Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and

Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 ! It's far to dangerous.

show more ...

Use rad_acct_open() instead of rad_auth_open().

Suggested by: Victor Ivanov <v0rbiz@icon.bg>

Support radius accounting, and add a packet count to throughput
statistics as a side effect.

Submitted by: Marcin Cieslak <saper@system.pl>

with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULT

Support radius accounting, and add a packet count to throughput
statistics as a side effect.

Submitted by: Marcin Cieslak <saper@system.pl>

with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.

show more ...

Correct some typos introduced in the descriptor -> fdescriptor change.

Introduce LOCALNAT and LOCALRAD defines so that the sources can stay
exactly the same in FreeBSD & OpenBSD despite libalias and libradius
being local to the ppp sources under OpenBSD.

The interface list that comes back from the PF_ROUTE/NET_RT_IFLIST mib
is aligned. Teach this to ``show route''.

Clean up some of the sockaddr parsing routines.

To avoid namespace polution in NetBSD:

``struct descriptor'' -> ``struct fdescriptor''

Notice and warn about unterminated quoted strings in commands.
The entire command is ignored if the syntax is invalid...

Back out the bogus #ifdef __NetBSD__ #include <signal.h> lines.
The original report was due to a mis-installation of the NetBS
header files :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

NetBSD has moved ``extern int errno;'' to signal.h :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

When sending radius authentication requests:

Supply RAD_NAS_IDENTIFIER if we have a `hostname` and
RAD_IP_ADDRESS if that hostname resolves.

Supply RAD_NAS_PORT using the ttyslot() of the tty

When sending radius authentication requests:

Supply RAD_NAS_IDENTIFIER if we have a `hostname` and
RAD_IP_ADDRESS if that hostname resolves.

Supply RAD_NAS_PORT using the ttyslot() of the tty that
we're authenticating on if it's a tty device.

Partially submitted by: Andriy I Pilipenko <bamby@marka.net.ua>
PR: 12225

show more ...

$Id$ -> $FreeBSD$

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

show more ...

int -> size_t

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.

show more ...

Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP se

Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland

show more ...

o Send a CHAP challenge of 16 random digits when RADIUS is
configured. This isn't strictly necessary according to the
rfc, but it's suggested there....
o Don't forget to include our authname whe

o Send a CHAP challenge of 16 random digits when RADIUS is
configured. This isn't strictly necessary according to the
rfc, but it's suggested there....
o Don't forget to include our authname when sending a
CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
length to radius_Authenticate() - libradius does this
for us.
o When we successfully authenticate via radius_Authenticate(),
continue with datalink_AuthOk() as expected.

Sponsored by: Internet Business Solutions Ltd., Switzerland

show more ...

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_reques

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.

Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland

show more ...

Add a new option for ppp.conf: rad_port_id. It allows to
change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding

Add a new option for ppp.conf: rad_port_id. It allows to
change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding interface, tun(4) interface number,
interface index (as it would get returned by if_nametoindex(3)),
or it's possible to keep the default behavior. Check the ppp(8)
manual page for details.

PR: bin/112764
Submitted by: novel (myself)
Reviewed by: flz
Approved by: flz
MFC after: 1 month

show more ...

Check the return value from rad_cvt_ipv6prefix().

PR: bin/89808
MFC after: 1 week

Add a radius_Flush() function that waits for the response (or timeout) to
any pending RADIUS transaction. Use this before sending RAD_STOP RADIUS
messages so that we definitely ``stop'' the session.

Add a radius_Flush() function that waits for the response (or timeout) to
any pending RADIUS transaction. Use this before sending RAD_STOP RADIUS
messages so that we definitely ``stop'' the session.

It was discovered that sometimes when the link timed out, we got lucky
enough to have an un-ACK'd RADIUS accounting transaction in progress,
resulting in the RAD_STOP message failing to send.

Original report found on: A russion news group
Text translated by: glebius
Tested by: Alexey Popov llp at iteranet dot com
MFC after: 7 days

show more ...

Send NAS-IP-Address as well as NAS-Identifier
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to
support pre-rfc2865 RADIUS servers.
This pushes our enable/disable items over th

Send NAS-IP-Address as well as NAS-Identifier
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to
support pre-rfc2865 RADIUS servers.
This pushes our enable/disable items over the 32 bit limit, so reoganise
things to allow a bunch more options.
Go to version 3.4.1 so that any compatability problems can be identified.

show more ...

Add a bunch of malloc() return checks

PR: 71592
Submitted by: Dan Lukes <dan@obluda.cz> with further changes

Make ppp WARNS=5 clean

Avoid casts as lvalues.