From 35bb669a29dd920ab2e5e9f349ce19f38fc42f81 Mon Sep 17 00:00:00 2001 From: Rosa Date: Wed, 1 Feb 2012 14:14:20 +0400 Subject: [PATCH] Automatic import for version 2.4.5 --- .abf.yml | 4 + README.pppoatm | 5 + ppp-2.3.6-sample.patch | 295 ++++++ ppp-2.4.2-pie.patch | 36 + ppp-2.4.2-wtmp.patch | 100 ++ ppp-2.4.3-etcppp.patch | 12 + ppp-2.4.3-libatm.patch | 11 + ppp-2.4.3-noexttraffic.patch | 101 ++ ppp-2.4.3-nostrip.patch | 100 ++ ppp-2.4.3-pam.conf | 5 + ppp-2.4.3-pic.patch | 37 + ppp-2.4.3-pppdump-Makefile.patch | 8 + ppp-2.4.4-dontwriteetc.patch | 56 ++ ppp-2.4.4-mppe-mppc-1.1.patch | 1490 ++++++++++++++++++++++++++++++ ppp-2.4.4-multipledefrt.patch | 51 + ppp-2.4.5-includes-sha1.patch | 10 + ppp-2.4.5-make.patch | 116 +++ ppp-2.4.5-makeopt2.patch | 10 + ppp-2.4.5-pppol2tpv3.patch | 23 + ppp-options.patch | 8 + ppp.logrotate | 10 + ppp.spec | 595 ++++++++++++ 22 files changed, 3083 insertions(+) create mode 100644 .abf.yml create mode 100644 README.pppoatm create mode 100644 ppp-2.3.6-sample.patch create mode 100644 ppp-2.4.2-pie.patch create mode 100644 ppp-2.4.2-wtmp.patch create mode 100644 ppp-2.4.3-etcppp.patch create mode 100644 ppp-2.4.3-libatm.patch create mode 100644 ppp-2.4.3-noexttraffic.patch create mode 100644 ppp-2.4.3-nostrip.patch create mode 100644 ppp-2.4.3-pam.conf create mode 100644 ppp-2.4.3-pic.patch create mode 100644 ppp-2.4.3-pppdump-Makefile.patch create mode 100644 ppp-2.4.4-dontwriteetc.patch create mode 100644 ppp-2.4.4-mppe-mppc-1.1.patch create mode 100644 ppp-2.4.4-multipledefrt.patch create mode 100644 ppp-2.4.5-includes-sha1.patch create mode 100644 ppp-2.4.5-make.patch create mode 100644 ppp-2.4.5-makeopt2.patch create mode 100644 ppp-2.4.5-pppol2tpv3.patch create mode 100644 ppp-options.patch create mode 100644 ppp.logrotate create mode 100644 ppp.spec diff --git a/.abf.yml b/.abf.yml new file mode 100644 index 0000000..56f399e --- /dev/null +++ b/.abf.yml @@ -0,0 +1,4 @@ +sources: + "ppp-2.4.1-mppe-crypto.tar.bz2": 9652e5a21131239f6e8499d4dbc448a9eeee132f + "ppp-2.4.5.tar.bz2": 07dab8969674f44519971013749fcc1d3e280b3c + "ppp-dhcpc.tar.bz2": 8b49c9b8ccde83f69c4b0c9cae6454cdba0845ca diff --git a/README.pppoatm b/README.pppoatm new file mode 100644 index 0000000..a9dcbbc --- /dev/null +++ b/README.pppoatm @@ -0,0 +1,5 @@ +Example of pppd use + + ./pppd plugin plugins/pppoatm.so 0.80 192.0.2.1:192.0.2.2 + +http://www.sfgoth.com/~mitch/linux/atm/pppoatm/ diff --git a/ppp-2.3.6-sample.patch b/ppp-2.3.6-sample.patch new file mode 100644 index 0000000..92eee6c --- /dev/null +++ b/ppp-2.3.6-sample.patch @@ -0,0 +1,295 @@ +--- ppp-2.3.3/sample/auth-down.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/auth-down Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,17 @@ ++#!/bin/sh ++# ++# A program or script which is executed after the remote system ++# successfully authenticates itself. It is executed with the parameters ++# ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++echo auth-down `date +'%y/%m/%d %T'` $* >> /var/log/pppstats ++ ++# last line +--- ppp-2.3.3/sample/auth-up.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/auth-up Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,17 @@ ++#!/bin/sh ++# ++# A program or script which is executed after the remote system ++# successfully authenticates itself. It is executed with the parameters ++# ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++echo auth-up `date +'%y/%m/%d %T'` $* >> /var/log/pppstats ++ ++# last line +--- ppp-2.3.3/sample/ip-down.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/ip-down Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,22 @@ ++#!/bin/sh ++# ++# This script is run by the pppd _after_ the link is brought down. ++# It should be used to delete routes, unset IP addresses etc. ++# ++# This script is called with the following arguments: ++# Arg Name Example ++# $1 Interface name ppp0 ++# $2 The tty ttyS1 ++# $3 The link speed 38400 ++# $4 Local IP number 12.34.56.78 ++# $5 Peer IP number 12.34.56.99 ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++# last line +--- ppp-2.3.3/sample/ip-up.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/ip-up Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,23 @@ ++#!/bin/sh ++# ++# This script is run by the pppd after the link is established. ++# It should be used to add routes, set IP address, run the mailq ++# etc. ++# ++# This script is called with the following arguments: ++# Arg Name Example ++# $1 Interface name ppp0 ++# $2 The tty ttyS1 ++# $3 The link speed 38400 ++# $4 Local IP number 12.34.56.78 ++# $5 Peer IP number 12.34.56.99 ++# ++ ++# ++# The environment is cleared before executing this script ++# so the path must be reset ++# ++PATH=/usr/sbin:/sbin:/usr/bin:/bin ++export PATH ++ ++# last line +--- ppp-2.3.3/sample/options.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/options Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,153 @@ ++# /etc/ppp/options ++ ++# The name of this server. Often, the FQDN is used here. ++#name ++ ++# Enforce the use of the hostname as the name of the local system for ++# authentication purposes (overrides the name option). ++usehostname ++ ++# If no local IP address is given, pppd will use the first IP address ++# that belongs to the local hostname. If "noipdefault" is given, this ++# is disabled and the peer will have to supply an IP address. ++noipdefault ++ ++# With this option, pppd will accept the peer's idea of our local IP ++# address, even if the local IP address was specified in an option. ++#ipcp-accept-local ++ ++# With this option, pppd will accept the peer's idea of its (remote) IP ++# address, even if the remote IP address was specified in an option. ++#ipcp-accept-remote ++ ++# Specify which DNS Servers the incoming Win95 or WinNT Connection should use ++# Two Servers can be remotely configured ++#ms-dns 192.168.1.1 ++#ms-dns 192.168.1.2 ++ ++# Specify which WINS Servers the incoming connection Win95 or WinNT should use ++#wins-addr 192.168.1.50 ++#wins-addr 192.168.1.51 ++ ++# enable this on a server that already has a permanent default route ++#nodefaultroute ++ ++# Run the executable or shell command specified after pppd has terminated ++# the link. This script could, for example, issue commands to the modem ++# to cause it to hang up if hardware modem control signals were not ++# available. ++# If mgetty is running, it will reset the modem anyway. So there is no need ++# to do it here. ++#disconnect "chat -- \d+++\d\c OK ath0 OK" ++ ++# Increase debugging level (same as -d). The debug output is written ++# to syslog LOG_LOCAL2. ++debug ++ ++# Enable debugging code in the kernel-level PPP driver. The argument n ++# is a number which is the sum of the following values: 1 to enable ++# general debug messages, 2 to request that the contents of received ++# packets be printed, and 4 to request that the contents of transmitted ++# packets be printed. ++#kdebug n ++ ++# Require the peer to authenticate itself before allowing network ++# packets to be sent or received. ++# Please do not disable this setting. It is expected to be standard in ++# future releases of pppd. Use the call option (see manpage) to disable ++# authentication for specific peers. ++#auth ++ ++# authentication can either be pap or chap. As most people only want to ++# use pap, you can also disable chap: ++#require-pap ++#refuse-chap ++ ++# Use hardware flow control (i.e. RTS/CTS) to control the flow of data ++# on the serial port. ++crtscts ++ ++# Specifies that pppd should use a UUCP-style lock on the serial device ++# to ensure exclusive access to the device. ++lock ++ ++# Use the modem control lines. ++modem ++ ++# async character map -- 32-bit hex; each bit is a character ++# that needs to be escaped for pppd to receive it. 0x00000001 ++# represents '\x01', and 0x80000000 represents '\x1f'. ++# To allow pppd to work over a rlogin/telnet connection, ou should escape ++# XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".) ++#asyncmap 200a0000 ++asyncmap 0 ++ ++# Specifies that certain characters should be escaped on transmission ++# (regardless of whether the peer requests them to be escaped with its ++# async control character map). The characters to be escaped are ++# specified as a list of hex numbers separated by commas. Note that ++# almost any character can be specified for the escape option, unlike ++# the asyncmap option which only allows control characters to be ++# specified. The characters which may not be escaped are those with hex ++# values 0x20 - 0x3f or 0x5e. ++#escape 11,13,ff ++ ++# Set the MRU [Maximum Receive Unit] value to for negotiation. pppd ++# will ask the peer to send packets of no more than bytes. The ++# minimum MRU value is 128. The default MRU value is 1500. A value of ++# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 ++# bytes of data). ++#mru 542 ++ ++# Set the MTU [Maximum Transmit Unit] value to . Unless the peer ++# requests a smaller value via MRU negotiation, pppd will request that ++# the kernel networking code send data packets of no more than n bytes ++# through the PPP network interface. ++#mtu ++ ++# Set the interface netmask to , a 32 bit netmask in "decimal dot" ++# notation (e.g. 255.255.255.0). ++#netmask 255.255.255.0 ++ ++# Don't fork to become a background process (otherwise pppd will do so ++# if a serial device is specified). ++nodetach ++ ++# Set the assumed name of the remote system for authentication purposes ++# to . ++#remotename ++ ++# Add an entry to this system's ARP [Address Resolution Protocol] ++# table with the IP address of the peer and the Ethernet address of this ++# system. {proxyarp,noproxyarp} ++proxyarp ++ ++# Use the system password database for authenticating the peer using ++# PAP. Note: mgetty already provides this option. If this is specified ++# then dialin from users using a script under Linux to fire up ppp wont work. ++#login ++ ++# If this option is given, pppd will send an LCP echo-request frame to ++# the peer every n seconds. Under Linux, the echo-request is sent when ++# no packets have been received from the peer for n seconds. Normally ++# the peer should respond to the echo-request by sending an echo-reply. ++# This option can be used with the lcp-echo-failure option to detect ++# that the peer is no longer connected. ++lcp-echo-interval 30 ++ ++# If this option is given, pppd will presume the peer to be dead if n ++# LCP echo-requests are sent without receiving a valid LCP echo-reply. ++# If this happens, pppd will terminate the connection. Use of this ++# option requires a non-zero value for the lcp-echo-interval parameter. ++# This option can be used to enable pppd to terminate after the physical ++# connection has been broken (e.g., the modem has hung up) in ++# situations where no hardware modem control lines are available. ++lcp-echo-failure 4 ++ ++# Specifies that pppd should disconnect if the link is idle for n seconds. ++idle 600 ++ ++# Disable the IPXCP and IPX protocols. ++noipx ++ ++# ------ +--- ppp-2.3.3/sample/options.ttyXX.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/options.ttyXX Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,14 @@ ++# If you need to set up multiple serial lines then copy this file to ++# options. for each tty with a modem on it. ++# ++# The options.tty file will assign an IP address to each PPP connection ++# as it comes up. They must all be distinct! ++# ++# Example: ++# options.ttyS1 for com2 under DOS. ++# ++# Edit the following line so that the first IP address ++# mentioned is the ip address of the serial port while the second ++# is the IP address of your host ++# ++hostname-s1:hostname +--- ppp-2.3.3/sample/pap-secrets.sample Tue Jan 6 17:53:27 1998 ++++ ppp-2.3.3/sample/pap-secrets Tue Jan 6 17:53:27 1998 +@@ -0,0 +1,28 @@ ++# Secrets for authentication using PAP ++# client server secret IP addresses ++ ++# OUTBOUND CONNECTIONS ++# Here you should add your userid password to connect to your providers via ++# pap. The * means that the password is to be used for ANY host you connect ++# to. Thus you do not have to worry about the foreign machine name. Just ++# replace password with your password. ++# If you have different providers with different passwords then you better ++# remove the following line. ++#hostname * password ++ ++# INBOUND CONNECTIONS ++#client hostname 192.168.1.1 ++ ++# If you add "auth login -chap +pap" to /etc/mgetty+sendfax/login.config, ++# all users in /etc/passwd can use their password for pap-authentication. ++# ++# Every regular user can use PPP and has to use passwords from /etc/passwd ++#* hostname "" ++# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any ++# other accounts that should not be able to use pppd! Replace hostname ++# with your local hostname. ++#guest hostname "*" - ++#master hostname "*" - ++#root hostname "*" - ++#support hostname "*" - ++#stats hostname "*" - diff --git a/ppp-2.4.2-pie.patch b/ppp-2.4.2-pie.patch new file mode 100644 index 0000000..81eaa92 --- /dev/null +++ b/ppp-2.4.2-pie.patch @@ -0,0 +1,36 @@ +diff -Naurp ppp-2.4.4/chat/Makefile.linux ppp-2.4.4.oden/chat/Makefile.linux +--- ppp-2.4.4/chat/Makefile.linux 2008-12-17 18:26:54.000000000 +0100 ++++ ppp-2.4.4.oden/chat/Makefile.linux 2008-12-17 18:27:10.000000000 +0100 +@@ -18,10 +18,10 @@ INSTALL= install + all: chat + + chat: chat.o +- $(CC) -o chat chat.o ++ $(CC) -pie -o chat chat.o + + chat.o: chat.c +- $(CC) -c $(CFLAGS) -o chat.o chat.c ++ $(CC) -c $(CFLAGS) -fPIC -o chat.o chat.c + + install: chat + mkdir -p $(BINDIR) $(MANDIR) +diff -Naurp ppp-2.4.4/pppd/Makefile.linux ppp-2.4.4.oden/pppd/Makefile.linux +--- ppp-2.4.4/pppd/Makefile.linux 2008-12-17 18:26:54.000000000 +0100 ++++ ppp-2.4.4.oden/pppd/Makefile.linux 2008-12-17 18:27:10.000000000 +0100 +@@ -212,7 +212,7 @@ install: pppd + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) + + pppd: $(PPPDOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) ++ $(CC) $(CFLAGS) -pie $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) + + srp-entry: srp-entry.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) +@@ -226,3 +226,6 @@ clean: + + depend: + $(CPP) -M $(CFLAGS) $(PPPDSRCS) >.depend ++ ++%.o: %.c ++ $(CC) -c $(CFLAGS) -fPIC -o $@ $< +\ No newline at end of file diff --git a/ppp-2.4.2-wtmp.patch b/ppp-2.4.2-wtmp.patch new file mode 100644 index 0000000..08bc8e4 --- /dev/null +++ b/ppp-2.4.2-wtmp.patch @@ -0,0 +1,100 @@ +diff -urN ppp-2.4.2/pppd/pppd.h ppp-2.4.2-modified/pppd/pppd.h +--- ppp-2.4.2/pppd/pppd.h 2003-04-07 02:01:46.000000000 +0200 ++++ ppp-2.4.2-modified/pppd/pppd.h 2004-05-24 13:10:50.944576379 +0200 +@@ -628,8 +628,6 @@ + int lock __P((char *)); /* Create lock file for device */ + int relock __P((int)); /* Rewrite lock file with new pid */ + void unlock __P((void)); /* Delete previously-created lock file */ +-void logwtmp __P((const char *, const char *, const char *)); +- /* Write entry to wtmp file */ + int get_host_seed __P((void)); /* Get host-dependent random number seed */ + int have_route_to __P((u_int32_t)); /* Check if route to addr exists */ + #ifdef PPP_FILTER +diff -urN ppp-2.4.2/pppd/sys-linux.c ppp-2.4.2-modified/pppd/sys-linux.c +--- ppp-2.4.2/pppd/sys-linux.c 2004-01-13 05:05:20.000000000 +0100 ++++ ppp-2.4.2-modified/pppd/sys-linux.c 2004-05-24 13:12:34.770451144 +0200 +@@ -2149,83 +2149,7 @@ + return ok; + } + +-/******************************************************************** +- * +- * Update the wtmp file with the appropriate user name and tty device. +- */ +- +-void logwtmp (const char *line, const char *name, const char *host) +-{ +- struct utmp ut, *utp; +- pid_t mypid = getpid(); +-#if __GLIBC__ < 2 +- int wtmp; +-#endif +- +-/* +- * Update the signon database for users. +- * Christoph Lameter: Copied from poeigl-1.36 Jan 3, 1996 +- */ +- utmpname(_PATH_UTMP); +- setutent(); +- while ((utp = getutent()) && (utp->ut_pid != mypid)) +- /* nothing */; +- +- if (utp) +- memcpy(&ut, utp, sizeof(ut)); +- else +- /* some gettys/telnetds don't initialize utmp... */ +- memset(&ut, 0, sizeof(ut)); +- +- if (ut.ut_id[0] == 0) +- strncpy(ut.ut_id, line + 3, sizeof(ut.ut_id)); +- +- strncpy(ut.ut_user, name, sizeof(ut.ut_user)); +- strncpy(ut.ut_line, line, sizeof(ut.ut_line)); +- +- time(&ut.ut_time); +- +- ut.ut_type = USER_PROCESS; +- ut.ut_pid = mypid; +- +- /* Insert the host name if one is supplied */ +- if (*host) +- strncpy (ut.ut_host, host, sizeof(ut.ut_host)); +- +- /* Insert the IP address of the remote system if IP is enabled */ +- if (ipcp_protent.enabled_flag && ipcp_hisoptions[0].neg_addr) +- memcpy(&ut.ut_addr, (char *) &ipcp_hisoptions[0].hisaddr, +- sizeof(ut.ut_addr)); +- +- /* CL: Makes sure that the logout works */ +- if (*host == 0 && *name==0) +- ut.ut_host[0]=0; +- +- pututline(&ut); +- endutent(); +-/* +- * Update the wtmp file. +- */ +-#if __GLIBC__ >= 2 +- updwtmp(_PATH_WTMP, &ut); +-#else +- wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); +- if (wtmp >= 0) { +- flock(wtmp, LOCK_EX); +- +- if (write (wtmp, (char *)&ut, sizeof(ut)) != sizeof(ut)) +- warn("error writing %s: %m", _PATH_WTMP); +- +- flock(wtmp, LOCK_UN); +- +- close (wtmp); +- } +-#endif +-} +- +- +-/******************************************************************** +- * ++ /* + * sifvjcomp - config tcp header compression + */ + diff --git a/ppp-2.4.3-etcppp.patch b/ppp-2.4.3-etcppp.patch new file mode 100644 index 0000000..307cf91 --- /dev/null +++ b/ppp-2.4.3-etcppp.patch @@ -0,0 +1,12 @@ +diff -Naurp ppp-2.4.4/linux/Makefile.top ppp-2.4.4.oden/linux/Makefile.top +--- ppp-2.4.4/linux/Makefile.top 2008-12-17 18:28:06.000000000 +0100 ++++ ppp-2.4.4.oden/linux/Makefile.top 2008-12-17 18:28:20.000000000 +0100 +@@ -18,7 +18,7 @@ all: + cd pppstats; $(MAKE) $(MFLAGS) all + cd pppdump; $(MAKE) $(MFLAGS) all + +-install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel ++install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel install-etcppp + + install-progs: + cd chat; $(MAKE) $(MFLAGS) install diff --git a/ppp-2.4.3-libatm.patch b/ppp-2.4.3-libatm.patch new file mode 100644 index 0000000..7e181b7 --- /dev/null +++ b/ppp-2.4.3-libatm.patch @@ -0,0 +1,11 @@ +--- ppp-2.4.3/pppd/plugins/pppoatm/Makefile.linux.libatm 2005-04-22 17:38:12.966429706 +0200 ++++ ppp-2.4.3/pppd/plugins/pppoatm/Makefile.linux 2005-04-22 17:38:14.484456865 +0200 +@@ -19,7 +19,7 @@ + # or leave it unset to build the few routines we actually _use_ into + # the plugin directly. + # +-#HAVE_LIBATM=yes ++HAVE_LIBATM=yes + + ifdef HAVE_LIBATM + LIBS := -latm diff --git a/ppp-2.4.3-noexttraffic.patch b/ppp-2.4.3-noexttraffic.patch new file mode 100644 index 0000000..50a98cd --- /dev/null +++ b/ppp-2.4.3-noexttraffic.patch @@ -0,0 +1,101 @@ +diff -Naurp ppp-2.4.4/pppd/Makefile.linux ppp-2.4.4.oden/pppd/Makefile.linux +--- ppp-2.4.4/pppd/Makefile.linux 2008-12-17 18:25:33.000000000 +0100 ++++ ppp-2.4.4.oden/pppd/Makefile.linux 2008-12-17 18:25:46.000000000 +0100 +@@ -60,6 +60,8 @@ HAVE_MULTILINK=y + # Linux distributions: Please leave TDB ENABLED in your builds. + USE_TDB=y + ++NOEXT_TRAFFIC=y ++ + HAS_SHADOW=y + USE_PAM=y + #HAVE_INET6=y +@@ -94,6 +96,10 @@ CFLAGS += -DMPPE=1 + endif + endif + ++ifdef NOEXT_TRAFFIC ++CFLAGS += -DNOEXT_TRAFFIC ++endif ++ + # EAP SRP-SHA1 + ifdef USE_SRP + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include +diff -Naurp ppp-2.4.4/pppd/auth.c ppp-2.4.4.oden/pppd/auth.c +--- ppp-2.4.4/pppd/auth.c 2006-06-18 13:26:00.000000000 +0200 ++++ ppp-2.4.4.oden/pppd/auth.c 2008-12-17 18:25:46.000000000 +0100 +@@ -242,6 +242,11 @@ static char *uafname; /* name of most r + + extern char *crypt __P((const char *, const char *)); + ++#ifdef NOEXT_TRAFFIC ++/* Boolean to care for external traffic or not. Defined in options.c */ ++extern int noexttraffic; ++#endif ++ + /* Prototypes for procedures local to this file. */ + + static void network_phase __P((int)); +@@ -1182,6 +1187,14 @@ check_idle(arg) + tlim = idle_time_hook(&idle); + } else { + itime = MIN(idle.xmit_idle, idle.recv_idle); ++#ifdef NOEXT_TRAFFIC /* modified version, additional commandline-switch noext-traffic */ ++ if (!noexttraffic) ++ itime = MIN(idle.xmit_idle, idle.recv_idle); ++ else ++ itime = idle.xmit_idle; ++#else /* standard version */ ++ itime = MIN(idle.xmit_idle, idle.recv_idle); ++#endif + tlim = idle_time_limit - itime; + } + if (tlim <= 0) { +diff -Naurp ppp-2.4.4/pppd/options.c ppp-2.4.4.oden/pppd/options.c +--- ppp-2.4.4/pppd/options.c 2006-06-18 13:26:00.000000000 +0200 ++++ ppp-2.4.4.oden/pppd/options.c 2008-12-17 18:25:46.000000000 +0100 +@@ -127,6 +127,10 @@ int maxoctets_timeout = 1; /* default + #endif + + ++#ifdef NOEXT_TRAFFIC ++int noexttraffic = 0; /* decide whether or not we want to care for traffic from extern */ ++#endif ++ + extern option_t auth_options[]; + extern struct stat devstat; + +@@ -307,6 +311,9 @@ option_t general_options[] = { + { "active-filter", o_special, setactivefilter, + "set filter for active pkts", OPT_PRIO }, + #endif ++#ifdef NOEXT_TRAFFIC ++ { "noext-traffic", o_bool, (void *)&noexttraffic, "ignore external pkts for timeout", 1 }, ++#endif + + #ifdef MAXOCTETS + { "maxoctets", o_int, &maxoctets, +diff -Naurp ppp-2.4.4/pppd/pppd.8 ppp-2.4.4.oden/pppd/pppd.8 +--- ppp-2.4.4/pppd/pppd.8 2006-06-16 02:01:23.000000000 +0200 ++++ ppp-2.4.4.oden/pppd/pppd.8 2008-12-17 18:25:46.000000000 +0100 +@@ -292,6 +292,20 @@ logged through syslog with facility \fId + \fIdebug\fR. This information can be directed to a file by setting up + /etc/syslog.conf appropriately (see syslog.conf(5)). + .TP ++.B noext-traffic ++Do not count incoming traffic against the idle time set with the idle ++option. The default idle option behavior is to count both outgoing ++and incoming traffic. This can be very helpful when remote hosts ++keeping sending unwanted traffic, thereby keeping the connection up. ++ ++Note that this \fIcannot\fR prevent programs from responding to incoming ++requests and in doing so defeat the idle option. The route program ++\fIreject\fR parameter might help in that case when enough is known about ++IP address space of the site generating the unwanted requests. If you ++initiated contact with the site generating the requests, say with a ++web browser, then denying ingress with the "reject" parameter probably ++won't be a viable option. ++. + .B default\-asyncmap + Disable asyncmap negotiation, forcing all control characters to be + escaped for both the transmit and the receive direction. diff --git a/ppp-2.4.3-nostrip.patch b/ppp-2.4.3-nostrip.patch new file mode 100644 index 0000000..8fd571c --- /dev/null +++ b/ppp-2.4.3-nostrip.patch @@ -0,0 +1,100 @@ +--- ppp-2.4.3/chat/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/chat/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -25,7 +25,7 @@ + + install: chat + mkdir -p $(BINDIR) +- $(INSTALL) -s -c chat $(BINDIR) ++ $(INSTALL) -c chat $(BINDIR) + $(INSTALL) -c -m 644 chat.8 $(MANDIR) + + clean: +--- ppp-2.4.3/pppd/plugins/radius/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/pppd/plugins/radius/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -36,9 +36,9 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radius.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) + $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) + $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) + +--- ppp-2.4.3/pppd/plugins/rp-pppoe/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/pppd/plugins/rp-pppoe/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -39,9 +39,9 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) ++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) + $(INSTALL) -d -m 755 $(BINDIR) +- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) + + clean: + rm -f *.o *.so +--- ppp-2.4.3/pppd/plugins/dhcp/Makefile.linux.nostrip 2005-08-28 12:38:09.000000000 +0200 ++++ ppp-2.4.3/pppd/plugins/dhcp/Makefile.linux 2005-08-28 12:38:09.000000000 +0200 +@@ -11,7 +11,7 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 755 dhcpc.so $(LIBDIR) ++ $(INSTALL) -c -m 755 dhcpc.so $(LIBDIR) + + $(PLUGIN): $(LTLIB) + gcc -o $@ $(OBJS:%.lo=.libs/%.o) $(LIBS) +--- ppp-2.4.3/pppd/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/pppd/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -64,7 +64,7 @@ + + HAS_SHADOW=y + USE_PAM=y +-#HAVE_INET6=y ++HAVE_INET6=y + + # Enable plugins + PLUGIN=y +@@ -105,7 +105,7 @@ + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include + LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto + TARGETS += srp-entry +-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry ++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry + MANPAGES += srp-entry.8 + EXTRACLEAN += srp-entry.o + NEEDDES=y +@@ -208,7 +208,7 @@ + install: pppd + mkdir -p $(BINDIR) $(MANDIR) + $(EXTRAINSTALL) +- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd ++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd + if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ + chmod o-rx,u+s $(BINDIR)/pppd; fi + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) +--- ppp-2.4.3/pppdump/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/pppdump/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -17,5 +17,5 @@ + + install: + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c pppdump $(BINDIR) ++ $(INSTALL) -c pppdump $(BINDIR) + $(INSTALL) -c pppdump.8 $(MANDIR) +--- ppp-2.4.3/pppstats/Makefile.linux.nostrip 2005-08-28 12:29:54.000000000 +0200 ++++ ppp-2.4.3/pppstats/Makefile.linux 2005-08-28 12:29:54.000000000 +0200 +@@ -22,7 +22,7 @@ + + install: pppstats + -mkdir -p $(MANDIR) +- $(INSTALL) -s -c pppstats $(BINDIR) ++ $(INSTALL) -c pppstats $(BINDIR) + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) + + pppstats: $(PPPSTATSRCS) diff --git a/ppp-2.4.3-pam.conf b/ppp-2.4.3-pam.conf new file mode 100644 index 0000000..cdb33b0 --- /dev/null +++ b/ppp-2.4.3-pam.conf @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth include system-auth +account include system-auth +session include system-auth diff --git a/ppp-2.4.3-pic.patch b/ppp-2.4.3-pic.patch new file mode 100644 index 0000000..7990999 --- /dev/null +++ b/ppp-2.4.3-pic.patch @@ -0,0 +1,37 @@ +--- ppp-2.4.3/pppd/plugins/dhcp/Makefile.linux.pic 2002-09-30 12:21:58.000000000 +0200 ++++ ppp-2.4.3/pppd/plugins/dhcp/Makefile.linux 2005-04-22 18:16:36.631205640 +0200 +@@ -2,20 +2,30 @@ + PLUGIN=dhcpc.so + CFLAGS=-I../.. -I../../../include -O2 + ++SRCS = dhcpc.c clientpacket.c packet.c socket.c options.c ++OBJS = $(SRCS:%.c=%.lo) ++LIBS = -shared -Wl,-soname,dhcpc.so ++LTLIB = libdhcpc.la ++ + all: $(PLUGIN) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) + $(INSTALL) -s -c -m 755 dhcpc.so $(LIBDIR) + +-dhcpc.so: dhcpc.o clientpacket.o packet.o socket.o options.o +- gcc -o dhcpc.so -shared dhcpc.o clientpacket.o packet.o socket.o options.o ++$(PLUGIN): $(LTLIB) ++ gcc -o $@ $(OBJS:%.lo=.libs/%.o) $(LIBS) ++ ++$(LTLIB): $(OBJS) ++ libtool --mode=link gcc $(CFLAGS) -o $@ $(OBJS) $(LIBS) + ++%.lo: %.c ++ libtool --mode=compile gcc $(CFLAGS) -c $< + + clean: +- rm -f *.o *.so ++ rm -f *.o *.lo *.so + + distclean: +- rm -f *.o *.so ++ rm -f *.o *.lo *.so + + dist-clean: distclean diff --git a/ppp-2.4.3-pppdump-Makefile.patch b/ppp-2.4.3-pppdump-Makefile.patch new file mode 100644 index 0000000..6bdebc4 --- /dev/null +++ b/ppp-2.4.3-pppdump-Makefile.patch @@ -0,0 +1,8 @@ +--- ppp-2.4.3/pppdump/Makefile.linux.pppdump-Makefile 2005-04-22 17:16:57.197750609 +0200 ++++ ppp-2.4.3/pppdump/Makefile.linux 2005-04-22 17:18:46.636667134 +0200 +@@ -18,4 +18,4 @@ + install: + mkdir -p $(BINDIR) $(MANDIR) + $(INSTALL) -s -c pppdump $(BINDIR) +- $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) ++ $(INSTALL) -c pppdump.8 $(MANDIR) diff --git a/ppp-2.4.4-dontwriteetc.patch b/ppp-2.4.4-dontwriteetc.patch new file mode 100644 index 0000000..8651e32 --- /dev/null +++ b/ppp-2.4.4-dontwriteetc.patch @@ -0,0 +1,56 @@ +--- ppp-2.4.4/chat/chat.8.dontwriteetc 2004-11-13 07:22:49.000000000 -0500 ++++ ppp-2.4.4/chat/chat.8 2006-11-17 12:09:28.000000000 -0500 +@@ -200,7 +200,7 @@ + at the terminal via standard error. If \fBchat\fR is being run by + pppd, and pppd is running as a daemon (detached from its controlling + terminal), standard error will normally be redirected to the file +-/etc/ppp/connect\-errors. ++/var/log/ppp/connect\-errors. + .LP + \fBSAY\fR strings must be enclosed in single or double quotes. If + carriage return and line feed are needed in the string to be output, +--- ppp-2.4.4/linux/Makefile.top.dontwriteetc 2006-06-04 01:04:14.000000000 -0400 ++++ ppp-2.4.4/linux/Makefile.top 2006-11-17 12:10:06.000000000 -0500 +@@ -5,6 +5,8 @@ + INCDIR = $(DESTDIR)/include + MANDIR = $(DESTDIR)/share/man + ETCDIR = $(INSTROOT)@SYSCONF@/ppp ++RUNDIR = $(INSTROOT)/var/run/ppp ++LOGDIR = $(INSTROOT)/var/log/ppp + + # uid 0 = root + INSTALL= install +@@ -16,7 +18,7 @@ + cd pppstats; $(MAKE) $(MFLAGS) all + cd pppdump; $(MAKE) $(MFLAGS) all + +-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel ++install: $(BINDIR) $(RUNDIR) $(LOGDIR) $(MANDIR)/man8 install-progs install-devel + + install-progs: + cd chat; $(MAKE) $(MFLAGS) install +@@ -44,6 +46,10 @@ + $(INSTALL) -d -m 755 $@ + $(ETCDIR): + $(INSTALL) -d -m 755 $@ ++$(RUNDIR): ++ $(INSTALL) -d -m 755 $@ ++$(LOGDIR): ++ $(INSTALL) -d -m 755 $@ + + clean: + rm -f `find . -name '*.[oas]' -print` +--- ppp-2.4.4/pppd/pathnames.h.dontwriteetc 2005-08-25 19:59:34.000000000 -0400 ++++ ppp-2.4.4/pppd/pathnames.h 2006-11-17 11:42:16.000000000 -0500 +@@ -28,9 +28,9 @@ + #define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" + #define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" + #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." +-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" ++#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp/connect-errors" + #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" +-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" ++#define _PATH_RESOLV _ROOT_PATH "/var/run/ppp/resolv.conf" + + #define _PATH_USEROPT ".ppprc" + #define _PATH_PSEUDONYM ".ppp_pseudonym" diff --git a/ppp-2.4.4-mppe-mppc-1.1.patch b/ppp-2.4.4-mppe-mppc-1.1.patch new file mode 100644 index 0000000..594a4bc --- /dev/null +++ b/ppp-2.4.4-mppe-mppc-1.1.patch @@ -0,0 +1,1490 @@ +diff -p -up ppp-2.4.5/include/linux/ppp-comp.h.mpe-mppc ppp-2.4.5/include/linux/ppp-comp.h +--- ppp-2.4.5/include/linux/ppp-comp.h.mpe-mppc 2009-11-16 20:26:07.000000000 -0200 ++++ ppp-2.4.5/include/linux/ppp-comp.h 2010-06-11 09:27:20.000000000 -0300 +@@ -36,7 +36,7 @@ + */ + + /* +- * ==FILEVERSION 20020319== ++ * ==FILEVERSION 20020715== + * + * NOTE TO MAINTAINERS: + * If you modify this file at all, please set the above date. +@@ -201,6 +201,33 @@ struct compressor { + #define CI_MPPE 18 /* config option for MPPE */ + #define CILEN_MPPE 6 /* length of config option */ + ++/* MPPE/MPPC definitions by J.D.*/ ++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */ ++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */ ++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */ ++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */ ++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */ ++ ++/* ++ * Definitions for Stac LZS. ++ */ ++ ++#define CI_LZS 17 /* config option for Stac LZS */ ++#define CILEN_LZS 5 /* length of config option */ ++ ++#define LZS_OVHD 4 /* max. LZS overhead */ ++#define LZS_HIST_LEN 2048 /* LZS history size */ ++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ ++ ++#define LZS_MODE_NONE 0 ++#define LZS_MODE_LCB 1 ++#define LZS_MODE_CRC 2 ++#define LZS_MODE_SEQ 3 ++#define LZS_MODE_EXT 4 ++ ++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */ ++#define LZS_EXT_BIT_COMP 0x20 /* bit C */ ++ + /* + * Definitions for other, as yet unsupported, compression methods. + */ +diff -p -up ppp-2.4.5/include/net/ppp-comp.h.mpe-mppc ppp-2.4.5/include/net/ppp-comp.h +--- ppp-2.4.5/include/net/ppp-comp.h.mpe-mppc 2009-11-16 20:26:07.000000000 -0200 ++++ ppp-2.4.5/include/net/ppp-comp.h 2010-06-11 09:27:20.000000000 -0300 +@@ -168,6 +168,33 @@ struct compressor { + #define CI_MPPE 18 /* config option for MPPE */ + #define CILEN_MPPE 6 /* length of config option */ + ++/* MPPE/MPPC definitions by J.D.*/ ++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */ ++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */ ++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */ ++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */ ++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */ ++ ++/* ++ * Definitions for Stac LZS. ++ */ ++ ++#define CI_LZS 17 /* config option for Stac LZS */ ++#define CILEN_LZS 5 /* length of config option */ ++ ++#define LZS_OVHD 4 /* max. LZS overhead */ ++#define LZS_HIST_LEN 2048 /* LZS history size */ ++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ ++ ++#define LZS_MODE_NONE 0 ++#define LZS_MODE_LCB 1 ++#define LZS_MODE_CRC 2 ++#define LZS_MODE_SEQ 3 ++#define LZS_MODE_EXT 4 ++ ++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */ ++#define LZS_EXT_BIT_COMP 0x20 /* bit C */ ++ + /* + * Definitions for other, as yet unsupported, compression methods. + */ +diff -p -up ppp-2.4.5/pppd/ccp.c.mpe-mppc ppp-2.4.5/pppd/ccp.c +--- ppp-2.4.5/pppd/ccp.c.mpe-mppc 2009-11-16 20:26:07.000000000 -0200 ++++ ppp-2.4.5/pppd/ccp.c 2010-06-11 09:27:20.000000000 -0300 +@@ -66,8 +66,9 @@ static char deflate_value[8]; + * Option variables. + */ + #ifdef MPPE +-bool refuse_mppe_stateful = 1; /* Allow stateful mode? */ +-#endif ++static int setmppe(char **); ++static int setnomppe(void); ++#endif /* MPPE */ + + static option_t ccp_option_list[] = { + { "noccp", o_bool, &ccp_protent.enabled_flag, +@@ -107,55 +108,36 @@ static option_t ccp_option_list[] = { + { "-predictor1", o_bool, &ccp_wantoptions[0].predictor_1, + "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, + &ccp_allowoptions[0].predictor_1 }, ++ { "lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_PRIO }, ++ { "+lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_ALIAS | OPT_PRIO }, ++ { "nolzs", o_bool, &ccp_wantoptions[0].lzs, ++ "don't allow Stac LZS", OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].lzs }, ++ { "-lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "don't allow Stac LZS", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].lzs }, + + #ifdef MPPE +- /* MPPE options are symmetrical ... we only set wantoptions here */ +- { "require-mppe", o_bool, &ccp_wantoptions[0].mppe, +- "require MPPE encryption", +- OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, +- { "+mppe", o_bool, &ccp_wantoptions[0].mppe, +- "require MPPE encryption", +- OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, +- { "nomppe", o_bool, &ccp_wantoptions[0].mppe, +- "don't allow MPPE encryption", OPT_PRIO }, +- { "-mppe", o_bool, &ccp_wantoptions[0].mppe, +- "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO }, +- +- /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */ +- { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 40-bit encryption", +- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe }, +- { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 40-bit encryption", +- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- +- { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 128-bit encryption", +- OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 128-bit encryption", +- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe }, +- { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 128-bit encryption", +- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- +- /* strange one; we always request stateless, but will we allow stateful? */ +- { "mppe-stateful", o_bool, &refuse_mppe_stateful, +- "allow MPPE stateful mode", OPT_PRIO }, +- { "nomppe-stateful", o_bool, &refuse_mppe_stateful, +- "disallow MPPE stateful mode", OPT_PRIO | 1 }, ++ { "mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc }, ++ { "+mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc, OPT_ALIAS }, ++ { "nomppc", o_bool, &ccp_wantoptions[0].mppc, ++ "don't allow MPPC compression", OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].mppc }, ++ { "-mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "don't allow MPPC compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].mppc }, ++ { "mppe", o_special, (void *)setmppe, ++ "request MPPE encryption" }, ++ { "+mppe", o_special, (void *)setmppe, ++ "request MPPE encryption" }, ++ { "nomppe", o_special_noarg, (void *)setnomppe, ++ "don't allow MPPE encryption" }, ++ { "-mppe", o_special_noarg, (void *)setnomppe, ++ "don't allow MPPE encryption" }, + #endif /* MPPE */ + + { NULL } +@@ -241,8 +223,7 @@ static fsm_callbacks ccp_callbacks = { + */ + #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \ + || (opt).predictor_1 || (opt).predictor_2 \ +- || (opt).mppe) +- ++ || (opt).lzs || (opt).mppc || (opt).mppe) + /* + * Local state (mainly for handling reset-reqs and reset-acks). + */ +@@ -344,6 +325,100 @@ setdeflate(argv) + return 1; + } + ++#ifdef MPPE ++/* ++ * Functions called from config options ++ */ ++/* ++ MPPE suboptions: ++ required - require MPPE; disconnect if peer doesn't support it ++ stateless - use stateless mode ++ no40 - disable 40 bit keys ++ no56 - disable 56 bit keys ++ no128 - disable 128 bit keys ++*/ ++int setmppe(char **argv) ++{ ++ int i; ++ char *str, cmdbuf[16]; ++ ++ ccp_allowoptions[0].mppe = 1; ++ ccp_allowoptions[0].mppe_40 = 1; ++ ccp_allowoptions[0].mppe_56 = 1; ++ ccp_allowoptions[0].mppe_128 = 1; ++ ccp_allowoptions[0].mppe_stateless = 0; ++ ccp_wantoptions[0].mppe = 0; ++ ++ str = *argv; ++ ++ while (1) { ++ i = 0; ++ memset(cmdbuf, '\0', 16); ++ while ((i < 16) && (*str != ',') && (*str != '\0')) ++ cmdbuf[i++] = *str++; ++ cmdbuf[i] = '\0'; ++ if (!strncasecmp(cmdbuf, "no40", strlen("no40"))) { ++ ccp_allowoptions[0].mppe_40 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "no56", strlen("no56"))) { ++ ccp_allowoptions[0].mppe_56 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "no128", strlen("no128"))) { ++ ccp_allowoptions[0].mppe_128 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "stateless", strlen("stateless"))) { ++ ccp_allowoptions[0].mppe_stateless = 1; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "required", strlen("required"))) { ++ ccp_wantoptions[0].mppe = 1; ++ goto next_param; ++ } else { ++ option_error("invalid parameter '%s' for mppe option", cmdbuf); ++ return 0; ++ } ++ ++ next_param: ++ if (*str == ',') { ++ str++; ++ continue; ++ } ++ if (*str == '\0') { ++ if (!(ccp_allowoptions[0].mppe_40 || ccp_allowoptions[0].mppe_56 || ++ ccp_allowoptions[0].mppe_128)) { ++ if (ccp_wantoptions[0].mppe == 1) { ++ option_error("You require MPPE but you have switched off " ++ "all encryption key lengths."); ++ return 0; ++ } ++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_stateless = ++ ccp_allowoptions[0].mppe_stateless = 0; ++ } else { ++ ccp_allowoptions[0].mppe = 1; ++ ccp_wantoptions[0].mppe_stateless = ++ ccp_allowoptions[0].mppe_stateless; ++ if (ccp_wantoptions[0].mppe == 1) { ++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40; ++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56; ++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128; ++ } ++ } ++ return 1; ++ } ++ } ++} ++ ++int setnomppe(void) ++{ ++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40 = 0; ++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56 = 0; ++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128 = 0; ++ ccp_wantoptions[0].mppe_stateless = ccp_allowoptions[0].mppe_stateless = 0; ++ return 1; ++} ++#endif /* MPPE */ ++ + /* + * ccp_init - initialize CCP. + */ +@@ -378,6 +453,30 @@ ccp_init(unit) + ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; + + ccp_allowoptions[0].predictor_1 = 1; ++ ++ ccp_wantoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */ ++ ccp_wantoptions[0].lzs_mode = LZS_MODE_SEQ; ++ ccp_wantoptions[0].lzs_hists = 1; ++ ccp_allowoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */ ++ ccp_allowoptions[0].lzs_mode = LZS_MODE_SEQ; ++ ccp_allowoptions[0].lzs_hists = 1; ++ ++#ifdef MPPE ++ /* by default allow and request MPPC... */ ++ ccp_wantoptions[0].mppc = ccp_allowoptions[0].mppc = 1; ++ ++ /* ... and allow but don't request MPPE */ ++ ccp_allowoptions[0].mppe = 1; ++ ccp_allowoptions[0].mppe_40 = 1; ++ ccp_allowoptions[0].mppe_56 = 1; ++ ccp_allowoptions[0].mppe_128 = 1; ++ ccp_allowoptions[0].mppe_stateless = 1; ++ ccp_wantoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_40 = 0; ++ ccp_wantoptions[0].mppe_56 = 0; ++ ccp_wantoptions[0].mppe_128 = 0; ++ ccp_wantoptions[0].mppe_stateless = 0; ++#endif /* MPPE */ + } + + /* +@@ -455,11 +554,11 @@ ccp_input(unit, p, len) + if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { + notice("Compression disabled by peer."); + #ifdef MPPE +- if (ccp_gotoptions[unit].mppe) { ++ if (ccp_wantoptions[unit].mppe) { + error("MPPE disabled, closing LCP"); + lcp_close(unit, "MPPE disabled by peer"); + } +-#endif ++#endif /* MPPE */ + } + + /* +@@ -487,6 +586,13 @@ ccp_extcode(f, code, id, p, len) + break; + /* send a reset-ack, which the transmitter will see and + reset its compression state. */ ++ /* In case of MPPE/MPPC or LZS we shouldn't send CCP_RESETACK, ++ but we do it in order to reset compressor; CCP_RESETACK is ++ then silently discarded. See functions ppp_send_frame and ++ ppp_ccp_peek in ppp_generic.c (Linux only !!!). All the ++ confusion is caused by the fact that CCP code is splited ++ into two parts - one part is handled by pppd, the other one ++ is handled by kernel. */ + fsm_sdata(f, CCP_RESETACK, id, NULL, 0); + break; + +@@ -515,11 +621,11 @@ ccp_protrej(unit) + fsm_lowerdown(&ccp_fsm[unit]); + + #ifdef MPPE +- if (ccp_gotoptions[unit].mppe) { ++ if (ccp_wantoptions[unit].mppe) { + error("MPPE required but peer negotiation failed"); + lcp_close(unit, "MPPE required but peer negotiation failed"); + } +-#endif ++#endif /* MPPE */ + + } + +@@ -537,7 +643,7 @@ ccp_resetci(f) + all_rejected[f->unit] = 0; + + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc) { + ccp_options *ao = &ccp_allowoptions[f->unit]; + int auth_mschap_bits = auth_done[f->unit]; + int numbits; +@@ -552,6 +658,7 @@ ccp_resetci(f) + * So, we return right away if we can't do it. + */ + ++ if (ccp_wantoptions[f->unit].mppe) { + /* Leave only the mschap auth bits set */ + auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | + CHAP_MS2_WITHPEER | CHAP_MS2_PEER); +@@ -579,52 +686,85 @@ ccp_resetci(f) + "Possible plugin problem?"); + lcp_close(f->unit, "MPPE required but not available"); + return; +- } + +- /* LM auth not supported for MPPE */ +- if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { +- /* This might be noise */ +- if (go->mppe & MPPE_OPT_40) { +- notice("Disabling 40-bit MPPE; MS-CHAP LM not supported"); +- go->mppe &= ~MPPE_OPT_40; +- ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40; + } + } + +- /* Last check: can we actually negotiate something? */ +- if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) { +- /* Could be misconfig, could be 40-bit disabled above. */ +- error("MPPE required, but both 40-bit and 128-bit disabled."); ++ /* ++ * Check whether the kernel knows about the various ++ * compression methods we might request. Key material ++ * unimportant here. ++ */ ++ if (go->mppc) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = 0; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_MPPC; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 0) <= 0) ++ go->mppc = 0; ++ } ++ if (go->mppe_40) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_40BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_40 = 0; ++ } ++ if (go->mppe_56) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_56BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_56 = 0; ++ } ++ if (go->mppe_128) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_128BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_128 = 0; ++ } ++ if (!go->mppe_40 && !go->mppe_56 && !go->mppe_128) { ++ if (ccp_wantoptions[f->unit].mppe) { ++ error("MPPE required, but kernel has no support."); + lcp_close(f->unit, "MPPE required but not available"); +- return; + } +- +- /* sync options */ +- ao->mppe = go->mppe; ++ go->mppe = go->mppe_stateless = 0; ++ } else { + /* MPPE is not compatible with other compression types */ ++ if (ccp_wantoptions[f->unit].mppe) { + ao->bsd_compress = go->bsd_compress = 0; + ao->predictor_1 = go->predictor_1 = 0; + ao->predictor_2 = go->predictor_2 = 0; + ao->deflate = go->deflate = 0; ++ ao->lzs = go->lzs = 0; ++ } + } +-#endif /* MPPE */ + +- /* +- * Check whether the kernel knows about the various +- * compression methods we might request. +- */ +-#ifdef MPPE +- if (go->mppe) { +- opt_buf[0] = CI_MPPE; +- opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); +- /* Key material unimportant here. */ +- if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) { +- error("MPPE required, but kernel has no support."); +- lcp_close(f->unit, "MPPE required but not available"); + } ++#endif /* MPPE */ ++ ++ if (go->lzs) { ++ opt_buf[0] = CI_LZS; ++ opt_buf[1] = CILEN_LZS; ++ opt_buf[2] = go->lzs_hists >> 8; ++ opt_buf[3] = go->lzs_hists & 0xff; ++ opt_buf[4] = LZS_MODE_SEQ; ++ if (ccp_test(f->unit, opt_buf, CILEN_LZS, 0) <= 0) ++ go->lzs = 0; + } +-#endif ++ + if (go->bsd_compress) { + opt_buf[0] = CI_BSD_COMPRESS; + opt_buf[1] = CILEN_BSD_COMPRESS; +@@ -679,7 +819,8 @@ ccp_cilen(f) + + (go->deflate? CILEN_DEFLATE: 0) + + (go->predictor_1? CILEN_PREDICTOR_1: 0) + + (go->predictor_2? CILEN_PREDICTOR_2: 0) +- + (go->mppe? CILEN_MPPE: 0); ++ + (go->lzs? CILEN_LZS: 0) ++ + ((go->mppe || go->mppc)? CILEN_MPPE: 0); + } + + /* +@@ -693,6 +834,8 @@ ccp_addci(f, p, lenp) + { + int res; + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + u_char *p0 = p; + + /* +@@ -701,22 +844,43 @@ ccp_addci(f, p, lenp) + * in case it gets Acked. + */ + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) { + u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; + +- p[0] = opt_buf[0] = CI_MPPE; +- p[1] = opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &p[2]); +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); ++ p[0] = CI_MPPE; ++ p[1] = CILEN_MPPE; ++ p[2] = (go->mppe_stateless ? MPPE_STATELESS : 0); ++ p[3] = 0; ++ p[4] = 0; ++ p[5] = (go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppe_128 ? MPPE_128BIT : 0) | (go->mppc ? MPPE_MPPC : 0); ++ ++ BCOPY(p, opt_buf, CILEN_MPPE); + BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); + res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); +- if (res > 0) ++ if (res > 0) { + p += CILEN_MPPE; +- else ++ } else { + /* This shouldn't happen, we've already tested it! */ ++ go->mppe = go->mppe_40 = go->mppe_56 = go->mppe_128 = ++ go->mppe_stateless = go->mppc = 0; ++ if (ccp_wantoptions[f->unit].mppe) + lcp_close(f->unit, "MPPE required but not available in kernel"); + } +-#endif ++ } ++#endif /* MPPE */ ++ if (go->lzs) { ++ p[0] = CI_LZS; ++ p[1] = CILEN_LZS; ++ p[2] = go->lzs_hists >> 8; ++ p[3] = go->lzs_hists & 0xff; ++ p[4] = LZS_MODE_SEQ; ++ res = ccp_test(f->unit, p, CILEN_LZS, 0); ++ if (res > 0) { ++ p += CILEN_LZS; ++ } else ++ go->lzs = 0; ++ } + if (go->deflate) { + p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; + p[1] = CILEN_DEFLATE; +@@ -802,7 +966,7 @@ ccp_addci(f, p, lenp) + + /* + * ccp_ackci - process a received configure-ack, and return +- * 1 iff the packet was OK. ++ * 1 if the packet was OK. + */ + static int + ccp_ackci(f, p, len) +@@ -811,24 +975,42 @@ ccp_ackci(f, p, len) + int len; + { + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + u_char *p0 = p; + + #ifdef MPPE +- if (go->mppe) { +- u_char opt_buf[CILEN_MPPE]; +- +- opt_buf[0] = CI_MPPE; +- opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); +- if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE)) ++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) { ++ if (len < CILEN_MPPE ++ || p[1] != CILEN_MPPE || p[0] != CI_MPPE ++ || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) ++ || p[3] != 0 ++ || p[4] != 0 ++ || (p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)) ++ && p[5] != ((go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)) ++ && p[5] != ((go->mppe_128 ? MPPE_128BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)))) + return 0; + p += CILEN_MPPE; + len -= CILEN_MPPE; ++ /* Cope with first/fast ack */ ++ if (p == p0 && len == 0) ++ return 1; ++ } ++#endif /* MPPE */ ++ if (go->lzs) { ++ if (len < CILEN_LZS || p[0] != CI_LZS || p[1] != CILEN_LZS ++ || p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff) ++ || p[4] != LZS_MODE_SEQ) ++ return 0; ++ p += CILEN_LZS; ++ len -= CILEN_LZS; + /* XXX Cope with first/fast ack */ +- if (len == 0) ++ if (p == p0 && len == 0) + return 1; + } +-#endif + if (go->deflate) { + if (len < CILEN_DEFLATE + || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) +@@ -891,7 +1073,7 @@ ccp_ackci(f, p, len) + + /* + * ccp_nakci - process received configure-nak. +- * Returns 1 iff the nak was OK. ++ * Returns 1 if the nak was OK. + */ + static int + ccp_nakci(f, p, len, treat_as_reject) +@@ -901,6 +1083,8 @@ ccp_nakci(f, p, len, treat_as_reject) + int treat_as_reject; + { + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + ccp_options no; /* options we've seen already */ + ccp_options try; /* options to ask for next time */ + +@@ -908,28 +1092,101 @@ ccp_nakci(f, p, len, treat_as_reject) + try = *go; + + #ifdef MPPE +- if (go->mppe && len >= CILEN_MPPE +- && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { +- no.mppe = 1; +- /* +- * Peer wants us to use a different strength or other setting. +- * Fail if we aren't willing to use his suggestion. +- */ +- MPPE_CI_TO_OPTS(&p[2], try.mppe); +- if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) { +- error("Refusing MPPE stateful mode offered by peer"); +- try.mppe = 0; +- } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) { +- /* Peer must have set options we didn't request (suggest) */ +- try.mppe = 0; ++ if ((go->mppe || go->mppc || (!wo->mppe && ao->mppe)) && ++ len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { ++ ++ if (go->mppc) { ++ no.mppc = 1; ++ if (!(p[5] & MPPE_MPPC)) ++ try.mppc = 0; + } + +- if (!try.mppe) { +- error("MPPE required but peer negotiation failed"); +- lcp_close(f->unit, "MPPE required but peer negotiation failed"); ++ if (go->mppe) ++ no.mppe = 1; ++ if (go->mppe_40) ++ no.mppe_40 = 1; ++ if (go->mppe_56) ++ no.mppe_56 = 1; ++ if (go->mppe_128) ++ no.mppe_128 = 1; ++ if (go->mppe_stateless) ++ no.mppe_stateless = 1; ++ ++ if (ao->mppe_40) { ++ if ((p[5] & MPPE_40BIT)) ++ try.mppe_40 = 1; ++ else ++ try.mppe_40 = (p[5] == 0) ? 1 : 0; ++ } ++ if (ao->mppe_56) { ++ if ((p[5] & MPPE_56BIT)) ++ try.mppe_56 = 1; ++ else ++ try.mppe_56 = (p[5] == 0) ? 1 : 0; ++ } ++ if (ao->mppe_128) { ++ if ((p[5] & MPPE_128BIT)) ++ try.mppe_128 = 1; ++ else ++ try.mppe_128 = (p[5] == 0) ? 1 : 0; ++ } ++ ++ if (ao->mppe_stateless) { ++ if ((p[2] & MPPE_STATELESS) || wo->mppe_stateless) ++ try.mppe_stateless = 1; ++ else ++ try.mppe_stateless = 0; ++ } ++ ++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) { ++ try.mppe = try.mppe_stateless = 0; ++ if (wo->mppe) { ++ /* we require encryption, but peer doesn't support it ++ so we close connection */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE " ++ "key length"); ++ } ++ } ++ if (wo->mppe && (wo->mppe_40 != try.mppe_40) && ++ (wo->mppe_56 != try.mppe_56) && (wo->mppe_128 != try.mppe_128)) { ++ /* cannot negotiate key length */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "Cannot negotiate MPPE key length"); + } ++ if (try.mppe_40 && try.mppe_56 && try.mppe_128) ++ try.mppe_40 = try.mppe_56 = 0; ++ else ++ if (try.mppe_56 && try.mppe_128) ++ try.mppe_56 = 0; ++ else ++ if (try.mppe_40 && try.mppe_128) ++ try.mppe_40 = 0; ++ else ++ if (try.mppe_40 && try.mppe_56) ++ try.mppe_40 = 0; ++ ++ p += CILEN_MPPE; ++ len -= CILEN_MPPE; ++ + } + #endif /* MPPE */ ++ ++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) { ++ no.lzs = 1; ++ if (((p[2]<<8)|p[3]) > 1 || (p[4] != LZS_MODE_SEQ && ++ p[4] != LZS_MODE_EXT)) ++ try.lzs = 0; ++ else { ++ try.lzs_mode = p[4]; ++ try.lzs_hists = (p[2] << 8) | p[3]; ++ } ++ p += CILEN_LZS; ++ len -= CILEN_LZS; ++ } ++ + if (go->deflate && len >= CILEN_DEFLATE + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { +@@ -1002,14 +1259,51 @@ ccp_rejci(f, p, len) + return -1; + + #ifdef MPPE +- if (go->mppe && len >= CILEN_MPPE ++if ((go->mppe || go->mppc) && len >= CILEN_MPPE + && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { +- error("MPPE required but peer refused"); +- lcp_close(f->unit, "MPPE required but peer refused"); ++ ccp_options *wo = &ccp_wantoptions[f->unit]; ++ if (p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) || ++ p[3] != 0 || ++ p[4] != 0 || ++ p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) | ++ (go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppe_128 ? MPPE_128BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0))) ++ return 0; ++ if (go->mppc) ++ try.mppc = 0; ++ if (go->mppe) { ++ try.mppe = 0; ++ if (go->mppe_40) ++ try.mppe_40 = 0; ++ if (go->mppe_56) ++ try.mppe_56 = 0; ++ if (go->mppe_128) ++ try.mppe_128 = 0; ++ if (go->mppe_stateless) ++ try.mppe_stateless = 0; ++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) ++ try.mppe = try.mppe_stateless = 0; ++ if (wo->mppe) { /* we want MPPE but cannot negotiate key length */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE " ++ "key length"); ++ } ++ } + p += CILEN_MPPE; + len -= CILEN_MPPE; + } +-#endif ++#endif /* MPPE */ ++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) { ++ if (p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff) ++ || p[4] != go->lzs_mode) ++ return 0; ++ try.lzs = 0; ++ p += CILEN_LZS; ++ len -= CILEN_LZS; ++ } ++ + if (go->deflate_correct && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) +@@ -1073,14 +1367,15 @@ ccp_reqci(f, p, lenp, dont_nak) + int dont_nak; + { + int ret, newret, res; +- u_char *p0, *retp; ++ u_char *p0, *retp, p2, p5; + int len, clen, type, nb; + ccp_options *ho = &ccp_hisoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + #ifdef MPPE +- bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ +- /* CI_MPPE, or due to other options? */ +-#endif ++ u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; ++ /* int mtu; */ ++#endif /* MPPE */ + + ret = CONFACK; + retp = p0 = p; +@@ -1103,106 +1398,305 @@ ccp_reqci(f, p, lenp, dont_nak) + switch (type) { + #ifdef MPPE + case CI_MPPE: +- if (!ao->mppe || clen != CILEN_MPPE) { ++ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) { + newret = CONFREJ; + break; + } +- MPPE_CI_TO_OPTS(&p[2], ho->mppe); +- +- /* Nak if anything unsupported or unknown are set. */ +- if (ho->mppe & MPPE_OPT_UNSUPPORTED) { ++ p2 = p[2]; ++ p5 = p[5]; ++ /* not sure what they want, tell 'em what we got */ ++ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 || ++ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT | ++ MPPE_MPPC)) != 0 || p[5] == 0) || ++ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { + newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; ++ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ p[3] = 0; ++ p[4] = 0; ++ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) | ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ break; + } +- if (ho->mppe & MPPE_OPT_UNKNOWN) { ++ if ((p[5] & MPPE_MPPC)) { ++ if (ao->mppc) { ++ ho->mppc = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0; ++ opt_buf[5] = MPPE_MPPC; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) { ++ ho->mppc = 0; ++ p[5] &= ~MPPE_MPPC; + newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNKNOWN; + } +- +- /* Check state opt */ +- if (ho->mppe & MPPE_OPT_STATEFUL) { +- /* +- * We can Nak and request stateless, but it's a +- * lot easier to just assume the peer will request +- * it if he can do it; stateful mode is bad over +- * the Internet -- which is where we expect MPPE. +- */ +- if (refuse_mppe_stateful) { +- error("Refusing MPPE stateful mode offered by peer"); ++ } else { + newret = CONFREJ; +- break; ++ if (wo->mppe || ao->mppe) { ++ p[5] &= ~MPPE_MPPC; ++ newret = CONFNAK; + } + } ++ } + +- /* Find out which of {S,L} are set. */ +- if ((ho->mppe & MPPE_OPT_128) +- && (ho->mppe & MPPE_OPT_40)) { +- /* Both are set, negotiate the strongest. */ +- newret = CONFNAK; +- if (ao->mppe & MPPE_OPT_128) +- ho->mppe &= ~MPPE_OPT_40; +- else if (ao->mppe & MPPE_OPT_40) +- ho->mppe &= ~MPPE_OPT_128; ++ if (ao->mppe) ++ ho->mppe = 1; ++ ++ if ((p[2] & MPPE_STATELESS)) { ++ if (ao->mppe_stateless) { ++ if (wo->mppe_stateless) ++ ho->mppe_stateless = 1; + else { +- newret = CONFREJ; +- break; +- } +- } else if (ho->mppe & MPPE_OPT_128) { +- if (!(ao->mppe & MPPE_OPT_128)) { +- newret = CONFREJ; +- break; ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; + } +- } else if (ho->mppe & MPPE_OPT_40) { +- if (!(ao->mppe & MPPE_OPT_40)) { +- newret = CONFREJ; +- break; ++ } else { ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; + } + } else { +- /* Neither are set. */ +- /* We cannot accept this. */ ++ if (wo->mppe_stateless && !dont_nak) { ++ wo->mppe_stateless = 0; + newret = CONFNAK; +- /* Give the peer our idea of what can be used, +- so it can choose and confirm */ +- ho->mppe = ao->mppe; ++ p[2] |= MPPE_STATELESS; ++ } + } + +- /* rebuild the opts */ +- MPPE_OPTS_TO_CI(ho->mppe, &p[2]); +- if (newret == CONFACK) { +- u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; +- int mtu; +- ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~(MPPE_40BIT|MPPE_56BIT); + BCOPY(p, opt_buf, CILEN_MPPE); + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], + MPPE_MAX_KEY_LEN); +- if (ccp_test(f->unit, opt_buf, +- CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { +- /* This shouldn't happen, we've already tested it! */ +- error("MPPE required, but kernel has no support."); +- lcp_close(f->unit, "MPPE required but not available"); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= (MPPE_40BIT|MPPE_56BIT); ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_56BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_56BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_40BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) { ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] &= ~MPPE_128BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ newret = CONFNAK; ++ goto check_mppe; ++ } ++ check_mppe_56_40: ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ p[5] &= ~MPPE_40BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_56 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ goto check_mppe_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_56BIT; ++ goto check_mppe_40; ++ } ++ check_mppe_56: ++ if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) { ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_56 = 0; ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ goto check_mppe; ++ } ++ check_mppe_40: ++ if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) { ++ if (ao->mppe_40) { ++ ho->mppe_40 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_40 = 0; ++ p[5] &= ~MPPE_40BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_40BIT; ++ } ++ ++ check_mppe: ++ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) { ++ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) { ++ newret = CONFNAK; ++ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) | ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ } else { ++ ho->mppe = ho->mppe_stateless = 0; ++ } ++ } else { ++ /* MPPE is not compatible with other compression types */ ++ if (wo->mppe) { ++ ao->bsd_compress = 0; ++ ao->predictor_1 = 0; ++ ao->predictor_2 = 0; ++ ao->deflate = 0; ++ ao->lzs = 0; ++ } ++ } ++ if ((!ho->mppc || !ao->mppc) && !ho->mppe) { ++ p[2] = p2; ++ p[5] = p5; + newret = CONFREJ; + break; + } ++ ++ /* ++ * I have commented the code below because according to RFC1547 ++ * MTU is only information for higher level protocols about ++ * "the maximum allowable length for a packet (q.v.) transmitted ++ * over a point-to-point link without incurring network layer ++ * fragmentation." Of course a PPP implementation should be able ++ * to handle overhead added by MPPE - in our case apropriate code ++ * is located in drivers/net/ppp_generic.c in the kernel sources. ++ * ++ * According to RFC1661: ++ * - when negotiated MRU is less than 1500 octets, a PPP ++ * implementation must still be able to receive at least 1500 ++ * octets, ++ * - when PFC is negotiated, a PPP implementation is still ++ * required to receive frames with uncompressed protocol field. ++ * ++ * So why not to handle MPPE overhead without changing MTU value? ++ * I am sure that RFC3078, unfortunately silently, assumes that. ++ */ ++ ++ + /* + * We need to decrease the interface MTU by MPPE_PAD + * because MPPE frames **grow**. The kernel [must] + * allocate MPPE_PAD extra bytes in xmit buffers. + */ ++/* + mtu = netif_get_mtu(f->unit); +- if (mtu) ++ if (mtu) { + netif_set_mtu(f->unit, mtu - MPPE_PAD); +- else ++ } else { + newret = CONFREJ; ++ if (ccp_wantoptions[f->unit].mppe) { ++ error("Cannot adjust MTU needed by MPPE."); ++ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE."); ++ } + } ++*/ + +- /* +- * We have accepted MPPE or are willing to negotiate +- * MPPE parameters. A CONFREJ is due to subsequent +- * (non-MPPE) processing. +- */ +- rej_for_ci_mppe = 0; + break; + #endif /* MPPE */ ++ ++ case CI_LZS: ++ if (!ao->lzs || clen != CILEN_LZS) { ++ newret = CONFREJ; ++ break; ++ } ++ ++ ho->lzs = 1; ++ ho->lzs_hists = (p[2] << 8) | p[3]; ++ ho->lzs_mode = p[4]; ++ if ((ho->lzs_hists != ao->lzs_hists) || ++ (ho->lzs_mode != ao->lzs_mode)) { ++ newret = CONFNAK; ++ if (!dont_nak) { ++ p[2] = ao->lzs_hists >> 8; ++ p[3] = ao->lzs_hists & 0xff; ++ p[4] = ao->lzs_mode; ++ } else ++ break; ++ } ++ ++ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) { ++ newret = CONFREJ; ++ } ++ break; ++ + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (!ao->deflate || clen != CILEN_DEFLATE +@@ -1344,12 +1838,6 @@ ccp_reqci(f, p, lenp, dont_nak) + else + *lenp = retp - p0; + } +-#ifdef MPPE +- if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { +- error("MPPE required but peer negotiation failed"); +- lcp_close(f->unit, "MPPE required but peer negotiation failed"); +- } +-#endif + return ret; + } + +@@ -1371,24 +1859,36 @@ method_name(opt, opt2) + char *p = result; + char *q = result + sizeof(result); /* 1 past result */ + ++ if (opt->mppe) { ++ if (opt->mppc) { ++ slprintf(p, q - p, "MPPC/MPPE "); ++ p += 10; ++ } else { + slprintf(p, q - p, "MPPE "); + p += 5; +- if (opt->mppe & MPPE_OPT_128) { ++ } ++ if (opt->mppe_128) { + slprintf(p, q - p, "128-bit "); + p += 8; +- } +- if (opt->mppe & MPPE_OPT_40) { ++ } else if (opt->mppe_56) { ++ slprintf(p, q - p, "56-bit "); ++ p += 7; ++ } else if (opt->mppe_40) { + slprintf(p, q - p, "40-bit "); + p += 7; + } +- if (opt->mppe & MPPE_OPT_STATEFUL) +- slprintf(p, q - p, "stateful"); +- else ++ if (opt->mppe_stateless) + slprintf(p, q - p, "stateless"); +- ++ else ++ slprintf(p, q - p, "stateful"); ++ } else if (opt->mppc) ++ slprintf(p, q - p, "MPPC"); + break; + } +-#endif ++#endif /* MPPE */ ++ case CI_LZS: ++return "Stac LZS"; ++ + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) +@@ -1444,12 +1944,12 @@ ccp_up(f) + } else if (ANY_COMPRESS(*ho)) + notice("%s transmit compression enabled", method_name(ho, NULL)); + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc) { + BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); + BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); + continue_networks(f->unit); /* Bring up IP et al */ + } +-#endif ++#endif /* MPPE */ + } + + /* +@@ -1472,8 +1972,8 @@ ccp_down(f) + lcp_close(f->unit, "MPPE disabled"); + } + } +-#endif +-} ++#endif /* MPPE */ ++ } + + /* + * Print the contents of a CCP packet. +@@ -1532,24 +2032,28 @@ ccp_printpkt(p, plen, printer, arg) + #ifdef MPPE + case CI_MPPE: + if (optlen >= CILEN_MPPE) { +- u_char mppe_opts; +- +- MPPE_CI_TO_OPTS(&p[2], mppe_opts); +- printer(arg, "mppe %s %s %s %s %s %s%s", +- (p[2] & MPPE_H_BIT)? "+H": "-H", +- (p[5] & MPPE_M_BIT)? "+M": "-M", +- (p[5] & MPPE_S_BIT)? "+S": "-S", +- (p[5] & MPPE_L_BIT)? "+L": "-L", ++ printer(arg, "mppe %s %s %s %s %s %s", ++ (p[2] & MPPE_STATELESS)? "+H": "-H", ++ (p[5] & MPPE_56BIT)? "+M": "-M", ++ (p[5] & MPPE_128BIT)? "+S": "-S", ++ (p[5] & MPPE_40BIT)? "+L": "-L", + (p[5] & MPPE_D_BIT)? "+D": "-D", +- (p[5] & MPPE_C_BIT)? "+C": "-C", +- (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": ""); +- if (mppe_opts & MPPE_OPT_UNKNOWN) ++ (p[5] & MPPE_MPPC)? "+C": "-C"); ++ if ((p[5] & ~(MPPE_56BIT | MPPE_128BIT | MPPE_40BIT | ++ MPPE_D_BIT | MPPE_MPPC)) || ++ (p[2] & ~MPPE_STATELESS)) + printer(arg, " (%.2x %.2x %.2x %.2x)", + p[2], p[3], p[4], p[5]); + p += CILEN_MPPE; + } + break; +-#endif ++#endif /* MPPE */ ++ case CI_LZS: ++ if (optlen >= CILEN_LZS) { ++ printer(arg, "lzs %.2x %.2x %.2x", p[2], p[3], p[4]); ++ p += CILEN_LZS; ++ } ++ break; + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (optlen >= CILEN_DEFLATE) { +@@ -1635,6 +2139,7 @@ ccp_datainput(unit, pkt, len) + error("Lost compression sync: disabling compression"); + ccp_close(unit, "Lost compression sync"); + #ifdef MPPE ++ /* My module dosn't need this. J.D., 2003-07-06 */ + /* + * If we were doing MPPE, we must also take the link down. + */ +@@ -1642,9 +2147,18 @@ ccp_datainput(unit, pkt, len) + error("Too many MPPE errors, closing LCP"); + lcp_close(unit, "Too many MPPE errors"); + } +-#endif ++#endif /* MPPE */ + } else { + /* ++ * When LZS or MPPE/MPPC is negotiated we just send CCP_RESETREQ ++ * and don't wait for CCP_RESETACK ++ */ ++ if ((ccp_gotoptions[f->unit].method == CI_LZS) || ++ (ccp_gotoptions[f->unit].method == CI_MPPE)) { ++ fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0); ++ return; ++ } ++ /* + * Send a reset-request to reset the peer's compressor. + * We don't do that if we are still waiting for an + * acknowledgement to a previous reset-request. +diff -p -up ppp-2.4.5/pppd/ccp.h.mpe-mppc ppp-2.4.5/pppd/ccp.h +--- ppp-2.4.5/pppd/ccp.h.mpe-mppc 2009-11-16 20:26:07.000000000 -0200 ++++ ppp-2.4.5/pppd/ccp.h 2010-06-11 09:27:20.000000000 -0300 +@@ -37,9 +37,17 @@ typedef struct ccp_options { + bool predictor_2; /* do Predictor-2? */ + bool deflate_correct; /* use correct code for deflate? */ + bool deflate_draft; /* use draft RFC code for deflate? */ ++ bool lzs; /* do Stac LZS? */ ++ bool mppc; /* do MPPC? */ + bool mppe; /* do MPPE? */ ++ bool mppe_40; /* allow 40 bit encryption? */ ++ bool mppe_56; /* allow 56 bit encryption? */ ++ bool mppe_128; /* allow 128 bit encryption? */ ++ bool mppe_stateless; /* allow stateless encryption */ + u_short bsd_bits; /* # bits/code for BSD Compress */ + u_short deflate_size; /* lg(window size) for Deflate */ ++ u_short lzs_mode; /* LZS check mode */ ++ u_short lzs_hists; /* number of LZS histories */ + short method; /* code for chosen compression method */ + } ccp_options; + +diff -p -up ppp-2.4.5/pppd/chap_ms.c.mpe-mppc ppp-2.4.5/pppd/chap_ms.c +--- ppp-2.4.5/pppd/chap_ms.c.mpe-mppc 2009-11-16 20:26:07.000000000 -0200 ++++ ppp-2.4.5/pppd/chap_ms.c 2010-06-11 09:27:20.000000000 -0300 +@@ -898,13 +898,17 @@ set_mppe_enc_types(int policy, int types + /* + * Disable undesirable encryption types. Note that we don't ENABLE + * any encryption types, to avoid overriding manual configuration. ++ * ++ * It seems that 56 bit keys are unsupported in MS-RADIUS (see RFC 2548) + */ + switch(types) { + case MPPE_ENC_TYPES_RC4_40: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ ++ ccp_wantoptions[0].mppe_128 = 0; /* disable 128-bit */ ++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */ + break; + case MPPE_ENC_TYPES_RC4_128: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ ++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */ ++ ccp_wantoptions[0].mppe_40 = 0; /* disable 40-bit */ + break; + default: + break; +diff -p -up ppp-2.4.5/pppd/pppd.8.mpe-mppc ppp-2.4.5/pppd/pppd.8 +--- ppp-2.4.5/pppd/pppd.8.mpe-mppc 2010-06-11 09:27:06.000000000 -0300 ++++ ppp-2.4.5/pppd/pppd.8 2010-06-11 09:27:20.000000000 -0300 +@@ -658,9 +658,29 @@ control, as for the \fIcrtscts\fR option + Enables the use of PPP multilink; this is an alias for the `multilink' + option. This option is currently only available under Linux. + .TP +-.B mppe\-stateful +-Allow MPPE to use stateful mode. Stateless mode is still attempted first. +-The default is to disallow stateful mode. ++.B mppc ++Enables MPPC (Microsoft Point to Point Compression). This is the default. ++.TP ++.B mppe \fIsubopt1[,subopt2[,subopt3[..]]] ++Modify MPPE (Microsoft Point to Point Encryption) parameters. In order ++for MPPE to successfully come up, you must have authenticated with either ++MS-CHAP or MS-CHAPv2. By default MPPE is optional, it means that pppd will ++not propose MPPE to the peer, but will negotiate MPPE if peer wants that. ++You can change this using \fIrequired\fR suboption. ++This option is presently only supported under Linux, and only if your ++kernel has been configured to include MPPE support. ++.IP ++MPPE suboptions: ++.br ++\fIrequired\fR - require MPPE; disconnect if peer doesn't support it, ++.br ++\fIstateless\fR - try to negotiate stateless mode; default is stateful, ++.br ++\fIno40\fR - disable 40 bit keys, ++.br ++\fIno56\fR - disable 56 bit keys, ++.br ++\fIno128\fR - disable 128 bit keys + .TP + .B mpshortseq + Enables the use of short (12-bit) sequence numbers in multilink +@@ -798,17 +818,11 @@ peer is buggy. + Disables the use of PPP multilink. This option is currently only + available under Linux. + .TP +-.B nomppe +-Disables MPPE (Microsoft Point to Point Encryption). This is the default. +-.TP +-.B nomppe\-40 +-Disable 40-bit encryption with MPPE. +-.TP +-.B nomppe\-128 +-Disable 128-bit encryption with MPPE. ++.B nomppc ++Disables MPPC (Microsoft Point to Point Compression). + .TP +-.B nomppe\-stateful +-Disable MPPE stateful mode. This is the default. ++.B nomppe ++Disables MPPE (Microsoft Point to Point Encryption). + .TP + .B nompshortseq + Disables the use of short (12-bit) sequence numbers in the PPP +@@ -1000,19 +1014,6 @@ peer using PAP. + Require the peer to authenticate itself using CHAP [Challenge + Handshake Authentication Protocol] authentication. + .TP +-.B require\-mppe +-Require the use of MPPE (Microsoft Point to Point Encryption). This +-option disables all other compression types. This option enables +-both 40-bit and 128-bit encryption. In order for MPPE to successfully +-come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2. +-This option is presently only supported under Linux, and only if your +-kernel has been configured to include MPPE support. +-.TP +-.B require\-mppe\-40 +-Require the use of MPPE, with 40-bit encryption. +-.TP +-.B require\-mppe\-128 +-Require the use of MPPE, with 128-bit encryption. + .TP + .B require\-mschap + Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge diff --git a/ppp-2.4.4-multipledefrt.patch b/ppp-2.4.4-multipledefrt.patch new file mode 100644 index 0000000..7d723f2 --- /dev/null +++ b/ppp-2.4.4-multipledefrt.patch @@ -0,0 +1,51 @@ +diff -p -up ppp-2.4.4/pppd/ipcp.c.multipledefrt ppp-2.4.4/pppd/ipcp.c +--- ppp-2.4.4/pppd/ipcp.c.multipledefrt 2005-08-26 01:59:34.000000000 +0200 ++++ ppp-2.4.4/pppd/ipcp.c 2008-06-03 10:39:15.000000000 +0200 +@@ -196,6 +196,8 @@ static option_t ipcp_option_list[] = { + { "-defaultroute", o_bool, &ipcp_allowoptions[0].default_route, + "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, + &ipcp_wantoptions[0].default_route }, ++ { "multipledefaultroutes", o_bool, &ipcp_wantoptions[0].multiple_def_routes, ++ "Add default route even if one already exists", 1 }, + + { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, + "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, +diff -p -up ppp-2.4.4/pppd/ipcp.h.multipledefrt ppp-2.4.4/pppd/ipcp.h +--- ppp-2.4.4/pppd/ipcp.h.multipledefrt 2002-12-05 00:03:32.000000000 +0100 ++++ ppp-2.4.4/pppd/ipcp.h 2008-06-03 10:41:46.000000000 +0200 +@@ -70,6 +70,7 @@ typedef struct ipcp_options { + bool old_addrs; /* Use old (IP-Addresses) option? */ + bool req_addr; /* Ask peer to send IP address? */ + bool default_route; /* Assign default route through interface? */ ++ bool multiple_def_routes; /* Allow multiple default routes? */ + bool proxy_arp; /* Make proxy ARP entry for peer? */ + bool neg_vj; /* Van Jacobson Compression? */ + bool old_vj; /* use old (short) form of VJ option? */ +diff -p -up ppp-2.4.4/pppd/pppd.8.multipledefrt ppp-2.4.4/pppd/pppd.8 +--- ppp-2.4.4/pppd/pppd.8.multipledefrt 2008-06-03 10:35:47.000000000 +0200 ++++ ppp-2.4.4/pppd/pppd.8 2008-06-03 10:39:59.000000000 +0200 +@@ -120,6 +120,12 @@ Add a default route to the system routin + the gateway, when IPCP negotiation is successfully completed. + This entry is removed when the PPP connection is broken. This option + is privileged if the \fInodefaultroute\fR option has been specified. ++.B multipledefaultroutes ++This option is a flag to the defaultroute option. If defaultroute is ++set and this flag is also set, pppd will add the new default route ++even if there is already a default route, allowing multiple default ++routes. ++.TP + .TP + .B disconnect \fIscript + Execute the command specified by \fIscript\fR, by passing it to a +diff -p -up ppp-2.4.4/pppd/sys-linux.c.multipledefrt ppp-2.4.4/pppd/sys-linux.c +--- ppp-2.4.4/pppd/sys-linux.c.multipledefrt 2008-06-03 10:35:47.000000000 +0200 ++++ ppp-2.4.4/pppd/sys-linux.c 2008-06-03 10:40:14.000000000 +0200 +@@ -1588,7 +1588,7 @@ int sifdefaultroute (int unit, u_int32_t + { + struct rtentry rt; + +- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { ++ if (!ipcp_wantoptions[0].multiple_def_routes && defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { + if (rt.rt_flags & RTF_GATEWAY) + error("not replacing existing default route via %I", + SIN_ADDR(rt.rt_gateway)); diff --git a/ppp-2.4.5-includes-sha1.patch b/ppp-2.4.5-includes-sha1.patch new file mode 100644 index 0000000..7dfac19 --- /dev/null +++ b/ppp-2.4.5-includes-sha1.patch @@ -0,0 +1,10 @@ +--- ppp-2.4.5.tpg/pppd/sha1.c 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/sha1.c.tpg 2009-12-31 20:15:51.000000000 +0000 +@@ -18,6 +18,7 @@ + + #include + #include /* htonl() */ ++#include /* u_int32_t */ + #include + #include "sha1.h" + diff --git a/ppp-2.4.5-make.patch b/ppp-2.4.5-make.patch new file mode 100644 index 0000000..65ff631 --- /dev/null +++ b/ppp-2.4.5-make.patch @@ -0,0 +1,116 @@ +diff -Naur ppp-2.4.5/chat/Makefile.linux ppp-2.4.5.tpg/chat/Makefile.linux +--- ppp-2.4.5/chat/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/chat/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -10,7 +10,7 @@ + CDEF4= -DFNDELAY=O_NDELAY # Old name value + CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4) + +-COPTS= -O2 -g -pipe ++COPTS= $(RPM_OPT_FLAGS) + CFLAGS= $(COPTS) $(CDEFS) + + INSTALL= install +diff -Naur ppp-2.4.5/pppd/Makefile.linux ppp-2.4.5.tpg/pppd/Makefile.linux +--- ppp-2.4.5/pppd/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -30,10 +30,10 @@ + include .depend + endif + +-# CC = gcc ++CC = gcc + # +-COPTS = -O2 -pipe -Wall -g +-LIBS = ++COPTS = -Wall $(RPM_OPT_FLAGS) ++LIBS = -lutil + + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. +@@ -61,7 +61,7 @@ + USE_TDB=y + + HAS_SHADOW=y +-#USE_PAM=y ++USE_PAM=y + #HAVE_INET6=y + + # Enable plugins +diff -Naur ppp-2.4.5/pppd/plugins/Makefile.linux ppp-2.4.5.tpg/pppd/plugins/Makefile.linux +--- ppp-2.4.5/pppd/plugins/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/plugins/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I.. -I../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff -Naur ppp-2.4.5/pppd/plugins/pppoatm/Makefile.linux ppp-2.4.5.tpg/pppd/plugins/pppoatm/Makefile.linux +--- ppp-2.4.5/pppd/plugins/pppoatm/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/plugins/pppoatm/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff -Naur ppp-2.4.5/pppd/plugins/pppol2tp/Makefile.linux ppp-2.4.5.tpg/pppd/plugins/pppol2tp/Makefile.linux +--- ppp-2.4.5/pppd/plugins/pppol2tp/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/plugins/pppol2tp/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -1,5 +1,5 @@ + #CC = gcc +-COPTS = -O2 -g ++COPTS = $(RPM_OPT_FLAGS) + CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC + LDFLAGS = -shared + INSTALL = install +diff -Naur ppp-2.4.5/pppd/plugins/radius/Makefile.linux ppp-2.4.5.tpg/pppd/plugins/radius/Makefile.linux +--- ppp-2.4.5/pppd/plugins/radius/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/plugins/radius/Makefile.linux 2009-12-31 21:19:47.000000000 +0000 +@@ -12,7 +12,7 @@ + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +diff -Naur ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5.tpg/pppd/plugins/rp-pppoe/Makefile.linux +--- ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppd/plugins/rp-pppoe/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -25,7 +25,7 @@ + # Version is set ONLY IN THE MAKEFILE! Don't delete this! + RP_VERSION=3.8p + +-COPTS=-O2 -g ++COPTS=$(RPM_OPT_FLAGS) + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' + all: rp-pppoe.so pppoe-discovery + +diff -Naur ppp-2.4.5/pppdump/Makefile.linux ppp-2.4.5.tpg/pppdump/Makefile.linux +--- ppp-2.4.5/pppdump/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppdump/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -2,7 +2,7 @@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++CFLAGS= $(RPM_OPT_FLAGS) -I../include/net + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +diff -Naur ppp-2.4.5/pppstats/Makefile.linux ppp-2.4.5.tpg/pppstats/Makefile.linux +--- ppp-2.4.5/pppstats/Makefile.linux 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5.tpg/pppstats/Makefile.linux 2009-12-31 21:12:07.000000000 +0000 +@@ -10,7 +10,7 @@ + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = $(RPM_OPT_FLAGS) + COMPILE_FLAGS = -I../include + LIBS = + diff --git a/ppp-2.4.5-makeopt2.patch b/ppp-2.4.5-makeopt2.patch new file mode 100644 index 0000000..7ce1f7b --- /dev/null +++ b/ppp-2.4.5-makeopt2.patch @@ -0,0 +1,10 @@ +--- ppp-2.4.5/pppd/plugins/dhcp/Makefile.linux 2009-12-31 19:46:24.000000000 +0000 ++++ ppp-2.4.5/pppd/plugins/dhcp/Makefile.linux.tpg 2009-12-31 19:55:34.000000000 +0000 +@@ -1,6 +1,6 @@ + + PLUGIN=dhcpc.so +-CFLAGS=-I../.. -I../../../include -O2 ++CFLAGS=-I../.. -I../../../include -Wall $(RPM_OPT_FLAGS) + + SRCS = dhcpc.c clientpacket.c packet.c socket.c options.c + OBJS = $(SRCS:%.c=%.lo) diff --git a/ppp-2.4.5-pppol2tpv3.patch b/ppp-2.4.5-pppol2tpv3.patch new file mode 100644 index 0000000..066a3ac --- /dev/null +++ b/ppp-2.4.5-pppol2tpv3.patch @@ -0,0 +1,23 @@ +--- ppp-2.4.5/include/linux/if_pppol2tp.h.pppol2tpv3 2009-11-16 22:26:07.000000000 +0000 ++++ ppp-2.4.5/include/linux/if_pppol2tp.h 2010-12-04 02:01:22.000000000 +0000 +@@ -32,6 +32,20 @@ + __u16 d_tunnel, d_session; /* For sending outgoing packets */ + }; + ++/* The L2TPv3 protocol changes tunnel and session ids from 16 to 32 ++ * bits. So we need a different sockaddr structure. ++ */ ++struct pppol2tpv3_addr { ++ pid_t pid; /* pid that owns the fd. ++ * 0 => current */ ++ int fd; /* FD of UDP or IP socket to use */ ++ ++ struct sockaddr_in addr; /* IP address and port to send to */ ++ ++ __u32 s_tunnel, s_session; /* For matching incoming packets */ ++ __u32 d_tunnel, d_session; /* For sending outgoing packets */ ++}; ++ + /* Socket options: + * DEBUG - bitmask of debug message categories + * SENDSEQ - 0 => don't send packets with sequence numbers diff --git a/ppp-options.patch b/ppp-options.patch new file mode 100644 index 0000000..498df78 --- /dev/null +++ b/ppp-options.patch @@ -0,0 +1,8 @@ +--- ppp-2.4.0/etc.ppp/options Sat Feb 27 04:09:52 1999 ++++ ppp-2.4.0/etc.ppp/options.geoff Thu Aug 31 09:20:12 2000 +@@ -1 +1,5 @@ + lock ++noauth ++noipdefault ++usepeerdns ++ diff --git a/ppp.logrotate b/ppp.logrotate new file mode 100644 index 0000000..7a72979 --- /dev/null +++ b/ppp.logrotate @@ -0,0 +1,10 @@ +# Logrotate file for ppp RPM + +/var/log/ppp/connect-errors { + missingok + compress + notifempty + daily + rotate 5 + create 0600 root root +} diff --git a/ppp.spec b/ppp.spec new file mode 100644 index 0000000..23a6e55 --- /dev/null +++ b/ppp.spec @@ -0,0 +1,595 @@ +%define major 0 +%define libname %mklibname radiusclient %{major} +%define develname %mklibname radiusclient -d + +%define name ppp +%define version 2.4.5 +%define release %mkrel 6 + +%define enable_inet6 1 +%{?_with_inet6: %{expand: %%global enable_inet6 1}} +%{?_without_inet6: %{expand: %%global enable_inet6 0}} + +%define enable_debug 0 +%{?_with_debug: %global enable_debug 1} +%{?_without_debug: %global use_debug 0} + +%define enable_radiusclient 0 +%{?_with_radiusclient: %{expand: %%global enable_radiusclient 1}} +%{?_without_radiusclient: %{expand: %%global enable_radiusclient 0}} + +Summary: The PPP daemon and documentation for Linux 1.3.xx and greater +Name: %{name} +Version: %{version} +Release: %{release} +License: BSD-like +Url: http://www.samba.org/ppp/ +Group: System/Servers +Source0: ftp://ftp.samba.org/pub/ppp/%{name}-%{version}.tar.bz2 +Source1: ppp-2.4.3-pam.conf +Source2: ppp-2.4.1-mppe-crypto.tar.bz2 +Source3: README.pppoatm +Source4: ppp.logrotate +Source5: ppp-dhcpc.tar.bz2 +Patch0: ppp-2.4.5-make.patch +Patch1: ppp-2.3.6-sample.patch +Patch2: ppp-2.4.2-wtmp.patch +Patch4: ppp-options.patch +Patch5: ppp-2.4.3-pppdump-Makefile.patch +Patch6: ppp-2.4.3-noexttraffic.patch +# (blino) use external libatm for pppoatm plugin +Patch7: ppp-2.4.3-libatm.patch +Patch8: ppp-2.4.2-pie.patch +Patch9: ppp-2.4.4-multipledefrt.patch +Patch10: ppp-2.4.4-dontwriteetc.patch +# (blino) http://orakel.tznetz.com/dload/ppp-2.4.4-mppe-mppc-1.1.patch.gz +# original patch on http://mppe-mppc.alphacron.de/ +# (tpg) disable this patch, because it need a rediff and also there are some legal issues +# Although the module's source code is completely free, MPPC itself is patented algorithm. +#Patent for *Microsoft* PPC is holded by the Hifn Inc. This is obvious ;-). +#Furthermore, MPPE uses RC4[1] encryption algorithm which itself isn't patented, +#but RC4 is trademark of RSA Data Security Inc. +#To avoid legal problems, US citizens shouldn't use this module. +Patch11: ppp-2.4.4-mppe-mppc-1.1.patch +Patch15: ppp-2.4.3-pic.patch +Patch16: ppp-2.4.3-etcppp.patch +Patch18: ppp-2.4.5-includes-sha1.patch +Patch19: ppp-2.4.5-makeopt2.patch +Patch20: ppp-2.4.3-nostrip.patch +Patch21: ppp-2.4.5-pppol2tpv3.patch +BuildRequires: libatm-devel +BuildRequires: libpcap-devel +BuildRequires: openssl-devel >= 0.9.7 +BuildRequires: pam-devel +BuildRequires: libtool +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +Requires: glibc >= 2.0.6 + +%description +The ppp package contains the PPP (Point-to-Point Protocol) daemon +and documentation for PPP support. The PPP protocol provides a +method for transmitting datagrams over serial point-to-point links. + +The ppp package should be installed if your machine need to support +the PPP protocol. + + +%package devel +Summary: PPP devel files +Group: Development/C +Requires: %{name} = %{version} + +%description devel +PPP over ATM plugin for %{name}. + +%package pppoatm +Summary: PPP over ATM plugin for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description pppoatm +PPP over ATM plugin for %{name}. + +%package pppoe +Summary: PPP over ethernet plugin for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description pppoe +PPP over ethernet plugin for %{name}. + +%package radius +Summary: Radius plugin for %{name} +Group: System/Servers +Requires: %{name} = %{version} +Requires: radiusclient-utils + +%description radius +Radius plugin for %{name}. + +%package dhcp +Summary: DHCP plugin for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description dhcp +DHCP plugin for %{name}. + +%if %enable_radiusclient +%package -n radiusclient-utils +Summary: Radiusclient library +Group: System/Servers +Requires: %{libname} = %{version}-%{release} +Conflicts: radiusclient + +%description -n radiusclient-utils +Radiusclient is a /bin/login replacement which gets called by a getty +to log in a user and to setup the user's login environment. Normal +login programs just check the login name and password which the user +entered against the local password file (/etc/passwd, /etc/shadow). In +contrast to that Radiusclient also uses the RADIUS protocol to +authenticate the user. + +%package -n %{libname} +Summary: Radiusclient library +Group: System/Libraries + +%description -n %{libname} +Libraries required for Radiusclient + +%package -n %{develname} +Summary: Header files and development documentation for radiusclient +Group: Development/C +Requires: %{libname} = %{version}-%{release} +Provides: radiusclient-devel = %{version}-%{release} +Provides: libradiusclient-devel = %{version}-%{release} + +%description -n %{develname} +Header files and development documentation for radiusclient. + +%package -n %{staticname} +Summary: Static libraries for radiusclient +Group: Development/C +Requires: %{libname}-devel = %{version}-%{release} + +%description -n %{staticname} +Radiusclient static library. +%endif + +%prep +%setup -q +find -type d -name CVS|xargs rm -rf +%patch0 -p1 -b .make +%patch1 -p1 -b .sample +%patch2 -p1 -b .wtmp +%patch4 -p1 -b .options +%patch5 -p1 -b .pppdump-Makefile + +# (gg) add noext-traffic option +%patch6 -p1 -b .noext + +%patch7 -p1 -b .libatm +%patch8 -p1 -b .pie +%patch9 -p1 -b .multipledefrt + +tar -xjf %{SOURCE2} +pushd pppd/plugins + tar -xjf %{SOURCE5} +popd + +%patch10 -p1 -b .dontwriteetc +#%patch11 -p1 -b .mppe_mppc +%patch15 -p1 -b .pic +%patch16 -p1 -b .etcppp +%patch18 -p1 -b .incsha1 +%patch19 -p1 -b .dhcp +%if %enable_debug +%patch20 -p1 -b .nostrip +%endif +%patch21 -p1 -b .pppol2tpv3 + +# lib64 fixes +perl -pi -e "s|^(LIBDIR.*)\\\$\(DESTDIR\)/lib|\1\\\$(INSTROOT)%{_libdir}|g" pppd/Makefile.linux pppd/plugins/Makefile.linux pppd/plugins/{pppoatm,radius,rp-pppoe,pppol2tp}/Makefile.linux +perl -pi -e "s|(--prefix=/usr)|\1 --libdir=%{_libdir}|g" pppd/plugins/radius/Makefile.linux +perl -pi -e "/_PATH_PLUGIN/ and s,(?:/usr/lib|DESTDIR (\")/lib),\$1%{_libdir}," pppd/pathnames.h +# enable the dhcp plugin +perl -p -i -e "s|^(PLUGINS :=)|SUBDIRS += dhcp\n\$1|g" pppd/plugins/Makefile.linux + +# fix /usr/local in scripts path +perl -pi -e "s|/usr/local/bin/pppd|%{_sbindir}/pppd|g; + s|/usr/local/bin/ssh|%{_bindir}/ssh|g; + s|/usr/local/bin/expect|%{_bindir}/expect|g" \ + scripts/ppp-on-rsh \ + scripts/ppp-on-ssh \ + scripts/secure-card + +%if %enable_inet6 +perl -pi -e "s/#HAVE_INET6/HAVE_INET6/" pppd/Makefile.linux +%endif + +%build +# stpcpy() is a GNU extension +%if %enable_debug +OPT_FLAGS="%{optflags} -g -D_GNU_SOURCE" +%else +OPT_FLAGS="%{optflags} -D_GNU_SOURCE" +%endif +perl -pi -e "s/openssl/openssl -DOPENSSL_NO_SHA1/;" openssl/crypto/sha/Makefile + +CFLAGS="$OPT_FLAGS" CXXFLAGS="$OPT_FLAGS" %configure2_5x +# remove the following line when rebuilding against kernel 2.4 for multilink +#perl -pi -e "s|-DHAVE_MULTILINK||" pppd/Makefile +%make RPM_OPT_FLAGS="$OPT_FLAGS" LIBDIR=%{_libdir} +%make -C pppd/plugins -f Makefile.linux + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}{%{_sbindir},%{_bindir},/usr/X11R6/bin/,%{_mandir}/man8,%{_sysconfdir}/{ppp/peers,pam.d}} + +%makeinstall LIBDIR=%{buildroot}%{_libdir}/pppd/%{version}/ INSTALL=install -C pppd/plugins/dhcp +%makeinstall INSTROOT=%{buildroot} SUBDIRS="pppoatm rp-pppoe radius pppol2tp" + +%multiarch_includes %{buildroot}%{_includedir}/pppd/pathnames.h + +# (gg) Allow stripping +chmod u+w %{buildroot}%{_sbindir}/* + +%if !%enable_debug +# (florin) strip the binary +strip %{buildroot}%{_sbindir}/pppd +%endif + +chmod go+r scripts/* +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ppp +install -m 644 %{SOURCE3} %{_builddir}/%{name}-%{version}/ + +# (stew) fix permissions +chmod 0755 `find %{buildroot} -name "*\.so"` + +# Provide pointers for people who expect stuff in old places +touch %{buildroot}/var/log/ppp/connect-errors +touch %{buildroot}/var/run/ppp/resolv.conf +ln -s ../../var/log/ppp/connect-errors %{buildroot}/etc/ppp/connect-errors +ln -s ../../var/run/ppp/resolv.conf %{buildroot}/etc/ppp/resolv.conf + +# Logrotate script +mkdir -p %{buildroot}/etc/logrotate.d +install -m 644 %{SOURCE4} %{buildroot}/etc/logrotate.d/ppp + +%if !%enable_radiusclient +rm -rf %{buildroot}%{_sbindir}/*rad* +rm -rf %{buildroot}%{_sysconfdir}/*rad* +rm -rf %{buildroot}%{_includedir}/*rad* +rm -rf %{buildroot}%{_libdir}/*rad* +%endif + +%if %enable_debug +export DONT_STRIP=1 +%endif + +%if %enable_radiusclient +%if %mdkversion < 200900 +%post -n %{libname} -p /sbin/ldconfig +%endif +%if %mdkversion < 200900 +%postun -n %{libname} -p /sbin/ldconfig +%endif + +%if %mdkversion < 200900 +%post -n %{develname} -p /sbin/ldconfig +%endif +%if %mdkversion < 200900 +%postun -n %{develname} -p /sbin/ldconfig +%endif +%endif + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root) +%doc FAQ PLUGINS README* scripts sample +%{_sbindir}/chat +%{_sbindir}/pppdump +%attr(5755,root,root) %{_sbindir}/pppd +%attr(0755,root,daemon) %{_sbindir}/pppstats +%{_mandir}/man*/* +%exclude %{_mandir}/man8/*rad* +%dir %{_libdir}/pppd +%{_libdir}/pppd/%{version} +%exclude %{_libdir}/pppd/%{version}/pppoatm.so +%exclude %{_libdir}/pppd/%{version}/rp-pppoe.so +%exclude %{_libdir}/pppd/%{version}/rad* +%exclude %{_libdir}/pppd/%{version}/dhcpc.so +%dir %{_sysconfdir}/ppp +%dir /var/run/ppp +/var/run/ppp/* +%attr(700, root, root) %dir /var/log/ppp +/var/log/ppp/* +%attr(0600,root,daemon) %config(noreplace) %{_sysconfdir}/ppp/chap-secrets +%attr(0600,root,daemon) %config(noreplace) %{_sysconfdir}/ppp/options +%attr(0600,root,daemon) %config(noreplace) %{_sysconfdir}/ppp/pap-secrets +%attr(0600,root,daemon) %{_sysconfdir}/ppp/connect-errors +%attr(0600,root,daemon) %{_sysconfdir}/ppp/resolv.conf +%attr(755,root,daemon) %dir %{_sysconfdir}/ppp/peers +%config(noreplace) %{_sysconfdir}/pam.d/ppp +%config(noreplace) /etc/logrotate.d/ppp + +%files devel +%defattr(-,root,root) +%doc README* +%{_includedir}/pppd/* +%{multiarch_includedir}/pppd/pathnames.h + +%files pppoatm +%defattr(-,root,root) +%doc README +%{_libdir}/pppd/%{version}/pppoatm.so + +%files pppoe +%defattr(-,root,root) +%doc README +%{_libdir}/pppd/%{version}/rp-pppoe.so +%attr(755,root,root) %{_sbindir}/pppoe-discovery + +%files radius +%defattr(-,root,root) +%doc README +%{_libdir}/pppd/%{version}/rad*.so +%{_mandir}/man8/*rad* + +%files dhcp +%defattr(-,root,root) +%doc pppd/plugins/dhcp/README +%doc pppd/plugins/dhcp/AUTHORS +%doc pppd/plugins/dhcp/COPYING +%{_libdir}/pppd/%{version}/dhcpc.so + +%if %enable_radiusclient +%files -n radiusclient-utils +%defattr(644,root,root,755) +%doc pppd/plugins/radius/radiusclient/BUGS +%doc pppd/plugins/radius/radiusclient/CHANGES +%doc pppd/plugins/radius/radiusclient/README +%doc pppd/plugins/radius/radiusclient/doc/*.html +%dir %{_sysconfdir}/radiusclient +%attr(644,root,root) %config(missingok,noreplace) %verify(not md5 size mtime) %{_sysconfdir}/radiusclient/* +%attr(755,root,root) %{_sbindir}/*rad* + +%files -n %{libname} +%defattr(-,root,root) +%attr(755,root,root) %{_libdir}/lib*.so.%{major}* + +%files -n %{develname} +%defattr(644,root,root,755) +%attr(755,root,root) %{_libdir}/lib*.so +%attr(755,root,root) %{_libdir}/lib*.la +%{_includedir}/*rad* + +%files -n %{staticname} +%defattr(644,root,root,755) +%{_libdir}/lib*.a +%endif + + +%changelog +* Mon Jul 04 2011 Александр Казанцев 2.4.5-6mdv2011.0 ++ Revision: 688624 +- fix spec due missing install openl2tp plugins + +* Mon May 02 2011 Oden Eriksson 2.4.5-5 ++ Revision: 661713 +- multiarch fixes + +* Mon Apr 18 2011 Eugeni Dodonov 2.4.5-4 ++ Revision: 655830 +- Disable mppe-mppc patch as it breaks networkmanager (#16737) + +* Sat Dec 04 2010 Funda Wang 2.4.5-3mdv2011.0 ++ Revision: 608655 +- patch to build with latest kernel + + + Oden Eriksson + - rebuild + +* Fri Jun 11 2010 Eugeni Dodonov 2.4.5-2mdv2010.1 ++ Revision: 547901 +- Rediffed P11 (required for #16737). + +* Thu Dec 31 2009 Tomasz Pawel Gajc 2.4.5-1mdv2010.1 ++ Revision: 484614 +- fix compiling on x86_64 by adding -fPIC flag +- update to new version 2.4.5 +- merge makeopt patches into one patch 3 +- diable patch 11 +- rediff patch 18 and 19 +- drop patches 12(fixed upstream), 21(unknown status) and 22(fixed upstream) +- update to new version 2.4.5 + +* Tue May 26 2009 Nicolas Lécureuil 2.4.4-10mdv2010.0 ++ Revision: 380029 +- Fix build + +* Wed Dec 17 2008 Oden Eriksson 2.4.4-9mdv2009.1 ++ Revision: 315253 +- rediffed fuzzy patches + +* Wed Oct 29 2008 Oden Eriksson 2.4.4-8mdv2009.1 ++ Revision: 298351 +- rebuilt against libpcap-1.0.0 + +* Thu Aug 07 2008 Thierry Vignaud 2.4.4-7mdv2009.0 ++ Revision: 265533 +- rebuild early 2009.0 package (before pixel changes) + + + Pixel + - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers + +* Tue Jun 03 2008 Olivier Blin 2.4.4-6mdv2009.0 ++ Revision: 214490 +- rename new keepdefaultroute option as multipledefaultroutes + +* Mon Jun 02 2008 Olivier Blin 2.4.4-5mdv2009.0 ++ Revision: 214331 +- delete route for current ppp interface only (when shutting down the connection) + +* Mon Jun 02 2008 Olivier Blin 2.4.4-4mdv2009.0 ++ Revision: 214300 +- add keepdefaultroute option (to keep existing default routes) + +* Fri Apr 04 2008 Olivier Blin 2.4.4-3mdv2008.1 ++ Revision: 192326 +- fix plugins path on x86_64 (#31794) + +* Fri Feb 01 2008 Tomasz Pawel Gajc 2.4.4-2mdv2008.1 ++ Revision: 160951 +- new license policy +- spec file clean +- change buildrequires to libatm-devel + + + Olivier Blin + - restore BuildRoot + + + Thierry Vignaud + - kill re-definition of %%buildroot on Pixel's request + +* Mon Aug 20 2007 Tomasz Pawel Gajc 2.4.4-1mdv2008.0 ++ Revision: 68088 +- rebuild + + +* Mon Nov 27 2006 Olivier Blin 2.4.4-1mdv2007.0 ++ Revision: 87708 +- use common make install for pppoatm plugin +- run lib64 fixes on plugin sub-makefiles as well +- adapt lib64 to latest ppp makefiles +- fix plugins installation +- really enable the dhcp plugin +- remove useless mkdir commands +- use updated mppe-mppc patch (from Michael Gschwandtner) +- drop cve-2006-2194 patch (merged upstream) +- drop passargv patch (merged upstream) +- rediff dontwriteetc patch +- use new INSTROOT variable for make install +- remove lcp_close patch (merged upstream, and our version looks incorrect BTW) +- 2.4.4 +- drop merged patch13 + +* Thu Aug 10 2006 Olivier Blin 2.4.3-12mdv2007.0 ++ Revision: 54763 +- P23: security fix for CVE-2006-2194 (from Vincent Danen) +- import ppp-2.4.3-11mdv2007.0 + +* Tue Jul 11 2006 Olivier Blin 2.4.3-11mdv2007.0 +- drop ppp-prompt package since it depends on gtk1 + (from Crispin Boylan, #23521) +- don't try to uncompress Source6, it's dropped + (and duplicated official tarball parts...) +- drop Patch12, we don't want to build contrib stuff +- don't use pam_stack in pam.d config file + +* Wed Jan 11 2006 Christiaan Welvaart 2.4.3-10mdk +- add BuildRequires: libtool + +* Sun Aug 28 2005 Giuseppe Ghib 2.4.3-9mdk +- /etc/ppp/peers is not a file, removed from + %%config(noreplace) list. +- Added missed CFLAGS to Patch3 (makeopt) and Patch19. +- Added Patch17 (make room for argv[4]). +- Added Patch18 (fix includes, merged from RH). +- Added Patch20 (don't let install scripts do strip of binaries). +- Added Patch21 (fix some function prototype and include, merged from RH). +- Added Patch22 (add support for higher speeds according to bits/termios.h). + +* Sat Aug 06 2005 Olivier Blin 2.4.3-8mdk +- do an lcp_close whenever the link terminates, not just if it + terminates because of an error, this is needed for persist + to work properly (Patch9 from CVS, possible fix for #16748) +- removes Requires on release + +* Thu Jul 14 2005 Oden Eriksson 2.4.3-7mdk +- rebuilt against new libpcap-0.9.1 (aka. a "play safe" rebuild) + +* Fri Jun 03 2005 Pascal Terjan 2.4.3-6mdk +- allow building with ipv6 support and enable it by default + +* Sat Apr 23 2005 Olivier Blin 2.4.3-5mdk +- really use 2.4.3 tarball ! +- rediff Patch0, Patch3, Patch5, Patch6, Patch10, Patch12, Patch15 +- update man path in Patch12 +- drop Patch9, Patch14 (merged upstream) +- use new internal pppoatm (drop Patch7) +- use external libatm for pppoatm (new Patch7) +- drop Patch16 since we use the real ppp-2.4.3 now ... +- drop radiusclient workaround + (no more radiusclient subdir with configure stuff) +- fix install in MANDIR, INCDIR, RUNDIR and LOGDIR +- really install ppp files in etc (Patch16) +- ship pppoe-discovery in ppp-pppoe +- remove spurious man8 dir + +* Wed Feb 02 2005 Olivier Blin 2.4.3-4mdk +- do not mark symbolic links as config files (#13090) +- really ship README.pppoatm + +* Tue Feb 01 2005 Olivier Blin 2.4.3-3mdk +- multiarch support + +* Tue Jan 18 2005 Per yvind Karlsen 2.4.3-2mdk +- fix patchlevel (P16), pppd reported versions as 2.4.2 and not 2.4.3 + +* Mon Jan 17 2005 Per yvind Karlsen 2.4.3-1mdk +- 2.4.3 +- update mppe/mppc patch (P11) +- drop P13( merged upstream) +- pppgetpass has been silently dropped from upstream, ship it in own source (S6) +- fix summary-ended-with-dot +- fix cvs-internal-file + +* Thu Oct 07 2004 Gwenole Beauchesne 2.4.2-9mdk +- lib64 fixes + +* Tue Sep 21 2004 Gwenole Beauchesne 2.4.2-8mdk +- build DSO with PIC +- -pie & 64-bit fixes + +* Wed Aug 25 2004 Olivier Blin 2.4.2-7mdk +- fix infinite loop in pty program kill + +* Sat Jun 19 2004 Florin 2.4.2-6mdk +- move the prompt program to ppp-prompt package (depends on gtk) +- add resolv.conf and connect-errors files +- the mppe syntax has changed (see the www.polbox.com/h/hs001/ page +for more info on this) + +* Fri Jun 18 2004 Christiaan Welvaart 2.4.2-5mdk +- add BuildRequires: libgtk+-devel + +* Thu Jun 17 2004 Florin 2.4.2-4mdk +- fix peers permissions + +* Sun Jun 13 2004 Florin 2.4.2-3mdk +- enable the radius plugin/package +- strip the binary +- add the existing radiusclient files +- spec file cleaning +- add the dhcp plugin (source 5) +- build the password prompt (contrib patch) + +* Wed Jun 02 2004 Florin 2.4.2-2mdk +- use a different pppoatm patch + +* Tue May 25 2004 Florin 2.4.2-1mdk +- 2.4.2 +- update the make, makeopt, wtmp patch +- remove the pam_session, zfree, mppe, includes, libdir, filter +- pppoe, disconnect, gcc, pcap, varargs obsolete patches +- add the includes files +- add the README.pppoatm FAQ PLUGINS files +- add the logrotate patch and file (rh) +- add the pie, dontwriteetc patches (rh) + +* Fri Feb 27 2004 Olivier Thauvin 2.4.1-13mdk +- Own dir (distlint) +- patch31 - fix build against pcap +