PPP ifname enhanced #289

…so plugin (#304) Backward compatibility symlink is there already for one ppp release. Remove it for next ppp release to not conflict with real rp-pppoe.so plugin. So both ppp's pppoe.so and rp's rp-pppoe.so plugins can be installed together. Now when conversion to automake was done, it is a good time to drop this problematic symlink from default installation. Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Options that specify --with-logfile-dir, or --with-plugin-dir, or --with-runtime-dir needs to be specified using AC_ARG_WITH, not AC_ARG_ENABLE. If you try to specify --without-openssl, then the conditions should be tested against = "xyes". There is a case where the option is either blank or is set to "xno" and the former case wasn't properly handled. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

MAXIFNAMELEN is currently hardcoded to 32, but maximal size of interface name on Linux is just 15 + nul-term byte. This limit is already provided by IFNAMSIZ macro defined in net/if.h header file. So replace MAXIFNAMELEN usage by IFNAMSIZ to not silently truncate interface name. Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Macros IF_NAMESIZE and IFNAMSIZ should be defined to the same value, but struct ifreq uses IFNAMSIZ. So use "correct" macro. Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Minor spelling fix. Signed-off-by: Gustavo Romero <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…kage. (#290) Depending on the invoking process's umask it's possible that the radattr file (which in certain cases can contain crytographic keys) be stored with permissions such that world-read access is possible, resulting in sensitive information being leaked to local users. Signed-off-by: Jaco Kroon <[email protected]> Co-authored-by: Jaco Kroon <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Linux architectures have different content of struct termios2 and also different value of BOTHER macro. So do not declare any struct termios2 nor BOTHER macro. Current definitions in ppp were applicable only for x86. Correct definitions for current architecture are only in <asm/termbits.h> and <asm/ioctls.h> header files. But Linux header file <asm/termbits.h> is in conflict with glibc header file <termios.h> and only one can be included in one source unit. Moreover both header files contains struct termios but with different content. So it is not possible to use glibc tc* functions with <asm/termbits.h> definitions. For this reason provide a new include header file "termios_linux.h" which provides custom implementation of all glibc's termios.h functions via Linux ioctl() interface with definitions from Linux <asm/termbits.h> header file. Thus this "termios_linux.h" is replacement for <termios.h> with additional support for BOTHER Linux termios API. Same "termios_linux.h" is going to be used by U-Boot's kwboot utility for the same reason to use arbitrary baudrate value via BOTHER ioctl API. Hopefully one day glibc will provide some API functions for functionality provided currently by BOTHER Linux API. Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

@paulusmack

This also incorporates the comments from @paulusmack. Generally, fixes: - Suppresed warnings w.r.t. unused results in signal handling and result from write() - Unused results w.r.t. setuid/getuid/chdir Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…f setuid/setgid Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…ation Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…cture initialization. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…ss (int* vs unsigned int* in definition of socklen_t). Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…argument has type 'int' Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…cess) rc_find_server() resets the secret by setting *secret = 0 instead of what was likely intended: memset the entire array. In case of error, moved the memset operation outside of the rc_find_server() function. It's only used in one place anyway. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…Result would have been the same. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…Paul Mackerras Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

… to fit a number. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

This ensures installation code to be tested. Signed-off-by: Adrian Ban <[email protected]>

The step is already covered by `make distcheck`. Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Adrian Ban <[email protected]>

current patch implements client functionality for PEAPv0/EAP-MSCHAPv2, which is usually the most common setup deployed by companies utilizing Microsoft RRAS as their VPN solution Signed-off-by: Rustam Kovhaev <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

These changes adds to his contribution by * Adding options to perform CA/CRL checking and certificate validation consistent with what is already been done for EAP-TLS * Certificate validation is now in line with what is already been done for EAP-TLS. Users can now set "remotename" and "tls-verify-method" to control these. * Validation of certificate purpose and extended key usage is controlled by the option "tls-verify-key-usage". * Fixing up MPPE key generation to use the new API for handling MPPE keys * Man page is updated where appropriate for the new options. * Added unit-tests for the PEAP code in case of crypto or parameters would change in the future. * Added the peap feature to configure scripts. Users can now control the feature by specifying --enable-peap/--disable-peap. To acheive feature parity with the EAP-TLS change, the EAP-TLS common code was refactored into tls.c/.h such that it could be re-used in both instances. Using PEAP/MSCHAPv2 is now supported in PPPD with this change. Signed-off-by: Eivind Næss <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Michael Everitt <[email protected]> Signed-off-by: Lars Wendler <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Previously, if configure-request is sent without MS_WINS[12], a peer may return a NAK with a request for it. However, code in the ipcp_nakci didn't handle this case properly. This patch fixes it to set try.req_wins[12]. Signed-off-by: Michael Everitt <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Without it, l2tp daemon can't launch ppp, cuz undefined symbol ipv6_up_notifier. Signed-off-by: Adrian Ban <[email protected]>

These allow a user to specify the paths to the scripts usually located at /etc/ppp/ipv6-up and /etc/ppp/ipv6-down, similarly to the existing ip-up-script and ip-down-script options Signed-off-by: Daniel Barlow <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

… option Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…ery2() pppoe-discovery.c needs to call only the first phase of discovery. Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…ry.c code Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…bose option is set Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…intf() Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…e plugin code Signed-off-by: Pali Rohár <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

…cters This adds logic to pppoe_printpkt to print text fields as hex if the field contains any non-printable characters. This is so that a malicious, buggy or hacked access concentrator can't cause us to send non-printing characters to syslog. Signed-off-by: Paul Mackerras <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

….15. (#327) Signed-off-by: RICCIARDI-Adrien <[email protected]> Signed-off-by: Adrian Ban <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PPP ifname enhanced #289

PPP ifname enhanced #289

Commits on Dec 21, 2021