Browse Source

Import upstream version from git commit ddb30f8

John Lauro 7 years ago
parent
commit
3307c06256
76 changed files with 4684 additions and 5322 deletions
  1. 3 1
      AUTHORS
  2. 12 0
      BUGS
  3. 130 0
      ChangeLog
  4. 196 0
      ChangeLog-0.8
  5. 130 0
      ChangeLog-0.9
  6. 21 0
      ChangeLog-1.1.3
  7. 1 1
      Makefile.am
  8. 3 1
      Makefile.in
  9. 9 0
      NEWS
  10. 88 0
      PROTOCOL-SECURITY
  11. 6 6
      README
  12. 91 0
      RELEASING
  13. 59 0
      bcrelay.8
  14. 12 11
      bcrelay.c
  15. 11 0
      build.sh
  16. 7 1
      config.h.in
  17. 11 7
      configfile.c
  18. 1 1
      configfile.h
  19. 2873 4140
      configure
  20. 45 4
      configure.in
  21. 19 12
      ctrlpacket.c
  22. 2 2
      ctrlpacket.h
  23. 1 0
      debian/crontab.ex
  24. 1 0
      debian/diversions.ex
  25. 2 0
      debian/inetd.conf.ex
  26. 15 0
      debian/info.ex
  27. 5 0
      debian/watch.ex
  28. 2 1
      defaults.h
  29. 1 1
      getopt.c
  30. 1 1
      getopt1.c
  31. 0 3
      html/CVS/Entries
  32. 0 1
      html/CVS/Repository
  33. 0 1
      html/CVS/Root
  34. 0 18
      html/poptop_ads_howto/CVS/Entries
  35. 0 1
      html/poptop_ads_howto/CVS/Repository
  36. 0 1
      html/poptop_ads_howto/CVS/Root
  37. 73 46
      html/poptop_ads_howto/poptop_ads_howto_1.htm
  38. 4 8
      html/poptop_ads_howto/poptop_ads_howto_10.htm
  39. 2 2
      html/poptop_ads_howto/poptop_ads_howto_11.htm
  40. 39 4
      html/poptop_ads_howto/poptop_ads_howto_12.htm
  41. 2 1
      html/poptop_ads_howto/poptop_ads_howto_2.htm
  42. 16 6
      html/poptop_ads_howto/poptop_ads_howto_3.htm
  43. 28 15
      html/poptop_ads_howto/poptop_ads_howto_4.htm
  44. 6 6
      html/poptop_ads_howto/poptop_ads_howto_5.htm
  45. 7 7
      html/poptop_ads_howto/poptop_ads_howto_6.htm
  46. 15 7
      html/poptop_ads_howto/poptop_ads_howto_7.htm
  47. 30 19
      html/poptop_ads_howto/poptop_ads_howto_8.htm
  48. 17 7
      html/poptop_ads_howto/poptop_ads_howto_9.htm
  49. 20 18
      html/poptop_ads_howto/poptop_ads_howto_a1.htm
  50. 16 19
      html/poptop_ads_howto/poptop_ads_howto_a2.htm
  51. 41 0
      html/poptop_ads_howto/poptop_ads_howto_a3.htm
  52. 34 0
      html/poptop_ads_howto/poptop_ads_howto_a4.htm
  53. 87 0
      html/poptop_ads_howto/poptop_ads_howto_a5.htm
  54. 40 0
      html/poptop_ads_howto/poptop_ads_howto_a6.htm
  55. 1 1
      inststr.h
  56. 1 1
      mkinstalldirs
  57. 1 1
      our_getopt.h
  58. 1 1
      our_syslog.h
  59. 0 882
      plugins/pppd.h
  60. 2 2
      plugins/pptpd-logwtmp.c
  61. 1 1
      ppphdlc.c
  62. 1 1
      ppphdlc.h
  63. 34 15
      pptpctrl.c
  64. 7 1
      pptpctrl.h
  65. 4 0
      pptpd.8
  66. 41 11
      pptpd.c
  67. 12 0
      pptpd.conf.5
  68. 13 4
      pptpd.spec
  69. 2 2
      pptpdefs.h
  70. 27 10
      pptpgre.c
  71. 9 2
      pptpmanager.c
  72. 7 1
      samples/pptpd.conf
  73. 196 0
      tools/client-test
  74. 42 0
      tools/confmod.sh
  75. 45 0
      tools/vpnwho.pl
  76. 2 6
      version

+ 3 - 1
AUTHORS

@@ -2,7 +2,7 @@ Poptop -- The PPTP Server
 -------------------------
 
 Current Maintainer:
-James Cameron <james.cameron at hp dot com>
+James Cameron <quozl at laptop dot org>
 
 Previous Maintainer:
 Richard de Vroede <r.devroede at linvision dot com>
@@ -28,6 +28,8 @@ Pawel Guraj
 Chris Wilson
 Anton Gorlov
 Charlie Brady
+Michael Douglass <mikedoug at mikedoug dot net>
+David Lamparter <equinox at diac24 dot net>
 
 The Linux PPTP Server takes advantage of some Linux PPTP client code
 written by C. Scott Ananian <cananian at alumni.princeton.edu>

+ 12 - 0
BUGS

@@ -0,0 +1,12 @@
+Review of Debian bugs
+
+171831: requires significant redesign, in TODO as item 19990705
+	(upstream acknowledges and has added it to the list)
+
+181005: requires code change, added to TODO as item 20030214
+	(upstream acknowledges and has added it to the list)
+        (ip_gre module is not needed at all, comment made)
+        (the GRE response is an acknowledgement packet)
+
+209082: debian project's problem, not upstream
+

+ 130 - 0
ChangeLog

@@ -1,3 +1,133 @@
+Thu Feb  7 11:51:46 2013  James Cameron  <quozl@laptop.org>
+
+	* plugins/pptpd-logwtmp.c: use pppd.h provided by ppp package
+	instead of our own, fix for debian #369714.
+
+	Author: Stu Teasdale <stu@drogna.org.uk>
+	Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+
+Thu Feb  7 11:50:03 2013  James Cameron  <quozl@laptop.org>
+
+	* pptpctrl.c: fix binary trash when launching ppp, fix for debian
+	#693196.
+
+	Author: tevaum@gmail.com
+
+Thu Feb  7 11:48:32 2013  James Cameron  <quozl@laptop.org>
+
+	* pptpgre.c: avoid dropping connection when kernel returns
+	ENOBUFS, fix for debian #629129.
+
+	Author: Maximiliano Curia <maxy@debian.org>
+	Author: James Cameron <quozl@laptop.org>
+
+Thu Feb  7 11:47:33 2013  James Cameron  <quozl@laptop.org>
+
+	* pptpctrl.c: add remotenumber support, fix for debian #610375,
+	#625459, and ubuntu #704245.
+
+	Author: Igor A Tarasov <develop@dicr.org>
+	Author: Michael Poetters <michael@poetters.net>
+
+Thu Feb  7 11:46:18 2013  James Cameron  <quozl@laptop.org>
+
+	* configfile.c: catch missing EOL at EOF, fix for sf.net poptop
+	ticket #35, debian #567480.
+
+	Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+
+Thu Feb  7 11:45:45 2013  James Cameron  <quozl@laptop.org>
+
+	* bcrelay.8: add manual page, fix for debian #426553.
+
+	Author: Khang Nguyen Trong <trongkhang17@gmail.com>
+
+Thu Feb  7 11:44:59 2013  James Cameron  <quozl@laptop.org>
+
+	* pptpd.c: fix a segmentation fault on invalid IP range entry.
+
+	Author: Sergey Naumov
+
+Wed May 18 14:42:28 2011  David Lamparter  <david.lamparter@adyton.net>
+
+	* pptpctrl.c, pptpd.c, pptpgre.c, pptpmanager.c: introduce VRFs
+
+	this adds support for VRFs (Virtual Routing and Forwarding
+	instances) through libvrf from vrf-tools. pptpd gains the ability
+	to have its TCP and GRE sockets in a VRF different from the one
+	the process is running in.
+
+	As pppd is started from pptpd and does not have VRF support, the
+	pppX devices will be in the initial VRF. The PPTP traffic will
+	however be flowing in the given VRF. This allows full separation
+	of encapsulated and encapsulating networks.
+
+Mon Jun 15 12:53:58 2009  Michael Douglass  <mikedoug@mikedoug.net>
+
+	* pptpctrl.c (pptp_handle_ctrl_connection): fix IDLE_WAIT
+	implementation.
+
+	pptpd processes were not terminating when the remote pptp client
+	went off the network unexpectedly.  An strace of pptpd showed the
+	select() loop in pptctrl.c was never timing out because the
+	/dev/ptmx descriptor was sending data to pptpd every 10 seconds.
+	Since the select() loop was never timing out, the IDLE_WAIT
+	mechanism never triggered.
+
+	The patch below makes the following changes:
+
+	- select() returning 0 is no longer a direct trigger case for
+	sending an ECHO REQ
+
+	- track the last time we heard anything from our TCP socket in
+	last_time (initialized to now on startup)
+
+	- any time we go through the loop and we don't hear from our TCP
+	socket, we check to see if our last_time is older than IDLE_WAIT,
+	if so, send an ECHO REQ
+
+Fri Nov 14 10:28:27 2008  Karl Hiramoto  <karl@hiramoto.org>
+
+	* ctrlpacket.c (deal_start_ctrl_conn): fix compilation with uclibc
+	with legacy support disabled.  From "man bzero": This function is
+	deprecated (marked as LEGACY in POSIX.1-2001): use memset(3) in
+	new programs.  POSIX.1-2008 removes the specification of bzero().
+
+Wed Oct  8 09:47:33 2008  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (launch_pppd): exclude ipparam and plugin from SLIRP
+	and BSD PPP configurations.  Reported by Richard P. Koett.
+
+Fri Jul 20 10:27:37 2007  Eivind Naess  <Eivind.Naess@gmail.com>
+
+	* pptpdefs.h: add packed attribute to pptp_gre_header, to ensure
+	compiler alignment efforts do not conflict with processing the
+	header.
+
+Mon May 28 12:17:06 2007  James Cameron  <quozl@us.netrek.org>
+
+	* ctrlpacket.c (deal_set_link_info): change the "Ignored a SET
+	LINK INFO" message to be LOG_DEBUG, only emit when debug mode is
+	enabled, and explain further what it is.
+
+Thu May 24 10:43:45 2007  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.conf.5: add missing logwtmp option.
+
+Tue Apr 24 13:11:28 2007  Phil Oester  <kernel@linuxace.com>
+
+	* pptpgre.c (decaps_gre): further testing has revealed a couple
+	more problems with the packet reordering/buffering code:
+
+	1) Some clients (notably the PPTP client) start their sequence
+	   numbers at 1 instead of 0 as the RFC mandates.  My previous fix
+	   caused problems with these clients.
+
+	2) Duplicate packets were causing corruption when they were placed
+	   on the queue but never used -or- when they were placed on the
+	   queue but already existed on the queue (i.e. they previously
+	   arrived out of order).
+
 Mon Apr 16 10:32:40 2007  James Cameron  <quozl@us.netrek.org>
 
 	* pptpd-1.3.4.tar.gz: released.

+ 196 - 0
ChangeLog-0.8

@@ -0,0 +1,196 @@
+PoPToP ChangeLog
+
+---------------------------------------------------------------------------
+v0.8.13 -> v0.9.0
+11th June, 1999
+
+- possibly fixed the 'error 629 on startup' bug.  this fix is incompatible
+  with the 'silent' option of pppd, so don't use the 'silent' option.
+- support a single localip with a range of remoteip's
+- new, small, fast, simple get_call_id() function
+- removed a few hardcoded values in ctrlpacket and replaced with defines
+- new pptp_read_header() - slightly more 'expensive' but should be much more
+  robust
+- use openpty() if possible, internalize tty opening, startCall much more
+  simple
+
+---------------------------------------------------------------------------
+v0.8.12 -> v0.8.13
+10th June, 1999
+
+- removed ctrl-manager pipe completely
+- moved awareness of pppd-ip-alloc option to manager only
+- if using pppd-ip-alloc, manager runs more efficiently
+- made pptpctrl able to have a none, one or both of local/remote addresses
+  rather than only both or none
+- great code simplicication
+- re-did IP parser; less potential segfaults from bad config
+- correctly calculate max connections based on number of IP addresses given
+  and statically configured maximum
+- no max connections for the pppd-ip-alloc case
+- properly permit hostnames in IP parser
+- always use fd 0 for network connection
+- fixed -c option
+- note - this version changes the 'run from inetd' options.  re-read
+  README.inetd if you use it
+
+---------------------------------------------------------------------------
+v0.8.11 -> v0.8.12
+8th June, 1999
+
+- made autoconf actually check the relevant headers
+- made config.embed.h and removed most #if EMBED in favour of using this
+- fixed some includes and re-arranged things to be a bit cleaner
+- minor cosmetic fixes
+- fixed compilation on StarOS 4 (and hence SunOS 4)
+- documentation on running from ientd
+- removed ctrl-manager pipe by default
+
+---------------------------------------------------------------------------
+v0.8.10 -> v0.8.11
+8th June, 1999
+
+- now only two executables, pptpd and pptpctrl
+- re-did dependency generation
+- minor include cleanups
+
+---------------------------------------------------------------------------
+v0.8.9 -> v0.8.10
+8th June, 1999
+
+- added getopt_long() from GNU libc for use on non-Linux platforms
+- fixed compilation on FreeBSD, Digital Unix and Solaris
+- replaced PPTPD_DEBUG define with configuration option (debug) and
+  command line option (-d/--debug)
+
+---------------------------------------------------------------------------
+v0.8.8 -> v0.8.9
+7th June, 1999
+
+- unified CTRL and GRE processes (removed pptpgre), without the vfork
+  problem since this is not forking
+- changed process name for child processes to pptpd [ip.address.here]
+- moved INTERNAL_IP_ALLOCATION to a configure option (see configure --help)
+- added support for libwrap tcp wrappers
+- made sure pppd doesn't get copies of file descriptors it shouldn't, so
+  it closes down properly
+- lots of other misc fixes
+
+---------------------------------------------------------------------------
+v0.8.7 -> v0.8.8
+4th June, 1999
+
+- increased MAX number of clients to 100
+- layout and comments have been tidied up extensively throughout code
+- new function in ctrlpacket.c for making Control Message headers
+- openBSD fixes
+- many other minor bug fixes
+- some portability issues addressed
+- accept() moved into pptpmanager.
+- pptpmanager closes one side of socketpair server fd and passes client fd
+    other side of socketpair to pptpctrl.
+- pptpmanager main loop changed to select without timeout and made to
+    watch ALL appropriate file descriptors.
+- also made resiliant against some potential error modes, eg, if we are
+    full don't select on new connections descriptor, if accept() fails
+    ignore it cleanly, etc.
+- should be more 'resource friendly' now.
+- Make error state filename instead of just CONFIG FILE: file not found.
+- Limit packet size to PACKET_MAX instead of permitting 4 more if no ACK
+    is bundled (for consistency of packet size limit).
+
+---------------------------------------------------------------------------
+v0.8.6 -> v0.8.7
+1st June, 1999
+
+- GRE seperated from pptpctrl to support vforking
+- adds link status detection (ie if a link goes down, we can figure it out
+    and deal with it) (Kevin)
+- Solaris/Slirp port (Harald Vogt)
+- cleaned up comments a lot (move towards C style to permit compiling in 
+    older compilers/increase portablity)
+- standardized #ifndef #define #endif defines in header files
+- stop inststr from nuking environment (hopefully)
+- use longer argv[0] in exec()s to make inststr much nicer
+- make inststr wipe args other than argv[0]
+- #define to remove some debugging (PPTPD_DEBUG) and to remove the
+    IP address allocation code so PPPD can be used to allocate IP addresses
+    (INTERNAL_IP_ALLOCATION)
+- in pptpctrl.c, main()'s addrlen was uninitialized - yuck, was causing
+    random variable overwriting
+- clean up some wasteful memory copying and so on, as well as remove some
+    copies into small static buffers
+- clean up some blank lines - increasing the amount of code visible one
+    screen is good if it can be done without making the formatting ugly.
+- use exit() not _exit() in pptpd - the fear of this closing fork()d
+    filedescriptors is wrong.  both have the same file descriptor closing
+    properties.
+- remove a potential leak of 2 filedescriptors in option parsing (checks
+    of optional file names).
+- miscellaneous EMBED support for syslog etc.
+- many other misc changes.
+
+---------------------------------------------------------------------------
+v0.8.5 -> v0.8.6
+21st May 1999
+
+- added new ip address reading from config file (for multiple connections)
+    there is a new pptpd configuration file example in samples/
+- pptpdebug.* is no longer... syslog now handles ALL debugging
+
+---------------------------------------------------------------------------
+v0.8.4 -> v0.8.5
+18th May 1999
+
+- command line args/config file options are broken (everything hardcoded)
+- many, many, many structural changes for a multiple connection hack
+- multiple connection support
+- reconnect support
+- OpenBSD port (may be broken for this release... Peter?)
+- logging now to syslog DAEMON|DEBUG
+
+---------------------------------------------------------------------------
+v0.8.3 -> v0.8.4
+13th May 1999
+
+- call_id/peer_id issues addressed in OUT_CALL packets
+- bug in debug log time fixed
+- local added by default to the pppd launcher
+- call_disconnect_notify bug fixed
+- -p command line arg broken
+
+---------------------------------------------------------------------------
+v0.8.2 -> v0.8.3
+11th May 1999
+
+- a few minor multiple connection hacks.. still nowhere near ready to
+    handle more than one client
+- pptpd -p logfile bug fix
+
+---------------------------------------------------------------------------
+v0.8.1 -> v0.8.2
+11th May 1999
+
+- Server will no longer die if client disconnects
+- pppd is closed down cleanly now
+- autoconf/automake is back.. but still needs some work
+- a number of minor CTRL establishment bugs fixed
+- callid assignment modified slightly in manager
+
+---------------------------------------------------------------------------
+v0.8.0 -> v0.8.1
+4th May 1999
+
+- PPTPD no longer relies on a signal (which had the potential to cause
+    a race condition) to know when to launch PPPD/GRE. The CTRL session
+    no longer relies on a signal to return from a fork. Signalling has
+    now been replaced with IPC between PPTPD and CTRL sessions.
+- The GRE/PPPD sessions are now launched *after* an OUT_CALL_RPLY is sent
+    not before it.
+- CTRL and PPTP managers are now seperate from PPTPD
+
+---------------------------------------------------------------------------
+v0.8.0
+30th April 1999
+
+PoPToP now works with windows 95/98/NT and Linux clients.

+ 130 - 0
ChangeLog-0.9

@@ -0,0 +1,130 @@
+PoPToP ChangeLog
+
+---------------------------------------------------------------------------
+v0.9.12 -> v0.9.13
+17 August, 1999
+
+- added pptpd.8
+- added pptpd.conf.5
+
+---------------------------------------------------------------------------
+v0.9.11 -> v0.9.12
+16 August, 1999
+
+- hand fixed bug in Makefile.in to work around automake bug (distdir
+  target)
+- made 'make dist' work
+- added pptpctrl.8
+- added HOWTO/FAQ to html/ and removed old docs
+
+---------------------------------------------------------------------------
+v0.9.10 -> v0.9.11
+8 August, 1999
+
+- increased "receive window size" to match the other side
+- improved behaviour if a network write ever fails
+- minor changes to macro names and operation of functions
+- check call id on incoming GRE packets
+
+---------------------------------------------------------------------------
+v0.9.9 -> v0.9.10
+2 August, 1999
+
+- keep a pid file - /var/run/pptpd.pid by default, overriden by config
+  option pidfile or commandline option -p/--pidfile
+- added another TODO item
+
+---------------------------------------------------------------------------
+v0.9.8 -> v0.9.9
+29 July, 1999
+
+- move libutil.h to after sys/types.h (FreeBSD 3.1)
+- add option file passing to SLIRP
+- reduce the number of variables used for option parsing/storage
+- add option to set local address to bind to ("listen")
+- configure script forces pppd ip allocation when needed, rather than
+  exiting on an error
+
+---------------------------------------------------------------------------
+v0.9.7 -> v0.9.8
+26 July, 1999
+
+- zero sockaddr_in (to blank out sin_len on BSD)
+- include libutil.h if there is one for openpty() proto (FreeBSD)
+- attempt to continue after failed bind() (OpenBSD?)
+
+---------------------------------------------------------------------------
+v0.9.6 -> v0.9.7
+22 July, 1999
+
+- added doc for setting up MPPE
+- use error names rather than numbers where easily possible
+
+---------------------------------------------------------------------------
+v0.9.5 -> v0.9.6
+15 July, 1999
+
+- moved binaries to /usr/local/sbin (ie, configure's --sbindir)
+- some documentation fixes
+- big warning about having to delete old /usr/local/sbin/pptp{d,ctrl,...}
+
+---------------------------------------------------------------------------
+v0.9.4 -> v0.9.5
+7 July, 1999
+
+- bad sequence number message made to detect duplicates and out of order
+  and report appropriately
+- show if libwrap is selected in configure script output
+- completely re-did connection termination to match draft spec (unfortunately
+  generates a warning when talking to Win98) 
+- changed capabilities to be more realistic
+- fixed echo reply processing (should prevent death when idle)
+- made call id handling more sane
+- made us always use the right call id in the right place
+- print errno on GRE write failures
+- bind GRE to address connection was received on
+
+---------------------------------------------------------------------------
+v0.9.3 -> v0.9.4
+5 July, 1999
+
+- fixed to detect Slackware 4.0 needing -lintl for gettext()
+- better fix for using different binary locations (cover --bindir too)
+- removed select() in ctrlpacket.c in favour of setting control sockets
+  to be nonblocking (for performance - plain read() is cheaper than
+  select() especially when you're pretty sure of success)
+
+---------------------------------------------------------------------------
+v0.9.2 -> v0.9.3
+2 July, 1999
+
+- changes to configure to fix SLIRP option and print out options chosen
+- configure --prefix fix
+
+---------------------------------------------------------------------------
+v0.9.1 -> v0.9.2
+17th June, 1999
+
+- made usage info not show details which aren't relevant to current config
+- made configure force pppd-ip-alloc on systems where we don't yet support
+  passing IP addresses to pppd (SLIRP, BSDUSER_PPP)
+- minor slirp fix for pppd startup detection
+
+---------------------------------------------------------------------------
+v0.9.0 -> v0.9.1
+17th June, 1999
+
+- made a few minor changes for slirp
+- added macros for PPTP packet creation and removed memcpy() where simple
+  assignment is sufficient; CPU usage should be lower
+- cleaned up call_id to always be passed around as a network byte order
+  u_int16_t
+- added some missing ntoh32() in pptpgre.c (currently no effect as ack_recv
+  is ignored)
+- speedups in GRE routines
+- no longer close stderr (fd 2) in pptpctrl.c to overcome problems where
+  syslog() is absent
+- increased debugging in openpty()
+
+---------------------------------------------------------------------------
+

+ 21 - 0
ChangeLog-1.1.3

@@ -0,0 +1,21 @@
+poptop (1.1.3-3) unstable; urgency=low
+
+  * v1.1.3-3
+  * Added stimeout option to pptpd.conf manpage
+  * Updated the Changelog file
+
+   -- R. de Vroede <richard@oip.tudelft.nl>  Thu, Aug 22 2002 11:34:05 +0200
+
+  * v1.1.3-2
+  * Removed debug commandline option from pptpd.init
+
+   -- R. de Vroede <richard@oip.tudelft.nl>  Tue, Aug 20 2002 11:34:05 +0200
+
+  * v1.1.3-1
+  * added config(noreplace) so old configs don't get replaced
+  * Fixed postscriptlet
+  * Adapted RPM specfile to cvs tree
+  * RPM specfile now supports --with[out] options
+
+   -- R. de Vroede <richard@oip.tudelft.nl>  Thu, Aug  1 2002 11:34:05 +0200
+

+ 1 - 1
Makefile.am

@@ -15,7 +15,7 @@ CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
 #CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"'
 #CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"'
 
-man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5
+man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5 bcrelay.8
 
 EXTRA_DIST = \
 html README* ChangeLog NEWS TODO $(man_MANS) \

+ 3 - 1
Makefile.in

@@ -133,6 +133,7 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 RANLIB = @RANLIB@
@@ -483,7 +484,8 @@ distdir: $(DISTFILES)
 	    || exit 1; \
 	  fi; \
 	done
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \

+ 9 - 0
NEWS

@@ -1,3 +1,12 @@
+- add support for VRFs through libvrf [Lamparter]
+- fix implementation of IDLE_WAIT [Douglass]
+- fix compilation with uclibc with legacy support disabled [Hiramoto]
+- avoid ipparam and logwtmp on BSD [Cameron]
+- compiler fix for pptp_gre_header [Naess]
+- suppress "ignored a SET LINK INFO packet with real ACCMs" [Cameron]
+- add missing logwtmp option on pptpd.conf manyal page [Cameron]
+- fix reordering some more [Oester]
+
 1.3.4: released 2007-04-16
 
 - fix two release critical packet reordering bugs [Oester]

+ 88 - 0
PROTOCOL-SECURITY

@@ -0,0 +1,88 @@
+
+   Protocol Security
+
+   Summary
+
+                                                         by Peter Mueller
+
+   PPTP is known to be a faulty protocol. The designers of the protocol,
+   Microsoft, recommend not to use it due to the inherent risks. Lots of
+   people use PPTP anyway due to ease of use, but that doesn't mean it is
+   any less hazardous. The maintainers of PPTP Client and Poptop
+   recommend using OpenVPN (SSL based) or IPSec instead.
+
+   (Posted on [1]2005-08-10 to the [2]mailing list)
+     _________________________________________________________________
+
+   Why not use PPTP?
+
+                                                         by James Cameron
+
+   The point to point tunneling protocol (PPTP) is not secure enough for
+   some information security policies.
+
+   It's the nature of the MSCHAP V2 authentication, how it can be broken
+   trivially by capture of the datastream, and how MPPE depends on the
+   MSCHAP tokens for cryptographic keys. MPPE is also only 128-bit,
+   reasonably straightforward to attack, and the keys used at each end
+   are the same, which lowers the effort required to succeed. The obvious
+   lack of two-factor authentication, instead relying on a single
+   username and password, is also a risk. The increasing use of domestic
+   wireless systems makes information capture more likely.
+
+   However, that doesn't mean people don't accept the risks. There are
+   many corporations and individuals using PPTP with full knowledge of
+   these risks. Some use mitigating controls, and some don't.
+
+   Many people seem to judge the security of a protocol by the
+   availability of the implementation, the ease of installation, or the
+   level of documentation on our web site. Improving the documentation is
+   the purpose of this web site, and we aren't doing that in order to say
+   anything about the risks of the software! Any judgement of security
+   should be rigorously applied to the design and implementation alone.
+
+   PPTP on Linux, and Microsoft's PPTP, both implement fixes for
+   vulnerabilities that were detected years ago in Microsoft's PPTP. But
+   there remain the design vulnerabilities that cannot be fixed without
+   changing the design. The changes needed would break interoperability.
+   We can't change the Linux PPTP design, because it would stop working
+   with Microsoft PPTP. They can't change their design, because it would
+   stop working with all the other components out there, such as Nortel
+   and Cisco, embedded routers, ADSL modems and their own Windows
+   installed base.
+
+   The only option then is to deprecate the product and promote the
+   replacement. Microsoft promote something else. Our choice for Open
+   Source systems is OpenVPN or IPsec.
+
+   Level of acceptance isn't a good indicator of risk either. Some have
+   said that the shipping of MSCHAP V2, MPPE and PPTP in Linux
+   distributions is an indication of design security, but that's not the
+   reason. It's for interoperability. As an example, see how Linux
+   distributions still ship telnet, ftp, and rsh, even though these
+   components are insecure because they reveal the password in cleartext
+   in the network packets. The same can be said of many other components
+   and packages.
+
+   Our recommendations are;
+
+    1. do not implement PPTP between open source systems, because there's
+       no justification, better security can be had from OpenVPN or
+       IPsec,
+
+    2. do not implement PPTP servers unless the justification is that the
+       clients must not have to install anything to get going (Microsoft
+       PPTP is included already), and be aware of the risks of
+       information interception,
+
+    3. do not implement PPTP clients unless the justification is that the
+       server only provides PPTP, and there's nothing better that can be
+       used, and again be aware of the risks of information interception.
+
+   (Posted on [3]2005-08-10 to the [2]mailing list)
+
+References
+
+   1. http://marc.theaimsgroup.com/?l=poptop-server&m=112369621702624&w=2
+   2. http://pptpclient.sourceforge.net/contact.phtml#list
+   3. http://marc.theaimsgroup.com/?l=poptop-server&m=112365342910897&w=2

+ 6 - 6
README

@@ -1,7 +1,7 @@
-Poptop README
+PoPToP README
 -------------
 
-You *must* do a 'make install' or Poptop will *NOT* find the binaries!
+You *must* do a 'make install' or PoPToP will *NOT* find the binaries!
 See INSTALL for generic compile/install instructions, and run
 "./configure --help" for a list of valid options, or just type:
 
@@ -11,20 +11,20 @@ make install
 
 (make install copies the binaries to /usr/local/sbin, so you better be root)
 
-To run Poptop simply type: 'pptpd' (or /usr/local/sbin/pptpd if you don't
+To run PoPToP simply type: 'pptpd' (or /usr/local/sbin/pptpd if you don't
 have /usr/local/sbin in your path).
 
 You may specify a number of options on the command line to change
-how Poptop launches PPP.
+how PoPToP launches PPPD.
 
 Type: 'pptpd -h' for options you may specify on the command line.
 
 A sample config file is in samples/
 
 For more help look in html/
-or visit the Poptop web site at: http://poptop.sourceforge.net/
+or visit the PoPToP Web site at: http://www.moretonbay.com/vpn/pptp.html
 
 
 Good Luck!
 
--Poptop Development Team
+-PoPToP Development Team

+ 91 - 0
RELEASING

@@ -0,0 +1,91 @@
+Releasing pptpd
+
+cvs update
+decide on version number
+update version number in the following files
+	pptpd.spec
+	configure.in
+	debian/changelog
+run ./reconf
+update NEWS, ChangeLog
+commit changes
+tag, see README.cvs, for example:
+	cvs tag -F pptpd-1_3_4
+make dist
+md5sum
+gpg --detach-sign --armor
+test
+
+
+Test Plan
+
+a) unpacks into subdirectory with correct package and version string,
+b) "./configure"
+c) "make" 
+d) "make install" 
+e) set configuration files for a tunnel, establish two tunnels, ping,
+   ssh, scp 10Mb random data, close tunnel, re-establish, ping, close
+   tunnels.
+f) "make uninstall"
+
+Packaging
+
+fakeroot rpmbuild -ta pptpd-1.3.4.tar.gz
+# fails
+mv /usr/src/rpm/SRPMS/pptpd-1.3.4-0.src.rpm .
+mv /usr/src/rpm/RPMS/i386/pptpd-1.3.4-0.i386.rpm .
+
+SourceForge
+
+ftp -n upload.sourceforge.net <<EOF
+user anonymous qz@hp.com
+cd incoming
+hash
+passive
+put pptpd-1.3.4.tar.gz
+put pptpd-1.3.4-0.src.rpm
+put pptpd-1.3.4-0.i386.rpm
+quit
+EOF
+http://sourceforge.net/
+Login
+Poptop
+Admin
+File Releases
+Add Release "pptpd-1.3.4 (experimental)" to package "pptpd"
+
+Announcement
+
+To: poptop-server@lists.sourceforge.net
+Subject: pptpd-1.3.4 released
+
+G'day,
+
+pptpd 1.3.4 has been released.
+
+Please reply to the mailing list with your test results.
+
+See:
+        http://sourceforge.net/projects/poptop (click on Files)
+        http://sourceforge.net/project/showfiles.php?group_id=44827
+
+Checksums:
+	b38df9c431041922c997c1148bedf591  pptpd-1.3.4.tar.gz
+
+Changes to pptpd since 1.3.3 are:
+- fix two release critical packet reordering bugs [Oester]
+- accept both types of domain delimiter [Cameron]
+- deprecate PPP_WAIT workaround in favour of turning off pty echo [Brady]
+
+See the detailed ChangeLog
+
+--
+
+Cryptographically sign the mail.
+
+--
+
+Update versions.inc on web site http://poptop.sourceforge.net/
+Update versions on web site http://poptop.org/ via robertw@snapgear.com
+
+--

+ 59 - 0
bcrelay.8

@@ -0,0 +1,59 @@
+.TH BCRELAY "8" "31 Dec 2010" "Version 1.3.4" "BCRELAY MANUAL PAGE"
+.SH NAME
+\fBbcrelay\fR \- a broadcast relay daemon
+.SH SYNOPSIS
+.B bcrelay
+[\fIOPTION\fR]...
+.SH DESCRIPTION
+.B bcrelay
+simply plays as a broadcast repeater. When \fBbcrelay\fR receives packets
+from the incomming interface, it will then relay them to the outgoing
+interface.
+.LP
+.SH OPTIONS
+.TP
+\fB-d\fR,\fB\-\-daemon\fR
+Run \fBbcrelay\fR as a daemon.
+.TP
+\fB-h\fR,\fB\-\-help\fR
+Show help message.
+.TP
+\fB-i\fR,\fB\-\-incoming\fR \fIinterface-in
+Defines from which interface broadcasts will be read.
+.TP
+\fB-s\fR,\fB\-\-outgoing\fR \fIinterface-out
+Defines to which interface broadcasts will be relayed.
+.TP
+\fB-n\fR,\fB\-\-nolog\fR
+Disable any logging and tracing to /var/log/messages except fatal error
+messages.
+.TP
+\fB-s\fR,\fB\-\-ipsec\fR \fIargument\fR
+Defines an ipsec tunnel to be relayed to. Since ipsec tunnels terminate on
+the same interface, we need to define the broadcast address of the other
+end-point of the tunnel. This is done as ipsec0:x.x.x.255.
+.TP
+\fB-v\fR,\fB\-\-version\fR
+Show the version of \fBbcrelay\fR.
+.TP
+Log messages and debugging information go to syslog as daemon.
+.TP
+Interfaces can be specified as regexpressions, ie. ppp[0-9]+.
+.SH AUTHORS
+.sp
+Original \fBbcrelay\fR program was written by Luc Richards
+<TheyCallMeLuc@yahoo.com.au>.
+
+.sp
+\fBBcrelay\fR was modified for \fBpoptop\fR by Richard de Vroede
+<r.devroede@linvision.com> and rewritten by Norbert van Bolhuis
+<norbert@vanbolhuis.demon.nl> for version (v1.0+) of \fBbcrelay\fR.
+
+.sp
+This manual page was written by Nguyen Vinh for Debian GNU/Linux System (but
+may be used for others). Permission is granted to copy, distribute and/or
+modify this document under the terms of the GNU General Public License
+Version 2, and any later versions published by Free Software Foundation.
+There is no WARRANTY, to the extent permitted by the law.
+.SH SEE ALSO
+For more detailed information about \fBbcrelay\fR, please read README.

+ 12 - 11
bcrelay.c

@@ -212,10 +212,11 @@ static int vdaemon = 0;
 #define NVBCR_PRINTF( args ) \
  if ((vdaemon == 0) && (do_org_info_printfs == 1)) printf args
 
+static char empty[1] = "";
 static char interfaces[32];
 static char log_interfaces[MAX_IFLOGTOSTR*MAXIF];
 static char log_relayed[(MAX_IFLOGTOSTR-1)*MAXIF+81];
-static char *ipsec = "";
+static char *ipsec = empty;
 
 static void showusage(char *prog)
 {
@@ -310,8 +311,8 @@ int main(int argc, char **argv) {
   regex_t preg;
   /* command line options */
   int c;
-  char *ifout = "";
-  char *ifin = "";
+  char *ifout = empty;
+  char *ifin = empty;
 
 #ifndef BCRELAY
   fprintf(stderr,
@@ -381,12 +382,12 @@ int main(int argc, char **argv) {
                         return 1;
                 }
   }
-  if (ifin == "") {
+  if (ifin == empty) {
        syslog(LOG_INFO,"Incoming interface required!");
        showusage(argv[0]);
        _exit(1);
   }
-  if (ifout == "" && ipsec == "") {
+  if (ifout == empty && ipsec == empty) {
        syslog(LOG_INFO,"Listen-mode or outgoing or IPsec interface required!");
        showusage(argv[0]);
        _exit(1);
@@ -431,7 +432,7 @@ static void mainloop(int argc, char **argv)
   static struct ifsnr old_ifsnr[MAXIF+1]; // Old iflist to socket fd's mapping list
   static struct ifsnr cur_ifsnr[MAXIF+1]; // Current iflist to socket fd's mapping list
   unsigned char buf[1518];
-  char *logstr = "";
+  char *logstr = empty;
 
   no_discifs_cntr = MAX_NODISCOVER_IFS;
   ifs_change = 0;
@@ -773,7 +774,7 @@ struct iflist *
 discoverActiveInterfaces(int s) {
   static struct iflist iflist[MAXIF+1];         // Allow for MAXIF interfaces
   static struct ifconf ifs;
-  int i, j, cntr = 0;
+  int i, cntr = 0;
   regex_t preg;
   struct ifreq ifrflags, ifr;
   struct sockaddr_in *sin;
@@ -816,9 +817,9 @@ discoverActiveInterfaces(int s) {
         /*
          * Get interface name
          */
-        for (j=0; (j<sizeof(iflist[cntr].ifname) && j<strlen(ifs.ifc_req[i].ifr_ifrn.ifrn_name)); ++j)
-                iflist[cntr].ifname[j] = ifs.ifc_req[i].ifr_ifrn.ifrn_name[j];
-        iflist[cntr].ifname[j+1] = '\0';
+        strncpy(iflist[cntr].ifname, ifs.ifc_req[i].ifr_ifrn.ifrn_name,
+                sizeof(iflist[cntr].ifname));
+        iflist[cntr].ifname[sizeof(iflist[cntr].ifname)-1] = 0;
 
         /*
          * Get local IP address 
@@ -870,7 +871,7 @@ discoverActiveInterfaces(int s) {
     // IPSEC tunnels are a fun one.  We must change the destination address
     // so that it will be routed to the correct tunnel end point.
     // We can define several tunnel end points for the same ipsec interface.
-    } else if (ipsec != "" && strncmp(ifs.ifc_req[i].ifr_name, "ipsec", 5) == 0) {
+    } else if (ipsec != empty && strncmp(ifs.ifc_req[i].ifr_name, "ipsec", 5) == 0) {
       if (strncmp(ifs.ifc_req[i].ifr_name, ipsec, 6) == 0) {
         struct hostent *hp = gethostbyname(ipsec+7);
         ioctl(s, SIOCGIFINDEX, &ifs.ifc_req[i]);

+ 11 - 0
build.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+echo "build.sh: superceded by makepackage"
+exit 1
+
+POPTOPVERSION=`./version`
+CURRENTDIR=`pwd`
+THISDIR=${CURRENTDIR##*/}
+if [ -f /etc/redhat-release ]; then
+   tar -czf /usr/src/redhat/SOURCES/pptpd-${POPTOPVERSION}.tar.gz .
+   rpmbuild -ta /usr/src/redhat/SOURCES/pptpd-${POPTOPVERSION}.tar.gz
+fi

+ 7 - 1
config.h.in

@@ -4,7 +4,7 @@
  *
  * Additional autoconf defines for this program.
  *
- * $Id: config.h.in,v 1.25 2007/04/16 01:08:47 quozl Exp $
+ * $Id: config.h.in,v 1.26 2011/05/19 00:02:50 quozl Exp $
  */
 
 /* Use BSD User land PPP? */
@@ -151,6 +151,9 @@
 /* Define to the one symbol short name of this package. */
 #undef PACKAGE_TARNAME
 
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
@@ -160,6 +163,9 @@
 /* Version number of package */
 #undef VERSION
 
+/* Use vrf_socket from vrf library */
+#undef VRF
+
 /* Define to empty if `const' does not conform to ANSI C. */
 #undef const
 

+ 11 - 7
configfile.c

@@ -4,7 +4,7 @@
  * Methods for accessing the PPTPD config file and searching for
  * PPTPD keywords.
  *
- * $Id: configfile.c,v 1.2 2004/04/22 10:48:16 quozl Exp $
+ * $Id: configfile.c,v 1.3 2013/02/07 00:23:27 quozl Exp $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -57,14 +57,18 @@ int read_config_file(char *filename, char *keyword, char *value)
 	while ((fgets(buffer, MAX_CONFIG_STRING_SIZE - 1, in)) != NULL) {
 		/* ignore long lines */
 		if (buffer[(len = strlen(buffer)) - 1] != '\n') {
-			syslog(LOG_ERR, "Long config file line ignored.");
-			do
-				fgets(buffer, MAX_CONFIG_STRING_SIZE - 1, in);
-			while (buffer[strlen(buffer) - 1] != '\n');
-			continue;
+			if (len >= MAX_CONFIG_STRING_SIZE - 2) {
+				syslog(LOG_ERR, "Long config file line ignored.");
+				char *p;
+				do
+					p = fgets(buffer, MAX_CONFIG_STRING_SIZE - 1, in);
+				while (p && buffer[strlen(buffer) - 1] != '\n');
+				continue;
+			}
+		} else {
+			len--;			/* For the NL at the end */
 		}
 
-		len--;			/* For the NL at the end */
 		while (--len >= 0)
 			if (buffer[len] != ' ' && buffer[len] != '\t')
 				break;

+ 1 - 1
configfile.h

@@ -3,7 +3,7 @@
  *
  * Function to read pptpd config file.
  *
- * $Id: configfile.h,v 1.1.1.1 2002/06/21 08:51:55 fenix_nl Exp $
+ * $Id: configfile.h,v 1.1 2002/06/21 08:51:55 fenix_nl Exp $
  */
 
 #ifndef _PPTPD_CONFIGFILE_H

File diff suppressed because it is too large
+ 2873 - 4140
configure


+ 45 - 4
configure.in

@@ -86,6 +86,26 @@ AC_ARG_ENABLE(bcrelay,
 	    esac
 	], [AC_MSG_RESULT(default no)])
 
+AC_MSG_CHECKING(command line for VRF build)
+AC_ARG_ENABLE(vrf,
+	[  --enable-vrf              Enable support for VRFs],
+	[
+	    case "$enableval" in
+		yes)
+		    AC_MSG_RESULT(yes)
+		    VRF=$enableval
+		    ;;
+		no)
+		    AC_MSG_RESULT(explicit no)
+		    ;;
+		*)
+		    AC_MSG_RESULT(unrecognised... terminating)
+		    exit 1
+		    ;;
+	    esac
+	], [AC_MSG_RESULT(default no)])
+
+
 AC_PROG_CC
 AC_PROG_RANLIB
 AC_PROG_INSTALL
@@ -207,10 +227,6 @@ if test "$ac_cv_header_libintl_h" = yes; then
   fi
 fi
 
-AC_SUBST(XTRALIBS_CTRL)
-AC_SUBST(XTRALIBS_MGR)
-AC_SUBST(HAVE_OPENPTY)
-
 if test "$BCRELAY" = "yes"; then
   if test "$BCRELAY" = "yes"; then
     XTRA_PROG="bcrelay"
@@ -220,7 +236,25 @@ if test "$BCRELAY" = "yes"; then
   fi
 fi
 
+if test "$VRF" = "yes"; then
+	AC_CHECKING([for vrf Library and Header files])
+	AC_CHECK_HEADER(vrf.h, ,
+		AC_MSG_ERROR([vrf headers were not found])
+	)
+
+	AC_CHECK_LIB(vrf, vrf_socket, [
+		AC_DEFINE(VRF, 1, [Use vrf_socket from vrf library])
+		XTRALIBS_CTRL="$XTRALIBS_CTRL -lvrf"
+		XTRALIBS_MGR="$XTRALIBS_MGR -lvrf"
+	], [
+		AC_MSG_ERROR(vrf library was not found)
+	])
+fi
+
+AC_SUBST(XTRALIBS_CTRL)
+AC_SUBST(XTRALIBS_MGR)
 AC_SUBST(XTRA_PROG)
+AC_SUBST(HAVE_OPENPTY)
 
 echo '==============================================================================='
 
@@ -251,5 +285,12 @@ else
   echo 'No.'
 fi
 
+echo -n '   VRF support:        '
+if test "$VRF" = "yes"; then
+  echo 'Yes.'
+else
+  echo 'No.'
+fi
+
 AC_CACHE_SAVE
 AC_OUTPUT(Makefile)

+ 19 - 12
ctrlpacket.c

@@ -3,7 +3,7 @@
  *
  * PPTP Control Message packet reading, formatting and writing.
  *
- * $Id: ctrlpacket.c,v 1.6 2005/08/03 09:10:59 quozl Exp $
+ * $Id: ctrlpacket.c,v 1.8 2008/11/13 23:49:22 quozl Exp $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -69,7 +69,7 @@ static int make_out_call_rqst(unsigned char *rply_packet, ssize_t * rply_size);
 int read_pptp_packet(int clientFd, unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
 {
 
-	size_t bytes_read;
+	ssize_t bytes_read;
 	int pptp_ctrl_type = 0;	/* Control Message Type */
 
 	/* read a packet and parse header */
@@ -133,10 +133,10 @@ int read_pptp_packet(int clientFd, unsigned char *packet, unsigned char *rply_pa
  * retn:        Number of bytes written on success.
  *              -1 on write failure.
  */
-size_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size)
+ssize_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size)
 {
 
-	size_t bytes_written;
+	ssize_t bytes_written;
 
 	if ((bytes_written = write(clientFd, packet, packet_size)) == -1) {
 		/* write failed */
@@ -146,7 +146,7 @@ size_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size)
 	} else {
 		/* debugging */
 		if (pptpctrl_debug) {
-			syslog(LOG_DEBUG, "CTRL: I wrote %d bytes to the client.", packet_size);
+			syslog(LOG_DEBUG, "CTRL: I wrote %lu bytes to the client.", (unsigned long) packet_size);
 			syslog(LOG_DEBUG, "CTRL: Sent packet to client");
 		}
 		return bytes_written;
@@ -237,7 +237,7 @@ ssize_t read_pptp_header(int clientFd, unsigned char *packet, int *pptp_ctrl_typ
 						return(0);
 					memcpy(buffer, packet, bytes_ttl);
 				}
-				syslog(LOG_ERR, "CTRL: Error reading ctrl packet length (bytes_ttl=%d): %s", bytes_ttl, strerror(errno));
+				syslog(LOG_ERR, "CTRL: Error reading ctrl packet length (bytes_ttl=%lu): %s", (unsigned long) bytes_ttl, strerror(errno));
 				return -1;
 			}
 			/* FALLTHRU */
@@ -291,7 +291,7 @@ ssize_t read_pptp_header(int clientFd, unsigned char *packet, int *pptp_ctrl_typ
 					return(0);
 				memcpy(buffer, packet, bytes_ttl);
 			}
-			syslog(LOG_ERR, "CTRL: Error reading ctrl packet (bytes_ttl=%d,length=%d): %s", bytes_ttl, length, strerror(errno));
+			syslog(LOG_ERR, "CTRL: Error reading ctrl packet (bytes_ttl=%lu,length=%d): %s", (unsigned long) bytes_ttl, length, strerror(errno));
 			return -1;
 		}
 		/* FALLTHRU */
@@ -377,9 +377,9 @@ void deal_start_ctrl_conn(unsigned char *packet, unsigned char *rply_packet, ssi
 	start_ctrl_conn_rply.bearer_cap = htons(OUR_BEARER);
 	start_ctrl_conn_rply.max_channels = htons(MAX_CHANNELS);
 	start_ctrl_conn_rply.firmware_rev = htons(PPTP_FIRMWARE_VERSION);
-	bzero(start_ctrl_conn_rply.hostname, MAX_HOSTNAME_SIZE);
+	memset(start_ctrl_conn_rply.hostname, 0, MAX_HOSTNAME_SIZE);
 	strncpy((char *)start_ctrl_conn_rply.hostname, PPTP_HOSTNAME, MAX_HOSTNAME_SIZE);
-	bzero(start_ctrl_conn_rply.vendor, MAX_VENDOR_SIZE);
+	memset(start_ctrl_conn_rply.vendor, 0, MAX_VENDOR_SIZE);
 	strncpy((char *)start_ctrl_conn_rply.vendor, PPTP_VENDOR, MAX_VENDOR_SIZE);
 	COPY_CTRL_PACKET(start_ctrl_conn_rply, rply_packet, rply_size);
 	DEBUG_PACKET("START CTRL CONN RPLY");
@@ -541,9 +541,16 @@ void deal_set_link_info(unsigned char *packet)
 	struct pptp_set_link_info *set_link_info;
 
 	set_link_info = (struct pptp_set_link_info *) packet;
-	if(set_link_info->send_accm != 0xffffffff || set_link_info->recv_accm != 0xffffffff)
-		syslog(LOG_ERR, "CTRL: Ignored a SET LINK INFO packet with real ACCMs!");
-	else if(pptpctrl_debug)
+	if (set_link_info->send_accm != 0xffffffff || set_link_info->recv_accm != 0xffffffff) {
+		/* Async-Control-Character-Map (ACCM) are bits that
+		   show which control characters should be escaped by the
+		   PPP implementation ... pptpd leaves pppd to negotiate
+		   that via LCP and does not process SET LINK INFO
+		   packets ... this is not complaint with the RFC but
+		   still works. */
+		if (pptpctrl_debug)
+			syslog(LOG_DEBUG, "CTRL: Ignored a SET LINK INFO packet with real ACCMs! (intentional non-compliance with section 2.15 of RFC 2637, ACCM is negotiated by PPP LCP asyncmap)");
+	} else if (pptpctrl_debug)
 		syslog(LOG_DEBUG, "CTRL: Got a SET LINK INFO packet with standard ACCMs");
 }
 

+ 2 - 2
ctrlpacket.h

@@ -3,14 +3,14 @@
  *
  * Functions to parse and send pptp control packets.
  *
- * $Id: ctrlpacket.h,v 1.1.1.1 2002/06/21 08:51:58 fenix_nl Exp $
+ * $Id: ctrlpacket.h,v 1.1 2002/06/21 08:51:58 fenix_nl Exp $
  */
 
 #ifndef _PPTPD_CTRLPACKET_H
 #define _PPTPD_CTRLPACKET_H
 
 int read_pptp_packet(int clientFd, unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
-size_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size);
+ssize_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size);
 void make_echo_req_packet(unsigned char *rply_packet, ssize_t * rply_size, u_int32_t echo_id);
 void make_call_admin_shutdown(unsigned char *rply_packet, ssize_t * rply_size);
 void make_stop_ctrl_req(unsigned char *rply_packet, ssize_t * rply_size);

+ 1 - 0
debian/crontab.ex

@@ -0,0 +1 @@
+0 4	* * *	root	pptpd_maintenance

+ 1 - 0
debian/diversions.ex

@@ -0,0 +1 @@
+<FILE> <Diverted to> <Packagename>

+ 2 - 0
debian/inetd.conf.ex

@@ -0,0 +1,2 @@
+#:OTHER:
+pptpd	stream	tcp	nowait	root	/usr/sbin/tcpd /usr/sbin/pptpd

+ 15 - 0
debian/info.ex

@@ -0,0 +1,15 @@
+# This is a configuration files for installing a .info menu
+# The Description to be placed into the directory
+DESCR="Description"
+
+# The section this info file should be placed in (Regexp) followed by
+# the new section name to be created if the Regexp does not match
+# (Optional. If not given the .info will be appended to the directory)
+#SECTION_MATCH="Regexp"
+#SECTION_NAME="New Section Name"
+
+# The file referred to from the Info directory
+FILE=pptpd.info
+
+# Optional. The files to be copied to /usr/info
+#FILES=*.info

+ 5 - 0
debian/watch.ex

@@ -0,0 +1,5 @@
+# Example watch control file for uscan
+# Rename this file to "watch" and then you can run the "uscan" command
+# to check for upstream updates and more.
+# Site		Directory		Pattern			Version	Script
+sunsite.unc.edu	/pub/Linux/Incomingu	pptpd-*.tar.gz	debian	uupdate

+ 2 - 1
defaults.h

@@ -4,7 +4,7 @@
  * This file contains some tuneable parameters, most of which can be overriden
  * at run-time.
  *
- * $Id: defaults.h,v 1.9 2006/09/04 23:17:25 quozl Exp $
+ * $Id: defaults.h,v 1.10 2011/05/19 00:02:50 quozl Exp $
  */
 
 #ifndef _PPTPD_DEFAULTS_H
@@ -67,6 +67,7 @@
 #define LOCALIP_KEYWORD			"localip"
 #define REMOTEIP_KEYWORD		"remoteip"
 #define LISTEN_KEYWORD			"listen"
+#define VRF_KEYWORD			"vrf"
 #define PIDFILE_KEYWORD			"pidfile"
 #define STIMEOUT_KEYWORD		"stimeout"
 #define NOIPPARAM_KEYWORD		"noipparam"

+ 1 - 1
getopt.c

@@ -7,7 +7,7 @@
  *        * <config.h> changed to "config.h"
  *        * #include "our_getopt.h" near #define ELIDE_CODE
  *
- * $Id: getopt.c,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ * $Id: getopt.c,v 1.1 2002/06/21 08:52:00 fenix_nl Exp $
  */
 
 /* Getopt for GNU.

+ 1 - 1
getopt1.c

@@ -6,7 +6,7 @@
  * NOTE: Changed to make dependencies work better:
  *        * <config.h> changed to "config.h"
  *
- * $Id: getopt1.c,v 1.1.1.1 2002/06/21 08:51:58 fenix_nl Exp $
+ * $Id: getopt1.c,v 1.1 2002/06/21 08:51:58 fenix_nl Exp $
  */
 
 /* getopt_long and getopt_long_only entry points for GNU getopt.

+ 0 - 3
html/CVS/Entries

@@ -1,3 +0,0 @@
-/HOWTO-PoPToP.txt/1.2/Thu Apr 22 04:54:07 2004//
-/setup_pptp_client.html/1.1.1.1/Thu Apr 22 04:54:07 2004//
-D/poptop_ads_howto////

+ 0 - 1
html/CVS/Repository

@@ -1 +0,0 @@
-poptop/html

+ 0 - 1
html/CVS/Root

@@ -1 +0,0 @@
-:ext:quozl@poptop.cvs.sourceforge.net:/cvsroot/poptop

+ 0 - 18
html/poptop_ads_howto/CVS/Entries

@@ -1,18 +0,0 @@
-/diagram1.jpg/1.1/Tue Oct 25 03:08:14 2005//
-/poptop_ads_howto_2.htm/1.1/Tue Oct 25 03:08:14 2005//
-/poptop_ads_howto_3.htm/1.2/Thu Jan  5 00:21:15 2006//
-/test.txt/1.1/Tue Apr 18 03:02:31 2006//
-/poptop_ads_howto_1.htm/1.11/Mon Apr 16 00:42:09 2007//
-/poptop_ads_howto_10.htm/1.5/Mon Apr 16 00:42:09 2007//
-/poptop_ads_howto_11.htm/1.4/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_12.htm/1.3/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_4.htm/1.10/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_5.htm/1.5/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_6.htm/1.5/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_6a.htm/1.2/Sun Jan 14 23:46:51 2007//
-/poptop_ads_howto_7.htm/1.5/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_8.htm/1.6/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_9.htm/1.3/Mon Apr 16 00:42:10 2007//
-/poptop_ads_howto_a1.htm/1.1/Mon May  8 07:29:48 2006//
-/poptop_ads_howto_a2.htm/1.1/Mon May  8 07:29:48 2006//
-D

+ 0 - 1
html/poptop_ads_howto/CVS/Repository

@@ -1 +0,0 @@
-poptop/html/poptop_ads_howto

+ 0 - 1
html/poptop_ads_howto/CVS/Root

@@ -1 +0,0 @@
-:ext:quozl@poptop.cvs.sourceforge.net:/cvsroot/poptop

File diff suppressed because it is too large
+ 73 - 46
html/poptop_ads_howto/poptop_ads_howto_1.htm


+ 4 - 8
html/poptop_ads_howto/poptop_ads_howto_10.htm

@@ -7,10 +7,10 @@
 </head>
 
 <body>
-<p><strong>15. pptpd and freeradius </strong></p>
+<p><strong>16. pptpd and freeradius </strong></p>
 <p>The section covers the configuration of pptpd + freeradius + AD. If you are looking at the integration via winbind. Go to <a href="poptop_ads_howto_7.htm">this section</a>.</p>
 <hr>
-<a name="radiusd"></a><strong>15.1 Enable freeradius</strong>
+<a name="radiusd"></a><strong>16.1 Enable freeradius</strong>
 <p>To enable radiusd on bootup, use the chkconfig command.</p>
 <blockquote>
   <pre>[root@pptp ~]# chkconfig radiusd on </pre>
@@ -23,12 +23,12 @@ Starting RADIUS server: Sun Sep  4 11:26:24 2005 : Info: Starting - reading conf
 </blockquote>
 <p></p>
 <hr>
-<a name="pptpdradius"></a><strong>15.2 Configure pptpd </strong>
+<a name="pptpdradius"></a><strong>16.2 Configure pptpd </strong>
 <p>There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections. </p>
 <blockquote>
   <pre>localip 10.0.0.10<br>remoteip 10.0.0.101-200 </pre>
 </blockquote>
-<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="file:///C:/StudioMX/poptop_ads_howto_4.htm#pptpd">Section 7.2</a> for details on the logwtmp option.</p>
+<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="file:///C:/StudioMX/poptop_ads_howto_4.htm#pptpd">Section 8.2</a> for details on the logwtmp option.</p>
 <p>Please note that pptpd by default has a 100 connections limit. You can override it by the "connection" parameter in the pptp.conf file. Read the remarks in the file.</p>
 <p>The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:</p>
 <blockquote>
@@ -48,10 +48,6 @@ plugin radius.so
 plugin radattr.so</pre>
 </blockquote>
 <p>There are two plugins we used in here. The first one radius.so is required while the second one radattr.so is optional. Radattr.so basically records the parameters passed from radius to pppd in a file. Check the man page of pppd-radattr for details. </p>
-<p>Then, we need to fix the permission of a winbind directory.</p>
-<blockquote>
-  <pre>[root@pptp ~]# chgrp radiusd /var/cache/samba/winbindd_privileged/</pre>
-</blockquote>
 <p>If you have Windows XP clients, you may want to reduce the MTU size. Add the  line, /sbin/ifconfig $1 mtu 1400, to /etc/ppp/ip-up as shown in the following list.</p>
 <blockquote>
   <pre>[root@pptp ppp]# cat ip-up

+ 2 - 2
html/poptop_ads_howto/poptop_ads_howto_11.htm

@@ -7,7 +7,7 @@
 </head>
 
 <body>
-<p><strong>16. pptp Client Installation</strong></p>
+<p><strong>17. pptp Client Installation</strong></p>
 <p>I will only describe the Windows XP pptp client installation. For other operating system, please see the documents in <a href="http://poptop.sourceforge.net/dox/">here</a>. </p>
 <ul>
   <li>Start -> Settings -> Control Panels -> Network Connections.</li>
@@ -27,7 +27,7 @@
 </ul>
 <p>That's all for a standard configuration. All traffic from the PC will pipe through the pptp tunnel except those for the local attached network segment. This is the recommended way of implementing VPN for security reasons.</p>
 <hr>
-<strong><a name="splittunnel"></a>16.1 Split Tunneling</strong>
+<strong><a name="splittunnel"></a>17.1 Split Tunneling</strong>
 <p>Split Tunneling allows you to configure the network so that only selected traffic is directed to the VPN tunnel. For instance,   you want browsing  traffic to go to the Internet directly but corporate traffic goes via the VPN, then you will need split tunneling. It is also important if your ISP requires a heatbeat from your machine to keep the connection alive. </p>
 <p>While split tunneling provides convenience, it causes  security problems because <span name="intelliTxt" id="intelliTxt">it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. Check your company security policy before inplementing split tunneling. </span></p>
 <p>To set up split tunneling:</p>

+ 39 - 4
html/poptop_ads_howto/poptop_ads_howto_12.htm

@@ -7,14 +7,14 @@
 </head>
 
 <body>
-<p><strong>17. pptp Server Administration </strong></p>
+<p><strong>18. pptp Server Administration </strong></p>
 <p>This section covers a few tricks on pptp server management. It is far from a complete guide. Any suggestions are welcome.</p>
 <p>The packages <strong>psacct</strong> and <strong>SysVinit</strong> are required for the utilities used in here. They should be installed by default. If they are  not, please install them through yum.</p>
 <blockquote>
   <pre>[root@pptp ~]# yum install psacct SysVinit </pre>
 </blockquote><p></p>
 <hr>
-<strong><a name="whoisonline"></a>17.1 Who is Online?</strong>
+<strong><a name="whoisonline"></a>18.1 Who is Online?</strong>
 <p>To check who is online, the &quot;last&quot; command is used:</p>
 <blockquote>
   <pre>[root@pptp ~]# last | grep ppp | grep still
@@ -23,7 +23,7 @@ James    ppp3         202.xx.xxx.xxx   Sat Nov 19 17:38   still logged in   <br>
 <p><strong><em>last</em></strong> is from SysVinit. It reads the information from /var/log/wtmp. </p>
 <p><strong>Note:</strong> for <em><strong>last</strong></em> to work properly, the logwtmp option in the /etc/pptpd.conf must be enabled. If you are sure there are pptp connections but see no output from the above mentioned command, check the logwtmp option in the pptpd.conf file is enabled. </p>
 <hr>
-<strong><a name="accounting"></a>17.2 Accounting </strong>
+<strong><a name="accounting"></a>18.2 Accounting </strong>
 <p>The &quot;ac&quot; utility from package psacct will provide a report on the connection time.</p>
 <blockquote>
   <pre>[root@pptp ~]# ac -d -p
@@ -50,7 +50,7 @@ If you want the statistics from older version of wtmp, use the -f parameter in &
 2. If users use shell to log in the server as well, the ac will return the connection time of both pptp and shell connections.
 </p>
 <hr> 
-<strong><a name="disconnect"></a>17.3 Disconnect a User</strong>
+<strong><a name="disconnect"></a>18.3 Disconnect a User</strong>
 <p>To disconnect an active connection, you will have to kill the pppd process associate with it. Firstly, run the command in section 16.1 to find out the remote ip address of the user. Say you want to disconnect Mary, her ip address in the above example is 1.2.3.4. Then, find the PID of the pppd process.
 </p>
 <blockquote>
@@ -65,6 +65,41 @@ root   8672  8671  0 16:59 ?      00:00:00 /usr/sbin/pppd local file /etc/ppp/op
   <pre>[root@pptp /]# kill 8672</pre>
 </blockquote><br>
 <hr>
+<strong><a name="oneconnection"></a>18.4 Allow Only One Connection per User</strong>
+<p>By default, a user can make multiple connections to the pptpd server. To restrict one connection per user, create two script files in the /etc/ppp directory. When the same user logs in twice, the first connection will be disconnected. This is actually done on the ppp level, not with the pptpd. </p>
+<p>The first file is /etc/ppp/auth-up</p>
+<blockquote>
+  <pre>
+  #!/bin/sh
+  # get the username/ppp line number from the parameters
+  PPPLINE=$1
+  USER=$2
+  # create the directory to keep pid files per user
+  mkdir -p /var/run/pptpd-users
+  # if there is a session already for this user, terminate the old one
+  if [ -f /var/run/pptpd-users/$USER ]; then
+    kill -HUP `cat /var/run/pptpd-users/$USER`
+    rm /var/run/pptpd-users/$USER
+  fi
+  # write down the username in the ppp line file
+  echo $USER &gt; /var/run/pptpd-users/$PPPLINE.new
+</pre>
+</blockquote>
+<p>The second file is /etc/ppp/ip-up.local</p>
+<blockquote>
+  <pre>
+  #!/bin/sh
+  REALDEVICE=$1
+  # Get the username from the ppp line record file
+  USER=`cat /var/run/pptpd-users/$REALDEVICE.new`
+  # Copy the ppp line pid
+  cp &quot;/var/run/$REALDEVICE.pid&quot; /var/run/pptpd-users/$USER
+  # remove the ppp line record file
+  rm &quot;/var/run/pptpd-users/$REALDEVICE.new&quot;
+</pre>
+</blockquote>
+<p>The method presented here may not be the best one, but it works for me. (If you have a better way, please let me know.)</p>
+<hr>
 <a href="poptop_ads_howto_a1.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_11.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
 </body>
 </html>

+ 2 - 1
html/poptop_ads_howto/poptop_ads_howto_2.htm

@@ -10,7 +10,7 @@
 <p><a name="test"></a><strong>4. The Test Environment</strong></p>
 <p>I have built a test environment as shown in the diagram. In the rest of the howto, the configurations of software are based on this topology. </p>
 <p><img src="diagram1.jpg"></p>
-<p>A Windows 2003 SP1 Server is set up as the AD domain controller, DNS server and WINS server. The pptp gateway is the Linux box which has 2 network cards. One connects to the internal network, 10.0.0.0/24, and the other one connects to the Internet with ip address 192.168.0.10/24. The internal network has two subnets, 10.0.0.0/24 and 172.16.0.0/24. </p>
+<p>A Windows 2003 R2 SP2 Server is set up as the AD domain controller, DNS server and WINS server. The pptp gateway is the Linux box which has 2 network cards. One connects to the internal network, 10.0.0.0/24, and the other one connects to the Internet with ip address 192.168.0.10/24. The internal network has two subnets, 10.0.0.0/24 and 172.16.0.0/24. </p>
 <p>The domain name of the Windows AD domain is EXAMPLENET.ORG and the corresponding netbios name is EXAMPLE. </p>
 <p><strong>Windows Domain Summary</strong>:</p>
 <table width="558" border="0">
@@ -41,6 +41,7 @@
 </table>
 
 </p>
+<p><em><strong>Note:</strong> The Windows server that I used for FC4/5/6 testing was a Windows 2003 standard with SP1. In another word, the information presented in Appendix for FC 4, 5 and 6 is not tested for Windows 2003 R2 although I believe it should work.</em></p>
 <hr>
 <a href="poptop_ads_howto_3.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a></body>
 </html>

+ 16 - 6
html/poptop_ads_howto/poptop_ads_howto_3.htm

@@ -15,7 +15,17 @@
 </head>
 
 <body>
-<p><a name="network"><strong>5. Network Configuration </strong></a></p>
+<p><strong><a name="selinux"></a>5. Fedora and SELINUX</strong></p>
+<p>There is a report from Frederick Chapleau on SELINUX causing problem on PPTPD. It affects user authentication with Winbind and Radius. SELINUX is enabled by default on Fedora, you may very likely run into this problem if you take all default settings when installing Fedora. </p>
+<p>Frederick said in his email:</p>
+<blockquote>
+  <p>&quot;This issue was not appearing with plain text file (chap.secret) or with CHAPv1 authentication. Only in the combination of MS-CHAPv2 and Winbind (with or without radius)&quot;</p>
+</blockquote>
+<p>Disabling SELINUX may be an easy fix but you may want to consider the security implication too.</p>
+<p>For more information on this issue, please go to <a href="http://yaoblogs.com/blogs/fchapleau/archive/2007/04/24/pptp-and-the-bug.aspx">here</a>.</p>
+<p></p>
+<hr>
+<a name="network"><strong>6. Network Configuration </strong></a>
 <p>Microsoft AD depends heavily on DNS. You should have the DNS server working first. </p>
 <p>The pptp gateway should use the Active Directory DNS server instead of the one provided by your ISP. Otherwise, the gateway may have problems to locate the domain controller. Here is the /etc/resolv.conf in my test gateway. </p>
 <blockquote>
@@ -23,11 +33,11 @@
 nameserver 10.0.0.1</pre>
 </blockquote><p></p>
 <hr>
-<a name="defaultroute"><strong>5.1 Default Gateway and Static Routes</strong></a>
+<a name="defaultroute"><strong>6.1 Default Gateway and Static Routes</strong></a>
 <p>The pptp gateway has two network cards. It is important that the default gateway is pointing to the Internet, your ISP router. Make sure that the internal network card does not have a default gateway address configured. Check the network card configuration files in /etc/sysconfig/network-scripts. </p>
 <p>In my test setup, eth0 is the internal card and eth1 is the external one. In the /etc/sysconfig/network-scripts/ifcfg-eth0, it does not have the line GATEWAY=&quot;x.x.x.x&quot;. In the ifcfg-eth1, it has an entry GATEWAY=&quot;x.x.x.x&quot; pointing to the ISP router ip address.</p>
-<p>My test internal network has multiple subnets, static routes are set up to direct traffic correctly. If you have a simple single segment internal network, you can skip the following step and go to <a href="#pforward">step 5.2</a>.</p>
-<p>To set up static routes in FC4, create a file static-routes in /etc/sysconfig directory. My static-routes file has one line: </p>
+<p>My test internal network has multiple subnets, static routes are set up to direct traffic correctly. If you have a simple single segment internal network, you can skip the following step and go to <a href="#pforward">step 6.2</a>.</p>
+<p>To set up static routes in Fedora, create a file static-routes in /etc/sysconfig directory. My static-routes file has one line: </p>
 <blockquote>
   <pre>any net 172.16.0.0 netmask 255.255.255.0 dev eth0</pre>
 </blockquote>
@@ -38,10 +48,10 @@ nameserver 10.0.0.1</pre>
 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1<br>172.16.0.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0<br>10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0<br>169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0<br>0.0.0.0         192.168.0.2     0.0.0.0         UG        0 0          0 eth1</pre>
 </blockquote>
 <p><hr>
-<strong><a name="pforward"></a>5.2 Enable Packet Forwarding</strong>
+<strong><a name="pforward"></a>6.2 Enable Packet Forwarding</strong>
 <p>For ppp to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf with your favourite editor and change the line:</p>
 <blockquote>
-  <pre>net.ipv4.ip_forward = 0</pre><p></p>
+  <pre>net.ipv4.ip_forward = 0</pre>
 </blockquote>
 <p>to</p>
 <blockquote>

+ 28 - 15
html/poptop_ads_howto/poptop_ads_howto_4.htm

@@ -7,35 +7,48 @@
 </head>
 
 <body>
-<p><strong><a name="mppe"></a>6. Install MPPE Kernel Module </strong></p>
-<p>Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. Fedora Core 5 and 6 kernel version on the CD are 2.6.15 and 2.6.18 respectively. That means you do not need to install the MPPE module as you have to for Fedora Core 4. Information for FC4 and MPPE is in <a href="poptop_ads_howto_a1.htm">Appendix A1 and A1.1</a>.</p>
+<p><strong><a name="mppe"></a>7. Install MPPE Kernel Module </strong></p>
+<p>If you plan to use MSCHAPv2, MPPE is required. Kernel version 2.6.15 or above has already got MPPE built-in. Fedora Core 8 kernel version on the DVD is 2.6.23.1. That means you do not need to install the MPPE module as you have to for older kernels. Information for MPPE on FC4 / 5 / 6 is in <a href="poptop_ads_howto_a1.htm">Appendix A1</a>.</p>
 <p>To test if your kernel supports MPPE:</p>
 <blockquote>
   <pre>[root@pptp ~]# modprobe ppp-compress-18 &amp;&amp; echo ok</pre>
 </blockquote>
-<p>It should resturn an &quot;ok&quot;.</p>
-<p><strong>Note:</strong> The latest kernel for Fedora Core 5/6 at the time of writing is 2.6.18.</p>
+<p>It should return an &quot;ok&quot;.</p>
+<p><strong>Note:</strong> The latest kernel for Fedora Core 8 at the time of writing is 2.6.26.3.</p>
 <hr>
-<strong><a name="pppd_pptpd" id="pppd_pptpd"></a>7. pppd and  pptpd</strong>
-<p><a name="pppd"><strong>7.1 pppd </strong></a></p>
-<p>FC5 comes with ppp-2.4.3-6.2.1 and FC6 has ppp-2.4.4-1. MPPE support is already enabled.  If ppp is not installed, use<em> yum</em> to install it.</p>
+<strong><a name="pppd_pptpd" id="pppd_pptpd"></a>8. pppd and  pptpd</strong>
+<p><a name="pppd"><strong>8.1 pppd </strong></a></p>
+<p>FC8 comes with ppp-2.4.4-2. MPPE support is already enabled.  If ppp is not installed, use<em> yum</em> to install it.</p>
 <blockquote>
   <pre>[root@pptp ~]# yum install ppp</pre>
 </blockquote>
-<p><strong>Note</strong>: Information on how to update ppp module on FC4 is in <a href="poptop_ads_howto_a1.htm#pppd">Appendix A2</a>.</p>
+<p><strong>Note</strong>: Information on how to update ppp module on FC4 / 5/ 6 is in <a href="poptop_ads_howto_a2.htm">Appendix A2</a>.</p>
 <hr>
-<a name="pptpd"></a><strong>7.2 Install pptpd</strong>
-<p>From <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a> download the pptpd rpm, pptpd-1.3.3-1.fc5.i386.rpm or pptpd-1.3.3-1.fc6.i386.rpm according to your Fedora version, and install it.</p>
+<a name="pptpd"></a><strong>8.2 Install pptpd</strong>
+<p>From <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a> download the pptpd tar ball, pptpd-1.3.4.tar.gz. You can make a RPM from it with the<em> rpmbuild</em> command. If you don't have the <em>rpmbuild</em> command installed. Get the package <strong>rpm-build</strong> through <em>yum</em>. </p>
 <blockquote>
-  <pre>[root@pptp ~]# rpm -ivh pptpd-1.3.3-1.*.i386.rpm</pre></blockquote>
+  <pre>[root@pptp ~]# rpmbuild -ta pptpd-1.3.4.tar.gz</pre>
+</blockquote>
+<p>The command will create a pptpd rpm in /usr/src/redhat/RPMS/i386 directory. Install the package with the <em>rpm</em> commad.</p>
+<blockquote>
+  <pre>[root@pptp ~]# cd /usr/src/redhat/RPMS/i386/
+[root@pptp i386]# rpm -ivh pptpd-1.3.4-1.i386.rpm</pre>
+</blockquote>
 <p><strong>Note:</strong><br>
-The pptpd FC6 package is built against ppp-2.4.3 but FC6 has ppp-2.4.4. It prevents the tunnel to be established  and gives the following error message is in /var/log/message.</p>
+The pptpd rpm package is built against ppp-2.4.3 but FC6 or above has ppp-2.4.4. It prevents the tunnel to be established  and gives the following error message is in /var/log/message.</p>
 <blockquote>
   <p>Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4 </p>
 </blockquote>
-<p>The workaround is to disable the logwtmp option in /etc/pptpd.conf.</p>
-<p>I have produced a patched RPM to address the problem. You may find a copy from <a href="http://rapidshare.com/files/11740134/pptpd-1.3.3-2.fc6.i386.rpm">here</a>.</p>
+<p>The workaround is to disable the logwtmp option in /etc/pptpd.conf. The drawback is the<em> last</em> command won't show the pptpd login information.</p>
+<p>I have produced a patched RPMs for pptpd to address the problem. You can find them from the following links.</p>
+<dt>For Fedora 8</dt>
+  <dd><a href="http://rapidshare.com/files/147328050/pptpd-1.3.4-2.fc8.i386.rpm">pptpd-1.3.4-2.fc8.i386.rpm</a> (binary RPM - current version) </dd>
+  <dd><a href="http://rapidshare.com/files/147328118/pptpd-1.3.4-2.fc8.src.rpm">pptpd-1.3.4-2.fc8.src.rpm</a> (source RPM)<br></dd>
+<dt>For Fedora 6</dt>
+  <dd><a href="http://rapidshare.com/files/11740134/pptpd-1.3.3-2.fc6.i386.rpm">pptpd-1.3.3-2.fc6.i386.rpm</a> (binary RPM - older version) </dd>
+  <dd><a href="http://rapidshare.com/files/31923326/pptpd-1.3.4-2.FC6.i386.rpm">pptpd-1.3.4-2.FC6.i386.rpm</a> (binary RPM - current version) </dd>
+  <br>
 <hr>
-<a href="poptop_ads_howto_5.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_3.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<a href="poptop_ads_howto_5.htm">Next</a>&nbsp;&nbsp;<a href="poptop_ads_howto_3.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
 </body>
 </html>

+ 6 - 6
html/poptop_ads_howto/poptop_ads_howto_5.htm

@@ -7,17 +7,17 @@
 </head>
 
 <body>
-<p><strong>8. Samba
+<p><strong>9. Samba
 </strong></p>
-<p>FC5 comes with samba v3.0.21b and FC6 has version 3.0.32c. The current samba RPM version from <em>yum</em> at the time of writing for FC5 is v3.0.23c. It is highly recommended to use the latest version. </p>
+<p>Fedora 8 comes with samba v3.0.26a. The current samba RPM version from <em>yum</em> at the time of writing for F8 is v3.0.32. It is highly recommended to use the latest version. </p>
 <p>The required RPM packages for samba in Fedora are <em>samba, samba-client, samba-common</em>.  Install through <em>yum</em> if any of them is missing. </p>
 <blockquote>
   <pre>[root@pptp ~]# yum install samba samba-common samba-client</pre>
 </blockquote>
 <p><strong>Note: </strong>
-Information on Samba and FC4 can be found in <a href="poptop_ads_howto_a2.htm#samba">Appendix A3</a>.</p>
+Information on Samba for FC4 / 5 / 6 can be found in <a href="poptop_ads_howto_a3.htm">Appendix A3</a>.</p>
 <hr>
-<strong><a name="smbconf"></a>8.1 Configure Samba</strong>
+<strong><a name="smbconf"></a>9.1 Configure Samba</strong>
 <p>No matter you choose to use winbind or freeradius to connect to Active Directory, you will have to configure samba properly. The configuration file of samba is in /etc/samba and is called smb.conf. The file should have at least the following lines. </p>
 <blockquote>
   <pre>[global]
@@ -42,7 +42,7 @@ max log size = 50
 <strong>password server = 10.0.0.1</strong>
 # enable encrypt passwords
 <strong>encrypt passwords = yes</strong>
-# default socket options setting on older samba. It is not defined in v3.0.23c
+# default socket options setting on older samba. It is not defined in v3.0.23c or above
 ;socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 # not to be a master browser
 domain master = no 
@@ -51,7 +51,7 @@ preferred master = no
 <strong>wins server = 10.0.0.1</strong>
 dns proxy = no
 # require this line to join the domain in older samba
-# I don't need this for samba v3.0.23
+# I don't need this for samba v3.0.23 or above
 <strong>;client use spnego = yes</strong>
 # winbind stuff
 <strong>idmap uid = 50001-550000

File diff suppressed because it is too large
+ 7 - 7
html/poptop_ads_howto/poptop_ads_howto_6.htm


+ 15 - 7
html/poptop_ads_howto/poptop_ads_howto_7.htm

@@ -7,12 +7,18 @@
 </head>
 
 <body>
-<p><strong>11. pptpd and winbindd </strong></p>
+<p><strong>12. pptpd and winbindd </strong></p>
 <p>The section covers how to configure pptpd + winbindd + AD. If you are working on the freeradius configuration, you may skip this section and go to the <a href="poptop_ads_howto_8.htm">next one</a>. </p>
 <p>Most of the hard work has been done in the previous sections. You are very close to the final stage.</p>
 <hr>
-<strong><a name="wbtest"></a>11.1 Enable and Test winbindd</strong>
-<p>Start samba and winbindd with the &quot;service&quot; command.</p>
+<strong><a name="wbtest"></a>12.1 Enable and Test winbindd</strong>
+<p>For Fedora 8, start samba and winbindd with the <em>&quot;service&quot;</em> command.</p>
+<blockquote>
+  <pre>[root@pptp ~]# service smb start<br>Starting SMB services: [  OK  ]
+[root@pptp ~]# service nmb start<br>Starting NMB services: [  OK  ]
+[root@pptp ~]# service winbind start<br>Starting Winbind services: [  OK  ] </pre>
+</blockquote>
+<p>For older version of Fedora, the <em>&quot;service smb start</em>&quot; will start both smb and nmb.</p>
 <blockquote>
   <pre>[root@pptp ~]# service smb start<br>Starting SMB services: [  OK  ]<br>Starting NMB services: [  OK  ]
 [root@pptp ~]# service winbind start<br>Starting Winbind services: [  OK  ] </pre>
@@ -27,18 +33,20 @@
 <br>[root@acna-pptp etc]# wbinfo -u<br>EXAMPLE+Administrator<br>EXAMPLE+Guest<br>EXAMPLE+SUPPORT_388945a0<br>EXAMPLE+DC1$<br>EXAMPLE+krbtgt<br>EXAMPLE+skwok<br>EXAMPLE+ldapuser<br>EXAMPLE+pptpdsvr$ 
 </pre>
 </blockquote>
-<p>To enable samba and winbind on bootup, use the chkconfig command.</p>
+<p>To enable samba, nmb and winbind on bootup, use the chkconfig command.</p>
 <blockquote>
   <pre>[root@pptp ~]# chkconfig winbind on
+[root@pptp ~]# chkconfig nmb on
 [root@pptp ~]# chkconfig smb on </pre>
-</blockquote><p></p>
+</blockquote>
+<p>Please note that for older version of Fedora, smb will spawn nmb automatically. But for F8, they are separated.</p>
 <hr>
-<strong><a name="pptpconf"></a>11.2 Configure pptpd </strong>
+<strong><a name="pptpconf"></a>12.2 Configure pptpd </strong>
 <p>There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections. </p>
 <blockquote>
   <pre>localip 10.0.0.10<br>remoteip 10.0.0.101-200 </pre>
 </blockquote>
-<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="poptop_ads_howto_4.htm#pptpd">Section 7.2</a> for details on the logwtmp option. </p>
+<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6 or above, please refer to <a href="poptop_ads_howto_4.htm#pptpd">Section 8.2</a> for details on the logwtmp option. </p>
 <p>Please note that pptpd by default has a 100 connections limit. You can override it by the &quot;connections&quot; parameter in the pptp.conf file. Read the remarks in the file. </p>
 <p>The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:</p>
 <blockquote>

File diff suppressed because it is too large
+ 30 - 19
html/poptop_ads_howto/poptop_ads_howto_8.htm


+ 17 - 7
html/poptop_ads_howto/poptop_ads_howto_9.htm

@@ -7,23 +7,32 @@
 </head>
 
 <body>
-<p><strong>14. Freeradius</strong></p>
-<p>Freeradius has a massive 57KB configuration file. Fortunately, we only have to change a few lines. </p>
+<p><strong>15. Freeradius</strong></p>
+<p>Firstly, for Fedora 8, add user radiusd to group wbpriv.</p>
+<blockquote>
+  <pre>[root@pptp ~]# usermod -G wbpriv radiusd</pre>
+</blockquote>
+<p>For Fedora 4 / 5 / 6, change the permission of the winbind_privileged directory. </p>
+<blockquote>
+<pre>[root@pptp ~]# chgrp radiusd /var/cache/samba/winbindd_privileged/</pre>
+</blockquote>
+<p>Secondly, we will need to modify the freeradius configuration file. Fortunately, we have only to change a few lines. </p>
 <hr>
-<a name="mschap2"></a><strong>14.1 Configure Freeradius for MSCHAPv2
+<a name="mschap2"></a><strong>15.1 Configure Freeradius for MSCHAPv2
 </strong>
 <p>Edit /etc/raddb/radiusd.conf to enable MSCAHP2. Open the file and locate the module section and then the mschap subsection.</p>
 <blockquote>
   <pre>modules {<br>
         ....[snip]....<br>
         mschap {
-                authtype = MS-CHAP
                 use_mppe = yes
                 require_encryption = yes
                 require_strong = yes
                 ntlm_auth = &quot;/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}&quot;<br>        }<br>
         ....[snip]....<br>
-}</pre>
+}
+
+</pre>
 </blockquote>
 <p>The mschap option in the authorize and authenticate sections is enabled by default. If they are not, enable them accordingly. Save the file. </p>
 <p>The radius server has a secret key for security. The default key for freeradius is testing123. It is a good idea to change it for obvious security reasons. The key is in /etc/raddb/clients.conf. </p>
@@ -33,10 +42,11 @@
         ....[snip]....
 </pre>
 </blockquote>
-<p><strong>Note</strong>: if you change the secret key, you must modify the /etc/radiusclient/servers so that they match each other.
+<p><strong>Note</strong>: if you change the secret key, you must modify the /etc/radiusclient-ng/servers so that they match each other.
 </p>
+<p>Refer to <a href="poptop_ads_howto_a6.htm">Appendix 6</a> for information on Fedora 4 / 5 / 6.</p>
 <hr>
-<p><strong><a name="access"></a>14.2 PPTP Access Control </strong></p>
+<p><strong><a name="access"></a>15.2 PPTP Access Control </strong></p>
 <p>The above configuration allows everyone with a valid userID in the AD to connect to the pptpd server. If you want to restrict access to a group of users, you can create a group, say VPN_Allowed, in the AD. Add users to the group and modify the ntml_auth line in /etc/raddb/radius.conf to include the parameter &quot;--require-membership-of=EXAMPLE+VPN_Allowed&quot;. </p>
 <p>In the example, I split the line into multiple lines for clarity. It should be one continuous line in the configuration file. </p>
 <blockquote>

+ 20 - 18
html/poptop_ads_howto/poptop_ads_howto_a1.htm

@@ -9,14 +9,27 @@
 
 <body>
 <p><strong>APPENDIX</strong></p>
-<p><strong><a name="mppe"></a>A1. Install MPPE Kernel Module on Fedora Core 4</strong><br> 
-  (last update: 6 March 2006) </p>
-<p>MPPE support is required for MSCHAPv2. Depending on the kernel version, you may or may not require to perform this step. Kernel version 2.6.15 or above has MPPE built-in. If you are using the latest FC4 2.6.15 kernel, you can go to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 7</a> now. If you are using an older kernel  which  does not support MPPE, you will have to add this feature to it. </p>
+<p><strong><a name="mppe"></a>A1. Install MPPE Kernel Module on Fedora Core 4 / 5 / 6 </strong></p>
+<p>In summary, Fedora Core 5 or above, the Kernel has built-in MPPE functionality.</p>
+<hr>
+<strong><a name="a11_fc56" id="a11_fc56"></a>A1.1 Fedora Core 5 and 6</strong><br>
+(last update: 19 May 2007)
+<p>Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. Fedora Core 5 and 6 kernel version on the CD are 2.6.15 and 2.6.18 respectively. That means you do not need to install the MPPE module as you have to for Fedora Core 4. Information for FC4 and MPPE is in <a href="poptop_ads_howto_a1.htm">Appendix A1.2</a>.</p>
+<p>To test if your kernel supports MPPE:</p>
+<blockquote>
+  <pre>[root@pptp ~]# modprobe ppp-compress-18 &amp;&amp; echo ok</pre>
+</blockquote>
+<p>It should return an &quot;ok&quot;. Then move to <a href="poptop_ads_howto_4.htm#pppd_pptpd">step 8</a>.</p>
+<p><strong>Note:</strong> The latest kernel for Fedora Core 5/6 at the time of writing is 2.6.20.</p>
+<hr>
+<strong><a name="a12_fc4"></a>A1.2 Fedora Core 4<br>
+</strong>(last update: 6 March 2006) 
+<p>MPPE support is required for MSCHAPv2. Depending on the kernel version, you may or may not require to perform this step. Kernel version 2.6.15 or above has MPPE built-in. If you are using the latest FC4 2.6.15 kernel, you can go to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 8 </a> now. If you are using an older kernel  which  does not support MPPE, you will have to add this feature to it. </p>
 <p>To test if your kernel supports MPPE:</p>
 <blockquote>
   <pre>[root@pptp ~]# modprobe ppp-compress-18 &amp;&amp; echo ok</pre>
 </blockquote>
-<p>If it returns an &quot;ok&quot;, you can safely skip this step and move to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 7</a>. If you see &quot;FATAL: Module ppp_mppe not found.&quot;, install MPPE support as described in the following procedure:</p>
+<p>If it returns an &quot;ok&quot;, you can safely skip this step and move to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 8 </a>. If you see &quot;FATAL: Module ppp_mppe not found.&quot;, install MPPE support as described in the following procedure:</p>
 <p>  Download the MPPE module builder in rpm format from <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a>. The required RPMs are::</p>
 <blockquote>
   <pre>dkms-2.0.6-1.noarch.rpm
@@ -28,26 +41,15 @@ kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm</pre>
 [root@pptp ~]# rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm </pre>
 </blockquote>
 <p>If you upgrade your kernel to 2.6.13 or above, kernel_ppp_mppe version 1.0.2 or above must be used. Otherwise, the pptp tunnel will not connect and you will see error message &quot;This system lacks kernel support for PPP.&quot; in /var/log/messages.</p>
+<p>Please see <a href="#autoinstaller">A1.3 Kernel Upgrade and dkms_autoinstaller</a> for more information on dkms. </p>
 <dt><strong>Note:</strong></dt>
 <dd>(1) Fedora Extra provides also a dkms rpm, dkms-2.0.6-3.fc4.noarch.rpm. I have not tested it. You may want to use the one I mentioned above to make sure the installation will work. </dd>
 <br><hr>
-<strong><a name="autoinstaller"></a>A1.1 Kernel Upgrade and dkms_autoinstaller</strong><br>
+<strong><a name="autoinstaller"></a>A1.3 Kernel Upgrade and dkms_autoinstaller</strong><br>
 (last update: 6 March 2006)
 <p>If you upgrade your kernel after installing dkms, thanks to the dkms_autoinstaller service, you will not have to worry about the dkms kernel module. dkms_autoinstaller runs on every bootup. It checks  the dkms module to ensure it match the kernel version. If a mismatch is found, it will create a proper one for the boot kernel. </p>
 <p>For dkms_autoinstaller to work, you will need the correct kernel-devel version installed in your system. It is always a good idea to install the kernel-devel rpm alongside with your new kernel.</p>
 <hr>
-<a name="pppd"><strong>A2. Upgrade pppd on Fedora Core 4 </strong></a><br>
-(last update 6 March 2006)
-<p>FC4 comes with ppp-2.4.2-7. It is required to be upgraded to a patched version which supports MPPE. The patched version can be found in <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a>. Download the rpm for FC4. At the time of writing, the latest version is 2.4.3-5. Get the FC4 rpm: </p>
-<blockquote>
-  <pre>ppp-2.4.3-5.fc4.i386.rpm</pre>
-</blockquote>
-<p>Upgrade the ppp with the downloaded version:</p>
-<blockquote>
-  <pre>[root@pptp ~]# rpm -Uvh ppp-2.4.3-5.fc4.i386.rpm</pre>
-</blockquote>
-<p><strong>Note</strong>: If you are a Gentoo user, and are using kernel v2.6.15, the ppp-2.4.3-5 does NOT work because of MPPC. You may find more information from <a href="http://kernel-bugs.osdl.org/show_bug.cgi?id=5827">here</a>.</p>
-<hr>
-<a href="poptop_ads_howto_a2.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_a1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<a href="poptop_ads_howto_a2.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_12.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
 </body>
 </html>

+ 16 - 19
html/poptop_ads_howto/poptop_ads_howto_a2.htm

@@ -7,32 +7,28 @@
 </head>
 
 <body>
-<p><strong>A3. Samba for Fedora Core 4<br>
-  </strong>(last update: 6 March 2006)</p>
-<p>FC4 comes with samba v3.0.14a. The samba project released v3.0.20 on 20 August 2005. Here is a quote from the v3.0.20 release note about winbind.</p>
+<p><a name="pppd"><strong>A2. Upgrade pppd on Fedora Core 4 / 5 / 6 </strong></a></p>
+<p><a name="fc56_pppd"></a><strong>A2.1 Fedora 5 and 6</strong><br>
+(last update: 19 May 2007)</p>
+<p>FC5 comes with ppp-2.4.3-6.2.1 and FC6 has ppp-2.4.4-1. MPPE support is already enabled. If ppp is not installed, use<em> yum</em> to install it.</p>
 <blockquote>
-  <p>-- quote --<br>
-    Winbindd has been completely rewritten in this release to support
-an almost completely non-blocking, asynchronous request/reply
-model.  This means that winbindd will scale much better in 
-large domain environments and on high latency networks.<br>
-  </p>
+  <pre>[root@pptp ~]# yum install ppp</pre>
 </blockquote>
-<p>It is highly recommended to upgrade samba to v3.0.20 or above. The latest samba v3.0.21c rpms for FC4 can be found in <a href="http://us5.samba.org/samba/ftp/Binary_Packages/Fedora/RPMS/i386/core/4/">here</a>. Download a copy and then update samba with command &quot;rpm -Uvh samba*.rpm&quot;. </p>
-<p><strong>Note: </strong>
-Samba v3.0.21 has a bug on the oplock code. Avoid this version. Use v3.0.21a or above. </p>
+<p><strong>Note</strong>: Information on how to update ppp module on FC4 is in <a href="#f4_pppd">the next section.</a></p>
 <hr>
-<a name="fc4freeradius"></a><strong>A4. Software for Radius Setup on Fedora Core 4</strong><br>
-(last update: 1 February 2006)
-<p>In additional to the software we installed in the previous sections, we need two more. Freeradius is one of them. FC4 comes with freeradius-1.0.2-2 but it is broken. At the time of writing, the latest one is freeradius-1.0.4-1.FC4.1. Get it from <em>yum</em> as it has quite a few dependences. <em>yum</em> will resolve all required dependences automagically.</p>
+<p><strong><a name="f4_pppd"></a>A2.2 Fedora Core 4</strong><br>
+(last update: 6 March 2006) </p>
+<p>FC4 comes with ppp-2.4.2-7. It is required to be upgraded to a patched version which supports MPPE. The patched version can be found in <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a>. Download the rpm for FC4. At the time of writing, the latest version is 2.4.3-5. Get the FC4 rpm: </p>
 <blockquote>
-  <pre>[root@pptp ~]# yum install freeradius</pre>
+  <pre>ppp-2.4.3-5.fc4.i386.rpm</pre>
 </blockquote>
-<p>The second software you will need is radiusclient. Get the FC4 rpm, radiusclient-0.3.2-0.2.fc4.rf.i386.rpm, from <a href="http://rpmforge.net/user/packages/radiusclient/">RPMforge</a>. Install it with &quot;rpm -ivh&quot;.</p>
-
+<p>Upgrade the ppp with the downloaded version:</p>
+<blockquote>
+  <pre>[root@pptp ~]# rpm -Uvh ppp-2.4.3-5.fc4.i386.rpm</pre>
+</blockquote>
+<p><strong>Note</strong>: If you are a Gentoo user, and are using kernel v2.6.15, the ppp-2.4.3-5 does NOT work because of MPPC. You may find more information from <a href="http://kernel-bugs.osdl.org/show_bug.cgi?id=5827">here</a>.</p>
 <hr>
-<a href="poptop_ads_howto_a1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<a href="poptop_ads_howto_a3.htm">Next</a>&nbsp;&nbsp;<a href="poptop_ads_howto_a1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
 <p>&nbsp; </p>
 </body>
 </html>

+ 41 - 0
html/poptop_ads_howto/poptop_ads_howto_a3.htm

@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><a name="a3_samba"></a><strong>A3. Samba for Fedora Core 4 / 5 / 6 </strong></p>
+<p><strong><a name="fc56_samba"></a>A3.1 Fedora Core 5 / 6</strong><br>
+(last update: 19 May 2007)</p>
+<p>FC5 comes with samba v3.0.21b and FC6 has version 3.0.23c. The current samba RPM version from <em>yum</em> at the time of writing for FC5/6 is v3.0.24. It is highly recommended to use the latest version. </p>
+<p>The required RPM packages for samba in Fedora are <em>samba, samba-client, samba-common</em>. Install through <em>yum</em> if any of them is missing. </p>
+<blockquote>
+  <pre>[root@pptp ~]# yum install samba samba-common samba-client</pre>
+</blockquote>
+<p>Please go to <a href="poptop_ads_howto_5.htm#smbconf">Section 9.1</a> to continue the Samba configuration. </p>
+<p><strong>Note: </strong> Information on Samba and FC4 can be found in <a href="poptop_ads_howto_a2.htm#samba">the next section</a>.</p>
+<hr>
+<strong>A3.2 Fedora Core 4 </strong><br>
+(last update: 6 March 2006)
+<p>FC4 comes with samba v3.0.14a. The samba project released v3.0.20 on 20 August 2005. Here is a quote from the v3.0.20 release note about winbind.</p>
+<blockquote>
+  <p>-- quote --<br>
+    Winbindd has been completely rewritten in this release to support
+an almost completely non-blocking, asynchronous request/reply
+model.  This means that winbindd will scale much better in 
+large domain environments and on high latency networks.<br>
+-- quote --
+  </p>
+</blockquote>
+<p>It is highly recommended to upgrade samba to v3.0.20 or above. The latest samba v3.0.21c rpms for FC4 can be found in <a href="http://us5.samba.org/samba/ftp/Binary_Packages/Fedora/RPMS/i386/core/4/">here</a>. Download a copy and then update samba with command &quot;rpm -Uvh samba*.rpm&quot;.</p>
+<p>Please go to <a href="poptop_ads_howto_5.htm#smbconf">Section 9.1</a> to continue the Samba configuration.</p>
+<p><strong>Note: </strong>
+Samba v3.0.21 has a bug on the oplock code. Avoid this version. Use v3.0.21a or above. </p>
+<hr>
+<a href="poptop_ads_howto_a4.htm">Next</a>&nbsp;&nbsp;<a href="poptop_ads_howto_a2.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp; </p>
+</body>
+</html>

+ 34 - 0
html/poptop_ads_howto/poptop_ads_howto_a4.htm

@@ -0,0 +1,34 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><a name="a4freeradius"></a><strong>A4. Software for Radius Setup on Fedora Core 4 / 5 / 6</strong></p>
+ 
+<p><strong><a name="fc56_freeradius"></a>A4.1 Fedora 5 / 6</strong><br>
+(last update: 19 May 2007)</p>
+ <p>FC5 and FC6 have freeradius bundled. FC5 has freeradius-1.0.5 and FC6 has freeradius-1.1.3. Get it from <em>yum</em> if it is not installed. It has quite a few dependences and <em>yum</em> will resolve all required dependences automagically.</p>
+ <blockquote>
+   <pre>[root@pptp ~]# yum install freeradius </pre>
+ </blockquote>
+ <p>The second software you will need is radiusclient. Get the rpm, radiusclient-0.3.2-0.2.fc5.rf.i386.rpm or radiusclient-0.3.2-0.2.fc6.rf.i386.rpm, from <a href="http://dries.ulyssis.org/rpm/packages/radiusclient/info.html">here</a>. Install it with &quot;rpm -ivh&quot;.</p>
+ <p>After installing freeradius and radiusclient, move to <a href="poptop_howto_a5.htm#rclientconf">Appendix A5</a></p>
+ <p><strong>Note:</strong> information for FC4 is in <a href="#fc4freeradius">the next section </a>.</p>
+ <hr>
+ <strong>A4.2 Fedore 4 </strong><br>
+(last update: 1 February 2006)
+<p>In additional to the software we installed in the previous sections, we need two more. Freeradius is one of them. FC4 comes with freeradius-1.0.2-2 but it is broken. At the time of writing, the latest one is freeradius-1.0.4-1.FC4.1. Get it from <em>yum</em> as it has quite a few dependences. <em>yum</em> will resolve all required dependences automagically. </p>
+ <blockquote>
+  <pre>[root@pptp ~]# yum install freeradius</pre>
+</blockquote>
+<p>The second software you will need is radiusclient. Get the FC4 rpm, radiusclient-0.3.2-0.2.fc4.rf.i386.rpm, from <a href="http://rpmforge.net/user/packages/radiusclient/">RPMforge</a>. Install it with &quot;rpm -ivh&quot;.</p>
+<p>After installing freeradius and radiusclient, move to <a href="poptop_ads_howto_a5.htm#rclientconf">Appendix A5</a></p>
+<hr>
+<a href="poptop_ads_howto_a5.htm">Next</a>&nbsp;&nbsp;<a href="poptop_ads_howto_a3.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp; </p>
+</body>
+</html>

File diff suppressed because it is too large
+ 87 - 0
html/poptop_ads_howto/poptop_ads_howto_a5.htm


+ 40 - 0
html/poptop_ads_howto/poptop_ads_howto_a6.htm

@@ -0,0 +1,40 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>A6. Configure Freeradius for MSCHAPv2 on Fedora 4 / 5 / 6<br>
+</strong>(last update: 19 May 2007) </p>
+ 
+<p>Edit /etc/raddb/radiusd.conf to enable MSCAHP2. Open the file and locate the module section and then the mschap subsection.</p>
+<blockquote>
+  <pre>modules {<br>
+        ....[snip]....<br>
+        mschap {
+                authtype = MS-CHAP
+                use_mppe = yes
+                require_encryption = yes
+                require_strong = yes
+                ntlm_auth = &quot;/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}&quot;<br>        }<br>
+        ....[snip]....<br>
+}</pre>
+</blockquote>
+<p>The mschap option in the authorize and authenticate sections is enabled by default. If they are not, enable them accordingly. Save the file. </p>
+<p>The radius server has a secret key for security. The default key for freeradius is testing123. It is a good idea to change it for obvious security reasons. The key is in /etc/raddb/clients.conf. </p>
+<blockquote>
+  <pre>client 127.0.0.1 {<br>        #<br>        #  The shared secret use to &quot;encrypt&quot; and &quot;sign&quot; packets between<br>        #  the NAS and FreeRADIUS.  You MUST change this secret from the<br>        #  default, otherwise it's not a secret any more!<br>        #<br>        #  The secret can be any string, up to 32 characters in length.<br>        #<br>        secret          = testing123 
+
+        ....[snip]....
+</pre>
+</blockquote>
+<p><strong>Note</strong>: if you change the secret key, you must modify the /etc/radiusclient/servers so that they match each other. </p>
+
+<hr>
+<a href="poptop_ads_howto_a5.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp; </p>
+</body>
+</html>

+ 1 - 1
inststr.h

@@ -4,7 +4,7 @@
  * Change process title
  * From code by C. S. Ananian
  *
- * $Id: inststr.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ * $Id: inststr.h,v 1.1 2002/06/21 08:52:00 fenix_nl Exp $
  */
 
 #ifndef _PPTPD_INSTSTR_H

+ 1 - 1
mkinstalldirs

@@ -4,7 +4,7 @@
 # Created: 1993-05-16
 # Public domain
 
-# $Id: mkinstalldirs,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+# $Id: mkinstalldirs,v 1.1 2002/06/21 08:52:00 fenix_nl Exp $
 
 errstatus=0
 

+ 1 - 1
our_getopt.h

@@ -3,7 +3,7 @@
  *
  * Header file for the getopt_long deprived.
  *
- * $Id: our_getopt.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ * $Id: our_getopt.h,v 1.1 2002/06/21 08:52:00 fenix_nl Exp $
  */
 
 /* Declarations for getopt.

+ 1 - 1
our_syslog.h

@@ -3,7 +3,7 @@
  *
  * Syslog replacement functions
  *
- * $Id: our_syslog.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ * $Id: our_syslog.h,v 1.1 2002/06/21 08:52:00 fenix_nl Exp $
  */
 
 #ifndef _PPTPD_SYSLOG_H

+ 0 - 882
plugins/pppd.h

@@ -1,882 +0,0 @@
-/*
- * pppd.h - PPP daemon global declarations.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For permission or any legal
- *    details, please contact
- *      Office of Technology Transfer
- *      Carnegie Mellon University
- *      5000 Forbes Avenue
- *      Pittsburgh, PA  15213-3890
- *      (412) 268-4387, fax: (412) 268-7395
- *      tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Computing Services
- *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * upstream pppd.h,v 1.82 2003/04/07 00:01:46 paulus Exp
- * $Id: pppd.h,v 1.1 2004/04/28 11:36:07 quozl Exp $
- */
-
-/*
- * TODO:
- */
-
-#ifndef __PPPD_H__
-#define __PPPD_H__
-
-#include <stdio.h>		/* for FILE */
-#include <limits.h>		/* for NGROUPS_MAX */
-#include <sys/param.h>		/* for MAXPATHLEN and BSD4_4, if defined */
-#include <sys/types.h>		/* for u_int32_t, if defined */
-#include <sys/time.h>		/* for struct timeval */
-#include <net/ppp_defs.h>
-#include "patchlevel.h"
-
-#if defined(__STDC__)
-#include <stdarg.h>
-#define __V(x)	x
-#else
-#include <varargs.h>
-#define __V(x)	(va_alist) va_dcl
-#define const
-#define volatile
-#endif
-
-#ifdef INET6
-#include "eui64.h"
-#endif
-
-/*
- * Limits.
- */
-
-#define NUM_PPP		1	/* One PPP interface supported (per process) */
-#define MAXWORDLEN	1024	/* max length of word in file (incl null) */
-#define MAXARGS		1	/* max # args to a command */
-#define MAXNAMELEN	256	/* max length of hostname or name for auth */
-#define MAXSECRETLEN	256	/* max length of password or secret */
-
-/*
- * Option descriptor structure.
- */
-
-typedef unsigned char	bool;
-
-enum opt_type {
-	o_special_noarg = 0,
-	o_special = 1,
-	o_bool,
-	o_int,
-	o_uint32,
-	o_string,
-	o_wild
-};
-
-typedef struct {
-	char	*name;		/* name of the option */
-	enum opt_type type;
-	void	*addr;
-	char	*description;
-	unsigned int flags;
-	void	*addr2;
-	int	upper_limit;
-	int	lower_limit;
-	const char *source;
-	short int priority;
-	short int winner;
-} option_t;
-
-/* Values for flags */
-#define OPT_VALUE	0xff	/* mask for presupplied value */
-#define OPT_HEX		0x100	/* int option is in hex */
-#define OPT_NOARG	0x200	/* option doesn't take argument */
-#define OPT_OR		0x400	/* OR in argument to value */
-#define OPT_INC		0x800	/* increment value */
-#define OPT_A2OR	0x800	/* for o_bool, OR arg to *(u_char *)addr2 */
-#define OPT_PRIV	0x1000	/* privileged option */
-#define OPT_STATIC	0x2000	/* string option goes into static array */
-#define OPT_LLIMIT	0x4000	/* check value against lower limit */
-#define OPT_ULIMIT	0x8000	/* check value against upper limit */
-#define OPT_LIMITS	(OPT_LLIMIT|OPT_ULIMIT)
-#define OPT_ZEROOK	0x10000	/* 0 value is OK even if not within limits */
-#define OPT_HIDE	0x10000	/* for o_string, print value as ?????? */
-#define OPT_A2LIST	0x10000 /* for o_special, keep list of values */
-#define OPT_A2CLRB	0x10000 /* o_bool, clr val bits in *(u_char *)addr2 */
-#define OPT_NOINCR	0x20000	/* value mustn't be increased */
-#define OPT_ZEROINF	0x40000	/* with OPT_NOINCR, 0 == infinity */
-#define OPT_PRIO	0x80000	/* process option priorities for this option */
-#define OPT_PRIOSUB	0x100000 /* subsidiary member of priority group */
-#define OPT_ALIAS	0x200000 /* option is alias for previous option */
-#define OPT_A2COPY	0x400000 /* addr2 -> second location to rcv value */
-#define OPT_ENABLE	0x800000 /* use *addr2 as enable for option */
-#define OPT_A2CLR	0x1000000 /* clear *(bool *)addr2 */
-#define OPT_PRIVFIX	0x2000000 /* user can't override if set by root */
-#define OPT_INITONLY	0x4000000 /* option can only be set in init phase */
-#define OPT_DEVEQUIV	0x8000000 /* equiv to device name */
-#define OPT_DEVNAM	(OPT_INITONLY | OPT_DEVEQUIV)
-#define OPT_A2PRINTER	0x10000000 /* *addr2 is a fn for printing option */
-#define OPT_A2STRVAL	0x20000000 /* *addr2 points to current string value */
-#define OPT_NOPRINT	0x40000000 /* don't print this option at all */
-
-#define OPT_VAL(x)	((x) & OPT_VALUE)
-
-/* Values for priority */
-#define OPRIO_DEFAULT	0	/* a default value */
-#define OPRIO_CFGFILE	1	/* value from a configuration file */
-#define OPRIO_CMDLINE	2	/* value from the command line */
-#define OPRIO_SECFILE	3	/* value from options in a secrets file */
-#define OPRIO_ROOT	100	/* added to priority if OPT_PRIVFIX && root */
-
-#ifndef GIDSET_TYPE
-#define GIDSET_TYPE	gid_t
-#endif
-
-/* Structure representing a list of permitted IP addresses. */
-struct permitted_ip {
-    int		permit;		/* 1 = permit, 0 = forbid */
-    u_int32_t	base;		/* match if (addr & mask) == base */
-    u_int32_t	mask;		/* base and mask are in network byte order */
-};
-
-/*
- * Unfortunately, the linux kernel driver uses a different structure
- * for statistics from the rest of the ports.
- * This structure serves as a common representation for the bits
- * pppd needs.
- */
-struct pppd_stats {
-    unsigned int	bytes_in;
-    unsigned int	bytes_out;
-    unsigned int	pkts_in;
-    unsigned int	pkts_out;
-};
-
-/* Used for storing a sequence of words.  Usually malloced. */
-struct wordlist {
-    struct wordlist	*next;
-    char		*word;
-};
-
-/* An endpoint discriminator, used with multilink. */
-#define MAX_ENDP_LEN	20	/* maximum length of discriminator value */
-struct epdisc {
-    unsigned char	class;
-    unsigned char	length;
-    unsigned char	value[MAX_ENDP_LEN];
-};
-
-/* values for epdisc.class */
-#define EPD_NULL	0	/* null discriminator, no data */
-#define EPD_LOCAL	1
-#define EPD_IP		2
-#define EPD_MAC		3
-#define EPD_MAGIC	4
-#define EPD_PHONENUM	5
-
-typedef void (*notify_func) __P((void *, int));
-
-struct notifier {
-    struct notifier *next;
-    notify_func	    func;
-    void	    *arg;
-};
-
-/*
- * Global variables.
- */
-
-extern int	hungup;		/* Physical layer has disconnected */
-extern int	ifunit;		/* Interface unit number */
-extern char	ifname[];	/* Interface name */
-extern char	hostname[];	/* Our hostname */
-extern u_char	outpacket_buf[]; /* Buffer for outgoing packets */
-extern int	phase;		/* Current state of link - see values below */
-extern int	baud_rate;	/* Current link speed in bits/sec */
-extern char	*progname;	/* Name of this program */
-extern int	redirect_stderr;/* Connector's stderr should go to file */
-extern char	peer_authname[];/* Authenticated name of peer */
-extern int	auth_done[NUM_PPP]; /* Methods actually used for auth */
-extern int	privileged;	/* We were run by real-uid root */
-extern int	need_holdoff;	/* Need holdoff period after link terminates */
-extern char	**script_env;	/* Environment variables for scripts */
-extern int	detached;	/* Have detached from controlling tty */
-extern GIDSET_TYPE groups[NGROUPS_MAX];	/* groups the user is in */
-extern int	ngroups;	/* How many groups valid in groups */
-extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
-extern int	link_stats_valid; /* set if link_stats is valid */
-extern unsigned	link_connect_time; /* time the link was up for */
-extern int	using_pty;	/* using pty as device (notty or pty opt.) */
-extern int	log_to_fd;	/* logging to this fd as well as syslog */
-extern bool	log_default;	/* log_to_fd is default (stdout) */
-extern char	*no_ppp_msg;	/* message to print if ppp not in kernel */
-extern volatile int status;	/* exit status for pppd */
-extern bool	devnam_fixed;	/* can no longer change devnam */
-extern int	unsuccess;	/* # unsuccessful connection attempts */
-extern int	do_callback;	/* set if we want to do callback next */
-extern int	doing_callback;	/* set if this is a callback */
-extern int	error_count;	/* # of times error() has been called */
-extern char	ppp_devnam[MAXPATHLEN];
-extern char     remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
-extern int      ppp_session_number; /* Session number (eg PPPoE session) */
-
-extern int	listen_time;	/* time to listen first (ms) */
-extern struct notifier *pidchange;   /* for notifications of pid changing */
-extern struct notifier *phasechange; /* for notifications of phase changes */
-extern struct notifier *exitnotify;  /* for notification that we're exiting */
-extern struct notifier *sigreceived; /* notification of received signal */
-extern struct notifier *ip_up_notifier; /* IPCP has come up */
-extern struct notifier *ip_down_notifier; /* IPCP has gone down */
-extern struct notifier *auth_up_notifier; /* peer has authenticated */
-extern struct notifier *link_down_notifier; /* link has gone down */
-extern struct notifier *fork_notifier;	/* we are a new child process */
-
-/* Values for do_callback and doing_callback */
-#define CALLBACK_DIALIN		1	/* we are expecting the call back */
-#define CALLBACK_DIALOUT	2	/* we are dialling out to call back */
-
-/*
- * Variables set by command-line options.
- */
-
-extern int	debug;		/* Debug flag */
-extern int	kdebugflag;	/* Tell kernel to print debug messages */
-extern int	default_device;	/* Using /dev/tty or equivalent */
-extern char	devnam[MAXPATHLEN];	/* Device name */
-extern int	crtscts;	/* Use hardware flow control */
-extern bool	modem;		/* Use modem control lines */
-extern int	inspeed;	/* Input/Output speed requested */
-extern u_int32_t netmask;	/* IP netmask to set on interface */
-extern bool	lockflag;	/* Create lock file to lock the serial dev */
-extern bool	nodetach;	/* Don't detach from controlling tty */
-extern bool	updetach;	/* Detach from controlling tty when link up */
-extern char	*initializer;	/* Script to initialize physical link */
-extern char	*connect_script; /* Script to establish physical link */
-extern char	*disconnect_script; /* Script to disestablish physical link */
-extern char	*welcomer;	/* Script to welcome client after connection */
-extern char	*ptycommand;	/* Command to run on other side of pty */
-extern int	maxconnect;	/* Maximum connect time (seconds) */
-extern char	user[MAXNAMELEN];/* Our name for authenticating ourselves */
-extern char	passwd[MAXSECRETLEN];	/* Password for PAP or CHAP */
-extern bool	auth_required;	/* Peer is required to authenticate */
-extern bool	persist;	/* Reopen link after it goes down */
-extern bool	uselogin;	/* Use /etc/passwd for checking PAP */
-extern char	our_name[MAXNAMELEN];/* Our name for authentication purposes */
-extern char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-extern bool	explicit_remote;/* remote_name specified with remotename opt */
-extern bool	demand;		/* Do dial-on-demand */
-extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
-extern bool	cryptpap;	/* Others' PAP passwords are encrypted */
-extern int	idle_time_limit;/* Shut down link if idle for this long */
-extern int	holdoff;	/* Dead time before restarting */
-extern bool	holdoff_specified; /* true if user gave a holdoff value */
-extern bool	notty;		/* Stdin/out is not a tty */
-extern char	*pty_socket;	/* Socket to connect to pty */
-extern char	*record_file;	/* File to record chars sent/received */
-extern bool	sync_serial;	/* Device is synchronous serial device */
-extern int	maxfail;	/* Max # of unsuccessful connection attempts */
-extern char	linkname[MAXPATHLEN]; /* logical name for link */
-extern bool	tune_kernel;	/* May alter kernel settings as necessary */
-extern int	connect_delay;	/* Time to delay after connect script */
-extern int	max_data_rate;	/* max bytes/sec through charshunt */
-extern int	req_unit;	/* interface unit number to use */
-extern bool	multilink;	/* enable multilink operation */
-extern bool	noendpoint;	/* don't send or accept endpt. discrim. */
-extern char	*bundle_name;	/* bundle name for multilink */
-extern bool	dump_options;	/* print out option values */
-extern bool	dryrun;		/* check everything, print options, exit */
-
-#ifdef MAXOCTETS
-extern unsigned int maxoctets;	     /* Maximum octetes per session (in bytes) */
-extern int       maxoctets_dir;      /* Direction :
-				      0 - in+out (default)
-				      1 - in 
-				      2 - out
-				      3 - max(in,out) */
-extern int       maxoctets_timeout;  /* Timeout for check of octets limit */
-#define PPP_OCTETS_DIRECTION_SUM        0
-#define PPP_OCTETS_DIRECTION_IN         1
-#define PPP_OCTETS_DIRECTION_OUT        2
-#define PPP_OCTETS_DIRECTION_MAXOVERAL  3
-/* same as previos, but little different on RADIUS side */
-#define PPP_OCTETS_DIRECTION_MAXSESSION 4	
-#endif
-
-#ifdef PPP_FILTER
-extern struct	bpf_program pass_filter;   /* Filter for pkts to pass */
-extern struct	bpf_program active_filter; /* Filter for link-active pkts */
-#endif
-
-#ifdef MSLANMAN
-extern bool	ms_lanman;	/* Use LanMan password instead of NT */
-				/* Has meaning only with MS-CHAP challenges */
-#endif
-
-/* Values for auth_pending, auth_done */
-#define PAP_WITHPEER	0x1
-#define PAP_PEER	0x2
-#define CHAP_WITHPEER	0x4
-#define CHAP_PEER	0x8
-#define EAP_WITHPEER	0x10
-#define EAP_PEER	0x20
-
-/* Values for auth_done only */
-#define CHAP_MD5_WITHPEER	0x40
-#define CHAP_MD5_PEER		0x80
-#ifdef CHAPMS
-#define CHAP_MS_SHIFT		8	/* LSB position for MS auths */
-#define CHAP_MS_WITHPEER	0x100
-#define CHAP_MS_PEER		0x200
-#define CHAP_MS2_WITHPEER	0x400
-#define CHAP_MS2_PEER		0x800
-#endif
-
-extern char *current_option;	/* the name of the option being parsed */
-extern int  privileged_option;	/* set iff the current option came from root */
-extern char *option_source;	/* string saying where the option came from */
-extern int  option_priority;	/* priority of current options */
-
-/*
- * Values for phase.
- */
-#define PHASE_DEAD		0
-#define PHASE_INITIALIZE	1
-#define PHASE_SERIALCONN	2
-#define PHASE_DORMANT		3
-#define PHASE_ESTABLISH		4
-#define PHASE_AUTHENTICATE	5
-#define PHASE_CALLBACK		6
-#define PHASE_NETWORK		7
-#define PHASE_RUNNING		8
-#define PHASE_TERMINATE		9
-#define PHASE_DISCONNECT	10
-#define PHASE_HOLDOFF		11
-
-/*
- * The following struct gives the addresses of procedures to call
- * for a particular protocol.
- */
-struct protent {
-    u_short protocol;		/* PPP protocol number */
-    /* Initialization procedure */
-    void (*init) __P((int unit));
-    /* Process a received packet */
-    void (*input) __P((int unit, u_char *pkt, int len));
-    /* Process a received protocol-reject */
-    void (*protrej) __P((int unit));
-    /* Lower layer has come up */
-    void (*lowerup) __P((int unit));
-    /* Lower layer has gone down */
-    void (*lowerdown) __P((int unit));
-    /* Open the protocol */
-    void (*open) __P((int unit));
-    /* Close the protocol */
-    void (*close) __P((int unit, char *reason));
-    /* Print a packet in readable form */
-    int  (*printpkt) __P((u_char *pkt, int len,
-			  void (*printer) __P((void *, char *, ...)),
-			  void *arg));
-    /* Process a received data packet */
-    void (*datainput) __P((int unit, u_char *pkt, int len));
-    bool enabled_flag;		/* 0 iff protocol is disabled */
-    char *name;			/* Text name of protocol */
-    char *data_name;		/* Text name of corresponding data protocol */
-    option_t *options;		/* List of command-line options */
-    /* Check requested options, assign defaults */
-    void (*check_options) __P((void));
-    /* Configure interface for demand-dial */
-    int  (*demand_conf) __P((int unit));
-    /* Say whether to bring up link for this pkt */
-    int  (*active_pkt) __P((u_char *pkt, int len));
-};
-
-/* Table of pointers to supported protocols */
-extern struct protent *protocols[];
-
-/*
- * This struct contains pointers to a set of procedures for
- * doing operations on a "channel".  A channel provides a way
- * to send and receive PPP packets - the canonical example is
- * a serial port device in PPP line discipline (or equivalently
- * with PPP STREAMS modules pushed onto it).
- */
-struct channel {
-	/* set of options for this channel */
-	option_t *options;
-	/* find and process a per-channel options file */
-	void (*process_extra_options) __P((void));
-	/* check all the options that have been given */
-	void (*check_options) __P((void));
-	/* get the channel ready to do PPP, return a file descriptor */
-	int  (*connect) __P((void));
-	/* we're finished with the channel */
-	void (*disconnect) __P((void));
-	/* put the channel into PPP `mode' */
-	int  (*establish_ppp) __P((int));
-	/* take the channel out of PPP `mode', restore loopback if demand */
-	void (*disestablish_ppp) __P((int));
-	/* set the transmit-side PPP parameters of the channel */
-	void (*send_config) __P((int, u_int32_t, int, int));
-	/* set the receive-side PPP parameters of the channel */
-	void (*recv_config) __P((int, u_int32_t, int, int));
-	/* cleanup on error or normal exit */
-	void (*cleanup) __P((void));
-	/* close the device, called in children after fork */
-	void (*close) __P((void));
-};
-
-extern struct channel *the_channel;
-
-/*
- * Prototypes.
- */
-
-/* Procedures exported from main.c. */
-void set_ifunit __P((int));	/* set stuff that depends on ifunit */
-void detach __P((void));	/* Detach from controlling tty */
-void die __P((int));		/* Cleanup and exit */
-void quit __P((void));		/* like die(1) */
-void novm __P((char *));	/* Say we ran out of memory, and die */
-void timeout __P((void (*func)(void *), void *arg, int s, int us));
-				/* Call func(arg) after s.us seconds */
-void untimeout __P((void (*func)(void *), void *arg));
-				/* Cancel call to func(arg) */
-void record_child __P((int, char *, void (*) (void *), void *));
-pid_t safe_fork __P((void));	/* Fork & close stuff in child */
-int  device_script __P((char *cmd, int in, int out, int dont_wait));
-				/* Run `cmd' with given stdin and stdout */
-pid_t run_program __P((char *prog, char **args, int must_exist,
-		       void (*done)(void *), void *arg));
-				/* Run program prog with args in child */
-void reopen_log __P((void));	/* (re)open the connection to syslog */
-void update_link_stats __P((int)); /* Get stats at link termination */
-void script_setenv __P((char *, char *, int));	/* set script env var */
-void script_unsetenv __P((char *));		/* unset script env var */
-void new_phase __P((int));	/* signal start of new phase */
-void add_notifier __P((struct notifier **, notify_func, void *));
-void remove_notifier __P((struct notifier **, notify_func, void *));
-void notify __P((struct notifier *, int));
-int  ppp_send_config __P((int, int, u_int32_t, int, int));
-int  ppp_recv_config __P((int, int, u_int32_t, int, int));
-
-/* Procedures exported from tty.c. */
-void tty_init __P((void));
-
-/* Procedures exported from utils.c. */
-void log_packet __P((u_char *, int, char *, int));
-				/* Format a packet and log it with syslog */
-void print_string __P((char *, int,  void (*) (void *, char *, ...),
-		void *));	/* Format a string for output */
-int slprintf __P((char *, int, char *, ...));		/* sprintf++ */
-int vslprintf __P((char *, int, char *, va_list));	/* vsprintf++ */
-size_t strlcpy __P((char *, const char *, size_t));	/* safe strcpy */
-size_t strlcat __P((char *, const char *, size_t));	/* safe strncpy */
-void dbglog __P((char *, ...));	/* log a debug message */
-void info __P((char *, ...));	/* log an informational message */
-void notice __P((char *, ...));	/* log a notice-level message */
-void warn __P((char *, ...));	/* log a warning message */
-void error __P((char *, ...));	/* log an error message */
-void fatal __P((char *, ...));	/* log an error message and die(1) */
-void init_pr_log __P((char *, int));	/* initialize for using pr_log */
-void pr_log __P((void *, char *, ...));	/* printer fn, output to syslog */
-void end_pr_log __P((void));	/* finish up after using pr_log */
-void dump_packet __P((const char *, u_char *, int));
-				/* dump packet to debug log if interesting */
-ssize_t complete_read __P((int, void *, size_t));
-				/* read a complete buffer */
-
-/* Procedures exported from auth.c */
-void link_required __P((int));	  /* we are starting to use the link */
-void link_terminated __P((int));  /* we are finished with the link */
-void link_down __P((int));	  /* the LCP layer has left the Opened state */
-void link_established __P((int)); /* the link is up; authenticate now */
-void start_networks __P((int));   /* start all the network control protos */
-void continue_networks __P((int)); /* start network [ip, etc] control protos */
-void np_up __P((int, int));	  /* a network protocol has come up */
-void np_down __P((int, int));	  /* a network protocol has gone down */
-void np_finished __P((int, int)); /* a network protocol no longer needs link */
-void auth_peer_fail __P((int, int));
-				/* peer failed to authenticate itself */
-void auth_peer_success __P((int, int, int, char *, int));
-				/* peer successfully authenticated itself */
-void auth_withpeer_fail __P((int, int));
-				/* we failed to authenticate ourselves */
-void auth_withpeer_success __P((int, int, int));
-				/* we successfully authenticated ourselves */
-void auth_check_options __P((void));
-				/* check authentication options supplied */
-void auth_reset __P((int));	/* check what secrets we have */
-int  check_passwd __P((int, char *, int, char *, int, char **));
-				/* Check peer-supplied username/password */
-int  get_secret __P((int, char *, char *, char *, int *, int));
-				/* get "secret" for chap */
-int  get_srp_secret __P((int unit, char *client, char *server, char *secret,
-    int am_server));
-int  auth_ip_addr __P((int, u_int32_t));
-				/* check if IP address is authorized */
-int  auth_number __P((void));	/* check if remote number is authorized */
-int  bad_ip_adrs __P((u_int32_t));
-				/* check if IP address is unreasonable */
-
-/* Procedures exported from demand.c */
-void demand_conf __P((void));	/* config interface(s) for demand-dial */
-void demand_block __P((void));	/* set all NPs to queue up packets */
-void demand_unblock __P((void)); /* set all NPs to pass packets */
-void demand_discard __P((void)); /* set all NPs to discard packets */
-void demand_rexmit __P((int));	/* retransmit saved frames for an NP */
-int  loop_chars __P((unsigned char *, int)); /* process chars from loopback */
-int  loop_frame __P((unsigned char *, int)); /* should we bring link up? */
-
-/* Procedures exported from multilink.c */
-void mp_check_options __P((void)); /* Check multilink-related options */
-int  mp_join_bundle __P((void));  /* join our link to an appropriate bundle */
-char *epdisc_to_str __P((struct epdisc *)); /* string from endpoint discrim. */
-int  str_to_epdisc __P((struct epdisc *, char *)); /* endpt disc. from str */
-
-/* Procedures exported from sys-*.c */
-void sys_init __P((void));	/* Do system-dependent initialization */
-void sys_cleanup __P((void));	/* Restore system state before exiting */
-int  sys_check_options __P((void)); /* Check options specified */
-void sys_close __P((void));	/* Clean up in a child before execing */
-int  ppp_available __P((void));	/* Test whether ppp kernel support exists */
-int  get_pty __P((int *, int *, char *, int));	/* Get pty master/slave */
-int  open_ppp_loopback __P((void)); /* Open loopback for demand-dialling */
-int  tty_establish_ppp __P((int));  /* Turn serial port into a ppp interface */
-void tty_disestablish_ppp __P((int)); /* Restore port to normal operation */
-void generic_disestablish_ppp __P((int dev_fd)); /* Restore device setting */
-int  generic_establish_ppp __P((int dev_fd)); /* Make a ppp interface */
-void make_new_bundle __P((int, int, int, int)); /* Create new bundle */
-int  bundle_attach __P((int));	/* Attach link to existing bundle */
-void cfg_bundle __P((int, int, int, int)); /* Configure existing bundle */
-void clean_check __P((void));	/* Check if line was 8-bit clean */
-void set_up_tty __P((int, int)); /* Set up port's speed, parameters, etc. */
-void restore_tty __P((int));	/* Restore port's original parameters */
-void setdtr __P((int, int));	/* Raise or lower port's DTR line */
-void output __P((int, u_char *, int)); /* Output a PPP packet */
-void wait_input __P((struct timeval *));
-				/* Wait for input, with timeout */
-void add_fd __P((int));		/* Add fd to set to wait for */
-void remove_fd __P((int));	/* Remove fd from set to wait for */
-int  read_packet __P((u_char *)); /* Read PPP packet */
-int  get_loop_output __P((void)); /* Read pkts from loopback */
-void tty_send_config __P((int, u_int32_t, int, int));
-				/* Configure i/f transmit parameters */
-void tty_set_xaccm __P((ext_accm));