diff -urN ppp-2.4.1.org/README.cbcp ppp-2.4.1/README.cbcp
--- ppp-2.4.1.org/README.cbcp Thu May 22 08:48:50 1997
+++ ppp-2.4.1/README.cbcp Fri Jun 22 22:49:37 2001
@@ -1,7 +1,8 @@
Microsoft Call Back Configuration Protocol.
by Pedro Roque Marques
(updated by Paul Mackerras)
-
+ (updated by Bolke de Bruin, bolke@xs4all.nl)
+
The CBCP is a method by which the Microsoft Windows NT Server may
implement additional security. It is possible to configure the server
in such a manner so as to require that the client systems which
@@ -11,10 +12,6 @@
It is a requirement of servers so configured that the protocol be
exchanged.
-So, this set of patches may be applied to the pppd process to enable
-the cbcp client *only* portion of the specification. It is primarily
-meant to permit connection with Windows NT Servers.
-
The ietf-working specification may be obtained from ftp.microsoft.com
in the developr/rfc directory.
@@ -22,76 +19,17 @@
extended to permit the callback operation. For this reason, these
patches are not 'part' of pppd but are an adjunct to the code.
-To enable CBCP support, all that is required is to change the
-appropriate Makefile in the pppd subdirectory to add "-DCBCP_SUPPORT"
-to the CFLAGS definition and add cbcp.o to the list of object files,
-and then recompile pppd. The patch below does this for Makefile.bsd
-and Makefile.linux.
-
-
---------------------------------cut here-------------------------------
-diff -r -c ppp-2.3.orig/pppd/Makefile.bsd ppp-2.3/pppd/Makefile.bsd
-*** ppp-2.3.orig/pppd/Makefile.bsd Tue Oct 8 13:33:33 1996
---- ppp-2.3/pppd/Makefile.bsd Fri Apr 11 23:59:15 1997
-***************
-*** 4,14 ****
- # -D_BITYPES is for FreeBSD, which doesn't define anything to
- # tell us that u_int32_t gets defined if <sys/types.h> is included.
- # Remove for older *BSD systems for which this isn't true.
-! CFLAGS+= -g -I.. -DHAVE_PATHS_H -D_BITYPES
-
- PROG= pppd
- SRCS= main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c
-! demand.c auth.c options.c sys-bsd.c
- MAN= pppd.cat8
- MAN8= pppd.8
- BINMODE=4555
---- 4,14 ----
- # -D_BITYPES is for FreeBSD, which doesn't define anything to
- # tell us that u_int32_t gets defined if <sys/types.h> is included.
- # Remove for older *BSD systems for which this isn't true.
-! CFLAGS+= -I.. -DHAVE_PATHS_H -D_BITYPES -DCBCP_SUPPORT
-
- PROG= pppd
- SRCS= main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c
-! demand.c auth.c options.c sys-bsd.c cbcp.c
- MAN= pppd.cat8
- MAN8= pppd.8
- BINMODE=4555
-diff -r -c ppp-2.3.orig/pppd/Makefile.linux ppp-2.3/pppd/Makefile.linux
-*** ppp-2.3.orig/pppd/Makefile.linux Tue Oct 8 15:42:41 1996
---- ppp-2.3/pppd/Makefile.linux Sat Apr 12 00:02:28 1997
-***************
-*** 14,20 ****
- ipxcp.h cbcp.h
- MANPAGES = pppd.8
- PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o
-! auth.o options.o demand.o sys-linux.o ipxcp.o
-
- all: pppd
-
---- 14,20 ----
- ipxcp.h cbcp.h
- MANPAGES = pppd.8
- PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o
-! auth.o options.o demand.o sys-linux.o ipxcp.o cbcp.o
-
- all: pppd
-
-***************
-*** 36,42 ****
- #INCLUDE_DIRS= -I/usr/include -I..
- INCLUDE_DIRS=
-
-! COMPILE_FLAGS= -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE
-
- CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS)
-
---- 36,42 ----
- #INCLUDE_DIRS= -I/usr/include -I..
- INCLUDE_DIRS=
-
-! COMPILE_FLAGS= -D_linux_=1 -DHAVE_PATHS_H -DIPX_CHANGE -DCBCP_SUPPORT
-
- CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS)
-
+The configuration files in this setup are already configured to use
+CBCP both as a server (when specified with "callback server") and
+client (callback <number>). I sure would like some info how it is
+working especially client side as I did not test that.
+
+Also you may have noticed that a few other patches exist for older
+versions of ppp (2.3.5, 2.3.7, 2.3.10) I have made these comply
+with the new 2.4.0 and I *do* hope it gets finally in the main
+branch, because I know a lot of people are stuck with NT-RAS, and
+would gladly replace it with a *nix/*bsd solution.
+
+Some work still has to be done. Client input should be checked for
+should be shell escaped (SECURITY FLAW!), code cleanups should be made
+etc etc.
No newline at end of file
diff -urN ppp-2.4.1.org/chat/Makefile.linux ppp-2.4.1/chat/Makefile.linux
--- ppp-2.4.1.org/chat/Makefile.linux Fri Jun 22 22:49:09 2001
+++ ppp-2.4.1/chat/Makefile.linux Fri Jun 22 22:49:37 2001
@@ -1,6 +1,6 @@
# $Id: Makefile.linux,v 1.9 1999/08/13 01:54:32 paulus Exp $
-CDEF1= -DTERMIOS # Use the termios structure
+#CDEF1= -DTERMIOS # Use the termios structure
CDEF2= -DSIGTYPE=void # Standard definition
CDEF3= -UNO_SLEEP # Use the usleep function
CDEF4= -DFNDELAY=O_NDELAY # Old name value
diff -urN ppp-2.4.1.org/chat/chat.c ppp-2.4.1/chat/chat.c
--- ppp-2.4.1.org/chat/chat.c Thu Dec 23 03:39:54 1999
+++ ppp-2.4.1/chat/chat.c Fri Jun 22 22:49:37 2001
@@ -590,10 +590,13 @@
{
#if defined(get_term_param)
term_parms t;
-
- if (get_term_param (&t) < 0)
- fatal(2, "Can't get terminal parameters: %m");
-
+ int ctl;
+
+ ctl = get_term_param (&t);
+ if (ctl < 0) {
+ syslog(LOG_NOTICE, "Could not get FD: %s", strerror(errno));
+ fatal(2, "Can't get terminal parameters: %m");
+ }
saved_tty_parameters = t;
have_tty_parameters = 1;
diff -urN ppp-2.4.1.org/etc.ppp/callback-client ppp-2.4.1/etc.ppp/callback-client
--- ppp-2.4.1.org/etc.ppp/callback-client Thu Jan 1 03:00:00 1970
+++ ppp-2.4.1/etc.ppp/callback-client Fri Jun 22 22:49:37 2001
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Script callback-client
+# Script parameters: delay time in seconds
+
+DELAY="$1"
+
+/usr/sbin/chat -v -t 2 "" d+++dc OK ATH0 OK
+sleep $DELAY s
+/usr/sbin/chat -v "" ATZ OK "" RING ATA CONNECT
diff -urN ppp-2.4.1.org/etc.ppp/callback-server ppp-2.4.1/etc.ppp/callback-server
--- ppp-2.4.1.org/etc.ppp/callback-server Thu Jan 1 03:00:00 1970
+++ ppp-2.4.1/etc.ppp/callback-server Fri Jun 22 22:49:37 2001
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Script callback-server
+# Script parameters: delay time in seconds, callback number
+
+DELAY="$1"
+NUMBER="$2"
+
+/usr/sbin/chat -v -t 2 "" d+++dc OK ATH0 OK
+sleep $DELAY s
+/usr/sbin/chat -v "" ATZ OK ATD$NUMBER CONNECT
diff -urN ppp-2.4.1.org/etc.ppp/callback-users ppp-2.4.1/etc.ppp/callback-users
--- ppp-2.4.1.org/etc.ppp/callback-users Thu Jan 1 03:00:00 1970
+++ ppp-2.4.1/etc.ppp/callback-users Fri Jun 22 22:49:37 2001
@@ -0,0 +1,10 @@
+# User list for callback
+# Username option
+# option - no callback
+# option * or empty user definied
+# option other admin definied: this number
+# in username * and ? wildcars valid, callback uses the best fit
+# Examples:
+# zotyo 67435 # user zotyo admin definied, number 67453
+# gates - # gates not called back
+*
No newline at end of file
diff -urN ppp-2.4.1.org/linux/Makefile.top ppp-2.4.1/linux/Makefile.top
--- ppp-2.4.1.org/linux/Makefile.top Mon Apr 17 13:39:26 2000
+++ ppp-2.4.1/linux/Makefile.top Fri Jun 22 22:49:37 2001
@@ -2,7 +2,7 @@
/* global vars */
@@ -852,6 +856,10 @@
u_char *p; /* Pointer to next char to parse */
u_char *ucp = inp; /* Pointer to current output char */
int l = *len; /* Length left */
+
+#ifdef CBCP_SUPPORT
+ cbcp_stop();
+#endif
/*
* Reset all his options.
diff -urN ppp-2.4.1.org/pppd/ipxcp.c ppp-2.4.1/pppd/ipxcp.c
--- ppp-2.4.1.org/pppd/ipxcp.c Thu Mar 8 07:11:13 2001
+++ ppp-2.4.1/pppd/ipxcp.c Fri Jun 22 22:49:37 2001
@@ -39,6 +39,10 @@
#include "pathnames.h"
#include "magic.h"
/* global vars */
@@ -974,6 +978,10 @@
u_char *p; /* Pointer to next char to parse */
u_char *ucp = inp; /* Pointer to current output char */
int l = *len; /* Length left */
+
+#ifdef CBCP_SUPPORT
+ cbcp_stop();
+#endif
add_fd(fd_ppp);
lcp_open(0); /* Start protocol */
+#ifdef CBCP_SUPPORT
+ for(callback_in_progress=1;callback_in_progress;){
+ callback_in_progress=0;
+#endif
status = EXIT_NEGOTIATION_FAILED;
new_phase(PHASE_ESTABLISH);
while (phase != PHASE_DEAD) {
@@ -514,7 +526,75 @@
warn("unable to delete pid file %s: %m", pidfilename);
pidfilename[0] = 0;
}
+#ifdef CBCP_SUPPORT
+ if (callback_in_progress){
+ connector = NULL;
+ cbcp_stop();
+ remove_fd(fd_ppp);
+ clean_check();
+ the_channel->disestablish_ppp(devfd);
+ fd_ppp = -1;
+
+ if (!hungup){
+ lcp_lowerdown(0);
+ } else {
+ tty_close_fds();
+ setup_serial(connector);
+
+ }
+
+ devfd = callback();
+
+ /* set up the serial device as a ppp interface */
+ tdb_writelock(pppdb);
+ fd_ppp = the_channel->establish_ppp(devfd);
+ if (fd_ppp < 0) {
+ tdb_writeunlock(pppdb);
+ status = EXIT_FATAL_ERROR;
+ goto disconnect;
+ }
+
+ if (!demand && ifunit >= 0)
+ set_ifunit(1);
+ tdb_writeunlock(pppdb);
+ /*
+ * Start opening the connection and wait for
+ * incoming events (reply, timeout, etc.).
+ */
+ notice("Connect: %s <--> %s", ifname, ppp_devnam);
+ gettimeofday(&start_time, NULL);
+ link_stats_valid = 0;
+ script_unsetenv("CONNECT_TIME");
+ script_unsetenv("BYTES_SENT");
+ script_unsetenv("BYTES_RCVD");
+ lcp_lowerup(0);
+
+ /*
+ * If we are initiating this connection, wait for a short
+ * time for something from the peer. This can avoid bouncing
+ * our packets off his tty before he has it set up.
+ */
+ add_fd(fd_ppp);
+ if (listen_time != 0) {
+ struct timeval t;
+ t.tv_sec = listen_time / 1000;
+ t.tv_usec = listen_time % 1000;
+ wait_input(&t);
+ }
+
+ /*if (connector != NULL || ptycommand != NULL) {
+ struct timeval t;
+ t.tv_sec = 1;
+ t.tv_usec = 0;
+ wait_input(&t);
+ }*/
+
+ lcp_open(0); /* Start protocol */
+ }
+ }
+#endif
+
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
diff -urN ppp-2.4.1.org/pppd/options.c ppp-2.4.1/pppd/options.c
--- ppp-2.4.1.org/pppd/options.c Tue Mar 13 07:56:19 2001
+++ ppp-2.4.1/pppd/options.c Fri Jun 22 22:49:37 2001
@@ -43,6 +43,12 @@
char *strdup __P((char *));
#endif
struct option_value {
@@ -128,6 +132,10 @@
static int n_arguments __P((option_t *));
static int number_option __P((char *, u_int32_t *, int));
+#ifdef CBCP_SUPPORT
+static int setcbcp __P((char **));
+#endif
+
/*
* Structure to store extra lists of options.
*/
@@ -262,6 +270,11 @@
"set filter for active pkts", OPT_PRIO },
#endif
+#ifdef CBCP_SUPPORT
+ { "callback", o_special, setcbcp,
+ "Callback request to server - OR - calling back the client" },
+#endif
+
{ NULL }
};
+#ifdef CBCP_SUPPORT
+#define _PATH_CBCP_SERVER _ROOT_PATH "/etc/ppp/callback-server"
+#define _PATH_CBCP_CLIENT _ROOT_PATH "/etc/ppp/callback-client"
+#define _PATH_CBCP_USERS _ROOT_PATH "/etc/ppp/callback-users"
+#define _PATH_CBCP _ROOT_PATH "/etc/ppp/callback"
+#endif /* CBCP_SUPPORT */
+
#ifdef __STDC__
#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd.tdb"
#else /* __STDC__ */
diff -urN ppp-2.4.1.org/pppd/pppd.8 ppp-2.4.1/pppd/pppd.8
--- ppp-2.4.1.org/pppd/pppd.8 Tue Mar 13 07:54:37 2001
+++ ppp-2.4.1/pppd/pppd.8 Fri Jun 22 22:49:37 2001
@@ -72,6 +72,14 @@
or include .. as a pathname component. The format of the options file
is described below.
.TP
+.B callback fIserver/number
+When compiled with the CBCP extensions (-DCBCP_SUPPORT) the ppp daemon
+can act as a client to servers which provide CBCP-protocol callback
+negotiation or act as a fIserver. It reads its options from
+/etc/ppp/callback-users and invokes /etc/ppp/callback-server
+when dialing out. Otherwise it will invoke /etc/ppp/callback-client
+to wait for a call.
+.TP
.B connect fIscript
Use the executable or shell command specified by fIscriptfR to set
up the serial line. This script would typically use the chat(8)
diff -urN ppp-2.4.1.org/pppd/pppd.h ppp-2.4.1/pppd/pppd.h
--- ppp-2.4.1.org/pppd/pppd.h Tue Mar 13 07:54:37 2001
+++ ppp-2.4.1/pppd/pppd.h Fri Jun 22 22:58:15 2001
@@ -278,6 +278,10 @@
extern struct bpf_program active_filter; /* Filter for link-active pkts */
#endif
+#ifdef CBCP_SUPPORT
+extern int callback_in_progress; /*Callback running*/
+#endif
+
#ifdef MSLANMAN
extern bool ms_lanman; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
@@ -422,6 +426,8 @@
/* Procedures exported from utils.c. */
void log_packet __P((u_char *, int, char *, int));
@@ -443,6 +449,7 @@
void end_pr_log __P((void)); /* finish up after using pr_log */
/* Procedures exported from auth.c */
+void network_phase __P((int)); /* the dataexchanger CP-s goung up */
void link_required __P((int)); /* we are starting to use the link */
void link_terminated __P((int)); /* we are finished with the link */
void link_down __P((int)); /* the LCP layer has left the Opened state */
diff -urN ppp-2.4.1.org/pppd/tty.c ppp-2.4.1/pppd/tty.c
--- ppp-2.4.1.org/pppd/tty.c Tue Mar 13 07:54:43 2001
+++ ppp-2.4.1/pppd/tty.c Fri Jun 22 23:03:34 2001
@@ -48,6 +48,9 @@
#include "pppd.h"
#include "fsm.h"
#include "lcp.h"
+#ifdef CBCP_SUPPORT
+#include "cbcp.h"
+#endif /* CBCP_SUPPORT */
void tty_process_extra_options __P((void));
void tty_check_options __P((void));
@@ -78,6 +81,8 @@
static int ttyfd; /* Serial port file descriptor */
static char speed_str[16]; /* Serial port speed as string */
+/*static void setup_serial __P();*/
+
mode_t tty_mode = (mode_t)-1; /* Original access permissions to tty */
int baud_rate; /* Actual bits/second for serial device */
char *callback_script; /* script for doing callback */
@@ -458,10 +463,10 @@
int connect_tty()
{
char *connector;
- int fdflags;
- struct stat statbuf;
char numbuf[16];
+ connector = doing_callback? callback_script: connect_script;
+
/*
* Get a pty master/slave pair if the pty, notty, socket,
* or record options were specified.
@@ -489,66 +494,7 @@
locked = 1;
}
- /*
- * Open the serial device and set it up to be the ppp interface.
- * First we open it in non-blocking mode so we can set the
- * various termios flags appropriately. If we aren't dialling
- * out and we want to use the modem lines, we reopen it later
- * in order to wait for the carrier detect signal from the modem.
- */
- hungup = 0;
- kill_link = 0;
- connector = doing_callback? callback_script: connect_script;
- if (devnam[0] != 0) {
- for (;;) {
- /* If the user specified the device name, become the
- user before opening it. */
- int err, prio;
-
- prio = privopen? OPRIO_ROOT: tty_options[0].priority;
- if (prio < OPRIO_ROOT)
- seteuid(uid);
- ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
- err = errno;
- if (prio < OPRIO_ROOT)
- seteuid(0);
- if (ttyfd >= 0)
- break;
- errno = err;
- if (err != EINTR) {
- error("Failed to open %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
- }
- if (!persist || err != EINTR)
- return -1;
- }
- real_ttyfd = ttyfd;
- if ((fdflags = fcntl(ttyfd, F_GETFL)) == -1
- || fcntl(ttyfd, F_SETFL, fdflags & ~O_NONBLOCK) < 0)
- warn("Couldn't reset non-blocking mode on device: %m");
-
- /*
- * Do the equivalent of `mesg n' to stop broadcast messages.
- */
- if (fstat(ttyfd, &statbuf) < 0
- || fchmod(ttyfd, statbuf.st_mode & ~(S_IWGRP | S_IWOTH)) < 0) {
- warn("Couldn't restrict write permissions to %s: %m", devnam);
- } else
- tty_mode = statbuf.st_mode;
-
- /*
- * Set line speed, flow control, etc.
- * If we have a non-null connection or initializer script,
- * on most systems we set CLOCAL for now so that we can talk
- * to the modem before carrier comes up. But this has the
- * side effect that we might miss it if CD drops before we
- * get to clear CLOCAL below. On systems where we can talk
- * successfully to the modem with CLOCAL clear and CD down,
- * we could clear CLOCAL at this point.
- */
- set_up_tty(ttyfd, ((connector != NULL && connector[0] != 0)
- || initializer != NULL));
- }
+ setup_serial(connector);
/*
* If the pty, socket, notty and/or record option was specified,
@@ -672,6 +618,113 @@
return ttyfd;
}
+void setup_serial(char *connector)
+{
+ int fdflags;
+ struct stat statbuf;
+
+ /*
+ * Open the serial device and set it up to be the ppp interface.
+ * First we open it in non-blocking mode so we can set the
+ * various termios flags appropriately. If we aren't dialling
+ * out and we want to use the modem lines, we reopen it later
+ * in order to wait for the carrier detect signal from the modem.
+ */
+ hungup = 0;
+ kill_link = 0;
+ connector = doing_callback? callback_script: connect_script;
+ if (devnam[0] != 0) {
+ for (;;) {
+ /* If the user specified the device name, become the
+ user before opening it. */
+ int err, prio;
+
+ prio = privopen? OPRIO_ROOT: tty_options[0].priority;
+ if (prio < OPRIO_ROOT)
+ seteuid(uid);
+ ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
+ err = errno;
+ if (prio < OPRIO_ROOT)
+ seteuid(0);
+ if (ttyfd >= 0)
+ break;
+ errno = err;
+ if (err != EINTR) {
+ error("Failed to open %s: %m", devnam);
+ status = EXIT_OPEN_FAILED;
+ }
+ if (!persist || err != EINTR)
+ return -1;
+ }
+ real_ttyfd = ttyfd;
+ if ((fdflags = fcntl(ttyfd, F_GETFL)) == -1
+ || fcntl(ttyfd, F_SETFL, fdflags & ~O_NONBLOCK) < 0)
+ warn("Couldn't reset non-blocking mode on device: %m");
+
+ /*
+ * Do the equivalent of `mesg n' to stop broadcast messages.
+ */
+ if (fstat(ttyfd, &statbuf) < 0
+ || fchmod(ttyfd, statbuf.st_mode & ~(S_IWGRP | S_IWOTH)) < 0) {
+ warn("Couldn't restrict write permissions to %s: %m", devnam);
+ } else
+ tty_mode = statbuf.st_mode;
+
+ /*
+ * Set line speed, flow control, etc.
+ * If we have a non-null connection or initializer script,
+ * on most systems we set CLOCAL for now so that we can talk
+ * to the modem before carrier comes up. But this has the
+ * side effect that we might miss it if CD drops before we
+ * get to clear CLOCAL below. On systems where we can talk
+ * successfully to the modem with CLOCAL clear and CD down,
+ * we could clear CLOCAL at this point.
+ */
+ set_up_tty(ttyfd, ((connector != NULL && connector[0] != 0)
+ || initializer != NULL));
+ }
+}
+
+#ifdef CBCP_SUPPORT
+int callback()
+{
+ char *s;
+ char numbuf[16];
+
+ cbcp_protent.enabled_flag = 0; /* Already not need */
+ s = cbcp_get_script();
+ syslog(LOG_INFO, "Callback with <%s>",s );
+
+ set_up_tty( ttyfd, 1 );
+
+ if (real_ttyfd != -1) {
+ if (!default_device && modem) {
+ setdtr(real_ttyfd, 0); /* in case modem is off hook */
+ sleep(1);
+ setdtr(real_ttyfd, 1);
+ }
+ }
+
+ /* syslog(LOG_INFO, "ttyfd is %d and hungup is %d",ttyfd,hungup ); */
+ if (device_script(s, ttyfd, ttyfd, 0) < 0) {
+ error("Callback script failed");
+ status = EXIT_INIT_FAILED;
+ setdtr(ttyfd, 0 );
+ return -1;
+ }
+
+ info("Serial connection established." );
+
+ if (real_ttyfd != -1)
+ set_up_tty( real_ttyfd, 0 );
+
+ slprintf(numbuf, sizeof(numbuf), "%d", baud_rate);
+ script_setenv("SPEED", numbuf, 1);
+
+ return ttyfd;
+
+}
+#endif /* CBCP Support */
void disconnect_tty()
{
diff -urN ppp-2.4.1.org/pppd/cbcp.c ppp-2.4.1/pppd/cbcp.c
--- ppp-2.4.1.org/pppd/cbcp.c Fri Oct 26 23:58:12 2001
+++ ppp-2.4.1/pppd/cbcp.c Sat Oct 27 01:08:09 2001
@@ -88,6 +88,7 @@
Vova
