diff options
| author | Peter Wemm <peter@FreeBSD.org> | 1998-06-20 17:35:17 +0000 |
|---|---|---|
| committer | Peter Wemm <peter@FreeBSD.org> | 1998-06-20 17:35:17 +0000 |
| commit | ed5822233844a78d1f073ca5d0f1b2314dc8923e (patch) | |
| tree | b1cef7220545f9c4f7cee22b6f6b23d53784b6bb /usr.sbin/pppd | |
| parent | 980ca1881cefe798778adede7219c514bcb5f243 (diff) | |
| download | src-ed5822233844a78d1f073ca5d0f1b2314dc8923e.tar.gz src-ed5822233844a78d1f073ca5d0f1b2314dc8923e.zip | |
Import user-mode parts of kernel ppp v2.3.5
Obtained from: Paul Mackerras; ftp://cs.anu.edu.au/pub/software/ppp
Notes
Notes:
svn path=/cvs2svn/branches/MACKERAS/; revision=37068
Diffstat (limited to 'usr.sbin/pppd')
| -rw-r--r-- | usr.sbin/pppd/auth.c | 152 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.c | 102 | ||||
| -rw-r--r-- | usr.sbin/pppd/ccp.h | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/chap_ms.c | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.c | 14 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipcp.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/ipxcp.c | 23 | ||||
| -rw-r--r-- | usr.sbin/pppd/magic.c | 4 | ||||
| -rw-r--r-- | usr.sbin/pppd/main.c | 182 | ||||
| -rw-r--r-- | usr.sbin/pppd/options.c | 44 | ||||
| -rw-r--r-- | usr.sbin/pppd/patchlevel.h | 6 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.8 | 87 | ||||
| -rw-r--r-- | usr.sbin/pppd/pppd.h | 8 | ||||
| -rw-r--r-- | usr.sbin/pppd/sys-bsd.c | 16 |
14 files changed, 487 insertions, 167 deletions
diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index 2e00b41916a5..7ada83afc8e5 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.35 1997/11/27 06:49:15 paulus Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp $"; #endif #include <stdio.h> @@ -58,14 +58,10 @@ static char rcsid[] = "$Id: auth.c,v 1.35 1997/11/27 06:49:15 paulus Exp $"; #ifdef USE_PAM #include <security/pam_appl.h> -#include <security/pam_modules.h> #endif #ifdef HAS_SHADOW #include <shadow.h> -#ifndef SVR4 -#include <shadow/pwauth.h> -#endif #ifndef PW_PPP #define PW_PPP PW_LOGIN #endif @@ -356,6 +352,7 @@ auth_peer_success(unit, protocol, name, namelen) namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; + script_setenv("PEERNAME", peer_authname); /* * If there is no more authentication still to be done, @@ -436,6 +433,12 @@ np_up(unit, proto) */ if (maxconnect > 0) TIMEOUT(connect_time_expired, 0, maxconnect); + + /* + * Detach now, if the updetach option was given. + */ + if (nodetach == -1) + detach(); } ++num_np_up; } @@ -586,7 +589,6 @@ auth_reset(unit) if (!have_chap_secret(remote_name, our_name, remote)) go->neg_chap = 0; } - } @@ -695,15 +697,65 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) } /* - * This function is needed for PAM. However, it should not be called. - * If it is, return the error code. + * This function is needed for PAM. */ #ifdef USE_PAM -static int pam_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) +static char *PAM_username = ""; +static char *PAM_password = ""; + +#ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) +#else +#define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) +#endif + +static int pam_conv (int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) { - return PAM_CONV_ERR; + int count = 0, replies = 0; + struct pam_response *reply = NULL; + int size = 0; + + for (count = 0; count < num_msg; count++) + { + size += sizeof (struct pam_response); + reply = realloc (reply, size); /* ANSI: is malloc() if reply==NULL */ + if (!reply) + return PAM_CONV_ERR; + + switch (msg[count]->msg_style) + { + case PAM_PROMPT_ECHO_ON: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_username); /* never NULL */ + break; + + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = strdup(PAM_password); /* never NULL */ + break; + + case PAM_TEXT_INFO: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = NULL; + break; + + case PAM_ERROR_MSG: + default: + free (reply); + return PAM_CONV_ERR; + } + } + + if (resp) + *resp = reply; + else + free (reply); + + return PAM_SUCCESS; } #endif @@ -724,14 +776,12 @@ plogin(user, passwd, msg, msglen) char **msg; int *msglen; { - char *tty; #ifdef USE_PAM + struct pam_conv pam_conversation; pam_handle_t *pamh; int pam_error; - char *pass; - char *dev; /* * Fill the pam_conversion structure */ @@ -739,23 +789,33 @@ plogin(user, passwd, msg, msglen) pam_conversation.conv = &pam_conv; pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error != PAM_SUCCESS) { - *msg = (char *) pam_strerror (pam_error); + *msg = MY_PAM_STRERROR (pam_error); return UPAP_AUTHNAK; } /* * Define the fields for the credintial validation */ - (void) pam_set_item (pamh, PAM_AUTHTOK, passwd); - (void) pam_set_item (pamh, PAM_TTY, devnam); + (void) pam_set_item (pamh, PAM_TTY, devnam); + PAM_username = user; + PAM_password = passwd; /* * Validate the user */ pam_error = pam_authenticate (pamh, PAM_SILENT); - if (pam_error == PAM_SUCCESS) + if (pam_error == PAM_SUCCESS) { pam_error = pam_acct_mgmt (pamh, PAM_SILENT); - *msg = (char *) pam_strerror (pam_error); + /* start a session for this user. Session closed when link ends. */ + if (pam_error == PAM_SUCCESS) + (void) pam_open_session (pamh, PAM_SILENT); + } + + *msg = MY_PAM_STRERROR (pam_error); + + PAM_username = + PAM_password = ""; /* * Clean up the mess */ @@ -769,14 +829,15 @@ plogin(user, passwd, msg, msglen) #else /* #ifdef USE_PAM */ struct passwd *pw; + char *tty; #ifdef HAS_SHADOW struct spwd *spwd; struct spwd *getspnam(); - extern int isexpired (struct passwd *, struct spwd *); /* in libshadow.a */ #endif pw = getpwnam(user); + endpwent(); if (pw == NULL) { return (UPAP_AUTHNAK); } @@ -786,8 +847,13 @@ plogin(user, passwd, msg, msglen) endspent(); if (spwd) { /* check the age of the password entry */ - if (isexpired(pw, spwd)) { - syslog(LOG_WARNING,"Expired password for %s",user); + long now = time(NULL) / 86400L; + + if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) + || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) + && spwd->sp_lstchg >= 0 + && now >= spwd->sp_lstchg + spwd->sp_max)) { + syslog(LOG_WARNING, "Password for %s has expired", user); return (UPAP_AUTHNAK); } pw->pw_passwd = spwd->sp_pwdp; @@ -801,19 +867,22 @@ plogin(user, passwd, msg, msglen) || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) return (UPAP_AUTHNAK); -#endif /* #ifdef USE_PAM */ - - syslog(LOG_INFO, "user %s logged in", user); + /* These functions are not enabled for PAM. The reason for this is that */ + /* there is not necessarily a "passwd" entry for this user. That is */ + /* real purpose of 'PAM' -- to virtualize the account data from the */ + /* application. If you want to do the same thing, write the entry in */ + /* the 'session' hook. */ /* * Write a wtmp entry for this user. */ + tty = devnam; if (strncmp(tty, "/dev/", 5) == 0) tty += 5; logwtmp(tty, user, remote_name); /* Add wtmp login entry */ -#ifdef _PATH_LASTLOG +#if defined(_PATH_LASTLOG) { struct lastlog ll; int fd; @@ -828,6 +897,10 @@ plogin(user, passwd, msg, msglen) } } #endif + +#endif /* #ifdef USE_PAM */ + + syslog(LOG_INFO, "user %s logged in", user); logged_in = TRUE; return (UPAP_AUTHACK); @@ -839,12 +912,34 @@ plogin(user, passwd, msg, msglen) static void plogout() { +#ifdef USE_PAM + struct pam_conv pam_conversation; + pam_handle_t *pamh; + int pam_error; +/* + * Fill the pam_conversion structure. The PAM specification states that the + * session must be able to be closed by a totally different handle from which + * it was created. Hold the PAM group to their own specification! + */ + memset (&pam_conversation, '\0', sizeof (struct pam_conv)); + pam_conversation.conv = &pam_conv; + + pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); + if (pam_error == PAM_SUCCESS) { + (void) pam_set_item (pamh, PAM_TTY, devnam); + (void) pam_close_session (pamh, PAM_SILENT); + (void) pam_end (pamh, PAM_SUCCESS); + } + +#else char *tty; tty = devnam; if (strncmp(tty, "/dev/", 5) == 0) tty += 5; - logwtmp(tty, "", ""); /* Wipe out wtmp logout entry */ + logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ +#endif + logged_in = FALSE; } @@ -1062,8 +1157,7 @@ set_allowed_addrs(unit, addrs) u_int32_t a; struct hostent *hp; - if (wo->hisaddr == 0 && *p != '!' && *p != '-' - && strchr(p, '/') == NULL) { + if (*p != '!' && *p != '-' && strchr(p, '/') == NULL) { hp = gethostbyname(p); if (hp != NULL && hp->h_addrtype == AF_INET) a = *(u_int32_t *)hp->h_addr; diff --git a/usr.sbin/pppd/ccp.c b/usr.sbin/pppd/ccp.c index d4e3b3c4b093..6d328b762d3c 100644 --- a/usr.sbin/pppd/ccp.c +++ b/usr.sbin/pppd/ccp.c @@ -26,19 +26,18 @@ */ #ifndef lint -static char rcsid[] = "$Id: ccp.c,v 1.21 1997/05/22 06:45:59 paulus Exp $"; +static char rcsid[] = "$Id: ccp.c,v 1.22 1998/03/25 01:25:02 paulus Exp $"; #endif #include <string.h> #include <syslog.h> #include <sys/ioctl.h> #include <sys/types.h> -#include <net/ppp_defs.h> -#include <net/ppp-comp.h> #include "pppd.h" #include "fsm.h" #include "ccp.h" +#include <net/ppp-comp.h> /* * Protocol entry points from main code. @@ -151,8 +150,12 @@ ccp_init(unit) ccp_wantoptions[0].deflate = 1; ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE; + ccp_wantoptions[0].deflate_correct = 1; + ccp_wantoptions[0].deflate_draft = 1; ccp_allowoptions[0].deflate = 1; ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE; + ccp_allowoptions[0].deflate_correct = 1; + ccp_allowoptions[0].deflate_draft = 1; ccp_wantoptions[0].bsd_compress = 1; ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS; @@ -315,11 +318,23 @@ ccp_resetci(f) go->bsd_compress = 0; } if (go->deflate) { - opt_buf[0] = CI_DEFLATE; - opt_buf[1] = CILEN_DEFLATE; - opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); - opt_buf[3] = DEFLATE_CHK_SEQUENCE; - if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + if (go->deflate_correct) { + opt_buf[0] = CI_DEFLATE; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_correct = 0; + } + if (go->deflate_draft) { + opt_buf[0] = CI_DEFLATE_DRAFT; + opt_buf[1] = CILEN_DEFLATE; + opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_SIZE); + opt_buf[3] = DEFLATE_CHK_SEQUENCE; + if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0) + go->deflate_draft = 0; + } + if (!go->deflate_correct && !go->deflate_draft) go->deflate = 0; } if (go->predictor_1) { @@ -370,7 +385,7 @@ ccp_addci(f, p, lenp) * in case it gets Acked. */ if (go->deflate) { - p[0] = CI_DEFLATE; + p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; @@ -387,6 +402,13 @@ ccp_addci(f, p, lenp) --go->deflate_size; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } + if (p != p0 && go->deflate_correct && go->deflate_draft) { + p[0] = CI_DEFLATE_DRAFT; + p[1] = CILEN_DEFLATE; + p[2] = p[2 - CILEN_DEFLATE]; + p[3] = DEFLATE_CHK_SEQUENCE; + p += CILEN_DEFLATE; + } } if (go->bsd_compress) { p[0] = CI_BSD_COMPRESS; @@ -450,7 +472,8 @@ ccp_ackci(f, p, len) if (go->deflate) { if (len < CILEN_DEFLATE - || p[0] != CI_DEFLATE || p[1] != CILEN_DEFLATE + || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + || p[1] != CILEN_DEFLATE || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; @@ -459,6 +482,16 @@ ccp_ackci(f, p, len) /* XXX Cope with first/fast ack */ if (len == 0) return 1; + if (go->deflate_correct && go->deflate_draft) { + if (len < CILEN_DEFLATE + || p[0] != CI_DEFLATE_DRAFT + || p[1] != CILEN_DEFLATE + || p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } if (go->bsd_compress) { if (len < CILEN_BSD_COMPRESS @@ -515,7 +548,8 @@ ccp_nakci(f, p, len) try = *go; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { no.deflate = 1; /* * Peer wants us to use a different code size or something. @@ -529,6 +563,12 @@ ccp_nakci(f, p, len) try.deflate_size = DEFLATE_SIZE(p[2]); p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } } if (go->bsd_compress && len >= CILEN_BSD_COMPRESS @@ -582,13 +622,29 @@ ccp_rejci(f, p, len) return -1; if (go->deflate && len >= CILEN_DEFLATE - && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; /* Rej is bad */ - try.deflate = 0; + if (go->deflate_correct) + try.deflate_correct = 0; + else + try.deflate_draft = 0; p += CILEN_DEFLATE; len -= CILEN_DEFLATE; + if (go->deflate_correct && go->deflate_draft + && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT + && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; /* Rej is bad */ + try.deflate_draft = 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } + if (!try.deflate_correct && !try.deflate_draft) + try.deflate = 0; } if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { @@ -658,7 +714,10 @@ ccp_reqci(f, p, lenp, dont_nak) switch (type) { case CI_DEFLATE: - if (!ao->deflate || clen != CILEN_DEFLATE) { + case CI_DEFLATE_DRAFT: + if (!ao->deflate || clen != CILEN_DEFLATE + || (!ao->deflate_correct && type == CI_DEFLATE) + || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) { newret = CONFREJ; break; } @@ -811,11 +870,15 @@ method_name(opt, opt2) return "(none)"; switch (opt->method) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) - sprintf(result, "Deflate (%d/%d)", opt->deflate_size, - opt2->deflate_size); + sprintf(result, "Deflate%s (%d/%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size, opt2->deflate_size); else - sprintf(result, "Deflate (%d)", opt->deflate_size); + sprintf(result, "Deflate%s (%d)", + (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""), + opt->deflate_size); break; case CI_BSD_COMPRESS: if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits) @@ -932,8 +995,11 @@ ccp_printpkt(p, plen, printer, arg) optend = p + optlen; switch (code) { case CI_DEFLATE: + case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { - printer(arg, "deflate %d", DEFLATE_SIZE(p[2])); + printer(arg, "deflate%s %d", + (code == CI_DEFLATE_DRAFT? "(old#)": ""), + DEFLATE_SIZE(p[2])); if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL) printer(arg, " method %d", DEFLATE_METHOD(p[2])); if (p[3] != DEFLATE_CHK_SEQUENCE) diff --git a/usr.sbin/pppd/ccp.h b/usr.sbin/pppd/ccp.h index 1f15345bc928..2fcba915758b 100644 --- a/usr.sbin/pppd/ccp.h +++ b/usr.sbin/pppd/ccp.h @@ -24,7 +24,7 @@ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, * OR MODIFICATIONS. * - * $Id: ccp.h,v 1.7 1996/07/01 01:11:49 paulus Exp $ + * $Id: ccp.h,v 1.8 1998/03/25 01:25:03 paulus Exp $ */ typedef struct ccp_options { @@ -32,6 +32,8 @@ typedef struct ccp_options { u_int deflate: 1; /* do Deflate? */ u_int predictor_1: 1; /* do Predictor-1? */ u_int predictor_2: 1; /* do Predictor-2? */ + u_int deflate_correct: 1; /* use correct code for deflate? */ + u_int deflate_draft: 1; /* use draft RFC code for deflate? */ u_short bsd_bits; /* # bits/code for BSD Compress */ u_short deflate_size; /* lg(window size) for Deflate */ short method; /* code for chosen compression method */ diff --git a/usr.sbin/pppd/chap_ms.c b/usr.sbin/pppd/chap_ms.c index db6f4cfb4a7b..7ae8e4229e1d 100644 --- a/usr.sbin/pppd/chap_ms.c +++ b/usr.sbin/pppd/chap_ms.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: chap_ms.c,v 1.5 1997/11/27 06:08:10 paulus Exp $"; +static char rcsid[] = "$Id: chap_ms.c,v 1.8 1998/04/01 00:15:43 paulus Exp $"; #endif #ifdef CHAPMS @@ -44,6 +44,9 @@ static char rcsid[] = "$Id: chap_ms.c,v 1.5 1997/11/27 06:08:10 paulus Exp $"; #include <sys/time.h> #include <syslog.h> #include <unistd.h> +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include "pppd.h" #include "chap.h" @@ -255,7 +258,6 @@ ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, response) MD4_CTX md4Context; u_char hash[MD4_SIGNATURE_SIZE]; u_char unicodePassword[MAX_NT_PASSWORD * 2]; - static int low_byte_first = -1; /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports 8-bit ISO8859/1 characters. */ diff --git a/usr.sbin/pppd/ipcp.c b/usr.sbin/pppd/ipcp.c index 78366f4cb3d3..6250c7e6921b 100644 --- a/usr.sbin/pppd/ipcp.c +++ b/usr.sbin/pppd/ipcp.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: ipcp.c,v 1.32 1997/07/14 03:52:56 paulus Exp $"; +static char rcsid[] = "$Id: ipcp.c,v 1.34 1998/04/28 23:38:09 paulus Exp $"; #endif /* @@ -1157,6 +1157,8 @@ ipcp_up(f) ipcp_close(f->unit, "Could not determine local IP address"); return; } + script_setenv("IPLOCAL", ip_ntoa(go->ouraddr)); + script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr)); /* * Check that the peer is allowed to use the IP address it wants. @@ -1409,9 +1411,9 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDRS) { p += 2; GETLONG(cilong, p); - printer(arg, "addrs %s", ip_ntoa(htonl(cilong))); + printer(arg, "addrs %I", htonl(cilong)); GETLONG(cilong, p); - printer(arg, " %s", ip_ntoa(htonl(cilong))); + printer(arg, " %I", htonl(cilong)); } break; case CI_COMPRESSTYPE: @@ -1435,20 +1437,20 @@ ipcp_printpkt(p, plen, printer, arg) if (olen == CILEN_ADDR) { p += 2; GETLONG(cilong, p); - printer(arg, "addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "addr %I", htonl(cilong)); } break; case CI_MS_DNS1: case CI_MS_DNS2: p += 2; GETLONG(cilong, p); - printer(arg, "dns-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-dns %I", htonl(cilong)); break; case CI_MS_WINS1: case CI_MS_WINS2: p += 2; GETLONG(cilong, p); - printer(arg, "wins-addr %s", ip_ntoa(htonl(cilong))); + printer(arg, "ms-wins %I", htonl(cilong)); break; } while (p < optend) { diff --git a/usr.sbin/pppd/ipcp.h b/usr.sbin/pppd/ipcp.h index 470c9ef00685..01eb422a8a82 100644 --- a/usr.sbin/pppd/ipcp.h +++ b/usr.sbin/pppd/ipcp.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.h,v 1.10 1997/03/04 03:39:20 paulus Exp $ + * $Id: ipcp.h,v 1.11 1998/04/28 23:38:11 paulus Exp $ */ /* @@ -26,10 +26,10 @@ #define CI_COMPRESSTYPE 2 /* Compression Type */ #define CI_ADDR 3 -#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS1 129 /* Primary DNS value */ -#define CI_MS_WINS2 130 /* Secondary WINS value */ +#define CI_MS_WINS1 130 /* Primary WINS value */ #define CI_MS_DNS2 131 /* Secondary DNS value */ +#define CI_MS_WINS2 132 /* Secondary WINS value */ #define MAX_STATES 16 /* from slcompress.h */ diff --git a/usr.sbin/pppd/ipxcp.c b/usr.sbin/pppd/ipxcp.c index 9de3462f61d8..037491089a12 100644 --- a/usr.sbin/pppd/ipxcp.c +++ b/usr.sbin/pppd/ipxcp.c @@ -19,7 +19,7 @@ #ifdef IPX_CHANGE #ifndef lint -static char rcsid[] = "$Id: ipxcp.c,v 1.5 1997/03/04 03:39:32 paulus Exp $"; +static char rcsid[] = "$Id: ipxcp.c,v 1.6 1998/03/25 03:08:16 paulus Exp $"; #endif /* @@ -163,7 +163,7 @@ ipx_ntoa(ipxaddr) u_int32_t ipxaddr; { static char b[64]; - sprintf(b, "%lx", ipxaddr); + sprintf(b, "%x", ipxaddr); return b; } @@ -336,9 +336,6 @@ static void ipxcp_resetci(f) fsm *f; { - u_int32_t network; - int unit = f->unit; - wo->req_node = wo->neg_node && ao->neg_node; wo->req_nn = wo->neg_nn && ao->neg_nn; @@ -387,7 +384,6 @@ static int ipxcp_cilen(f) fsm *f; { - int unit = f->unit; int len; len = go->neg_nn ? CILEN_NETN : 0; @@ -411,8 +407,6 @@ ipxcp_addci(f, ucp, lenp) u_char *ucp; int *lenp; { - int len = *lenp; - int unit = f->unit; /* * Add the options to the record. */ @@ -462,7 +456,6 @@ ipxcp_ackci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_short cilen, citype, cishort; u_char cichar; u_int32_t cilong; @@ -571,7 +564,6 @@ ipxcp_nakci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_char citype, cilen, *next; u_short s; u_int32_t l; @@ -690,7 +682,6 @@ ipxcp_rejci(f, p, len) u_char *p; int len; { - int unit = f->unit; u_short cilen, citype, cishort; u_char cichar; u_int32_t cilong; @@ -807,17 +798,15 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) int *len; /* Length of requested CIs */ int reject_if_disagree; { - int unit = f->unit; u_char *cip, *next; /* Pointer to current and next CIs */ u_short cilen, citype; /* Parsed len, type */ - u_short cishort, ts; /* Parsed short value */ - u_int32_t tl, cinetwork, outnet;/* Parsed address values */ + u_short cishort; /* Parsed short value */ + u_int32_t cinetwork; /* Parsed address values */ int rc = CONFACK; /* Final packet return code */ int orc; /* Individual option return code */ u_char *p; /* Pointer to next char to parse */ u_char *ucp = inp; /* Pointer to current output char */ int l = *len; /* Length left */ - u_char maxslotindex, cflag; /* * Reset all his options. @@ -1094,7 +1083,6 @@ endswitch: if (rc != CONFREJ && !ho->neg_node && wo->req_nn && !reject_if_disagree) { - u_char *ps; if (rc == CONFACK) { rc = CONFNAK; wo->req_nn = 0; /* don't ask again */ @@ -1197,8 +1185,6 @@ static void ipxcp_down(f) fsm *f; { - u_int32_t ournn, network; - IPXCPDEBUG((LOG_INFO, "ipxcp: down")); cipxfaddr (f->unit); @@ -1216,7 +1202,6 @@ ipxcp_script(f, script) fsm *f; char *script; { - int unit = f->unit; char strspeed[32], strlocal[32], strremote[32]; char strnetwork[32], strpid[32]; char *argv[14], strproto_lcl[32], strproto_rmt[32]; diff --git a/usr.sbin/pppd/magic.c b/usr.sbin/pppd/magic.c index 9e9599495381..db48ee8c3f40 100644 --- a/usr.sbin/pppd/magic.c +++ b/usr.sbin/pppd/magic.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: magic.c,v 1.6 1996/04/04 03:58:41 paulus Exp $"; +static char rcsid[] = "$Id: magic.c,v 1.7 1998/03/25 03:07:49 paulus Exp $"; #endif #include <stdio.h> @@ -46,7 +46,7 @@ magic_init() struct timeval t; gettimeofday(&t, NULL); - seed = gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid(); + seed = get_host_seed() ^ t.tv_sec ^ t.tv_usec ^ getpid(); srand48(seed); } diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c index 934827dd426f..b6efbfa7b49a 100644 --- a/usr.sbin/pppd/main.c +++ b/usr.sbin/pppd/main.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: main.c,v 1.43 1997/11/27 06:09:20 paulus Exp $"; +static char rcsid[] = "$Id: main.c,v 1.49 1998/05/05 05:24:17 paulus Exp $"; #endif #include <stdio.h> @@ -85,11 +85,14 @@ int baud_rate; /* Actual bits/second for serial device */ int hungup; /* terminal has been hung up */ int privileged; /* we're running as real uid root */ int need_holdoff; /* need holdoff period before restarting */ +int detached; /* have detached from terminal */ int phase; /* where the link is at */ int kill_link; int open_ccp_flag; -int redirect_stderr; /* Connector's stderr should go to file */ + +char **script_env; /* Env. variable values for scripts */ +int s_env_nalloc; /* # words avail at script_env */ u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */ u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */ @@ -102,6 +105,7 @@ char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n"; /* Prototypes for procedures local to this file. */ +static void create_pidfile __P((void)); static void cleanup __P((void)); static void close_tty __P((void)); static void get_input __P((void)); @@ -162,13 +166,13 @@ main(argc, argv) { int i, fdflags; struct sigaction sa; - FILE *pidfile; char *p; struct passwd *pw; struct timeval timo; sigset_t mask; struct protent *protp; struct stat statbuf; + char numbuf[16]; phase = PHASE_INITIALIZE; p = ttyname(0); @@ -176,6 +180,8 @@ main(argc, argv) strcpy(devnam, p); strcpy(default_devnam, devnam); + script_env = NULL; + /* Initialize syslog facilities */ #ifdef ULTRIX openlog("pppd", LOG_PID); @@ -192,6 +198,8 @@ main(argc, argv) uid = getuid(); privileged = uid == 0; + sprintf(numbuf, "%d", uid); + script_setenv("UID", numbuf); /* * Initialize to the standard option set, then parse, in order, @@ -200,7 +208,7 @@ main(argc, argv) */ for (i = 0; (protp = protocols[i]) != NULL; ++i) (*protp->init)(0); - + progname = *argv; if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1) @@ -238,13 +246,18 @@ main(argc, argv) exit(1); } + script_setenv("DEVICE", devnam); + sprintf(numbuf, "%d", baud_rate); + script_setenv("SPEED", numbuf); + /* * If the user has specified the default device name explicitly, * pretend they hadn't. */ if (!default_device && strcmp(devnam, default_devnam) == 0) default_device = 1; - redirect_stderr = !nodetach || default_device; + if (default_device) + nodetach = 1; /* * Initialize system-dependent stuff and magic number package. @@ -258,10 +271,8 @@ main(argc, argv) * Detach ourselves from the terminal, if required, * and identify who is running us. */ - if (!default_device && !nodetach && daemon(0, 0) < 0) { - perror("Couldn't detach from controlling terminal"); - exit(1); - } + if (nodetach == 0) + detach(); pid = getpid(); p = getlogin(); if (p == NULL) { @@ -360,16 +371,9 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); + script_setenv("IFNAME", ifname); - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); - pidfilename[0] = 0; - } + create_pidfile(); /* write pid to file */ /* * Configure the interface and mark it up, etc. @@ -508,17 +512,9 @@ main(argc, argv) syslog(LOG_INFO, "Using interface ppp%d", ifunit); (void) sprintf(ifname, "ppp%d", ifunit); - - /* write pid to file */ - (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); - if ((pidfile = fopen(pidfilename, "w")) != NULL) { - fprintf(pidfile, "%d\n", pid); - (void) fclose(pidfile); - } else { - syslog(LOG_ERR, "Failed to create pid file %s: %m", - pidfilename); - pidfilename[0] = 0; - } + script_setenv("IFNAME", ifname); + + create_pidfile(); /* write pid to file */ } /* @@ -611,6 +607,43 @@ main(argc, argv) } /* + * detach - detach us from the controlling terminal. + */ +void +detach() +{ + if (detached) + return; + if (daemon(0, 0) < 0) { + perror("Couldn't detach from controlling terminal"); + die(1); + } + detached = 1; + pid = getpid(); + /* update pid file if it has been written already */ + if (pidfilename[0]) + create_pidfile(); +} + +/* + * Create a file containing our process ID. + */ +static void +create_pidfile() +{ + FILE *pidfile; + + (void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname); + if ((pidfile = fopen(pidfilename, "w")) != NULL) { + fprintf(pidfile, "%d\n", pid); + (void) fclose(pidfile); + } else { + syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename); + pidfilename[0] = 0; + } +} + +/* * holdoff_end - called via a timeout when the holdoff period ends. */ static void @@ -1004,6 +1037,11 @@ static void bad_signal(sig) int sig; { + static int crashed = 0; + + if (crashed) + _exit(127); + crashed = 1; syslog(LOG_ERR, "Fatal signal %d", sig); if (conn_running) kill_my_pg(SIGTERM); @@ -1054,9 +1092,9 @@ device_script(program, in, out) close(out); } } - if (redirect_stderr) { + if (nodetach == 0) { close(2); - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); if (errfd >= 0 && errfd != 2) { dup2(errfd, 2); close(errfd); @@ -1095,7 +1133,6 @@ run_program(prog, args, must_exist) int must_exist; { int pid; - char *nullenv[1]; pid = fork(); if (pid == -1) { @@ -1140,8 +1177,7 @@ run_program(prog, args, must_exist) /* SysV recommends a second fork at this point. */ /* run the program; give it a null environment */ - nullenv[0] = NULL; - execve(prog, args, nullenv); + execve(prog, args, script_env); if (must_exist || errno != ENOENT) syslog(LOG_WARNING, "Can't execute %s: %m", prog); _exit(-1); @@ -1256,10 +1292,9 @@ pr_log __V((void *arg, char *fmt, ...)) fmt = va_arg(pvar, char *); #endif - vsprintf(buf, fmt, pvar); + n = vfmtmsg(buf, sizeof(buf), fmt, pvar); va_end(pvar); - n = strlen(buf); if (linep + n + 1 > line + sizeof(line)) { syslog(LOG_DEBUG, "%s", line); linep = line; @@ -1566,3 +1601,78 @@ vfmtmsg(buf, buflen, fmt, args) *buf = 0; return buf - buf0; } + +/* + * script_setenv - set an environment variable value to be used + * for scripts that we run (e.g. ip-up, auth-up, etc.) + */ +void +script_setenv(var, value) + char *var, *value; +{ + int vl = strlen(var); + int i; + char *p, *newstring; + + newstring = (char *) malloc(vl + strlen(value) + 2); + if (newstring == 0) + return; + strcpy(newstring, var); + newstring[vl] = '='; + strcpy(newstring+vl+1, value); + + /* check if this variable is already set */ + if (script_env != 0) { + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + script_env[i] = newstring; + return; + } + } + } else { + i = 0; + script_env = (char **) malloc(16 * sizeof(char *)); + if (script_env == 0) + return; + s_env_nalloc = 16; + } + + /* reallocate script_env with more space if needed */ + if (i + 1 >= s_env_nalloc) { + int new_n = i + 17; + char **newenv = (char **) realloc((void *)script_env, + new_n * sizeof(char *)); + if (newenv == 0) + return; + script_env = newenv; + s_env_nalloc = new_n; + } + + script_env[i] = newstring; + script_env[i+1] = 0; +} + +/* + * script_unsetenv - remove a variable from the environment + * for scripts. + */ +void +script_unsetenv(var) + char *var; +{ + int vl = strlen(var); + int i; + char *p; + + if (script_env == 0) + return; + for (i = 0; (p = script_env[i]) != 0; ++i) { + if (strncmp(p, var, vl) == 0 && p[vl] == '=') { + free(p); + while ((script_env[i] = script_env[i+1]) != 0) + ++i; + break; + } + } +} diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c index d8c39837381e..5a194b59ea10 100644 --- a/usr.sbin/pppd/options.c +++ b/usr.sbin/pppd/options.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: options.c,v 1.40 1997/11/27 06:09:34 paulus Exp $"; +static char rcsid[] = "$Id: options.c,v 1.42 1998/03/26 04:46:06 paulus Exp $"; #endif #include <ctype.h> @@ -173,6 +173,7 @@ static int setcrtscts __P((char **)); static int setnocrtscts __P((char **)); static int setxonxoff __P((char **)); static int setnodetach __P((char **)); +static int setupdetach __P((char **)); static int setmodem __P((char **)); static int setlocal __P((char **)); static int setlock __P((char **)); @@ -215,6 +216,7 @@ static int setbsdcomp __P((char **)); static int setnobsdcomp __P((char **)); static int setdeflate __P((char **)); static int setnodeflate __P((char **)); +static int setnodeflatedraft __P((char **)); static int setdemand __P((char **)); static int setpred1comp __P((char **)); static int setnopred1comp __P((char **)); @@ -274,6 +276,7 @@ static struct cmd { {"-d", 0, setdebug}, /* Increase debugging level */ {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */ {"-detach", 0, setnodetach}, /* don't fork */ + {"updetach", 0, setupdetach}, /* Detach once an NP has come up */ {"noip", 0, noip}, /* Disable IP and IPCP */ {"-ip", 0, noip}, /* Disable IP and IPCP */ {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */ @@ -368,6 +371,7 @@ static struct cmd { {"deflate", 1, setdeflate}, /* request Deflate compression */ {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */ + {"nodeflatedraft", 0, setnodeflatedraft}, /* don't use draft deflate # */ {"predictor1", 0, setpred1comp}, /* request Predictor-1 */ {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */ {"-predictor1", 0, setnopred1comp}, /* don't allow Predictor-1 */ @@ -1869,6 +1873,14 @@ setnodetach(argv) } static int +setupdetach(argv) + char **argv; +{ + nodetach = -1; + return (1); +} + +static int setdemand(argv) char **argv; { @@ -2250,6 +2262,15 @@ setnodeflate(argv) } static int +setnodeflatedraft(argv) + char **argv; +{ + ccp_wantoptions[0].deflate_draft = 0; + ccp_allowoptions[0].deflate_draft = 0; + return 1; +} + +static int setpred1comp(argv) char **argv; { @@ -2320,11 +2341,12 @@ setdnsaddr(argv) dns = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].dnsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].dnsaddr[0] == 0) ipcp_allowoptions[0].dnsaddr[0] = dns; - } else { - ipcp_allowoptions[0].dnsaddr[1] = dns; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].dnsaddr[1] = dns; return (1); } @@ -2351,11 +2373,12 @@ setwinsaddr(argv) wins = *(u_int32_t *)hp->h_addr; } - if (ipcp_allowoptions[0].winsaddr[0] == 0) { + /* if there is no primary then update it. */ + if (ipcp_allowoptions[0].winsaddr[0] == 0) ipcp_allowoptions[0].winsaddr[0] = wins; - } else { - ipcp_allowoptions[0].winsaddr[1] = wins; - } + + /* always set the secondary address value to the same value. */ + ipcp_allowoptions[0].winsaddr[1] = wins; return (1); } @@ -2451,6 +2474,7 @@ setipxanet(argv) { ipxcp_wantoptions[0].accept_network = 1; ipxcp_allowoptions[0].accept_network = 1; + return 1; } static int @@ -2459,6 +2483,7 @@ setipxalcl(argv) { ipxcp_wantoptions[0].accept_local = 1; ipxcp_allowoptions[0].accept_local = 1; + return 1; } static int @@ -2467,6 +2492,7 @@ setipxarmt(argv) { ipxcp_wantoptions[0].accept_remote = 1; ipxcp_allowoptions[0].accept_remote = 1; + return 1; } static u_char * diff --git a/usr.sbin/pppd/patchlevel.h b/usr.sbin/pppd/patchlevel.h index 525207489581..3a0a634cf3ce 100644 --- a/usr.sbin/pppd/patchlevel.h +++ b/usr.sbin/pppd/patchlevel.h @@ -1,6 +1,6 @@ -/* $Id: patchlevel.h,v 1.30 1997/11/27 06:09:44 paulus Exp $ */ -#define PATCHLEVEL 3 +/* $Id: patchlevel.h,v 1.33 1998/05/04 06:10:31 paulus Exp $ */ +#define PATCHLEVEL 5 #define VERSION "2.3" #define IMPLEMENTATION "" -#define DATE "11 December 1997" +#define DATE "4 May 1998" diff --git a/usr.sbin/pppd/pppd.8 b/usr.sbin/pppd/pppd.8 index 6a891b9a217c..5afc685e3e7a 100644 --- a/usr.sbin/pppd/pppd.8 +++ b/usr.sbin/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.3 -.\" $Id: pppd.8,v 1.26 1997/04/30 05:56:22 paulus Exp $ +.\" $Id: pppd.8,v 1.27 1998/03/31 04:31:08 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -648,7 +648,7 @@ the initial /dev/ is removed from the terminal name, and any remaining .PP An options file is parsed into a series of words, delimited by whitespace. Whitespace can be included in a word by enclosing the -word in quotes ("). A backslash (\\) quotes the following character. +word in double-quotes ("). A backslash (\\) quotes the following character. A hash (#) starts a comment, which continues until the end of the line. There is no restriction on using the \fIfile\fR or \fIcall\fR options within an options file. @@ -950,10 +950,46 @@ causes other debugging messages to be logged. .LP Debugging can also be enabled or disabled by sending a SIGUSR1 signal to the pppd process. This signal acts as a toggle. -.SH FILES -.TP -.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) -Process-ID for pppd process on ppp interface unit \fIn\fR. +.SH SCRIPTS +Pppd invokes scripts at various stages in its processing which can be +used to perform site-specific ancillary processing. These scripts are +usually shell scripts, but could be executable code files instead. +Pppd does not wait for the scripts to finish. The scripts are +executed as root (with the real and effective user-id set to 0), so +that they can do things such as update routing tables or run +privileged daemons. Be careful that the contents of these scripts do +not compromise your system's security. Pppd runs the scripts with +standard input, output and error redirected to /dev/null, and with an +environment that is empty except for some environment variables that +give information about the link. The environment variables that pppd +sets are: +.TP +.B DEVICE +The name of the serial tty device being used. +.TP +.B IFNAME +The name of the network interface being used. +.TP +.B IPLOCAL +The IP address for the local end of the link. This is only set when +IPCP has come up. +.TP +.B IPREMOTE +The IP address for the remote end of the link. This is only set when +IPCP has come up. +.TP +.B PEERNAME +The authenticated name of the peer. This is only set if the peer +authenticates itself. +.TP +.B SPEED +The baud rate of the tty device. +.TP +.B UID +The real user-id of the user who invoked pppd. +.P +Pppd invokes the following scripts, if they exist. It is not an error +if they don't exist. .TP .B /etc/ppp/auth-up A program or script which is executed after the remote system @@ -961,11 +997,8 @@ successfully authenticates itself. It is executed with the parameters .IP \fIinterface-name peer-name user-name tty-device speed\fR .IP -and with its standard input, output and error redirected to -/dev/null. This program or script is executed with the real and -effective user-IDs set to root, and with an empty environment. (Note -that this script is not executed if the peer doesn't authenticate -itself, for example when the \fInoauth\fR option is used.) +Note that this script is not executed if the peer doesn't authenticate +itself, for example when the \fInoauth\fR option is used. .TP .B /etc/ppp/auth-down A program or script which is executed when the link goes down, if @@ -979,25 +1012,13 @@ executed with the parameters .IP \fIinterface-name tty-device speed local-IP-address remote-IP-address ipparam\fR -.IP -and with its standard input, -output and error streams redirected to /dev/null. -.IP -This program or script is executed with the real and effective -user-IDs set to root. This is so that it can be used to manipulate -routes, run privileged daemons (e.g. \fIsendmail\fR), etc. Be -careful that the contents of the /etc/ppp/ip-up and /etc/ppp/ip-down -scripts do not compromise your system's security. -.IP -This program or script is executed with an empty environment, so you -must either specify a PATH or use full pathnames. .TP .B /etc/ppp/ip-down A program or script which is executed when the link is no longer available for sending and receiving IP packets. This script can be used for undoing the effects of the /etc/ppp/ip-up script. It is invoked in the same manner and with the same parameters as the ip-up -script, and the same security considerations apply. +script. .TP .B /etc/ppp/ipx-up A program or script which is executed when the link is available for @@ -1008,10 +1029,6 @@ executed with the parameters remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR .IP -and with its standard input, -output and error streams redirected to /dev/null. -.br -.IP The local-IPX-routing-protocol and remote-IPX-routing-protocol field may be one of the following: .IP @@ -1022,21 +1039,17 @@ RIP to indicate that RIP/SAP should be used NLSP to indicate that Novell NLSP should be used .br RIP NLSP to indicate that both RIP/SAP and NLSP should be used -.br -.IP -This program or script is executed with the real and effective -user-IDs set to root, and with an empty environment. This is so -that it can be used to manipulate routes, run privileged daemons (e.g. -\fIripd\fR), etc. Be careful that the contents of the /etc/ppp/ipx-up -and /etc/ppp/ipx-down scripts do not compromise your system's -security. .TP .B /etc/ppp/ipx-down A program or script which is executed when the link is no longer available for sending and receiving IPX packets. This script can be used for undoing the effects of the /etc/ppp/ipx-up script. It is invoked in the same manner and with the same parameters as the ipx-up -script, and the same security considerations apply. +script. +.SH FILES +.TP +.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) +Process-ID for pppd process on ppp interface unit \fIn\fR. .TP .B /etc/ppp/pap-secrets Usernames, passwords and IP addresses for PAP authentication. This diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h index e164bb573a36..46b1f937163c 100644 --- a/usr.sbin/pppd/pppd.h +++ b/usr.sbin/pppd/pppd.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pppd.h,v 1.19 1997/04/30 05:56:55 paulus Exp $ + * $Id: pppd.h,v 1.21 1998/03/26 04:46:08 paulus Exp $ */ /* @@ -68,6 +68,8 @@ extern int redirect_stderr;/* Connector's stderr should go to file */ extern char peer_authname[];/* Authenticated name of peer */ extern int privileged; /* We were run by real-uid root */ extern int need_holdoff; /* Need holdoff period after link terminates */ +extern char **script_env; /* Environment variables for scripts */ +extern int detached; /* Have detached from controlling tty */ /* * Variables set by command-line options. @@ -175,6 +177,7 @@ extern struct protent *protocols[]; */ /* Procedures exported from main.c. */ +void detach __P((void)); /* Detach from controlling tty */ void die __P((int)); /* Cleanup and exit */ void quit __P((void)); /* like die(1) */ void novm __P((char *)); /* Say we ran out of memory, and die */ @@ -194,6 +197,8 @@ void print_string __P((char *, int, void (*) (void *, char *, ...), void *)); /* Format a string for output */ int fmtmsg __P((char *, int, char *, ...)); /* sprintf++ */ int vfmtmsg __P((char *, int, char *, va_list)); /* vsprintf++ */ +void script_setenv __P((char *, char *)); /* set script env var */ +void script_unsetenv __P((char *)); /* unset script env var */ /* Procedures exported from auth.c */ void link_required __P((int)); /* we are starting to use the link */ @@ -293,6 +298,7 @@ void unlock __P((void)); /* Delete previously-created lock file */ int daemon __P((int, int)); /* Detach us from terminal session */ void logwtmp __P((const char *, const char *, const char *)); /* Write entry to wtmp file */ +int get_host_seed __P((void)); /* Get host-dependent random number seed */ #ifdef PPP_FILTER int set_filters __P((struct bpf_program *pass, struct bpf_program *active)); /* Set filter programs in kernel */ diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c index 46962dec0ff6..0e64dcd364cb 100644 --- a/usr.sbin/pppd/sys-bsd.c +++ b/usr.sbin/pppd/sys-bsd.c @@ -21,8 +21,9 @@ */ #ifndef lint -static char rcsid[] = "$Id: sys-bsd.c,v 1.29 1997/11/27 06:10:04 paulus Exp $"; +static char rcsid[] = "$Id: sys-bsd.c,v 1.31 1998/04/02 12:04:19 paulus Exp $"; /* $NetBSD: sys-bsd.c,v 1.1.1.3 1997/09/26 18:53:04 christos Exp $ */ +#endif /* * TODO: @@ -62,9 +63,13 @@ static char rcsid[] = "$Id: sys-bsd.c,v 1.29 1997/11/27 06:10:04 paulus Exp $"; #if defined(NetBSD) && (NetBSD >= 199703) #include <netinet/if_inarp.h> #else /* NetBSD 1.2D or later */ +#ifdef __FreeBSD__ +#include <netinet/if_ether.h> +#else #include <net/if_ether.h> #endif #endif +#endif #include "pppd.h" #include "fsm.h" @@ -1390,6 +1395,15 @@ GetMask(addr) } /* + * Use the hostid as part of the random number seed. + */ +int +get_host_seed() +{ + return gethostid(); +} + +/* * lock - create a lock file for the named lock device */ #define LOCK_PREFIX "/var/spool/lock/LCK.." |