The rtentry device name has already been set in commit:
9856f47063 ("Specify the device name on the default route deletion")
Fixes: 35e5a569c9 (pppd: add support for defaultroute-metric option)
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
The symbol OPENSSL_VERSION_NUMBER is not defined when pppd is
compiled without OpenSSL support, so it evaluates to zero.
This results in the following linker error:
crypto.c:241: undefined reference to `ERR_free_strings'
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Starting with LibreSSL 4.0.0 the OPENSSL_load_builtin_modules() function
was removed. It is obsolete after automatic library initialization and
now an internal API.
Signed-off-by: orbea <orbea@riseup.net>
Add support of format specifiers %lld and %llu to the function vslprintf
and use the correct specifiers for printing 64-bit counters.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
This removes various scripts and config files that related to dial-up
connections, doing PPP over rsh or ssh (for which there are better
alternatives), and updating resolv.conf (for which distros have other
mechanisms these days).
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This is associated with the passprompt plugin, and like it, seems not
to be very useful any more now that no-one uses dial-up. Also, its
function seems somewhat peripheral to PPP.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This is prompted by a number of factors:
* It was more useful back in the dial-up days, but no-one uses dial-up
any more
* In many cases there will be no terminal accessible to the prompter
program at the point where the prompter is run
* The passwordfd plugin does much the same thing but does it more
cleanly and securely
* The handling of privileges and file descriptors needs to be audited
thoroughly.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Fix this:
crypto.c: In function 'PPP_crypto_error':
crypto.c:178:11: error: implicit declaration of function 'vsnprintf' [-Wimplicit-function-declaration]
178 | off = vsnprintf(buf, len, fmt, args);
| ^~~~~~~~~
crypto.c:41:1: note: include '<stdio.h>' or provide a declaration of 'vsnprintf'
40 | #include "crypto-priv.h"
+++ |+#include <stdio.h>
41 |
crypto.c:178:26: warning: 'vsnprintf' argument 2 type is 'int' where 'long unsigned int' is expected in a call to built-in function declared without prototype [-Wbuiltin-declaration-mismatch]
178 | off = vsnprintf(buf, len, fmt, args);
| ^~~
<built-in>: note: built-in 'vsnprintf' declared here
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
- Updated READMEs
- Disabled MPPE support for Solaris
- Fixed compilation error in ccp.c with MPPE disabled
- Use OS-provided drivers and associated include files
- Tested on OpenIndiana Hipster (Illumos)
Signed-off-by: James Carlson <carlsonj@workingcode.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Co-authored-by: James Carlson <carlsonj@workingcode.com>
This adds a copyright notice in my name with MIT licence permissions
to this file. The reason is primarily to provide a concrete statement
of permission to use, copy, modify and distribute the program, for the
sake of those who are uncertain about meaning of the public domain.
See for example https://github.com/ppp-project/ppp/issues/474 .
Given that I have maintained this program for 25 years, it seems
reasonable for it to be my copyright on it.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This renames the configuration files in etc.ppp/ to have ".example"
on the end of their names. This is so that when they are copied to
<sysconfdir>/ppp (often /etc/ppp), they don't overwrite existing
pppd configuration files, and it is clear that they are just examples.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This code has not been updated for a long time, and nominally targets
an OS whose owner (Oracle) has all but abandoned. It includes
zlib code which has CVEs against it, and it is unknown whether any
of them would be exploitable in this context.
Illumos, which is an OpenSolaris fork, has forked Solaris-native
drivers, which should probably work with the user-space pppd code
here.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
- Update README with more of the changes in 2.5.1
- Update the other READMEs lightly, mostly to do with how features are
included or excluded with the new build system.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Since they are testing a condition, they should be #if not #ifdef.
Fixes: 077141058a ("pppd: Add additional functions to handle debugging of crypto calls (#509)", 2024-09-02)
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
These options allow a user to specify paths to pap-secrets and chap-secrets files,
which is useful when running multiple instances of pppd that may use the same
username but with different passwords (e.g. running multiple PPTP tunnels).
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
This option allows a user to specify that they do not want to
create the /etc/ppp/resolv.conf file with the DNS server addresses.
This can be useful when running on a read-only root filesystem.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
This option allows a user to specify the path to the script
usually located at /etc/ppp/ip-pre-up, similarly to the
existing ip-up-script and ip-down-script options.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
* pppd/ipcp.c: (ipcp_down): fix comment
* pppd/main.c: (reset_link_stats): reset print_link_stats to 1, set
start_time even if get_ppp_stats fails.
This is an attempt to fix the problem noted in the linux-ppp mailing list on
mar-26-2024 and may-03-2024 under the subject "ppp-2.5.0 sometimes doesn't
print stats on terminating on signal 2"
The sent/recv log messages were being lost, especially with the persist option.
This seems to be an oversight during reorg in commit ba7f7e0 "Header file
reorganization and cleaning up the public API for pppd version 2.5.0 (#379)"
around the repurposing of the link_stats_valid variable as link_stats_print.
It also fixes a stray reference to the old variable in a comment.
Signed-off-by: S Madhu <enometh@meer.net>
These options allow a user to specify paths to scripts usually located
at /etc/ppp/net-init, /etc/ppp/net-pre-up and /etc/ppp/net-down,
similarly to the existing ip-up-script and ip-down-script options.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
This avoids the theoretical possibility of integer overflow in
adding a constant before dividing in order to get the effect of
rounding up. Instead we divide and add 1 if the original value modulo
the divisor is non-zero.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Having done fdopen() on a couple of file descriptors, we then need to
use fclose() to close them rather than close().
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
The reason is to avoid a theoretically possible overflow of cilen.
Using u_int32_t rather than u_short probably generates better code
on many machines anyway. Also change l from int to unsigned so as
to avoid any possibility of integer overflow.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
If anything goes wrong in preparing a CHAP Response, return a 0-length
response instead of leaving the length field uninitialized. Also
print a warning message to say that something went wrong.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This simplifies the code and reduces its attack surface, in response
to some deficiencies being found in the zlib code. This should be OK
since probably no-one uses compression on PPP links any more, and in
any case, the code still exists in git if anyone wants it.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Previously auth_number treated all entries in the permitted_numbers
list as if they were wildcards, i.e., as ending in '*', even if there
was no '*'. This fixes it to only treat entries ending in '*' as
wildcards; without the '*', remote_number has to match the whole entry
exactly.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This saves the access concentrator (AC) name supplied by the AC in the
PADO packet and creates an environment variable called "ACNAME" with
the name as its value for scripts to use if desired.
This was inspired by a pull request from "bearmi" on github, but
reimplemented somewhat differently by me.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Reading the values of pppoe_padi_timeout and pppoe_padi_attempts in
PPPOEInitDevice() means that they get sampled when the parsing the
ethernet device name. If the user provides the pppoe-padi-attempts or
pppoe-padi-timeout option after the ethernet device name, the value
given is effectively ignored.
Instead, read those variables in pppoe_check_options, which is called
after all options have been parsed, so that any user-specified values
don't get missed.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This partially reverts commit 1c082acf77 ("pppoe: Show verbose
information about all concentrator when pppoe-verbose option is set",
2021-01-01). That commit added a 5-second wait between receiving a
valid PADO and sending the PADR response so as to give time to see
whether any other PADOs arrive. However, it appears that this delay
causes problems with some concentrators.
This reverts to the previous behaviour of sending the PADR
immediately.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
