#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
231994 |
|
22-Feb-2012 |
kevlo |
Handle NULL return from crypt(3). Mostly from DragonFly
|
#
174870 |
|
22-Dec-2007 |
des |
Revert previous commit and fix OpenPAM issue properly.
|
#
174845 |
|
21-Dec-2007 |
kmacy |
Fix/workaround build breakage caused by PAM import
struct pam_conv takes a void * for the appdata_ptr but is being passed a const char * - explicitly cast away the const
|
#
134833 |
|
06-Sep-2004 |
marcel |
Fix the build on 64-bit platforms.
|
#
134789 |
|
05-Sep-2004 |
brian |
Make ppp WARNS=5 clean
|
#
121702 |
|
29-Oct-2003 |
ru |
Basic PAM authentication support.
|
#
96582 |
|
14-May-2002 |
brian |
o Clean up some #includes o Bump version number to 3.0.4 o When talking to a RADIUS server, provide a NAS-Port-Type.
When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal to the SESSIONID from the environment in direct mode or the NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found, default to the interface index in client mode or zero in server mode.
When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number of the physical device (ie, the N in /dev/i4brbchN).
This makes it easier for the RADIUS server to identify the client WRT accounting data etc.
Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>
|
#
93767 |
|
04-Apr-2002 |
hosokawa |
Get tun P2P address from the local pool if RADIUS server returned 255.255.255.254 as client ipaddr.
Reviewed-By: freebsd-net mailing list
|
#
89072 |
|
08-Jan-2002 |
brian |
When authenticating a name containing a ``\'', attempt to autenticate using the part after the ``\'' if the original name is not found.
This allows M$ clients to use domain\user as their authname.
Reviewed by: Ian West <ian@niw.com.au>
|
#
81634 |
|
14-Aug-2001 |
brian |
o Add ipv6 support, abstracting most NCP addresses into opaque structures (well, they're treated as opaque).
It's now possible to manage IPv6 interface addresses and routing table entries and to filter IPV6 traffic whether encapsulated or not.
IPV6CP support is crude for now, and hasn't been tested against any other implementations.
RADIUS and IPv6 are independent of eachother for now.
ppp.linkup/ppp.linkdown aren't currently used by IPV6CP
o Understand all protocols(5) in filter rules rather than only a select few.
o Allow a mask specification for the ``delete'' command. It's now possible to specifically delete one of two conflicting routes.
o When creating and deleting proxy arp entries, do it for all IPv4 interface addresses rather than doing it just for the ``current'' peer address.
o When iface-alias isn't in effect, don't blow away manually (via ``iface add'') added interface addresses.
o When listening on a tcp server (diagnostic) socket, bind so that a tcp46 socket is created -- allowing both IPv4 and IPv6 connections.
o When displaying ICMP traffic, don't display the icmp type twice. When display traffic, display at least some information about unrecognised traffic.
o Bump version
Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
|
#
78189 |
|
13-Jun-2001 |
brian |
Convert IIJ copyrights to BSD copyrights.
Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
|
#
55145 |
|
27-Dec-1999 |
brian |
Don't allowt '#' as a comment when it's embedded in quotes:
set something "xxx yyy # zzz" aaa
shouldn't be interpreted as
set something "xxx yyy" aaa
|
#
55013 |
|
22-Dec-1999 |
brian |
Don't munge ``set dial|login|logout|hangup'' arguments before ExpandString() has a chance to do its own substitutions.
|
#
54914 |
|
20-Dec-1999 |
brian |
Notice and warn about unterminated quoted strings in commands. The entire command is ignored if the syntax is invalid...
|
#
54912 |
|
20-Dec-1999 |
brian |
Cosmetic: Make struct mbuf more like kernel mbufs.
|
#
50479 |
|
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
47843 |
|
08-Jun-1999 |
brian |
Don't drop the last character from lines in ppp.secret unless it's '\n'.
|
#
46686 |
|
08-May-1999 |
brian |
o Redesign the layering mechanism and make the aliasing code part of the layering.
We now ``stack'' layers as soon as we open the device (when we figure out what we're dealing with). A static set of `dispatch' routines are also declared for dealing with incoming packets after they've been `pulled' up through the stacked layers.
Physical devices are now assigned handlers based on the device type when they're opened. For the moment there are three device types; ttys, execs and tcps.
o Increment version number to 2.2 o Make an entry in [uw]tmp for non-tty -direct invocations (after pap/chap authentication). o Make throughput counters quad_t's o Account for the absolute number of mbuf malloc()s and free()s in ``show mem''. o ``show modem'' becomes ``show physical''.
|
#
45193 |
|
31-Mar-1999 |
brian |
Avoid a few warnings on the alpha
|
#
44305 |
|
26-Feb-1999 |
brian |
Allow control over the number of ConfigREQ & TermREQ attempts that are made in each of the FSMs (LCP, CCP & IPCP) and the number of REQs/Challenges for PAP/CHAP by accepting more arguments in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.
Change the non-convergence thresholds to 3 times the number of configured REQ tries (rather than the previous fixed ``10''). We now notice repeated NAKs and REJs rather than just REQs.
Don't suggest that CHAP 0x05 isn't supported when it's not configured.
Fix some bugs that expose themselves with smaller numbers of retries: o Handle instantaneous disconnects (set device /dev/null) correctly by stopping all fsm timers in fsm2initial. o Don't forget to uu_unlock() devices that are files but are not ttys (set device /dev/zero).
Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state ``Closed''): According to the state transition table, a RCR+ or RCR- received in the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet done a TLS (or the last thing we did is a TLF). We must therefore do the TLS at this point !
This was never noticed before because LCP and CCP used not use LayerStart() for anything interesting, and IPCP tends to go into Stopped then get a Down because of an LCP RTR rather than getting a RCR again.
|
#
44159 |
|
20-Feb-1999 |
brian |
Handle empty PAP & CHAP packets (containing only an FSM header). Some CHAP implementations send no welcome message with their SUCCESS/FAILURE packets. This was being mis-identified as a truncated packet by the new authentication code :-(
|
#
44141 |
|
19-Feb-1999 |
brian |
Be a little more verbose about dodgy looking authentication packets before dropping them in the bit-bucket.
|
#
44106 |
|
18-Feb-1999 |
brian |
Fully support both NT and LANMan CHAP type 0x80 as both authenticator and authenticatee.
|
#
43693 |
|
06-Feb-1999 |
brian |
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial.
While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types.
NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
|
#
43525 |
|
02-Feb-1999 |
brian |
Reimplement the previous fix (no response to PAP requests) at the authentication layer rather than at the PAP layer so that it also applies to CHAP (no response to CHAP challenges).
|
#
43500 |
|
01-Feb-1999 |
brian |
If we receive no answer from the server when sending PAP requests, give up (don't sit there indefinitely).
|
#
43313 |
|
28-Jan-1999 |
brian |
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support.
TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
|
#
41888 |
|
17-Dec-1998 |
brian |
Don't return stack-based data. This may have caused server-side CHAP authentication problems in the past :-/
|
#
38557 |
|
26-Aug-1998 |
brian |
Put the IP buffer queues into struct ipcp. Forgotten by: me
|
#
38174 |
|
07-Aug-1998 |
brian |
o Support callback types NONE, E.164, AUTH and CBCP. (see the new ``set callback'' and ``set cbcp'' commands) o Add a ``cbcp'' log level and mbuf type. o Don't dump core when \T is given in ``set login'' or ``set hangup''. o Allow ``*'' and blanks as placeholders in ppp.secret and allow a fifth field for specifying auth/cbcp dialback parameters. o Remove a few extraneous #includes o Define the default number of REQs (restart counter) in defs.h rather than hardcoding ``5'' all over the place. o Fix a few man page inconsistencies.
|
#
37763 |
|
19-Jul-1998 |
brian |
Add missing braces - without them, the IP & label were mis-selected from ppp.secret. Problem reported by: Dom Mitchell <dom@phmit.demon.co.uk>
|
#
37010 |
|
15-Jun-1998 |
brian |
o De-staticise things that don't need to be static. o Bring the static ``ttystate'' into struct prompt so that the tilde context is per prompt and not global. o Comment the remaining static variables so that it's clear why they're static. o Add some XXX comments suggesting that our interface list and our hostname should be re-generated after a signal (say SIGUSR1) so that a machine with PCCARDs has a chance.
|
#
36285 |
|
21-May-1998 |
brian |
MFMP: Make ppp multilink capable. See the file README.changes, and re-read the man page.
|
#
34536 |
|
13-Mar-1998 |
brian |
Add extraneous braces to stiffle warnings from gcc-2.8
|
#
32663 |
|
21-Jan-1998 |
brian |
Remove unused #includes. Make various bits static. Remove unused variables. Submitted by: eivind
|
#
32267 |
|
05-Jan-1998 |
brian |
o Allow the use of HISADDR as the first arg to "add". o Allow a forth argument in ppp.secret, specifying a new label. This gives control over which section of ppp.link{up,down} is used based on the authenticated user. o Support random address ranges in ppp.secret (not just in ppp.conf). o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page. o Add a bit more about DEFLATE in the man page. o Fix the incorrect "you must specify a password in interactive mode" bit of the manual. o Space things in the man page consistently. o Be more precice about where you can use MYADDR, HISADDR and INTERFACE in the "add" command documentation.
|
#
31962 |
|
24-Dec-1997 |
brian |
Cosmetic (style): sizeof(var) -> sizeof var sizeof type -> sizeof(type)
Suggested by: J Wunsch <j@uriah.heep.sax.de>
|
#
31343 |
|
22-Nov-1997 |
brian |
Fix prototypes. Remove extraneous decls. Add ``const'' to several places. Allow ``make NOALIAS=1'' to remove IP aliasing. Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with -Wall -Wbad-function-cast -Wcast-align -Wcast-qual -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts (although the Makefile just contains -Wall).
|
#
31196 |
|
17-Nov-1997 |
brian |
Add id strings to tun.[ch]. Don't try to open ppp.secret if we're never going to use it.
|
#
31121 |
|
11-Nov-1997 |
brian |
Finish the security improvements: o Add "allow" command: "allow users a b c" gives access to users a, b and c. "allow modes auto" gives those users access to auto mode only. "allow users *" and "allow modes *" are accepted. No users and all modes are allowed by default. UID 0 can do anything. o Set the current label with the "load" and "dial" commands so that the call to ppp.linkdown makes sense. o Up the verison number. o Don't OR MODE_AUTO for -background and -ddial. o Don't OR MODE_INTER when we get a diagnostic connection. o Allow up to 40 args per line (was 20). o "set ifaddr" only changes the interface in AUTO mode (with other modes, it happens after IPCP negotiation). o Sort command descriptions in the man page. o Support -dedicated mode where we just talk ppp forever (no login etc).
|
#
31081 |
|
09-Nov-1997 |
brian |
Don't create a diagnostic socket by default. Allow a password spec on the "set server" command line. Use SIGUSR2 to close the diagnostic socket. Some man page corrections.
|
#
31080 |
|
09-Nov-1997 |
brian |
Don't ask for a password if it's specified as empty.
|
#
31070 |
|
09-Nov-1997 |
brian |
Increase chat script sizes to 512 Requested by: Michael Reifenberger <root@totum.plaut.de>
|
#
30715 |
|
26-Oct-1997 |
brian |
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
|
#
29252 |
|
09-Sep-1997 |
brian |
Correct ppp authentication defaults in interactive mode. We don't want to be forced to type a password here :-( Pointed out by: mouth@ibm.net (John Kelly)
While I'm there, don't allow a "set server" in interactive mode.
|
#
29083 |
|
04-Sep-1997 |
brian |
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
|
#
28679 |
|
25-Aug-1997 |
brian |
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
|
#
26516 |
|
09-Jun-1997 |
brian |
Overhaul ppp: o Use syslog o Remove references to stdout/stderr (incl perror()) o Introduce VarTerm - the interactive terminal or zero o Allow "set timeout" to affect current session o Change "set debug" to "set log" o Allow "set log [+|-]flag" o Make MSEXT and PASSWDAUTH stuff the default o Move all #ifdef DEBUG stuff into the code - this shouldn't be too much overhead. It's now controlled with "set log +debug" o Add "set log command, debug, tun, warn, error, alert" o Remove cdefs.h, and assume an ansi compiler. o Improve all diagnostic output o Don't trap SIGSEGV o SIGHUP now terminates again (log files are controlled by syslog) o Call CloseModem() when changing devices o Fix parsing of third arg of "delete"
I think this fixes the "magic is same" problems that some people have been experiencing. The man page is being rewritten. It'll follow soon.
|
#
26142 |
|
26-May-1997 |
brian |
De-couple ppp from libalias. If libalias isn't there, the alias commands simply won't work. Only root may specify the location of the alias lib (otherwise, it's hard-coded).
Make logprintf silently fail if LogOpen hasn't been called.
Suggested by: eivind
|
#
25630 |
|
10-May-1997 |
brian |
Tidy up the code - bounds checking, return value checking etc.
Submitted by: eivind
|
#
25560 |
|
07-May-1997 |
brian |
Allow up to 40 args in the chat script (was 20). Ignore subsequent args rather than scribbling.
PR: 1952 Submitted by: Mikael Hybsch <micke@free.dynas.se>
|
#
22997 |
|
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
21488 |
|
10-Jan-1997 |
imp |
Fix many buffer overruns in the code. Specifically, disallow ExpandString to be used to expand things beyond the size of the buffer passed in. Also do a general cleanup of sprintf -> snprintf as well as strcpy and strncat safety. Also expand some buffers to allow for the largest possible data that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current since little testing has been done on this due to my lack of PPP on this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
|
#
15738 |
|
11-May-1996 |
phk |
Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs add some logging functionality which I find very useful. 'set debug link' will record just link up/down and address assignments. 'set debug connect' will record the entire chat dialog 'set debug carrier' will record just chat lines including 'CARRIER' (so that I can be sure I'm getting a 28.8 line).
There was a global change required to permit LogPrintf to take a bit mask instead of a bit position value (to permit logging some events on either of two flags, so that no change in 'set debug lcp' would result from the code supporting 'link'. Thus the diffs are rather long for such a small change. The man page is also touched.
Oh, and there was a slight syntax problem in route.c
Reviewed by: phk Submitted by: Tony Kimball <alk@Think.COM>
|
#
13389 |
|
11-Jan-1996 |
phk |
Final cleanup for now. -Wall is now silent. A couple of bogons found.
|
#
10528 |
|
02-Sep-1995 |
amurai |
1. Do not log the password itself to ppp.log ( Mr. Rich Murphey ) 2. Add ability to execute shell commands and suspend back into invoking shell (Mr. J Wunsch)
Reviewed by: amurai@spec.co.jp Submitted by: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Rich Murphey <rich@lamprey.utmb.edu>
|
#
8857 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
6764 |
|
27-Feb-1995 |
amurai |
Fixing minor bug and allow help(Not for all command) and quit but not close line connection by "quit all" command if not authorized.
Reviewed by: amurai@spec.co.jp Submitted by: tony-o@iij.ad.jp amurai@spec.co.jp
|
#
6735 |
|
26-Feb-1995 |
amurai |
New user Process PPP based on iij-ppp0.94beta2.
o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly....
-- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !!
Reviewed by: Atsushi Murai (amurai@spec.co.jp)
|
#
6060 |
|
31-Jan-1995 |
amurai |
This commit was generated by cvs2svn to compensate for changes in r6059, which included commits to RCS files with non-trunk default branches.
|
#
6059 |
|
31-Jan-1995 |
amurai |
|