Import upstream version 1.3.4

AUTHORS

@@ -0,0 +1,52 @@
+Poptop -- The PPTP Server
+-------------------------
+
+Current Maintainer:
+James Cameron <james.cameron at hp dot com>
+
+Previous Maintainer:
+Richard de Vroede <r.devroede at linvision dot com>
+
+Original Authors:
+Matthew Ramsay <matthewr at lineo dot com>
+Kevin Thayer <tmk at netmagic.net>
+David Luyer <luyer at ucs.uwa.edu.au>
+Peter Galbavy <Peter.Galbavy at knowledge dot com>
+
+Other Contributors:
+Ron O'Hara <rono at sentuny dot com.au>
+Allan Clark <allanc at sco dot com>
+Harald Vogt <vogt at serc.nl>
+Bruno Lopes F. Cabral <bruno at openline dot com.br> [!3runo]
+Peter Stamfest <poptop at stamfest dot at>
+Sergio M. Ammirata
+Norbert van Bolhuis
+Visarion Mandzgaladze
+Hernan Otero
+Jan Dubiec
+Pawel Guraj
+Chris Wilson
+Anton Gorlov
+Charlie Brady
+
+The Linux PPTP Server takes advantage of some Linux PPTP client code
+written by C. Scott Ananian <cananian at alumni.princeton.edu>
+
+Other Credits:
+Moreton Bay <http://www.moretonbay.com>
+Lineo       <http://www.lineo.com>
+Snapgear    <http://www.snapgear.com>
+Linvision   <http://www.linvision.com>
+
+SourceForge <http://sourceforge.net> - Current host for the mailing
+list and CVS repository.
+
+Christopher Schulte <christopher at schulte.org> - Previous host for the
+PPTP Mailing List (sadly missed, in James' opinion).
+
+Peter Galbavy <Peter.Galbavy at knowledge dot com> - Previous host for the
+PPTP CVS server.
+
+Luc Richards <theycallmeluc at yahoo dot com.au> - The author of bcrelay.
+
+Wing Kwok <skwok at acnielsen dot com.au> - The author of ADS howto.

COPYING

@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.

ChangeLog

@@ -0,0 +1,635 @@
+Mon Apr 16 10:32:40 2007  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.3.4.tar.gz: released.
+
+Mon Apr 16 09:38:13 2007  Phil Oester  <kernel@linuxace.com>
+
+	* pptpgre.c: fixes two packet reordering bugs, (1) the check for
+	out-of-order sequence numbers only validates that the sequence
+	received is greater than the previous sequence received.  But this
+	is invalid if for instance packet 20 is received after packet 10.
+	It should instead verify packet received is equal previous packet
+	plus one.  (2) the packet dequeue function was using the wrong
+	pointer, which led to corruption of all packets placed on the
+	queue when they were dequeued.  Thanks to James Cameron for the
+	testing tools which made discovery of these bugs possible.
+
+Thu Feb  8 09:59:00 2007  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/pptpd-logwtmp.c (ip_up): accept either two forward or
+	two reverse slashes as the delimiter.
+
+Fri Dec  8 10:49:27 2006  Charlie Brady  <charlieb-poptop-server@e-smith.com>
+
+	* pptpctrl.c (startCall): turn off echo on the slave pty, so that
+	any packets that arrive before pppd is ready will not be echoed
+	back to the client.  Deprecate PPP_WAIT.
+
+Tue Sep  5 09:42:46 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.3.3.tar.gz: released.
+
+Tue Sep  5 09:25:25 2006  James Cameron  <quozl@us.netrek.org>
+
+	* defaults.h: remove MAX_CONNECTIONS reference.
+
+	* samples/pptpd.conf: add connections clause, remove reference to
+	MAX_CONNECTIONS.
+
+Tue Sep  5 09:10:55 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c (processIPStr): add new informational message to
+	indicate when the number of connections is constrained by the
+	configured IP address ranges.
+
+Tue Sep  5 08:52:20 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c: fix segfault on -C option, cause was option string
+	didn't include argument flag for number of connections.  Closes
+	Gentoo Bug #132898 <http://bugs.gentoo.org/show_bug.cgi?id=132898>
+	thanks to Alin Nastac (mrness at gentoo.org) and Peter Volkov.
+
+Thu Aug  3 12:02:02 2006  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/Makefile (LIBDIR), Makefile.am (LIBDIR): support build
+	of x86_64 mixed architecture.  From: Anton Gorlov.
+
+Thu Aug  3 11:14:59 2006  James Cameron  <quozl@us.netrek.org>
+
+	* configure.in: rewrite use of AC_ARG_WITH and AC_ARG_ENABLE to
+	more properly support the negative case.  Reported by: Phil
+	Oester.
+
+Thu Aug  3 09:55:25 2006  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/Makefile: include libutil.  From: Anton Gorlov.
+
+Thu Apr 20 16:18:26 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.init: ensures the service is not enabled by default when
+	installed, and adds a "condrestart" target that will restart the
+	daemon if and only if it's already running.  Reported by: Paul
+	Howarth.
+
+Tue Apr 18 14:47:29 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.3.2.tar.gz: released.
+
+	* configure.in: fix --with flags to work --without, change
+	--with-bcrelay to --enable-bcrelay.
+
+Mon Mar 27 11:42:36 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpgre.c (decaps_gre, dequeue_gre): only report to LOG_DEBUG if
+	the debug option is set.  Reported by: Thomas Stein
+	<thomas.stein@knowledgetools.de>
+
+Tue Feb 14 10:52:13 2006  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.3.1.tar.gz: released.
+
+Thu Dec 29 17:39:15 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c, pptpmanager.c, pptpmanager.h, defaults.h: make
+	connections limit a run-time option.
+
+Thu Dec 29 15:45:51 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c (launch_bcrelay): insufficient space was allocated in
+	the argv array for the number of elements used.
+
+Thu Dec 29 12:11:23 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd: remove PPPD_IP_ALLOC in favour of a configuration option.
+	
+	* pptpd.8: add --delegate
+	
+	* pptpd.conf.5, samples/pptpd.conf: add delegate option
+	
+	* config.h.in, configure.in: remove --with-pppd-ip-alloc option
+	
+	* pptpmanager.c, defaults.h, pptpd.c: convert from conditional
+	compilation to run-time checking.
+	
+	* samples/options.pptpd: describe how to force local IP for tunnel
+	even in delegate mode.
+
+	* INSTALL: remove build.sh reference.
+	
+Thu Dec 29 11:04:13 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpgre.c (pptp_gre_init): prevent initial unwanted GRE ACK.
+	From: Jonathan Barker <jabarker@itstrategic.ca>
+
+Mon Nov 21 10:53:09 2005  James Cameron  <quozl@us.netrek.org>
+
+	* bcrelay.c (mainloop): ignore ENOBUFS rather than fail.
+	From: Rajkumar S <rajkumars@asianetindia.com>
+
+Mon Oct 31 09:21:11 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c: change GETARG to GETARG_VALUE and add a GETARG_INT
+	and GETARG_STRING macro, to improve readability.
+
+Mon Aug 22 10:45:14 2005  James Cameron  <quozl@us.netrek.org>
+
+	* compat.c (sigpipe_assign): remove superfluous sigset variable
+	and calls; they served no purpose.  Reported by: Pavol Gono.
+
+Wed Aug  3 19:04:07 2005  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/pptpd-logwtmp.c: fix compilation warning by including
+	string.h
+
+	* ctrlpacket.c (read_pptp_packet): initialise return control
+	message type, to fix compilation warnings.
+
+	* pqueue.c: compilation fixes, use of log() and warn() replaced
+	with syslog().
+
+Wed Aug  3 17:33:40 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.3.0.tar.gz: released.
+
+Tue Aug  2 21:31:25 2005  James Cameron  <quozl@us.netrek.org>
+
+	* samples/options.pptpd: disable Van Jacobson compression.
+	Reported by Pawel Pokrywka.
+
+Tue Aug  2 21:27:11 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpgre.c: packet reordering implementation, contributed by Vijay
+	Bharadwaj.
+
+Tue Aug  2 19:32:47 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpdefs.h (MAX_ECHO_WAIT, IDLE_WAIT): comply with RFC2637,
+	reported by Tobias Brox, updates 20040811-0.
+
+Tue Aug  2 19:30:30 2005  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/pptpd-logwtmp.c (ip_up): implement
+	pptpd-logwtmp-strip-domain option, closes 20050401-1.
+
+Tue Aug  2 19:01:42 2005  James Cameron  <quozl@us.netrek.org>
+
+	* Makefile.am (EXTRA_DIST): add html directory, missing from
+	distribution, closes 20050729-1.
+
+Fri Jul 29 22:56:08 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpdefs.h (PPP_WAIT): default ten seconds wait for PPP packets
+	to begin to be sent.
+
+	* pptpctrl.c (pptp_handle_ctrl_connection): wait for first packet
+	from pppd before continuing, an experimental fix for bug
+	20040521-1.
+
+Tue Jul 12 16:33:23 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpmanager.c (pptpmanager): process initial packet header
+	length field properly.  Reported by: Alex Beregszaszi
+
+Thu Mar  3 16:19:17 2005  James Cameron  <quozl@us.netrek.org>
+
+	* bcrelay.c (mainloop): ignore ENETDOWN and ENXIO from sendto(2).
+	Closes 20040428-0.
+
+Thu Feb 24 11:48:08 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.8: add section on debugging, contributed by Peter Mueller.
+
+Thu Feb 17 13:05:31 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.3.tar.gz: released.
+
+Thu Feb 17 13:01:22 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c (showusage, showversion): change from poptop to pptpd.
+
+Tue Jan 25 09:01:49 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c: perform error checking on dup2 calls, as on Linux
+	they can fail under certain circumstances.
+
+Fri Jan 14 13:38:58 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c, pptpctrl.c, bcrelay.c, configure.in, acconfig.h: add
+	configure option --enable-facility to set syslog facility to use
+	in logging.  e.g. LOG_LOCAL0
+
+Mon Jan 10 09:51:05 2005  James Cameron  <quozl@us.netrek.org>
+
+	* config.h.in, configure.in, pptpgre.c (encaps_gre): uses writev()
+	if available, to avoid a memcpy() of the GRE payload when sending
+	off the packet.  From: Marcus Sundberg.
+
+Thu Jan  6 10:07:39 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpmanager.c (pptp_manager): compilation fix for gcc < 3, a
+	regression introduced in pptpd-1.2.2.  Reported by: Peter Mueller.
+
+Wed Jan  5 22:12:38 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.2.tar.gz: released.
+
+Wed Jan  5 21:16:15 2005  James Cameron  <quozl@us.netrek.org>
+
+	* compat.h, compat.c (sigpipe_*): build a generalised signal pipe
+	delivery ... thing, for use by pptpd and pptpctrl.
+
+	* pptpctrl.c (main): use signal pipe delivery instead of calling
+	syslog(3) in the SIGTERM handler, call the old handler bail() when
+	SIGTERM is delivered via the pipe.
+
+	* pptpd.c: kill bcrelay outside a signal handler in order to avoid
+	deadlock.
+
+	* pptpmanager.c (pptp_manager): use generalised signal pipe
+	delivery, return to caller on SIGTERM.
+
+Wed Jan  5 17:30:50 2005  James Cameron  <quozl@us.netrek.org>
+
+	* pptpmanager.c: fix bug 2004-01-05-0, hang due to syslog(3)
+	called by signal(2) handler.  Derived from contributions to PPTP
+	Client by Jean Wolter.
+
+	* pptpmanager.c: add pipe for queueing SIGCHLD events.
+	
+	* pptpmanager.c (sigchld_handler): add safe handler for SIGCHLD.
+	
+	* pptpmanager.c (sigchld_responder): move old handler into
+	non-signal context function called from main event loop.
+	
+	* pptpmanager.c (sigchld_setup): move SIGCHLD signal handling
+	setup into own function.
+
+	* pptpmanager.c (pptp_manager): call the new signal handling setup
+	function, FD_ZERO each time around (it wasn't being reset), watch
+	the signal handling pipe in the main event loop, handle EINTR
+	return from select by ignoring it and restarting the select().
+	Added code to handle signal pipe data.  Removed code for blocking
+	SIGCHLD on new connection, now that the signal handling is linear.
+
+Thu Dec 23 09:17:29 2004  James Cameron  <quozl@us.netrek.org>
+
+	* samples/options.pptpd: turn off logging to stderr by default, to
+	prevent loopback detected.  From: Andrew Hall
+	<ahall@sportingstatz.com>
+
+Thu Nov 11 14:20:18 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.spec: allows the RPM to be built on Red Hat Enterprise
+	Linux systems that use an older version of autotools.  From:
+	Charlie Brady <charlieb-poptop-server@e-smith.com>
+
+Thu Jun 24 09:35:58 2004  Peter Mueller  <pmueller@sidestep.com>
+
+	* pptpd.init: avoid spitting garbage if no processes exist.
+
+Wed Jun 23 19:42:33 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.1.tar.gz: released.
+	
+	* plugins/patchlevel.h: update pppd version requirement, so that
+	pptpd works with Paul Howarth's pppd 2.4.3 CVS packages.
+
+Fri Jun  4 13:56:20 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.init: warn that restart may cause problems, provide
+	restart-kill.  From: Peter Mueller.
+
+Tue May 25 11:35:49 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.0-b4.tar.gz: released.
+
+Mon May 24 20:27:53 2004  James Cameron  <quozl@us.netrek.org>
+
+	* debian/copyright: fix spelling to fix lintian warning.
+	* debian/changelog: remove emacs stuff to fix lintian warning.
+	* pptpd.8: refer to pptpd.conf(5) early on, and remove EXAMPLES
+	section, as it contributes nothing.
+	* pptpd.conf.5: add documentation for firewall rules.
+
+Fri May 21 20:43:55 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.spec: rework to build under rpm 4.0.4, depend on ppp >=
+	2.4.2, change description to match Debian package, add vendor,
+	propogate changes since 1.1.4-b3 involving obsolete scripts and
+	new plugin.
+
+	* Makefile.am, plugins/Makefile: add missing pptpd.init, add
+	debian packaging from downstream, propogate DESTDIR and prefix to
+	plugins install target.
+
+	* debian/changelog: change the version to -0 to avoid clobbering
+	the later Debian package.
+
+Mon May 17 16:28:49 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c: bug fix, only check PPP options file readability if an
+	options file has been given in the configuration file or command
+	line.  Reported by: Andrew Alexandrov
+
+Mon May 17 12:31:34 2004  James Cameron  <quozl@us.netrek.org>
+
+	* Makefile.am (EXTRA_DIST): remove html, as the documentation is
+	out of date, explicitly name samples, tools and plugins files to
+	prevent CVS in tarball.
+
+Mon May 17 12:31:09 2004  James Cameron  <quozl@us.netrek.org>
+
+	* debian: merge upstream Debian patches.  From Rene Mayrhofer.
+
+Fri May 14 15:50:35 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c (killbcrelay): bug fix, pptpd catches SIGTERM to kill
+	bcrelay, but doesn't kill itself.  "This patch solves partially
+	the problem.  When there is a connection established klling the
+	main pptpd process will not kill the control connection process."
+	From: Pawel Guraj.
+
+Thu Apr 29 20:18:19 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.8, pptpd.conf.5: adopt man page review suggestions.
+	From: Chris Wilson.
+
+Thu Apr 29 19:49:59 2004  James Cameron  <quozl@us.netrek.org>
+
+	* plugins/pptpd-logwtmp.c (ip_up): use the username that was
+	authenticated from the peer_authname variable rather than the
+	local host name hiding in the user variable.
+	Reported by: Pawel Guraj.
+
+Thu Apr 29 16:56:05 2004  James Cameron  <quozl@us.netrek.org>
+
+	* ctrlpacket.c (deal_out_call): print connection speed properly.
+	From: Jan Dubiec.
+
+Thu Apr 29 16:49:03 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.c: fix segfault if built --with-bcrelay but neither
+	bcrelay config option nor --bcrelay command line flag used.  From:
+	Jan Dubiec, Pawel Guraj.
+
+Wed Apr 28 21:24:25 2004  James Cameron  <quozl@us.netrek.org>
+
+	* README.logwtmp: write up new feature to track user connections
+	and disconnections using the standard wtmp(5) mechanism.
+	* defaults.h, pptpd.8, pptpctrl.8, pptpctrl.c, pptpd.c,
+	pptpmanager.c, samples/pptpd.conf: add --logwtmp option.
+	* plugins/Makefile: derive from PPP CVS plugins example.
+	* plugins/patchlevel.h, plugins/pppd.h: copy headers from PPP CVS.
+	* plugins/pptpd-logwtmp.c: add plugin to update wtmp.
+	* Makefile.am: add targets for plugins build and any future
+	subdirectories.
+	* tools/vpnwho.pl: mark as obsolete.
+
+Wed Apr 28 19:54:04 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (main): waitpid() rather than kill() the pppd, so
+	that ip-down scripts get executed.
+
+Tue Apr 27 09:11:32 2004  James Cameron  <quozl@us.netrek.org>
+
+	* NEWS: change attribution on request from author.
+
+	* Makefile.am (EXTRA_DIST): include README.portslave, re-order list.
+
+Sun Apr 25 20:31:52 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.0-b3.tar.gz: released.
+	
+Sat Apr 24 20:51:54 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpgre.c (decaps_hdlc): add hint for EIO on read() of PTY,
+	suggesting a look at option syntax and pppd logs.  To address a
+	FAQ seen on mailing lists.
+
+	* pptpd.conf.5: add routing checklists for three different methods
+	of allocating subnets and configuring pptpd.
+
+	* pptpd.8, pptpd.conf.5: add noipparam option documentation.  Move
+	speed option to end of list.  Rework text for simplicity.  Cross
+	check against pptpd.c.
+
+	* pptpctrl.8: rework argument list, cross check against
+	pptpctrl.c, remove examples because running from inetd(8) is
+	unusual and not encouraged.
+
+	* pptpd.c, pptpd.8, pptpmanager.c, pptpctrl.c, defaults.h: add
+	--ppp option to specify PPP program to use in place of default
+	PPP_BINARY, and pass the new parameter to pptpctrl.  Also reworked
+	option handling and validation to simplify code.  Use access()
+	instead of fopen() to verify that files can be read or executed.
+
+	* pptpd.c: bug fix, --stimeout option was not working due to use
+	of strdup() and a blind cast instead of atoi().
+
+	* pptpd.c: bug fix, --noipparam option on command line was causing
+	premature exit during option processing.
+
+Fri Apr 23 21:01:31 2004  James Cameron  <quozl@us.netrek.org>
+
+	* tools/pptp-portslave: add contribution from Russell Coker, on
+	Debian Bug#126486.
+
+Fri Apr 23 20:34:28 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (main): fail if arguments insufficient, closes Debian
+	Bug#107933.
+
+	* .cvsignore: include config.h and stamp-h, to assist with CVS
+	updates.
+
+Fri Apr 23 20:13:43 2004  James Cameron  <quozl@us.netrek.org>
+
+	* AUTHORS: hide author e-mails, add contributors since last release.
+
+Fri Apr 23 20:00:02 2004  James Cameron  <quozl@us.netrek.org>
+
+	* stamp-h, config.h: remove from CVS.
+	
+	* import: remove huge superfluous screen snapshot that was slowing
+	CVS access.
+
+	* .cvsignore: update for new build environment, include everything
+	that might normally be in a user directory checked out from CVS.
+
+	* samples/options: not relevant, removed.
+
+	* tools/confmod.sh: mark as obsolete, relevant only for ppp-2.4.1
+	forks.
+
+	* reconf, version: adjust comments.
+
+	* pptpd.spec: include vpnwho.pl (old version at this stage until
+	Bruno finds me the latest version) in the RPM packaging.
+
+	* pptpd.conf.5, pptpd.8: expand acronymn DOS.
+
+	* pptpctrl.8: add note that speed is ineffective on Linux.
+
+	* makepackage: use complete version, including beta release, as
+	part of the packaging; don't hide the beta release version.
+
+	* configure.in: remove warning about /usr/local/bin/pptpd, since
+	/usr/local/bin is locally administered; we have no right to warn,
+	we may have been responsible even in this version for placing the
+	file there.
+
+	* Anon-CVS-Root: obsolete, removed.
+	
+	* build.sh: obsolete build.sh
+
+	* README.bcrelay: wrap to 80 columns.
+
+	* README: rework for new release.
+
+Fri Apr 23 17:05:23 2004  James Cameron  <quozl@us.netrek.org>
+
+	* makerpm: remove from CVS in favour of makepackage per Richard's
+	e-mail on 1st August 2003.
+
+	* Makefile.am (EXTRA_DIST): add README.bcrelay, older ChangeLogs,
+	tools, spec file, and makepackage script.
+
+Fri Apr 23 16:15:59 2004  James Cameron  <quozl@us.netrek.org>
+
+	* reconf: remove setting of pptpd.conf version.
+
+	* samples/pptpd.conf: remove package version from file, use CVS
+	revision header instead.
+
+	* samples/options.pptpd: clarify comments, default to work with
+	PPP 2.4.2.
+
+Thu Apr 22 16:38:01 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c: remove report of connection speed for Linux pppd.
+
+Thu Apr 22 13:41:11 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd-1.2.0-b1.tar.gz: released to test team.
+	
+	* AUTHORS: adjust to reflect new maintainer.
+
+	* bcrelay.c: when compiling without --with-bcrelay, fail
+	immediately with an error message suggesting a rebuild.
+
+	* bcrelay.c: adopt VERSION from main package, cause my_daemon() to
+	be conditional on not HAVE_DAEMON.
+
+	* pptpd.c (killbcrelay): avoid code when BCRELAY is not defined.
+	Fixes compiler error when pptpd is configured using defaults.
+
+	* Makefile.am (dist-hook, EXTRA_DIST): remove CVS from final
+	source distribution.
+
+	* samples/pptpd.conf: remove some whitespace and wrap.
+
+	* Makefile.am: remove CVS from dist target.
+
+	* RELEASING: new file of release instructions, for 1.2.0 release
+	candidate.
+
+	* configure.in: change version.
+
+	* pptpd.spec: change version.
+
+	* ChangeLog: adopt GNU format.
+	
+Fri Feb 27 09:53:19 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (pptp_handle_ctrl_connection): on any CALL_CLR_RQST,
+	terminate the call.  From: "Bruno Lopes F. Cabral"
+	<bruno@openline.com.br> 2004-01-08
+	http://marc.theaimsgroup.com/?l=poptop-server&m=107359240120864&w=2
+
+Fri Feb 27 09:50:41 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (launch_pppd): make sure SIGCHLD is unblocked. The
+	procmask gets inherited from the manager and usually has the
+	SIGCHLD blocked. Actually pppd does not expect that somebody
+	tampered with its signal mask, thus we just unblock all signals
+	and leave them to be handled by pppd.  This fixes the "ip-up
+	zombie" bug.  From: Peter Stamfest <poptop@stamfest.at> 2003-09-06
+	http://marc.theaimsgroup.com/?l=poptop-server&m=106284825408104&w=2
+
+Thu Feb 26 15:17:37 2004  James Cameron  <quozl@us.netrek.org>
+
+	* pptpd.8, pptpd.conf.5 (speed): note that speed is ineffective on
+	Linux, despite being accepted by pppd.
+
+Wed Dec 10 09:28:01 2003  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (launch_pppd): report program binary path.
+
+Tue Dec  9 10:22:01 2003  James Cameron  <quozl@us.netrek.org>
+
+	* pptpctrl.c (launch_pppd): report cause of failed execvp().
+	* pptpctrl.c (startCall): better explain launch failure.
+
+poptop (1.1.4-b5) unstable; urgency=low
+
+  * Added code to pass ipparam to pppd - By Sergio M. Ammirata
+  * Added Debian packaging information (not included in .tar.gz)
+  * Added bcrelay_v1 - By Norbert van Bolhuis
+  
+ -- R. de Vroede <richard@oip.tudelft.nl>  Fri, 18 Jul 2003 11:34:05 +0200
+
+poptop (1.1.4-b4) unstable; urgency=low
+
+  * Bugfix: First GRE packet always discarded - By: fghdgh (gcc111)
+  * Bugfix: Console fds left open, ssh hangs - By: fghdgh (gcc111)
+  * Bugfix: Pidfile option doesn't work - By: Visarion Mandzgaladze
+  
+ -- R. de Vroede <richard@oip.tudelft.nl>  Fri, Jun 20 2003 11:34:05 +0200
+
+poptop (1.1.4-b3) unstable; urgency=low
+
+  * Bugfix: Two buffer overflows in pptpctrl.c - By: Hernan Otero
+  
+ -- R. de Vroede <richard@oip.tudelft.nl>  Tue, May 13 2003 11:34:05 +0200
+
+poptop (1.1.4-b2) unstable; urgency=low
+
+  * Bugfix: Potential buffer-overflow in ctrlpacket.c
+  * Callid enhancements.  From: Ilguiz Latypov, Debian Bug#171831
+  
+ -- R. de Vroede <richard@oip.tudelft.nl>  Wed, Apr  9 2003 11:34:05 +0200
+
+poptop (1.1.4-b1) unstable; urgency=low
+
+  * Added BCrelay (Broadcast relay)
+  
+ -- R. de Vroede <richard@oip.tudelft.nl>  Fri, Oct 11 2002 11:34:05 +0200
+
+Poptop ChangeLog
+---------------------------------------------------------------------------
+v1.1.3
+* Wed Apr  9 2003 Richard de Vroede <r.devroede@linvision.com>
+- fixed a potential buffer-overflow in ctrlpacket.c
+
+* Thu Aug 22 2002 Richard de Vroede <richard@linvision.com>
+- added stimeout option to pptpd.conf manpage
+- updated the Changelog file ;-)
+
+* Tue Aug 20 2002 Richard de Vroede <richard@linvision.com>
+- removed debug commandline option from pptpd.init
+
+* Thu Aug  1 2002 Richard de Vroede <richard@linvision.com>
+- added config(noreplace) so old configs don't get replaced
+- fixed postscriptlet
+- adapted spec to cvs tree
+
+* Wed Jun 26 2002 Richard de Vroede <richard@linvision.com>
+- specfile now supports --with[out] options
+
+---------------------------------------------------------------------------
+v0.9.13 -> v1.1.3
+* June 18 2002 Richard de Vroede <richard@linvision.com>
+- migrated to version higher than last poptop release
+- bugfixed
+
+---------------------------------------------------------------------------

INSTALL

@@ -0,0 +1,188 @@
+Note: logwtmp plugin source file patchlevel.h must match pppd version
+on system if it is used.  Edit the file plugins/patchlevel.h
+accordingly.
+
+--
+
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+   The file `configure.in' is used to create `configure' by a program
+called `autoconf'.  You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  You can give `configure'
+initial values for variables by setting them in the environment.  Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+     CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+     env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory.  After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+architecture.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on.  Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+     CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+   If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+     Use and save the results of the tests in FILE instead of
+     `./config.cache'.  Set FILE to `/dev/null' to disable caching, for
+     debugging `configure'.
+
+`--help'
+     Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--version'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`configure' also accepts some other, not widely useful, options.

Makefile.am

@@ -0,0 +1,109 @@
+# We have our own, simpler dependencies stuff in 'reconf'
+AUTOMAKE_OPTIONS = no-dependencies foreign
+
+@SET_MAKE@
+
+export LIBDIR=$(libdir)/pptpd
+INCLUDES = -I.
+## Change this if you don't have gcc
+## -pedantic removed for now (OpenBSD header files).
+## -Werror removed for now (getopt stuff on OSF/1 throws a
+##  warning with -Wmissing-prototypes).
+## -Wmissing-prototypes removed (eg, Linux 2.2.6 headers
+##  aren't up to it).
+CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
+#CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"'
+#CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"'
+
+man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5
+
+EXTRA_DIST = \
+html README* ChangeLog NEWS TODO $(man_MANS) \
+samples/chap-secrets samples/options.pptpd samples/pptpd.conf \
+Makefile.uClinux config.embed.h version reconf \
+tools/pptp-portslave tools/vpnstats tools/vpnstats.pl tools/vpnuser \
+pptpd.init pptpd.spec makepackage \
+plugins/Makefile plugins/*.h plugins/*.c \
+debian/README.debian debian/changelog debian/conffiles debian/config \
+debian/control debian/copyright debian/dirs debian/docs \
+debian/examples debian/pptpd-options debian/pptpd.conf \
+debian/pptpd.init debian/pptpdconfig.pl debian/rules debian/templates \
+debian/po/POTFILES.in debian/po/fr.po debian/po/pt_BR.po \
+debian/po/templates.pot
+
+EXTRA_PROGRAMS = 
+sbin_PROGRAMS = pptpd pptpctrl bcrelay
+
+# Header files are only used to determine what to put in a distribution, not
+# for dependencies, so just attribute them all to pptpd.
+
+pptpd_SOURCES = \
+	 pqueue.c pptpd.c configfile.c pptpmanager.c compat.c inststr.c getopt.c getopt1.c \
+	pqueue.h compat.h configfile.h ctrlpacket.h defaults.h inststr.h our_getopt.h \
+	our_syslog.h ppphdlc.h pptpctrl.h pptpdefs.h pptpgre.h pptpmanager.h
+
+pptpctrl_SOURCES = \
+	pqueue.c pptpctrl.c ctrlpacket.c inststr.c compat.c pptpgre.c ppphdlc.c
+
+pptpd_LDADD = $(XTRALIBS_MGR)
+
+pptpctrl_LDADD = $(XTRALIBS_CTRL)
+
+bcrelay_SOURCES = bcrelay.c defaults.h our_syslog.h our_getopt.h
+
+subdirs = plugins
+
+all-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d all; done
+
+install-exec-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d prefix=$(prefix) DESTDIR=$(DESTDIR) install; done
+
+clean-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d clean; done
+
+uninstall-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d prefix=$(prefix) DESTDIR=$(DESTDIR) uninstall; done
+
+package: deb rpm
+
+deb:
+	fakeroot dpkg-buildpackage -us -uc
+
+rpm:
+	fakeroot rpmbuild -ta pptpd-$(VERSION).tar.gz
+
+##CLEANFILES = 
+
+## DO NOT ADD BELOW THIS POINT, DEPS ARE AUTOMATICALLY ADDED
+bcrelay.o: bcrelay.c config.h defaults.h our_syslog.h our_getopt.h
+
+compat.o: compat.c config.h compat.h our_syslog.h inststr.h
+
+configfile.o: configfile.c config.h defaults.h configfile.h our_syslog.h
+
+ctrlpacket.o: ctrlpacket.c config.h our_syslog.h pptpdefs.h pptpctrl.h \
+  ctrlpacket.h compat.h
+
+getopt.o: getopt.c config.h our_getopt.h
+
+getopt1.o: getopt1.c config.h our_getopt.h
+
+inststr.o: inststr.c config.h inststr.h compat.h
+
+ppphdlc.o: ppphdlc.c config.h ppphdlc.h
+
+pptpctrl.o: pptpctrl.c config.h our_syslog.h compat.h pptpctrl.h \
+  pptpgre.h pptpdefs.h ctrlpacket.h defaults.h
+
+pptpd.o: pptpd.c config.h our_syslog.h our_getopt.h configfile.h \
+  defaults.h compat.h pptpmanager.h
+
+pptpgre.o: pptpgre.c config.h our_syslog.h ppphdlc.h pptpgre.h pptpdefs.h \
+  pptpctrl.h defaults.h pqueue.h compat.h
+
+pptpmanager.o: pptpmanager.c config.h our_syslog.h configfile.h \
+  defaults.h pptpctrl.h pptpdefs.h pptpmanager.h compat.h
+
+pqueue.o: pqueue.c pqueue.h
+

Makefile.in

@@ -0,0 +1,740 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = .
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+EXTRA_PROGRAMS =
+sbin_PROGRAMS = pptpd$(EXEEXT) pptpctrl$(EXEEXT) bcrelay$(EXEEXT)
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in $(srcdir)/config.h.in \
+	$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
+	TODO acconfig.h install-sh missing mkinstalldirs
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno configure.status.lineno
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man5dir)" \
+	"$(DESTDIR)$(man8dir)"
+sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(sbin_PROGRAMS)
+am_bcrelay_OBJECTS = bcrelay.$(OBJEXT)
+bcrelay_OBJECTS = $(am_bcrelay_OBJECTS)
+bcrelay_LDADD = $(LDADD)
+am_pptpctrl_OBJECTS = pqueue.$(OBJEXT) pptpctrl.$(OBJEXT) \
+	ctrlpacket.$(OBJEXT) inststr.$(OBJEXT) compat.$(OBJEXT) \
+	pptpgre.$(OBJEXT) ppphdlc.$(OBJEXT)
+pptpctrl_OBJECTS = $(am_pptpctrl_OBJECTS)
+am__DEPENDENCIES_1 =
+pptpctrl_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am_pptpd_OBJECTS = pqueue.$(OBJEXT) pptpd.$(OBJEXT) \
+	configfile.$(OBJEXT) pptpmanager.$(OBJEXT) compat.$(OBJEXT) \
+	inststr.$(OBJEXT) getopt.$(OBJEXT) getopt1.$(OBJEXT)
+pptpd_OBJECTS = $(am_pptpd_OBJECTS)
+pptpd_DEPENDENCIES = $(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(bcrelay_SOURCES) $(pptpctrl_SOURCES) $(pptpd_SOURCES)
+DIST_SOURCES = $(bcrelay_SOURCES) $(pptpctrl_SOURCES) $(pptpd_SOURCES)
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d $(distdir) \
+    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = -O2 -fno-builtin -Wall -DSBINDIR='"$(sbindir)"'
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+GREP = @GREP@
+HAVE_OPENPTY = @HAVE_OPENPTY@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+XTRALIBS_CTRL = @XTRALIBS_CTRL@
+XTRALIBS_MGR = @XTRALIBS_MGR@
+XTRA_PROG = @XTRA_PROG@
+ac_ct_CC = @ac_ct_CC@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build_alias = @build_alias@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host_alias = @host_alias@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+
+# We have our own, simpler dependencies stuff in 'reconf'
+AUTOMAKE_OPTIONS = no-dependencies foreign
+INCLUDES = -I.
+#CFLAGS = -O2 -fno-builtin -Wall -ansi -DSBINDIR='"$(sbindir)"'
+#CFLAGS = -O2 -fno-builtin -Wall -ansi -pedantic -Wmissing-prototypes -Werror -DSBINDIR='"$(sbindir)"'
+man_MANS = pptpctrl.8 pptpd.8 pptpd.conf.5
+EXTRA_DIST = \
+html README* ChangeLog NEWS TODO $(man_MANS) \
+samples/chap-secrets samples/options.pptpd samples/pptpd.conf \
+Makefile.uClinux config.embed.h version reconf \
+tools/pptp-portslave tools/vpnstats tools/vpnstats.pl tools/vpnuser \
+pptpd.init pptpd.spec makepackage \
+plugins/Makefile plugins/*.h plugins/*.c \
+debian/README.debian debian/changelog debian/conffiles debian/config \
+debian/control debian/copyright debian/dirs debian/docs \
+debian/examples debian/pptpd-options debian/pptpd.conf \
+debian/pptpd.init debian/pptpdconfig.pl debian/rules debian/templates \
+debian/po/POTFILES.in debian/po/fr.po debian/po/pt_BR.po \
+debian/po/templates.pot
+
+
+# Header files are only used to determine what to put in a distribution, not
+# for dependencies, so just attribute them all to pptpd.
+pptpd_SOURCES = \
+	 pqueue.c pptpd.c configfile.c pptpmanager.c compat.c inststr.c getopt.c getopt1.c \
+	pqueue.h compat.h configfile.h ctrlpacket.h defaults.h inststr.h our_getopt.h \
+	our_syslog.h ppphdlc.h pptpctrl.h pptpdefs.h pptpgre.h pptpmanager.h
+
+pptpctrl_SOURCES = \
+	pqueue.c pptpctrl.c ctrlpacket.c inststr.c compat.c pptpgre.c ppphdlc.c
+
+pptpd_LDADD = $(XTRALIBS_MGR)
+pptpctrl_LDADD = $(XTRALIBS_CTRL)
+bcrelay_SOURCES = bcrelay.c defaults.h our_syslog.h our_getopt.h
+subdirs = plugins
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
+	      cd $(srcdir) && $(AUTOMAKE) --foreign  \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) $(top_srcdir)/acconfig.h
+	cd $(top_srcdir) && $(AUTOHEADER)
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
+	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  if test -f $$p \
+	  ; then \
+	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \
+	  else :; fi; \
+	done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+	  echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(sbindir)/$$f"; \
+	done
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+bcrelay$(EXEEXT): $(bcrelay_OBJECTS) $(bcrelay_DEPENDENCIES) 
+	@rm -f bcrelay$(EXEEXT)
+	$(LINK) $(bcrelay_LDFLAGS) $(bcrelay_OBJECTS) $(bcrelay_LDADD) $(LIBS)
+pptpctrl$(EXEEXT): $(pptpctrl_OBJECTS) $(pptpctrl_DEPENDENCIES) 
+	@rm -f pptpctrl$(EXEEXT)
+	$(LINK) $(pptpctrl_LDFLAGS) $(pptpctrl_OBJECTS) $(pptpctrl_LDADD) $(LIBS)
+pptpd$(EXEEXT): $(pptpd_OBJECTS) $(pptpd_DEPENDENCIES) 
+	@rm -f pptpd$(EXEEXT)
+	$(LINK) $(pptpd_LDFLAGS) $(pptpd_OBJECTS) $(pptpd_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+.c.o:
+	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+uninstall-info-am:
+install-man5: $(man5_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(mkdir_p) "$(DESTDIR)$(man5dir)"
+	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.5*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    5*) ;; \
+	    *) ext='5' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \
+	done
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.5*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    5*) ;; \
+	    *) ext='5' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man5dir)/$$inst"; \
+	done
+install-man8: $(man8_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	mkdir $(distdir)
+	$(mkdir_p) $(distdir)/debian $(distdir)/debian/po $(distdir)/plugins $(distdir)/samples $(distdir)/tools
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r $(distdir)
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && cd $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}'
+distuninstallcheck:
+	@cd $(distuninstallcheck_dir) \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS) config.h all-local
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-local clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-hdr distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-exec-am: install-exec-local install-sbinPROGRAMS
+
+install-info: install-info-am
+
+install-man: install-man5 install-man8
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-local uninstall-man \
+	uninstall-sbinPROGRAMS
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.PHONY: CTAGS GTAGS all all-am all-local am--refresh check check-am \
+	clean clean-generic clean-local clean-sbinPROGRAMS ctags dist \
+	dist-all dist-bzip2 dist-gzip dist-shar dist-tarZ dist-zip \
+	distcheck distclean distclean-compile distclean-generic \
+	distclean-hdr distclean-tags distcleancheck distdir \
+	distuninstallcheck dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-exec \
+	install-exec-am install-exec-local install-info \
+	install-info-am install-man install-man5 install-man8 \
+	install-sbinPROGRAMS install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-info-am uninstall-local uninstall-man \
+	uninstall-man5 uninstall-man8 uninstall-sbinPROGRAMS
+
+
+@SET_MAKE@
+
+export LIBDIR=$(libdir)/pptpd
+
+all-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d all; done
+
+install-exec-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d prefix=$(prefix) DESTDIR=$(DESTDIR) install; done
+
+clean-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d clean; done
+
+uninstall-local:
+	for d in $(subdirs); do $(MAKE) $(MFLAGS) -C $$d prefix=$(prefix) DESTDIR=$(DESTDIR) uninstall; done
+
+package: deb rpm
+
+deb:
+	fakeroot dpkg-buildpackage -us -uc
+
+rpm:
+	fakeroot rpmbuild -ta pptpd-$(VERSION).tar.gz
+
+bcrelay.o: bcrelay.c config.h defaults.h our_syslog.h our_getopt.h
+
+compat.o: compat.c config.h compat.h our_syslog.h inststr.h
+
+configfile.o: configfile.c config.h defaults.h configfile.h our_syslog.h
+
+ctrlpacket.o: ctrlpacket.c config.h our_syslog.h pptpdefs.h pptpctrl.h \
+  ctrlpacket.h compat.h
+
+getopt.o: getopt.c config.h our_getopt.h
+
+getopt1.o: getopt1.c config.h our_getopt.h
+
+inststr.o: inststr.c config.h inststr.h compat.h
+
+ppphdlc.o: ppphdlc.c config.h ppphdlc.h
+
+pptpctrl.o: pptpctrl.c config.h our_syslog.h compat.h pptpctrl.h \
+  pptpgre.h pptpdefs.h ctrlpacket.h defaults.h
+
+pptpd.o: pptpd.c config.h our_syslog.h our_getopt.h configfile.h \
+  defaults.h compat.h pptpmanager.h
+
+pptpgre.o: pptpgre.c config.h our_syslog.h ppphdlc.h pptpgre.h pptpdefs.h \
+  pptpctrl.h defaults.h pqueue.h compat.h
+
+pptpmanager.o: pptpmanager.c config.h our_syslog.h configfile.h \
+  defaults.h pptpctrl.h pptpdefs.h pptpmanager.h compat.h
+
+pqueue.o: pqueue.c pqueue.h
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:

Makefile.uClinux

@@ -0,0 +1,68 @@
+
+PACKAGE = pptpd
+
+EXEC1 = pptpd
+OBJS1 = pptpd.o configfile.o pptpmanager.o compat.o getopt.o getopt1.o $(LIBRESOLV)
+
+EXEC2 = pptpctrl
+OBJS2 = pptpctrl.o ctrlpacket.o inststr.o compat.o pptpgre.o ppphdlc.o
+
+EXEC3 = bcrelay
+OBJS3 = bcrelay.o
+
+CFLAGS += -include config.embed.h -DPACKAGE='"$(PACKAGE)"' -DVERSION='"$(pptpd.VERSION).$(pptpd.PATCHLEVEL).$(pptpd.SUBLEVEL)"'
+FLTFLAGS += -s 8192
+
+ifdef BUILD_NETtel
+CFLAGS += -DCONFIG_NETtel
+endif
+
+
+all:		$(EXEC1) $(EXEC2) $(EXEC3)
+
+
+$(EXEC1):	$(OBJS1)
+		$(CC) $(LDFLAGS) -o $@ $(OBJS1) $(LDLIBS)
+
+$(EXEC2):	$(OBJS2)
+		$(CC) $(LDFLAGS) -o $@ $(OBJS2) $(LDLIBS)
+
+$(EXEC3):	$(OBJS3)
+		$(CC) $(LDFLAGS) -o $@ $(OBJS3) $(LDLIBS)
+
+clean:
+		-rm -f $(EXEC1) $(EXEC2) $(EXEC3) *.elf *.o
+
+## DO NOT ADD BELOW THIS POINT, DEPS ARE AUTOMATICALLY ADDED
+bcrelay.o: bcrelay.c config.embed.h defaults.h our_syslog.h our_getopt.h
+
+compat.o: compat.c config.embed.h compat.h our_syslog.h inststr.h
+
+configfile.o: configfile.c config.embed.h defaults.h configfile.h \
+  our_syslog.h
+
+ctrlpacket.o: ctrlpacket.c config.embed.h our_syslog.h pptpdefs.h \
+  pptpctrl.h ctrlpacket.h compat.h
+
+getopt.o: getopt.c config.embed.h our_getopt.h
+
+getopt1.o: getopt1.c config.embed.h our_getopt.h
+
+inststr.o: inststr.c config.embed.h inststr.h compat.h
+
+ppphdlc.o: ppphdlc.c config.embed.h ppphdlc.h
+
+pptpctrl.o: pptpctrl.c config.embed.h our_syslog.h compat.h pptpctrl.h \
+  pptpgre.h pptpdefs.h ctrlpacket.h defaults.h
+
+pptpd.o: pptpd.c config.embed.h our_syslog.h our_getopt.h configfile.h \
+  defaults.h compat.h pptpmanager.h
+
+pptpgre.o: pptpgre.c config.embed.h our_syslog.h ppphdlc.h pptpgre.h \
+  pptpdefs.h pptpctrl.h defaults.h pqueue.h compat.h
+
+pptpmanager.o: pptpmanager.c config.embed.h our_syslog.h configfile.h \
+  defaults.h pptpctrl.h pptpdefs.h pptpmanager.h compat.h
+
+pqueue.o: pqueue.c config.embed.h pqueue.h
+

NEWS

@@ -0,0 +1,121 @@
+1.3.4: released 2007-04-16
+
+- fix two release critical packet reordering bugs [Oester]
+- accept both types of domain delimiter [Cameron]
+- deprecate PPP_WAIT workaround in favour of turning off pty echo [Brady]
+
+1.3.3: released 2006-09-05
+
+- add missing connections option in sample pptpd.conf [Cameron]
+- add message to indicate when constrained by IP range [Cameron]
+- fix segfault on -C option, Closes Gentoo Bug #132898 [Nastac]
+- support mixed architecture build on x86_64 [Gorlov]
+- fix configure --with and --without option processing again [Cameron]
+- include libutil in logwtmp build [Gorlov]
+- fix spec file [Howarth]
+
+1.3.2: released 2006-04-18
+
+- fix configure --with and --without option processing [Cameron]
+- avoid reporting packet loss if debug option not set [Cameron]
+
+1.3.1: released 2006-02-14
+
+- make connections limit configurable at run-time [Cameron]
+- migrate --with-pppd-ip-alloc to delegate option [Cameron]
+- prevent initial unwanted GRE ACK [Barker]
+- bcrelay, ignore ENOBUFS [Rajkumar]
+- remove superfluous sigset [Cameron/Gono]
+- compilation fixes for gcc 4.0.1 [Cameron]
+- factorise argument processing in pptpctrl [Cameron/Visi]
+
+1.3.0: released 2005-08-03
+
+- disable Van Jacobson compression by default [Pokrywka]
+- prototype packet buffering and reordering [Bharadwaj]
+- comply with RFC2637 on echo wait and idle wait parameters [Brox]
+- new pptpd-logwtmp-strip-domain option [Cameron]
+- include html directory in make dist [Cameron]
+- defer writes to pty until pppd has set it up properly [Cameron]
+- process initial packet length header properly [Beregszaszi]
+- ignore ENETDOWN and ENXIO on sendto in bcrelay [Cameron]
+- add section on debugging to pptpd.8 [Mueller]
+
+1.2.3: released 2005-02-17
+
+- error check critical dup2 calls [Cameron]
+- add --enable-facility configure feature for syslog customisation [Cameron]
+- performance, use writev() if available, avoiding memcpy() [Sundberg]
+- compilation fix for gcc old versions [Cameron]
+
+1.2.2: released 2005-01-05
+
+- fix deadlock hang due to syslog(3) called by signal handler [Cameron]
+- turn off logging to stderr, to prevent loopback [Hall]
+- allow RPM to be build on RHEL [Brady]
+- init.d script, avoid spitting garbage [Mueller]
+
+1.2.1: released 2004-06-23
+
+- depend on ppp 2.4.3 CVS packages for plugin [Cameron]
+- init.d script, warn that restart may cause problems [Mueller]
+
+1.2.0-b4: released 2004-05-25
+
+- fix rpmbuild [Cameron]
+- include Debian downstream packaging patches [Mayrhofer]
+- fix for options file check when no options file wanted [Cameron]
+- fix for SIGTERM handling [Guraj]
+- minor manual page edits [Wilson]
+- fix printing of connection speed [Dubiec]
+- fix segfault if built --with-bcrelay but no option used [Cameron]
+- add --logwtmp option to track users online [Cameron/Guraj]
+- remove vpnwho.pl from package (due to --logwtmp) [Cameron]
+- include README.portslave in distribution [Cameron]
+
+1.2.0-b3: released 2004-04-25 (ANZAC day)
+
+- add hint for EIO to suggest pppd option syntax [Cameron]
+- add routing checklists to pptpd.conf man page [Cameron]
+- fix broken --stimeout option [Cameron]
+- rework all manual pages, cross check against programs [Cameron]
+- add --ppp option for portslave support [Cameron]
+- fix unanticipated exit() when --noipparam option used [Cameron]
+- fix segfault on pptpctrl called with no arguments [Cameron]
+  {closes: Bug#140709}
+- include vpnwho.pl in package [!3runo]
+- note that speed is ineffective on Linux [Cameron]
+- rework comments in sample configuration files [Cameron]
+- update references to web sites [Cameron]
+- minor edits to manual pages [Cameron]
+- improve script comments [Cameron]
+- remove superfluous files and tidy CVS repository [Cameron]
+- disable obsolete scripts [Cameron]
+
+1.2.0-b2: released 2004-04-22 to test team (Peter & Bruno)
+
+- fix build without bcrelay [Cameron]
+- adopt bcrelay version from main package [Cameron]
+- when built without bcrelay, the bcrelay will exit [Cameron]
+- GNU standards compliance, no CVS in dist
+- new maintainer [Cameron]
+
+1.1.4-b4: 
+
+- terminate call on any CALL_CLR_RQST [!3runo]
+- unblock SIGCHLD [Stamfest]
+  {closes: Bug#248123}
+- report pppd path in debug mode [Cameron]
+- report cause of failed execvp() [Cameron]
+- explain pppd launch failure [Cameron]
+- pass ipparam to pppd [Ammirata]
+- add bcrelay [Bolhuis]
+- fix loss of first GRE packet [fghdgh]
+- fix inheritance of console file descriptors [fghdgh]
+- fix pidfile option [Mandzgaladze]
+- fix two buffer overflows [Otero]
+- fix potential buffer overflow [Vroede]
+- enhance callid [Latypov] {does not close Bug#171831}
+
+1.1.3: 
+

README

@@ -0,0 +1,30 @@
+Poptop README
+-------------
+
+You *must* do a 'make install' or Poptop will *NOT* find the binaries!
+See INSTALL for generic compile/install instructions, and run
+"./configure --help" for a list of valid options, or just type:
+
+./configure
+make
+make install
+
+(make install copies the binaries to /usr/local/sbin, so you better be root)
+
+To run Poptop simply type: 'pptpd' (or /usr/local/sbin/pptpd if you don't
+have /usr/local/sbin in your path).
+
+You may specify a number of options on the command line to change
+how Poptop launches PPP.
+
+Type: 'pptpd -h' for options you may specify on the command line.
+
+A sample config file is in samples/
+
+For more help look in html/
+or visit the Poptop web site at: http://poptop.sourceforge.net/
+
+
+Good Luck!
+
+-Poptop Development Team

README.bcrelay

@@ -0,0 +1,72 @@
+BCrelay v0.5 by Richard de Vroede <r.devroede@linvision.com>
+Original program by: TheyCallMeLuc(at)yahoo.com.au
+-------------------------------------------------------------------------------
+Index
+1. License
+2. What is it?
+3. Usage
+4. Contact
+
+-------------------------------------------------------------------------------
+1. License
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+Your copy is available at: http://www.gnu.org/licenses/gpl.html
+
+-------------------------------------------------------------------------------
+2. What is it?
+
+A broadcast packet repeater. This packet repeater (currently designed
+for udp packets) will listen for broadcast packets. When it receives
+the packets on the incoming interface, it will then re-broadcast them
+to the outgoing interface.
+
+-------------------------------------------------------------------------------
+3. Usage
+
+Usage: /usr/sbin/bcrelay [options], where options are:
+
+ [-d] [--daemon]           Run as daemon.
+ [-h] [--help]             Displays this help message.
+ [-i] [--incoming]         Defines from which interface broadcasts will be
+                           relayed.
+ [-o] [--outgoing]         Defines to which interface broadcasts will be
+                           relayed.
+ [-s] [--ipsec]            Defines an ipsec tunnel to be relayed to.
+                           Since ipsec tunnels terminate on the same
+                           interface, we need to define the broadcast
+                           address of the other end-point of the
+                           tunnel.  This is done as ipsec0:x.x.x.255
+ [-v] [--version]          Displays the BCrelay version number.
+
+Logs and debugging go to syslog as DAEMON.
+
+Interfaces can be specified as regexpressions, ie. ppp[0-9]+
+
+-------------------------------------------------------------------------------
+4. Contact
+
+All comments, patches, improvements can be mailed to me, or the
+mailing list.  If it makes sense, I will update this package.
+
+Richard de Vroede          : r.devroede@linvision.com
+Original author            : TheyCallMeLuc@yahoo.com.au
+Poptop Mailinglist         : poptop-server@lists.sourceforge.net
+Official Poptop website    : http://www.poptop.org
+SourceForge Poptop website : http://sourgeforge.net/projects/poptop
+
+-------------------------------------------------------------------------------
+
+

README.cvs

@@ -0,0 +1,28 @@
+20040425
+
+a) the main CVS module "poptop" is no longer the stable version, it is
+   all versions, and the HEAD is unstable.
+
+b) CVS tags have been added:
+
+   poptop-1_1_3-a is the previous stable version tag.
+       (before merging 1.1.4 changes with 1.1.3 head)
+   pptpd-1_2_0-b1 is the first beta of the new release.
+   pptpd-1_2_0-b2 is the second beta of the new release.
+   pptpd-1_2_0-b3 is the third beta of the new release.
+
+   See "man cvs" for how to check out or track a tag release.
+
+c) the secondary CVS module "poptop-1.1.3" is deprecated, but HEAD
+   contains 1.1.4-b4.
+
+d) 1.1.4-b4 plus a few minor edits has been released to a small test
+   team as 1.2.0-b2.  Results will be published when known.  Other
+   testers welcome; write to me.
+
+CVS Tags (module poptop)
+
+cvs tag -F pptpd-1_2_0-b3
+cvs tag -F pptpd-1_2_0-b2
+cvs tag -F poptop-1_1_3-a (before merging 1.1.4 changes with 1.1.3 head)
+

README.inetd

@@ -0,0 +1,45 @@
+It is possible to run from inetd but you must consider
+the following:
+
+  You use pptpctrl not pptpd.
+
+  You must put pptpctrl in /etc/services as port 1723.
+
+  You must configure pppd to allocate IP addresses (eg,
+  use /etc/options.ttyXX, the pppd erpcd hack and an erpcd,
+  or some other modification to pppd).
+
+  libwrap is not used in this mode - you should use tcp
+  wrappers in inetd like with any other network service.
+
+  The configuration file is ignored in this mode.
+
+  An example command line is:
+
+     pptpctrl 0 0 0 0 0
+
+  This would be put in inetd.conf as (assuming Linux tcp
+  wrappers):
+
+    pptpctrl stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/pptpctrl 0 0 0 0 0 --buffer--
+
+  Note the --buffer-- is just to make the process name
+  longer so it can modify its name to something meaningful.
+
+  First option: debugging (0 for off, 1 for on)
+  Second option: PPP options file (0 for off, 1 followed
+                 by a file name for on)
+  Third option: TTY speed (0 for default, 1 followed
+                by a speed to set a speed)
+  Fourth option: Local IP address (0 for pppd-determined,
+                 1 followed by an address to set)
+  Fifth option: Remote IP address (0 for pppd-determined,
+                1 followed by an address to set)
+
+  Another example, debugging on, alternate config file,
+  setting tty speed and specifying the local IP address:
+
+     pptpctrl 1 1 /etc/ppp/options.PPTP 1 115200 1 192.168.0.1 0
+
+David Luyer, luyer@ucs.uwa.edu.au
+Tue Jun 15 16:06:05 WST 1999

README.logwtmp

@@ -0,0 +1,36 @@
+$Id: README.logwtmp,v 1.1 2004/04/28 11:36:07 quozl Exp $
+pptpd 1.2.0 logwtmp feature, by James Cameron, 28th April 2004.
+
+The --logwtmp feature uses the standard wtmp feature to track users
+who have connections to the server.  It works as follows.
+
+When a connection occurs, pptpd launches pppd with two additional
+options.  The first option directs pppd to load the pptpd-logwtmp.so
+plugin.  The second option is the IP address of the client.
+
+	"plugin /usr/lib/pptpd/pptpd-logwtmp.so"
+	"pptpd-original-ip 10.0.0.1"
+
+The plugin defines the pptpd-original-ip option so that pppd will
+accept it.
+
+If the plugin fails to load, pppd will fail in the usual manner.  Such
+a failure will usually be related to a missing file in /usr/lib/pptpd.
+
+The plugin asks pppd to notify it when IP comes up or goes down.
+
+When IP comes up, the plugin's ip_up() function executes, calling
+logwtmp() to mark the user as logged in.  Once this has happened,
+commands like "who" will show the user.  The tty will be set to the
+PPP interface name.
+
+When IP goes down, the plugin's ip_down() function executes, removing
+the entry from wtmp.  Note that a "kill -9" on the pppd will result in
+a user appearing to remain logged in.  Don't use "kill -9", use an
+ordinary kill.
+
+If pppd debug mode is enabled, the plugin announces it's version when
+loaded, and reports the parameters it is handing over to the logwtmp
+call.  See the plugins/pptpd-logwtmp.c source.
+
+--

README.portslave

@@ -0,0 +1,12 @@
+Contributed by Russell Coker on Debian Bug#126486.
+
+/etc/pptp.conf:
+option /etc/ppp/pptp.options
+localip 192.168.236.133
+# refer pptpd to use the pptp-portslave script instead of regular pppd
+pppd /usr/sbin/pptp-portslave
+
+/etc/portslave/pslave.conf:
+# configure it as usual, but with lines defined for pseudo-tty devices
+s{1000-1063}.tty   pts/{0-63}
+

README.slirp

@@ -0,0 +1,29 @@
+How 2 use slirp with pptpd-0.9.0
+
+o Grab the slirp-1.0c package and install it
+  ftp://blitzen.canberra.edu.au/pub/slirp/slirp-1.0c.tar.gz
+  (other versions might work also, but were not tested)
+
+Then install pptpd
+
+o ./configure --with-slirp
+
+o Set path to slirp in config.h right
+
+o Be sure to have a HOME variable set when you start 
+  pptpd, because slirp reads the HOME/.chap-secrets file
+  for authentication
+  This file must be filled in the same way as the 
+  chap-secrets for pppd
+
+o For the rest follow the pptpd instructions
+
+o I have tested this with a Solaris 2.4 server, gcc and 
+  pptpd running on this configuration. As client I used 
+  Win95 DUN 1.3. I only tested this on a local network because 
+  our routers still block port 47.
+  With this test I get a clean authentication.
+
+Harald Vogt, vogt@serc.nl
+Mon Jun 14 09:49:40 MET DST 1999
+

TODO

@@ -0,0 +1,110 @@
+This is the pptpd project TODO list.
+
+(Note: tasks that are probably easy are marked with a [JJ], which
+means Junior Jobs, following the KDE tradition suggested by Adriaan de
+Groot in May 2004.)
+
+20060714-1, 1.3.2, bcrelay is built even if --enable-bcrelay is not used.
+
+20050105-1, 1.2.1, denial of service, for ten seconds (or --stimeout)
+the pptpd will not process further connections while it waits for a
+client to send data.  The second select() will prevent any further
+accept() calls.  To be tested.
+
+20041108-0, 1.2.1, vpnstats does not parse RHEL3 log output
+successfully.  It also creates a cron.weekly entry that is not removed
+when the package is removed.  Yet to test if vpnstats.pl works okay.
+[JJ]
+
+20040811-0, 1.2.1, RFC2637 timers IDLE_WAIT and MAX_ECHO_WAIT, in
+pptpdefs.h, make these configurable, requested by Tobias Brox.  [JJ]
+
+20040623-0, 1.2.1, "Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd
+version 2.4.2, this is 2.4.3" happens if pppd 2.4.3 is installed, or
+vice versa if 2.4.2 is installed.  [JJ] Workaround on common
+distributions is to use makepackage instead of "make install".
+pptpd.init is also affected, as it has a hardcoded path to pptpd.
+Configure script should detect or accept version of pppd to build
+against.
+
+20040521-4, 1.2.0-b3, running on Fedora Core 1, kernel ? , when a
+connection arrives a warning is issued by the kernel "application bug:
+pptpctrl($PID) has SIGCHLD set to SIG_IGN but calls wait().  (see the
+NOTES section of 'man 2 wait').  Workaround activated."
+
+20040521-0, 1.2.0-b3, write bcrelay man page.  (Debian lintian for
+pptpd 1.1.4-0b4-1)  [JJ]
+
+feature: nuke prior login by user, by writing a new pppd plugin.
+
+feature: prevent login by user if prior login still in progress, using
+pppd plugin that captures old hook and re-uses it, during chap auth.
+
+20040428-7, CVS HEAD, minor, pptpctrl.c refers to hard coded path
+/usr/lib/pptpd/pptpd-logwtmp.so instead of path derived from prefix
+given to configure script.  also, the rpm build fails if not run in a
+fakeroot.
+
+review debian bug reports for pptpd package
+http://bugs.debian.org/pptpd
+
+20040426-0 bug: terminating immediately on CALL_CLR_RQST from client
+(1.2.0-b3) may violate the RFC, but was done to fix zombie pppd, Bruno
+will try older version to gather system state information to see why
+it happened, but there is indeed a design defect that doesn't reap
+(wait() on the PID of) the pppd it had previously forked.  it probably
+isn't right to simply kill() the pppd until it has had a chance to
+finish up, e.g. ip-down scripts.  context is pptpctrl.c.  on the other
+hand, if a stop control connection request arrives, are the active
+connections supposed to be closed; there are reports of pppd living
+on.
+
+minor bug: pptpctrl.c:302 (1.11) there is a test for absolute file
+descriptor numbers, which is probably not portable.
+
+bug: 1.2.0-b3 configfile.c opens, reads and closes /etc/pptpd.conf as
+many times as there are possible option values, and only returns the
+first match for a keyword, not the last.
+
+20030214, ignore EPERM on GRE write for a short time in case netfilter
+is being adjusted by ip-up scripts, Bug #181005.
+
+20030801, 1.1.3, XP seems to need mtu negotiation 4 lower than
+serverside.  MS PPTP-server handles this correctly.
+
+20030620, 1.1.3, PPTP daemon waiting for infinite time if the
+pptpd.conf file does not have a new line character at the EOF. So we
+need a config-check routine. It is allready there, but it seems to
+output to stdout.
+
+20030611, 1.1.3, pptpd incorrectly hides all pppd error output.  This
+is a defect and should be fixed. It apparently doesn't even wait for
+and report the pppd exit status.
+
+20030526, 1.1.3, Make choice between slirp, pppd and BSD userspace
+PPPD a runtime one instead of compile time.
+
+20030218, 1.1.3, ask IP-info from a real DHCP-server. It is possible
+to get a Radius-server to do this.
+
+20030128, 1.1.3, Make the logentries more verbose, so that they
+actually mean something to the admins.
+
+20021220, 1.1.3, Add a way to define pools for different usergroups.
+
+19990802, 1.1.3, We don't actually implement any kind of window
+protocol, congestion control, etc, etc.  Very simple algorithm which
+works well on LANs and good performance links but could be improved
+for slow distant dialups/bad routing and links.
+
+19990705, 1.1.3, PNS mode and all things which go with it aren't
+supported properly.  We're only an IP tunnelling PAC, and our clients
+act as a PNS, as per the draft.  We may implement PNS mode and related
+things like multiple calls from one client IP in the future
+(post-1.0).
+
+19990413, 1.1.3, SET LINK INFO (CTRL Message 15) is not fully
+implemented. This doesn't cause any problem with Win95/98/NT or Linux
+clients.  NT clients send a default set of ACCMs which we validate and
+ignore, the others don't send anything.  Probably fine for all IP
+tunneling clients (post-1.0).

acconfig.h

@@ -0,0 +1,52 @@
+/*
+ * acconfig.h
+ *
+ * Additional autoconf defines for this program.
+ *
+ * $Id: acconfig.h,v 1.6 2005/12/29 01:21:09 quozl Exp $
+ */
+
+/* Use BSD User land PPP? */
+#undef BSDUSER_PPP
+
+/* Use SLIRP? */
+#undef SLIRP
+
+/* Enable Broadcast Relay? */
+#undef BCRELAY
+
+/* Work as a PNS rather than a PAC? */
+#undef PNS_MODE
+
+/* Communicate between control and manager processes with a pipe */
+#undef CTRL_MGR_PIPE
+
+/* Where is my pppd? */
+#undef PPP_BINARY
+
+/* Syslog Facility to use?  See openlog(3). */
+#undef PPTP_FACILITY
+
+/* Have libwrap? */
+#undef HAVE_LIBWRAP
+
+/* Package name */
+#undef PACKAGE
+
+/* Version */
+#undef VERSION
+
+/* Just #define to int if it's not defined */
+#undef socklen_t
+
+/* These would be better as typedefs, but... */
+#undef u_int8_t
+#undef u_int16_t
+#undef u_int32_t
+
+/* And the signed size_t */
+/* (normal size_t is done by standard autoconf) */
+#undef ssize_t
+
+/* Define if you have an openpty() (non-standard check) */
+#undef HAVE_OPENPTY

aclocal.m4

@@ -0,0 +1,862 @@
+# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# Copyright (C) 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION so it can be traced.
+# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+	 [AM_AUTOMAKE_VERSION([1.9.6])])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 7
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])
+AC_SUBST([$1_FALSE])
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    case $depmode in
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    none) break ;;
+    esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
+    if depmode=$depmode \
+       source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 3
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[for mf in $CONFIG_FILES; do
+  # Strip MF so we end up with the name of the file.
+  mf=`echo "$mf" | sed -e 's/:.*$//'`
+  # Check whether this is an Automake generated Makefile or not.
+  # We used to match only the files named `Makefile.in', but
+  # some people rename them; so instead we look at the file content.
+  # Grep'ing the first line is not enough: some people post-process
+  # each Makefile.in and add a new line on top of each file to say so.
+  # So let's grep whole file.
+  if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+    dirpart=`AS_DIRNAME("$mf")`
+  else
+    continue
+  fi
+  # Extract the definition of DEPDIR, am__include, and am__quote
+  # from the Makefile without running `make'.
+  DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+  test -z "$DEPDIR" && continue
+  am__include=`sed -n 's/^am__include = //p' < "$mf"`
+  test -z "am__include" && continue
+  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+  # When using ansi2knr, U may be empty or an underscore; expand it
+  U=`sed -n 's/^U = //p' < "$mf"`
+  # Find all dependency output files, they are included files with
+  # $(DEPDIR) in their names.  We invoke sed twice because it is the
+  # simplest approach to changing $(DEPDIR) to its actual value in the
+  # expansion.
+  for file in `sed -n "
+    s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+    # Make sure the directory exists.
+    test -f "$dirpart/$file" && continue
+    fdir=`AS_DIRNAME(["$file"])`
+    AS_MKDIR_P([$dirpart/$fdir])
+    # echo "creating $dirpart/$file"
+    echo '# dummy' > "$dirpart/$file"
+  done
+done
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONFIG_HEADER is obsolete.  It has been replaced by AC_CONFIG_HEADERS.
+AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 12
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.58])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+   test -f $srcdir/config.status; then
+  AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_PROG_INSTALL_SH
+AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+              [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+	      		     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+                  [_AM_DEPENDENCIES(CC)],
+                  [define([AC_PROG_CC],
+                          defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+                  [_AM_DEPENDENCIES(CXX)],
+                  [define([AC_PROG_CXX],
+                          defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+])
+])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $1 | $1:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+   am__include=include
+   am__quote=
+   _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+      am__include=.include
+      am__quote="\""
+      _am_result=BSD
+   fi
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise.
+#
+# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories
+# created by `make install' are always world readable, even if the
+# installer happens to have an overly restrictive umask (e.g. 077).
+# This was a mistake.  There are at least two reasons why we must not
+# use `-m 0755':
+#   - it causes special bits like SGID to be ignored,
+#   - it may be too restrictive (some setups expect 775 directories).
+#
+# Do not use -m 0755 and let people choose whatever they expect by
+# setting umask.
+#
+# We cannot accept any implementation of `mkdir' that recognizes `-p'.
+# Some implementations (such as Solaris 8's) are not thread-safe: if a
+# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c'
+# concurrently, both version can detect that a/ is missing, but only
+# one can create it and the other will error out.  Consequently we
+# restrict ourselves to GNU make (using the --version option ensures
+# this.)
+AC_DEFUN([AM_PROG_MKDIR_P],
+[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+  # We used to keeping the `.' as first argument, in order to
+  # allow $(mkdir_p) to be used without argument.  As in
+  #   $(mkdir_p) $(somedir)
+  # where $(somedir) is conditionally defined.  However this is wrong
+  # for two reasons:
+  #  1. if the package is installed by a user who cannot write `.'
+  #     make install will fail,
+  #  2. the above comment should most certainly read
+  #     $(mkdir_p) $(DESTDIR)$(somedir)
+  #     so it does not work when $(somedir) is undefined and
+  #     $(DESTDIR) is not.
+  #  To support the latter case, we have to write
+  #     test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+  #  so the `.' trick is pointless.
+  mkdir_p='mkdir -p --'
+else
+  # On NextStep and OpenStep, the `mkdir' command does not
+  # recognize any option.  It will interpret all options as
+  # directories to create, and then abort because `.' already
+  # exists.
+  for d in ./-p ./--version;
+  do
+    test -d $d && rmdir $d
+  done
+  # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+  if test -f "$ac_aux_dir/mkinstalldirs"; then
+    mkdir_p='$(mkinstalldirs)'
+  else
+    mkdir_p='$(install_sh) -d'
+  fi
+fi
+AC_SUBST([mkdir_p])])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t $srcdir/configure conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+

compat.c

@@ -0,0 +1,201 @@
+/*
+ * compat.c
+ *
+ * Compatibility functions for different OSes
+ *
+ * $Id: compat.c,v 1.6 2005/08/22 00:48:34 quozl Exp $
+ */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "compat.h"
+
+#ifndef HAVE_STRLCPY
+#include <string.h>
+#include <stdio.h>
+
+void strlcpy(char *dst, const char *src, size_t size)
+{
+	strncpy(dst, src, size - 1);
+	dst[size - 1] = '\0';
+}
+#endif
+
+#ifndef HAVE_MEMMOVE
+void *memmove(void *dst, const void *src, size_t size)
+{
+	bcopy(src, dst, size);
+	return dst;
+}
+#endif
+
+#ifndef HAVE_OPENPTY
+/*
+ * Finds a free PTY/TTY pair.
+ *
+ * This is derived from C.S. Ananian's pty.c that was with his pptp client.
+ *
+ *************************************************************************
+ * pty.c - find a free pty/tty pair.
+ *         inspired by the xterm source.
+ *         NOTE: This is very likely to be highly non-portable.
+ *         C. Scott Ananian <cananian@alumni.princeton.edu>
+ *
+ * Heavily modified to chage from getpseudopty() to openpty().
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#if HAVE_SYSLOG_H
+#include <syslog.h>
+#else
+#include "our_syslog.h"
+#endif
+
+int openpty(int *master, int *slave, char *name, void *unused1, void *unused2)
+{
+	int devindex = 0, letter = 0;
+	int fd1, fd2;
+	char ttydev[PTYMAX], ptydev[TTYMAX];
+
+	syslog(LOG_DEBUG, "CTRL: Allocating pty/tty pair");
+	strcpy(ttydev, TTYDEV);
+	strcpy(ptydev, PTYDEV);
+	while (PTYCHAR1[letter]) {
+		ttydev[TTYMAX - 3] = ptydev[PTYMAX - 3] = PTYCHAR1[letter];
+		while (PTYCHAR2[devindex]) {
+			ttydev[TTYMAX - 2] = ptydev[PTYMAX - 2] = PTYCHAR2[devindex];
+			if ((fd1 = open(ptydev, O_RDWR)) >= 0) {
+				if ((fd2 = open(ttydev, O_RDWR)) >= 0) {
+					goto out;
+				} else {
+					close(fd1);
+				}
+			}
+			devindex++;
+		}
+		devindex = 0;
+		letter++;
+	}
+	syslog(LOG_ERR, "CTRL: Failed to allocate pty");
+	return -1;		/* Unable to allocate pty */
+
+      out:
+	syslog(LOG_INFO, "CTRL: Allocated pty/tty pair (%s,%s)", ptydev, ttydev);
+	if (master)
+		*master = fd1;
+	if (slave)
+		*slave = fd2;
+	if (name)
+		strcpy(name, ttydev);	/* no way to bounds check */
+	return 0;
+}
+#endif
+
+#ifndef HAVE_STRERROR
+char *strerror(int errnum) {
+	static char buf[16];
+	sprintf(buf, "Error %d", errnum);
+	return buf;
+}
+#endif
+
+#ifndef HAVE_SETPROCTITLE
+#include "inststr.h"
+#endif
+
+#define __USE_BSD 1
+#include <stdarg.h>
+#include <stdio.h>
+
+void my_setproctitle(int argc, char **argv, const char *format, ...) {
+       char proctitle[64];
+       va_list parms;
+       va_start(parms, format);
+       vsnprintf(proctitle, sizeof(proctitle), format, parms);
+
+#ifndef HAVE_SETPROCTITLE
+       inststr(argc, argv, proctitle);
+#else
+       setproctitle(proctitle);
+#endif
+       va_end(parms);
+}
+
+/* signal to pipe delivery implementation */
+#include <unistd.h>
+#include <fcntl.h>
+#include <signal.h>
+
+/* pipe private to process */
+static int sigpipe[2];
+
+/* create a signal pipe, returns 0 for success, -1 with errno for failure */
+int sigpipe_create()
+{
+  int rc;
+  
+  rc = pipe(sigpipe);
+  if (rc < 0) return rc;
+  
+  fcntl(sigpipe[0], F_SETFD, FD_CLOEXEC);
+  fcntl(sigpipe[1], F_SETFD, FD_CLOEXEC);
+  
+#ifdef O_NONBLOCK
+#define FLAG_TO_SET O_NONBLOCK
+#else
+#ifdef SYSV
+#define FLAG_TO_SET O_NDELAY
+#else /* BSD */
+#define FLAG_TO_SET FNDELAY
+#endif
+#endif
+  
+  rc = fcntl(sigpipe[1], F_GETFL);
+  if (rc != -1)
+    rc = fcntl(sigpipe[1], F_SETFL, rc | FLAG_TO_SET);
+  if (rc < 0) return rc;
+  return 0;
+#undef FLAG_TO_SET
+}
+
+/* generic handler for signals, writes signal number to pipe */
+void sigpipe_handler(int signum)
+{
+  write(sigpipe[1], &signum, sizeof(signum));
+  signal(signum, sigpipe_handler);
+}
+
+/* assign a signal number to the pipe */
+void sigpipe_assign(int signum)
+{
+  struct sigaction sa;
+
+  memset(&sa, 0, sizeof(sa));
+  sa.sa_handler = sigpipe_handler;
+  sigaction(signum, &sa, NULL);
+}
+
+/* return the signal pipe read file descriptor for select(2) */
+int sigpipe_fd()
+{
+  return sigpipe[0];
+}
+
+/* read and return the pending signal from the pipe */
+int sigpipe_read()
+{
+  int signum;
+  read(sigpipe[0], &signum, sizeof(signum));
+  return signum;
+}
+
+void sigpipe_close()
+{
+  close(sigpipe[0]);
+  close(sigpipe[1]);
+}
+

compat.h

@@ -0,0 +1,82 @@
+/*
+ * compat.h
+ *
+ * Compatibility functions for different OSes (prototypes)
+ *
+ * $Id: compat.h,v 1.5 2005/01/05 11:01:51 quozl Exp $
+ */
+
+#ifndef _PPTPD_COMPAT_H
+#define _PPTPD_COMPAT_H
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#if HAVE_SETSID
+#define SETSIDPGRP setsid
+#else
+#define SETSIDPGRP setpgrp
+#endif
+
+#include <sys/types.h>
+
+#ifndef HAVE_STRLCPY
+/* void since to be fast and portable, we use strncpy, but this
+ * means we don't know how many bytes were copied
+ */
+extern void strlcpy(char *dst, const char *src, size_t size);
+#endif	/* !HAVE_STRLCPY */
+
+#ifndef HAVE_MEMMOVE
+extern void *memmove(void *dst, const void *src, size_t size);
+#endif	/* !HAVE_MEMMOVE */
+
+#ifndef HAVE_OPENPTY
+/* Originally from code by C. S. Ananian */
+
+/* These are the Linux values - and fairly sane defaults.
+ * Since we search from the start and just skip errors, they'll do.
+ * Note that Unix98 has an openpty() call so we don't need to worry
+ * about the new pty names here.
+ */
+#define PTYDEV		"/dev/ptyxx"
+#define TTYDEV		"/dev/ttyxx"
+#define PTYMAX		11
+#define TTYMAX		11
+#define PTYCHAR1	"pqrstuvwxyzabcde"
+#define PTYCHAR2	"0123456789abcdef"
+
+/* Dummy the last 2 args, so we don't have to find the right include
+ * files on every OS to define the needed structures.
+ */
+extern int openpty(int *, int *, char *, void *, void *);
+#endif	/* !HAVE_OPENPTY */
+
+#ifndef HAVE_STRERROR
+extern char *strerror(int);
+#endif
+
+extern void my_setproctitle(int argc, char **argv, const char *format, ...)
+       __attribute__ ((format (printf, 3, 4)));
+
+/* signal to pipe delivery implementation */
+
+/* create a signal pipe, returns 0 for success, -1 with errno for failure */
+int sigpipe_create();
+
+/* generic handler for signals, writes signal number to pipe */
+void sigpipe_handler(int signum);
+
+/* assign a signal number to the pipe */
+void sigpipe_assign(int signum);
+
+/* return the signal pipe read file descriptor for select(2) */
+int sigpipe_fd();
+
+/* read and return the pending signal from the pipe */
+int sigpipe_read();
+
+void sigpipe_close();
+
+#endif	/* !_PPTPD_COMPAT_H */

config.embed.h

@@ -0,0 +1,15 @@
+/*
+ * config.embed.h
+ *
+ * Dummy autoconf results for uClinux target.
+ *
+ * $Id: config.embed.h,v 1.4 2004/04/22 10:48:16 quozl Exp $
+ */
+
+#define STDC_HEADERS 1
+#define HAVE_SETSID 1
+#define HAVE_MEMMOVE 1
+#define HAVE_STRING_H 1
+#define PPP_BINARY "/bin/pppd"
+#define BCRELAY_BIN "/bin/bcrelay"
+#define SBINDIR "/bin"

config.h.in

@@ -0,0 +1,185 @@
+/* config.h.in.  Generated from configure.in by autoheader.  */
+/*
+ * acconfig.h
+ *
+ * Additional autoconf defines for this program.
+ *
+ * $Id: config.h.in,v 1.25 2007/04/16 01:08:47 quozl Exp $
+ */
+
+/* Use BSD User land PPP? */
+#undef BSDUSER_PPP
+
+/* Use SLIRP? */
+#undef SLIRP
+
+/* Enable Broadcast Relay? */
+#undef BCRELAY
+
+/* Work as a PNS rather than a PAC? */
+#undef PNS_MODE
+
+/* Communicate between control and manager processes with a pipe */
+#undef CTRL_MGR_PIPE
+
+/* Where is my pppd? */
+#undef PPP_BINARY
+
+/* Syslog Facility to use?  See openlog(3). */
+#undef PPTP_FACILITY
+
+/* Have libwrap? */
+#undef HAVE_LIBWRAP
+
+/* Package name */
+#undef PACKAGE
+
+/* Version */
+#undef VERSION
+
+/* Just #define to int if it's not defined */
+#undef socklen_t
+
+/* These would be better as typedefs, but... */
+#undef u_int8_t
+#undef u_int16_t
+#undef u_int32_t
+
+/* And the signed size_t */
+/* (normal size_t is done by standard autoconf) */
+#undef ssize_t
+
+/* Define if you have an openpty() (non-standard check) */
+#undef HAVE_OPENPTY
+
+/* Define to 1 if you have the `daemon' function. */
+#undef HAVE_DAEMON
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* Define to 1 if you have the `getservbyname' function. */
+#undef HAVE_GETSERVBYNAME
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `c' library (-lc). */
+#undef HAVE_LIBC
+
+/* Define to 1 if you have the `intl' library (-lintl). */
+#undef HAVE_LIBINTL
+
+/* Define to 1 if you have the <libintl.h> header file. */
+#undef HAVE_LIBINTL_H
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the `util' library (-lutil). */
+#undef HAVE_LIBUTIL
+
+/* Define to 1 if you have the <libutil.h> header file. */
+#undef HAVE_LIBUTIL_H
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define to 1 if you have the `setproctitle' function. */
+#undef HAVE_SETPROCTITLE
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `writev' function. */
+#undef HAVE_WRITEV
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef ssize_t
+
+/* Define to `unsigned short' if <sys/types.h> does not define. */
+#undef u_int16_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef u_int32_t
+
+/* Define to `unsigned char' if <sys/types.h> does not define. */
+#undef u_int8_t

configfile.c

@@ -0,0 +1,160 @@
+/*
+ * configfile.c
+ *
+ * Methods for accessing the PPTPD config file and searching for
+ * PPTPD keywords.
+ *
+ * $Id: configfile.c,v 1.2 2004/04/22 10:48:16 quozl Exp $
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "defaults.h"
+#include "configfile.h"
+#include "our_syslog.h"
+
+/* Local function prototypes */
+static FILE *open_config_file(char *filename);
+static void close_config_file(FILE * file);
+
+/*
+ * read_config_file
+ *
+ * This method opens up the file specified by 'filename' and searches
+ * through the file for 'keyword'. If 'keyword' is found any string
+ * following it is stored in 'value'.
+ *
+ * args: filename (IN) - config filename
+ *       keyword (IN) - word to search for in config file
+ *       value (OUT) - value of keyword
+ *
+ * retn: -1 on error, 0 if keyword not found, 1 on value success
+ */
+int read_config_file(char *filename, char *keyword, char *value)
+{
+	FILE *in;
+	int len = 0, keyword_len = 0;
+	int foundit = 0;
+
+	char *buff_ptr;
+	char buffer[MAX_CONFIG_STRING_SIZE];
+
+	*value = '\0';
+	buff_ptr = buffer;
+	keyword_len = strlen(keyword);
+
+	in = open_config_file(filename);
+	if (in == NULL) {
+		/* Couldn't find config file, or permission denied */
+		return -1;
+	}
+	while ((fgets(buffer, MAX_CONFIG_STRING_SIZE - 1, in)) != NULL) {
+		/* ignore long lines */
+		if (buffer[(len = strlen(buffer)) - 1] != '\n') {
+			syslog(LOG_ERR, "Long config file line ignored.");
+			do
+				fgets(buffer, MAX_CONFIG_STRING_SIZE - 1, in);
+			while (buffer[strlen(buffer) - 1] != '\n');
+			continue;
+		}
+
+		len--;			/* For the NL at the end */
+		while (--len >= 0)
+			if (buffer[len] != ' ' && buffer[len] != '\t')
+				break;
+
+		len++;
+		buffer[len] = '\0';
+
+		buff_ptr = buffer;
+
+		/* Short-circuit blank lines and comments */
+		if (!len || *buff_ptr == '#')
+			continue;
+
+		/* Non-blank lines starting with a space are an error */
+
+		if (*buff_ptr == ' ' || *buff_ptr == '\t') {
+			syslog(LOG_ERR, "Config file line starts with a space: %s", buff_ptr);
+			continue;
+		}
+
+		/* At this point we have a line trimmed for trailing spaces. */
+		/* Now we need to check if the keyword matches, and if so */
+		/* then get the value (if any). */
+
+		/* Check if it's the right keyword */
+
+		do {
+			if (*buff_ptr == ' ' || *buff_ptr == '\t')
+				break;
+		} while (*++buff_ptr);
+
+		len = buff_ptr - buffer;
+		if (len == keyword_len && !strncmp(buffer, keyword, len)) {
+			foundit++;
+			break;
+		}
+	}
+
+	close_config_file(in);
+
+	if (foundit) {
+		/* Right keyword, now get the value (if any) */
+
+		do {
+			if (*buff_ptr != ' ' && *buff_ptr != '\t')
+				break;
+			
+		} while (*++buff_ptr);
+
+		strcpy(value, buff_ptr);
+		return 1;
+	} else {
+		/* didn't find it - better luck next time */
+		return 0;
+	}
+}
+
+/*
+ * open_config_file
+ *
+ * Opens up the PPTPD config file for reading.
+ *
+ * args: filename - the config filename (eg. '/etc/pptpd.conf')
+ *
+ * retn: NULL on error, file descriptor on success
+ *
+ */
+static FILE *open_config_file(char *filename)
+{
+	FILE *in;
+	static int first = 1;
+
+	if ((in = fopen(filename, "r")) == NULL) {
+		/* Couldn't open config file */
+		if (first) {
+			perror(filename);
+			first = 0;
+		}
+		return NULL;
+	}
+	return in;
+}
+
+/*
+ * close_config_file
+ *
+ * Closes the PPTPD config file descriptor
+ *
+ */
+static void close_config_file(FILE * in)
+{
+	fclose(in);
+}

configfile.h

@@ -0,0 +1,14 @@
+/*
+ * configfile.h
+ *
+ * Function to read pptpd config file.
+ *
+ * $Id: configfile.h,v 1.1.1.1 2002/06/21 08:51:55 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_CONFIGFILE_H
+#define _PPTPD_CONFIGFILE_H
+
+int read_config_file(char *filename, char *keyword, char *value);
+
+#endif	/* !_PPTPD_CONFIGFILE_H */

configure.in

@@ -0,0 +1,255 @@
+AC_INIT(pptpmanager.c)
+
+AM_CONFIG_HEADER(config.h)
+AM_INIT_AUTOMAKE(pptpd,1.3.4)
+
+# check common command line options early
+
+AC_DEFINE(PPP_BINARY, "/usr/sbin/pppd")
+AC_MSG_CHECKING(command line for use of BSD PPP)
+AC_ARG_WITH(bsdppp,
+	[  --with-bsdppp           Use BSD user-space ppp ],
+	[ 
+	    case "$withval" in
+		yes)
+		    AC_MSG_RESULT(BSD user-space ppp)
+		    AC_DEFINE(BSDUSER_PPP)
+		    BSDUSER_PPP=$with_bsdppp
+		    AC_DEFINE(PPP_BINARY, "/usr/sbin/ppp")
+		    break;
+		    ;;
+		no)
+		    AC_MSG_RESULT(explicit standard pppd)
+		    ;;
+		*)
+		    # only yes or no are expected for this option
+		    AC_MSG_RESULT(unrecognised... terminating)
+		    exit 1
+		    ;;
+	    esac
+	], [AC_MSG_RESULT(default standard pppd)])
+
+AC_MSG_CHECKING(command line for use of SLIRP)
+AC_ARG_WITH(slirp,
+	[  --with-slirp            Use SLIRP instead of pppd ],
+	[ 
+	    case "$withval" in
+		yes)
+		    AC_MSG_RESULT(yes)
+		    AC_DEFINE(SLIRP)
+		    SLIRP=$with_slirp
+		    AC_DEFINE(PPP_BINARY, "/bin/slirp")
+		    break;
+		    ;;
+		no)
+		    AC_MSG_RESULT(explicit no)
+		    ;;
+		*)
+		    # only yes or no are expected for this option
+		    AC_MSG_RESULT(unrecognised... terminating)
+		    exit 1
+		    ;;
+	    esac
+	], [AC_MSG_RESULT(default no)])
+
+AC_MSG_CHECKING(command line for syslog facility name)
+AC_ARG_ENABLE(facility,
+    [  --enable-facility=name    Use another syslog facility, default LOG_DAEMON ],
+    [
+	AC_MSG_RESULT($enableval)
+	AC_DEFINE_UNQUOTED(PPTP_FACILITY, $enableval)
+	],
+    [
+	AC_MSG_RESULT(default LOG_DAEMON)
+	AC_DEFINE_UNQUOTED(PPTP_FACILITY, LOG_DAEMON)
+    ])
+
+AC_MSG_CHECKING(command line for bcrelay build)
+AC_ARG_ENABLE(bcrelay,
+	[  --enable-bcrelay          Enable broadcast relay function ],
+	[ 
+	    case "$enableval" in
+		yes)
+		    AC_MSG_RESULT(yes)
+		    AC_DEFINE(BCRELAY)
+		    BCRELAY=$enableval
+		    break;
+		    ;;
+		no)
+		    AC_MSG_RESULT(explicit no)
+		    ;;
+		*)
+		    # only yes or no are expected for this option
+		    AC_MSG_RESULT(unrecognised... terminating)
+		    exit 1
+		    ;;
+	    esac
+	], [AC_MSG_RESULT(default no)])
+
+AC_PROG_CC
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_MAKE_SET
+
+AC_C_CONST
+AC_C_INLINE
+
+AC_EXEEXT
+AC_OBJEXT
+AC_SYS_INTERPRETER
+
+AC_CHECK_FUNCS(setsid daemon setproctitle getservbyname strlcpy fork memmove strerror writev)
+
+AC_CHECK_HEADERS(pty.h)
+AC_CHECK_HEADERS(string.h)
+AC_CHECK_HEADERS(syslog.h)
+AC_CHECK_HEADERS(libintl.h)
+AC_CHECK_HEADERS(libutil.h)
+AC_CHECK_HEADERS(sys/uio.h)
+
+AC_CHECK_TYPE(size_t, unsigned int)
+AC_CHECK_TYPE(ssize_t, int)
+AC_CHECK_TYPE(u_int8_t, unsigned char)
+AC_CHECK_TYPE(u_int16_t, unsigned short)
+AC_CHECK_TYPE(u_int32_t, unsigned int)
+
+dnl Check for type in sys/socket.h - from Squid source (GPL)
+AC_CACHE_CHECK(for socklen_t, ac_cv_type_socklen_t, [
+  AC_EGREP_CPP([socklen_t[^a-zA-Z_0-9]], [#include <sys/types.h>
+#include <sys/socket.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif],
+    ac_cv_type_socklen_t=yes,
+    ac_cv_type_socklen_t=no)
+])
+if test $ac_cv_type_socklen_t = no; then
+  AC_DEFINE(socklen_t, int)
+fi
+
+dnl Check for libwrap (black magic check)
+AC_ARG_WITH(libwrap,
+	[  --with-libwrap          Use libwrap (tcp wrappers) ],
+[
+ if test "$with_libwrap" = "yes"; then
+ XYZZY_LIBS="$LIBS"
+ AC_MSG_CHECKING(for libwrap alone)
+ LIBS="$XYZZY_LIBS -lwrap"
+ AC_TRY_LINK([ int allow_severity, deny_severity; ],
+	     [ hosts_access(); ],
+	     [ AC_MSG_RESULT(yes)
+	       AC_DEFINE(HAVE_LIBWRAP)
+	       LIBWRAP="yes"
+	       XTRALIBS_MGR="-lwrap" ],
+	     [ AC_MSG_RESULT(no)
+   LIBS="$XYZZY_LIBS -lwrap -lnsl"
+   AC_MSG_CHECKING(for libwrap with libnsl)
+   AC_TRY_LINK([ int allow_severity, deny_severity; ],
+	       [ hosts_access(); ],
+	       [ AC_MSG_RESULT(yes)
+	         AC_DEFINE(HAVE_LIBWRAP)
+		 LIBWRAP="yes"
+	         XTRALIBS_MGR="-lwrap -lnsl" ],
+	       [ AC_MSG_RESULT(no) ])
+ ])
+ LIBS="$XYZZY_LIBS"
+ fi
+])
+
+dnl More ugliness; -lnsl, -lutil and -lsocket
+XYZZY_LIBS="$LIBS"
+AC_CHECK_LIB(c, accept)
+AC_CHECK_LIB(c, gethostbyname)
+AC_CHECK_LIB(c, openpty)
+AC_CHECK_LIB(c, gettext)
+AC_CHECK_LIB(socket, accept)
+AC_CHECK_LIB(nsl, gethostbyname)
+AC_CHECK_LIB(util, openpty)
+AC_CHECK_LIB(intl, gettext)
+LIBS="$XYZZY_LIBS"
+if test "$ac_cv_lib_c_accept" = no; then
+  if test "$ac_cv_lib_socket_accept" = yes; then
+	LIBS="$LIBS -lsocket"
+  else
+	echo "Couldn't find a usable accept!" 1>&2
+	exit 1
+  fi
+fi
+if test "$ac_cv_lib_c_gethostbyname" = no; then
+  if test "$ac_cv_lib_nsl_gethostbyname" = yes; then
+	LIBS="$LIBS -lnsl"
+	if test "$XTRALIBS_MGR" = "-lwrap -lnsl"; then
+	  XTRALIBS_MGR="-lwrap"
+	fi
+  else
+	echo "Couldn't find a usable gethostbyname!" 1>&2
+	exit 1
+  fi
+fi
+if test "$ac_cv_lib_c_openpty" = yes; then
+  AC_DEFINE(HAVE_OPENPTY)
+else
+  if test "$ac_cv_lib_util_openpty" = yes; then
+    AC_DEFINE(HAVE_OPENPTY)
+    XTRALIBS_CTRL="-lutil"
+  fi
+fi
+if test "$ac_cv_header_libintl_h" = yes; then
+  if test "$ac_cv_lib_c_gettext" = no; then
+    if test "$ac_cv_lib_intl_gettext" = yes; then
+      XTRALIBS_MGR = "$XTRALIBS_MGR -lintl"
+    else
+      echo "Have libintl.h but no usable gettext!" 1>&2
+      exit 1
+    fi
+  fi
+fi
+
+AC_SUBST(XTRALIBS_CTRL)
+AC_SUBST(XTRALIBS_MGR)
+AC_SUBST(HAVE_OPENPTY)
+
+if test "$BCRELAY" = "yes"; then
+  if test "$BCRELAY" = "yes"; then
+    XTRA_PROG="bcrelay"
+    true
+  else
+    echo "No BCrelay selected." 1>&2
+  fi
+fi
+
+AC_SUBST(XTRA_PROG)
+
+echo '==============================================================================='
+
+echo 'Configuration chosen:'
+
+echo -n '   PPPd:               '
+if test "$BSDUSER_PPP" = "yes"; then
+  echo 'BSD user-space PPPd.'
+else
+  if test "$SLIRP" = "yes"; then
+    echo 'SLIRP.'
+  else
+    echo 'Standard.'
+  fi
+fi
+
+echo -n '   LIBWRAP security:   '
+if test "$LIBWRAP" = "yes"; then
+  echo 'Yes.'
+else
+  echo 'No.'
+fi
+
+echo -n '   Broadcast Relay:    '
+if test "$BCRELAY" = "yes"; then
+  echo 'Yes.'
+else
+  echo 'No.'
+fi
+
+AC_CACHE_SAVE
+AC_OUTPUT(Makefile)

ctrlpacket.c

@@ -0,0 +1,704 @@
+/*
+ * ctrlpacket.c
+ *
+ * PPTP Control Message packet reading, formatting and writing.
+ *
+ * $Id: ctrlpacket.c,v 1.6 2005/08/03 09:10:59 quozl Exp $
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#if HAVE_SYSLOG_H
+#include <syslog.h>
+#else
+#include "our_syslog.h"
+#endif
+
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <time.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+
+#include "pptpdefs.h"
+#include "pptpctrl.h"
+#include "ctrlpacket.h"
+
+#ifndef HAVE_STRERROR
+#include "compat.h"
+#endif
+
+/* Local function prototypes */
+static ssize_t read_pptp_header(int clientFd, unsigned char *packet, int *ctrl_message_type);
+static void deal_start_ctrl_conn(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+static void deal_stop_ctrl_conn(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+static void deal_out_call(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+static void deal_echo(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+static void deal_call_clr(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+static void deal_set_link_info(unsigned char *packet);
+static u_int16_t getcall();
+static u_int16_t freecall();
+
+#if notyet
+static int make_out_call_rqst(unsigned char *rply_packet, ssize_t * rply_size);
+#endif
+
+/*
+ * read_pptp_packet
+ *
+ * Sees if a packet can be read and if so what type of packet it is. The
+ * method then calls the appropriate function to examine the details of the
+ * packet and form a suitable reply packet.
+ *
+ * args:        clientFd (IN) - Client socket to read from.
+ *              packet (OUT) - Packet read from the client.
+ *              rply_packet (OUT) - Reply packet for the client.
+ *              rply_size (OUT) - Size of the reply packet.
+ *
+ * retn:        PPTP control message type of the packet on success.
+ *              -1 on retryable error.
+ *              0 on error to abort on.
+ */
+int read_pptp_packet(int clientFd, unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
+{
+
+	size_t bytes_read;
+	int pptp_ctrl_type = 0;	/* Control Message Type */
+
+	/* read a packet and parse header */
+	if ((bytes_read = read_pptp_header(clientFd, packet, &pptp_ctrl_type)) <= 0) {
+		/* error reading packet */
+		syslog(LOG_ERR, "CTRL: couldn't read packet header (%s)", bytes_read ? "retry" : "exit");
+		return bytes_read;
+	}
+
+	/* launch appropriate method to form suitable reply to the packet */
+	switch (pptp_ctrl_type) {
+	case START_CTRL_CONN_RQST:	/* Start Control Connection Request */
+		deal_start_ctrl_conn(packet, rply_packet, rply_size);
+		break;
+
+	case STOP_CTRL_CONN_RQST:
+		deal_stop_ctrl_conn(packet, rply_packet, rply_size);
+		break;
+
+	case OUT_CALL_RQST:		/* Outgoing Call Request */
+		deal_out_call(packet, rply_packet, rply_size);
+		break;
+
+	case ECHO_RQST:			/* Echo Request */
+		deal_echo(packet, rply_packet, rply_size);
+		break;
+
+	case CALL_CLR_RQST:		/* Call Clear Request (Disconnect Request) */
+		deal_call_clr(packet, rply_packet, rply_size);
+		break;
+
+	case SET_LINK_INFO:		/* Set Link Info */
+		/* no reply packet but process it */
+		deal_set_link_info(packet);
+		break;
+
+	case ECHO_RPLY:			/* Echo Reply */
+	case STOP_CTRL_CONN_RPLY:	/* Stop Control Connection Reply */
+	case CALL_DISCONN_NTFY:		/* Call Disconnect Notify */
+		/* no reply packet */
+		break;
+
+	default:
+		syslog(LOG_ERR, "CTRL: PPTP Control Message type %d not supported.", pptp_ctrl_type);
+		pptp_ctrl_type = -1;
+	}
+
+	return pptp_ctrl_type;
+}
+
+
+/*
+ * send_pptp_packet
+ *
+ * Sends a PPTP packet to a file descriptor.
+ *
+ * args:        clientFd (IN) - file descriptor to write the packet to.
+ *              packet (IN) - the packet data to write.
+ *              packet_size (IN) - the packet size.
+ *
+ * retn:        Number of bytes written on success.
+ *              -1 on write failure.
+ */
+size_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size)
+{
+
+	size_t bytes_written;
+
+	if ((bytes_written = write(clientFd, packet, packet_size)) == -1) {
+		/* write failed */
+		syslog(LOG_ERR, "CTRL: Couldn't write packet to client.");
+		return -1;
+
+	} else {
+		/* debugging */
+		if (pptpctrl_debug) {
+			syslog(LOG_DEBUG, "CTRL: I wrote %d bytes to the client.", packet_size);
+			syslog(LOG_DEBUG, "CTRL: Sent packet to client");
+		}
+		return bytes_written;
+	}
+}
+
+/*
+ * ignoreErrno
+ *
+ * Check if an errno represents a read error which should be ignored, and
+ * put back to be select()ed on again later.
+ *
+ * Very similar to the function in Squid by Duane Wessels (under GPL).
+ *
+ * args: an errno value
+ *
+ * retn: 1 if the error is unimportant
+ *       0 if the error is important
+ */
+static int ignoreErrno(int ierrno) {
+	switch (ierrno) {
+	case EAGAIN:		/* nothing to read */
+	case EINTR:		/* signal received */
+#ifdef ERESTART
+#if ERESTART != EINTR
+	case ERESTART:		/* signal received, should restart syscall */
+#endif
+#endif
+#if EWOULDBLOCK != EAGAIN
+	case EWOULDBLOCK:	/* shouldn't get this one but anyway, just in case */
+#endif
+		return 1;
+	default:
+		return 0;
+	}
+}
+
+/*
+ * read_pptp_header
+ *
+ * Reads a packet from a file descriptor and determines whether it is a
+ * valid PPTP Control Message. If a valid PPTP Control Message is detected
+ * it extracts the Control Message type from the packet header.
+ *
+ * args:        clientFd (IN) - Clients file descriptor.
+ *              packet (OUT) - Packet we read from the client.
+ *              pptp_ctrl_type (OUT) - PPTP Control Message type of the packet.
+ *
+ * retn:        Number of bytes read on success.
+ *              -1 on retryable error.
+ *              0 on error to exit on.
+ */
+ssize_t read_pptp_header(int clientFd, unsigned char *packet, int *pptp_ctrl_type)
+{
+
+	ssize_t bytes_ttl, bytes_this;	/* quantities read (total and this read) */
+	u_int16_t length;		/* length of this packet */
+	struct pptp_header *header;	/* the received header */
+
+	static char *buffer = NULL;	/* buffer between calls */
+	static int buffered = 0;	/* size of buffer */
+
+	*pptp_ctrl_type = 0;		/* initialise return arg	*/
+
+	/* read any previously buffered data */
+	if (buffered) {
+		memcpy(packet, buffer, buffered);
+		free(buffer);
+		buffer = NULL;
+		bytes_ttl = buffered;
+		buffered = 0;
+		if (pptpctrl_debug)
+			syslog(LOG_DEBUG, "CTRL: Read in previous incomplete ctrl packet");
+	} else
+		bytes_ttl = 0;
+
+	/* try and get the length in */
+	if (bytes_ttl < 2) {
+		bytes_this = read(clientFd, packet + bytes_ttl, 2 - bytes_ttl);
+		switch (bytes_this) {
+		case -1:
+			if (ignoreErrno(errno)) {
+				/* re-tryable error, re-buffer and return */
+				if (bytes_ttl) {
+					buffered = bytes_ttl;
+					buffer = malloc(bytes_ttl);
+					if (!buffer)
+						return(0);
+					memcpy(buffer, packet, bytes_ttl);
+				}
+				syslog(LOG_ERR, "CTRL: Error reading ctrl packet length (bytes_ttl=%d): %s", bytes_ttl, strerror(errno));
+				return -1;
+			}
+			/* FALLTHRU */
+		case 0:
+			syslog(LOG_ERR, "CTRL: EOF or bad error reading ctrl packet length.");
+			return 0;
+		default:
+			bytes_ttl += bytes_this;
+			/* Not enough data to proceed */
+			if (bytes_ttl == 1) {
+				buffered = bytes_ttl;
+				buffer = malloc(bytes_ttl);
+				if (!buffer)
+					return(0);
+				memcpy(buffer, packet, bytes_ttl);
+				if (pptpctrl_debug)
+					syslog(LOG_DEBUG, "CTRL: Incomplete ctrl packet length, retry later");
+				return -1;
+			}
+		}
+	}
+	/* OK, we have (at least) the first 2 bytes, and there is data waiting
+	 *
+	 * length includes the header,  so a length less than 2 is someone
+	 * trying to hack into us or a badly corrupted packet.
+	 * Why not require length to be at least 10? Since we later cast
+	 * packet to struct pptp_header and use at least the 10 first bytes..
+	 * Thanks to Timo Sirainen for mentioning this.
+	 */
+	length = htons(*(u_int16_t *) packet);
+	if (length <= 10 || length > PPTP_MAX_CTRL_PCKT_SIZE) {
+		syslog(LOG_ERR, "CTRL: 11 < Control packet (length=%d) < "
+				"PPTP_MAX_CTRL_PCKT_SIZE (%d)",
+				length, PPTP_MAX_CTRL_PCKT_SIZE);
+		/* we loose sync (unless we malloc something big, which isn't a good
+		 * idea - potential DoS) so we must close connection (draft states that
+		 * if you loose sync you must close the control connection immediately)
+		 */
+		return 0;
+	}
+	/* Now read the actual control packet */
+	bytes_this = read(clientFd, packet + bytes_ttl, length - bytes_ttl);
+	switch (bytes_this) {
+	case -1:
+		if(ignoreErrno(errno)) {
+			/* re-tryable error, re-buffer and return */
+			if (bytes_ttl) {
+				buffered = bytes_ttl;
+				buffer = malloc(bytes_ttl);
+				if (!buffer)
+					return(0);
+				memcpy(buffer, packet, bytes_ttl);
+			}
+			syslog(LOG_ERR, "CTRL: Error reading ctrl packet (bytes_ttl=%d,length=%d): %s", bytes_ttl, length, strerror(errno));
+			return -1;
+		}
+		/* FALLTHRU */
+	case 0:
+		syslog(LOG_ERR, "CTRL: EOF or bad error reading ctrl packet.");
+		return 0;
+	default:
+		bytes_ttl += bytes_this;
+		/* not enough data to proceed */
+		if (bytes_ttl != length) {
+			buffered = bytes_ttl;
+			buffer = malloc(bytes_ttl);
+			if (!buffer)
+				return(0);
+			memcpy(buffer, packet, bytes_ttl);
+			if (pptpctrl_debug)
+				syslog(LOG_DEBUG, "CTRL: Incomplete ctrl packet, retry later");
+			return -1;
+		}
+	}
+
+	/* We got one :-) */
+
+	/* Cast the packet into the PPTP Control Message format */
+	header = (struct pptp_header *) packet;
+
+	/* Packet sanity check on magic cookie */
+	if (ntohl(header->magic) != PPTP_MAGIC_COOKIE) {
+		/* Oops! Not a valid Control Message */
+		syslog(LOG_ERR, "CTRL: Bad magic cookie - lost syncronization, closing control connection.");
+		/* draft states loss of syncronization must result in
+		 * immediate closing of the control connection
+		 */
+		return 0;
+	}
+	/* Woohoo! Looks like we got a valid PPTP packet */
+	*pptp_ctrl_type = (int) (ntohs(header->ctrl_type));
+	if (pptpctrl_debug)
+		syslog(LOG_DEBUG, "CTRL: Received PPTP Control Message (type: %d)", *pptp_ctrl_type);
+	return bytes_ttl;
+}
+
+/* Macros to use in making response packets */
+
+#define MAKE_CTRL_HEADER(where, what) \
+	where.header.length = htons(sizeof(where)); \
+	where.header.pptp_type = htons(PPTP_CTRL_MESSAGE); \
+	where.header.magic = htonl(PPTP_MAGIC_COOKIE); \
+	where.header.ctrl_type = htons(what); \
+	where.header.reserved0 = htons(RESERVED)
+
+#define COPY_CTRL_PACKET(from, to, size) \
+	memcpy(to, &from, ((*size) = sizeof(from)))
+
+#define DEBUG_PACKET(what) \
+	if(pptpctrl_debug) \
+		syslog(LOG_DEBUG, "CTRL: Made a " what " packet")
+
+/*
+ * deal_start_ctrl_conn
+ *
+ * This method 'deals' with a START-CONTROL-CONNECTION-REQUEST. After
+ * stripping down the connection request a suitable reply is formed and
+ * stored in 'rply_packet' ready for sending.
+ *
+ * args: packet (IN) - the packet that we have to deal with (should be a
+ *                     START-CONTROL-CONNECTION-REQUEST packet)
+ *       rply_packet (OUT) - suitable reply to the 'packet' we got.
+ *       rply_size (OUT) - size of the reply packet
+ */
+void deal_start_ctrl_conn(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
+{
+	struct pptp_start_ctrl_conn_rqst *start_ctrl_conn_rqst;
+	struct pptp_start_ctrl_conn_rply start_ctrl_conn_rply;
+
+	start_ctrl_conn_rqst = (struct pptp_start_ctrl_conn_rqst *) packet;
+
+	MAKE_CTRL_HEADER(start_ctrl_conn_rply, START_CTRL_CONN_RPLY);
+	start_ctrl_conn_rply.version = htons(PPTP_VERSION);
+	start_ctrl_conn_rply.result_code = CONNECTED;
+	start_ctrl_conn_rply.error_code = NO_ERROR;
+	start_ctrl_conn_rply.framing_cap = htons(OUR_FRAMING);
+	start_ctrl_conn_rply.bearer_cap = htons(OUR_BEARER);
+	start_ctrl_conn_rply.max_channels = htons(MAX_CHANNELS);
+	start_ctrl_conn_rply.firmware_rev = htons(PPTP_FIRMWARE_VERSION);
+	bzero(start_ctrl_conn_rply.hostname, MAX_HOSTNAME_SIZE);
+	strncpy((char *)start_ctrl_conn_rply.hostname, PPTP_HOSTNAME, MAX_HOSTNAME_SIZE);
+	bzero(start_ctrl_conn_rply.vendor, MAX_VENDOR_SIZE);
+	strncpy((char *)start_ctrl_conn_rply.vendor, PPTP_VENDOR, MAX_VENDOR_SIZE);
+	COPY_CTRL_PACKET(start_ctrl_conn_rply, rply_packet, rply_size);
+	DEBUG_PACKET("START CTRL CONN RPLY");
+}
+
+/*
+ * deal_stop_ctrl_conn
+ *
+ * This method response to a STOP-CONTROL-CONNECTION-REQUEST with a
+ * STOP-CONTROL-CONNECTION-REPLY.
+ */
+void deal_stop_ctrl_conn(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
+{
+	struct pptp_stop_ctrl_conn_rply stop_ctrl_conn_rply;
+
+	MAKE_CTRL_HEADER(stop_ctrl_conn_rply, STOP_CTRL_CONN_RPLY);
+        stop_ctrl_conn_rply.result_code = DISCONNECTED;
+        stop_ctrl_conn_rply.error_code = NO_ERROR;
+        stop_ctrl_conn_rply.reserved1 = htons(RESERVED);
+	COPY_CTRL_PACKET(stop_ctrl_conn_rply, rply_packet, rply_size);
+	DEBUG_PACKET("STOP CTRL CONN RPLY");
+}
+
+/*
+ * deal_out_call
+ *
+ * This method 'deals' with a OUT-GOING-CALL-REQUEST. After
+ * stripping down the request a suitable reply is formed and stored in
+ * 'rply_packet' ready for sending.
+ *
+ * args: packet (IN) - the packet that we have to deal with (should be a
+ *                      OUT-GOING-CALL-REQUEST packet)
+ *       rply_packet (OUT) - suitable reply to the 'packet' we got.
+ *       rply_size (OUT) - size of the reply packet
+ *
+ */
+void deal_out_call(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
+{
+	u_int16_t pac_call_id;
+	struct pptp_out_call_rqst *out_call_rqst;
+	struct pptp_out_call_rply out_call_rply;
+
+	out_call_rqst = (struct pptp_out_call_rqst *) packet;
+
+	if ((pac_call_id = getcall()) == htons(-1)) {
+		/* XXX should reject call */
+		syslog(LOG_ERR, "CTRL: No free Call IDs!");
+		pac_call_id = 0;
+	}
+	MAKE_CTRL_HEADER(out_call_rply, OUT_CALL_RPLY);
+	/* call_id is used for ctrl, call_id_peer is used for GRE
+	 * call_id_peer is what we were sent by the other end in ctrl initilization
+	 */
+	out_call_rply.call_id = pac_call_id;
+	out_call_rply.call_id_peer = out_call_rqst->call_id;
+	out_call_rply.result_code = CONNECTED;
+	out_call_rply.error_code = NO_ERROR;
+	out_call_rply.cause_code = NO_ERROR;
+	/* maybe limit to pppd speed? but pppd doesn't accept 10Mbps as a speed and yet
+	 * still performs at over 115200, eg, 60kbyte/sec and higher observed.
+	 */
+	out_call_rply.speed = out_call_rqst->max_bps;
+	/* lets match their window size for now... was htons(PCKT_RECV_WINDOW_SIZE)
+	 */
+	out_call_rply.pckt_recv_size = out_call_rqst->pckt_recv_size;
+	if(pptpctrl_debug)
+		syslog(LOG_DEBUG, "CTRL: Set parameters to %d maxbps, %d window size",
+			ntohl(out_call_rply.speed), ntohs(out_call_rply.pckt_recv_size));
+	out_call_rply.pckt_delay = htons(PCKT_PROCESS_DELAY);
+	out_call_rply.channel_id = htonl(CHANNEL_ID);
+	COPY_CTRL_PACKET(out_call_rply, rply_packet, rply_size);
+	DEBUG_PACKET("OUT CALL RPLY");
+}
+
+
+/*
+ * deal_echo
+ *
+ * This method 'deals' with a ECHO-REQUEST. After stripping down the
+ * connection request a suitable reply is formed and stored in
+ * 'rply_packet' ready for sending.
+ *
+ * args: packet (IN) - the packet that we have to deal with (should be a
+ *                      ECHO-REQUEST packet)
+ *       rply_packet (OUT) - suitable reply to the 'packet' we got.
+ *       rply_size (OUT) - size of the reply packet
+ *
+ */
+void deal_echo(unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size)
+{
+	struct pptp_echo_rqst *echo_rqst;
+	struct pptp_echo_rply echo_rply;
+
+	echo_rqst = (struct pptp_echo_rqst *) packet;
+
+	MAKE_CTRL_HEADER(echo_rply, ECHO_RPLY);
+	echo_rply.identifier = echo_rqst->identifier;
+	echo_rply.result_code = CONNECTED;
+	echo_rply.error_code = NO_ERROR;
+	echo_rply.reserved1 = htons(RESERVED);
+	COPY_CTRL_PACKET(echo_rply, rply_packet, rply_size);
+	DEBUG_PACKET("ECHO RPLY");
+}
+
+/*
+ * deal_call_clr
+ *
+ * This method 'deals' with a CALL-CLEAR-REQUEST. After stripping down the
+ * connection request a suitable reply is formed and stored in
+ * 'rply_packet' ready for sending.
+ *
+ * args: packet (IN) - the packet that we have to deal with (should be a
+ *                      CALL-CLEAR-REQUEST packet)
+ *       rply_packet (OUT) - suitable reply to the 'packet' we got.
+ *       rply_size (OUT) - size of the reply packet
+ *
+ */
+void deal_call_clr(unsigned char *packet, unsigned char *rply_packet, ssize_t *rply_size)
+{
+	struct pptp_call_disconn_ntfy call_disconn_ntfy;
+	u_int16_t pac_call_id;
+
+	/* Form a reply
+	 * The reply packet is a CALL-DISCONECT-NOTIFY
+	 * In single call mode we don't care what peer's call ID is, so don't even bother looking
+	 */
+	if ((pac_call_id = freecall()) == htons(-1)) {
+		/* XXX should return an error */
+		syslog(LOG_ERR, "CTRL: Could not free Call ID [call clear]!");
+	}
+	MAKE_CTRL_HEADER(call_disconn_ntfy, CALL_DISCONN_NTFY);
+	call_disconn_ntfy.call_id = pac_call_id;
+	call_disconn_ntfy.result_code = CALL_CLEAR_REQUEST;	/* disconnected by call_clr_rqst */
+	call_disconn_ntfy.error_code = NO_ERROR;
+	call_disconn_ntfy.cause_code = htons(NO_ERROR);
+	call_disconn_ntfy.reserved1 = htons(RESERVED);
+	memset(call_disconn_ntfy.call_stats, 0, 128);
+	COPY_CTRL_PACKET(call_disconn_ntfy, rply_packet, rply_size);
+	DEBUG_PACKET("CALL DISCONNECT RPLY");
+}
+
+/*
+ * deal_set_link_info
+ *
+ * @FIXME This function is *not* completed
+ *
+ * This method 'deals' with a SET-LINK-INFO. After stripping down the
+ * connection request a suitable reply is formed and stored in
+ * 'rply_packet' ready for sending.
+ *
+ * args: packet (IN) - the packet that we have to deal with (should be a
+ *                      SET-LINK-INFO packet)
+ *       rply_packet (OUT) - suitable reply to the 'packet' we got.
+ *       rply_size (OUT) - size of the reply packet
+ *
+ */
+void deal_set_link_info(unsigned char *packet)
+{
+	struct pptp_set_link_info *set_link_info;
+
+	set_link_info = (struct pptp_set_link_info *) packet;
+	if(set_link_info->send_accm != 0xffffffff || set_link_info->recv_accm != 0xffffffff)
+		syslog(LOG_ERR, "CTRL: Ignored a SET LINK INFO packet with real ACCMs!");
+	else if(pptpctrl_debug)
+		syslog(LOG_DEBUG, "CTRL: Got a SET LINK INFO packet with standard ACCMs");
+}
+
+void make_echo_req_packet(unsigned char *rply_packet, ssize_t * rply_size, u_int32_t echo_id)
+{
+	struct pptp_echo_rqst echo_packet;
+
+	MAKE_CTRL_HEADER(echo_packet, ECHO_RQST);
+	echo_packet.identifier = echo_id;
+	COPY_CTRL_PACKET(echo_packet, rply_packet, rply_size);
+	DEBUG_PACKET("ECHO REQ");
+}
+
+void make_stop_ctrl_req(unsigned char *rply_packet, ssize_t * rply_size)
+{
+	struct pptp_stop_ctrl_conn_rqst stop_ctrl;
+
+	MAKE_CTRL_HEADER(stop_ctrl, STOP_CTRL_CONN_RQST);
+	stop_ctrl.reason = GENERAL_STOP_CTRL;
+	stop_ctrl.reserved1 = RESERVED;
+	stop_ctrl.reserved2 = htons(RESERVED);
+	COPY_CTRL_PACKET(stop_ctrl, rply_packet, rply_size);
+	DEBUG_PACKET("STOP CTRL REQ");
+}
+
+void make_call_admin_shutdown(unsigned char *rply_packet, ssize_t * rply_size)
+{
+	struct pptp_call_disconn_ntfy call_disconn_ntfy;
+	u_int16_t pac_call_id;
+
+	/* Form a reply
+	 * The reply packet is a CALL-DISCONECT-NOTIFY
+	 * In single call mode we don't care what peer's call ID is, so don't even bother looking
+	 */
+	if ((pac_call_id = freecall()) == htons(-1)) {
+		/* XXX should return an error */
+		syslog(LOG_ERR, "CTRL: Could not free Call ID [admin shutdown]!");
+	}
+	MAKE_CTRL_HEADER(call_disconn_ntfy, CALL_DISCONN_NTFY);
+	call_disconn_ntfy.call_id = pac_call_id;
+	call_disconn_ntfy.result_code = ADMIN_SHUTDOWN;		/* disconnected by admin shutdown */
+	call_disconn_ntfy.error_code = NO_ERROR;
+	call_disconn_ntfy.cause_code = htons(NO_ERROR);
+	call_disconn_ntfy.reserved1 = htons(RESERVED);
+	memset(call_disconn_ntfy.call_stats, 0, 128);
+	COPY_CTRL_PACKET(call_disconn_ntfy, rply_packet, rply_size);
+	DEBUG_PACKET("CALL DISCONNECT RPLY");
+}
+
+#if PNS_MODE
+/* out of date.  really PNS isn't 'trivially different', it's quite different */
+
+#define C_BITS (sizeof(unsigned int) * 8)
+#define C_SEG(x) (x/C_BITS)
+#define C_BIT(x) ((1U)<<(x%C_BITS))
+static unsigned int activeCalls[(MAX_CALLS / C_BITS) + 1];
+
+/*
+ * get_call_id
+ *
+ * Assigns a call ID and peer call ID to the session.
+ *
+ * args: call_id (OUT) - the call ID for the session
+ * retn: 0 on success, -1 on failure
+ */
+int get_call_id(u_int16_t * loc)
+{
+	for (i = 0; i < MAX_CALLS; i++) {
+		if (!(activeCalls[C_SEG(i)] & C_BIT(i))) {
+			activeCalls[C_SEG(i)] |= C_BIT(i);
+			*loc = i;
+			return 0;
+		}
+	}
+	return -1;
+}
+
+/*
+ * free_call_id
+ *
+ * args: call_id (IN) - the call ID for a terminated session
+ * retn: 0 on success, -1 on failure
+ */
+int free_call_id(u_int16_t call_id)
+{
+	if (!(activeCalls[C_SEG(i)] & C_BIT(i)))
+		return -1;
+	activeCalls[C_SEG(i)] &= ~C_BIT(i);
+	return 0;
+}
+#else
+static int _pac_call_id;
+static u_int16_t _pac_init = 0;
+
+/*
+ * getcall
+ *
+ * Assigns a call ID to the session and stores/returns it
+ *
+ * we only permit one call at a time, so the chance of wrapping 65k on one
+ * control connection is zero to none...
+ */
+u_int16_t getcall()
+{
+	static u_int16_t i = 0;
+	extern u_int16_t unique_call_id;
+
+	/* Start with a random Call ID.  This is to allocate unique
+	 * Call ID's across multiple TCP PPTP connections.  In this
+	 * way remote clients masqueraded by a firewall will put
+	 * unique peer call ID's into GRE packets that will have the
+	 * same source IP address of the firewall. */
+
+	if (!i) {
+		if (unique_call_id == 0xFFFF) {
+			struct timeval tv;
+			if (gettimeofday(&tv, NULL) == 0) {
+				i = ((tv.tv_sec & 0x0FFF) << 4) + 
+				    (tv.tv_usec >> 16);
+			}
+		} else {
+			i = unique_call_id;
+		}
+	}
+
+	if(!_pac_init) {
+		_pac_call_id = htons(-1);
+		_pac_init = 1;
+	}
+	if(_pac_call_id != htons(-1))
+		syslog(LOG_ERR, "CTRL: Asked to allocate call id when call open, not handled well");
+	_pac_call_id = htons(i);
+	i++;
+	return _pac_call_id;
+}
+
+/*
+ * freecall
+ *
+ * Notes termination of current call
+ *
+ * retn: -1 on failure, PAC call ID on success
+ */
+u_int16_t freecall()
+{
+	u_int16_t ret;
+
+	if(!_pac_init) {
+		_pac_call_id = htons(-1);
+		_pac_init = 1;
+	}
+	ret = _pac_call_id;
+	if(_pac_call_id == htons(-1))
+		syslog(LOG_ERR, "CTRL: Asked to free call when no call open, not handled well");
+	_pac_call_id = htons(-1);
+	return ret;
+}
+#endif

ctrlpacket.h

@@ -0,0 +1,18 @@
+/*
+ * ctrlpacket.h
+ *
+ * Functions to parse and send pptp control packets.
+ *
+ * $Id: ctrlpacket.h,v 1.1.1.1 2002/06/21 08:51:58 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_CTRLPACKET_H
+#define _PPTPD_CTRLPACKET_H
+
+int read_pptp_packet(int clientFd, unsigned char *packet, unsigned char *rply_packet, ssize_t * rply_size);
+size_t send_pptp_packet(int clientFd, unsigned char *packet, size_t packet_size);
+void make_echo_req_packet(unsigned char *rply_packet, ssize_t * rply_size, u_int32_t echo_id);
+void make_call_admin_shutdown(unsigned char *rply_packet, ssize_t * rply_size);
+void make_stop_ctrl_req(unsigned char *rply_packet, ssize_t * rply_size);
+
+#endif	/* !_PPTPD_CTRLPACKET_H */

debian/README.debian

@@ -0,0 +1,8 @@
+pptpd for DEBIAN
+----------------------
+
+Please note that, if you want to use pptpd to create host-to-site tunnels (e.g.
+typical road-warrior setups), then you will need to enable IP forwarding. This
+can be done by setting ip_forward=yes in /etc/network/options.
+
+Rene Mayrhofer <rene.mayrhofer@gibraltar.at>, Mon, 16 Aug 1999 11:27:43 +0200

debian/changelog

@@ -0,0 +1,175 @@
+pptpd (1.3.4-0) unstable; urgency=low
+
+  * Package built from upstream sources, not a Debian project package
+    (Debian Developer expected to adjust this entry)
+
+ -- James Cameron <quozl@us.netrek.org>  Mon, 16 Apr 2007 10:51:43 +1000
+
+pptpd (1.2.0-0) unstable; urgency=low
+
+  * Package built from upstream sources, not a Debian project package
+    (Debian Developer expected to adjust this entry)
+    Closes: #107933: pptpd: pptpd segfaults if called without arguments 
+    Closes: #126486: pptpd: wish it had better integration support with 
+                     Portslave 
+
+ -- James Cameron <james.cameron@hp.com>  Fri, 21 May 2004 20:13:51 +1000
+
+pptpd (1.1.4.0b4-1) unstable; urgency=low
+
+  * Finally acknowledge the bugs fixed in the NMUs:
+    Closes: #132819 (Build-Depends on devhelper)
+    Closes: #126712 (Mark /etc/init.d/pptpd as conffile)
+    Closes: #57849 (Remove recommends line)
+  * Enable the MSCHAP and MPPE options again in the default config, but now
+    changed for the new upstream pppd syntax.
+  * Also include the new upstream source in the upload - 
+    dpkg-buildpackage was confused by the version number.
+  * Enhance the init script to: 
+    - Include a "status" option.
+    - Force pptpd to close its file descriptors.
+    Closes: #189426: pptpd does not close/redirect stdout and stderr
+  * Use po-debconf for debconf translations and add pt_BR and FR translations.
+    However, debconf is still not used for autoconfig until I find time to 
+    implement the config script properly. It will come, soon ;)
+    Also fix some english short descriptions - thanks for pointing that out.
+    Closes: #191703: Update packaging to use the newer gettext-based debconf 
+            template translation system
+    Closes: #208049: Please switch to gettext-based debconf templates
+    Closes: #211273: French translation of gettext debconf template
+    I will leave #209082 open until the config script works....
+  * Also ship the README.bcrelay file in the binary package.
+  * Move the HOWTO-IPX+PPTP.txt file from the html/ directory to the normal
+    doc directory.
+    Closes: #220707: CVS directory, and non-html in 'html' dir
+  * Document that IP forwarding needs to be enabled, but refer to 
+    /etc/network/options instead of /proc/sys/net/ipv4/ip_forward.
+    Closes: #168718: Documentation has no reference to 
+            /proc/sys/net/ipv4/ip_forward
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Wed, 23 Apr 2003 13:34:50 +0200
+
+pptpd (1.1.4-0.b3.1) unstable; urgency=HIGH
+
+  * New upstream release (to fix the security issue).
+    Closes: #189363: pptpd: PoPToP versions earlier than 1.1.3 have a 
+                     remotely exploitable buffer overflow
+    Closes: #107933: pptpd: pptpd segfaults if called without arguments
+  * Enabled the broadcast relay option.
+  * The default pptpd-options no longer includes "+chapms"
+    Closes: #179808: pptpd: Completely fails to work
+  * Acknowledge bug report closed by NMUs:
+    Closes: #132819
+    Closes: #126712
+    Closes: #57849
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Wed, 23 Apr 2003 12:12:38 +0200
+
+pptpd (1.1.2-2) unstable; urgency=low
+
+  * New upstream version
+
+ -- Rene Mayrhofer <rene@mayrhofer.eu.org>  Wed, 30 Jul 2003 22:36:01 +0200
+
+pptpd (1.1.2-1.3.woody.0) stable; urgency=HIGH
+
+  * Security fix for the remotely exploitable buffer overflow.
+
+ -- Rene Mayrhofer <rmayr@debian.org>  Wed, 23 Apr 2003 13:10:05 +0200
+
+pptpd (1.1.2-1.2) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Mark /etc/init.d/pptpd as a conffile, per policy (closes: #132819).
+
+ -- Steve Langasek <vorlon@debian.org>  Sat, 16 Feb 2002 12:09:44 -0600
+
+pptpd (1.1.2-1.1) unstable; urgency=low
+
+  * NMU
+  * Add build-depends: debhelper.  Closes: #126712.
+
+ -- LaMont Jones <lamont@debian.org>  Mon, 14 Jan 2002 22:08:38 -0700
+
+pptpd (1.1.2-1) unstable; urgency=low
+
+  * Updated to new upstream version (declared as development version, but it
+    is around long enough to seem stable).
+    Closes: #109908
+  * Do not ship pptpdconfig.pl since it does not work correctly at the
+    moment.
+    Closes: #82385
+  * Took out all MPPE options from pptpd-options (the options for pppd) as
+    long as the default pppd package does not support it.
+    Closes: #61651
+  * Changed maintainer email to rmayr@debian.org
+
+ -- Rene Mayrhofer <rene.mayrhofer@debian.org>  Thu, 27 Dec 2001 11:17:51 +0100
+
+pptpd (1.0.1-2) unstable; urgency=low
+
+  * Changed the dependency from perl to perl-base. 
+
+ -- Rene Mayrhofer <rene.mayrhofer@vianova.at>  Tue, 26 Dec 2000 15:44:38 +0100
+
+pptpd (1.0.1-1) unstable; urgency=low
+
+  * New upstream release.
+    The debconf support is still disabled because I do not have time to
+    write a perl script that can change the configuration files (only 2 files
+    need to be changed) thet is really safe (i.e. it does not mess with manual
+    configuration in those files). If anybody can contribute, I would be very
+    happy.
+
+ -- Rene Mayrhofer <rene.mayrhofer@vianova.at>  Mon, 20 Nov 2000 17:38:35 +0100
+
+pptpd (1.0.0-5) unstable; urgency=low
+
+  * First try with debconf support and postinst config script
+
+ -- Rene Mayrhofer <rene.mayrhofer@vianova.at>  Tue, 11 Jul 2000 17:06:10 +0200
+
+pptpd (1.0.0-4) frozen unstable; urgency=low
+
+  * Added a config script to the postinst (now disabled because of problems
+    with debconf perl support - next upload will include it)
+  * Preliminary support for debconf (now disabled because of problems with
+    (debconf perl support - next upload will include it)
+  * Removed the debug option from /etc/pptpd.conf
+  * Updated the HOWTO with a new version from the upstream maintainer
+  * Removed the Recommend: ppp-pam (closes: #57849)
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Fri,  1 Oct 1999 11:06:39 +0200
+
+pptpd (1.0.0-3) unstable; urgency=low
+
+  * The init script now uses the pidfile created by pptpd
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Thu, 30 Sep 1999 11:31:11 +0200
+
+pptpd (1.0.0-2) unstable; urgency=low
+
+  * Enhanced the init script to recognize force-reload.
+  * Moved manual pages to /usr/share/man
+  * Added support for TCP wrappers
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Wed, 29 Sep 1999 13:35:05 +0200
+
+pptpd (1.0.0-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Tue, 28 Sep 1999 16:49:26 +0200
+
+pptpd (0.9.13-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Tue, 24 Aug 1999 08:05:29 +0200
+
+pptpd (0.9.12-1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Rene Mayrhofer <rmayr@vianova.at>  Tue, 24 Aug 1999 08:05:10 +0200
+

debian/conffiles

@@ -0,0 +1,3 @@
+/etc/pptpd.conf
+/etc/ppp/pptpd-options
+/etc/init.d/pptpd

debian/config

@@ -0,0 +1,22 @@
+#!/bin/sh -e
+# Rene Mayrhofer <rmayr@vianova.at>, Oct. 1999
+# I hereby put this script under the Artistic License.
+
+. /usr/share/debconf/confmodule.sh
+
+db_input high pptpd/localip
+db_input high pptpd/remoteip
+
+# ask if mppe encryption should be used
+db_input pptpd/mppe
+db_go
+
+# check the answer(s)
+db_get pptpd/mppe
+if [ "$RET" = "false" ]; then
+	# display a warning
+	db_input high pptpd/no-mppe
+	db_go
+fi
+
+

debian/control

@@ -0,0 +1,15 @@
+Source: pptpd
+Section: net
+Priority: optional
+Maintainer: Rene Mayrhofer <rmayr@debian.org>
+Standards-Version: 3.0.1.0
+Build-Depends: libwrap0-dev, debhelper (>= 4.1.16)
+
+Package: pptpd
+Architecture: any
+Depends: ${shlibs:Depends}, ppp (>=2.4.2+20030811-1), netbase, debconf, perl-base
+Build-Depends: debhelper
+Description: PoPToP Point to Point Tunneling Server
+ This implements a Virtual Private Networking Server (VPN) that is compatible
+ with Microsoft VPN clients. It allows windows users to connect to an
+ internal firewalled network using their dialup.

debian/copyright

@@ -0,0 +1,11 @@
+This package was debianized by Rene Mayrhofer rene.mayrhofer@gibraltar.at on
+Mon, 16 Aug 1999 11:27:43 +0200.
+
+It was downloaded from 'http://www.moretonbay.com/vpn/pptp.html'
+
+Upstream Authors: Please look at file AUTHORS
+
+Copyright:
+
+PPTPd is released under the GPL. You should find a copy of the GPL in
+'/usr/share/common-licenses/GPL' on Debian systems.

debian/dirs

@@ -0,0 +1,4 @@
+usr/sbin
+etc
+etc/ppp
+etc/init.d

debian/docs

@@ -0,0 +1,8 @@
+AUTHORS
+ChangeLog-0.8
+ChangeLog-0.9
+README
+README.inetd
+README.slirp
+README.bcrelay
+TODO 

debian/examples

@@ -0,0 +1,3 @@
+samples/chap-secrets
+samples/options.pptpd
+samples/pptpd.conf

debian/po/POTFILES.in

@@ -0,0 +1 @@
+[type: gettext/rfc822deb] templates

debian/po/fr.po

@@ -0,0 +1,208 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ddtpd 1.1.4-0.b3.2\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2003-09-07 13:05+0200\n"
+"PO-Revision-Date: 2003-09-07 18:20+0200\n"
+"Last-Translator: Nicolas Bertolissio <nico.bertol@free.fr>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../templates:3
+msgid "The local IP address of the virtual connections"
+msgstr "Adresse IP locale pour les connexions virtuelles"
+
+#. Description
+#: ../templates:3
+msgid "Specify the local IP address for the virtual connections."
+msgstr "Veuillez indiquer l'adresse IP locale pour les connexions virtuelles."
+
+#. Description
+#: ../templates:3
+msgid ""
+"Please note that any address works as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"an IP address out of the LAN address space."
+msgstr ""
+"Veuillez noter que toute adresse convient tant que la machine locale "
+"s'occupe du routage. Mais si vous souhaitez utiliser un réseau MS-Windows, "
+"vous devriez utiliser une adresse IP hors de l'espace d'adressage du réseau "
+"local."
+
+#. Description
+#: ../templates:3
+msgid ""
+"You can give only one address or you can give multiple addresses if you want "
+"to, although they are really not needed. Multiple addresses can be given as "
+"either \"10.0.0.1,10.0.0.2,10.0.0.3\" or \"10.0.0.1-3\". No spaces should be "
+"used between commas or within addresses."
+msgstr ""
+"Vous pouvez ne fournir qu'une seule adresse, mais aussi plusieurs bien que "
+"cela ne soit pas nécessaire. Pour plusieurs adresses, vous pouvez utiliser "
+"soit « 10.0.0.1,10.0.0.2,10.0.0.3 » soit « 10.0.0.1-3 ». Aucun espace ne "
+"devrait figurer entre les virgules ou dans les adresses."
+
+#. Description
+#: ../templates:17
+msgid "A list of remote IP addresses for the virtual connections"
+msgstr "Liste d'adresses IP distantes pour les connexions virtuelles"
+
+#. Description
+#: ../templates:17
+msgid "Specify the remote IP addresses for the virtual connections."
+msgstr ""
+"Veuillez indiquer les adresses IP distantes pour les connexions virtuelles."
+
+#. Description
+#: ../templates:17
+msgid ""
+"Please note that any addresses work as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"IP addresses out of the LAN address space."
+msgstr ""
+"Veuillez noter que toute adresse convient tant que la machine locale "
+"s'occupe du routage. Mais si vous souhaitez utiliser un réseau MS-Windows, "
+"vous devriez utiliser une adresse IP hors de l'espace d'adressage du réseau "
+"local."
+
+#. Description
+#: ../templates:17
+msgid ""
+"You have to give one address for every concurrent connection. This will "
+"depend on how many clients you expect to be online at the same time. "
+"Multiple addresses can be given as either \"10.0.0.1,10.0.0.2,10.0.0.3\" or "
+"\"10.0.0.1-3\". No spaces should be used between commas or within addresses."
+msgstr ""
+"Vous devez fournir une adresse pour chaque connexion autorisée. Cela dépend "
+"du nombre de clients attendus en même temps. Pour plusieurs adresses, vous "
+"pouvez utiliser soit « 10.0.0.1,10.0.0.2,10.0.0.3 » soit « 10.0.0.1-3 ». "
+"Aucun espace ne devrait figurer entre les virgules ou dans les adresses."
+
+#. Description
+#: ../templates:31
+msgid "The netmask used for virtual connections"
+msgstr "Masque de réseau pour les connexions virtuelles"
+
+#. Description
+#: ../templates:31
+msgid ""
+"If you use IP addresses from the LAN address space, please use the same "
+"netmask as on your LAN."
+msgstr ""
+"Si vous utilisez des adresses IP de l'espace d'adressage du réseau local, "
+"veuillez indiquer le même masque que pour votre réseau."
+
+#. Description
+#: ../templates:37
+msgid "The IP address of your WINS server"
+msgstr "Adresse IP de votre serveur WINS"
+
+#. Description
+#: ../templates:37
+msgid ""
+"A WINS server is used for browsing available Computers in MS-Windows "
+"networking. This address is transmitted to the clients,"
+msgstr ""
+"Un serveur WINS sert à trouver les ordinateurs disponibles sur un réseau MS-"
+"Windows. Cette adresse sera transmise aux clients."
+
+#. Description
+#: ../templates:43
+msgid "The IP address of your DNS server"
+msgstr "Adresse IP de votre serveur DNS"
+
+#. Description
+#: ../templates:43
+msgid "This address is transmitted to the clients."
+msgstr "Cette adresse sera transmise aux clients."
+
+#. Description
+#: ../templates:49
+msgid "Do you want to use MPPE data encryption ?"
+msgstr "Faut-il utiliser le chiffrement de données MPPE ?"
+
+#. Description
+#: ../templates:49
+msgid ""
+"The recommended way is to use the data encryption as it is one of the main "
+"benefits of a VPN. When you want to use MPPE (Microsoft Point-to-Point "
+"Encryption), you also  have to use CHAPMSv2 for authentication."
+msgstr ""
+"Il est recommandé d'utiliser le chiffrement de données car il s'agit de l'un "
+"des principaux avantages d'un réseau privé virtuel. Si vous souhaitez "
+"utiliser MPPE (« Microsoft Point-to-Point Encryption », chiffrement point-à-"
+"point de Microsoft), vous devrez aussi utiliser CHAPMSv2 pour "
+"l'authentification."
+
+#. Description
+#: ../templates:49
+msgid ""
+"Note that you have to install the modified ppp packages if you want to use "
+"this data encryption."
+msgstr ""
+"Veuillez notez que vous devez installer les paquets de ppp modifiés si vous "
+"souhaitez utiliser ce chiffrement de données."
+
+#. Description
+#: ../templates:59
+msgid "Warning: data encryption is disabled"
+msgstr "Attention : le chiffrement de données est désactivé"
+
+#. Description
+#: ../templates:59
+msgid ""
+"All data transferred between the local network and the client will be "
+"transmitted without encryption ! This is a security hole."
+msgstr ""
+"Toutes les données transférées entre le réseau local et le client seront "
+"transmises sans chiffrement ! Il s'agit d'une faille de sécurité."
+
+#. Description
+#: ../templates:59
+msgid "You have been warned. Now you loose your product warranty :)"
+msgstr ""
+"Vous voilà prévenu. Vous perdez désormais la seule garantie de ce produit :)"
+
+#. Description
+#: ../templates:69
+msgid "Which authentication method do you want to use ?"
+msgstr "Méthode d'authentification à utiliser"
+
+#. Description
+#: ../templates:69
+msgid ""
+"Possible authentication methods are: - PAP - CHAP - CHAP with Microsoft "
+"extensions - CHAP with Microsoft extensions v2"
+msgstr ""
+"Les méthodes d'authentification disponibles sont : PAP, CHAP, CHAP avec des "
+"extensions de Microsoft et CHAP avec les extensions de Microsoft version 2."
+
+#. Description
+#: ../templates:69
+msgid ""
+"The recommended authentication method is one of the CHAP methods. However, "
+"you have to use a separate database (/etc/ppp/chap-secrets) if you want to "
+"use these. If you use PAP, you can use the standard system passwords when "
+"the ppp-pam package is installed."
+msgstr ""
+"Les méthodes d'authentification CHAP sont recommandées. Quoi qu'il en soit, "
+"vous devrez utiliser une base de données séparée (/etc/ppp/chap-secrets) si "
+"vous souhaitez les utiliser. Si vous choisissez PAP, vous pourrez utiliser "
+"les mots de passe standards du système après l'installation du paquet ppp-"
+"pam."

debian/po/pt_BR.po

@@ -0,0 +1,204 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: pptpd_1.1.4-0.b3.2\n"
+"POT-Creation-Date: 2003-05-02 20:05-0300\n"
+"PO-Revision-Date: 2003-05-02 20:26-0300\n"
+"Last-Translator: André Luís Lopes <andrelop@ig.com.br>\n"
+"Language-Team: Debian-BR Project <debian-l10n-portuguese@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../templates:3
+msgid "The local IP address of the virtual connections"
+msgstr "O endereço IP local das conexões virtuais"
+
+#. Description
+#: ../templates:3
+msgid "Specify the local IP address for the virtual connections."
+msgstr "Especifique o endereço IP local para as conexões virtuais."
+
+#. Description
+#: ../templates:3
+msgid ""
+"Please note that any address works as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"an IP address out of the LAN address space."
+msgstr ""
+"Por favor note que qualquer endereço funcionará contanto que o máquina "
+"local gerencie o roteamento. Mas caso você queira usar a rede "
+"MS-Windows você deverá usar um endereço IP fora do espaço de endereços "
+"da LAN."
+
+#. Description
+#: ../templates:3
+msgid ""
+"You can give only one address or you can give multiple addresses if you want "
+"to, although they are really not needed. Multiple addresses can be given as "
+"either \"10.0.0.1,10.0.0.2,10.0.0.3\" or \"10.0.0.1-3\". No spaces should be "
+"used between commas or within addresses."
+msgstr ""
+"Você pode fornecer somente um endereço ou você pode fornecer diversos "
+"endereços caso deseje, porém eles realmente não são necessários. "
+"Múltiplos endereços podem ser fornecidos informados como "
+"\"10.0.0.1,10.0.0.3\" ou \"10.0.0.1-3\". Nenhum espaço deve ser "
+"informado entre as vírgulas ou como parte dos endereços."
+
+#. Description
+#: ../templates:17
+msgid "A list of remote IP addresses for the virtual connections."
+msgstr "Uma lista de endereços IP remotos para as conexões virtuais."
+
+#. Description
+#: ../templates:17
+msgid "Specify the remote IP addresses for the virtual connections."
+msgstr "Especifique os endereços IP remotos para as conexões virtuais."
+
+#. Description
+#: ../templates:17
+msgid ""
+"Please note that any addresses work as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"IP addresses out of the LAN address space."
+msgstr ""
+"Por favor note que qualquer endereço funcionará contanto que o máquina "
+"local gerencie o roteamento. Mas caso você queira usar a rede "
+"MS-Windows você deverá usar endereços IP fora do espaço de endereços "
+"da LAN."
+
+#. Description
+#: ../templates:17
+msgid ""
+"You have to give one address for every concurrent connection. This will "
+"depend on how many clients you expect to be online at the same time. "
+"Multiple addresses can be given as either \"10.0.0.1,10.0.0.2,10.0.0.3\" or "
+"\"10.0.0.1-3\". No spaces should be used between commas or within addresses."
+msgstr ""
+"Você precisa fornecer um endereço para cada conexão concorrente. Isso "
+"dependerá de quantos clientes você espera que estejam on-line ao mesmo "
+"tempo. Diversos endereços podem ser informados como "
+"\"10.0.0.1,10.0.0.2,10.0.0.3\" ou \"10.0.0.1-3\". Nenhum espaço deverá "
+"ser usado entre as vírgulas ou como parte dos endereços."
+
+#. Description
+#: ../templates:31
+msgid "The netmask used for virtual connections."
+msgstr "A máscara de rede usada para conexões virtuais."
+
+#. Description
+#: ../templates:31
+msgid ""
+"If you use IP addresses from the LAN address space, please use the same "
+"netmask as on your LAN."
+msgstr ""
+"Caso você utilize endereços IP do espaço de endereços da LAN por favor "
+"usae a mesma máscara de rede usada em sua LAN."
+
+#. Description
+#: ../templates:37
+msgid "The IP address of your WINS server."
+msgstr "O endereço IP de seu servidor WINS."
+
+#. Description
+#: ../templates:37
+msgid ""
+"A WINS server is used for browsing available Computers in MS-Windows "
+"networking. This address is transmitted to the clients,"
+msgstr ""
+"Um servidor WINS é usado para navegar pelos computadores disponíveis "
+"em rede MS-Windows. Esse endereço é transmitido para os clientes."
+
+#. Description
+#: ../templates:43
+msgid "The IP address of your DNS server."
+msgstr "O endereço IP de seu servidor DNS."
+
+#. Description
+#: ../templates:43
+msgid "This address is transmitted to the clients."
+msgstr "Esse endereço é transmitido para os clientes."
+
+#. Description
+#: ../templates:49
+msgid "Do you want to use MPPE data encryption ?"
+msgstr "Você deseja usar encriptação de dados MPPE ?"
+
+#. Description
+#: ../templates:49
+msgid ""
+"The recommended way is to use the data encryption as it is one of the main "
+"benefits of a VPN. When you want to use MPPE (Microsoft Point-to-Point "
+"Encryption), you also  have to use CHAPMSv2 for authentication. . Note that "
+"you have to install the modified ppp packages if you want to use this data "
+"encryption."
+msgstr ""
+"A maneira recomendada é usar a encriptação de dados uma vez que esse é "
+"um dos principais benefícios de um VPN. Quando usar MPPE (Microsoft "
+"Point-to-Point Encryption) você terá também que usar CHAPMSv2 para "
+"autenticação. Note que você precisa instalar os pacotes ppp modificados "
+"caso você queira usar essa encriptação de dados."
+
+#. Description
+#: ../templates:58
+msgid "Warning: data encryption is disabled."
+msgstr "Aviso : a encriptação de dados está desabilitada."
+
+#. Description
+#: ../templates:58
+msgid ""
+"All data transferred between the local network and the client will be "
+"transmitted without encryption ! This is a security hole."
+msgstr ""
+"Todos os dados transferidos entre a rede local e o cliente serão "
+"transferidos sem encriptação ! Isto é uma falha de segurança."
+
+#. Description
+#: ../templates:58
+msgid "You have been warned. Now you loose your product warranty :)"
+msgstr "Você foi avisado. Agora você perdeu a garantia do produto :)"
+
+#. Choices
+#: ../templates:66
+msgid "pap, chap, chapms, chapms-v2"
+msgstr "pap, chap, chapms, chapms-v2"
+
+#. Description
+#: ../templates:68
+msgid "Which authentication method do you want to use ?"
+msgstr "Qual método de autenticação você deseja usar ?"
+
+#. Description
+#: ../templates:68
+msgid ""
+"Possible authentication methods are: - PAP - CHAP - CHAP with Microsoft "
+"extensions - CHAP with Microsoft extensions v2"
+msgstr ""
+"Os métodos de autenticação possíveis são : PAP - CHAP - CHAP com "
+"extensões Microsoft - CHAP com extensões Microsoft v2"
+
+#. Description
+#: ../templates:68
+msgid ""
+"The recommended authentication method is one of the CHAP methods. However, "
+"you have to use a separate database (/etc/ppp/chap-secrets) if you want to "
+"use these. If you use PAP, you can use the standard system passwords when "
+"the ppp-pam package is installed."
+msgstr ""
+"O método de autenticação recomendado é um dos métodos CHAP. Porém, você "
+"precisará usar uma base de dados separada (/etc/ppp/chap-secrets) caso "
+"você queira usá-los. Caso você use PAP, você poderá usar o sistema de "
+"senhas padrão quando o pacote ppp-pam for instalado."

debian/po/templates.pot

@@ -0,0 +1,170 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2003-05-02 20:05-0300\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../templates:3
+msgid "The local IP address of the virtual connections"
+msgstr ""
+
+#. Description
+#: ../templates:3
+msgid "Specify the local IP address for the virtual connections."
+msgstr ""
+
+#. Description
+#: ../templates:3
+msgid ""
+"Please note that any address works as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"an IP address out of the LAN address space."
+msgstr ""
+
+#. Description
+#: ../templates:3
+msgid ""
+"You can give only one address or you can give multiple addresses if you want "
+"to, although they are really not needed. Multiple addresses can be given as "
+"either \"10.0.0.1,10.0.0.2,10.0.0.3\" or \"10.0.0.1-3\". No spaces should be "
+"used between commas or within addresses."
+msgstr ""
+
+#. Description
+#: ../templates:17
+msgid "A list of remote IP addresses for the virtual connections."
+msgstr ""
+
+#. Description
+#: ../templates:17
+msgid "Specify the remote IP addresses for the virtual connections."
+msgstr ""
+
+#. Description
+#: ../templates:17
+msgid ""
+"Please note that any addresses work as long as the local machine takes care "
+"of the routing. But if you want to use MS-Windows networking, you should use "
+"IP addresses out of the LAN address space."
+msgstr ""
+
+#. Description
+#: ../templates:17
+msgid ""
+"You have to give one address for every concurrent connection. This will "
+"depend on how many clients you expect to be online at the same time. "
+"Multiple addresses can be given as either \"10.0.0.1,10.0.0.2,10.0.0.3\" or "
+"\"10.0.0.1-3\". No spaces should be used between commas or within addresses."
+msgstr ""
+
+#. Description
+#: ../templates:31
+msgid "The netmask used for virtual connections."
+msgstr ""
+
+#. Description
+#: ../templates:31
+msgid ""
+"If you use IP addresses from the LAN address space, please use the same "
+"netmask as on your LAN."
+msgstr ""
+
+#. Description
+#: ../templates:37
+msgid "The IP address of your WINS server."
+msgstr ""
+
+#. Description
+#: ../templates:37
+msgid ""
+"A WINS server is used for browsing available Computers in MS-Windows "
+"networking. This address is transmitted to the clients,"
+msgstr ""
+
+#. Description
+#: ../templates:43
+msgid "The IP address of your DNS server."
+msgstr ""
+
+#. Description
+#: ../templates:43
+msgid "This address is transmitted to the clients."
+msgstr ""
+
+#. Description
+#: ../templates:49
+msgid "Do you want to use MPPE data encryption ?"
+msgstr ""
+
+#. Description
+#: ../templates:49
+msgid ""
+"The recommended way is to use the data encryption as it is one of the main "
+"benefits of a VPN. When you want to use MPPE (Microsoft Point-to-Point "
+"Encryption), you also  have to use CHAPMSv2 for authentication. . Note that "
+"you have to install the modified ppp packages if you want to use this data "
+"encryption."
+msgstr ""
+
+#. Description
+#: ../templates:58
+msgid "Warning: data encryption is disabled."
+msgstr ""
+
+#. Description
+#: ../templates:58
+msgid ""
+"All data transferred between the local network and the client will be "
+"transmitted without encryption ! This is a security hole."
+msgstr ""
+
+#. Description
+#: ../templates:58
+msgid "You have been warned. Now you loose your product warranty :)"
+msgstr ""
+
+#. Choices
+#: ../templates:66
+msgid "pap, chap, chapms, chapms-v2"
+msgstr ""
+
+#. Description
+#: ../templates:68
+msgid "Which authentication method do you want to use ?"
+msgstr ""
+
+#. Description
+#: ../templates:68
+msgid ""
+"Possible authentication methods are: - PAP - CHAP - CHAP with Microsoft "
+"extensions - CHAP with Microsoft extensions v2"
+msgstr ""
+
+#. Description
+#: ../templates:68
+msgid ""
+"The recommended authentication method is one of the CHAP methods. However, "
+"you have to use a separate database (/etc/ppp/chap-secrets) if you want to "
+"use these. If you use PAP, you can use the standard system passwords when "
+"the ppp-pam package is installed."
+msgstr ""

debian/pptpd-options

@@ -0,0 +1,94 @@
+###############################################################################
+# $Id: pptpd-options,v 1.1 2004/05/17 02:16:35 quozl Exp $
+#
+# Sample Poptop PPP options file /etc/ppp/pptpd-options
+# Options used by PPP when a connection arrives from a client.
+# This file is pointed to by /etc/pptpd.conf option keyword.
+# Changes are effective on the next connection.  See "man pppd".
+#
+# You are expected to change this file to suit your system.  As
+# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
+###############################################################################
+
+
+# Authentication
+
+# Name of the local system for authentication purposes 
+# (must match the second field in /etc/ppp/chap-secrets entries)
+name pptpd
+
+# Optional: domain name to use for authentication
+# domain mydomain.net
+
+# Strip the domain prefix from the username before authentication.
+# (applies if you use pppd with chapms-strip-domain patch)
+#chapms-strip-domain
+
+
+# Encryption
+# Debian: on systems with a kernel built with the package
+# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
+# {{{
+refuse-pap
+refuse-chap
+refuse-mschap
+# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
+# Challenge Handshake Authentication Protocol, Version 2] authentication.
+require-mschap-v2
+# Require MPPE 128-bit encryption
+# (note that MPPE requires the use of MSCHAP-V2 during authentication)
+require-mppe-128
+# }}}
+
+
+
+
+# Network and Routing
+
+# If pppd is acting as a server for Microsoft Windows clients, this
+# option allows pppd to supply one or two DNS (Domain Name Server)
+# addresses to the clients.  The first instance of this option
+# specifies the primary DNS address; the second instance (if given)
+# specifies the secondary DNS address.
+#ms-dns 10.0.0.1
+#ms-dns 10.0.0.2
+
+# If pppd is acting as a server for Microsoft Windows or "Samba"
+# clients, this option allows pppd to supply one or two WINS (Windows
+# Internet Name Services) server addresses to the clients.  The first
+# instance of this option specifies the primary WINS address; the
+# second instance (if given) specifies the secondary WINS address.
+#ms-wins 10.0.0.3
+#ms-wins 10.0.0.4
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.  This will have the effect of making the peer appear to other
+# systems to be on the local ethernet.
+# (you do not need this if your PPTP server is responsible for routing
+# packets to the clients -- James Cameron)
+proxyarp
+
+# Debian: do not replace the default route
+nodefaultroute
+
+
+# Logging
+
+# Enable connection debugging facilities.
+# (see your syslog configuration for where pppd sends to)
+#debug
+
+# Print out all the option values which have been set.
+# (often requested by mailing list to verify options)
+#dump
+
+
+# Miscellaneous
+
+# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
+# access.
+lock
+
+# Disable BSD-Compress compression
+nobsdcomp 

debian/pptpd.conf

@@ -0,0 +1,80 @@
+###############################################################################
+# $Id: pptpd.conf,v 1.1 2004/05/17 02:16:35 quozl Exp $
+#
+# Sample Poptop configuration file /etc/pptpd.conf
+#
+# Changes are effective when pptpd is restarted.
+###############################################################################
+
+# TAG: ppp
+#	Path to the pppd program, default '/usr/sbin/pppd' on Linux
+#
+#ppp /usr/sbin/pppd
+
+# TAG: option
+#	Specifies the location of the PPP options file.
+#	By default PPP looks in '/etc/ppp/options'
+#
+option /etc/ppp/pptpd-options
+
+# TAG: debug
+#	Turns on (more) debugging to syslog
+#
+#debug
+
+# TAG: stimeout
+#	Specifies timeout (in seconds) on starting ctrl connection
+#
+# stimeout 10
+
+# TAG: noipparam
+#       Suppress the passing of the client's IP address to PPP, which is
+#       done by default otherwise.
+#
+#noipparam
+
+# TAG: logwtmp
+#	Use wtmp(5) to record client connections and disconnections.
+#
+logwtmp
+
+# TAG: bcrelay <if>
+#	Turns on broadcast relay to clients from interface <if>
+#
+#bcrelay eth1
+
+# TAG: localip
+# TAG: remoteip
+#	Specifies the local and remote IP address ranges.
+#
+#       Any addresses work as long as the local machine takes care of the
+#       routing.  But if you want to use MS-Windows networking, you should
+#       use IP addresses out of the LAN address space and use the proxyarp
+#       option in the pppd options file, or run bcrelay.
+#
+#	You can specify single IP addresses seperated by commas or you can
+#	specify ranges, or both. For example:
+#
+#		192.168.0.234,192.168.0.245-249,192.168.0.254
+#
+#	IMPORTANT RESTRICTIONS:
+#
+#	1. No spaces are permitted between commas or within addresses.
+#
+#	2. If you give more IP addresses than MAX_CONNECTIONS, it will
+#	   start at the beginning of the list and go until it gets 
+#	   MAX_CONNECTIONS IPs. Others will be ignored.
+#
+#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
+#	   you must type 234-238 if you mean this.
+#
+#	4. If you give a single localIP, that's ok - all local IPs will
+#	   be set to the given one. You MUST still give at least one remote
+#	   IP for each simultaneous client.
+#
+# (Recommended)
+#localip 192.168.0.1
+#remoteip 192.168.0.234-238,192.168.0.245
+# or
+#localip 192.168.0.234-238,192.168.0.245
+#remoteip 192.168.1.234-238,192.168.1.245

debian/pptpd.init

@@ -0,0 +1,56 @@
+#!/bin/sh
+# Copyright Rene Mayrhofer, ViaNova, 1999
+# This script is distibuted under the GPL
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/pptpd
+PIDFILE=/var/run/pptpd.pid
+FLAGS="defaults 50"
+
+case "$1" in
+  start)
+    echo -n "Starting PPTP Daemon: "
+    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
+    	-- < /dev/null > /dev/null
+    echo "pptpd."
+    ;;
+  stop)
+    echo -n "Stopping PPTP: "
+    start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
+    echo "pptpd."
+    ;;
+  reload)
+    echo "Not implemented."
+    ;;
+  force-reload|restart)
+    echo "Restarting PPTP: "
+    sh $0 stop
+    sh $0 start
+    ;;
+    status)
+    	if [ ! -r $PIDFILE ]; then
+            # no pid file, process doesn't seem to be running correctly
+            exit 3
+        fi
+    	PID=`cat $PIDFILE | sed 's/ //g'`
+        EXE=/proc/$PID/exe
+        if [ -x "$EXE" ] && 
+        	[ "`ls -l \"$EXE\" | cut -d'>' -f2,2 | cut -d' ' -f2,2`" = \
+        	"$DAEMON" ]; then
+            # ok, process seems to be running
+            exit 0
+        elif [ -r $PIDFILE ]; then
+            # process not running, but pidfile exists
+            exit 1
+        else
+            # no lock file to check for, so simply return the stopped status
+            exit 3
+        fi
+        ;;
+  *)
+    echo "Usage: /etc/init.d/pptpd {start|stop|restart|force-reload|reload}"
+    exit 1
+    ;;
+esac
+
+exit 0

debian/pptpdconfig.pl

@@ -0,0 +1,81 @@
+#!/usr/bin/perl -w
+use strict;
+
+use Debian::DebConf::Client::ConfModule ':all';
+
+&pptpd("/etc/pptpd.conf", get("pptpd/localip"), get("pptpd/remoteip"));
+exit 0;
+
+sub pptpd ($$$) {
+
+	my $line;         # eine Zeile von IN
+	my $xxx;
+	my @lines;
+	my $count;
+	my $filename;
+	my $localIp;
+	my $remoteIp;
+	my $spaces;
+	my $foundlocal=0;
+	my $foundremote=0;
+	my $IDString="# generated by pptpdconfig";
+
+	$filename=shift;
+	$localIp=shift;
+	$remoteIp=shift;
+	print("Configuring pptpd to use localip(s) $localIp and remoteip(s) ");
+	print("$remoteIp ...\n");
+	
+	open(IN, "<$filename") || die("$filename not found.\n");
+	@lines=<IN>;
+	
+	open(OUT, ">${filename}.old");
+	print OUT @lines;
+	close OUT;
+	
+	$count=0;
+	while ($count<=$#lines)
+	{
+		$line=$lines[$count];
+		if ($line=~/^\s*localip/) {
+			if ($line=~/$IDString/)
+			{
+		   	($spaces)=($line=~/^(\s*)\S*.*/);
+				$lines[$count]="${spaces}localip $localIp $IDString\n";
+		 		$foundlocal=1;
+		 	}
+			else
+			{
+				$lines[$count]="# removed by pptpdconfig --- ".$lines[$count]."\n";
+			}
+		}
+		
+		if ($line=~/^\s*remoteip/) {
+			if ($line=~/$IDString/)
+			{
+		   	($spaces)=($line=~/^(\s*)\S*.*/);
+				$lines[$count]="${spaces}remoteip $remoteIp $IDString\n";
+		 		$foundremote=1;
+		 	}
+			else
+			{
+				$lines[$count]="# removed by pptpdconfig --- ".$lines[$count]."\n";
+			}
+		}
+		$count++;
+	}
+	if ($foundlocal==0)
+	{
+		push(@lines, "localip $localIp $IDString\n");
+	}
+	if ($foundremote==0)
+	{
+		push(@lines, "remoteip $remoteIp $IDString\n");
+	}
+	close IN;
+	print("done\n");
+	
+	open(OUT, ">$filename");
+	print OUT @lines;
+	close OUT;
+}

debian/rules

@@ -0,0 +1,78 @@
+#!/usr/bin/make -f
+# MAde with the aid of dh_make, by Craig Small
+# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
+# Some lines taken from debmake, by Cristoph Lameter.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	./configure --prefix=/usr --mandir=/usr/share/man \
+		    --with-libwrap --with-bcrelay
+	# Add here commands to compile the package.
+	$(MAKE) 
+
+	touch build-stamp
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp install-stamp
+
+	# Add here commands to clean up after the build process.
+	-$(MAKE) distclean
+
+	dh_clean
+
+install: install-stamp
+install-stamp: build-stamp
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Add here commands to install the package into debian/tmp.
+	$(MAKE) install prefix=`pwd`/debian/tmp/usr mandir=`pwd`/debian/tmp/usr/share/man 	
+	cp debian/pptpd.conf `pwd`/debian/tmp/etc 
+	cp debian/pptpd-options `pwd`/debian/tmp/etc/ppp
+	#cp debian/pptpdconfig.pl `pwd`/debian/tmp/usr/sbin
+	touch install-stamp
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+#	dh_testversion
+	dh_testdir
+	dh_testroot
+	dh_installdocs
+#	mv `pwd`/debian/tmp/usr/share/doc/pptpd/html/*.txt `pwd`/debian/tmp/usr/share/doc/pptpd/
+	dh_installexamples
+#	dh_installmenu
+#	dh_installemacsen
+	dh_installinit
+#	dh_installcron
+	dh_installmanpages
+#	dh_installdebconf
+#	dh_undocumented
+	dh_installchangelogs -k ChangeLog
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_shlibdeps
+	dh_gencontrol
+#	dh_makeshlibs
+	dh_md5sums
+	dh_builddeb
+
+source diff:                                                                  
+	@echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary

debian/templates

@@ -0,0 +1,75 @@
+Template: pptpd/localip
+Type: string
+_Description: Local IP address of the virtual connections
+ Specify the local IP address for the virtual connections.
+ .
+ Please note that any address works as long as the local machine takes care
+ of the routing. But if you want to use MS-Windows networking, you should
+ use an IP address out of the LAN address space.
+ .
+ You can give only one address or you can give multiple addresses if you
+ want to, although they are really not needed. Multiple addresses can be
+ given as either "10.0.0.1,10.0.0.2,10.0.0.3" or "10.0.0.1-3". No spaces
+ should be used between commas or within addresses.
+
+Template: pptpd/remoteip
+Type: string
+_Description: A list of remote IP addresses for the virtual connections.
+ Specify the remote IP addresses for the virtual connections.
+ .
+ Please note that any addresses work as long as the local machine takes
+ care of the routing. But if you want to use MS-Windows networking, you
+ should use IP addresses out of the LAN address space.
+ .
+ You have to give one address for every concurrent connection. This will
+ depend on how many clients you expect to be online at the same time.
+ Multiple addresses can be given as either "10.0.0.1,10.0.0.2,10.0.0.3" or
+ "10.0.0.1-3". No spaces should be used between commas or within addresses.
+
+Template: pptpd/netmask
+Type: string
+_Description: Netmask used for virtual connections.
+ If you use IP addresses from the LAN address space, please use the same
+ netmask as on your LAN.
+
+Template: pptpd/wins
+Type: string
+_Description: IP address of your WINS server.
+ A WINS server is used for browsing available Computers in MS-Windows
+ networking. This address is transmitted to the clients,
+
+Template: pptpd/dns
+Type: string
+_Description: IP address of your DNS server.
+ This address is transmitted to the clients.
+
+Template: pptpd/mppe
+Type: boolean
+Default: true
+_Description: Do you want to use MPPE data encryption ?
+ The recommended way is to use the data encryption as it is one of the main
+ benefits of a VPN. When you want to use MPPE (Microsoft Point-to-Point
+ Encryption), you also  have to use CHAPMSv2 for authentication. . Note
+ that you have to install the modified ppp packages if you want to use this
+ data encryption.
+
+Template: pptpd/no-mppe
+Type: note
+_Description: Warning: data encryption is disabled.
+ All data transferred between the local network and the client will be
+ transmitted without encryption ! This is a security hole.
+ .
+ You have been warned. Now you loose your product warranty :)
+
+Template: pptpd/authentication
+Type: select
+_Choices: pap, chap, chapms, chapms-v2
+Default: chap
+_Description: Which authentication method do you want to use ?
+ Possible authentication methods are: - PAP - CHAP - CHAP with Microsoft
+ extensions - CHAP with Microsoft extensions v2
+ .
+ The recommended authentication method is one of the CHAP methods. However,
+ you have to use a separate database (/etc/ppp/chap-secrets) if you want to
+ use these. If you use PAP, you can use the standard system passwords when
+ the ppp-pam package is installed.

defaults.h

@@ -0,0 +1,77 @@
+/*
+ * defaults.h
+ *
+ * This file contains some tuneable parameters, most of which can be overriden
+ * at run-time.
+ *
+ * $Id: defaults.h,v 1.9 2006/09/04 23:17:25 quozl Exp $
+ */
+
+#ifndef _PPTPD_DEFAULTS_H
+#define _PPTPD_DEFAULTS_H
+
+/* Definitions for true and false */
+
+#ifndef FALSE
+#define FALSE 0
+#define TRUE !FALSE
+#endif
+
+/* String sizes for the config file */
+
+#define MAX_CONFIG_FILENAME_SIZE	256
+#define MAX_CONFIG_STRING_SIZE		512
+
+/* For IP parser */
+
+#define LOCAL 0
+#define REMOTE 1
+
+/* Default configuration values, mostly configurable */
+
+#define CONNECTIONS_DEFAULT		100
+#define DEFAULT_LOCAL_IP_LIST		"192.168.0.1-100"
+#define DEFAULT_REMOTE_IP_LIST		"192.168.1.1-100"
+
+#define MAX_CALLS_PER_TCP_LINK		128
+
+#ifdef PNS_MODE
+#define MAX_CALLS			60
+#endif
+
+#define PPP_SPEED_DEFAULT		"115200"
+#if EMBED
+#define PPTPD_CONFIG_FILE_DEFAULT	"/etc/config/pptpd.conf"
+#else
+#define PPTPD_CONFIG_FILE_DEFAULT	"/etc/pptpd.conf"
+#endif
+#define PIDFILE_DEFAULT			"/var/run/pptpd.pid"
+
+#define STIMEOUT_DEFAULT		10 /* seconds */
+
+/* Location of binaries */
+
+#define PPTP_CTRL_BIN			SBINDIR "/pptpctrl"
+#define PPTPD_BIN			SBINDIR "/pptpd"
+#define BCRELAY_BIN			SBINDIR "/bcrelay"
+
+/* Parameters permitted in the config file */
+
+#define CONNECTIONS_KEYWORD		"connections"
+#define SPEED_KEYWORD			"speed"
+#define PPPD_OPTION_KEYWORD		"option"
+#define DEBUG_KEYWORD			"debug"
+#ifdef BCRELAY
+#define BCRELAY_KEYWORD			"bcrelay"
+#endif
+#define LOCALIP_KEYWORD			"localip"
+#define REMOTEIP_KEYWORD		"remoteip"
+#define LISTEN_KEYWORD			"listen"
+#define PIDFILE_KEYWORD			"pidfile"
+#define STIMEOUT_KEYWORD		"stimeout"
+#define NOIPPARAM_KEYWORD		"noipparam"
+#define PPP_BINARY_KEYWORD		"ppp"
+#define LOGWTMP_KEYWORD			"logwtmp"
+#define DELEGATE_KEYWORD		"delegate"
+
+#endif	/* !_PPTPD_DEFAULTS_H */

getopt1.c

@@ -0,0 +1,199 @@
+/*
+ * getopt1.c
+ *
+ * Ripped from GLIBC - original copyright follows
+ *
+ * NOTE: Changed to make dependencies work better:
+ *        * <config.h> changed to "config.h"
+ *
+ * $Id: getopt1.c,v 1.1.1.1 2002/06/21 08:51:58 fenix_nl Exp $
+ */
+
+/* getopt_long and getopt_long_only entry points for GNU getopt.
+   Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98
+     Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "our_getopt.h"
+
+#if !defined __STDC__ || !__STDC__
+/* This is a separate conditional since some stdc systems
+   reject `defined (const)'.  */
+#ifndef const
+#define const
+#endif
+#endif
+
+#include <stdio.h>
+
+/* Comment out all this code if we are using the GNU C Library, and are not
+   actually compiling the library itself.  This code is part of the GNU C
+   Library, but also included in many other GNU distributions.  Compiling
+   and linking in this code is a waste when using the GNU C library
+   (especially if it is a shared library).  Rather than having every GNU
+   program understand `configure --with-gnu-libc' and omit the object files,
+   it is simpler to just do this in the source for each such file.  */
+
+#define GETOPT_INTERFACE_VERSION 2
+#if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2
+#include <gnu-versions.h>
+#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
+#define ELIDE_CODE
+#endif
+#endif
+
+#ifndef ELIDE_CODE
+
+
+/* This needs to come after some library #include
+   to get __GNU_LIBRARY__ defined.  */
+#ifdef __GNU_LIBRARY__
+#include <stdlib.h>
+#endif
+
+#ifndef	NULL
+#define NULL 0
+#endif
+
+int
+getopt_long (argc, argv, options, long_options, opt_index)
+     int argc;
+     char *const *argv;
+     const char *options;
+     const struct option *long_options;
+     int *opt_index;
+{
+  return _getopt_internal (argc, argv, options, long_options, opt_index, 0);
+}
+
+/* Like getopt_long, but '-' as well as '--' can indicate a long option.
+   If an option that starts with '-' (not '--') doesn't match a long option,
+   but does match a short option, it is parsed as a short option
+   instead.  */
+
+int
+getopt_long_only (argc, argv, options, long_options, opt_index)
+     int argc;
+     char *const *argv;
+     const char *options;
+     const struct option *long_options;
+     int *opt_index;
+{
+  return _getopt_internal (argc, argv, options, long_options, opt_index, 1);
+}
+
+
+#endif	/* Not ELIDE_CODE.  */
+
+#ifdef TEST
+
+#include <stdio.h>
+
+int
+main (argc, argv)
+     int argc;
+     char **argv;
+{
+  int c;
+  int digit_optind = 0;
+
+  while (1)
+    {
+      int this_option_optind = optind ? optind : 1;
+      int option_index = 0;
+      static struct option long_options[] =
+      {
+	{"add", 1, 0, 0},
+	{"append", 0, 0, 0},
+	{"delete", 1, 0, 0},
+	{"verbose", 0, 0, 0},
+	{"create", 0, 0, 0},
+	{"file", 1, 0, 0},
+	{0, 0, 0, 0}
+      };
+
+      c = getopt_long (argc, argv, "abc:d:0123456789",
+		       long_options, &option_index);
+      if (c == -1)
+	break;
+
+      switch (c)
+	{
+	case 0:
+	  printf ("option %s", long_options[option_index].name);
+	  if (optarg)
+	    printf (" with arg %s", optarg);
+	  printf ("\n");
+	  break;
+
+	case '0':
+	case '1':
+	case '2':
+	case '3':
+	case '4':
+	case '5':
+	case '6':
+	case '7':
+	case '8':
+	case '9':
+	  if (digit_optind != 0 && digit_optind != this_option_optind)
+	    printf ("digits occur in two different argv-elements.\n");
+	  digit_optind = this_option_optind;
+	  printf ("option %c\n", c);
+	  break;
+
+	case 'a':
+	  printf ("option a\n");
+	  break;
+
+	case 'b':
+	  printf ("option b\n");
+	  break;
+
+	case 'c':
+	  printf ("option c with value `%s'\n", optarg);
+	  break;
+
+	case 'd':
+	  printf ("option d with value `%s'\n", optarg);
+	  break;
+
+	case '?':
+	  break;
+
+	default:
+	  printf ("?? getopt returned character code 0%o ??\n", c);
+	}
+    }
+
+  if (optind < argc)
+    {
+      printf ("non-option ARGV-elements: ");
+      while (optind < argc)
+	printf ("%s ", argv[optind++]);
+      printf ("\n");
+    }
+
+  exit (0);
+}
+
+#endif /* TEST */

html/CVS/Entries

@@ -0,0 +1,3 @@
+/HOWTO-PoPToP.txt/1.2/Thu Apr 22 04:54:07 2004//
+/setup_pptp_client.html/1.1.1.1/Thu Apr 22 04:54:07 2004//
+D/poptop_ads_howto////

html/CVS/Repository

@@ -0,0 +1 @@
+poptop/html

html/CVS/Root

@@ -0,0 +1 @@
+:ext:quozl@poptop.cvs.sourceforge.net:/cvsroot/poptop

html/HOWTO-PoPToP.txt

@@ -0,0 +1,873 @@
+PoPToP HOWTO/FAQ
+----------------
+Last Updated: 20021024
+Send changes to: Richard de Vroede <r.devroede@linvision.com>
+
+HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List
+(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from
+Steve Rhodes and Michael Walter.
+
+
+Contents
+--------
+1.0 Introduction
+	1.1 About PoPToP
+	1.2 Credits
+2.0 System Requirements
+3.0 PPP with MSCHAPv2/MPPE Installation
+4.0 PoPToP Installation
+5.0 Windows Client Setup
+6.0 FAQ
+
+
+1.0 Introduction
+----------------
+1.1 About PoPToP
+PoPToP is the PPTP Server solution for Linux. PoPToP allows Linux servers to
+function seamlessly in the PPTP VPN environment. This enables administrators
+to leverage the considerable benefits of both Microsoft and Linux. The
+current pre-release version supports Windows 95/98/NT/2000 PPTP clients and
+PPTP Linux clients. PoPToP is free GNU software.
+
+PoPToP Home Page: http://www.moretonbay.com/vpn/pptp.html
+
+1.2 Credits
+PoPToP was originally started by Matthew Ramsay under the control of
+Moreton Bay Ventures (http://www.moretonbay.com). Around March 1999 PoPToP
+was publically released under the GNU GPL by Moreton Bay/Lineo.
+
+PoPToP is what it is today due to the help of a number of intelligent and
+experienced hackers. More specifically Kevin Thayer, David Luyer and
+Peter Galbavy.
+
+More contributors to PoPToP (in various forms) include Allan Clark, Seth
+Vidal, Harald Vogt and Ron O'Hara.
+
+And finally, credit to all the PoPToP followers who test and report
+problems.
+
+1.3 PopToP migrating from poptop.lineo.com
+March 18, 2002
+
+The main PoPToP developers left Lineo with the SnapGear spin-out. The ball 
+is being picked up by Daniel Djamludin. PoPToP has been actively developed 
+within SnapGear and a number of improvements need to be rolled out.
+
+Henceforth from this sentence onwards you should refer to "PoPToP" as 
+"Poptop" for ease of use and typing.
+
+Lineo have been asked to forward poptop.lineo.com to poptop.sourceforge.net
+
+The sources are being gathered to go into CVS, new binaries and dev images will follow.
+
+Source Forge looks like the best neutral ground to smooth out future upheavals.
+
+
+2.0 System Requirements
+-----------------------
+1. A modern Linux distribution (such as Debian, Red Hat, etc.) with a recent
+	kernel (2.4.x recommended, 2.2.x should be ok). Note: ports exist for
+	Solaris, BSD and others but are not supported in this HOWTO at this
+	time.
+2. PPP (2.4.1 recommended, 2.3.11 should be ok)
+	(and the MSCHAPv2/MPPE patch if you want enhanced Microsoft
+	compatible authentication and encryption).
+3. PoPToP v1.1.3 (or download the latest release at:
+	http://sourceforge.net/projects/poptop
+
+
+3.0 PoPToP Installation
+-----------------------
+Check out the documentation at http://sourceforge.net/docman/?group_id=44827
+
+
+4.0 Windows Client Setup
+------------------------
+
+Install it using the add-remove programs tool. Go to windows->communications
+and install VPN support.
+
+(If you do above you may *not* need to follow the instructions below as it
+will already be installed... ?
+
+follow the instructions: 
+
+   1.start->settings->control panel->network 
+   2.Click add 
+   3.choose adapter 
+   4.Click add 
+   5.select microsoft as the Manufactuarer 
+   6.select Microsoft Virtual Private Networking Adapter 
+   7.Click ok 
+   8.Insert any necessary disks 
+   9.Reboot your Machine 
+
+take a little nap here...
+
+Once your Machine is back 
+
+   1.go to dial-up networking (usually start->programs->Accessories->communications->Dial-up Networking) YMMV 
+   2.Click make new connection 
+   3.Name the Connection whatever you'd like. 
+   4.Select Microsoft VPN adapter as the device 
+   5.click next 
+   6.type in the ip address or hostname of your pptp server 
+   7.click next 
+   8.click finish 
+   9.Right-click on the intranet icon 
+  10.select properties 
+  11.choose server types 
+  12.check require encrypted password 
+  13.uncheck netbeui, ipx/spx compatible 
+  14.click tcp/ip settings 
+  15.turn off use IP header compression 
+  16.turn off use default gw on remote network 
+  17.click ok. 
+  18.start that connection 
+  19.type in your username and pw (yadda, yadda, yadda) 
+  20.once it finishes its connection your up. 
+
+
+Note that the Win95 routine is similar but requires Dial Up Networking Update 1.3 (free from Microsoft) to be installed first. 
+
+
+5.0 FAQ
+-------
+
+Q&A.
+INTRODUCTION
+
+After spending the better part of two weeks developing my configuration
+for a pptp sever for remote file access by Windows(tm) clients, I
+thought I would pass along these notes to those who may be interested.
+
+The basic configuration involves a Samba/PoPToP server behind a
+firewall, through which clients using Win98 machines will connect using
+the VPN facility built into that OS.  This is diagrammed below.
+
+ _____         ___         ______        ______
+|     |       |   \       | fire |      | file |
+| win | ---> / net \ ---> | wall | ---> | srvr |
+|_____|      \__/\_/      |______|      |______|
+
+
+The components of the system consist of the Win98 clients running the
+built-in VPN facility dialing in to their ISP's and connecting through
+the firewall to the Samba server on the internal network using the pptp
+protocol.  The firewall uses Network Address Translation to convert an
+open Internet IP address to an internal one.  Sounds simple enough
+right?
+
+SIMPLE TEST SETUP
+
+As a starting point, I configured a Win98 box to connect directly to a
+PoPToP server without any authentication or encryption.  This was just
+to get a feel for how pptp works and verify the setup.  Using the
+pre-packaged rpm's was a big help here.  You just rpm the thing onto the
+system and fire it up, and you're in business.  The diagram below
+represents this simple system.
+
+
+  192.168.56.142                192.168.56.11
+   _____                        ______
+  |     |                      | file |
+  | win | ------------------>  | srvr |
+  |_____|                      |______|
+
+Emboldend by my success, I set out to turn on MS authentication and
+encrytion, and this is where the fun started.
+
+AUTHENTICATION AND ENCRYPTION
+
+This is an area where Microsoft really shows its true colors.  Turning
+on password and data encryption on the Win98 VPN server configuration
+was quite the eye opening experience.  First with the authentication,
+you will have to go through a somewhat difficult compilation of the
+ppp-2.3.8 package.  The worst part here is getting all the pieces
+together, namely the rc4 files.  This process is well documented in this
+archive, so I won't go into it here.
+
+The next realization is that Microsoft prepends the domain name to the
+user name when submitting the login credentials. For example, srhodes is
+now DBNET\\srhodes.  If that wasn't bad enough, I found that the domain
+wasn't even the one I was logged into.  My best guess is that the first
+domain that the computer ever logs into is stuck with it for ever.  This
+is a real problem if you have multiple domains that you log into.  I
+modified the pppd.c code to strip out the domain on MSCHAP logins, but
+you can just set the user name in chap-secrets to match the windows
+version.
+
+Then I spent a whole day trying to figure out why data encryption does
+not work.  I tried just about everything I could think of that could be
+wrong.  That's when I discovered this archive, for which I am truly
+grateful.  It turns out that the Win9x implementation of encrytpion is
+FUBAR!  You have to download one of those patches from Microsoft,
+MSDUN 1.4 to get the thing to work. 
+
+Windows 95
+http://download.microsoft.com/download/win95/Update/17648/W95/EN-US/dun14-95.exe
+
+Windows 98
+http://download.microsoft.com/download/win98/Update/17648/W98/EN-US/dun14-98.exe
+
+Windows 98se
+http://download.microsoft.com/download/win98SE/Update/17648/W98/EN-US/dun14-SE.exe
+
+
+FIREWALL CONFIGURATION
+
+The issue with a firewall in this setup is that you need to cover two
+types of protocol communication.  There is one connection which is a tcp
+connection on port 1723 that handles the control functions and another
+connection using IP type 47, or GRE, which handles the actual data
+communication.  This second connection presents a problem for the
+convention linux firewall, ipfwadm.  You see, its only set up to handle
+tcp, udp and icmp protocols.  It doesn't know about GRE.
+
+The trick around this block is to use one of the new 2.2 kernels, which
+employ a new firewall called ipchains.  This tool willl handle arbitrary
+protocols, which can be specified by their numbers.
+
+
+  192.168.2.142                                    192.168.56.11
+   _____                   ______                   ______
+  |     |                 | fire | 192.168.56.1    | file |
+  | win | --------------->| wall | --------------> | srvr |
+  |_____|     192.168.2.1 |______|                 |______|
+
+
+
+You need to remember a few things before getting too deep into this.
+The default gateway on win is set to 192.168.2.1, and the default
+gateway on file srvr is set to 192.168.56.1.  The firewall has the two
+network interfaces spanning the two subnets and is configured for
+IP forwarding.  If you have not yet applied any firewall rules, this
+configuration will work as before.  The interesing part is to block out
+all other access to file srvr by implementing ipchains rules.
+
+The short story is:
+
+ipchains -F
+ipchains -P forward DENY
+ipchains -I forward -p tcp -d 192.168.56.11 1723 -j ACCEPT
+ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT
+ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT
+ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT
+
+
+NETWORK ADDRESS TRANSLATION
+
+The next hurdle is to configure the firewall so that it can run an open
+internet IP address on the outside and allow access to an internal
+address on the inside.  NAT is very well suited to this task, although
+you may hear otherwise from knowledgable sources.  It happens to be my
+preference, though certainly not the only way to skin this cat.  You can
+obtain the NAT software and some detailed information from
+
+http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
+
+But again, there is a problem with the GRE protocol of type 47.  The
+tool for configuring NAT, ipnatadm, like its half-brother ipfwadm, is
+not set up to handle arbitrary protocols.  Unfortunately, you'll have to
+go into the code and make a slight modification if you want to use it
+for this purpose.  There is a procedure called parse_protocol in the
+file routines.c that discriminates the type of protocol to be filtered.
+The basic idea is to accept a string representing a number and use that
+as the filter.  Since you have to recompile the kernel anyway to get the
+NAT functionality, maybe it's not so horrible, relatively speaking.
+
+For those ambitous enough, here is the diff for the routines file, copy
+this into a file called routines.diff and use the command patch -p0 <
+routines.diff from within the same directory.
+
+
+--- routines.c  Thu Mar 25 15:41:58 1999
++++ /mnt/zip/nat/routines.c     Wed Jul 21 21:09:28 1999
+@@ -112,11 +112,18 @@
+        else if (strncmp("icmp", s, strlen(s)) == 0)
+                nat_set.nat.protocol = IPPROTO_ICMP;
+        else {
++               int number;
++               char * end;
++               number = (int)strtol(s, &end, 10);
++               nat_set.nat.protocol = number;
++       }
++       /*
++       else {
+                fprintf(stderr, "ipnatadm: invalid protocol \"%s\"
+specified\n", s);
+                exit_tryhelp(2);
+-               /* make the compiler happy... */
+                return;
+        }
++       */
+ }
+
+ void parse_hostnetworkmask(char *name, struct in_addr **addrpp, __u32
+*maskp, int *naddrs)
+
+
+
+The patch is actually lifted from ipchains, which was derived from
+ipfwadm, which provides the basis for ipnatadm.
+
+Once you've got all that running, what you want to do is to set up the
+NAT rules so that the incoming client thinks its talking to the
+firewall, as does the outgoing file server.  The short of it is:
+
+ipnatadm -F
+ipnatadm -I -i -P 6 -D 192.168.2.1 1723 -N 192.168.56.11 1723
+ipnatadm -O -i -P 6 -S 192.168.56.11 1723 -M 192.168.2.1 1723
+ipnatadm -I -i -P 47 -D 192.168.2.1 -N 192.168.56.11
+ipnatadm -O -i -P 47 -S 192.168.56.11 -M 192.168.2.1
+
+
+Here, the -P argument sets the protocol, 6 is tcp and 47 is GRE.
+PPTP packets targeting the firewall are translated to the internal host
+inbound and vice-versa on the way out.  Very slick.
+
+SAMBA
+
+Here's a subject so complex you could probably devote a whole career to
+it.  We don't want to get too bogged down, so I'll be brief.  Samba
+implements the NetBIOS protocol, which has more quirks than you can
+shake a stick at.  One of the biggest problems is the use of subnet
+broadcasting.  Suffice it to say, if you want the best results, you
+should set your PoPToP IP addresses to reside within the subnet on which
+the file server ethernet is located.  I choose 192.168.56.12 for the
+server address, and it hands out IP's from 192.168.13-127.
+Setting the IP forwarding on the file server to true will give you
+access to other machines on the internal network.
+
+When you go at the samba sever from Win98, you have to use encrypted
+password.  Look at smbpasswd and related stuff.
+
+Finding shares on the server is not so easy.  The short story here is
+that browsing is implemented via broadcast packets, and broadcast
+packets will not travel down a PPP link.  The only way to get browsing
+to work over pptp is to set Samba up as a WINS server and a Domain login
+server, and configure the clients to use that WINS server and force them
+to login to that Domain.  Believe me, I tried just about everything to
+avoid that.  You will also want to set the samba server as the domain
+master and preferred master for the browsing.
+
+If you can't do that, you can set the ppp/options file to include a
+ms-wins setting for the samba server.  This will set the client up so
+they can at least resolve host names.  The only way to find a share
+under this configuration is to name it explicitly.  You can use the
+tools menu from the Win98 file browser and say find -> computer and
+enter in the name of the samba server and it will be found.  I have
+found that setting domain master = yes and preferred master = yes gives
+a rather nice boost to the speed of name lookups on the network.
+
+Here is my abbreviated smb.conf
+
+[global]
+   workgroup = VAULT
+   server string = acer
+   log file = /var/log/samba/log.%m
+   max log size = 50
+   security = user
+   encrypt passwords = yes
+   smb passwd file = /etc/smbpasswd
+   socket options = TCP_NODELAY
+   domain master = yes
+   preferred master = yes
+   domain logons = yes
+   wins support = yes
+   dns proxy = no
+[homes]
+   comment = Home Directories
+   browseable = no
+   writable = yes
+
+You should also use the lmhosts option for nmbd  (-H) and set up an
+lmhosts file on the samba server.  Make sure also the the samba server
+can resolve its own name, through either /etc/hosts or DNS.
+
+In all honesty , I went through the same simple test setup with samba as
+I did for PoPToP, although its not shown here explicitly.
+
+CONCLUSION
+
+PoPToP is a good program, as is Samba.  This configuration can work if
+you put a little effort into it.  I have seen a lot of questions here
+and in other places about these types of systems, so I would think that
+there is some demand on the part of users who want this type of
+functionality.  I hope these notes are useful to you if this is what you
+want to do.
+
+****************************************************************************
+Q&A
+I have a pptp server set up on my office LAN.  I can connect to the
+server and ping to it fine, but I can't ping any other hosts on the
+office subnet.  I have ip-forwarding turned on and I have proxyarp set
+in the ppp/options file.  What can be wrong?
+
+There seem to be a lot of questions floating around about routing and
+masq'ing associated with this issue.
+
+Well, my curiosity got the best of me, so I thought I would check this
+out.  Shown below is my test setup for investigating this problem.
+
+
+192.168.8.142     192.168.56.10    192.168.56.11   192.168.56.12
+ ________          _______           ______        _____
+|        |        |       |         |      |      |      |
+| client |------->| fire  |-------->| pptp |----->| host |
+|        |        | wall  |         | srvr |      |      |
+|________|        |_______|         |______|      |______|
+    H                                   H
+    H         192.168.8.10              H
+    H                                   H
+    H===================================H
+192.168.5.12     pptp connection     192.168.5.11
+
+
+For the sake of simplicity, we will ignore address translation issues
+associated with the firewall.  This assumes that the client at
+192.168.8.142 is going to use 192.168.56.11 as its target address for
+the pptp connection to pptp_srvr.  The firewall will block all access to
+
+the 192.168.56.0 subnet except for pptp connections associated with
+pptp_srvr.  This can be implemented with ipchains
+
+ipchains -P input DENY
+ipchains -P forward DENY
+ipchains -A input 192.168.56.0/24 -j ACCEPT    /* allow connections from
+
+inside */
+ipchains -A input -p tcp -d 192.168.56.11 1723 -j ACCEPT
+ipchains -A input -p 47 -d 192.168.56.11 -j ACCEPT
+ipchains -A forward -p tcp -d 192.168.56.11 1723 -j ACCEPT
+ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT
+ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT
+ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT
+
+When you connect from client to pptp_srvr, you will be able to complete
+the connection and ping to pptp_srvr.  However, if you attempt to ping
+host, at 192.168.56.12, this will fail.
+
+A clue to this problem can be found in the /var/tmp/messages file on
+pptp_srvr.  There, in the pppd messages, you will find
+
+Cannot determine ethernet address for proxy ARP
+
+This is due to an issue with the pppd program, which attempts to find a
+hardware interface on the subnet to which the pppd client has been
+assigned.  In this case its looking for a hardware interface on the
+192.168.5.0 subnet.  It will fail to find one, and will drop the
+proxyarp request.
+
+The simplest way around this problem, and the one that is suggested in
+the pppd documentation, is to set the pppd client IP assignment to be on
+
+the local subnet.  An example in this case might be 192.168.56.129.
+However, it may not be possible to do that.  In the case of a fully
+loaded subnet, there may not be any addresses to spare.  Or there may be
+
+some security issues with giving out local subnet addresses.  What to
+do?
+
+The place to look is in the arp table.  If you run tcpdump on host
+(192.168.56.12) during the time when client is pinging, you will see
+unanswered arp requests from host attempting to find the hardware
+address for 192.168.5.12.  You need to proxy the hardware address of the
+
+pptp_srvr for client in order for this request to be fulfilled.  This is
+
+the job of proxyarp.  However, proxyarp has let us down in this
+instance, and we need to find a workaround.
+
+This can be done manually using the arp command on pptp_srvr.  For
+example, if the hardware address of the ethernet card on pptp_srvr is
+00:60:08:98:14:14, you could force the arp to proxy the client pptp
+address by saying
+
+arp --set 192.168.5.12 00:60:08:98:14:13 pub
+
+You should now be able to ping from client to host through the pptp
+connection.
+
+This can be a problem, however, in a dynamic environment when clients
+are logging into and out of the pptp server on a continuous basis.  One
+way around this problem is to write a script that will execute upon the
+initiation of each ppp connection.
+
+The place to do this is in /etc/ppp/ip-up.  This script is executed each
+
+time a new ppp connection is started.  It gets some variables passed
+into it, one of which is the assigned IP address of the client.  Note
+that RedHat systems use ip-up.local as the place for you to make the
+script.  Don't forget to chmod +x !
+
+
+#! /bin/bash
+
+REMOTE_IP_ADDRESS=$5
+
+date > /var/run/ppp.up
+echo "REMOTE_IP_ADDRESS = " $REMOTE_IP_ADDRESS >> /var/run/ppp.up
+arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up
+
+exit 0
+
+
+This should put you in business for accessing the remote subnet under
+this scenario.  I am a little bit concerned, however, because I also
+built a script ip-down.local, that should remove the arp proxy when
+client disconnected.  It doesn't seem to do anything, however, and if I
+try to delete the arp entry manually, it just spits out a cryptic error
+message.  The arp entries remain persistent, as far as I can tell.  If
+this is a problem or not, I don't know.  The next few clients that log
+in are treated well, so I guess its OK.
+
+****************************************************************************
+Q.
+Also, after running pptpd and monitoring its log file and seeing that it
+failed to open ttyp1 - I chmod +rw /dev/ttyp[0-9] and it seemed to work
+somewhat.  But, after I rebooted, I had to do this again.  Is this normal?
+
+A.
+pptpd should be running as root (unless you have a system with a setuid 
+openpty() helper, which isn't very common).  If it fails to open a pty/tty
+pair as root then that is probably because it is in use.
+
+Other programs which use pty/tty's will change their permissions back to
+the standard ones.
+
+****************************************************************************
+Q.
+sometimes when I make a connection to my pptpd server I
+see a message like
+
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-21
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-26
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-24
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-21
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-26
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-24
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-26
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-24
+Jul  2 17:30:03 ape modprobe: can't locate module ppp-compress-21
+
+
+in /var/log/messages on the server.  Any idea what I 
+can do about it?  
+
+A.
+yeah, in your /lib/modules/<kernel version>/net/ directory, there should
+be files called bsd_comp.o and ppp_deflate.o.. insmod those files and
+you'll be good to go.
+
+****************************************************************************
+Q.
+Hi, I'm having trouble getting pptpd & mschap-v2 to work. I downloaded
+all of the patches and compiled everything but whenever i try to connect
+from my win98 machine, it says:
+
+Error 691:  The computer you have dialed in to has denied access because
+the username and/or password is invalid on the domain.
+
+What is this suppose to mean?
+
+A.
+Error 691 is an authentication problem probably due to the fact that MS
+chap uses the domain name and username combo to authenticate.  If you
+look at the logs you will probably see a message saying that MS chap is
+trying to authenticate user "domain\\username".  I got it to work by
+putting the full domain and user string in the client portion of the
+chap-secrets file.
+
+# Secrets for authentication using CHAP
+# client                        server          secret          IP
+addresses
+workgroup\\user         server          password         *    
+
+If anyone knows how to get it to default to a particular domain, I would
+like to know.
+
+****************************************************************************
+Q.
+how do I go about checking who is logged in via tunnel?
+
+I need some way of writing the pppd data to wtmp/utmp.
+(and not sessreg either)
+
+does anyone know of any way of doing this via ppp?
+
+A.
+pppd syslogs everything to /var/log/messages (that's the default on my box
+anyways) and it will say something like :
+pppd[15450]: CHAP peer authentication succeeded for <username>
+
+you could do a tail /var/log/messages -n2000 | grep CHAP if you wanted to
+see who has been logging in.
+
+other than that, there's not much i know of. all the authentication is
+provided by pppd (if you don't have an auth or a require-chap (or pap, etc.)
+option, it doesn't even ask for a username.
+
+****************************************************************************
+Q.
+My NT client won't connect!
+
+A.
+Try taking header and software compression off.
+
+
+****************************************************************************
+Q. PPTP *client* stops working.
+
+A.
+go to /var/run/pptp/ and look for a socket named x.x.x.x
+delete it and try it again.
+
+****************************************************************************
+Q.
+How many clients does PoPToP support?
+
+A.
+The limits under Linux are:
+
+  per-process filedescriptors
+          - one per client (would limit clients to 256 by default,
+		    or 1024 with kernel recompile, or more with major libc/kernel
+			hackery)
+          - no relevant limit
+
+  ttys    - currently, with a standard kernel, 256 clients
+          - with Unix98 ptys and a small amount of coding, 2048
+
+  ppp devices
+          - no limit in kernel source for ppp
+          - limit of 100 in dev_alloc_name() in 2.2.x
+
+        for(i=0;i<100;i++)
+        {
+                sprintf(dev->name,name,i);
+                if(dev_get(dev->name)==NULL)
+                        return i;
+        }
+
+            best fix is probably to keep a static int ppp_maxdev so you
+            don't end up doing 2000 dev_get's to allocated the 2001'th
+            device.
+
+  processes
+          - 2 per client plus system processes
+          - standard kernel max = 512 processes, ie 256 clients
+          - i386 max = 4096 processes, ie 2048 clients
+
+So it seems that 2048 will be the limit, if you fix a few things and
+with a minor kernel mod (I could do all of these pretty easily and send
+you a trivial kernel patch).  To go above 2048 the easiest approach would
+be to combine pptpctrl and pppd in one process, which would get you to
+4096.  Beyond there, you need to go for a select() based model, which would
+be significant coding effort and require large fd-set sizes and so on.
+So 4096 is the practical limit, and 2048 the easy limit.
+
+****************************************************************************
+Q.
+What authentication methods (PAP/CHAP) does PoPToP work with?
+
+A.
+PoPToP uses whatever authentication methods your PPPd provides (usually
+PAP and CHAP). With PPPd patches you can get MSCHAP and MSCHAPv2
+authentication as well.
+
+****************************************************************************
+Q. 
+When running PoPToP I get the following error:
+ 
+	Jun 11 08:29:04 server pptpd[4875]: MGR: No more free connection slots!
+ 
+What does this mean?
+
+A.
+I'd say at a guess you've only configured one IP address and you have 
+connected a client, and as such there are no more free connection slots should 
+any more clients wish to connect.
+
+****************************************************************************
+Q.
+Does PoPToP suffer from the same security flaws
+(http://www.counterpane.com/pptp.html) as the Windows NT PPTP server?
+
+A.
+An initial look at the article suggests that what the authors hammered was
+not the PPTP protocol, but the authentication that the PPTP VPN servers on
+NT offered access to via open internet.  PPTP seems initially to be just
+the path to the weakness, not the weakness itself.  Part of their
+observance of weakness deals with use of poor passwords as well, a cheap
+component, simple enough to fix.
+
+> While no flaws were found in PPTP itself, several serious flaws were
+> found in the Microsoft implementation of it.
+> (http://www.counterpane.com/pptp-pressrel.html)
+
+The authors do not specifically say "this is ONLY effective against NT",
+just that NT is affected.  This implies that they do not recognize PoPToP,
+and it may be included.  The fact that PoPToP has to interOp with MS DUN's
+VPN client means that it will have the same weaknesses.  It can only
+protect itself from DoS attacks, have immediate response to out-of-sequence
+packets or illogical packets, etc.
+
+The protocol is not considered weak in this analysis, but the weaknesses
+have to be replicated in apparent behavior by PoPToP.  The only thing the
+developers can do with PoPToP is make it a stronger server per se -- more
+able to handle the attacks when the come.
+
+In conclusion: PoPToP suffers the same security vulnerabilities as the NT
+sever (this is because it operates with Windows clients).
+
+Update: MSCHAPv2 has been released and addresses some of the security
+issues. PoPToP works with MSCHAPv2.
+
+****************************************************************************
+Q.
+Does PoPToP support data encryption?
+
+A.
+Yes.. with appropriate PPPd patches. Patches are available for PPPd to
+provide Microsoft compatible RC4 data encryption. The PPPd patch supports
+40 and 128 bit RC4 encryption.
+
+****************************************************************************
+Q.
+PoPToP or IPsec? Which is better suited to my needs?
+
+A.
+1. The difference between PoPToP and IPsec is that PoPToP is ready NOW..
+and requires *no* third party software on the Windows client end
+(Windows comes with a free PPTP client that is trivial to set up).
+
+2. PoPToP is a completely *free* solution.
+Update: Unfortunately not true for Mac *clients* though. The Mac client
+software is around $400 US a copy.
+
+3. PoPToP can be integrated with the latest PPPD patches that take
+advantage of MSCHAPv2 and MPPE (Microsoft encryption using RC4 - 40/128
+bits).
+
+More details follow from Emir Toktar:
+(Refs: A Comprehensive Guide to Virtual Private Networks, IBM.
+Virtual Private Networking: An Overview White Paper - DRAFT, 3/18/98
+Microsoft.)
+
+Neither network layer-based (L2TP, PPTP,...) nor application layer-based
+(IPSec,SSL,SSH) security techniques are the best choice for all
+situations. There will be trade-offs. Network layer security protects the
+information created by upper layer protocols, but it requires that IPSec
+be implemented in the communications stack.
+
+With network layer security, there is no need to modify existing upper
+layer applications. On the other hand, if security features are already
+imbedded within a given application, then the data for that specific
+application will be protected while it is in transit, even in the absence
+of network layer security. Therefore security functions must be imbedded
+on a per-application basis.
+
+There are still other considerations:
+Authentication is provided only for the identity of tunnel endpoints, but
+not for each individual packet that flows inside the tunnel. This can
+expose the tunnel to man-in-the-middle and spoofing attacks.
+
+Network layer security gives blanket protection, but this may not be as
+fine-grained as would be desired for a given application. It protects
+all traffic and is transparent to users and applications.
+
+Network layer security does not provide protection once the datagram has
+arrived at its destination host. That is, it is vulnerable to attack
+within the upper layers of the protocol stack at the destination machine.
+
+Application layer security can protect the information that has been
+generated within the upper layers of the stack, but it offers no
+protection against several common network layer attacks while the
+datagram is in transit. For example, a datagram in transit would be
+vulnerable to spoofing attacks against its source or destination address.
+
+Application layer security is more intelligent (as it knows the
+application) but also more complex and slower.
+
+IPSec provides for tunnel authentication, while PPTP does not.
+
+<User Authentication> Layer 2 tunneling protocols inherit the user
+authentication schemes of PPP, including the EAP methods discussed below.
+Many Layer 3 tunneling schemes assume that the endpoints were well
+known (and authenticated) before the tunnel was established. An exception
+to this is IPSec ISAKMP negotiation, which provides mutual authentication
+of the tunnel endpoints. (Note that most IPSec implementations support
+machine-based certificates only, rather than user certificates. As a
+result, any user with access to one of the endpoint machines can use
+the tunnel. This potential security weakness can be eliminated when
+IPSec is paired with a Layer 2 protocol such as L2TP.
+
+<Token card support> Using the Extensible Authentication Protocol
+(EAP), Layer 2 tunneling protocols can support a wide variety of
+authentication methods, including one-time passwords, cryptographic
+calculators, and smart cards. Layer 3 tunneling protocols (IPSec) can
+use similar methods; for example, IPSec defines public key certificate
+authentication in its ISAKMP/Oakley negotiation.
+
+<Dynamic address assignment> Layer 2 tunneling supports dynamic
+assignment of client addresses based on the Network Control Protocol
+(NCP) negotiation mechanism.
+
+Generally, Layer 3 tunneling schemes assume that an address has already
+been assigned prior to initiation of the tunnel. Schemes for assignment
+of addresses in IPSec tunnel mode are currently under development and
+are not yet available.
+
+<Data Compression> Layer 2 tunneling protocols support PPP-based
+compression schemes. For example, the Microsoft implementations of both
+PPTP and L2TP use Microsoft Point-to-Point Compression (MPPC). The IETF
+is investigating similar mechanisms (such as IP Compression) for the
+Layer 3 tunneling protocols.
+
+<Data Encryption> Layer 2 tunneling protocols support PPP-based data
+encryption mechanisms. Microsoft's implementation of PPTP supports
+optional use of Microsoft Point-to-Point Encryption (MPPE), based on
+the RSA/RC4 algorithm. Layer 3 tunneling protocols can use similar
+methods; for example, IPSec defines several optional data encryption
+methods which are negotiated during the ISAKMP/Oakley exchange.
+
+<Key Management> MPPE, a Layer 2 protocol, relies on the initial key
+generated during user authentication, and then refreshes it
+periodically. IPSec, explicitly negotiates a common key during the
+ISAKMP exchange, and also refreshes it periodically.
+
+<Multi-protocol support> Layer 2 tunneling supports multiple payload
+protocols, which makes it easy for tunneling clients to access their
+corporate networks using IP, IPX, NetBEUI, and so forth. In contrast,
+Layer 3 tunneling protocols, such as IPSec tunnel mode, typically
+support only target networks that use the IP protocol. IPSec is not
+multi-protocol.
+
+IPSec will be suported by Windows 2000.
+
+Many cases can occur, each of which needs to be examined on its own 
+merit. It may be desirable to employ a mix of both network layer
+security techniques and application layer techniques to achieve the
+desired overall level of protection. For example, you could use an upper
+layer mechanism such as Secure Sockets Layer (SSL) to encrypt upper
+layer data. SSL could then be supplemented with IPSec's AH protocol at
+the network layer to provide per-packet data origin authentication and
+protection against spoofing attacks.
+
+****************************************************************************
+Q.
+I get a 'createHostSocket: Address already in use' error! what gives?
+
+A.
+Address already in use in createHostSocket means something is already using
+TCP port 1723 - maybe another pptp daemon is running?
+
+****************************************************************************
+Q.
+Does PoPToP work with Windows 2000 clients?
+
+A.
+PoPToP v0.9.5 and above should work with Windows 2000 clients.
+
+****************************************************************************

html/poptop_ads_howto/CVS/Entries

@@ -0,0 +1,18 @@
+/diagram1.jpg/1.1/Tue Oct 25 03:08:14 2005//
+/poptop_ads_howto_2.htm/1.1/Tue Oct 25 03:08:14 2005//
+/poptop_ads_howto_3.htm/1.2/Thu Jan  5 00:21:15 2006//
+/test.txt/1.1/Tue Apr 18 03:02:31 2006//
+/poptop_ads_howto_1.htm/1.11/Mon Apr 16 00:42:09 2007//
+/poptop_ads_howto_10.htm/1.5/Mon Apr 16 00:42:09 2007//
+/poptop_ads_howto_11.htm/1.4/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_12.htm/1.3/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_4.htm/1.10/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_5.htm/1.5/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_6.htm/1.5/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_6a.htm/1.2/Sun Jan 14 23:46:51 2007//
+/poptop_ads_howto_7.htm/1.5/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_8.htm/1.6/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_9.htm/1.3/Mon Apr 16 00:42:10 2007//
+/poptop_ads_howto_a1.htm/1.1/Mon May  8 07:29:48 2006//
+/poptop_ads_howto_a2.htm/1.1/Mon May  8 07:29:48 2006//
+D

html/poptop_ads_howto/CVS/Repository

@@ -0,0 +1 @@
+poptop/html/poptop_ads_howto

html/poptop_ads_howto/CVS/Root

@@ -0,0 +1 @@
+:ext:quozl@poptop.cvs.sourceforge.net:/cvsroot/poptop

html/poptop_ads_howto/poptop_ads_howto_10.htm

@@ -0,0 +1,88 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>15. pptpd and freeradius </strong></p>
+<p>The section covers the configuration of pptpd + freeradius + AD. If you are looking at the integration via winbind. Go to <a href="poptop_ads_howto_7.htm">this section</a>.</p>
+<hr>
+<a name="radiusd"></a><strong>15.1 Enable freeradius</strong>
+<p>To enable radiusd on bootup, use the chkconfig command.</p>
+<blockquote>
+  <pre>[root@pptp ~]# chkconfig radiusd on </pre>
+</blockquote>
+<p>To start radiusd in daemon mode:
+</p>
+<blockquote>
+  <pre>[root@pptp ~]# service radiusd start
+Starting RADIUS server: Sun Sep  4 11:26:24 2005 : Info: Starting - reading configuration files ...<br>[  OK  ]</pre>
+</blockquote>
+<p></p>
+<hr>
+<a name="pptpdradius"></a><strong>15.2 Configure pptpd </strong>
+<p>There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections. </p>
+<blockquote>
+  <pre>localip 10.0.0.10<br>remoteip 10.0.0.101-200 </pre>
+</blockquote>
+<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="file:///C:/StudioMX/poptop_ads_howto_4.htm#pptpd">Section 7.2</a> for details on the logwtmp option.</p>
+<p>Please note that pptpd by default has a 100 connections limit. You can override it by the "connection" parameter in the pptp.conf file. Read the remarks in the file.</p>
+<p>The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:</p>
+<blockquote>
+  <pre>name pptpd
+refuse-pap<br>refuse-chap<br>refuse-mschap<br>require-mschap-v2<br>require-mppe-128
+ms-dns 10.0.0.1
+ms-wins 10.0.0.1
+proxyarp
+lock
+nobsdcomp
+novj
+novjccomp
+nologfd
+auth
+nodefaultroute
+plugin radius.so
+plugin radattr.so</pre>
+</blockquote>
+<p>There are two plugins we used in here. The first one radius.so is required while the second one radattr.so is optional. Radattr.so basically records the parameters passed from radius to pppd in a file. Check the man page of pppd-radattr for details. </p>
+<p>Then, we need to fix the permission of a winbind directory.</p>
+<blockquote>
+  <pre>[root@pptp ~]# chgrp radiusd /var/cache/samba/winbindd_privileged/</pre>
+</blockquote>
+<p>If you have Windows XP clients, you may want to reduce the MTU size. Add the  line, /sbin/ifconfig $1 mtu 1400, to /etc/ppp/ip-up as shown in the following list.</p>
+<blockquote>
+  <pre>[root@pptp ppp]# cat ip-up
+#!/bin/bash
+# This file should not be modified -- make local changes to
+# /etc/ppp/ip-up.local instead
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
+
+/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}
+
+[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
+
+<strong>/sbin/ifconfig $1 mtu 1400</strong>
+exit 0</pre>
+</blockquote>
+<p>The above example reduces the MTU size to 1400. In my environment, I found that XP will connect the VPN and ping all servers without problems, however, it cannot connect to the Microsoft Exchange server properly. Reduce the MTU size to 1400 fixed the problem.</p>
+<p>After fixing the files and permission, we can start pptpd and connect to it from remote client. To start it:</p>
+<blockquote>
+  <pre>[root@pptp ~]# chkconfig pptpd on<br><br>[root@pptp ~]# service pptpd start<br>Starting pptpd: [  OK  ]	 </pre>
+</blockquote>
+<p>That's all on the server side. </p>
+<p><strong>Note</strong>: The client PCs require special configurations. It will be discussed in <a href="poptop_ads_howto_11.htm">here</a>.</p>
+<hr>
+<a href="poptop_ads_howto_11.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_9.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp;</p>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_11.htm

@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>16. pptp Client Installation</strong></p>
+<p>I will only describe the Windows XP pptp client installation. For other operating system, please see the documents in <a href="http://poptop.sourceforge.net/dox/">here</a>. </p>
+<ul>
+  <li>Start -> Settings -> Control Panels -> Network Connections.</li>
+  <li>Click on &quot;Create a new connection&quot; on the left pane. </li>
+  <li>A Winzard starts. Click on Next.</li>
+  <li>Choose &quot;Connect to the network at my workplace&quot;. Next.</li>
+  <li> Choose &quot;Virtual Private Network Connection&quot;. Next.</li>
+  <li>Key in the company name. Next.</li>
+  <li>Choose &quot;Do not dial the initial connection&quot;. Next</li>
+  <li>Type in the external IP address of Hostname of the pptpd gateway. Next.</li>
+  <li>Choose &quot;Anyone's use&quot;. Next</li>
+  <li>Check the &quot;Add a shortcut to this connection to my desktop&quot;. Finish.</li>
+  <li>A  new icon appears on the Network Connections under the header Virtual Private Network. Right click on it and choose Properties.</li>
+  <li>Click on the Security tab. Check &quot;Advanced (custom settings)&quot; and then click  the Settings button.</li>
+  <li> Choose &quot;Maximum strength encryption (disconnect if server declines)&quot; on Data Encryption.</li>
+  <li>In the same tab, choose &quot;Allow these protocols&quot; and undo all except &quot;Microsoft CHAP Version 2 (MS-CHAP v2)&quot;. Click  OK and click OK again to close the window.</li>
+</ul>
+<p>That's all for a standard configuration. All traffic from the PC will pipe through the pptp tunnel except those for the local attached network segment. This is the recommended way of implementing VPN for security reasons.</p>
+<hr>
+<strong><a name="splittunnel"></a>16.1 Split Tunneling</strong>
+<p>Split Tunneling allows you to configure the network so that only selected traffic is directed to the VPN tunnel. For instance,   you want browsing  traffic to go to the Internet directly but corporate traffic goes via the VPN, then you will need split tunneling. It is also important if your ISP requires a heatbeat from your machine to keep the connection alive. </p>
+<p>While split tunneling provides convenience, it causes  security problems because <span name="intelliTxt" id="intelliTxt">it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. Check your company security policy before inplementing split tunneling. </span></p>
+<p>To set up split tunneling:</p>
+<ul>
+  <li>Right click on the icon which you created in section 15 and choose Properties.</li>
+  <li>Choose the Networking tab. Highligth the Internet Protocol (TCP/IP) and click on the Properties button.</li>
+  <li>Click on the Advanced Button and then deselect &quot;Use default gateway on remote network&quot;. Click OK. Click OK and then click OK.</li>
+</ul>
+<p>If you have a simple private network which has only one single segment, you have finished the configuration. Take a break and enjoy you day.</p>
+<p>If you have multiple subnets in the private network, there are still works to do. By not using the PPP as the default gateway, we introduce another problem. The PPP client will set up routing only to the subnet that is directly attached to the pptp gateway. Traffic will not route to the other subnets. In our test environment, you can only access 10.0.0.0 but not 172.16.0.0. To resolve this problem, I created a VBScript to add the extra routes. </p>
+<p>The VBScript is listed here: </p>
+<blockquote>
+  <pre>Option Explicit<br>Dim IP_Address<br>Dim TmpFile : TmpFile = &quot;c:\ip.txt&quot;<br>Dim route1
+
+<strong>route1 = &quot;route add 172.16.0.0 mask 255.255.255.0 &quot;</strong>
+
+SaveIP<br>IP_Address = GetIP()<br>route1 = route1 &amp; IP_Address<br>AddRoute
+
+Sub SaveIP<br>  Dim ws : Set ws = CreateObject(&quot;WScript.Shell&quot;)<br>  ws.run &quot;%comspec% /c ipconfig &gt; &quot; &amp; TmpFile, 0, True<br>  Set ws = Nothing<br>End Sub
+
+Function GetIP()<br>  Dim fso : Set fso = CreateObject(&quot;Scripting.FileSystemObject&quot;)<br>  Dim re : Set re = New RegExp<br>  re.Global = TRUE
+
+  Dim file, fileline, matches<br>  Dim pppsection : pppsection = FALSE
+
+  If fso.FileExists(TmpFile) Then<br>    Set file = fso.OpenTextFile(TmpFile)<br>
+    Do While Not file.AtEndOfStream<br>      fileline = file.ReadLine
+
+      If Not pppsection Then
+        If left(fileline,3) = "PPP" Then
+          pppsection = TRUE
+        End If
+      Else
+        re.Pattern = "IP Address[\. ]+: "
+        If re.Test(fileline) Then
+          matches = split(fileline,":")
+          GetIP = right(matches(1),len(matches(1))-1)
+        End If
+      End If
+
+    Loop<br>    file.Close<br>  End If
+
+  Set re = Nothing<br>  Set fso = Nothing<br>End Function
+
+Sub AddRoute<br>  Dim ws : Set ws = CreateObject(&quot;WScript.Shell&quot;)<br>  ws.run &quot;%comspec% /c &quot; &amp; route1, 0, True<br>  Set ws = Nothing<br>End Sub
+</pre>
+</blockquote>
+<p>Create the VBScript file somewhere in your PC and create a shortcut on the desktop. When the PPP connects, double click on the shortcut will add the route accordingly.</p>
+<p><strong>Note</strong>: you will need to modify the line in bold for your environment. </p>
+<hr>
+<a href="poptop_ads_howto_12.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_10.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a><p>&nbsp;</p>
+<p>&nbsp;</p>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_12.htm

@@ -0,0 +1,70 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>17. pptp Server Administration </strong></p>
+<p>This section covers a few tricks on pptp server management. It is far from a complete guide. Any suggestions are welcome.</p>
+<p>The packages <strong>psacct</strong> and <strong>SysVinit</strong> are required for the utilities used in here. They should be installed by default. If they are  not, please install them through yum.</p>
+<blockquote>
+  <pre>[root@pptp ~]# yum install psacct SysVinit </pre>
+</blockquote><p></p>
+<hr>
+<strong><a name="whoisonline"></a>17.1 Who is Online?</strong>
+<p>To check who is online, the &quot;last&quot; command is used:</p>
+<blockquote>
+  <pre>[root@pptp ~]# last | grep ppp | grep still
+James    ppp3         202.xx.xxx.xxx   Sat Nov 19 17:38   still logged in   <br>Andrew   ppp1         220.xxx.xxx.xx   Sat Nov 19 17:23   still logged in   <br>Mary     ppp2         1.2.3.4          Sat Nov 19 16:59   still logged in   <br>Sue      ppp0         202.xx.xxx.xxx   Sat Nov 19 16:43   still logged in   <br>Mark     ppp7         203.xxx.xxx.xxx  Sat Nov 19 14:59   still logged in</pre>
+</blockquote>
+<p><strong><em>last</em></strong> is from SysVinit. It reads the information from /var/log/wtmp. </p>
+<p><strong>Note:</strong> for <em><strong>last</strong></em> to work properly, the logwtmp option in the /etc/pptpd.conf must be enabled. If you are sure there are pptp connections but see no output from the above mentioned command, check the logwtmp option in the pptpd.conf file is enabled. </p>
+<hr>
+<strong><a name="accounting"></a>17.2 Accounting </strong>
+<p>The &quot;ac&quot; utility from package psacct will provide a report on the connection time.</p>
+<blockquote>
+  <pre>[root@pptp ~]# ac -d -p
+        Amy                                  3.77
+        George                               0.08
+        Mark                                 1.78
+        Richard                              0.35
+        Lee                                  3.66
+        Simon                                5.78
+        Nicole                               1.05
+Nov  1  total       16.46
+        Amy                                  2.43
+        Nicole                               8.61
+        Richard                              4.77
+        Mark                                 0.90
+        Lee                                  4.68
+        Keith                                1.84
+Nov  2  total       23.23</pre>
+</blockquote>
+<p>The <em><strong>ac</strong></em> command reads the information from /var/log/wtmp. It has a lot of options. Read the man page for details. </p>
+<p><strong>Note</strong>: <br>
+  1. 
+If you want the statistics from older version of wtmp, use the -f parameter in &quot;ac&quot; to specify the file. <br>
+2. If users use shell to log in the server as well, the ac will return the connection time of both pptp and shell connections.
+</p>
+<hr> 
+<strong><a name="disconnect"></a>17.3 Disconnect a User</strong>
+<p>To disconnect an active connection, you will have to kill the pppd process associate with it. Firstly, run the command in section 16.1 to find out the remote ip address of the user. Say you want to disconnect Mary, her ip address in the above example is 1.2.3.4. Then, find the PID of the pppd process.
+</p>
+<blockquote>
+  <pre>[root@pptp /]# ps -ef | grep 1.2.3.4 | grep pppd
+root   8672  8671  0 16:59 ?      00:00:00 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 
+                                               10.0.0.10:10.0.0.124 ipparam 1.2.3.4. 
+                                               plugin /usr/lib/pptpd/pptpd-logwtmp.so 
+                                               pptpd-original-ip 1.2.3.4</pre>
+</blockquote>
+<p>The second field of the output, 8672 in our example, is the PID of the pppd process. Kill the process will disconnect the user.</p>
+<blockquote>
+  <pre>[root@pptp /]# kill 8672</pre>
+</blockquote><br>
+<hr>
+<a href="poptop_ads_howto_a1.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_11.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_2.htm

@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><a name="test"></a><strong>4. The Test Environment</strong></p>
+<p>I have built a test environment as shown in the diagram. In the rest of the howto, the configurations of software are based on this topology. </p>
+<p><img src="diagram1.jpg"></p>
+<p>A Windows 2003 SP1 Server is set up as the AD domain controller, DNS server and WINS server. The pptp gateway is the Linux box which has 2 network cards. One connects to the internal network, 10.0.0.0/24, and the other one connects to the Internet with ip address 192.168.0.10/24. The internal network has two subnets, 10.0.0.0/24 and 172.16.0.0/24. </p>
+<p>The domain name of the Windows AD domain is EXAMPLENET.ORG and the corresponding netbios name is EXAMPLE. </p>
+<p><strong>Windows Domain Summary</strong>:</p>
+<table width="558" border="0">
+  <tr>
+    <td width="266">Domain Controller Name </td>
+    <td width="282">dc1.examplenet.org</td>
+  </tr>
+  <tr>
+    <td>Domain Controller IP Address </td>
+    <td>10.0.0.1</td>
+  </tr>
+  <tr>
+    <td>DNS IP Address </td>
+    <td>10.0.0.1</td>
+  </tr>
+  <tr>
+    <td>WINS IP Address </td>
+    <td>10.0.0.1</td>
+  </tr>
+  <tr>
+    <td>AD Domain Name </td>
+    <td>examplenet.org</td>
+  </tr>
+  <tr>
+    <td>AD Netbios Domain Name</td>
+    <td>example</td>
+  </tr>
+</table>
+
+</p>
+<hr>
+<a href="poptop_ads_howto_3.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a></body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_3.htm

@@ -0,0 +1,58 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+<style type="text/css">
+<!--
+.style1 {
+	font-family: "Courier New", Courier, mono;
+	font-size: 12px;
+}
+-->
+</style>
+</head>
+
+<body>
+<p><a name="network"><strong>5. Network Configuration </strong></a></p>
+<p>Microsoft AD depends heavily on DNS. You should have the DNS server working first. </p>
+<p>The pptp gateway should use the Active Directory DNS server instead of the one provided by your ISP. Otherwise, the gateway may have problems to locate the domain controller. Here is the /etc/resolv.conf in my test gateway. </p>
+<blockquote>
+<pre>search examplenet.org
+nameserver 10.0.0.1</pre>
+</blockquote><p></p>
+<hr>
+<a name="defaultroute"><strong>5.1 Default Gateway and Static Routes</strong></a>
+<p>The pptp gateway has two network cards. It is important that the default gateway is pointing to the Internet, your ISP router. Make sure that the internal network card does not have a default gateway address configured. Check the network card configuration files in /etc/sysconfig/network-scripts. </p>
+<p>In my test setup, eth0 is the internal card and eth1 is the external one. In the /etc/sysconfig/network-scripts/ifcfg-eth0, it does not have the line GATEWAY=&quot;x.x.x.x&quot;. In the ifcfg-eth1, it has an entry GATEWAY=&quot;x.x.x.x&quot; pointing to the ISP router ip address.</p>
+<p>My test internal network has multiple subnets, static routes are set up to direct traffic correctly. If you have a simple single segment internal network, you can skip the following step and go to <a href="#pforward">step 5.2</a>.</p>
+<p>To set up static routes in FC4, create a file static-routes in /etc/sysconfig directory. My static-routes file has one line: </p>
+<blockquote>
+  <pre>any net 172.16.0.0 netmask 255.255.255.0 dev eth0</pre>
+</blockquote>
+<p>The syntax of the line is important. The line must start with the word &quot;any&quot;.</p>
+<p>Check your routing table with the netstat command.</p>
+<blockquote>
+  <pre class="style1">[root@pptp sysconfig]# netstat -nr<br>Kernel IP routing table<br>Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
+192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1<br>172.16.0.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0<br>10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0<br>169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0<br>0.0.0.0         192.168.0.2     0.0.0.0         UG        0 0          0 eth1</pre>
+</blockquote>
+<p><hr>
+<strong><a name="pforward"></a>5.2 Enable Packet Forwarding</strong>
+<p>For ppp to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf with your favourite editor and change the line:</p>
+<blockquote>
+  <pre>net.ipv4.ip_forward = 0</pre><p></p>
+</blockquote>
+<p>to</p>
+<blockquote>
+  <pre>net.ipv4.ip_forward = 1 </pre>
+</blockquote>
+<p>The change will be effective on the next reboot. To enable it immediately:</p>
+<blockquote>
+  <pre>[root@pptp etc]# sysctl -p</pre>
+</blockquote><p></p>
+<hr>
+<a href="poptop_ads_howto_4.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_2.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+</body>
+
+</html>

html/poptop_ads_howto/poptop_ads_howto_4.htm

@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong><a name="mppe"></a>6. Install MPPE Kernel Module </strong></p>
+<p>Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. Fedora Core 5 and 6 kernel version on the CD are 2.6.15 and 2.6.18 respectively. That means you do not need to install the MPPE module as you have to for Fedora Core 4. Information for FC4 and MPPE is in <a href="poptop_ads_howto_a1.htm">Appendix A1 and A1.1</a>.</p>
+<p>To test if your kernel supports MPPE:</p>
+<blockquote>
+  <pre>[root@pptp ~]# modprobe ppp-compress-18 &amp;&amp; echo ok</pre>
+</blockquote>
+<p>It should resturn an &quot;ok&quot;.</p>
+<p><strong>Note:</strong> The latest kernel for Fedora Core 5/6 at the time of writing is 2.6.18.</p>
+<hr>
+<strong><a name="pppd_pptpd" id="pppd_pptpd"></a>7. pppd and  pptpd</strong>
+<p><a name="pppd"><strong>7.1 pppd </strong></a></p>
+<p>FC5 comes with ppp-2.4.3-6.2.1 and FC6 has ppp-2.4.4-1. MPPE support is already enabled.  If ppp is not installed, use<em> yum</em> to install it.</p>
+<blockquote>
+  <pre>[root@pptp ~]# yum install ppp</pre>
+</blockquote>
+<p><strong>Note</strong>: Information on how to update ppp module on FC4 is in <a href="poptop_ads_howto_a1.htm#pppd">Appendix A2</a>.</p>
+<hr>
+<a name="pptpd"></a><strong>7.2 Install pptpd</strong>
+<p>From <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a> download the pptpd rpm, pptpd-1.3.3-1.fc5.i386.rpm or pptpd-1.3.3-1.fc6.i386.rpm according to your Fedora version, and install it.</p>
+<blockquote>
+  <pre>[root@pptp ~]# rpm -ivh pptpd-1.3.3-1.*.i386.rpm</pre></blockquote>
+<p><strong>Note:</strong><br>
+The pptpd FC6 package is built against ppp-2.4.3 but FC6 has ppp-2.4.4. It prevents the tunnel to be established  and gives the following error message is in /var/log/message.</p>
+<blockquote>
+  <p>Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4 </p>
+</blockquote>
+<p>The workaround is to disable the logwtmp option in /etc/pptpd.conf.</p>
+<p>I have produced a patched RPM to address the problem. You may find a copy from <a href="http://rapidshare.com/files/11740134/pptpd-1.3.3-2.fc6.i386.rpm">here</a>.</p>
+<hr>
+<a href="poptop_ads_howto_5.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_3.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_5.htm

@@ -0,0 +1,71 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>8. Samba
+</strong></p>
+<p>FC5 comes with samba v3.0.21b and FC6 has version 3.0.32c. The current samba RPM version from <em>yum</em> at the time of writing for FC5 is v3.0.23c. It is highly recommended to use the latest version. </p>
+<p>The required RPM packages for samba in Fedora are <em>samba, samba-client, samba-common</em>.  Install through <em>yum</em> if any of them is missing. </p>
+<blockquote>
+  <pre>[root@pptp ~]# yum install samba samba-common samba-client</pre>
+</blockquote>
+<p><strong>Note: </strong>
+Information on Samba and FC4 can be found in <a href="poptop_ads_howto_a2.htm#samba">Appendix A3</a>.</p>
+<hr>
+<strong><a name="smbconf"></a>8.1 Configure Samba</strong>
+<p>No matter you choose to use winbind or freeradius to connect to Active Directory, you will have to configure samba properly. The configuration file of samba is in /etc/samba and is called smb.conf. The file should have at least the following lines. </p>
+<blockquote>
+  <pre>[global]
+# define the netbios name of the domain
+<strong>workgroup = EXAMPLE</strong>
+# define the pptp server netbios name
+<strong>netbios name = PPTPDSVR</strong>
+# define the AD domain name
+<strong>realm = EXAMPLENET.ORG</strong>
+# server description
+server string = pptpd Server
+# printer stuff
+printcap name = /etc/printcap
+load printers = no
+cups options = raw
+# log file stuff
+log file = /var/log/samba/%m.log
+max log size = 50
+# must set to ads
+<strong>security = ads</strong>                     
+# address of domain controller
+<strong>password server = 10.0.0.1</strong>
+# enable encrypt passwords
+<strong>encrypt passwords = yes</strong>
+# default socket options setting on older samba. It is not defined in v3.0.23c
+;socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+# not to be a master browser
+domain master = no 
+preferred master = no
+# address of the WINS server
+<strong>wins server = 10.0.0.1</strong>
+dns proxy = no
+# require this line to join the domain in older samba
+# I don't need this for samba v3.0.23
+<strong>;client use spnego = yes</strong>
+# winbind stuff
+<strong>idmap uid = 50001-550000
+idmap gid = 50001-550000
+winbind separator = +
+winbind nested groups = Yes
+winbind enum users=yes
+winbind enum groups=yes</strong>
+template shell = /bin/false
+winbind use default domain = no</pre>
+</blockquote>
+<p>The lines in bold are the important ones that you should pay attention to. Execute &quot;testparm&quot; to check the configuration. Correct any errors before proceeding to the next step.</p>
+<hr>
+<a href="poptop_ads_howto_6.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_4.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp; </p>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_7.htm

@@ -0,0 +1,96 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>11. pptpd and winbindd </strong></p>
+<p>The section covers how to configure pptpd + winbindd + AD. If you are working on the freeradius configuration, you may skip this section and go to the <a href="poptop_ads_howto_8.htm">next one</a>. </p>
+<p>Most of the hard work has been done in the previous sections. You are very close to the final stage.</p>
+<hr>
+<strong><a name="wbtest"></a>11.1 Enable and Test winbindd</strong>
+<p>Start samba and winbindd with the &quot;service&quot; command.</p>
+<blockquote>
+  <pre>[root@pptp ~]# service smb start<br>Starting SMB services: [  OK  ]<br>Starting NMB services: [  OK  ]
+[root@pptp ~]# service winbind start<br>Starting Winbind services: [  OK  ] </pre>
+</blockquote>
+<p>Winbind starts and spawns two threads. </p>
+<blockquote>
+  <pre>[root@pptp ~]# ps -ef | grep winbind | grep -v grep<br>root     18762     1  0 15:59 ?        00:00:00 winbindd<br>root     18763 18762  0 15:59 ?        00:00:00 winbindd</pre>
+</blockquote>
+<p>Wait a few minutes for winbindd to contact the domain controller. Then we can test if winbindd is working fine. If you see no error messages from the wbinfo command, you are in business. </p>
+<blockquote>
+  <pre>[root@acna-pptp etc]# wbinfo -t<br>checking the trust secret via RPC calls succeeded
+<br>[root@acna-pptp etc]# wbinfo -u<br>EXAMPLE+Administrator<br>EXAMPLE+Guest<br>EXAMPLE+SUPPORT_388945a0<br>EXAMPLE+DC1$<br>EXAMPLE+krbtgt<br>EXAMPLE+skwok<br>EXAMPLE+ldapuser<br>EXAMPLE+pptpdsvr$ 
+</pre>
+</blockquote>
+<p>To enable samba and winbind on bootup, use the chkconfig command.</p>
+<blockquote>
+  <pre>[root@pptp ~]# chkconfig winbind on
+[root@pptp ~]# chkconfig smb on </pre>
+</blockquote><p></p>
+<hr>
+<strong><a name="pptpconf"></a>11.2 Configure pptpd </strong>
+<p>There are two configuration files for pptpd. The first one is /etc/pptpd.conf. You can very much keep it as it is except the ip address range for the ppp connections. Edit the file and add two lines at the bottom to specify the local ip address and the ip address pool for the remote connections. </p>
+<blockquote>
+  <pre>localip 10.0.0.10<br>remoteip 10.0.0.101-200 </pre>
+</blockquote>
+<p>10.0.0.10 is the ip address of the internal network card eth0. The remoteip is the address pool for the remote connections. If you are running FC6, please refer to <a href="poptop_ads_howto_4.htm#pptpd">Section 7.2</a> for details on the logwtmp option. </p>
+<p>Please note that pptpd by default has a 100 connections limit. You can override it by the &quot;connections&quot; parameter in the pptp.conf file. Read the remarks in the file. </p>
+<p>The second configuration file is /etc/ppp/options.pptpd. I stripped off all remarks from my options.pptpd and it is like this:</p>
+<blockquote>
+  <pre>name pptpd
+refuse-pap<br>refuse-chap<br>refuse-mschap<br>require-mschap-v2<br>require-mppe-128
+ms-dns 10.0.0.1
+ms-wins 10.0.0.1
+proxyarp
+lock
+nobsdcomp
+novj
+novjccomp
+nologfd
+auth
+nodefaultroute
+plugin winbind.so
+ntlm_auth-helper &quot;/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1&quot;</pre>
+</blockquote>
+<p>If you have Windows XP clients, you may want to reduce the MTU size. Add the  line, /sbin/ifconfig $1 mtu 1400, to /etc/ppp/ip-up as shown in the following list.</p>
+<blockquote>
+  <pre>[root@pptp ppp]# cat ip-up
+#!/bin/bash
+# This file should not be modified -- make local changes to
+# /etc/ppp/ip-up.local instead
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+LOGDEVICE=$6
+REALDEVICE=$1
+
+[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/ifup-post ifcfg-${LOGDEVICE}
+
+/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}
+
+[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
+
+<strong>/sbin/ifconfig $1 mtu 1400</strong>
+exit 0</pre>
+</blockquote>
+<p>The above example reduces the MTU size to 1400. In my environment, I found that XP will connect the VPN and ping all servers without problems, however, it cannot connect to the Microsoft Exchange server properly. Reduce the MTU size to 1400 fixed the problem.</p>
+<p>After fixing the files, we can start pptpd and connect to it from remote client. To start it:</p>
+<blockquote>
+  <pre>[root@pptp ~]# chkconfig pptpd on<br><br>[root@pptp ~]# service pptpd start<br>Starting pptpd: [  OK  ]</pre>
+</blockquote><p></p>
+<hr>
+<strong><a name="access"></a>11.3 PPTP Access Control </strong>
+<p>The above configuration allows everyone with a valid userID in the AD to connect to the pptpd server. If you want to restrict access to a group of users, you can create a group, say VPN_Allowed, in the AD. Add users to the group and modify the ntml_auth-helper line in the  /etc/ppp/options.pptpd:</p>
+<blockquote>
+  <pre>ntlm_auth-helper &quot;/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 <span class="790285904-18102005">--require-membership-of=EXAMPLE+VPN-Allowed</span>&quot; </pre>
+</blockquote>
+<p>That's all on the server side. If winbind works for you, you can proceed to configure the client. The client PCs require special configurations and is discussed in <a href="poptop_ads_howto_11.htm">here</a>.</p>
+<hr>
+<a href="poptop_ads_howto_8.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_6.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a></body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_9.htm

@@ -0,0 +1,52 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>14. Freeradius</strong></p>
+<p>Freeradius has a massive 57KB configuration file. Fortunately, we only have to change a few lines. </p>
+<hr>
+<a name="mschap2"></a><strong>14.1 Configure Freeradius for MSCHAPv2
+</strong>
+<p>Edit /etc/raddb/radiusd.conf to enable MSCAHP2. Open the file and locate the module section and then the mschap subsection.</p>
+<blockquote>
+  <pre>modules {<br>
+        ....[snip]....<br>
+        mschap {
+                authtype = MS-CHAP
+                use_mppe = yes
+                require_encryption = yes
+                require_strong = yes
+                ntlm_auth = &quot;/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}&quot;<br>        }<br>
+        ....[snip]....<br>
+}</pre>
+</blockquote>
+<p>The mschap option in the authorize and authenticate sections is enabled by default. If they are not, enable them accordingly. Save the file. </p>
+<p>The radius server has a secret key for security. The default key for freeradius is testing123. It is a good idea to change it for obvious security reasons. The key is in /etc/raddb/clients.conf. </p>
+<blockquote>
+  <pre>client 127.0.0.1 {<br>        #<br>        #  The shared secret use to &quot;encrypt&quot; and &quot;sign&quot; packets between<br>        #  the NAS and FreeRADIUS.  You MUST change this secret from the<br>        #  default, otherwise it's not a secret any more!<br>        #<br>        #  The secret can be any string, up to 32 characters in length.<br>        #<br>        secret          = testing123 
+
+        ....[snip]....
+</pre>
+</blockquote>
+<p><strong>Note</strong>: if you change the secret key, you must modify the /etc/radiusclient/servers so that they match each other.
+</p>
+<hr>
+<p><strong><a name="access"></a>14.2 PPTP Access Control </strong></p>
+<p>The above configuration allows everyone with a valid userID in the AD to connect to the pptpd server. If you want to restrict access to a group of users, you can create a group, say VPN_Allowed, in the AD. Add users to the group and modify the ntml_auth line in /etc/raddb/radius.conf to include the parameter &quot;--require-membership-of=EXAMPLE+VPN_Allowed&quot;. </p>
+<p>In the example, I split the line into multiple lines for clarity. It should be one continuous line in the configuration file. </p>
+<blockquote>
+  <pre>ntlm_auth = &quot;/usr/bin/ntlm_auth --request-nt-key 
+                  --username=%{Stripped-User-Name:-%{User-Name:-None}} 
+                  --challenge=%{mschap:Challenge:-00} 
+                  --nt-response=%{mschap:NT-Response:-00} 
+                  --require-membership-of=EXAMPLE+VPN_Allowed&quot;</pre>
+</blockquote><p></p>
+<hr>
+<a href="poptop_ads_howto_10.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_8.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a><p>&nbsp;  </p>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_a1.htm

@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>APPENDIX</strong></p>
+<p><strong><a name="mppe"></a>A1. Install MPPE Kernel Module on Fedora Core 4</strong><br> 
+  (last update: 6 March 2006) </p>
+<p>MPPE support is required for MSCHAPv2. Depending on the kernel version, you may or may not require to perform this step. Kernel version 2.6.15 or above has MPPE built-in. If you are using the latest FC4 2.6.15 kernel, you can go to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 7</a> now. If you are using an older kernel  which  does not support MPPE, you will have to add this feature to it. </p>
+<p>To test if your kernel supports MPPE:</p>
+<blockquote>
+  <pre>[root@pptp ~]# modprobe ppp-compress-18 &amp;&amp; echo ok</pre>
+</blockquote>
+<p>If it returns an &quot;ok&quot;, you can safely skip this step and move to <a href="poptop_ads_howto_4.htm#pppd_pptpd">Step 7</a>. If you see &quot;FATAL: Module ppp_mppe not found.&quot;, install MPPE support as described in the following procedure:</p>
+<p>  Download the MPPE module builder in rpm format from <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a>. The required RPMs are::</p>
+<blockquote>
+  <pre>dkms-2.0.6-1.noarch.rpm
+kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm</pre>
+</blockquote>
+<p>Install them with command &quot;rpm -ivh&quot;.</p>
+<blockquote>
+  <pre>[root@pptp ~]# rpm -ivh dkms-2.0.6-1.noarch.rpm
+[root@pptp ~]# rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm </pre>
+</blockquote>
+<p>If you upgrade your kernel to 2.6.13 or above, kernel_ppp_mppe version 1.0.2 or above must be used. Otherwise, the pptp tunnel will not connect and you will see error message &quot;This system lacks kernel support for PPP.&quot; in /var/log/messages.</p>
+<dt><strong>Note:</strong></dt>
+<dd>(1) Fedora Extra provides also a dkms rpm, dkms-2.0.6-3.fc4.noarch.rpm. I have not tested it. You may want to use the one I mentioned above to make sure the installation will work. </dd>
+<br><hr>
+<strong><a name="autoinstaller"></a>A1.1 Kernel Upgrade and dkms_autoinstaller</strong><br>
+(last update: 6 March 2006)
+<p>If you upgrade your kernel after installing dkms, thanks to the dkms_autoinstaller service, you will not have to worry about the dkms kernel module. dkms_autoinstaller runs on every bootup. It checks  the dkms module to ensure it match the kernel version. If a mismatch is found, it will create a proper one for the boot kernel. </p>
+<p>For dkms_autoinstaller to work, you will need the correct kernel-devel version installed in your system. It is always a good idea to install the kernel-devel rpm alongside with your new kernel.</p>
+<hr>
+<a name="pppd"><strong>A2. Upgrade pppd on Fedora Core 4 </strong></a><br>
+(last update 6 March 2006)
+<p>FC4 comes with ppp-2.4.2-7. It is required to be upgraded to a patched version which supports MPPE. The patched version can be found in <a href="http://sourceforge.net/project/showfiles.php?group_id=44827">here</a>. Download the rpm for FC4. At the time of writing, the latest version is 2.4.3-5. Get the FC4 rpm: </p>
+<blockquote>
+  <pre>ppp-2.4.3-5.fc4.i386.rpm</pre>
+</blockquote>
+<p>Upgrade the ppp with the downloaded version:</p>
+<blockquote>
+  <pre>[root@pptp ~]# rpm -Uvh ppp-2.4.3-5.fc4.i386.rpm</pre>
+</blockquote>
+<p><strong>Note</strong>: If you are a Gentoo user, and are using kernel v2.6.15, the ppp-2.4.3-5 does NOT work because of MPPC. You may find more information from <a href="http://kernel-bugs.osdl.org/show_bug.cgi?id=5827">here</a>.</p>
+<hr>
+<a href="poptop_ads_howto_a2.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_a1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+</body>
+</html>

html/poptop_ads_howto/poptop_ads_howto_a2.htm

@@ -0,0 +1,38 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<title>Poptop MSCHAP2 ADS Howto</title>
+</head>
+
+<body>
+<p><strong>A3. Samba for Fedora Core 4<br>
+  </strong>(last update: 6 March 2006)</p>
+<p>FC4 comes with samba v3.0.14a. The samba project released v3.0.20 on 20 August 2005. Here is a quote from the v3.0.20 release note about winbind.</p>
+<blockquote>
+  <p>-- quote --<br>
+    Winbindd has been completely rewritten in this release to support
+an almost completely non-blocking, asynchronous request/reply
+model.  This means that winbindd will scale much better in 
+large domain environments and on high latency networks.<br>
+-- quote --
+  </p>
+</blockquote>
+<p>It is highly recommended to upgrade samba to v3.0.20 or above. The latest samba v3.0.21c rpms for FC4 can be found in <a href="http://us5.samba.org/samba/ftp/Binary_Packages/Fedora/RPMS/i386/core/4/">here</a>. Download a copy and then update samba with command &quot;rpm -Uvh samba*.rpm&quot;. </p>
+<p><strong>Note: </strong>
+Samba v3.0.21 has a bug on the oplock code. Avoid this version. Use v3.0.21a or above. </p>
+<hr>
+<a name="fc4freeradius"></a><strong>A4. Software for Radius Setup on Fedora Core 4</strong><br>
+(last update: 1 February 2006)
+<p>In additional to the software we installed in the previous sections, we need two more. Freeradius is one of them. FC4 comes with freeradius-1.0.2-2 but it is broken. At the time of writing, the latest one is freeradius-1.0.4-1.FC4.1. Get it from <em>yum</em> as it has quite a few dependences. <em>yum</em> will resolve all required dependences automagically.</p>
+<blockquote>
+  <pre>[root@pptp ~]# yum install freeradius</pre>
+</blockquote>
+<p>The second software you will need is radiusclient. Get the FC4 rpm, radiusclient-0.3.2-0.2.fc4.rf.i386.rpm, from <a href="http://rpmforge.net/user/packages/radiusclient/">RPMforge</a>. Install it with &quot;rpm -ivh&quot;.</p>
+
+<hr>
+<a href="poptop_ads_howto_a1.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
+<p>&nbsp; </p>
+</body>
+</html>

html/poptop_ads_howto/test.txt

@@ -0,0 +1 @@
+test

html/setup_pptp_client.html

@@ -0,0 +1,89 @@
+<HTML>
+<HEAD>
+<TITLE>Setting up a Linux PPTP Client with WinNT PPTP Server</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF">
+<H1>Setting up the Linux PPTP 1.0.2 client (and PPP 2.3.5) with Windows NT PPTP Server</H1>
+
+<HR>
+<A NAME="aboutsys"></A>
+<H2>About the systems</H2>
+<P>
+This document assumes the following:
+<ul>
+<li>remote machine name = orge
+<li>domain remote machine belongs to = gnoll
+<li>username on remote machine = billybob
+<li>password for billybob = bobbybill
+</ul>
+We want to connect our local machine to the remote machine using PPTP. The
+remote machine is a <I>Windows NT</I> box while our local machine is a
+<I>Linux box</I>.
+</P>
+
+<HR>
+
+<A NAME="chapsecrets"></A>
+<H2>PPP chap-secrets file</H2>
+<P>
+Find the <I>chap-secrets</I> file which should be in <I>/etc/ppp/</I>. This
+file should look like this:
+</P>
+<P>
+<TABLE>
+<TR><TD># chap-secrets</TD></TR><TR>
+<TD># client</TD><TD>server</TD><TD>secret</TD><TD>IP adresses</TD></TR><TR>
+<TD>gnoll\\billybob</TD><TD>orge</TD><TD>bobbybill</TD><TD></TD></TR>
+</TABLE>
+</P>
+
+<HR>
+<A NAME="debugging"></A>
+<H2>Setting up PPP debugging</H2>
+<P>
+PPP debugging is handled by <I>syslogd</I>. To setup debugging open
+<I>syslog.conf</I> which should be found in <I>/etc/</I> and add the following
+entry:
+</P>
+<P>
+<B>daemon.debug /var/log/pppd.log</B>
+</P>
+
+<HR>
+<A NAME="launchpptp"></A>
+<H2>Launching PPTP</H2>
+<P>
+The following command is issued on the linux box to connect to the remote NT
+machine.
+</P>
+<P>
+<B>pptp orge debug name gnoll\\billybob remotename orge</B>
+</P>
+
+<HR>
+<A NAME="errors"></A>
+<H2>Errors</H2>
+<P>
+<B>E=691</B><BR>
+This error occurs when you supply an incorrect username/password to the remote
+NT machine. Check the chap-secrets file and the command line where PPTP is
+launched.
+</P>
+
+<HR>
+<A NAME="testing"></A>
+<H2>Testing</H2>
+<P>
+<ul>
+<li> run 'ifconfig' and check that a ppp0 interface exists
+<li> find P-t-P: xxx.xxx.xxx.xxx from the output of ifconfig
+<li> run 'netstat -i' and record the RX-OK and TX-OK values for ppp0
+<li> type 'ping xxx.xxx.xxx.xxx'
+<li> run 'netstat -i' again and see if the values for RX and TX increased.. if yes then it would appear to be working ok....... in theory anyway.
+</ul>
+
+<HR>
+<A HREF="http://www.moretonbay.com/vpn/pptp.html">PoPToP Home Page</a>
+</BODY>
+</HTML>
+

install-sh

@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-d) dir_arg=true
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
+	    shift
+	    continue;;
+
+	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		# this colon is to work around a 386BSD /bin/sh bug
+		:
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:	no input file specified"
+	exit 1
+else
+	true
+fi
+
+if [ x"$dir_arg" != x ]; then
+	dst=$src
+	src=""
+	
+	if [ -d $dst ]; then
+		instcmd=:
+		chmodcmd=""
+	else
+		instcmd=mkdir
+	fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad 
+# if $src (and thus $dsttmp) contains '*'.
+
+	if [ -f $src -o -d $src ]
+	then
+		true
+	else
+		echo "install:  $src does not exist"
+		exit 1
+	fi
+	
+	if [ x"$dst" = x ]
+	then
+		echo "install:	no destination specified"
+		exit 1
+	else
+		true
+	fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+	if [ -d $dst ]
+	then
+		dst="$dst"/`basename $src`
+	else
+		true
+	fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+#  this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='	
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+	pathcomp="${pathcomp}${1}"
+	shift
+
+	if [ ! -d "${pathcomp}" ] ;
+        then
+		$mkdirprog "${pathcomp}"
+	else
+		true
+	fi
+
+	pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+	$doit $instcmd $dst &&
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+	if [ x"$transformarg" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		dstfile=`basename $dst $transformbasename | 
+			sed $transformarg`$transformbasename
+	fi
+
+# don't allow the sed command to completely eliminate the filename
+
+	if [ x"$dstfile" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		true
+	fi
+
+# Make a temp file name in the proper directory.
+
+	dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+	$doit $instcmd $src $dsttmp &&
+
+	trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing.  If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+	$doit $rmcmd -f $dstdir/$dstfile &&
+	$doit $mvcmd $dsttmp $dstdir/$dstfile 
+
+fi &&
+
+
+exit 0

inststr.c

@@ -0,0 +1,51 @@
+/*
+ * inststr.c
+ *
+ * Little function to change the name of a process
+ *
+ * Originally from C. S. Ananian's pptpclient
+ *
+ * $Id: inststr.c,v 1.2 2004/04/22 10:48:16 quozl Exp $
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef HAVE_SETPROCTITLE
+#include "inststr.h"
+#include "compat.h"
+#include <string.h>
+
+void inststr(int argc, char **argv, char *src)
+{
+	if (strlen(src) <= strlen(argv[0])) {
+		char *ptr, **pptr;
+
+		for (ptr = argv[0]; *ptr; *(ptr++) = '\0')
+			;
+		strcpy(argv[0], src);
+		for (pptr = argv + 1; *pptr; pptr++)
+			for (ptr = *pptr; *ptr; *(ptr++) = '\0')
+				;
+	} else {
+		/* Originally from the source to perl 4.036 (assigning to $0) */
+		char *ptr, *ptr2;
+		int count;
+
+		ptr = argv[0] + strlen(argv[0]);
+		for (count = 1; count < argc; count++) {
+			if (argv[count] == ptr + 1) {
+				ptr++;
+				ptr += strlen(ptr);
+			}
+		}
+		count = 0;
+		for (ptr2 = argv[0]; ptr2 <= ptr; ptr2++) {
+			*ptr2 = '\0';
+			count++;
+		}
+		strlcpy(argv[0], src, count);
+	}
+}
+#endif	/* !HAVE_SETPROCTITLE */

inststr.h

@@ -0,0 +1,17 @@
+/*
+ * inststr.h
+ *
+ * Change process title
+ * From code by C. S. Ananian
+ *
+ * $Id: inststr.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_INSTSTR_H
+#define _PPTPD_INSTSTR_H
+
+#ifndef HAVE_SETPROCTITLE
+void inststr(int argc, char **argv, char *src);
+#endif
+
+#endif	/* !_PPTPD_INSTSTR_H */

makepackage

@@ -0,0 +1,36 @@
+#!/bin/bash
+# given source tree build .tar.gz and package for distribution on this host
+
+os=$(uname)
+if [ -f /etc/redhat-release ]; then
+   DISTRO="RedHat"
+   DVER=$(cat /etc/redhat-release | cut -d " " -f5-)
+elif [ -f /etc/SuSE-release ]; then
+   DISTRO="SuSE"
+   DVER=$(cat /etc/SuSE-release | head -n1 | cut -d " " -f3)
+elif [ -f /etc/debian_version ]; then
+   DISTRO="Debian"
+   DVER=$(cat /etc/debian_version)
+else
+   DISTRO=$os
+fi
+
+version=$(./version)
+
+if [ "$DISTRO" == "RedHat" ]; then
+ mkdir -p /tmp/pptpd-$version
+ cp -ar * /tmp/pptpd-$version/
+ cd /tmp
+ tar -czf /usr/src/redhat/SOURCES/pptpd-$version.tar.gz pptpd-$version
+ cd -
+ rpmbuild -ba pptpd.spec
+elif [ "$DISTRO" == "Debian" ]; then
+ DPKG_BP=`which dpkg-buildpackage 2>/dev/null`
+ if [ -z "$DPKG_BP" ]; then
+  echo "dpkg-buildpackage not installed. Do: apt-get install dpkg-dev"
+  exit 1
+ fi
+ $DPKG_BP -rfakeroot
+else
+ echo "No packagebuilder implemented yet."
+fi

missing

@@ -0,0 +1,360 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2005-06-08.21
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
+#   Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case "$1" in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).
+case "$1" in
+  lex|yacc)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case "$1" in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case "$f" in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
+    test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison|yacc)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f y.tab.h ]; then
+	echo >y.tab.h
+    fi
+    if [ ! -f y.tab.c ]; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex|flex)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f lex.yy.c ]; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+	file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
+    fi
+    if [ -f "$file" ]; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit 1
+    fi
+    ;;
+
+  makeinfo)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case "$firstarg" in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case "$firstarg" in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:

mkinstalldirs

@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id: mkinstalldirs,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+
+errstatus=0
+
+for file
+do
+   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+   shift
+
+   pathcomp=
+   for d
+   do
+     pathcomp="$pathcomp$d"
+     case "$pathcomp" in
+       -* ) pathcomp=./$pathcomp ;;
+     esac
+
+     if test ! -d "$pathcomp"; then
+        echo "mkdir $pathcomp"
+
+        mkdir "$pathcomp" || lasterr=$?
+
+        if test ! -d "$pathcomp"; then
+  	  errstatus=$lasterr
+        fi
+     fi
+
+     pathcomp="$pathcomp/"
+   done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here

our_getopt.h

@@ -0,0 +1,177 @@
+/*
+ * our_getopt.h
+ *
+ * Header file for the getopt_long deprived.
+ *
+ * $Id: our_getopt.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ */
+
+/* Declarations for getopt.
+   Copyright (C) 1989,90,91,92,93,94,96,97,98 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#ifndef _GETOPT_H
+
+#ifndef __need_getopt
+# define _GETOPT_H 1
+#endif
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/* For communication from `getopt' to the caller.
+   When `getopt' finds an option that takes an argument,
+   the argument value is returned here.
+   Also, when `ordering' is RETURN_IN_ORDER,
+   each non-option ARGV-element is returned here.  */
+
+extern char *optarg;
+
+/* Index in ARGV of the next element to be scanned.
+   This is used for communication to and from the caller
+   and for communication between successive calls to `getopt'.
+
+   On entry to `getopt', zero means this is the first call; initialize.
+
+   When `getopt' returns -1, this is the index of the first of the
+   non-option elements that the caller should itself scan.
+
+   Otherwise, `optind' communicates from one call to the next
+   how much of ARGV has been scanned so far.  */
+
+extern int optind;
+
+/* Callers store zero here to inhibit the error message `getopt' prints
+   for unrecognized options.  */
+
+extern int opterr;
+
+/* Set to an option character which was unrecognized.  */
+
+extern int optopt;
+
+#ifndef __need_getopt
+/* Describe the long-named options requested by the application.
+   The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
+   of `struct option' terminated by an element containing a name which is
+   zero.
+
+   The field `has_arg' is:
+   no_argument		(or 0) if the option does not take an argument,
+   required_argument	(or 1) if the option requires an argument,
+   optional_argument 	(or 2) if the option takes an optional argument.
+
+   If the field `flag' is not NULL, it points to a variable that is set
+   to the value given in the field `val' when the option is found, but
+   left unchanged if the option is not found.
+
+   To have a long-named option do something other than set an `int' to
+   a compiled-in constant, such as set a value from `optarg', set the
+   option's `flag' field to zero and its `val' field to a nonzero
+   value (the equivalent single-letter option character, if there is
+   one).  For long options that have a zero `flag' field, `getopt'
+   returns the contents of the `val' field.  */
+
+struct option
+{
+# if defined __STDC__ && __STDC__
+  const char *name;
+# else
+  char *name;
+# endif
+  /* has_arg can't be an enum because some compilers complain about
+     type mismatches in all the code that assumes it is an int.  */
+  int has_arg;
+  int *flag;
+  int val;
+};
+
+/* Names for the values of the `has_arg' field of `struct option'.  */
+
+# define no_argument		0
+# define required_argument	1
+# define optional_argument	2
+#endif	/* need getopt */
+
+
+/* Get definitions and prototypes for functions to process the
+   arguments in ARGV (ARGC of them, minus the program name) for
+   options given in OPTS.
+
+   Return the option character from OPTS just read.  Return -1 when
+   there are no more options.  For unrecognized options, or options
+   missing arguments, `optopt' is set to the option letter, and '?' is
+   returned.
+
+   The OPTS string is a list of characters which are recognized option
+   letters, optionally followed by colons, specifying that that letter
+   takes an argument, to be placed in `optarg'.
+
+   If a letter in OPTS is followed by two colons, its argument is
+   optional.  This behavior is specific to the GNU `getopt'.
+
+   The argument `--' causes premature termination of argument
+   scanning, explicitly telling `getopt' that there are no more
+   options.
+
+   If OPTS begins with `--', then non-option arguments are treated as
+   arguments to the option '\0'.  This behavior is specific to the GNU
+   `getopt'.  */
+
+#if defined __STDC__ && __STDC__
+# ifdef __GNU_LIBRARY__
+/* Many other libraries have conflicting prototypes for getopt, with
+   differences in the consts, in stdlib.h.  To avoid compilation
+   errors, only prototype getopt for the GNU C library.  */
+extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
+# else /* not __GNU_LIBRARY__ */
+extern int getopt ();
+# endif /* __GNU_LIBRARY__ */
+
+# ifndef __need_getopt
+extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
+		        const struct option *__longopts, int *__longind);
+extern int getopt_long_only (int __argc, char *const *__argv,
+			     const char *__shortopts,
+		             const struct option *__longopts, int *__longind);
+
+/* Internal only.  Users should not call this directly.  */
+extern int _getopt_internal (int __argc, char *const *__argv,
+			     const char *__shortopts,
+		             const struct option *__longopts, int *__longind,
+			     int __long_only);
+# endif
+#else /* not __STDC__ */
+extern int getopt ();
+# ifndef __need_getopt
+extern int getopt_long ();
+extern int getopt_long_only ();
+
+extern int _getopt_internal ();
+# endif
+#endif /* __STDC__ */
+
+#ifdef	__cplusplus
+}
+#endif
+
+/* Make sure we later can get all the definitions and declarations.  */
+#undef __need_getopt
+
+#endif /* getopt.h */

our_syslog.h

@@ -0,0 +1,44 @@
+/*
+ * our_syslog.h
+ *
+ * Syslog replacement functions
+ *
+ * $Id: our_syslog.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_SYSLOG_H
+#define _PPTPD_SYSLOG_H
+
+/*
+ *	only enable this if you are debugging and running by hand
+ *	If init runs us you may not have an fd-2,  and thus your write all over
+ *	someones FD and the die :-(
+ */
+#undef USE_STDERR
+
+#ifdef USE_STDERR
+
+/*
+ *	Send all errors to stderr
+ */
+
+#define openlog(a,b,c) ({})
+#define syslog(a,b,c...) ({fprintf(stderr, "pptpd syslog: " b "\n" , ## c);})
+#define closelog() ({})
+
+#define syslog_perror	perror
+
+#else
+
+/*
+ * Send all errors to syslog
+ */
+
+#include <errno.h>
+#include <syslog.h>
+
+#define syslog_perror(s)	syslog(LOG_ERR, "%s: %s", s, strerror(errno))
+
+#endif
+
+#endif	/* !_PPTPD_SYSLOG_H */

plugins/Makefile

@@ -0,0 +1,34 @@
+CC	= gcc
+COPTS	= -O2 -g
+CFLAGS	= $(COPTS) -I.. -I../../include -fPIC
+LDFLAGS	= -shared
+LDADD   = -lutil
+INSTALL	= install -o root
+prefix  = /usr/local
+
+PLUGINS = pptpd-logwtmp.so
+
+# include dependencies if present
+ifeq (.depend,$(wildcard .depend))
+include .depend
+endif
+
+all:	$(PLUGINS)
+
+%.so: %.c
+	$(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ $(LDADD)
+
+LIBDIR	?= $(DESTDIR)$(prefix)/lib/pptpd
+
+install: $(PLUGINS)
+	$(INSTALL) -d $(LIBDIR)
+	$(INSTALL) $? $(LIBDIR)
+
+uninstall:
+	rm -f $(LIBDIR)$(PLUGINS)
+
+clean:
+	rm -f *.o *.so *.a
+
+depend:
+	$(CPP) -M $(CFLAGS) *.c >.depend

plugins/patchlevel.h

@@ -0,0 +1,5 @@
+/* upstream patchlevel.h,v 1.60 2004/01/13 04:46:52 paulus Exp */
+/* $Id: patchlevel.h,v 1.4 2005/02/24 01:25:34 quozl Exp $ */
+
+#define VERSION		"2.4.3"
+#define DATE		"13 Jan 2004"

plugins/pppd.h

@@ -0,0 +1,882 @@
+/*
+ * pppd.h - PPP daemon global declarations.
+ *
+ * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The name "Carnegie Mellon University" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For permission or any legal
+ *    details, please contact
+ *      Office of Technology Transfer
+ *      Carnegie Mellon University
+ *      5000 Forbes Avenue
+ *      Pittsburgh, PA  15213-3890
+ *      (412) 268-4387, fax: (412) 268-7395
+ *      tech-transfer@andrew.cmu.edu
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by Computing Services
+ *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * upstream pppd.h,v 1.82 2003/04/07 00:01:46 paulus Exp
+ * $Id: pppd.h,v 1.1 2004/04/28 11:36:07 quozl Exp $
+ */
+
+/*
+ * TODO:
+ */
+
+#ifndef __PPPD_H__
+#define __PPPD_H__
+
+#include <stdio.h>		/* for FILE */
+#include <limits.h>		/* for NGROUPS_MAX */
+#include <sys/param.h>		/* for MAXPATHLEN and BSD4_4, if defined */
+#include <sys/types.h>		/* for u_int32_t, if defined */
+#include <sys/time.h>		/* for struct timeval */
+#include <net/ppp_defs.h>
+#include "patchlevel.h"
+
+#if defined(__STDC__)
+#include <stdarg.h>
+#define __V(x)	x
+#else
+#include <varargs.h>
+#define __V(x)	(va_alist) va_dcl
+#define const
+#define volatile
+#endif
+
+#ifdef INET6
+#include "eui64.h"
+#endif
+
+/*
+ * Limits.
+ */
+
+#define NUM_PPP		1	/* One PPP interface supported (per process) */
+#define MAXWORDLEN	1024	/* max length of word in file (incl null) */
+#define MAXARGS		1	/* max # args to a command */
+#define MAXNAMELEN	256	/* max length of hostname or name for auth */
+#define MAXSECRETLEN	256	/* max length of password or secret */
+
+/*
+ * Option descriptor structure.
+ */
+
+typedef unsigned char	bool;
+
+enum opt_type {
+	o_special_noarg = 0,
+	o_special = 1,
+	o_bool,
+	o_int,
+	o_uint32,
+	o_string,
+	o_wild
+};
+
+typedef struct {
+	char	*name;		/* name of the option */
+	enum opt_type type;
+	void	*addr;
+	char	*description;
+	unsigned int flags;
+	void	*addr2;
+	int	upper_limit;
+	int	lower_limit;
+	const char *source;
+	short int priority;
+	short int winner;
+} option_t;
+
+/* Values for flags */
+#define OPT_VALUE	0xff	/* mask for presupplied value */
+#define OPT_HEX		0x100	/* int option is in hex */
+#define OPT_NOARG	0x200	/* option doesn't take argument */
+#define OPT_OR		0x400	/* OR in argument to value */
+#define OPT_INC		0x800	/* increment value */
+#define OPT_A2OR	0x800	/* for o_bool, OR arg to *(u_char *)addr2 */
+#define OPT_PRIV	0x1000	/* privileged option */
+#define OPT_STATIC	0x2000	/* string option goes into static array */
+#define OPT_LLIMIT	0x4000	/* check value against lower limit */
+#define OPT_ULIMIT	0x8000	/* check value against upper limit */
+#define OPT_LIMITS	(OPT_LLIMIT|OPT_ULIMIT)
+#define OPT_ZEROOK	0x10000	/* 0 value is OK even if not within limits */
+#define OPT_HIDE	0x10000	/* for o_string, print value as ?????? */
+#define OPT_A2LIST	0x10000 /* for o_special, keep list of values */
+#define OPT_A2CLRB	0x10000 /* o_bool, clr val bits in *(u_char *)addr2 */
+#define OPT_NOINCR	0x20000	/* value mustn't be increased */
+#define OPT_ZEROINF	0x40000	/* with OPT_NOINCR, 0 == infinity */
+#define OPT_PRIO	0x80000	/* process option priorities for this option */
+#define OPT_PRIOSUB	0x100000 /* subsidiary member of priority group */
+#define OPT_ALIAS	0x200000 /* option is alias for previous option */
+#define OPT_A2COPY	0x400000 /* addr2 -> second location to rcv value */
+#define OPT_ENABLE	0x800000 /* use *addr2 as enable for option */
+#define OPT_A2CLR	0x1000000 /* clear *(bool *)addr2 */
+#define OPT_PRIVFIX	0x2000000 /* user can't override if set by root */
+#define OPT_INITONLY	0x4000000 /* option can only be set in init phase */
+#define OPT_DEVEQUIV	0x8000000 /* equiv to device name */
+#define OPT_DEVNAM	(OPT_INITONLY | OPT_DEVEQUIV)
+#define OPT_A2PRINTER	0x10000000 /* *addr2 is a fn for printing option */
+#define OPT_A2STRVAL	0x20000000 /* *addr2 points to current string value */
+#define OPT_NOPRINT	0x40000000 /* don't print this option at all */
+
+#define OPT_VAL(x)	((x) & OPT_VALUE)
+
+/* Values for priority */
+#define OPRIO_DEFAULT	0	/* a default value */
+#define OPRIO_CFGFILE	1	/* value from a configuration file */
+#define OPRIO_CMDLINE	2	/* value from the command line */
+#define OPRIO_SECFILE	3	/* value from options in a secrets file */
+#define OPRIO_ROOT	100	/* added to priority if OPT_PRIVFIX && root */
+
+#ifndef GIDSET_TYPE
+#define GIDSET_TYPE	gid_t
+#endif
+
+/* Structure representing a list of permitted IP addresses. */
+struct permitted_ip {
+    int		permit;		/* 1 = permit, 0 = forbid */
+    u_int32_t	base;		/* match if (addr & mask) == base */
+    u_int32_t	mask;		/* base and mask are in network byte order */
+};
+
+/*
+ * Unfortunately, the linux kernel driver uses a different structure
+ * for statistics from the rest of the ports.
+ * This structure serves as a common representation for the bits
+ * pppd needs.
+ */
+struct pppd_stats {
+    unsigned int	bytes_in;
+    unsigned int	bytes_out;
+    unsigned int	pkts_in;
+    unsigned int	pkts_out;
+};
+
+/* Used for storing a sequence of words.  Usually malloced. */
+struct wordlist {
+    struct wordlist	*next;
+    char		*word;
+};
+
+/* An endpoint discriminator, used with multilink. */
+#define MAX_ENDP_LEN	20	/* maximum length of discriminator value */
+struct epdisc {
+    unsigned char	class;
+    unsigned char	length;
+    unsigned char	value[MAX_ENDP_LEN];
+};
+
+/* values for epdisc.class */
+#define EPD_NULL	0	/* null discriminator, no data */
+#define EPD_LOCAL	1
+#define EPD_IP		2
+#define EPD_MAC		3
+#define EPD_MAGIC	4
+#define EPD_PHONENUM	5
+
+typedef void (*notify_func) __P((void *, int));
+
+struct notifier {
+    struct notifier *next;
+    notify_func	    func;
+    void	    *arg;
+};
+
+/*
+ * Global variables.
+ */
+
+extern int	hungup;		/* Physical layer has disconnected */
+extern int	ifunit;		/* Interface unit number */
+extern char	ifname[];	/* Interface name */
+extern char	hostname[];	/* Our hostname */
+extern u_char	outpacket_buf[]; /* Buffer for outgoing packets */
+extern int	phase;		/* Current state of link - see values below */
+extern int	baud_rate;	/* Current link speed in bits/sec */
+extern char	*progname;	/* Name of this program */
+extern int	redirect_stderr;/* Connector's stderr should go to file */
+extern char	peer_authname[];/* Authenticated name of peer */
+extern int	auth_done[NUM_PPP]; /* Methods actually used for auth */
+extern int	privileged;	/* We were run by real-uid root */
+extern int	need_holdoff;	/* Need holdoff period after link terminates */
+extern char	**script_env;	/* Environment variables for scripts */
+extern int	detached;	/* Have detached from controlling tty */
+extern GIDSET_TYPE groups[NGROUPS_MAX];	/* groups the user is in */
+extern int	ngroups;	/* How many groups valid in groups */
+extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
+extern int	link_stats_valid; /* set if link_stats is valid */
+extern unsigned	link_connect_time; /* time the link was up for */
+extern int	using_pty;	/* using pty as device (notty or pty opt.) */
+extern int	log_to_fd;	/* logging to this fd as well as syslog */
+extern bool	log_default;	/* log_to_fd is default (stdout) */
+extern char	*no_ppp_msg;	/* message to print if ppp not in kernel */
+extern volatile int status;	/* exit status for pppd */
+extern bool	devnam_fixed;	/* can no longer change devnam */
+extern int	unsuccess;	/* # unsuccessful connection attempts */
+extern int	do_callback;	/* set if we want to do callback next */
+extern int	doing_callback;	/* set if this is a callback */
+extern int	error_count;	/* # of times error() has been called */
+extern char	ppp_devnam[MAXPATHLEN];
+extern char     remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
+extern int      ppp_session_number; /* Session number (eg PPPoE session) */
+
+extern int	listen_time;	/* time to listen first (ms) */
+extern struct notifier *pidchange;   /* for notifications of pid changing */
+extern struct notifier *phasechange; /* for notifications of phase changes */
+extern struct notifier *exitnotify;  /* for notification that we're exiting */
+extern struct notifier *sigreceived; /* notification of received signal */
+extern struct notifier *ip_up_notifier; /* IPCP has come up */
+extern struct notifier *ip_down_notifier; /* IPCP has gone down */
+extern struct notifier *auth_up_notifier; /* peer has authenticated */
+extern struct notifier *link_down_notifier; /* link has gone down */
+extern struct notifier *fork_notifier;	/* we are a new child process */
+
+/* Values for do_callback and doing_callback */
+#define CALLBACK_DIALIN		1	/* we are expecting the call back */
+#define CALLBACK_DIALOUT	2	/* we are dialling out to call back */
+
+/*
+ * Variables set by command-line options.
+ */
+
+extern int	debug;		/* Debug flag */
+extern int	kdebugflag;	/* Tell kernel to print debug messages */
+extern int	default_device;	/* Using /dev/tty or equivalent */
+extern char	devnam[MAXPATHLEN];	/* Device name */
+extern int	crtscts;	/* Use hardware flow control */
+extern bool	modem;		/* Use modem control lines */
+extern int	inspeed;	/* Input/Output speed requested */
+extern u_int32_t netmask;	/* IP netmask to set on interface */
+extern bool	lockflag;	/* Create lock file to lock the serial dev */
+extern bool	nodetach;	/* Don't detach from controlling tty */
+extern bool	updetach;	/* Detach from controlling tty when link up */
+extern char	*initializer;	/* Script to initialize physical link */
+extern char	*connect_script; /* Script to establish physical link */
+extern char	*disconnect_script; /* Script to disestablish physical link */
+extern char	*welcomer;	/* Script to welcome client after connection */
+extern char	*ptycommand;	/* Command to run on other side of pty */
+extern int	maxconnect;	/* Maximum connect time (seconds) */
+extern char	user[MAXNAMELEN];/* Our name for authenticating ourselves */
+extern char	passwd[MAXSECRETLEN];	/* Password for PAP or CHAP */
+extern bool	auth_required;	/* Peer is required to authenticate */
+extern bool	persist;	/* Reopen link after it goes down */
+extern bool	uselogin;	/* Use /etc/passwd for checking PAP */
+extern char	our_name[MAXNAMELEN];/* Our name for authentication purposes */
+extern char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern bool	explicit_remote;/* remote_name specified with remotename opt */
+extern bool	demand;		/* Do dial-on-demand */
+extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
+extern bool	cryptpap;	/* Others' PAP passwords are encrypted */
+extern int	idle_time_limit;/* Shut down link if idle for this long */
+extern int	holdoff;	/* Dead time before restarting */
+extern bool	holdoff_specified; /* true if user gave a holdoff value */
+extern bool	notty;		/* Stdin/out is not a tty */
+extern char	*pty_socket;	/* Socket to connect to pty */
+extern char	*record_file;	/* File to record chars sent/received */
+extern bool	sync_serial;	/* Device is synchronous serial device */
+extern int	maxfail;	/* Max # of unsuccessful connection attempts */
+extern char	linkname[MAXPATHLEN]; /* logical name for link */
+extern bool	tune_kernel;	/* May alter kernel settings as necessary */
+extern int	connect_delay;	/* Time to delay after connect script */
+extern int	max_data_rate;	/* max bytes/sec through charshunt */
+extern int	req_unit;	/* interface unit number to use */
+extern bool	multilink;	/* enable multilink operation */
+extern bool	noendpoint;	/* don't send or accept endpt. discrim. */
+extern char	*bundle_name;	/* bundle name for multilink */
+extern bool	dump_options;	/* print out option values */
+extern bool	dryrun;		/* check everything, print options, exit */
+
+#ifdef MAXOCTETS
+extern unsigned int maxoctets;	     /* Maximum octetes per session (in bytes) */
+extern int       maxoctets_dir;      /* Direction :
+				      0 - in+out (default)
+				      1 - in 
+				      2 - out
+				      3 - max(in,out) */
+extern int       maxoctets_timeout;  /* Timeout for check of octets limit */
+#define PPP_OCTETS_DIRECTION_SUM        0
+#define PPP_OCTETS_DIRECTION_IN         1
+#define PPP_OCTETS_DIRECTION_OUT        2
+#define PPP_OCTETS_DIRECTION_MAXOVERAL  3
+/* same as previos, but little different on RADIUS side */
+#define PPP_OCTETS_DIRECTION_MAXSESSION 4	
+#endif
+
+#ifdef PPP_FILTER
+extern struct	bpf_program pass_filter;   /* Filter for pkts to pass */
+extern struct	bpf_program active_filter; /* Filter for link-active pkts */
+#endif
+
+#ifdef MSLANMAN
+extern bool	ms_lanman;	/* Use LanMan password instead of NT */
+				/* Has meaning only with MS-CHAP challenges */
+#endif
+
+/* Values for auth_pending, auth_done */
+#define PAP_WITHPEER	0x1
+#define PAP_PEER	0x2
+#define CHAP_WITHPEER	0x4
+#define CHAP_PEER	0x8
+#define EAP_WITHPEER	0x10
+#define EAP_PEER	0x20
+
+/* Values for auth_done only */
+#define CHAP_MD5_WITHPEER	0x40
+#define CHAP_MD5_PEER		0x80
+#ifdef CHAPMS
+#define CHAP_MS_SHIFT		8	/* LSB position for MS auths */
+#define CHAP_MS_WITHPEER	0x100
+#define CHAP_MS_PEER		0x200
+#define CHAP_MS2_WITHPEER	0x400
+#define CHAP_MS2_PEER		0x800
+#endif
+
+extern char *current_option;	/* the name of the option being parsed */
+extern int  privileged_option;	/* set iff the current option came from root */
+extern char *option_source;	/* string saying where the option came from */
+extern int  option_priority;	/* priority of current options */
+
+/*
+ * Values for phase.
+ */
+#define PHASE_DEAD		0
+#define PHASE_INITIALIZE	1
+#define PHASE_SERIALCONN	2
+#define PHASE_DORMANT		3
+#define PHASE_ESTABLISH		4
+#define PHASE_AUTHENTICATE	5
+#define PHASE_CALLBACK		6
+#define PHASE_NETWORK		7
+#define PHASE_RUNNING		8
+#define PHASE_TERMINATE		9
+#define PHASE_DISCONNECT	10
+#define PHASE_HOLDOFF		11
+
+/*
+ * The following struct gives the addresses of procedures to call
+ * for a particular protocol.
+ */
+struct protent {
+    u_short protocol;		/* PPP protocol number */
+    /* Initialization procedure */
+    void (*init) __P((int unit));
+    /* Process a received packet */
+    void (*input) __P((int unit, u_char *pkt, int len));
+    /* Process a received protocol-reject */
+    void (*protrej) __P((int unit));
+    /* Lower layer has come up */
+    void (*lowerup) __P((int unit));
+    /* Lower layer has gone down */
+    void (*lowerdown) __P((int unit));
+    /* Open the protocol */
+    void (*open) __P((int unit));
+    /* Close the protocol */
+    void (*close) __P((int unit, char *reason));
+    /* Print a packet in readable form */
+    int  (*printpkt) __P((u_char *pkt, int len,
+			  void (*printer) __P((void *, char *, ...)),
+			  void *arg));
+    /* Process a received data packet */
+    void (*datainput) __P((int unit, u_char *pkt, int len));
+    bool enabled_flag;		/* 0 iff protocol is disabled */
+    char *name;			/* Text name of protocol */
+    char *data_name;		/* Text name of corresponding data protocol */
+    option_t *options;		/* List of command-line options */
+    /* Check requested options, assign defaults */
+    void (*check_options) __P((void));
+    /* Configure interface for demand-dial */
+    int  (*demand_conf) __P((int unit));
+    /* Say whether to bring up link for this pkt */
+    int  (*active_pkt) __P((u_char *pkt, int len));
+};
+
+/* Table of pointers to supported protocols */
+extern struct protent *protocols[];
+
+/*
+ * This struct contains pointers to a set of procedures for
+ * doing operations on a "channel".  A channel provides a way
+ * to send and receive PPP packets - the canonical example is
+ * a serial port device in PPP line discipline (or equivalently
+ * with PPP STREAMS modules pushed onto it).
+ */
+struct channel {
+	/* set of options for this channel */
+	option_t *options;
+	/* find and process a per-channel options file */
+	void (*process_extra_options) __P((void));
+	/* check all the options that have been given */
+	void (*check_options) __P((void));
+	/* get the channel ready to do PPP, return a file descriptor */
+	int  (*connect) __P((void));
+	/* we're finished with the channel */
+	void (*disconnect) __P((void));
+	/* put the channel into PPP `mode' */
+	int  (*establish_ppp) __P((int));
+	/* take the channel out of PPP `mode', restore loopback if demand */
+	void (*disestablish_ppp) __P((int));
+	/* set the transmit-side PPP parameters of the channel */
+	void (*send_config) __P((int, u_int32_t, int, int));
+	/* set the receive-side PPP parameters of the channel */
+	void (*recv_config) __P((int, u_int32_t, int, int));
+	/* cleanup on error or normal exit */
+	void (*cleanup) __P((void));
+	/* close the device, called in children after fork */
+	void (*close) __P((void));
+};
+
+extern struct channel *the_channel;
+
+/*
+ * Prototypes.
+ */
+
+/* Procedures exported from main.c. */
+void set_ifunit __P((int));	/* set stuff that depends on ifunit */
+void detach __P((void));	/* Detach from controlling tty */
+void die __P((int));		/* Cleanup and exit */
+void quit __P((void));		/* like die(1) */
+void novm __P((char *));	/* Say we ran out of memory, and die */
+void timeout __P((void (*func)(void *), void *arg, int s, int us));
+				/* Call func(arg) after s.us seconds */
+void untimeout __P((void (*func)(void *), void *arg));
+				/* Cancel call to func(arg) */
+void record_child __P((int, char *, void (*) (void *), void *));
+pid_t safe_fork __P((void));	/* Fork & close stuff in child */
+int  device_script __P((char *cmd, int in, int out, int dont_wait));
+				/* Run `cmd' with given stdin and stdout */
+pid_t run_program __P((char *prog, char **args, int must_exist,
+		       void (*done)(void *), void *arg));
+				/* Run program prog with args in child */
+void reopen_log __P((void));	/* (re)open the connection to syslog */
+void update_link_stats __P((int)); /* Get stats at link termination */
+void script_setenv __P((char *, char *, int));	/* set script env var */
+void script_unsetenv __P((char *));		/* unset script env var */
+void new_phase __P((int));	/* signal start of new phase */
+void add_notifier __P((struct notifier **, notify_func, void *));
+void remove_notifier __P((struct notifier **, notify_func, void *));
+void notify __P((struct notifier *, int));
+int  ppp_send_config __P((int, int, u_int32_t, int, int));
+int  ppp_recv_config __P((int, int, u_int32_t, int, int));
+
+/* Procedures exported from tty.c. */
+void tty_init __P((void));
+
+/* Procedures exported from utils.c. */
+void log_packet __P((u_char *, int, char *, int));
+				/* Format a packet and log it with syslog */
+void print_string __P((char *, int,  void (*) (void *, char *, ...),
+		void *));	/* Format a string for output */
+int slprintf __P((char *, int, char *, ...));		/* sprintf++ */
+int vslprintf __P((char *, int, char *, va_list));	/* vsprintf++ */
+size_t strlcpy __P((char *, const char *, size_t));	/* safe strcpy */
+size_t strlcat __P((char *, const char *, size_t));	/* safe strncpy */
+void dbglog __P((char *, ...));	/* log a debug message */
+void info __P((char *, ...));	/* log an informational message */
+void notice __P((char *, ...));	/* log a notice-level message */
+void warn __P((char *, ...));	/* log a warning message */
+void error __P((char *, ...));	/* log an error message */
+void fatal __P((char *, ...));	/* log an error message and die(1) */
+void init_pr_log __P((char *, int));	/* initialize for using pr_log */
+void pr_log __P((void *, char *, ...));	/* printer fn, output to syslog */
+void end_pr_log __P((void));	/* finish up after using pr_log */
+void dump_packet __P((const char *, u_char *, int));
+				/* dump packet to debug log if interesting */
+ssize_t complete_read __P((int, void *, size_t));
+				/* read a complete buffer */
+
+/* Procedures exported from auth.c */
+void link_required __P((int));	  /* we are starting to use the link */
+void link_terminated __P((int));  /* we are finished with the link */
+void link_down __P((int));	  /* the LCP layer has left the Opened state */
+void link_established __P((int)); /* the link is up; authenticate now */
+void start_networks __P((int));   /* start all the network control protos */
+void continue_networks __P((int)); /* start network [ip, etc] control protos */
+void np_up __P((int, int));	  /* a network protocol has come up */
+void np_down __P((int, int));	  /* a network protocol has gone down */
+void np_finished __P((int, int)); /* a network protocol no longer needs link */
+void auth_peer_fail __P((int, int));
+				/* peer failed to authenticate itself */
+void auth_peer_success __P((int, int, int, char *, int));
+				/* peer successfully authenticated itself */
+void auth_withpeer_fail __P((int, int));
+				/* we failed to authenticate ourselves */
+void auth_withpeer_success __P((int, int, int));
+				/* we successfully authenticated ourselves */
+void auth_check_options __P((void));
+				/* check authentication options supplied */
+void auth_reset __P((int));	/* check what secrets we have */
+int  check_passwd __P((int, char *, int, char *, int, char **));
+				/* Check peer-supplied username/password */
+int  get_secret __P((int, char *, char *, char *, int *, int));
+				/* get "secret" for chap */
+int  get_srp_secret __P((int unit, char *client, char *server, char *secret,
+    int am_server));
+int  auth_ip_addr __P((int, u_int32_t));
+				/* check if IP address is authorized */
+int  auth_number __P((void));	/* check if remote number is authorized */
+int  bad_ip_adrs __P((u_int32_t));
+				/* check if IP address is unreasonable */
+
+/* Procedures exported from demand.c */
+void demand_conf __P((void));	/* config interface(s) for demand-dial */
+void demand_block __P((void));	/* set all NPs to queue up packets */
+void demand_unblock __P((void)); /* set all NPs to pass packets */
+void demand_discard __P((void)); /* set all NPs to discard packets */
+void demand_rexmit __P((int));	/* retransmit saved frames for an NP */
+int  loop_chars __P((unsigned char *, int)); /* process chars from loopback */
+int  loop_frame __P((unsigned char *, int)); /* should we bring link up? */
+
+/* Procedures exported from multilink.c */
+void mp_check_options __P((void)); /* Check multilink-related options */
+int  mp_join_bundle __P((void));  /* join our link to an appropriate bundle */
+char *epdisc_to_str __P((struct epdisc *)); /* string from endpoint discrim. */
+int  str_to_epdisc __P((struct epdisc *, char *)); /* endpt disc. from str */
+
+/* Procedures exported from sys-*.c */
+void sys_init __P((void));	/* Do system-dependent initialization */
+void sys_cleanup __P((void));	/* Restore system state before exiting */
+int  sys_check_options __P((void)); /* Check options specified */
+void sys_close __P((void));	/* Clean up in a child before execing */
+int  ppp_available __P((void));	/* Test whether ppp kernel support exists */
+int  get_pty __P((int *, int *, char *, int));	/* Get pty master/slave */
+int  open_ppp_loopback __P((void)); /* Open loopback for demand-dialling */
+int  tty_establish_ppp __P((int));  /* Turn serial port into a ppp interface */
+void tty_disestablish_ppp __P((int)); /* Restore port to normal operation */
+void generic_disestablish_ppp __P((int dev_fd)); /* Restore device setting */
+int  generic_establish_ppp __P((int dev_fd)); /* Make a ppp interface */
+void make_new_bundle __P((int, int, int, int)); /* Create new bundle */
+int  bundle_attach __P((int));	/* Attach link to existing bundle */
+void cfg_bundle __P((int, int, int, int)); /* Configure existing bundle */
+void clean_check __P((void));	/* Check if line was 8-bit clean */
+void set_up_tty __P((int, int)); /* Set up port's speed, parameters, etc. */
+void restore_tty __P((int));	/* Restore port's original parameters */
+void setdtr __P((int, int));	/* Raise or lower port's DTR line */
+void output __P((int, u_char *, int)); /* Output a PPP packet */
+void wait_input __P((struct timeval *));
+				/* Wait for input, with timeout */
+void add_fd __P((int));		/* Add fd to set to wait for */
+void remove_fd __P((int));	/* Remove fd from set to wait for */
+int  read_packet __P((u_char *)); /* Read PPP packet */
+int  get_loop_output __P((void)); /* Read pkts from loopback */
+void tty_send_config __P((int, u_int32_t, int, int));
+				/* Configure i/f transmit parameters */
+void tty_set_xaccm __P((ext_accm));
+				/* Set extended transmit ACCM */
+void tty_recv_config __P((int, u_int32_t, int, int));
+				/* Configure i/f receive parameters */
+int  ccp_test __P((int, u_char *, int, int));
+				/* Test support for compression scheme */
+void ccp_flags_set __P((int, int, int));
+				/* Set kernel CCP state */
+int  ccp_fatal_error __P((int)); /* Test for fatal decomp error in kernel */
+int  get_idle_time __P((int, struct ppp_idle *));
+				/* Find out how long link has been idle */
+int  get_ppp_stats __P((int, struct pppd_stats *));
+				/* Return link statistics */
+void netif_set_mtu __P((int, int)); /* Set PPP interface MTU */
+int  netif_get_mtu __P((int));      /* Get PPP interface MTU */
+int  sifvjcomp __P((int, int, int, int));
+				/* Configure VJ TCP header compression */
+int  sifup __P((int));		/* Configure i/f up for one protocol */
+int  sifnpmode __P((int u, int proto, enum NPmode mode));
+				/* Set mode for handling packets for proto */
+int  sifdown __P((int));	/* Configure i/f down for one protocol */
+int  sifaddr __P((int, u_int32_t, u_int32_t, u_int32_t));
+				/* Configure IPv4 addresses for i/f */
+int  cifaddr __P((int, u_int32_t, u_int32_t));
+				/* Reset i/f IP addresses */
+#ifdef INET6
+int  sif6addr __P((int, eui64_t, eui64_t));
+				/* Configure IPv6 addresses for i/f */
+int  cif6addr __P((int, eui64_t, eui64_t));
+				/* Remove an IPv6 address from i/f */
+#endif
+int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
+				/* Create default route through i/f */
+int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
+				/* Delete default route through i/f */
+int  sifproxyarp __P((int, u_int32_t));
+				/* Add proxy ARP entry for peer */
+int  cifproxyarp __P((int, u_int32_t));
+				/* Delete proxy ARP entry for peer */
+u_int32_t GetMask __P((u_int32_t)); /* Get appropriate netmask for address */
+int  lock __P((char *));	/* Create lock file for device */
+int  relock __P((int));		/* Rewrite lock file with new pid */
+void unlock __P((void));	/* Delete previously-created lock file */
+void logwtmp __P((const char *, const char *, const char *));
+				/* Write entry to wtmp file */
+int  get_host_seed __P((void));	/* Get host-dependent random number seed */
+int  have_route_to __P((u_int32_t)); /* Check if route to addr exists */
+#ifdef PPP_FILTER
+int  set_filters __P((struct bpf_program *pass, struct bpf_program *active));
+				/* Set filter programs in kernel */
+#endif
+#ifdef IPX_CHANGE
+int  sipxfaddr __P((int, unsigned long, unsigned char *));
+int  cipxfaddr __P((int));
+#endif
+int  get_if_hwaddr __P((u_char *addr, char *name));
+char *get_first_ethernet __P((void));
+
+/* Procedures exported from options.c */
+int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
+int  parse_args __P((int argc, char **argv));
+				/* Parse options from arguments given */
+int  options_from_file __P((char *filename, int must_exist, int check_prot,
+			    int privileged));
+				/* Parse options from an options file */
+int  options_from_user __P((void)); /* Parse options from user's .ppprc */
+int  options_for_tty __P((void)); /* Parse options from /etc/ppp/options.tty */
+int  options_from_list __P((struct wordlist *, int privileged));
+				/* Parse options from a wordlist */
+int  getword __P((FILE *f, char *word, int *newlinep, char *filename));
+				/* Read a word from a file */
+void option_error __P((char *fmt, ...));
+				/* Print an error message about an option */
+int int_option __P((char *, int *));
+				/* Simplified number_option for decimal ints */
+void add_options __P((option_t *)); /* Add extra options */
+void check_options __P((void));	/* check values after all options parsed */
+int  override_value __P((const char *, int, const char *));
+				/* override value if permitted by priority */
+void print_options __P((void (*) __P((void *, char *, ...)), void *));
+				/* print out values of all options */
+
+int parse_dotted_ip __P((char *, u_int32_t *));
+
+/*
+ * Hooks to enable plugins to change various things.
+ */
+extern int (*new_phase_hook) __P((int));
+extern int (*idle_time_hook) __P((struct ppp_idle *));
+extern int (*holdoff_hook) __P((void));
+extern int (*pap_check_hook) __P((void));
+extern int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
+				 struct wordlist **paddrs,
+				 struct wordlist **popts));
+extern void (*pap_logout_hook) __P((void));
+extern int (*pap_passwd_hook) __P((char *user, char *passwd));
+extern int (*allowed_address_hook) __P((u_int32_t addr));
+extern void (*ip_up_hook) __P((void));
+extern void (*ip_down_hook) __P((void));
+extern void (*ip_choose_hook) __P((u_int32_t *));
+
+extern int (*chap_check_hook) __P((void));
+extern int (*chap_passwd_hook) __P((char *user, char *passwd));
+
+/* Let a plugin snoop sent and received packets.  Useful for L2TP */
+extern void (*snoop_recv_hook) __P((unsigned char *p, int len));
+extern void (*snoop_send_hook) __P((unsigned char *p, int len));
+
+/*
+ * Inline versions of get/put char/short/long.
+ * Pointer is advanced; we assume that both arguments
+ * are lvalues and will already be in registers.
+ * cp MUST be u_char *.
+ */
+#define GETCHAR(c, cp) { \
+	(c) = *(cp)++; \
+}
+#define PUTCHAR(c, cp) { \
+	*(cp)++ = (u_char) (c); \
+}
+
+
+#define GETSHORT(s, cp) { \
+	(s) = *(cp)++ << 8; \
+	(s) |= *(cp)++; \
+}
+#define PUTSHORT(s, cp) { \
+	*(cp)++ = (u_char) ((s) >> 8); \
+	*(cp)++ = (u_char) (s); \
+}
+
+#define GETLONG(l, cp) { \
+	(l) = *(cp)++ << 8; \
+	(l) |= *(cp)++; (l) <<= 8; \
+	(l) |= *(cp)++; (l) <<= 8; \
+	(l) |= *(cp)++; \
+}
+#define PUTLONG(l, cp) { \
+	*(cp)++ = (u_char) ((l) >> 24); \
+	*(cp)++ = (u_char) ((l) >> 16); \
+	*(cp)++ = (u_char) ((l) >> 8); \
+	*(cp)++ = (u_char) (l); \
+}
+
+#define INCPTR(n, cp)	((cp) += (n))
+#define DECPTR(n, cp)	((cp) -= (n))
+
+/*
+ * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ */
+
+#define TIMEOUT(r, f, t)	timeout((r), (f), (t), 0)
+#define UNTIMEOUT(r, f)		untimeout((r), (f))
+
+#define BCOPY(s, d, l)		memcpy(d, s, l)
+#define BZERO(s, n)		memset(s, 0, n)
+#define	BCMP(s1, s2, l)		memcmp(s1, s2, l)
+
+#define PRINTMSG(m, l)		{ info("Remote message: %0.*v", l, m); }
+
+/*
+ * MAKEHEADER - Add Header fields to a packet.
+ */
+#define MAKEHEADER(p, t) { \
+    PUTCHAR(PPP_ALLSTATIONS, p); \
+    PUTCHAR(PPP_UI, p); \
+    PUTSHORT(t, p); }
+
+/*
+ * Exit status values.
+ */
+#define EXIT_OK			0
+#define EXIT_FATAL_ERROR	1
+#define EXIT_OPTION_ERROR	2
+#define EXIT_NOT_ROOT		3
+#define EXIT_NO_KERNEL_SUPPORT	4
+#define EXIT_USER_REQUEST	5
+#define EXIT_LOCK_FAILED	6
+#define EXIT_OPEN_FAILED	7
+#define EXIT_CONNECT_FAILED	8
+#define EXIT_PTYCMD_FAILED	9
+#define EXIT_NEGOTIATION_FAILED	10
+#define EXIT_PEER_AUTH_FAILED	11
+#define EXIT_IDLE_TIMEOUT	12
+#define EXIT_CONNECT_TIME	13
+#define EXIT_CALLBACK		14
+#define EXIT_PEER_DEAD		15
+#define EXIT_HANGUP		16
+#define EXIT_LOOPBACK		17
+#define EXIT_INIT_FAILED	18
+#define EXIT_AUTH_TOPEER_FAILED	19
+#ifdef MAXOCTETS
+#define EXIT_TRAFFIC_LIMIT	20
+#endif
+#define EXIT_CNID_AUTH_FAILED	21
+
+/*
+ * Debug macros.  Slightly useful for finding bugs in pppd, not particularly
+ * useful for finding out why your connection isn't being established.
+ */
+#ifdef DEBUGALL
+#define DEBUGMAIN	1
+#define DEBUGFSM	1
+#define DEBUGLCP	1
+#define DEBUGIPCP	1
+#define DEBUGIPV6CP	1
+#define DEBUGUPAP	1
+#define DEBUGCHAP	1
+#endif
+
+#ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
+#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+  || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+  || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+#define LOG_PPP LOG_LOCAL2
+#else
+#define LOG_PPP LOG_DAEMON
+#endif
+#endif /* LOG_PPP */
+
+#ifdef DEBUGMAIN
+#define MAINDEBUG(x)	if (debug) dbglog x
+#else
+#define MAINDEBUG(x)
+#endif
+
+#ifdef DEBUGSYS
+#define SYSDEBUG(x)	if (debug) dbglog x
+#else
+#define SYSDEBUG(x)
+#endif
+
+#ifdef DEBUGFSM
+#define FSMDEBUG(x)	if (debug) dbglog x
+#else
+#define FSMDEBUG(x)
+#endif
+
+#ifdef DEBUGLCP
+#define LCPDEBUG(x)	if (debug) dbglog x
+#else
+#define LCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPCP
+#define IPCPDEBUG(x)	if (debug) dbglog x
+#else
+#define IPCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPV6CP
+#define IPV6CPDEBUG(x)  if (debug) dbglog x
+#else
+#define IPV6CPDEBUG(x)
+#endif
+
+#ifdef DEBUGUPAP
+#define UPAPDEBUG(x)	if (debug) dbglog x
+#else
+#define UPAPDEBUG(x)
+#endif
+
+#ifdef DEBUGCHAP
+#define CHAPDEBUG(x)	if (debug) dbglog x
+#else
+#define CHAPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPXCP
+#define IPXCPDEBUG(x)	if (debug) dbglog x
+#else
+#define IPXCPDEBUG(x)
+#endif
+
+#ifndef SIGTYPE
+#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+#define SIGTYPE void
+#else
+#define SIGTYPE int
+#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+#endif /* SIGTYPE */
+
+#ifndef MIN
+#define MIN(a, b)	((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b)	((a) > (b)? (a): (b))
+#endif
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+#endif /* __PPP_H__ */

plugins/pptpd-logwtmp.c

@@ -0,0 +1,66 @@
+/*
+ * $Id: pptpd-logwtmp.c,v 1.5 2007/04/16 00:21:02 quozl Exp $
+ * pptpd-logwtmp.c - pppd plugin to update wtmp for a pptpd user
+ *
+ * Copyright 2004 James Cameron.
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version
+ *  2 of the License, or (at your option) any later version.
+ */
+#include <unistd.h>
+#include <utmp.h>
+#include <string.h>
+#include "pppd.h"
+
+char pppd_version[] = VERSION;
+
+static char pptpd_original_ip[PATH_MAX+1];
+static bool pptpd_logwtmp_strip_domain = 0;
+
+static option_t options[] = {
+  { "pptpd-original-ip", o_string, pptpd_original_ip,
+    "Original IP address of the PPTP connection",
+    OPT_STATIC, NULL, PATH_MAX },
+  { "pptpd-logwtmp-strip-domain", o_bool, &pptpd_logwtmp_strip_domain,
+    "Strip domain from username before logging", OPT_PRIO | 1 },
+  { NULL }
+};
+
+static char *reduce(char *user)
+{
+  char *sep;
+  if (!pptpd_logwtmp_strip_domain) return user;
+
+  sep = strstr(user, "//"); /* two slash */
+  if (sep != NULL) user = sep + 2;
+  sep = strstr(user, "\\"); /* or one backslash */
+  if (sep != NULL) user = sep + 1;
+  return user;
+}
+
+static void ip_up(void *opaque, int arg)
+{
+  char *user = reduce(peer_authname);
+  if (debug)
+    notice("pptpd-logwtmp.so ip-up %s %s %s", ifname, user, 
+	   pptpd_original_ip);
+  logwtmp(ifname, user, pptpd_original_ip);
+}
+
+static void ip_down(void *opaque, int arg)
+{
+  if (debug) 
+    notice("pptpd-logwtmp.so ip-down %s", ifname);
+  logwtmp(ifname, "", "");
+}
+
+void plugin_init(void)
+{
+  add_options(options);
+  add_notifier(&ip_up_notifier, ip_up, NULL);
+  add_notifier(&ip_down_notifier, ip_down, NULL);
+  if (debug) 
+    notice("pptpd-logwtmp: $Version$");
+}

ppphdlc.c

@@ -0,0 +1,96 @@
+/*
+ * ppphdlc.c
+ *
+ * Copied from C. S. Ananian's linux client ppp_fcs.c
+ * This code can also be found in RFC1662
+ *
+ * $Id: ppphdlc.c,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ */
+
+/* Fast Frame Check Sequence (FCS) Implementation, for HDLC-like framing of
+ * PPP.  Adapted by C. Scott Ananian <cananian@alumni.princeton.edu>
+ * from RFC1662:
+ *
+ * C.2.  16-bit FCS Computation Method
+ *
+ *  The following code provides a table lookup computation for
+ *  calculating the Frame Check Sequence as data arrives at the
+ *  interface.  This implementation is based on [7], [8], and [9].
+ *
+ *  [7]   Perez, "Byte-wise CRC Calculations", IEEE Micro, June 1983.
+ *
+ *  [8]   Morse, G., "Calculating CRC's by Bits and Bytes", Byte,
+ *        September 1986.
+ *
+ *  [9]   LeVan, J., "A Fast CRC", Byte, November 1987.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/types.h>
+#include "ppphdlc.h"
+
+/*
+ * FCS lookup table as calculated by the table generator.
+ */
+u_int16_t fcstab[256] =
+{
+	0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
+	0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
+	0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
+	0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
+	0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
+	0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
+	0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
+	0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
+	0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
+	0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
+	0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
+	0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
+	0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
+	0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
+	0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
+	0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
+	0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
+	0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
+	0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
+	0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
+	0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
+	0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
+	0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
+	0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
+	0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
+	0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
+	0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
+	0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
+	0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
+	0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
+	0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
+	0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
+};
+
+#ifndef PPPINITFCS16
+#define PPPINITFCS16    0xffff	/* Initial FCS value */
+#endif
+#ifndef PPPGOODFCS16
+#define PPPGOODFCS16    0xf0b8	/* Good final FCS value */
+#endif
+
+#if 0
+/*
+ * Calculate a new fcs given the current fcs and the new data.
+ *
+ * "#if 0" since the checksumming is now done 'on the fly'
+ */
+u_int16_t pppfcs16(u_int16_t fcs, void *_cp, int len)
+{
+	register unsigned char *cp = (unsigned char *) _cp;
+
+	while (len--)
+		fcs = (fcs >> 8) ^ fcstab[(fcs ^ *cp++) & 0xff];
+
+	return (fcs);
+}
+#endif

ppphdlc.h

@@ -0,0 +1,17 @@
+/*
+ * ppphdlc.h
+ *
+ * Copied from C. S. Ananians ppp_fcs.h
+ *
+ * $Id: ppphdlc.h,v 1.1.1.1 2002/06/21 08:52:00 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_PPPHDLC_H
+#define _PPTPD_PPPHDLC_H
+
+#define PPPINITFCS16    0xffff	/* Initial FCS value */
+#define PPPGOODFCS16    0xf0b8	/* Good final FCS value */
+
+extern u_int16_t fcstab[256];
+
+#endif	/* !_PPTPD_PPPHDLC_H */

pptpctrl.8

@@ -0,0 +1,134 @@
+.TH PPTPCTRL 8 "28 April 2004"
+.SH NAME
+pptpctrl - PPTP control connection manager
+.SH SYNOPSIS
+.B pptpctrl
+.IR pptp-debug-flag
+.IR no-ipparam-flag
+.IR ppp-options-value
+.IR ppp-speed-value
+.IR ppp-local-ip-value
+.IR ppp-remote-ip-value
+.RB [
+.IR pptp-call-id
+]
+.RB [
+.IR ppp-binary
+]
+.RB [
+.IR pptp-logwtmp
+]
+.SH DESCRIPTION
+.B pptpctrl
+is usually run by 
+.BR pptpd (8),
+but can also be run from
+.BR inetd (8)
+if some of the features of
+.BR pptpd (8),
+such as IP pool management, and inbuilt TCP wrappers, are not required.
+.SH OPTIONS
+.B pptpctrl 
+options are unconventional, as they are designed for use by
+.BR pptpd (8)
+rather than users.  The option order is critical.  Flag options
+consist of a 0 or 1, and must be present.  Value options consist of a
+0, or a 1 followed by the value.  Either the 0 or both the 1 and the
+value must be present.  The remaining options are optional, but must
+be present in the defined order.  The options are as follows:
+.TP
+pptp-debug-flag
+if set (1), enables debug messages to syslog from pptpctrl.  This has no
+effect on the setting of the PPP debug option.
+.TP
+no-ipparam-flag
+if set, 
+.B pptpctrl 
+will not pass the client's IP address to 
+.BR pppd (8)
+using the 
+.IR ipparam
+option.  See the
+.IR noipparam
+option in
+.BR pptpd.conf (5).
+.TP
+ppp-options-value
+file to use for PPP options.  See the
+.IR file
+option in 
+.BR pppd (8).
+.TP
+ppp-speed-value
+value for the
+.IR speed
+option given to
+.BR pppd (8).
+Note that on Linux, this parameter is ineffective.
+.TP
+ppp-local-ip-value
+if set, specifies the IP address that
+.BR pppd (8)
+is to use for the network interface on the server.  If not set, 
+.BR pppd (8)
+will determine it based on options; usually it will be the ethernet address of the server.
+.TP
+ppp-remote-ip-value
+if set, specifies the IP address that
+.BR pppd (8)
+is to use for the network interface on the client.  If not set,
+.BR pppd (8)
+will determine it based on options; usually it will be the ethernet address of the client, or an address given in 
+.IR chap-secrets.
+Must be set if
+.IR ppp-local-ip-value
+is set.
+.TP
+pptp-call-id
+if present, specifies the call identification for the PPTP session.  If omitted, the call identification is zero.  Normally the ID is allocated by
+.BR pptpd (8)
+and passed to pptpctrl.
+.TP
+ppp-binary
+if present, path to the PPP binary to use.  If omitted, the default
+value is used.
+.TP
+pptp-logwtmp
+if present, specifies whether 
+.BR wtmp (5)
+should be updated as users connect and disconnect.
+.SH FILES
+none.
+.SH AUTHORS
+Poptop is written by Matthew Ramsay <matthewr@moreton.com.au>, David Luyer
+<luyer@ucs.uwa.edu.au>, Kevin Thayer <tmk@netmagic.net>, Peter Galbavy
+<Peter.Galbavy@knowledge.com> and others. Development has been moved to
+SourceForge and worked on by Richard de Vroede <r.devroede@linvision.com>
+since June 26, 2002.
+.SH COPYRIGHT
+Copyright \(co 1999 Matthew Ramsay and others.
+.LP
+Poptop is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation; either version 2, or (at your option) any later
+version.
+.LP
+Poptop is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+for more details.
+.LP
+You should have received a copy of the GNU General Public License along
+with Poptop; see the file COPYING.  If not, write to the Free Software
+Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.SH AVAILABILITY
+The most recent version of Poptop is available for download from
+SourceForge at
+.IR http://sourceforge.net/projects/poptop . 
+.SH "SEE ALSO"
+.BR inetd (8),
+.BR inetd.conf (5),
+.BR pppd (8),
+.BR pptpd (8),
+.BR pptpd.conf (5),
+.BR tcpd (8).

pptpctrl.c

@@ -0,0 +1,793 @@
+/*
+ * pptpctrl.c
+ *
+ * PPTP control connection between PAC-PNS pair
+ *
+ * $Id: pptpctrl.c,v 1.20 2006/12/08 00:01:40 quozl Exp $
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef __linux__
+#define _GNU_SOURCE 1		/* kill() prototype, broken arpa/inet.h */
+#endif
+
+#include "our_syslog.h"
+
+#include <fcntl.h>
+#include <errno.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <sys/time.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#ifdef HAVE_OPENPTY
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#include <termios.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#endif
+
+#ifdef __UCLIBC__
+#define socklen_t int
+#endif
+
+#include "compat.h"
+#include "pptpctrl.h"
+#include "pptpgre.h"
+#include "pptpdefs.h"
+#include "ctrlpacket.h"
+#include "defaults.h"
+// placing net/if.h here fixes build on Solaris
+#include <net/if.h>
+
+static char *ppp_binary = PPP_BINARY;
+static int pptp_logwtmp;
+static int noipparam;			/* if true, don't send ipparam to ppp */
+static char speed[32];
+static char pppdxfig[256];
+static pid_t pppfork;                   /* so we can kill it after disconnect */
+
+/*
+ * Global to handle dying
+ *
+ * I'd be nice if someone could figure out a way to do it 
+ * without the global, but i don't think you can.. -tmk
+ */
+#define clientSocket 0		/* in case it changes back to a variable */
+static u_int32_t call_id_pair;	/* call id (to terminate call) */
+
+/* Needed by this and ctrlpacket.c */
+int pptpctrl_debug = 0;		/* specifies if debugging is on or off */
+uint16_t unique_call_id = 0xFFFF;	/* Start value for our call IDs on this TCP link */
+
+int gargc;                     /* Command line argument count */
+char **gargv;                  /* Command line argument vector */
+
+/* Local function prototypes */
+static void bail(int sigraised);
+static void pptp_handle_ctrl_connection(char **pppaddrs, struct in_addr *inetaddrs);
+
+static int startCall(char **pppaddrs, struct in_addr *inetaddrs);
+static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs);
+
+/* Oh the horror.. lets hope this covers all the ones we have to handle */
+#if defined(O_NONBLOCK) && !defined(__sun__) && !defined(__sun)
+#define OUR_NB_MODE O_NONBLOCK
+#else
+#define OUR_NB_MODE O_NDELAY
+#endif
+
+/* read a command line argument, a flag alone */
+#define GETARG_INT(X) \
+	X = atoi(argv[arg++])
+
+/* read a command line argument, a string alone */
+#define GETARG_STRING(X) \
+	X = strdup(argv[arg++])
+
+/* read a command line argument, a presence flag followed by string */
+#define GETARG_VALUE(X) \
+	if(atoi(argv[arg++]) != 0) \
+		strlcpy(X, argv[arg++], sizeof(X)); \
+	else \
+		*X = '\0'
+
+int main(int argc, char **argv)
+{
+	char pppLocal[16];		/* local IP to pass to pppd */
+	char pppRemote[16];		/* remote IP address to pass to pppd */
+	struct sockaddr_in addr;	/* client address */
+	socklen_t addrlen;
+	int arg = 1;
+	int flags;
+	struct in_addr inetaddrs[2];
+	char *pppaddrs[2] = { pppLocal, pppRemote };
+
+        gargc = argc;
+        gargv = argv;
+
+	/* fail if argument count invalid */
+	if (argc < 7) {
+		fprintf(stderr, "pptpctrl: insufficient arguments, see man pptpctrl\n");
+		exit(2);
+	}
+
+	/* open a connection to the syslog daemon */
+	openlog("pptpd", LOG_PID, PPTP_FACILITY);
+
+	/* autoreap if supported */
+	signal(SIGCHLD, SIG_IGN);
+
+	/* note: update pptpctrl.8 if the argument list format is changed */
+	GETARG_INT(pptpctrl_debug);
+	GETARG_INT(noipparam);
+	GETARG_VALUE(pppdxfig);
+	GETARG_VALUE(speed);
+	GETARG_VALUE(pppLocal);
+	GETARG_VALUE(pppRemote);
+	if (arg < argc) GETARG_INT(unique_call_id);
+	if (arg < argc) GETARG_STRING(ppp_binary);
+	if (arg < argc) GETARG_INT(pptp_logwtmp);
+	
+	if (pptpctrl_debug) {
+		if (*pppLocal)
+			syslog(LOG_DEBUG, "CTRL: local address = %s", pppLocal);
+		if (*pppRemote)
+			syslog(LOG_DEBUG, "CTRL: remote address = %s", pppRemote);
+		if (*speed)
+			syslog(LOG_DEBUG, "CTRL: pppd speed = %s", speed);
+		if (*pppdxfig)
+			syslog(LOG_DEBUG, "CTRL: pppd options file = %s", pppdxfig);
+	}
+
+	addrlen = sizeof(addr);
+	if (getsockname(clientSocket, (struct sockaddr *) &addr, &addrlen) != 0) {
+		syslog(LOG_ERR, "CTRL: getsockname() failed");
+		syslog_perror("getsockname");
+		close(clientSocket);
+		bail(0);	/* NORETURN */
+	}
+	inetaddrs[0] = addr.sin_addr;
+
+	addrlen = sizeof(addr);
+	if (getpeername(clientSocket, (struct sockaddr *) &addr, &addrlen) != 0) {
+		syslog(LOG_ERR, "CTRL: getpeername() failed");
+		syslog_perror("getpeername");
+		close(clientSocket);
+		bail(0);	/* NORETURN */
+	}
+	inetaddrs[1] = addr.sin_addr;
+
+	/* Set non-blocking */
+	if ((flags = fcntl(clientSocket, F_GETFL, arg /* ignored */)) == -1 ||
+	    fcntl(clientSocket, F_SETFL, flags|OUR_NB_MODE) == -1) {
+		syslog(LOG_ERR, "CTRL: Failed to set client socket non-blocking");
+		syslog_perror("fcntl");
+		close(clientSocket);
+		bail(0);	/* NORETURN */
+	}
+
+	
+	/* Fiddle with argv */
+        my_setproctitle(gargc, gargv, "pptpd [%s]%20c",
+            inet_ntoa(addr.sin_addr), ' ');
+
+	/* be ready for a grisly death */
+	sigpipe_create();
+	sigpipe_assign(SIGTERM);
+	NOTE_VALUE(PAC, call_id_pair, htons(-1));
+	NOTE_VALUE(PNS, call_id_pair, htons(-1));
+
+	syslog(LOG_INFO, "CTRL: Client %s control connection started", inet_ntoa(addr.sin_addr));
+	pptp_handle_ctrl_connection(pppaddrs, inetaddrs);
+	syslog(LOG_DEBUG, "CTRL: Reaping child PPP[%i]", pppfork);
+	if (pppfork > 0)
+		waitpid(pppfork, NULL, 0);
+	syslog(LOG_INFO, "CTRL: Client %s control connection finished", inet_ntoa(addr.sin_addr));
+
+	bail(0);		/* NORETURN */
+	return 1;		/* make gcc happy */
+}
+
+
+/*
+ * Local functions only below
+ */
+
+/*
+ * pptp_handle_ctrl_connection
+ *
+ * 1. read a packet (should be start_ctrl_conn_rqst)
+ * 2. reply to packet (send a start_ctrl_conn_rply)
+ * 3. proceed with GRE and CTRL connections
+ *
+ * args: pppaddrs - ppp local and remote addresses (strings)
+ *       inetaddrs - local and client socket address
+ * retn: 0 success, -1 failure
+ */
+static void pptp_handle_ctrl_connection(char **pppaddrs, struct in_addr *inetaddrs)
+{
+
+	/* For echo requests used to check link is alive */
+	int echo_wait = FALSE;		/* Waiting for echo? */
+	u_int32_t echo_count = 0;	/* Sequence # of echo */
+	time_t echo_time = 0;		/* Time last echo req sent */
+	struct timeval idleTime;	/* How long to select() */
+
+	/* General local variables */
+	ssize_t rply_size;		/* Reply packet size */
+	fd_set fds;			/* For select() */
+	int maxfd = clientSocket;	/* For select() */
+	int send_packet;		/* Send a packet this time? */
+#if BSDUSER_PPP || SLIRP
+/* not needed by stuff which uses socketpair() in startCall() */
+#define init 1
+#else
+	int init = 0;			/* Has pppd initialized the pty? */
+#endif
+	int pty_fd = -1;		/* File descriptor of pty */
+	int gre_fd = -1;		/* Network file descriptor */
+	int sig_fd = sigpipe_fd();	/* Signal pipe descriptor	*/
+
+	unsigned char packet[PPTP_MAX_CTRL_PCKT_SIZE];
+	unsigned char rply_packet[PPTP_MAX_CTRL_PCKT_SIZE];
+
+	for (;;) {
+
+		FD_ZERO(&fds);
+		FD_SET(sig_fd, &fds);
+		FD_SET(clientSocket, &fds);
+		if (pty_fd != -1)
+			FD_SET(pty_fd, &fds);
+		if (gre_fd != -1 && init)
+			FD_SET(gre_fd, &fds);
+
+		/* set timeout */
+		if (encaps_gre(-1, NULL, 0) || decaps_hdlc(-1, NULL, 0)) {
+			idleTime.tv_sec = 0;
+			idleTime.tv_usec = 50000; /* don't ack immediately */
+		} else {
+			idleTime.tv_sec = IDLE_WAIT;
+			idleTime.tv_usec = 0;
+		}
+
+		/* default: do nothing */
+		send_packet = FALSE;
+
+		switch (select(maxfd + 1, &fds, NULL, NULL, &idleTime)) {
+		case -1:	/* Error with select() */
+			if (errno != EINTR)
+				syslog(LOG_ERR, "CTRL: Error with select(), quitting");
+			goto leave_clear_call;
+
+		case 0:
+			if (decaps_hdlc(-1, NULL, 0)) {
+				if(decaps_hdlc(-1, encaps_gre, gre_fd))
+					syslog(LOG_ERR, "CTRL: GRE re-xmit failed");
+			} else if (encaps_gre(-1, NULL, 0))
+				/* Pending ack and nothing else to do */
+				encaps_gre(gre_fd, NULL, 0);	/* send ack with no payload */
+			else if (echo_wait != TRUE) {
+				/* Timeout. Start idle link detection. */
+				echo_count++;
+				if (pptpctrl_debug)
+					syslog(LOG_DEBUG, "CTRL: Sending ECHO REQ id %d", echo_count);
+				time(&echo_time);
+				make_echo_req_packet(rply_packet, &rply_size, echo_count);
+				echo_wait = TRUE;
+				send_packet = TRUE;
+			}
+			break;
+
+		default:
+			break;
+		}
+
+		/* check for pending SIGTERM delivery */
+		if (FD_ISSET(sig_fd, &fds)) {
+			if (sigpipe_read() == SIGTERM)
+				bail(SIGTERM);
+		}
+
+		/* detect startup of pppd */
+#ifndef init
+		if (!init && pty_fd != -1 && FD_ISSET(pty_fd, &fds))
+			init = 1;
+#endif
+
+		/* handle actual packets */
+
+		/* send from pty off via GRE */
+		if (pty_fd != -1 && FD_ISSET(pty_fd, &fds) && decaps_hdlc(pty_fd, encaps_gre, gre_fd) < 0) {
+			syslog(LOG_ERR, "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)", pty_fd, gre_fd);
+			break;
+		}
+		/* send from GRE off to pty */
+		if (gre_fd != -1 && FD_ISSET(gre_fd, &fds) && decaps_gre(gre_fd, encaps_hdlc, pty_fd) < 0) {
+			if (gre_fd == 6 && pty_fd == 5) {
+				syslog(LOG_ERR, "CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed (gre,pty)=(%d,%d))", gre_fd, pty_fd);
+			} else {
+				syslog(LOG_ERR, "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)", gre_fd, pty_fd);
+			}
+			break;
+		}
+		/* handle control messages */
+
+		if (FD_ISSET(clientSocket, &fds)) {
+			send_packet = TRUE;
+			switch (read_pptp_packet(clientSocket, packet, rply_packet, &rply_size)) {
+			case 0:
+				syslog(LOG_ERR, "CTRL: CTRL read failed");
+				goto leave_drop_call;
+
+			case -1:
+				send_packet = FALSE;
+				break;
+
+			case STOP_CTRL_CONN_RQST:
+				if (pptpctrl_debug)
+					syslog(LOG_DEBUG, "CTRL: Received STOP CTRL CONN request (disconnecting)");
+				if (gre_fd != -1 || pty_fd != -1)
+					syslog(LOG_WARNING, "CTRL: Request to close control connection when call is open, closing");
+				send_pptp_packet(clientSocket, rply_packet, rply_size);
+				goto leave_drop_call;
+
+			case CALL_CLR_RQST:
+				if(pptpctrl_debug)
+					syslog(LOG_DEBUG, "CTRL: Received CALL CLR request (closing call)");
+				if (gre_fd == -1 || pty_fd == -1)
+					syslog(LOG_WARNING, "CTRL: Request to close call but call not open");
+				if (gre_fd != -1) {
+					FD_CLR(gre_fd, &fds);
+					close(gre_fd);
+					gre_fd = -1;
+				}
+				if (pty_fd != -1) {
+					FD_CLR(pty_fd, &fds);
+					close(pty_fd);
+					pty_fd = -1;
+				}
+				/* violating RFC */
+                                goto leave_drop_call;
+
+			case OUT_CALL_RQST:
+				/* for killing off the link later (ugly) */
+				NOTE_VALUE(PAC, call_id_pair, ((struct pptp_out_call_rply *) (rply_packet))->call_id);
+				NOTE_VALUE(PNS, call_id_pair, ((struct pptp_out_call_rply *) (rply_packet))->call_id_peer);
+				if (gre_fd != -1 || pty_fd != -1) {
+					syslog(LOG_WARNING, "CTRL: Request to open call when call is already open, closing");
+					if (gre_fd != -1) {
+						FD_CLR(gre_fd, &fds);
+						close(gre_fd);
+						gre_fd = -1;
+					}
+					if (pty_fd != -1) {
+						FD_CLR(pty_fd, &fds);
+						close(pty_fd);
+						pty_fd = -1;
+					}
+				}
+                                /* change process title for accounting and status scripts */
+                                my_setproctitle(gargc, gargv,
+                                      "pptpd [%s:%04X - %04X]",
+                                      inet_ntoa(inetaddrs[1]),
+                                      ntohs(((struct pptp_out_call_rply *) (rply_packet))->call_id_peer),
+                                      ntohs(((struct pptp_out_call_rply *) (rply_packet))->call_id));
+				/* start the call, by launching pppd */
+				syslog(LOG_INFO, "CTRL: Starting call (launching pppd, opening GRE)");
+				pty_fd = startCall(pppaddrs, inetaddrs);
+				if (pty_fd > maxfd) maxfd = pty_fd;
+				if ((gre_fd = pptp_gre_init(call_id_pair, pty_fd, inetaddrs)) > maxfd)
+					maxfd = gre_fd;
+				break;
+
+			case ECHO_RPLY:
+				if (echo_wait == TRUE && ((struct pptp_echo_rply *) (packet))->identifier == echo_count)
+					echo_wait = FALSE;
+				else
+					syslog(LOG_WARNING, "CTRL: Unexpected ECHO REPLY packet");
+				/* FALLTHRU */
+			case SET_LINK_INFO:
+				send_packet = FALSE;
+				break;
+
+#ifdef PNS_MODE
+			case IN_CALL_RQST:
+			case IN_CALL_RPLY:
+			case IN_CALL_CONN:
+#endif
+
+			case CALL_DISCONN_NTFY:
+			case STOP_CTRL_CONN_RPLY:
+				/* These don't generate replies.  Also they come from things we don't send in this section. */
+				syslog(LOG_WARNING, "CTRL: Got a reply to a packet we didn't send");
+				send_packet = FALSE;
+				break;
+
+			/* Otherwise, the already-formed reply will do fine, so send it */
+			}
+		}
+
+		/* send reply packet - this may block, but it should be very rare */
+		if (send_packet == TRUE && send_pptp_packet(clientSocket, rply_packet, rply_size) < 0) {
+			syslog(LOG_ERR, "CTRL: Error sending GRE, aborting call");
+			goto leave_clear_call;
+		}
+
+		/* waiting for echo reply and curtime - echo_time > max wait */
+		if (echo_wait == TRUE && (time(NULL) - echo_time) > MAX_ECHO_WAIT) {
+			syslog(LOG_INFO, "CTRL: Session timed out, ending call");
+			goto leave_clear_call;
+		}
+	}
+	/* Finished! :-) */
+leave_drop_call:
+	NOTE_VALUE(PAC, call_id_pair, htons(-1));
+	NOTE_VALUE(PNS, call_id_pair, htons(-1));
+	close(clientSocket);
+leave_clear_call:
+	/* leave clientSocket and call_id_pair alone for bail() */
+	if (gre_fd != -1)
+		close(gre_fd);
+	gre_fd = -1;
+	if (pty_fd != -1)
+		close(pty_fd);
+	pty_fd = -1;
+	return;
+#ifdef init
+#undef init
+#endif
+}
+
+
+/*
+ * This is the custom exit() for this program.
+ *
+ * Updated to also be the default SIGTERM handler, and if
+ * the link is going down for unnatural reasons, we will close it
+ * right now, it's only been tested for win98, other tests would be nice
+ * -tmk
+ */
+static void bail(int sigraised)
+{
+	if (sigraised)
+		syslog(LOG_INFO, "CTRL: Exiting on signal %d", sigraised);
+
+	/* send a disconnect to the other end */
+	/* ignore any errors */
+	if (GET_VALUE(PAC, call_id_pair) != htons(-1)) {
+		fd_set connSet;		/* fd_set for select() */
+		struct timeval tv;	/* time to wait for reply */
+		unsigned char packet[PPTP_MAX_CTRL_PCKT_SIZE];
+		unsigned char rply_packet[PPTP_MAX_CTRL_PCKT_SIZE];
+		ssize_t rply_size;	/* reply packet size */
+		int pkt;
+		int retry = 0;
+
+		if (pptpctrl_debug)
+			syslog(LOG_DEBUG, "CTRL: Exiting with active call");
+
+		make_call_admin_shutdown(rply_packet, &rply_size);
+		if(send_pptp_packet(clientSocket, rply_packet, rply_size) < 0)
+			goto skip;
+
+		make_stop_ctrl_req(rply_packet, &rply_size);
+		if(send_pptp_packet(clientSocket, rply_packet, rply_size) < 0)
+			goto skip;
+
+		FD_ZERO(&connSet);
+		FD_SET(clientSocket, &connSet);
+		tv.tv_sec = 5;	/* wait 5 secs for a reply then quit */
+		tv.tv_usec = 0;
+
+		/* Wait for STOP CTRL CONN RQST or RPLY */
+		while (select(clientSocket + 1, &connSet, NULL, NULL, &tv) == 1) {
+			switch((pkt = read_pptp_packet(clientSocket, packet, rply_packet, &rply_size))) {
+			case STOP_CTRL_CONN_RQST:
+				send_pptp_packet(clientSocket, rply_packet, rply_size);
+				goto skip;
+			case CALL_CLR_RQST:
+				syslog(LOG_WARNING, "CTRL: Got call clear request after call manually shutdown - buggy client");
+				break;
+			case STOP_CTRL_CONN_RPLY:
+				goto skip;
+			case -1:
+				syslog(LOG_WARNING, "CTRL: Retryable error in disconnect sequence");
+				retry++;
+				break;
+			case 0:
+				syslog(LOG_WARNING, "CTRL: Fatal error reading control message in disconnect sequence");
+				goto skip;
+			default:
+				syslog(LOG_WARNING, "CTRL: Unexpected control message %d in disconnect sequence", pkt);
+				retry++;
+				break;
+			}
+			tv.tv_sec = 5;	/* wait 5 secs for another reply then quit */
+			tv.tv_usec = 0;
+			if (retry > 100) {
+				syslog(LOG_WARNING, "CTRL: Too many retries (%d) - giving up", retry);
+				break;
+			}
+		}
+
+	skip:
+		close(clientSocket);
+	}
+
+	if (pptpctrl_debug)
+		syslog(LOG_DEBUG, "CTRL: Exiting now");
+}
+
+/*
+ * startCall
+ *
+ * Launches PPPD for the call.
+ *
+ * args:        pppaddrs - local/remote IPs or "" for either/both if none
+ * retn:        pty file descriptor
+ *
+ */
+static int startCall(char **pppaddrs, struct in_addr *inetaddrs)
+{
+	/* PTY/TTY pair for talking to PPPd */
+	int pty_fd, tty_fd;
+	/* register pids of children */
+#if BSDUSER_PPP || SLIRP
+	int sockfd[2];
+
+#ifndef AF_LOCAL
+#ifdef AF_UNIX
+#define AF_LOCAL AF_UNIX /* Old BSD */
+#else
+#define AF_LOCAL AF_FILE /* POSIX */
+#endif
+#endif
+
+	/* userspace ppp doesn't need to waste a real pty/tty pair */
+	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sockfd)) {
+		syslog(LOG_ERR, "CTRL: socketpair() error");
+		syslog_perror("socketpair");
+		exit(1);
+	}
+	tty_fd = sockfd[0];
+	pty_fd = sockfd[1];
+#else
+	/* Finds an open pty/tty pair */
+	if (openpty(&pty_fd, &tty_fd, NULL, NULL, NULL) != 0) {
+		syslog(LOG_ERR, "CTRL: openpty() error");
+		syslog_perror("openpty");
+		exit(1);
+	} else {
+		struct termios tios;
+
+		/* Turn off echo in the slave - to prevent loopback.
+		   pppd will do this, but might not do it before we
+		   try to send data. */
+		if (tcgetattr(tty_fd, &tios) < 0) {
+			syslog(LOG_ERR, "CTRL: tcgetattr() error");
+			syslog_perror("tcgetattr");
+			exit(1);
+		}
+		tios.c_lflag &= ~(ECHO | ECHONL);
+		if (tcsetattr(tty_fd, TCSAFLUSH, &tios) < 0) {
+			syslog(LOG_ERR, "CTRL: tcsetattr() error");
+			syslog_perror("tcsetattr");
+			exit(1);
+		}
+	}
+#endif
+	if (pptpctrl_debug) {
+		syslog(LOG_DEBUG, "CTRL: pty_fd = %d", pty_fd);
+		syslog(LOG_DEBUG, "CTRL: tty_fd = %d", tty_fd);
+	}
+	/* Launch the PPPD  */
+#ifndef HAVE_FORK
+        switch(pppfork=vfork()){
+#else
+        switch(pppfork=fork()){
+#endif
+	case -1:	/* fork() error */
+		syslog(LOG_ERR, "CTRL: Error forking to exec pppd");
+		_exit(1);
+
+	case 0:		/* child */
+		if (dup2(tty_fd, 0) == -1) {
+		  syslog(LOG_ERR, "CTRL: child tty_fd dup2 to stdin, %s",
+			 strerror(errno));
+		  exit(1);
+		}
+		if (dup2(tty_fd, 1) == -1) {
+		  syslog(LOG_ERR, "CTRL: child tty_fd dup2 to stdout, %s",
+			 strerror(errno));
+		  exit(1);
+		}
+#if 0
+		/* This must never be used if !HAVE_SYSLOG since that logs to stderr.
+		 * Trying just never using it to see if it causes anyone else problems.
+		 * It may let people see the pppd errors, which would be good.
+		 */
+		dup2(tty_fd, 2);
+#endif
+		if (tty_fd > 1)
+			close(tty_fd);
+		if (pty_fd > 1)
+			close(pty_fd);
+/* In case we move clientSocket back off stdin */
+#ifndef clientSocket
+		if (clientSocket > 1)
+			close(clientSocket);
+#elif clientSocket > 1
+		close(clientSocket);
+#endif
+		launch_pppd(pppaddrs, inetaddrs);
+		syslog(LOG_ERR, "CTRL: PPPD launch failed! (launch_pppd did not fork)");
+		_exit(1);
+	}
+	
+	close(tty_fd);
+	return pty_fd;
+}
+
+/*
+ * launch_pppd
+ *
+ * Launches the PPP daemon. The PPP daemon is responsible for assigning the
+ * PPTP client its IP address.. These values are assigned via the command
+ * line.
+ *
+ * Add return of connected ppp interface
+ *
+ * retn: 0 on success, -1 on failure.
+ *
+ */
+static void launch_pppd(char **pppaddrs, struct in_addr *inetaddrs)
+{
+	char *pppd_argv[14];
+	int an = 0;
+	sigset_t sigs;
+
+	pppd_argv[an++] = ppp_binary;
+
+	if (pptpctrl_debug) {
+		syslog(LOG_DEBUG, 
+		       "CTRL (PPPD Launcher): program binary = %s", 
+		       pppd_argv[an - 1]);
+	}
+
+#if BSDUSER_PPP
+
+	/* The way that Brian Somers' user-land ppp works is to use the
+	 * system name as a reference for most of the useful options. Hence
+	 * most things can't be defined on the command line. On OpenBSD at
+	 * least the file used for the systems is /etc/ppp/ppp.conf, where
+	 * the pptp stanza should look something like:
+
+	 pptp:
+	 set speed sync
+	 enable pap
+	 enable chap
+	 set dns a.a.a.a b.b.b.b
+	 set ndbs x.x.x.x y.y.y.y
+	 accept dns
+	 add 10.0.0/24
+
+	 * To be honest, at the time of writing, I haven't had the thing
+	 * working enough to understand :) I will update this comment and
+	 * make a sample config available when I get there.
+	 */
+
+	/* options for BSDUSER_PPP
+	 *
+	 * ignores IP addresses, config file option, speed
+	 * fix usage info in pptpd.c and configure script if this changes
+	 *
+	 * IP addresses can be specified in /etc/ppp/ppp.secret per user
+	 */
+	pppd_argv[an++] = "-direct";
+	pppd_argv[an++] = "pptp";	/* XXX this is the system name */
+	/* should be dynamic - PMG */
+
+#elif SLIRP
+
+	/* options for SLIRP
+	 *
+	 * ignores IP addresses from config - SLIRP handles this
+	 */
+	pppd_argv[an++] = "-P";
+	pppd_argv[an++] = "+chap";
+	pppd_argv[an++] = "-b";
+
+	/* If a speed has been specified, use it
+	 * if not, use "smart" default (defaults.h)
+	 */
+	if (*speed) {
+		pppd_argv[an++] = speed;
+	} else {
+		pppd_argv[an++] = PPP_SPEED_DEFAULT;
+	}
+
+	if (*pppdxfig) {
+		pppd_argv[an++] = "-f";
+		pppd_argv[an++] = pppdxfig;
+	}
+
+	if (pptpctrl_debug) {
+		syslog(LOG_DEBUG, "CTRL (PPPD Launcher): Connection speed = %s", pppd_argv[an - 1]);
+	}
+#else
+
+	/* options for 'normal' pppd */
+
+	pppd_argv[an++] = "local";
+
+	/* If a pppd option file is specified, use it
+	 * if not, pppd will default to /etc/ppp/options
+	 */
+	if (*pppdxfig) {
+		pppd_argv[an++] = "file";
+		pppd_argv[an++] = pppdxfig;
+	}
+	
+	/* If a speed has been specified, use it
+	 * if not, use "smart" default (defaults.h)
+	 */
+	if (*speed) {
+		pppd_argv[an++] = speed;
+	} else {
+		pppd_argv[an++] = PPP_SPEED_DEFAULT;
+	}
+
+	if (pptpctrl_debug) {
+		if (*pppaddrs[0])
+			syslog(LOG_DEBUG, "CTRL (PPPD Launcher): local address = %s", pppaddrs[0]);
+		if (*pppaddrs[1])
+			syslog(LOG_DEBUG, "CTRL (PPPD Launcher): remote address = %s", pppaddrs[1]);
+	}
+	
+	if (*pppaddrs[0] || *pppaddrs[1]) {
+		char pppInterfaceIPs[33];
+		sprintf(pppInterfaceIPs, "%s:%s", pppaddrs[0], pppaddrs[1]);
+		pppd_argv[an++] = pppInterfaceIPs;
+	}
+#endif
+
+        if (!noipparam) {
+                 pppd_argv[an++] = "ipparam";
+                 pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
+        }
+
+        if (pptp_logwtmp) {
+                 pppd_argv[an++] = "plugin";
+                 pppd_argv[an++] = "/usr/lib/pptpd/pptpd-logwtmp.so";
+                 pppd_argv[an++] = "pptpd-original-ip";
+                 pppd_argv[an++] = inet_ntoa(inetaddrs[1]);
+        }
+
+	/* argv arrays must always be NULL terminated */
+	pppd_argv[an++] = NULL;
+	/* make sure SIGCHLD is unblocked, pppd does not expect it */
+	sigfillset(&sigs);
+	sigprocmask(SIG_UNBLOCK, &sigs, NULL);
+	/* run pppd now */
+	execvp(pppd_argv[0], pppd_argv);
+	/* execvp() failed */
+	syslog(LOG_ERR, 
+	       "CTRL (PPPD Launcher): Failed to launch PPP daemon. %s",
+	       strerror(errno));
+}
+

pptpctrl.h

@@ -0,0 +1,14 @@
+/*
+ * pptpctrl.h
+ *
+ * PPTP control function prototypes.
+ *
+ * $Id: pptpctrl.h,v 1.1.1.1 2002/06/21 08:52:01 fenix_nl Exp $
+ */
+
+#ifndef _PPTPD_PPTPCTRL_H
+#define _PPTPD_PPTPCTRL_H
+
+extern int pptpctrl_debug;
+
+#endif	/* !_PPTPD_PPTPCTRL_H */

pptpd.8

@@ -0,0 +1,194 @@
+.TH PPTPD 8 "29 December 2005"
+.SH NAME
+pptpd - PPTP VPN daemon
+.SH SYNOPSIS
+.PP
+.B pptpd
+[ 
+.IR options
+]
+.SH DESCRIPTION
+.B pptpd
+is the Poptop PPTP daemon, which manages tunnelled PPP connections
+encapsulated in GRE using the PPTP VPN protocol.  It may contain
+features like IP address management and TCP wrappers if compiled in.
+.SH OPTIONS
+
+Here we document the command line options.  See 
+.BR pptpd.conf (5)
+for configuration directives, IP address allocation, routing, and
+firewall rules.
+
+.TP
+\fB-b\fR|\fB--bcrelay \fIinternal-interface
+specifies that broadcasts received on the server's internal 
+network interface should be relayed to the clients.
+
+.TP
+\fB-c\fR|\fB--conf \fIconf-file
+specifies the configuration file for
+.B pptpd
+(default
+.IR /etc/pptpd.conf )
+
+.TP
+.BR -d | --debug
+turns on debugging mode, causing more debugging messages to be sent
+to syslog.
+
+.TP
+\fB-e\fR|\fB--ppp \fIpppd-program
+use
+.I pppd-program
+in place of the default
+.BR pppd (8).
+
+.TP
+.BR -f | --fg
+run in the foreground instead of detaching from terminal
+
+.TP
+.BR -h | --help
+display program usage.
+
+.TP
+.BR -i | --noipparam
+do not send the client's IP address to ip-up scripts (required if you are using the 
+.BR pppd (8)
+.I ipparam
+option for some other purpose).
+
+.TP
+\fB-l\fR|\fB--listen \fIx.x.x.x
+specifies the local interface IP address to listen on.
+
+.TP
+\fB-o\fR|\fB--option \fIppp-conf-file
+specifies that pptpd should specify an alternate configuration file
+for the ppp daemon (the default is normally
+.I /etc/ppp/options
+but may vary depending on your ppp daemon).
+
+.TP
+\fB-p\fR|\fB--pidfile \fIpid-file
+specifies an alternate location to store the process ID file (default
+.IR /var/run/pptpd.pid ).
+
+.TP
+\fB-s\fR|\fB--speed \fIbaud
+specifies that the speed
+.I baud
+should be passed to the ppp daemon as the tty speed to use (in some
+cases this is ignored by the ppp daemon).
+
+.TP
+\fB-t\fR|\fB--stimeout \fIseconds
+specifies the number of seconds to wait for the first packet before
+dropping the connection. This is a denial of service protection
+feature.
+
+.TP
+.BR -w | --logwtmp
+update
+.BR wtmp (5)
+as users connect and disconnect.  See
+.BR wtmp (1).
+
+.TP
+\fB-C\fR|\fB--connections \fIn
+limits the number of client connections that may be accepted.  Corresponds to the
+.BR connections
+option in 
+.IR pptpd.conf .
+If pptpd is allocating IP addresses (e.g. 
+.BR --delegate
+is not used) then the number of connections is also limited by the
+.BR remoteip
+option in 
+.IR pptpd.conf .
+
+.TP
+.BR -D | --delegate
+delegates the allocation of client IP addresses to 
+.BR pppd (8).
+Without this option, which is the default, pptpd manages the list of
+IP addresses for clients and passes the next free address to pppd.
+With this option, pptpd does not pass an address, and so pppd may use
+radius or chap-secrets to allocate an address.
+
+.TP
+.BR -v | --version
+displays the current version of the pptp daemon.
+
+.SH FILES
+/etc/pptpd.conf
+.br
+/var/run/pptpd.pid
+
+.SH DEBUGGING
+To turn on debugging, add 'debug' to /etc/pptpd.conf and your
+PPP options file, and restart pptpd.
+.br
+.LP
+Typically the PPP options file is options.pptpd in /etc/ppp, though on
+some distributions it may be pptpd-options.  Use your package manager
+to find it, e.g. 'rpm -ql pptpd | grep options' or 'dpkg --listfiles
+pptpd | grep options'.
+.br
+.LP
+You may need to configure syslogd to catch debug messages.  e.g. edit
+/etc/syslog.conf and add something similar to the example below, then
+restart syslogd.
+.br
+.LP
+# debug logging
+.br
+*.debug;mail.none                                       /var/log/debug
+.br
+.LP
+This will log all debug information, except mail, to the file
+/var/log/debug.  Note that this is a lot of information and might
+flood your disks.  If performance is an issue, you can try turning off
+sync during your debugging, by prefixing the destination with '-'.
+.br
+.LP
+# debug logging
+.br
+*.debug;mail.none                                       -/var/log/debug
+.br
+.LP
+Disable this line and restart syslog after you are done debugging.
+See the syslog man pages for more details.
+.br
+.LP
+
+.SH AUTHORS
+Poptop is written by Matthew Ramsay <matthewr@moreton.com.au>, David Luyer
+<luyer@ucs.uwa.edu.au>, Kevin Thayer <tmk@netmagic.net>, Peter Galbavy
+<Peter.Galbavy@knowledge.com> and others. Development has been moved to 
+SourceForge and worked on by Richard de Vroede <r.devroede@linvision.com> 
+since June 26, 2002.
+.SH COPYRIGHT
+Copyright \(co 1999 Matthew Ramsay and others.
+.LP
+Poptop is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation; either version 2, or (at your option) any later
+version.
+.LP
+Poptop is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+for more details.
+.LP
+You should have received a copy of the GNU General Public License along
+with Poptop; see the file COPYING.  If not, write to the Free Software
+Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.SH AVAILABILITY
+The most recent version of Poptop is available for download from
+SourceForge at
+.IR http://sourceforge.net/projects/poptop .
+.SH "SEE ALSO"
+.BR pppd (8),
+.BR pptpd (8),
+.BR pptpd.conf (5).

pptpd.c

@@ -0,0 +1,799 @@
+/*
+ * pptpd.c
+ *
+ * Grabs any command line argument and processes any further options in
+ * the pptpd config file, before throwing over to pptpmanager.c.
+ *
+ * $Id: pptpd.c,v 1.18 2006/09/04 23:17:25 quozl Exp $
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef __linux__
+#define _GNU_SOURCE 1		/* strdup() prototype, broken arpa/inet.h */
+#endif
+
+#ifdef __svr4__
+#define __EXTENSIONS__ 1	/* strdup() prototype */
+#endif
+
+#ifdef __sgi__
+#define _XOPEN_SOURCE 500	/* strdup() prototype */
+#endif
+
+#include "our_syslog.h"
+#include "our_getopt.h"
+
+#include <fcntl.h>
+#include <netdb.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "configfile.h"
+#include "defaults.h"
+#include "compat.h"
+#include "pptpmanager.h"
+
+#ifdef CONFIG_NETtel
+#include <linux/ledman.h>
+#endif
+
+/* command line arg variables */
+char *ppp_binary = NULL;
+char *pppdoptstr = NULL;
+char *speedstr = NULL;
+char *bindaddr = NULL;
+#ifdef BCRELAY
+char *bcrelay = NULL;
+#endif
+int pptp_debug = 0;
+int pptp_noipparam = 0;
+int pptp_logwtmp = 0;
+int pptp_delegate = 0;
+
+int pptp_stimeout = STIMEOUT_DEFAULT;
+
+int pptp_connections = CONNECTIONS_DEFAULT;
+
+/* Local prototypes */
+static void processIPStr(int type, char *ipstr);
+
+#ifndef HAVE_DAEMON
+static void my_daemon(int argc, char **argv);
+#endif
+
+static void log_pid(char *pid_file);
+static char *lookup(char *);
+
+#ifdef BCRELAY
+static void launch_bcrelay();
+static pid_t bcrelayfork;
+#endif
+
+static void showusage(char *prog)
+{
+	printf("\npptpd v%s\n", VERSION);
+	printf("Usage: pptpd [options], where options are:\n\n");
+#ifdef BCRELAY
+	printf(" [-b] [--bcrelay if]       Use broadcast relay for broadcasts comming from.\n");
+	printf("                           the specified interface (default is eth1).\n");
+#endif
+	printf(" [-c] [--conf file]        Specifies the config file to read default\n");
+	printf("                           settings from (default is %s).\n", PPTPD_CONFIG_FILE_DEFAULT);
+	printf(" [-d] [--debug]            Turns on debugging (to syslog).\n");
+	printf(" [-e] [--ppp file]         Use alternate pppd binary, default %s.\n", PPP_BINARY);
+	printf(" [-f] [--fg]               Run in foreground.\n");
+	printf(" [-h] [--help]             Displays this help message.\n");
+	printf(" [-i] [--noipparam]        Suppress the passing of the client's IP address\n");
+	printf("                           to PPP, which is done by default otherwise.\n");
+	printf(" [-l] [--listen x.x.x.x]   Specifies IP of local interface to listen to.\n");
+#if !defined(BSDUSER_PPP)
+	printf(" [-o] [--option file]      Specifies the PPP options file to use\n");
+	printf("                           (default is /etc/ppp/options).\n");
+#endif
+	printf(" [-p] [--pidfile file]     Specifies the file to write the process ID to\n");
+	printf("                           (default is /var/run/pptpd.pid).\n");
+#if !defined(BSDUSER_PPP)
+	printf(" [-s] [--speed baud]       Specifies the baud speed for the PPP daemon\n");
+	printf("                           (default is 115200).\n");
+#endif
+	printf(" [-t] [--stimeout seconds] Specifies the timeout for the first packet. This is a DOS protection\n");
+	printf("                           (default is 10).\n");
+	printf(" [-v] [--version]          Displays the pptpd version number.\n");
+	printf(" [-w] [--logwtmp]          Update wtmp as users login.\n");
+	printf(" [-C] [--connections n]    Limit on number of connections.\n");
+	printf(" [-D] [--delegate]         Delegate IP allocation to pppd.\n");
+
+	printf("\n\nLogs and debugging go to syslog as DAEMON.");
+
+	printf("\n\nCommand line options will override any default settings and any settings\n");
+	printf("specified in the config file (default config file: %s).\n\n", PPTPD_CONFIG_FILE_DEFAULT);
+}
+
+
+static void showversion()
+{
+	printf("pptpd v%s\n", VERSION);
+}
+
+int main(int argc, char **argv)
+{
+	/* command line options */
+	int c;
+
+	/* function-local options */
+	int foreground = FALSE;
+	char *pid_file = NULL;
+
+	/* config file */
+	char *configFile = NULL;
+
+	/* config file parsing temp strings */
+	char tmp[MAX_CONFIG_STRING_SIZE], *tmpstr;
+
+	/* open a connection to the syslog daemon */
+	openlog("pptpd", LOG_PID, PPTP_FACILITY);
+
+	/* process command line options */
+	while (1) {
+		int option_index = 0;
+#ifdef BCRELAY
+		char *optstring = "b:c:de:fhil:o:p:s:t:vwC:D";
+#else
+		char *optstring = "c:de:fhil:o:p:s:t:vwC:D";
+#endif
+
+		static struct option long_options[] =
+		{
+#ifdef BCRELAY
+			{"bcrelay", 1, 0, 0},
+#endif
+			{"conf", 1, 0, 0},
+			{"debug", 0, 0, 0},
+			{"ppp", 1, 0, 0},
+			{"fg", 0, 0, 0},
+			{"help", 0, 0, 0},
+			{"noipparam", 0, 0, 0},
+			{"listen", 1, 0, 0},
+			{"option", 1, 0, 0},
+			{"pidfile", 1, 0, 0},
+			{"speed", 1, 0, 0},
+			{"stimeout", 1, 0, 0},
+			{"version", 0, 0, 0},
+			{"logwtmp", 0, 0, 0},
+			{"connections", 1, 0, 0},
+			{"delegate", 0, 0, 0},
+			{0, 0, 0, 0}
+		};
+
+		c = getopt_long(argc, argv, optstring, long_options, &option_index);
+		if (c == -1)
+			break;
+		/* convert long options to short form */
+		if (c == 0)
+#ifdef BCRELAY
+			c = "bcdefhilopstvwCD"[option_index];
+#else
+			c = "cdefhilopstvwCD"[option_index];
+#endif
+		switch (c) {
+#ifdef BCRELAY
+		case 'b': /* --bcrelay */
+			if (bcrelay) free(bcrelay);
+			bcrelay = strdup(optarg);
+			break;
+#endif
+
+		case 'l': /* --listen */
+			tmpstr = lookup(optarg);
+			if (!tmpstr) {
+				syslog(LOG_ERR, "MGR: Invalid listening address: %s!", optarg);
+				return 1;
+			}
+			if (bindaddr) free(bindaddr);
+			bindaddr = strdup(tmpstr);
+			break;
+
+		case 'h': /* --help */
+			showusage(argv[0]);
+			return 0;
+
+		case 'i': /* --noipparam */
+			pptp_noipparam = TRUE;
+			break;
+
+		case 'e': /* --ppp */
+			if (ppp_binary) free(ppp_binary);
+			ppp_binary = strdup(optarg);
+			break;
+
+		case 'd': /* --debug */
+			pptp_debug = TRUE;
+			break;
+
+		case 'f': /* --fg */
+			foreground = TRUE;
+			break;
+
+		case 'v': /* --version */
+			showversion();
+			return 0;
+
+		case 'w': /* --logwtmp */
+		        pptp_logwtmp = TRUE;
+			break;
+
+		case 'C': /* --connections */
+		        pptp_connections = atoi(optarg);
+			break;
+
+		case 'D': /* --delegate */
+		        pptp_delegate = TRUE;
+			break;
+
+		case 'o': /* --option */
+			if (pppdoptstr) free(pppdoptstr);
+			pppdoptstr = strdup(optarg);
+			break;
+
+		case 'p': /* --pidfile */
+			if (pid_file) free(pid_file);
+			pid_file = strdup(optarg);
+			break;
+
+		case 's': /* --speed */
+			if (speedstr) free(speedstr);
+			speedstr = strdup(optarg);
+			break;
+
+		case 't': /* --stimeout */
+			pptp_stimeout = atoi(optarg);
+			break;
+
+		case 'c': /* --conf */
+			{
+				FILE *f;
+				if (!(f = fopen(optarg, "r"))) {
+					syslog(LOG_ERR, "MGR: Config file not found!");
+					return 1;
+				}
+				fclose(f);
+				if(configFile) free(configFile);
+				configFile = strdup(optarg);
+				break;
+			}
+
+		default:
+			showusage(argv[0]);
+			return 1;
+		}
+	}
+
+	/* Now that we have all the command line args.. lets open the
+	 * conf file and add anything else (remembering not to override
+	 * anything since the command line has more privilages :-)
+	 */
+
+	if (!configFile)
+		configFile = strdup(PPTPD_CONFIG_FILE_DEFAULT);
+
+	if (read_config_file(configFile, CONNECTIONS_KEYWORD, tmp) > 0) {
+		pptp_connections = atoi(tmp);
+		if (pptp_connections <= 0)
+			pptp_connections = CONNECTIONS_DEFAULT;
+	}
+
+	slot_init(pptp_connections);
+
+	if (!pptp_debug && read_config_file(configFile, DEBUG_KEYWORD, tmp) > 0)
+		pptp_debug = TRUE;
+
+#ifdef BCRELAY
+	if (!bcrelay && read_config_file(configFile, BCRELAY_KEYWORD, tmp) > 0) 
+		bcrelay = strdup(tmp);
+#endif
+
+	if (!pptp_stimeout && read_config_file(configFile, STIMEOUT_KEYWORD, tmp) > 0) {
+		pptp_stimeout = atoi(tmp);
+		if (pptp_stimeout <= 0)
+			pptp_stimeout = STIMEOUT_DEFAULT;
+	}
+
+	if (!pptp_noipparam && read_config_file(configFile, NOIPPARAM_KEYWORD, tmp) > 0) {
+		pptp_noipparam = TRUE;
+	}
+
+	if (!bindaddr && read_config_file(configFile, LISTEN_KEYWORD, tmp) > 0) {
+		tmpstr = lookup(tmp);
+		if(!tmpstr) {
+			syslog(LOG_ERR, "MGR: Invalid listening address: %s!", tmp);
+			return 1;
+		}
+		bindaddr = strdup(tmpstr);
+	}
+
+	if (!speedstr && read_config_file(configFile, SPEED_KEYWORD, tmp) > 0)
+		speedstr = strdup(tmp);
+
+	if (!pppdoptstr && read_config_file(configFile, PPPD_OPTION_KEYWORD, tmp) > 0) {
+		pppdoptstr = strdup(tmp);
+	}
+
+	if (!ppp_binary && read_config_file(configFile, PPP_BINARY_KEYWORD, tmp) > 0) {
+		ppp_binary = strdup(tmp);
+	}
+
+	if (!pptp_logwtmp && read_config_file(configFile, LOGWTMP_KEYWORD, tmp) > 0) {
+		pptp_logwtmp = TRUE;
+	}
+
+	if (!pptp_delegate && read_config_file(configFile, DELEGATE_KEYWORD, tmp) > 0) {
+		pptp_delegate = TRUE;
+	}
+
+	if (!pid_file)
+		pid_file = strdup((read_config_file(configFile, PIDFILE_KEYWORD,
+					tmp) > 0) ? tmp : PIDFILE_DEFAULT);
+
+	if (!pptp_delegate) {
+		/* NOTE: remote then local, reason can be seen at the end of processIPStr */
+
+		/* grab the remoteip string from the config file */
+		if (read_config_file(configFile, REMOTEIP_KEYWORD, tmp) <= 0) {
+			/* use "smart" defaults */
+			strlcpy(tmp, DEFAULT_REMOTE_IP_LIST, sizeof(tmp));
+		}
+		processIPStr(REMOTE, tmp);
+	
+		/* grab the localip string from the config file */
+		if (read_config_file(configFile, LOCALIP_KEYWORD, tmp) <= 0) {
+			/* use "smart" defaults */
+			strlcpy(tmp, DEFAULT_LOCAL_IP_LIST, sizeof(tmp));
+		}
+		processIPStr(LOCAL, tmp);
+	}
+
+	free(configFile);
+
+	/* if not yet set, adopt default PPP binary path */
+	if (!ppp_binary) ppp_binary = strdup(PPP_BINARY);
+	/* check that the PPP binary is executable */
+	if (access(ppp_binary, X_OK) < 0) {
+		syslog(LOG_ERR, "MGR: PPP binary %s not executable",
+		       ppp_binary);
+		return 1;
+	}
+	/* check that the PPP options file is readable */
+	if (pppdoptstr && access(pppdoptstr, R_OK) < 0) {
+		syslog(LOG_ERR, "MGR: PPP options file %s not readable",
+		       pppdoptstr);
+		return 1;
+	}
+#ifdef BCRELAY
+	/* check that the bcrelay binary is executable */
+	if (bcrelay && access(BCRELAY_BIN, X_OK) < 0) {
+		syslog(LOG_ERR, "MGR: bcrelay binary %s not executable", 
+		       BCRELAY_BIN);
+		return 1;
+	}
+#endif
+
+	if (!foreground) {
+#if HAVE_DAEMON
+		closelog();
+		freopen("/dev/null", "r", stdin);
+		daemon(0, 0);
+		/* returns to child only */
+		/* pid will have changed */
+		openlog("pptpd", LOG_PID, PPTP_FACILITY);
+#else	/* !HAVE_DAEMON */
+		my_daemon(argc, argv);
+		/* returns to child if !HAVE_FORK
+		 * never returns if HAVE_FORK (re-execs with -f)
+		 */
+#endif
+	}
+
+#ifdef BCRELAY
+      if (bcrelay) {
+             syslog(LOG_DEBUG, "CTRL: BCrelay incoming interface is %s", bcrelay);
+             /* Launch BCrelay  */
+#ifndef HAVE_FORK
+             switch(bcrelayfork = vfork()){
+#else
+             switch(bcrelayfork = fork()){
+#endif
+             case -1:        /* fork() error */
+                   syslog(LOG_ERR, "CTRL: Error forking to exec bcrelay");
+                   _exit(1);
+
+             case 0:         /* child */
+                   syslog(LOG_DEBUG, "CTRL (BCrelay Launcher): Launching BCrelay with pid %i", bcrelayfork);
+                   launch_bcrelay();
+                   syslog(LOG_ERR, "CTRL (BCrelay Launcher): Failed to launch BCrelay.");
+                   _exit(1);
+             }
+       } /* End bcrelay */
+#endif
+
+#ifdef CONFIG_NETtel
+	/* turn the NETtel VPN LED on */
+	ledman_cmd(LEDMAN_CMD_ON, LEDMAN_VPN);
+#endif
+	/* after we have our final pid... */
+	log_pid(pid_file);
+
+	/* manage connections until SIGTERM */
+	pptp_manager(argc, argv);
+	
+#ifdef BCRELAY
+	if (bcrelayfork > 0) {
+		syslog(LOG_DEBUG, "CTRL: Closing child BCrelay with pid %i", bcrelayfork);
+		kill(bcrelayfork, SIGTERM);
+	}
+#endif
+
+	slot_free();
+	return 0;
+}
+
+static void log_pid(char *pid_file) {
+        FILE    *f;
+        pid_t   pid;
+
+        pid = getpid();
+        if ((f = fopen(pid_file, "w")) == NULL) {
+                syslog(LOG_ERR, "PPTPD: failed to open(%s), errno=%d\n",
+                        pid_file, errno);
+                return;
+        }
+        fprintf(f, "%d\n", pid);
+        fclose(f);
+}
+
+#ifndef HAVE_DAEMON
+static void my_daemon(int argc, char **argv)
+{
+#ifndef HAVE_FORK
+	/* need to use vfork - eg, uClinux */
+	char **new_argv;
+	int pid;
+	extern char **environ;
+	int fdr;
+
+	new_argv = malloc((argc + 2) * sizeof(char **));
+	fdr = open("/dev/null", O_RDONLY);
+	syslog(LOG_INFO, "MGR: Option parse OK, re-execing as daemon");
+	fflush(stderr);
+	if ((pid = vfork()) == 0) {
+		if (fdr != 0) { dup2(fdr, 0); close(fdr); }
+		SETSIDPGRP();
+		chdir("/");
+		umask(0);
+		memcpy(new_argv + 1, argv, (argc + 1) * sizeof(char **));
+		new_argv[0] = PPTPD_BIN;
+		new_argv[1] = "-f";
+		execve(PPTPD_BIN, new_argv, environ);
+		_exit(1);
+	} else if (pid > 0) {
+		exit(0);
+	} else {
+		syslog_perror("vfork");
+		exit(1);
+	}
+#else
+	int pid;
+
+	closelog();
+	if ((pid = fork()) < 0) {
+		syslog_perror("fork");
+		exit(1);
+	} else if (pid)
+		exit(0);
+	freopen("/dev/null", "r", stdin);
+	SETSIDPGRP();
+	chdir("/");
+	umask(0);
+	/* pid will have changed */
+	openlog("pptpd", LOG_PID, PPTP_FACILITY);
+#endif
+}
+#endif
+
+/* added for hostname/address lookup    -tmk
+ * returns NULL if not a valid hostname
+ */
+static char *lookup(char *hostname)
+{
+	struct hostent *ent;
+	struct in_addr hst_addr;
+
+	/* Try to parse IP directly */
+	if (inet_addr(hostname) != -1)
+		return hostname;
+
+	/* Else lookup hostname, return NULL if it fails */
+	if ((ent = gethostbyname(hostname)) == NULL)
+		return NULL;
+
+	/* That worked, print it back as a dotted quad. */
+	memcpy(&hst_addr.s_addr, ent->h_addr, ent->h_length);
+	return inet_ntoa(hst_addr);
+}
+
+#define DEBUG_IP_PARSER 0
+
+/* Return the address or NULL if not valid */
+static char *validip(char *hostname)
+{
+	/* Try to parse IP directly */
+	if (inet_addr(hostname) != -1)
+		return hostname;
+	else
+		return NULL;
+}
+
+/* Check if it's a valid IP range */
+static int isIpRange(char *str)
+{
+	int dashes = 0;
+	int dots = 0;
+
+#if DEBUG_IP_PARSER
+	syslog(LOG_DEBUG, "MGR: Checking if %s is a valid IP range", str);
+#endif
+	do {
+		if (*str == '-')
+			dashes++;
+		else if (*str == '.')
+			dots++;
+		else if (!strchr("0123456789", *str)) {
+#if DEBUG_IP_PARSER
+			syslog(LOG_DEBUG, "MGR: Not an IP range: character %c is not valid", *str);
+#endif
+			return 0;
+		}
+	} while (*++str);
+#if DEBUG_IP_PARSER
+	syslog(LOG_DEBUG, "MGR: Dashes = %d (wanted: 1), Dots = %d (wanted: 4)", dashes, dots);
+#endif
+	return (dashes == 1 && dots == 3);
+}
+
+/* process a type 0 (LOCAL) or type 1 (REMOTE) IP string */
+static void processIPStr(int type, char *ipstr)
+{
+	int pos;
+
+	char *tmpstr;
+	/* char tmpstr2[20]; xxx.xxx.xxx.xxx-xxx (largest we can get) */
+	char tmpstr2[128];	/* allow hostnames */
+	char *tmpstr3;
+	char tmpstr5[16];
+	char *tmpstr6;
+	char *tmpstr7;
+	int num;
+
+	char ipa[8];		/* xxx-xxx (largest we can get) */
+	char ipb[8];
+	char ipc[8];
+	char ipd[8];
+
+	char ip_pre[13];	/* xxx.xxx.xxx. (largest we can get) */
+	char ip_post[13];
+
+	char ipl[4];
+	char ipu[4];
+
+	int bail = FALSE;	/* so we know when to stop formatting the ip line */
+
+	int lower, upper, n;
+
+	num = 0;
+
+	while (!bail) {
+		if ((tmpstr = strchr(ipstr, ',')) == NULL) {
+			/* last (or only) entry reached */
+			strlcpy(tmpstr2, ipstr, sizeof(tmpstr2));
+			bail = TRUE;
+		} else {
+			pos = tmpstr - ipstr;
+			ipstr[pos] = '\0';
+			strlcpy(tmpstr2, ipstr, sizeof(tmpstr2));
+			ipstr = tmpstr + 1;
+		}
+
+#if DEBUG_IP_PARSER
+		syslog(LOG_DEBUG, "MGR: Parsing segment: %s", tmpstr2);
+#endif
+
+		if (!isIpRange(tmpstr2)) {
+			/* We got a normal IP
+			 * Check if the IP address is valid, use it if so
+			 */
+			if ((tmpstr7 = lookup(tmpstr2)) == NULL) {
+				syslog(LOG_ERR, "MGR: Bad IP address (%s) in config file!", tmpstr2);
+				exit(1);
+			}
+			if (num == pptp_connections) {
+				syslog(LOG_WARNING, "MGR: connections limit (%d) reached, extra IP addresses ignored", pptp_connections);
+				return;
+			}
+#if DEBUG_IP_PARSER
+			syslog(LOG_DEBUG, "MGR: Setting IP %d = %s", num, tmpstr7);
+#endif
+			if (type == LOCAL)
+				slot_set_local(num, tmpstr7);
+			else
+				slot_set_remote(num, tmpstr7);
+			num++;
+		} else {
+			/* Got a range;
+			 * eg. 192.168.0.234-238
+			 * or (thanx Kev! :-).. i thought i was finished :-)
+			 * 192.168-178.1.231
+			 */
+
+			/* lose the "."'s */
+			while ((tmpstr3 = strchr(tmpstr2, '.')) != NULL) {
+				pos = tmpstr3 - tmpstr2;
+				tmpstr2[pos] = ' ';
+			}
+
+			if ((tmpstr3 = strchr(tmpstr2, '-')) == NULL ||
+			    strchr(tmpstr3 + 1, '-') != NULL) {
+				syslog(LOG_ERR, "MGR: Confused in IP parse routines (multiple hyphens)");
+				continue;
+			}
+			/* should be left with "192 168 0 234-238"
+			 * or 192 168-178 1 231
+			 */
+
+			sscanf(tmpstr2, "%7s %7s %7s %7s", ipa, ipb, ipc, ipd);
+
+			if ((tmpstr6 = strchr(ipd, '-')) != NULL) {
+				pos = tmpstr6 - ipd;
+				ipd[pos] = ' ';
+				sscanf(ipd, "%3s %3s", ipl, ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: (lower upper) = (%s %s)", ipl, ipu);
+#endif
+				lower = atoi(ipl);
+				upper = atoi(ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Range = %d to %d on 4th segment", lower, upper);
+#endif
+				sprintf(ip_pre, "%.3s.%.3s.%.3s.", ipa, ipb, ipc);
+				ip_post[0] = '\0';
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Pre = %s Post = %s", ip_pre, ip_post);
+#endif
+			} else if ((tmpstr6 = strchr(ipc, '-')) != NULL) {
+				pos = tmpstr6 - ipc;
+				ipc[pos] = ' ';
+				sscanf(ipc, "%3s %3s", ipl, ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: (lower upper) = (%s %s)", ipl, ipu);
+#endif
+				lower = atoi(ipl);
+				upper = atoi(ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Range = %d to %d on 3rd segment", lower, upper);
+#endif
+				sprintf(ip_pre, "%.3s.%.3s.", ipa, ipb);
+				sprintf(ip_post, ".%.3s", ipd);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Pre = %s Post = %s", ip_pre, ip_post);
+#endif
+			} else if ((tmpstr6 = strchr(ipb, '-')) != NULL) {
+				pos = tmpstr6 - ipb;
+				ipb[pos] = ' ';
+				sscanf(ipb, "%3s %3s", ipl, ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: (lower upper) = (%s %s)", ipl, ipu);
+#endif
+				lower = atoi(ipl);
+				upper = atoi(ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Range = %d to %d on 2nd segment", lower, upper);
+#endif
+				sprintf(ip_pre, "%.3s.", ipa);
+				sprintf(ip_post, ".%.3s.%.3s", ipc, ipd);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Pre = %s Post = %s", ip_pre, ip_post);
+#endif
+			} else if ((tmpstr6 = strchr(ipa, '-')) != NULL) {
+				pos = tmpstr6 - ipa;
+				ipa[pos] = ' ';
+				sscanf(ipa, "%3s %3s", ipl, ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: (lower upper) = (%s %s)", ipl, ipu);
+#endif
+				lower = atoi(ipl);
+				upper = atoi(ipu);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Range = %d to %d on 1st segment", lower, upper);
+#endif
+				ip_pre[0] = '\0';
+				sprintf(ip_post, ".%.3s.%.3s.%.3s", ipb, ipc, ipd);
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Pre = %s Post = %s", ip_pre, ip_post);
+#endif
+			} else {
+				syslog(LOG_ERR, "MGR: Confused in IP parse routines (lost hyphen)");
+				continue;
+			}
+
+			for (n = lower; n <= upper; n++) {
+				sprintf(tmpstr5, "%s%d%s", ip_pre, n, ip_post);
+				/* Check if the ip address is valid */
+				if ((tmpstr7 = validip(tmpstr5)) == NULL) {
+					syslog(LOG_ERR, "MGR: Bad IP address (%s) in config file!", tmpstr5);
+					exit(1);
+				}
+				if (num == pptp_connections) {
+					syslog(LOG_WARNING, "MGR: connections limit (%d) reached, extra IP addresses ignored", pptp_connections);
+					return;
+				}
+#if DEBUG_IP_PARSER
+				syslog(LOG_DEBUG, "MGR: Setting IP %d = %s", num, tmpstr7);
+#endif
+				if (type == LOCAL)
+					slot_set_local(num, tmpstr7);
+				else
+					slot_set_remote(num, tmpstr7);
+				num++;
+			}
+		}
+	}
+	if (num == 1 && type == LOCAL && pptp_connections > 1) {
+#if DEBUG_IP_PARSER
+		syslog(LOG_DEBUG, "MGR: Setting all %d local IPs to %s", pptp_connections, slot_get_local(0));
+#endif
+		for (n = 1; n < pptp_connections; n++)
+			slot_set_local(n, slot_get_local(0));
+	} else if (pptp_connections > num) {
+		syslog(LOG_INFO, "MGR: Maximum of %d connections reduced to %d, not enough IP addresses given", 
+		       pptp_connections, num);
+		pptp_connections = num;
+	}
+}
+
+#ifdef BCRELAY
+/* launch_bcrelay
+ * Launches broadcast relay. Broadcast relay is responsible for relaying broadcasts to the clients
+ * retn: 0 on success, -1 on failure.
+ */
+static void launch_bcrelay() {
+  char *bcrelay_argv[8];
+  int an = 0;
+
+      if (bcrelay) {
+           syslog(LOG_DEBUG, "MGR: BCrelay incoming interface is %s", bcrelay);
+           syslog(LOG_DEBUG, "MGR: BCrelay outgoing interface is regexp ppp[0-9].*");
+
+	   bcrelay_argv[an++] = BCRELAY_BIN;
+	   bcrelay_argv[an++] = "-i";
+	   bcrelay_argv[an++] = bcrelay;
+	   bcrelay_argv[an++] = "-o";
+	   bcrelay_argv[an++] = "ppp[0-9].*";
+           if (!pptp_debug) {
+	         bcrelay_argv[an++] = "-n";
+           }
+	   bcrelay_argv[an++] = NULL;
+
+           execvp(bcrelay_argv[0], bcrelay_argv);
+      }
+}
+#endif

pptpd.conf.5

@@ -0,0 +1,238 @@
+.TH PPTPD.CONF 5 "29 December 2005"
+.SH NAME
+.B pptpd.conf
+- PPTP VPN daemon configuration
+.SH DESCRIPTION
+.BR pptpd (8)
+reads options from this file, usually
+.IR /etc/pptpd.conf .
+Most options can be overridden by the command line.  The local and
+remote IP addresses for clients must come from the configuration file
+or from
+.BR pppd (8)
+configuration files.
+.SH OPTIONS
+.TP
+.BI "option " option-file
+the name of an option file to be passed to
+.BR pppd (8)
+in place of the default
+.IR /etc/ppp/options 
+so that PPTP specific options can be given.
+Equivalent to the command line
+.B --option
+option.
+
+.TP
+.BI "stimeout " seconds
+number of seconds to wait for a PPTP packet before forking the
+.BR pptpctrl (8)
+program to handle the client.  The default is 10 seconds.  This is a
+denial of service protection feature.
+Equivalent to the command line 
+.B --stimeout
+option.
+.TP
+.B debug
+turns on debugging mode, sending debugging information to 
+.BR syslog (3).
+Has no effect on
+.BR pppd (8)
+debugging.  Equivalent to the command line 
+.B --debug
+option.
+.TP
+.BI "bcrelay " internal-interface
+turns on broadcast relay mode, sending all broadcasts received on the server's
+internal interface to the clients.
+Equivalent to the command line 
+.B --bcrelay
+option.
+
+.TP
+.BI "connections " n
+limits the number of client connections that may be accepted.
+If pptpd is allocating IP addresses (e.g. 
+.BR delegate
+is not used) then the number of connections is also limited by the
+.BR remoteip
+option.  The default is 100.
+
+.TP
+.BI "delegate"
+delegates the allocation of client IP addresses to 
+.BR pppd (8).
+Without this option, which is the default, pptpd manages the list of
+IP addresses for clients and passes the next free address to pppd.
+With this option, pptpd does not pass an address, and so pppd may use
+radius or chap-secrets to allocate an address.
+
+.TP
+.BI "localip " ip-specification
+one or many IP addresses to be used at the local end of the
+tunnelled PPP links between the server and the client.  If one address only
+is given, this address is used for all clients.  Otherwise, one address
+per client must be given, and if there are no free addresses then any new
+clients will be refused.
+.B localip
+will be ignored if the
+.B delegate
+option is used.
+.TP
+.BI "remoteip " ip-specification
+a list of IP addresses to assign to remote PPTP clients. Each
+connected client must have a different address, so there must be
+at least as many addresses as you have simultaneous clients,
+and preferably some spare, since you cannot change this list
+without restarting pptpd. A warning will be sent to
+.BR syslog (3)
+when the IP address pool is exhausted.
+.B remoteip
+will be ignored if the
+.B delegate
+option is used.
+.TP
+.B noipparam
+by default, the original client IP address is given to
+ip-up scripts using the 
+.BR pppd (8) 
+option
+.B ipparam.
+The
+.B noipparam
+option prevents this.
+Equivalent to the command line
+.B --noipparam
+option.
+.TP
+.BI "listen " ip-address
+the local interface IP address to listen on for incoming PPTP
+connections (TCP port 1723). Equivalent to the command line
+.B --listen
+option.
+.TP
+.BI "pidfile " pid-file
+specifies an alternate location to store the process ID file
+(default /var/run/pptpd.pid).  Equivalent to the command line
+.B --pidfile
+option.
+.TP
+.BI "speed " speed
+specifies a speed (in bits per second) to pass to the PPP daemon as
+the interface speed for the tty/pty pair.  This is ignored by some PPP
+daemons, such as Linux's
+.BR pppd (8).
+The default is 115200 bytes per second, which some implementations
+interpret as meaning "no limit".  Equivalent to the command line
+.B --speed
+option.
+.SH NOTES
+An
+.I ip-specification
+above (for the
+.B localip
+and
+.B remoteip
+tags) may be a list of IP addresses (for example 192.168.0.2,192.168.0.3),
+a range (for example 192.168.0.1-254 or 192.168.0-255.2) or some combination
+(for example 192.168.0.2,192.168.0.5-8).  For some valid pairs might be
+(depending on use of the VPN):
+.P
+.BI "localip " 192.168.0.1
+.br
+.BI "remoteip " 192.168.0.2-254
+.P
+or
+.P
+.BI "localip " 192.168.1.2-254
+.br
+.BI "remoteip " 192.168.0.2-254
+
+.SH ROUTING CHECKLIST - PROXYARP
+Allocate a section of your LAN addresses for use by clients.
+.P
+In 
+.IR /etc/ppp/options.pptpd.
+set the
+.B proxyarp
+option.
+In
+.IR pptpd.conf
+do not set 
+.B localip
+option, but set
+.B remoteip
+to the allocated address range.
+Enable kernel forwarding of packets, (e.g. using
+.IR /proc/sys/net/ipv4/ip_forward
+).
+.P
+The server will advertise the clients to the LAN using ARP, providing
+it's own ethernet address.
+.BR bcrelay (8)
+should not be required.
+
+.SH ROUTING CHECKLIST - FORWARDING
+Allocate a subnet for the clients that is routable from your LAN, but
+is not part of your LAN.
+.P
+In
+.IR pptpd.conf
+set
+.B localip
+to a single address or range in the allocated subnet, set
+.B remoteip
+to a range in the allocated subnet.
+Enable kernel forwarding of packets, (e.g. using
+.IR /proc/sys/net/ipv4/ip_forward
+).
+The LAN must have a route to the clients using the server as gateway.
+.P
+The server will forward the packets unchanged between the clients and the LAN.
+.BR bcrelay (8)
+will be required to support broadcast protocols such as NETBIOS.
+
+.SH ROUTING CHECKLIST - MASQUERADE
+Allocate a subnet for the clients that is not routable from your LAN,
+and not otherwise routable from the server (e.g. 10.0.0.0/24).
+.P
+Set
+.B localip
+to a single address in the subnet (e.g. 10.0.0.1), set
+.B remoteip
+to a range for the rest of the subnet, (e.g. 10.0.0.2-200).
+Enable kernel forwarding of packets, (e.g. using
+.IR /proc/sys/net/ipv4/ip_forward
+).
+Enable masquerading on eth0 (e.g. 
+.I
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+).
+.P
+The server will translate the packets between the clients and the LAN.
+The clients will appear to the LAN as having the address
+corresponding to the server.  The LAN need not have an explicit route
+to the clients.
+.BR bcrelay (8)
+will be required to support broadcast protocols such as NETBIOS.
+
+.SH FIREWALL RULES
+.BR pptpd (8)
+accepts control connections on TCP port 1723, and then uses GRE
+(protocol 47) to exchange data packets.  Add these rules to your
+.BR iptables (8)
+configuration, or use them as the basis for your own rules:
+.P
+iptables --append INPUT --protocol 47 --jump ACCEPT 
+.br
+.nf
+iptables --append INPUT --protocol tcp --match tcp \\
+.br
+         --destination-port 1723 --jump ACCEPT 
+.fi
+.P
+
+.SH "SEE ALSO"
+.BR pppd (8),
+.BR pptpd (8),
+.BR pptpd.conf (5).

pptpd.init

@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Startup script for pptpd
+#
+# chkconfig: - 85 15
+# description: PPTP server
+# processname: pptpd
+# config: /etc/pptpd.conf
+
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+# See how we were called.
+case "$1" in
+  start)
+        echo -n "Starting pptpd: "
+        if [ -f /var/lock/subsys/pptpd ] ; then
+                echo
+                exit 1
+        fi
+        daemon /usr/sbin/pptpd
+        echo
+        touch /var/lock/subsys/pptpd
+        ;;
+  stop)
+        echo -n "Shutting down pptpd: "
+        killproc pptpd
+        echo
+        rm -f /var/lock/subsys/pptpd
+        ;;
+  status)
+        status pptpd
+        ;;
+  condrestart)
+	if [ -f /var/lock/subsys/pptpd ]; then
+		$0 stop
+		$0 start
+	fi
+	;;
+  reload|restart)
+        $0 stop
+        $0 start
+        echo "Warning: a pptpd restart does not terminate existing "
+        echo "connections, so new connections may be assigned the same IP "
+        echo "address and cause unexpected results.  Use restart-kill to "
+        echo "destroy existing connections during a restart."
+        ;;
+  restart-kill)
+        $0 stop
+        ps -ef | grep pptpd | grep -v grep | grep -v rc.d | awk '{print $2}' | uniq | xargs kill 1> /dev/null 2>&1
+        $0 start
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|restart|restart-kill|status}"
+        exit 1
+esac
+
+exit 0

pptpd.spec

@@ -0,0 +1,163 @@
+%{!?__id_u: %define __id_u %([ -x /bin/id ]&&echo /bin/id||([ -x /usr/bin/id ]&&echo /usr/bin/id|| echo /bin/true)) -u}
+
+# Available rpmbuild options:
+#
+# --without libwrap
+# --with    bsdppp
+# --with    slirp
+# --with    ipalloc
+# --without bcrelay
+#
+
+Summary:        PoPToP Point to Point Tunneling Server
+Name:           pptpd
+Version:        1.3.4
+Release:        1%{?dist}
+License:        GPL
+Group:          Applications/Internet
+URL:            http://poptop.sourceforge.net/
+Source0:        http://dl.sf.net/poptop/pptpd-%{version}.tar.gz
+Buildroot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires:       ppp >= 2.4.3
+
+%if %{?_without_libwrap:0}%{!?_without_libwrap:1}
+BuildRequires: tcp_wrappers
+%endif
+
+Requires(post):   /sbin/chkconfig
+Requires(preun):  /sbin/chkconfig, /sbin/service
+Requires(postun): /sbin/service
+
+%description
+This implements a Virtual Private Networking Server (VPN) that is
+compatible with Microsoft VPN clients. It allows windows users to
+connect to an internal firewalled network using their dialup.
+
+%prep
+%setup -q
+
+# Fix permissions for debuginfo package
+%{__chmod} 644 *.[ch]
+
+# Fix for distros with %{_libdir} = /usr/lib64
+%{__perl} -pi -e 's,/usr/lib/pptpd,%{_libdir}/pptpd,;' pptpctrl.c
+
+%build
+%configure \
+	%{!?_without_libwrap:--with-libwrap} \
+	%{?_without_libwrap:--without-libwrap} \
+	%{!?_with_bsdppp:--without-bsdppp} \
+	%{?_with_bsdppp:--with-bsdppp} \
+	%{!?_with_slirp:--without-slirp} \
+	%{?_with_slirp:--with-slirp} \
+	%{!?_with_ipalloc:--without-pppd-ip-alloc} \
+	%{?_with_ipalloc:--with-pppd-ip-alloc} \
+	%{!?_without_bcrelay:--with-bcrelay} \
+	%{?_without_bcrelay:--without-bcrelay}
+(echo '#undef VERSION'; echo '#define VERSION "2.4.3"') >> plugins/patchlevel.h
+%{__make} CFLAGS='-fno-builtin -fPIC -DSBINDIR=\"%{_sbindir}\" %{optflags}'
+
+%install
+%{__rm} -rf %{buildroot}
+%{__mkdir_p} %{buildroot}/etc/rc.d/init.d
+%{__mkdir_p} %{buildroot}/etc/ppp
+%{__mkdir_p} %{buildroot}%{_bindir}
+%{__mkdir_p} %{buildroot}%{_mandir}/man{5,8}
+%{__make} \
+	DESTDIR=%{buildroot} \
+	INSTALL=%{__install} \
+	LIBDIR=%{buildroot}%{_libdir}/pptpd \
+	install
+%{__install} -m 0755 pptpd.init %{buildroot}/etc/rc.d/init.d/pptpd
+%{__install} -m 0644 samples/pptpd.conf %{buildroot}/etc/pptpd.conf
+%{__install} -m 0644 samples/options.pptpd %{buildroot}/etc/ppp/options.pptpd
+%{__install} -m 0755 tools/vpnuser %{buildroot}%{_bindir}/vpnuser
+%{__install} -m 0755 tools/vpnstats.pl %{buildroot}%{_bindir}/vpnstats.pl
+%{__install} -m 0755 tools/pptp-portslave %{buildroot}%{_sbindir}/pptp-portslave
+%{__install} -m 0644 pptpd.conf.5 %{buildroot}%{_mandir}/man5/pptpd.conf.5
+%{__install} -m 0644 pptpd.8 %{buildroot}%{_mandir}/man8/pptpd.8
+%{__install} -m 0644 pptpctrl.8 %{buildroot}%{_mandir}/man8/pptpctrl.8
+
+%post
+/sbin/chkconfig --add pptpd || :
+OUTD="" ; for i in d manager ctrl ; do
+    test -x /sbin/pptp$i && OUTD="$OUTD /sbin/pptp$i" ;
+done
+test -z "$OUTD" || \
+{ echo "possible outdated executable detected; we now use %{_sbindir}/pptp*, perhaps you should run the following command:"; echo "rm -i $OUTD" ;}
+
+%postun
+[ $1 -gt 0 ] && /sbin/service pptpd condrestart &> /dev/null || :
+
+%preun
+if [ "$1" -lt 1 ]; then
+    /sbin/service pptpd stop &> /dev/null || :
+    /sbin/chkconfig --del pptpd || :
+fi
+
+%clean
+%{__rm} -rf %{buildroot}
+
+%files
+%defattr(-,root,root,0755)
+%doc AUTHORS COPYING INSTALL README* TODO ChangeLog* samples
+%{_sbindir}/pptpd
+%{_sbindir}/pptpctrl
+%{_sbindir}/pptp-portslave
+%{!?_without_bcrelay:%{_sbindir}/bcrelay}
+%{_libdir}/pptpd/pptpd-logwtmp.so
+%{_bindir}/vpnuser
+%{_bindir}/vpnstats.pl
+%{_mandir}/man5/pptpd.conf.5*
+%{_mandir}/man8/pptpd.8*
+%{_mandir}/man8/pptpctrl.8*
+/etc/rc.d/init.d/pptpd
+%config(noreplace) /etc/pptpd.conf
+%config(noreplace) /etc/ppp/options.pptpd
+
+%changelog
+* Tue Sep  5 2006 Paul Howarth <paul@city-fan.org> - 1.3.3-1
+- Update to 1.3.3
+- Add dist tag
+- Add %%postun scriptlet dependency for /sbin/service
+
+* Fri Mar 31 2006 Paul Howarth <paul@city-fan.org> - 1.3.1-1
+- Update to 1.3.1
+
+* Fri Mar 31 2006 Paul Howarth <paul@city-fan.org> - 1.3.0-1
+- update to 1.3.0
+- remove redundant macro definitions
+- change Group: to one listed in rpm's GROUPS file
+- use full URL for source
+- simplify conditional build code
+- use macros for destination directories
+- honour %%{optflags}
+- general spec file cleanup
+- initscript updates:
+    don't enable the service by default
+    add reload and condrestart options
+- condrestart service on package upgrade
+- fix build on x86_64
+- add buildreq tcp_wrappers
+
+* Fri Feb 18 2005 James Cameron <james.cameron@hp.com>
+- fix to use ppp 2.4.3 for plugin
+
+* Thu Nov 11 2004 James Cameron <james.cameron@hp.com>
+- adjust for building on Red Hat Enterprise Linux, per Charlie Brady
+- remove vpnstats, superceded by vpnstats.pl
+
+* Fri May 21 2004 James Cameron <james.cameron@hp.com>
+- adjust for packaging naming and test
+
+* Fri Apr 23 2004 James Cameron <james.cameron@hp.com>
+- include vpnwho.pl
+
+* Thu Apr 22 2004 James Cameron <james.cameron@hp.com>
+- change description wording
+- change URL for upstream
+- release first candidate for 1.2.0
+
+* Fri Jul 18 2003 R. de Vroede <richard@oip.tudelft.nl>
+- Check the ChangeLog files.
+

pptpdefs.h

@@ -0,0 +1,324 @@
+/*
+ * pptpdefs.h
+ *
+ * PPTP structs and defines
+ *
+ * $Id: pptpdefs.h,v 1.4 2006/12/08 00:01:40 quozl Exp $
+ */
+
+#ifndef _PPTPD_PPTPDEFS_H
+#define _PPTPD_PPTPDEFS_H
+
+/* define "portable" htons, etc, copied to make Ananian's gre stuff work. */
+#define hton8(x)  (x)
+#define ntoh8(x)  (x)
+#define hton16(x) htons(x)
+#define ntoh16(x) ntohs(x)
+#define hton32(x) htonl(x)
+#define ntoh32(x) ntohl(x)
+
+#include <sys/types.h>
+
+/* PPTP ctrl message port */
+#define PPTP_PORT			1723
+
+/* PPTP gre prototype */
+#define PPTP_PROTO			47
+
+/* PPTP version */
+#define PPTP_VERSION			0x0100
+#define	PPTP_FIRMWARE_VERSION		0x0001
+
+/* Hostname and Vendor */
+#define PPTP_HOSTNAME			"local"
+#define PPTP_VENDOR			"linux"
+
+#define MAX_HOSTNAME_SIZE		64
+#define MAX_VENDOR_SIZE			64
+
+/* Magic Cookie */
+#define PPTP_MAGIC_COOKIE		0x1a2b3c4d
+
+/* Message types */
+#define PPTP_CTRL_MESSAGE		1
+
+/* Maximum size of any PPTP control packet we will get */
+#define PPTP_MAX_CTRL_PCKT_SIZE		220
+
+/* Control Connection Management */
+#define START_CTRL_CONN_RQST		1
+#define START_CTRL_CONN_RPLY		2
+#define STOP_CTRL_CONN_RQST		3
+#define STOP_CTRL_CONN_RPLY		4
+#define ECHO_RQST			5
+#define ECHO_RPLY			6
+
+/* Call Management */
+#define OUT_CALL_RQST			7
+#define OUT_CALL_RPLY			8
+#define IN_CALL_RQST			9
+#define IN_CALL_RPLY			10
+#define IN_CALL_CONN			11
+#define CALL_CLR_RQST			12
+#define CALL_DISCONN_NTFY		13
+
+/* Error Reporting */
+#define WAN_ERR_NTFY			14
+
+/* PPP Session Control */
+#define SET_LINK_INFO			15
+
+/* how long before a link is idle? (seconds) */
+#define IDLE_WAIT			60
+
+/* how long should we wait for an echo reply? (seconds) */
+#define MAX_ECHO_WAIT			60
+
+#define RESERVED			0x0000
+
+/* Start Control Connection Reply */
+#define ASYNCHRONOUS_FRAMING		0x00000001
+#define SYNCHRONOUS_FRAMING		0x00000002
+#define ANALOG_ACCESS			0x00000001
+#define DIGITAL_ACCESS			0x00000002
+
+/* Our properties - we don't actually have any physical serial i/f's and only want
+ * one call per client!
+ */
+#define OUR_FRAMING			0x00000000
+#define OUR_BEARER			0x00000000
+#define MAX_CHANNELS			0x0001
+
+/* Out Call Reply Defines */
+#define PCKT_RECV_WINDOW_SIZE		0x0001
+#define PCKT_PROCESS_DELAY		0x0000
+#define CHANNEL_ID			0x00000000
+
+/* ERROR CODES */
+#define NO_ERROR			0x00
+
+/* CALL_CLEAR RESULT CODES */
+#define LOST_CARRIER			0x01
+#define ADMIN_SHUTDOWN			0x03
+#define CALL_CLEAR_REQUEST		0x04
+
+/* RESULT CODES */
+#define CONNECTED			0x01
+#define DISCONNECTED			0x01
+#define GENERAL_ERROR			0x02	/* also for ERROR CODES, CALL CLEAR */
+#define NO_CARRIER			0x03
+#define BUSY				0x04
+#define NO_DIAL_TONE			0x05
+#define TIME_OUT			0x06
+#define DO_NOT_ACCEPT			0x07
+
+/* CTRL CLOSE CODES */
+#define GENERAL_STOP_CTRL		0x01
+#define STOP_PROTOCOL			0x02
+#define STOP_LOCAL_SHUTDOWN		0x03
+
+/* PPTP CTRL structs */
+
+struct pptp_header {
+	u_int16_t length;		/* pptp message length incl header */
+	u_int16_t pptp_type;		/* pptp message type */
+	u_int32_t magic;		/* magic cookie */
+	u_int16_t ctrl_type;		/* control message type */
+	u_int16_t reserved0;		/* reserved */
+};
+
+struct pptp_start_ctrl_conn_rqst {
+	struct pptp_header header;	/* pptp header */
+	u_int16_t version;		/* pptp protocol version */
+	u_int16_t reserved1;		/* reserved */
+	u_int32_t framing_cap;		/* framing capabilities */
+	u_int32_t bearer_cap;		/* bearer capabilities */
+	u_int16_t max_channels;		/* maximum channels */
+	u_int16_t firmware_rev;		/* firmware revision */
+	u_int8_t hostname[MAX_HOSTNAME_SIZE];	/* hostname */
+	u_int8_t vendor[MAX_VENDOR_SIZE];	/* vendor */
+};
+
+struct pptp_start_ctrl_conn_rply {
+	struct pptp_header header;	/* pptp header */
+	u_int16_t version;		/* pptp protocol version */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int32_t framing_cap;		/* framing capabilities */
+	u_int32_t bearer_cap;		/* bearer capabilities */
+	u_int16_t max_channels;		/* maximum channels */
+	u_int16_t firmware_rev;		/* firmware revision */
+	u_int8_t hostname[MAX_HOSTNAME_SIZE];	/* hostname */
+	u_int8_t vendor[MAX_VENDOR_SIZE];	/* vendor */
+};
+
+struct pptp_stop_ctrl_conn_rqst {
+	struct pptp_header header;	/* header */
+	u_int8_t reason;		/* reason for closing */
+	u_int8_t reserved1;		/* reserved */
+	u_int16_t reserved2;		/* reserved */
+};
+
+struct pptp_stop_ctrl_conn_rply {
+	struct pptp_header header;	/* header */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int16_t reserved1;		/* reserved */
+};
+
+struct pptp_echo_rqst {
+	struct pptp_header header;	/* header */
+	u_int32_t identifier;		/* value to match rply with rqst */
+};
+
+struct pptp_echo_rply {
+	struct pptp_header header;	/* header */
+	u_int32_t identifier;		/* identifier of echo rqst */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int16_t reserved1;		/* reserved */
+};
+
+struct pptp_out_call_rqst {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* unique identifier to PAC-PNS pair */
+	u_int16_t call_serial;		/* session identifier */
+	u_int32_t min_bps;		/* minimum line speed */
+	u_int32_t max_bps;		/* maximum line speed */
+	u_int32_t bearer_type;		/* bearer type */
+	u_int32_t framing_type;		/* framing type */
+	u_int16_t pckt_recv_size;	/* packet recv window size */
+	u_int16_t pckt_delay;		/* packet processing delay */
+	u_int16_t phone_len;		/* phone number length */
+	u_int16_t reserved1;		/* reserved */
+	u_int8_t phone_num[64];		/* phone number */
+	u_int8_t subaddress[64];	/* additional dialing info */
+};
+
+struct pptp_out_call_rply {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* unique identifier to PAC-PNS pair */
+	u_int16_t call_id_peer;		/* set to call_id of the call rqst */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int16_t cause_code;		/* additional failure information */
+	u_int32_t speed;		/* actual connection speed */
+	u_int16_t pckt_recv_size;	/* packet recv window size */
+	u_int16_t pckt_delay;		/* packet processing delay */
+	u_int32_t channel_id;		/* physical channel ID */
+};
+
+struct pptp_in_call_rqst {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* unique identifier for tunnel */
+	u_int16_t call_serial;		/* session identifier */
+	u_int32_t bearer_type;		/* bearer capability */
+	u_int32_t channel_id;		/* channel ID */
+	u_int16_t dialed_len;		/* dialed length */
+	u_int16_t dialing_len;		/* dialing length */
+	u_int8_t dialed_num[64];	/* number that was dialed by the caller */
+	u_int8_t dialing_num[64];	/* the number from which the call was placed */
+	u_int8_t subaddress[64];	/* additional dialing information */
+};
+
+struct pptp_in_call_rply {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* unique identifier for the tunnel */
+	u_int16_t peers_call_id;	/* set to rcvd call ID */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int16_t pckt_recv_size;	/* packet recv window size */
+	u_int16_t pckt_delay;		/* packet transmit delay */
+	u_int16_t reserved1;		/* reserved */
+};
+
+struct pptp_in_call_connect {
+	struct pptp_header header;	/* header */
+	u_int16_t peers_call_id;	/* set to rcvd call ID */
+	u_int16_t reserved1;		/* reserved */
+	u_int32_t speed;		/* connect speed */
+	u_int16_t pckt_recv_size;	/* packet rcvd window size */
+	u_int16_t pckt_delay;		/* packet transmit delay */
+	u_int32_t framing_type;		/* framing type */
+};
+
+struct pptp_call_clr_rqst {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* call ID assigned by the PNS */
+	u_int16_t reserved1;		/* reserved */
+};
+
+struct pptp_call_disconn_ntfy {
+	struct pptp_header header;	/* header */
+	u_int16_t call_id;		/* call ID assigned by the PAC */
+	u_int8_t result_code;		/* result code */
+	u_int8_t error_code;		/* error code */
+	u_int16_t cause_code;		/* additional disconnect info */
+	u_int16_t reserved1;		/* reserved */
+	u_int8_t call_stats[128];	/* vendor specific call stats */
+};
+
+struct pptp_wan_err_ntfy {
+	struct pptp_header header;	/* header */
+	u_int16_t peers_call_id;	/* call ID assigned by PNS */
+	u_int16_t reserved1;		/* reserved */
+	u_int32_t crc_errors;		/* # of PPP frames rcvd with CRC errors */
+	u_int32_t framing_errors;	/* # of improperly framed PPP pckts */
+	u_int32_t hardware_overruns;	/* # of receive buffer overruns */
+	u_int32_t buff_overruns;	/* # of buffer overruns */
+	u_int32_t timeout_errors;	/* # of timeouts */
+	u_int32_t align_errors;		/* # of alignment errors */
+};
+
+struct pptp_set_link_info {
+	struct pptp_header header;
+	u_int16_t peers_call_id;	/* call ID assigned by PAC */
+	u_int16_t reserved1;		/* reserved */
+	u_int32_t send_accm;		/* send ACCM value the client should use */
+	u_int32_t recv_accm;		/* recv ACCM value the client should use */
+};
+
+/* GRE and PPP structs */
+
+/* Copied from C. S. Ananian */
+
+#define HDLC_FLAG		0x7E
+#define HDLC_ESCAPE		0x7D
+
+#define PPTP_GRE_PROTO		0x880B
+#define PPTP_GRE_VER		0x1
+
+#define PPTP_GRE_FLAG_C		0x80
+#define PPTP_GRE_FLAG_R		0x40
+#define PPTP_GRE_FLAG_K		0x20
+#define PPTP_GRE_FLAG_S		0x10
+#define PPTP_GRE_FLAG_A		0x80
+
+#define PPTP_GRE_IS_C(f)	((f)&PPTP_GRE_FLAG_C)
+#define PPTP_GRE_IS_R(f)	((f)&PPTP_GRE_FLAG_R)
+#define PPTP_GRE_IS_K(f)	((f)&PPTP_GRE_FLAG_K)
+#define PPTP_GRE_IS_S(f)	((f)&PPTP_GRE_FLAG_S)
+#define PPTP_GRE_IS_A(f)	((f)&PPTP_GRE_FLAG_A)
+
+struct pptp_gre_header {
+	u_int8_t flags;		/* bitfield */
+	u_int8_t ver;		/* should be PPTP_GRE_VER (enhanced GRE) */
+	u_int16_t protocol;	/* should be PPTP_GRE_PROTO (ppp-encaps) */
+	u_int16_t payload_len;	/* size of ppp payload, not inc. gre header */
+	u_int16_t call_id;	/* peer's call_id for this session */
+	u_int32_t seq;		/* sequence number.  Present if S==1 */
+	u_int32_t ack;		/* seq number of highest packet recieved by */
+	/* sender in this session */
+};
+
+/* For our call ID pairs */
+#define PNS_VALUE 0
+#define PAC_VALUE 1
+
+#define GET_VALUE(which, where) ((which ## _VALUE) ? ((where) & 0xffff) : ((where) >> 16))
+
+#define NOTE_VALUE(which, where, what) ((which ## _VALUE) \
+					  ? ((where) = ((where) & 0xffff0000) | (what)) \
+					  : ((where) = ((where) & 0xffff) | ((what) << 16)))
+
+#endif	/* !_PPTPD_PPTPDEFS_H */