyncmap,int pcomp,int accomp)
|
|||
/*
|
||||
* Set the MTU and other parameters for the ppp device
|
||||
*/
|
||||
memset (&ifr, '\0', sizeof (ifr));
|
||||
strncpy(ifr.ifr_name, lns[unit].ifname, sizeof (ifr.ifr_name));
|
||||
ifr.ifr_mtu = mtu;
|
||||
if(lns[unit].master < 0) {
|
||||
memset (&ifr, '\0', sizeof (ifr));
|
||||
strncpy(ifr.ifr_name, lns[unit].ifname, sizeof (ifr.ifr_name));
|
||||
ifr.ifr_mtu = mtu;
|
||||
|
||||
if (ioctl(sockfd, SIOCSIFMTU, (caddr_t) &ifr) < 0) {
|
||||
syslog(LOG_ERR, "ioctl(SIOCSIFMTU): %m, %d %s %d.",sockfd,ifr.ifr_name,ifr.ifr_mtu);
|
||||
if (ioctl(sockfd, SIOCSIFMTU, (caddr_t) &ifr) < 0) {
|
||||
syslog(LOG_ERR, "ioctl(SIOCSIFMTU): %m, %d %s %d.",sockfd,ifr.ifr_name,ifr.ifr_mtu);
|
||||
}
|
||||
}
|
||||
|
||||
x = get_flags(unit,&err);
|
||||
|
@ -1505,6 +1509,12 @@ void setifip(int ipcp_unit)
|
|||
|
||||
|
||||
/************************ IPX SUPPORT *********************************/
|
||||
#if !defined(__GLIBC__)
|
||||
/* <linux/ipx.h> includes <linux/socket.h>, which
|
||||
breaks glibc 2.x support. Prevent that... */
|
||||
# define _LINUX_SOCKET_H
|
||||
#endif
|
||||
|
||||
#include <linux/ipx.h>
|
||||
|
||||
/*
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char upap_rcsid[] = "$Id: upap.c,v 1.3 1997/05/19 10:16:30 hipp Exp $";
|
||||
char upap_rcsid[] = "$Id: upap.c,v 1.4 1998/03/08 13:01:45 hipp Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -421,7 +421,7 @@ static void upap_rauthreq(upap_state *u,u_char *inp,int id,int len)
|
|||
strncpy(u->us_rpasswd,rpasswd,(int)rpasswdlen);
|
||||
u->us_rpasswdlen = rpasswdlen;
|
||||
u->us_ruserlen = ruserlen;
|
||||
|
||||
fprintf(stderr,"\n*** @mla@:upap_rauthreq: Calling check_passwd\n");
|
||||
retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
|
||||
rpasswdlen, &msg, &msglen);
|
||||
|
||||
|
@ -545,7 +545,7 @@ upap_sauthreq(u)
|
|||
PUTCHAR(u->us_passwdlen, outp);
|
||||
BCOPY(u->us_passwd, outp, u->us_passwdlen);
|
||||
|
||||
output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
UPAPDEBUG((LOG_INFO, "upap_sauth: Sent id %d.", u->us_id));
|
||||
|
||||
|
@ -577,7 +577,7 @@ upap_sresp(u, code, id, msg, msglen)
|
|||
PUTSHORT(outlen, outp);
|
||||
PUTCHAR(msglen, outp);
|
||||
BCOPY(msg, outp, msglen);
|
||||
output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
output_ppp(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
|
||||
|
||||
UPAPDEBUG((LOG_INFO, "upap_sresp: Sent code %d, id %d.", code, id));
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: upap.h,v 1.1 1997/03/07 16:01:42 hipp Exp $
|
||||
* $Id: upap.h,v 1.2 1998/03/08 13:01:45 hipp Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -87,6 +87,7 @@ typedef struct upap_state {
|
|||
extern upap_state upap[];
|
||||
extern struct protent pap_protent;
|
||||
|
||||
void upap_authwithpeer __P((int, char *, char *));
|
||||
void upap_authpeer __P((int));
|
||||
void upap_authwithpeer(int, char *, char *);
|
||||
void upap_authpeer(int);
|
||||
void auth_reload_upap_pw(void);
|
||||
|
||||
|
|
Loading…
Reference in New Issue