Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/ppp/dist import new pppd:
details: https://anonhg.NetBSD.org/src/rev/130f75d264be
branches: trunk
changeset: 333256:130f75d264be
user: christos <christos%NetBSD.org@localhost>
date: Sat Oct 25 18:43:24 2014 +0000
description:
import new pppd:
* Fixed a potential security issue in parsing option files (CVE-2014-3158).
* There is a new "stop-bits" option, which takes an argument of 1 or 2,
indicating the number of stop bits to use for async serial ports.
* Various bug fixes.
diffstat:
external/bsd/ppp/dist/.gitignore | 7 +
external/bsd/ppp/dist/PLUGINS | 2 +-
external/bsd/ppp/dist/README | 32 +-
external/bsd/ppp/dist/README.pppoe | 93 ++
external/bsd/ppp/dist/pppd/plugins/passprompt.c | 110 ++
external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c | 30 +-
external/bsd/ppp/dist/pppd/plugins/winbind.c | 669 +++++++++++++++++
external/bsd/ppp/dist/pppdump/pppdump.8 | 2 +-
external/bsd/ppp/dist/pppstats/pppstats.8 | 2 +-
9 files changed, 925 insertions(+), 22 deletions(-)
diffs (truncated from 1035 to 300 lines):
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/.gitignore
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/.gitignore Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,7 @@
+*.orig
+*~
+*.o
+*.so
+*.a
+*.cat8
+Makefile
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/PLUGINS
--- a/external/bsd/ppp/dist/PLUGINS Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/PLUGINS Sat Oct 25 18:43:24 2014 +0000
@@ -284,4 +284,4 @@
-## Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp ##
+## $Id: PLUGINS,v 1.1.1.2 2014/10/25 18:43:25 christos Exp $ ##
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/README
--- a/external/bsd/ppp/dist/README Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/README Sat Oct 25 18:43:24 2014 +0000
@@ -61,9 +61,39 @@
authenticating itself to you, of course.)
-What's new in ppp-2.4.5.
+What's new in ppp-2.4.7.
************************
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
* Under Linux, pppd can now operate in a mode where it doesn't request
the peer's IP address, as some peers refuse to supply an IP address.
Since Linux supports device routes as well as gateway routes, it's
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/README.pppoe
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/README.pppoe Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,93 @@
+ PPPoE Support
+ -------------
+
+ Michal Ostrowski
+ 8 August 2001
+
+ for ppp-2.4.2
+ Updated for ppp-2.4.5 by Paul Mackerras, Sep 08
+
+1. Introduction
+---------------
+
+This document describes the support for PPP over Ethernet (PPPoE)
+included with this package. It is assumed that the reader is
+familiar with Linux PPP (as it pertains to tty/modem-based
+connections). In particular, users of PPP in the Linux 2.2 series
+kernels should ensure they are familiar with the changes to the PPP
+implementation in the 2.4 series kernels before attempting to use
+PPPoE features.
+
+If you are not familiar with PPP, I recommend looking at other
+packages which include end-user configuration tools, such as Roaring
+Penguin (http://www.roaringpenguin.com/pppoe).
+
+PPPoE is a protocol typically used by *DSL providers to manage IP
+addresses and authenticate users. Essentially, PPPoE provides for a
+PPP connection to be established not over a physical serial-line or
+modem, but over a logical connection between two unique MAC-addresses
+on an ethernet network. Once the PPPoE layer discovers the end-points
+to be used in the link and negotiates it, frames may be sent to and
+received from the PPPoE layer just as if the link was a serial line
+(or that is how it's supposed to be).
+
+With this in mind, the goal of the implementation of PPPoE support in
+Linux is to allow users to simply specify that the device they intend
+to use for the PPP connection is an ethernet device (e.g. "eth0") and
+the rest of the system should function as usual.
+
+2. Using PPPoE
+--------------
+
+This section is a quick guide for getting PPPoE working, to allow one
+to connect to their ISP who is providing PPPoE based services.
+
+1. Enable "Prompt for development and/or incomplete code/drivers" and
+ "PPP over Ethernet" in your kernel configuration. Most distributions
+ will include the kernel PPPoE module by default.
+
+2. Compile and install your kernel.
+
+3. Install the ppp package.
+
+4. Add the following line to /etc/ppp/options:
+
+ plugin rp-pppoe.so
+
+ The effect of this line is simply to make "eth0", "eth1",
+ ....,"ethx" all valid device names for pppd (just like ttyS0,
+ ttyS1).
+
+5. Add the necessary authentication options to your pppd
+ configuration (i.e. PAP/CHAP information). If you wish to
+ maintain seperate configurations for different devices you may
+ place configuration options in device-specific configuration
+ files: /etc/ppp/options.devname (devname=ttyS0, ttyS1, eth0, eth1
+ or any other valid device name).
+
+6. Invoke pppd with the appropriate device name: e.g. "pppd eth0"
+
+
+Do not include any compression or flow control options in your PPPoE
+configuration. They will be ignored.
+
+Again, here it is assumed that the reader is familiar with the general
+process of configuring PPP. The steps outlined here refer only to the
+steps and configuration options which are PPPoE specific, and it is
+assumed that the reader will also configure other aspects of the system
+(e.g. PAP authentication parameters).
+
+3. Advanced Functionality
+--------------------------
+
+For more advanced functionality (such as providing PPPoE services) and
+user configuration tools, look to the Roaring Penguin PPPoE software
+package (http://www.roaringpenguin.com/pppoe).
+
+4. Credits
+-----------
+
+The PPPoE plugin included in this package is a component of the
+Roaring Penguin PPPoE package, included in this package courtesy of
+Roaring Penguin Software. (http://www.roaringpenguin.com).
+
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/pppd/plugins/passprompt.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/ppp/dist/pppd/plugins/passprompt.c Sat Oct 25 18:43:24 2014 +0000
@@ -0,0 +1,110 @@
+/*
+ * passprompt.c - pppd plugin to invoke an external PAP password prompter
+ *
+ * Copyright 1999 Paul Mackerras, Alan Curry.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+#include <errno.h>
+#include <unistd.h>
+#include <sys/wait.h>
+#include <syslog.h>
+#include "pppd.h"
+
+char pppd_version[] = VERSION;
+
+static char promptprog[PATH_MAX+1];
+
+static option_t options[] = {
+ { "promptprog", o_string, promptprog,
+ "External PAP password prompting program",
+ OPT_STATIC, NULL, PATH_MAX },
+ { NULL }
+};
+
+static int promptpass(char *user, char *passwd)
+{
+ int p[2];
+ pid_t kid;
+ int readgood, wstat;
+ ssize_t red;
+
+ if (promptprog[0] == 0 || access(promptprog, X_OK) < 0)
+ return -1; /* sorry, can't help */
+
+ if (!passwd)
+ return 1;
+
+ if (pipe(p)) {
+ warn("Can't make a pipe for %s", promptprog);
+ return 0;
+ }
+ if ((kid = fork()) == (pid_t) -1) {
+ warn("Can't fork to run %s", promptprog);
+ close(p[0]);
+ close(p[1]);
+ return 0;
+ }
+ if (!kid) {
+ /* we are the child, exec the program */
+ char *argv[5], fdstr[32];
+ sys_close();
+ closelog();
+ close(p[0]);
+ seteuid(getuid());
+ setegid(getgid());
+ argv[0] = promptprog;
+ argv[1] = user;
+ argv[2] = remote_name;
+ sprintf(fdstr, "%d", p[1]);
+ argv[3] = fdstr;
+ argv[4] = 0;
+ execv(*argv, argv);
+ _exit(127);
+ }
+
+ /* we are the parent, read the password from the pipe */
+ close(p[1]);
+ readgood = 0;
+ do {
+ red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
+ if (red == 0)
+ break;
+ if (red < 0) {
+ if (errno == EINTR)
+ continue;
+ error("Can't read secret from %s: %m", promptprog);
+ readgood = -1;
+ break;
+ }
+ readgood += red;
+ } while (readgood < MAXSECRETLEN - 1);
+ close(p[0]);
+
+ /* now wait for child to exit */
+ while (waitpid(kid, &wstat, 0) < 0) {
+ if (errno != EINTR) {
+ warn("error waiting for %s: %m", promptprog);
+ break;
+ }
+ }
+
+ if (readgood < 0)
+ return 0;
+ passwd[readgood] = 0;
+ if (!WIFEXITED(wstat))
+ warn("%s terminated abnormally", promptprog);
+ if (WEXITSTATUS(wstat))
+ warn("%s exited with code %d", promptprog, WEXITSTATUS(status));
+
+ return 1;
+}
+
+void plugin_init(void)
+{
+ add_options(options);
+ pap_passwd_hook = promptpass;
+}
diff -r ecb849a217fe -r 130f75d264be external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c
--- a/external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c Sat Oct 25 18:15:18 2014 +0000
+++ b/external/bsd/ppp/dist/pppd/plugins/pppol2tp/pppol2tp.c Sat Oct 25 18:43:24 2014 +0000
@@ -74,8 +74,6 @@
static void (*old_snoop_recv_hook)(unsigned char *p, int len) = NULL;
static void (*old_snoop_send_hook)(unsigned char *p, int len) = NULL;
-static void (*old_ip_up_hook)(void) = NULL;
-static void (*old_ip_down_hook)(void) = NULL;
/* Hook provided to allow other plugins to handle ACCM changes */
void (*pppol2tp_send_accm_hook)(int tunnel_id, int session_id,
@@ -436,22 +434,18 @@
* Interface up/down events
*****************************************************************************/
-static void pppol2tp_ip_up_hook(void)
+static void pppol2tp_ip_up(void *opaque, int arg)
{
- if (old_ip_up_hook != NULL)
- (*old_ip_up_hook)();
-
+ /* may get called twice (for IPv4 and IPv6) but the hook handles that well */
if (pppol2tp_ip_updown_hook != NULL) {
(*pppol2tp_ip_updown_hook)(pppol2tp_tunnel_id,
Home |
Main Index |
Thread Index |
Old Index