each time rather than making up a new one.
Increase the authname/authkey max sizes to 100 characters.
Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.
This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.
Examples will follow.
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.
While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.
NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
configured. This isn't strictly necessary according to the
rfc, but it's suggested there....
o Don't forget to include our authname when sending a
CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
length to radius_Authenticate() - libradius does this
for us.
o When we successfully authenticate via radius_Authenticate(),
continue with datalink_AuthOk() as expected.
Sponsored by: Internet Business Solutions Ltd., Switzerland
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''. This is
*not* what we want to do.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.
o Create struct mpserver as part of struct mp.
mpserver creates a unix-domain socket based on the
peers auth name and endpoint discriminator. If it
already exists, ppp will ``pass the link'' over to
the owner of the socket, joining it into the bundle
of another ppp invocation, otherwise ppp waits for
other invocations to pass it links through this
socket.
The final piece of code will be the code that flattens
our datalink info and passes it down this channel
(not yet implemented).
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
the datalink and multilink level and compare them when we've
finished AUTHENTICATE phase and before entering NETWORK phase.
If they don't match, close the link again.
Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
level.
o Remove the rest of our CARRIER and LINK logging setup.
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
ordering requirements and remove a few more redundant
#includes.
option. We never ask a client for MSChap when we've got
chap `enabled', and we dynamically answer using MSChap
if the peer demands it.
o Remove all of the bundle2*() series of functions except
bundle2datalink() as they're too expensive. The only
calls to bundle2datalink() are made from command.c when
determining context.
o Write to the correct modem in term mode, and check the
return value, dropping back to command mode if the write
fails.
Cosmetic:
Make the PPP COMMAND LIST section of the man page
prettier, better and more consistent. Alphabeticalise
all command lists and document missing commands.
o Remove bundle2lcp(), bundle2ccp() and bundle2link().
They're too resource-hungry and we have `owner pointers'
to do their job.
o Make our FSM understand LCPs that are always ST_OPENED
(with a minimum code that != 1).
o Send FSM code rejects for invalid codes.
o Make our bundle fsm_parent deal with multiple links.
o Make timer diagnostics pretty and allow access via ~t
in `term' mode (not just when logging debug) and
`show timers'. Only show timers every second in debug
mode, otherwise we get too many diagnostics to be useful
(we probably still do). Also, don't restrict ~m in term
mode to depend on debug logging.
o Rationalise our bundles' phases.
o Create struct mp (multilink protocol). This is both an
NCP and a type of struct link. It feeds off other NCPs
for output, passing fragmented packets into the queues
of available datalinks. It also gets PROTO_MP input,
reassembles the fragments into ppp frames, and passes
them back to the HDLC layer that the fragments were passed
from.
** It's not yet possible to enter multilink mode :-( **
o Add `set weight' (requires context) for deciding on a links
weighting in multilink mode. Weighting is simplistic (and
probably badly implemented) for now.
o Remove the function pointers in struct link. They ended up
only applying to physical links.
o Configure our tun device with an MTU equal to the MRU from
struct mp's LCP and a speed equal to the sum of our link
speeds.
o `show {lcp,ccp,proto}' and `set deflate' now have optional
context and use ChooseLink() to decide on which `struct link'
to use. This allows behaviour as before when in non-multilink
mode, and allows access to the MP logical link in multilink
mode.
o Ignore reconnect and redial values when in -direct mode and
when cleaning up. Always redial when in -ddial or -dedicated
mode (unless cleaning up).
o Tell our links to `staydown' when we close them due to a signal.
o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without
alarms).
o Don't bother strdup()ing our physical link name.
o Various other cosmetic changes.
Increment OutPackets for any packet - not just LQRs
MFC:
o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise last received LQR in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.
This is a type of physical link that can chat and talk
LCP & CCP. A bundle contains a list of these (only one
in the list for the moment).
The datalink is a type of descriptor, and dials, enters
LCP (& does CCP), kicks the bundle when its FSMs do
something interesting and does the hangup chat script
on the way down. It also handles redials and reconnects.
There are lots of loose ends, and probably lots of bugs,
but the data structures are getting there !
This will ultimately be a member of a list of descriptors and
their handler functions on which we need to select() in the
main loop.
o Make struct physical into a `sort' of struct descriptor.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
in the bundle, including control of the configured IP addresses. We
don't need hacks like the global `linkup' variable any more as the
FSM decides when our ppp.link* files get run. This is going to eventually
be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
and network phase. We don't print loads of spurious prompts as we
change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
down as if the line was dropped (the undocumented ``down'' command
is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
This structure contains the asynchronous state of the physical
link.
Unfortunately, just about every .h file is included in every .c
file now. Fixing this can be one of the last jobs.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9. Our first MP release should be 2.0.
IPCP, CCP and LCP are now just derived FSMs.
Comment each of the FSM implementations so that we can
tell what's going on.
Revise the state transitions so that CCP and IPCP actually
send terminate REQs when appropriate.
The OS & IPCP layers are still like spagetti (next job).
I did the deflate re-org).
Make PAP & CHAP negotiation prettier in the log file.
If both PAP & CHAP are `enabled' and the peer NAKs CHAP
suggesting PAP, be friendly and REQ PAP the next time.
This is in line with the rfc.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
ppp.secret to get a key value based on the peers name,
then send the value of AuthName with the encrypted result.
This is *way* too confusing.
Instead, always use AuthName and AuthKey as the documentation
says.
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes