diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..c901290 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,143 @@ +Debian PPP package notes +======================== + +Table of contents: + + + Provided user space scripts + + Permissions + + Outbound dialing setup + + Inbound setup combined with mgetty + + Syslog facility level + + Logging of ip-up and ip-down + + DSL connections + + MSS clamping + + Naming of PPPoE interfaces + + -- Christoph Lameter , 22 July 1997 + Phil Hands + Josip Rodin , 27 November 1999. + Marco d'Itri + + +Provided user space scripts +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Since release 2.3.1, the ppp package provides scripts to conveniently +control PPP from user space. Note that the scripts only work with the +proper setup in /etc/ppp. Edit the configuration files and test the +operation of your link in superuser mode first. + +pon Bring link up. Executes pppd (you may specify the ISP name + on the command line), and will immediately return the + command prompt while still dialing. + +plog Shows the last lines of the pppd log. Basically, does + tail ppp.log. + +poff Bring link down. Terminates connection by killing pppd. + +Please read the manual page pon(1) for specific descriptions of these +commands. + + +Permissions +~~~~~~~~~~~ +Access to pppd is controlled via the membership in the "dip" group. + + +Outbound dialing setup +~~~~~~~~~~~~~~~~~~~~~~ +Edit the file /etc/ppp/peers/provider and put all options in it that you need +to connect to your server. The most common options are already provided for +you, and you should only need to set the login name and telephone number. + +Edit the file /etc/ppp/pap-secrets and put your password into the designated +location. + +You should then be able to start the PPP connection with pon. + +You should never need to modify /etc/ppp/options. + +If you want to have PPP started at boot time then add something like this +to /etc/network/interfaces: + +auto myisp +iface myisp inet ppp + provider dsl-provider + + +Inbound setup combined with mgetty +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Note: for this to work you need to have mgetty version >= 0.99 with its +AutoPPP feature turned on. + +Edit the /etc/ppp/options file and uncomment the nameserver lines. Provide +the IP addresses that you want the users to use for their name services. + +To have one options file for each serial port you run mgetty on, use +the files /etc/ppp/options.ttyXX. Give each serial port an IP address +in those files. That way that port is locked into using that IP number. +Think what consequences that assignment might have for outbound use... + +That should be enough for dial-up from a Win9x or NT Server. The +username/password on those system is used for a PAP authentication. +The /etc/ppp/pap-secrets is already set up for such a situation. Mgetty is +preconfigured to call pppd with parameters so that the PAP verification will +be done through the /etc/passwd file. + +All your users should now be able to establish PPP connections by just +specifying phone number, username, and password from Win9x. + +Inbound dial-up using dial-up scripts: +A PPP session can be established from the regular Linux prompt by executing +/usr/sbin/pppd. The user is limited to use the assigned IP address in +/etc/ppp/options.ttyname and will not be able to override it. + +Note: there is support for callback, it can be done through scripts +(see /usr/share/doc/ppp/examples/scripts/*callback), and with mgetty's +`callback' program (see callback(8) manual page). + + +Syslog facility level +~~~~~~~~~~~~~~~~~~~~~ +The default level of LOG_DAEMON has been overridden (as described in the +pppd(8) man page), to be LOG_LOCAL2. The intent being that local2 be sent +to /var/log/ppp.log for use by plog, if you add the following line to your +/etc/syslog.conf file: + +local2.* -/var/log/ppp.log + + +Logging of ip-up and ip-down +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +If you want to enable logging of the ip-up and ip-down scripts output, +then create the file /var/log/ppp-ipupdown.log . + + +DSL connections +~~~~~~~~~~~~~~~ +The files peers-pppoa, peers-pppoe and interfaces from +/usr/share/doc/ppp/examples/ contain complete configuration examples +for the protocols commonly used for DSL connections. +Beware: the pppoatm kernel driver currently is not autoloaded, so PPPoA +users probably want to add it to /proc/modules. +The same applies to PPPoE users who need the br2684 module. + + +MSS clamping +~~~~~~~~~~~~ +If the computer running pppd acts as a router for other machines, you +probably want to make it reduce the MSS field of outgoing packets, to +avoid fragmentation and problems caused by path MTU blackholing. +You may add something like this to /etc/ppp/ip-up.d/local: + +iptables --insert FORWARD 1 --proto tcp --tcp-flags SYN,RST SYN \ + --out-interface $PPP_IFACE --match tcpmss --mss 1400:1536 \ + --jump TCPMSS --clamp-mss-to-pmtu + + +Naming of PPPoE interfaces +~~~~~~~~~~~~~~~~~~~~~~~~~~ +The rp-pppoe plugin usually accepts only eth*, nas* or tap* as interface +names. Different names can be specified by adding the "nic-" prefix, +which will be removed by the program. + diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..e059b08 --- /dev/null +++ b/debian/README.source @@ -0,0 +1,106 @@ +README.source for ppp +===================== + +This is a pretty standard 3.0 (quilt) format package, using debhelper 9. There +are, however, some gotchas that people considring NMUs or other changes must +take into account: + +- The package's version number must follow a particular format. See *Version + Number* below. + +- There is a symbols file used for tracking the pppd binary's ABI. See *Symbols + File* for more information. The build process is strict about checking the + ABI using the symbols file. + +- There are several packages that use ppp-dev to build plugins that may be + loaded into pppd. When adding patches you must be very careful about not + breaking ABI compatibility unnecessarily. + +- If you must break ABI compatibility without uploading a new upstream release, + you must bump the ABI tag. See *Version Number* below. + +- If you are uploading a new upstream release *or* changing the ABI tag in the + version number, you will effectively trigger a transition. A number of + depending packages will need to be rebuilt and the transition will need to be + managed properly. + +Version Number +-------------- + +Debian Policy §5.6.12 states that there are three parts to a version number of +a package: epoch, upstream_version and debian_revision. For the ppp package the +epoch is currently unused and the upstream_version matches the upstream ppp +package version as you would expect. The debian_revision, however, is special. + +Upstream ppp packages cause deliberate ABI breaks with every minor release. +This happens both because the default path which plugins are loaded from +contains the pppd version number, and because plugins should contain a +pppd_version string that matches the pppd version number (which pppd checks at +plugin load). Patches added to ppp in Debian may also silently change the ABI +that plugins expect (e.g. by changing function signatures or names, or changing +structure elements), so we need some additional means to track this. + +In order to handle this in as graceful a way as possible, the debian_revision +incorporates an ABI revision field. This field is used to generate Depends or +Breaks entries for packages that build plugins for pppd, and must be present +or the build will fail. + +There is currently no automatic tracking of the ABI, so manual care and +attention is required when making changes. + +The version of the ppp package looks like:: + + 2.4.7-1+1 + +-+-+ | | + | | +--> Usual debian revision field + | +----> ABI version field + +--------> Usual upstream version field + +Essentially the debian_revision field is followed immediately by the ABI +revision number, then a plus (+), then what would normally be included in the +debian_revision in any other package. + +The ABI revision number must be an integer. Its value starts at one (1) and +must be incremented if the ABI changes without the upstream_version changing. +If the upstream_version field changes, the ABI version should be reset to 1. + +If you are uploading an NMU and are confident you are not changing the ABI, +simply add your tag to the end of the version number as usual. The same applies +for security/stable updates and backports, too. + +Symbols File +------------ + +In order to help keep track of the ABI offered to external plugins, this +package uses a symbols file. This is very unconvential for an executable but is +normally considered a requirement for shared libraries. The symbols file is not +currently used beyond the ppp package itself (e.g. plugins have no way of using +the symbols file to generate dependencies at the moment). + +This is consulted during the build process and if there are any changes in the +symbols in the binary compared to the symbols file the build will fail. This is +deliberate and helps to indicate that the ABI has changed and an ABI bump is +probably required. + +Note that just because there are no changes compared to the symbol file this +does not mean an ABI change has not happened: a patch may well change things +that cannot be tracked using dpkg-gensymbols, for example a C struct may have +members changed which would also change the ABI. + +The symbols file is generated using standard unmodified Debian tools. There are +two changes required in order for this to work, though: + +1. The pppd binary is built with -Wl,-soname,pppd.so.$(VERSION) to add the + SONAME field to the ELF headers. This is done by patching the Makefile in + debian/patches/pppd-soname-hack.patch. + +2. dh_makeshlibs is overridden in debian/rules to force dpkg-gensymbols to + inspect pppd: it normally only looks at files ending ``.so``. The ``-c2`` + option is also added to ensure that any added/removed symbols cause the + build to fail. + +If the build fails due to changed symbols, you will most likely need to update +the symbols file and bump the ABI revision (see *Version Number*), thus leading +to a transition and rebuilds of any packages that build ppp plugins. + +# vim: ft=rst diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..2c7ac11 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +ppp (2.4.7-ok1) yangtze; urgency=medium + + * Build for openKylin. + + -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..27ed482 --- /dev/null +++ b/debian/control @@ -0,0 +1,73 @@ +Source: ppp +Section: admin +Priority: optional +Homepage: http://ppp.samba.org/ +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Chris Boot +Uploaders: Marco d'Itri +Build-Depends: + debhelper (>= 11~), + libpam0g-dev, + libpcap0.8-dev, + libssl-dev, + zlib1g-dev, +Standards-Version: 4.1.3 +Vcs-Browser: https://salsa.debian.org/debian/ppp +Vcs-Git: https://salsa.debian.org/debian/ppp.git +Rules-Requires-Root: binary-targets + +Package: ppp +Architecture: linux-any +Depends: + libpam-modules, + libpam-runtime, + lsb-base, + procps, + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + network-manager (<< 0.9.8.8-0), + network-manager-pptp (<< 0.9.8.4-0), + pppdcapiplugin (<< 1:3.25+dfsg1-0), +Description: Point-to-Point Protocol (PPP) - daemon + The Point-to-Point Protocol provides a standard way to transmit + datagrams over a serial link, as well as a standard way for the machines + at either end of the link to negotiate various optional characteristics + of the link. + . + This package is most commonly used to manage a modem for dial-up or + certain kinds of broadband connections. + +Package: ppp-udeb +Package-Type: udeb +Section: debian-installer +Architecture: amd64 arm64 armhf ppc64el s390x +Depends: + di-utils, + ethernet-card-detection, + ppp-modules, + ${misc:Depends}, + ${shlibs:Depends}, +Provides: configured-network +XB-Installer-Menu-Item: 1700 +Description: Point-to-Point Protocol (PPP) - package for Debian Installer + The Point-to-Point Protocol provides a standard way to transmit + datagrams over a serial link, as well as a standard way for the machines + at either end of the link to negotiate various optional characteristics + of the link. + . + This package is a minimal ppp package used by the Debian Installer. + +Package: ppp-dev +Section: devel +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: debhelper +Description: Point-to-Point Protocol (PPP) - development files + The Point-to-Point Protocol provides a standard way to transmit + datagrams over a serial link, as well as a standard way for the machines + at either end of the link to negotiate various optional characteristics + of the link. + . + This package provides files needed to build pppd-related software. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..1f07337 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,365 @@ +This is the Debian GNU/Linux prepackaged version of ppp. + +This package was previously maintained by Ian Murdock , +Alvar Bray , Christoph Lameter , +Philip Hands , Michael Beattie and +Russell Coker . + +It is currently maintained by Marco d'Itri +and Chris Boot . + +Original sources were obtained from: + git://ozlabs.org/~paulus/ppp.git + +The options file was originally obtained from: + ftp://sunsite.unc.edu/pub/Linux/system/Network/serial/pppopt.tgz +It was later heavily modified by various people, with additions from +different sources. + +All of the code can be freely used and redistributed. The individual +source files each have their own copyright and permission notice; some +have a BSD-style notice and some are under the GPL. + + +Follows the BSD-like licenses. Not all of them apply to all parts of pppd. + + * Copyright (c) 2003 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + * Copyright (c) 1995 Pedro Roque Marques. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The names of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Pedro Roque Marques + * " + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + * Copyright (c) 1995 Eric Rosenquist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + * Copyright (c) 2002 Google, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + * Copyright (c) 2001 by Sun Microsystems, Inc. + * All rights reserved. + * + * Non-exclusive rights to redistribute, modify, translate, and use + * this software in source and binary forms, in whole or in part, is + * hereby granted, provided that the above copyright notice is + * duplicated in any source form, and that neither the name of the + * copyright holder nor the author is used to endorse or promote + * products derived from this software. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + * Copyright (c) 1999 Tommi Komulainen. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Tommi Komulainen + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + *********************************************************************** + ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** + ** ** + ** License to copy and use this software is granted provided that ** + ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** + ** Digest Algorithm" in all material mentioning or referencing this ** + ** software or this function. ** + ** ** + ** License is also granted to make and use derivative works ** + ** provided that such works are identified as "derived from the RSA ** + ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** + ** material mentioning or referencing the derived work. ** + ** ** + ** RSA Data Security, Inc. makes no representations concerning ** + ** either the merchantability of this software or the suitability ** + ** of this software for any particular purpose. It is provided "as ** + ** is" without express or implied warranty of any kind. ** + ** ** + ** These notices must be retained in any copies of any part of this ** + ** documentation and/or software. ** + *********************************************************************** + +The `chat' program is in the public domain. + +spinlock.c and tdb.c are licensed under the GNU LGPL version 2 or later +and they are: + Copyright (C) Anton Blanchard 2001 + Copyright (C) Andrew Tridgell 1999-2004 + Copyright (C) Paul `Rusty' Russell 2000 + Copyright (C) Jeremy Allison 2000-2003 + +On Debian systems, the complete text of the GNU General Public License version 2 +can be found in `/usr/share/common-licenses/GPL-2'. + +pppd/plugins/rp-pppoe/* is: + +* Copyright (C) 2000 by Roaring Penguin Software Inc. +* +* This program may be distributed according to the terms of the GNU +* General Public License, version 2 or (at your option) any later version. + +The rp-pppoe author stated in a private email to Marco d'Itri that, +as an exception to the license, linking with OpenSSL is allowed. + +pppd/plugins/winbind.c is licensed under the GNU GPL version 2 or later +and is: +* Copyright (C) 2003 Andrew Bartlet +* Copyright 1999 Paul Mackerras, Alan Curry. +* Copyright (C) 2002 Roaring Penguin Software Inc. + +pppd/plugins/pppoatm.c is licensed under the GNU GPL version 2 or later +and is: + * Copyright 2000 Mitchell Blank Jr. + + +The following copyright notices apply to plugins/radius/*: + +Copyright (C) 2002 Roaring Penguin Software Inc. + +Permission to use, copy, modify, and distribute this software for any +purpose and without fee is hereby granted, provided that this +copyright and permission notice appear on all copies and supporting +documentation, the name of Roaring Penguin Software Inc. not be used +in advertising or publicity pertaining to distribution of the program +without specific prior permission, and notice be given in supporting +documentation that copying and distribution is by permission of +Roaring Penguin Software Inc.. + +Roaring Penguin Software Inc. makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + +Copyright (C) 1995,1996,1997,1998 Lars Fenneberg + +Permission to use, copy, modify, and distribute this software for any +purpose and without fee is hereby granted, provided that this copyright and +permission notice appear on all copies and supporting documentation, the +name of Lars Fenneberg not be used in advertising or publicity pertaining to +distribution of the program without specific prior permission, and notice be +given in supporting documentation that copying and distribution is by +permission of Lars Fenneberg. + +Lars Fenneberg makes no representations about the suitability of this +software for any purpose. It is provided "as is" without express or implied +warranty. + +Copyright 1992 Livingston Enterprises, Inc. +Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA 94566 + +Permission to use, copy, modify, and distribute this software for any +purpose and without fee is hereby granted, provided that this copyright +and permission notice appear on all copies and supporting documentation, +the name of Livingston Enterprises, Inc. not be used in advertising or +publicity pertaining to distribution of the program without specific +prior permission, and notice be given in supporting documentation that +copying and distribution is by permission of Livingston Enterprises, Inc. + +Livingston Enterprises, Inc. makes no representations about the suitability +of this software for any purpose. It is provided "as is" without express +or implied warranty. + +[C] The Regents of the University of Michigan and Merit Network, Inc. 1992, +1993, 1994, 1995 All Rights Reserved + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice and this permission notice appear in all +copies of the software and derivative works or modified versions thereof, +and that both the copyright notice and this permission and disclaimer +notice appear in supporting documentation. + +THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER +EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE +UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE +FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR +THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the +University of Michigan and Merit Network, Inc. shall not be liable for any +special, indirect, incidental or consequential damages with respect to any +claim by Licensee or any third party arising from use of the software. + +Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. +All rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + +* radius.c +* +* Copyright (C) 2002 Roaring Penguin Software Inc. +* +* This plugin may be distributed according to the terms of the GNU +* General Public License, version 2 or (at your option) any later version. diff --git a/debian/extra/README.STATIC-IP b/debian/extra/README.STATIC-IP new file mode 100644 index 0000000..0c9d81a --- /dev/null +++ b/debian/extra/README.STATIC-IP @@ -0,0 +1,45 @@ +Static IP addresses support with mgetty/autoPPP +----------------------------------------------- + +Debian PPP package includes a variant of ppp-2.3.0-static.diff, a patch to +ppp-2.3.0 to support using static IP addresses with Mgetty and AutoPPP. It +does not affect normal dynamic assignments. There is no need to re-compile +the kernel. + +You should update the pap-secrets file to contain the entries of those users +you want to have static IP addresses. Typical entry might look like: + +#client server secret IP addresses + jdoe * realpswd 207.69.189.15 + * * "" * + +Also, inform your static IP users to include their IP when +connecting. E.g. run `pppd 207.69.189.15:` +Or for Windows folks, check the "Specify an IP address" option and +type in the IP. + +Note: The second line is what most folks will use to authenticate +users who will be dynamically assigned their addresses by +/dev/ttyXX. This along with the login option allows users to be PAP +authenticated against the /etc/passwd or /etc/shadow. If you enter each and +every user into your pap-secrets file and do not have the last line, +(wildcards line) you MUST place a "*" at the end of each users line. +Without it, the authentication will fail. For example: + +#client server secret IP addresses + jdoe * passwd 207.69.189.15 * + +This "*" at the end allows the patches to work properly without changing +the normal process. The IP address is normally assigned via the +/etc/ppp/options.ttyXX file. The patches do not interfere with this process +at all. The only thing different is when the user tells pppd he has his own +address, pppd will allow him to use it, if he and his address are +authenticated via the pap-secrets file. The only thing to remember, is tell +your static IP users to set the "correct" IP or they will be assigned the +normal dynamic address. (And of course that's not what we want :>) If you +have any questions.... + +While I tested this as many ways as our systems would allow, no warranty +is implied. They work well for us. + +Author: Jeff Myers diff --git a/debian/extra/README.win9x b/debian/extra/README.win9x new file mode 100644 index 0000000..fbbd3a5 --- /dev/null +++ b/debian/extra/README.win9x @@ -0,0 +1,35 @@ +Short guide on how to run a Win9x connection with PPPD to Debian Linux +---------------------------------------------------------------------- + +1. Do not mess around with the Win9x configuration. + Do not manually configure DNS, scripts etc. + Do not switch on the terminal windows. + Accept all defaults or better leave it as it was at installation. + +2. You need to have a getty program that supports automatic PPP protocol + detection, such as mgetty (versions >= 0.99). + + Note: the mgetty shipped with Debian has to be set up to enable this + behaviour - look for "AutoPPP" in the login.config configuration file. + +3. Change the "ms-dns" lines in /etc/ppp/options, and review the complete + file for things you need to do. + +4. Make sure that your /etc/ppp/pap-secrets file is set up to allow users + mentioned in system passwords database (/etc/passwd) to establish PPP + connections using their normal password. + + Note: the pap-secrets file shipped with Debian pppd is set up to enable + this by default. + +5. On the Win9x box, in Dial-Up Networking folder, create a new connection, + and enter the phone number. Prior to connecting, enter the username and + password. + +Win9x should connect to your Linux PPPD without problems and automatically +configure IP addresses, the netmask and the DNS servers. You can immediately +start Netscape, Internet Explorer or any other TCP/IP tools. + +-- Christoph Lameter , 27 September, 1996, + Josip Rodin , 27 November 1999, + Michael Beattie , 9 April 2001. diff --git a/debian/extra/autopppd b/debian/extra/autopppd new file mode 100644 index 0000000..5a88ad7 --- /dev/null +++ b/debian/extra/autopppd @@ -0,0 +1,181 @@ +#!/usr/bin/perl -w + +# From: Brian May +# To: Debian Bug Tracking System +# Subject: ppp: Increase redial time with each failed PPP connection attempt +# Date: Fri, 04 Oct 2002 10:02:50 +1000 +# Message-Id: <20021004000251.9396ECD17@scrooge.chocbit.org.au> +# +# Package: ppp +# Version: 2.4.1.uus-4 +# Severity: normal +# Tags: patch +# +# Suggested script to include. It means that each time to +# connect is made longer, so that you don't get a huge bill if +# for some reason the modem connects but a PPP connection cannot +# be established: +# +# This program depends on libproc-daemon-perl and libproc-waitstat-perl . + +use Proc::Daemon; +use strict; +use Sys::Syslog qw(:DEFAULT setlogsock); # default set, plus setlogsock +use Proc::WaitStat qw(:DEFAULT waitstat); + + +Proc::Daemon::Init; + +my $pidfile = '/var/run/autopppd.pid'; +open(PIDFILE, $pidfile); +print(PIDFILE "$$\n"); +close(PIDFILE); + +sub toseconds($) { + my ($hours,$minutes,$seconds) = split(/:/,shift); + return ($hours*60+$minutes)*60+$seconds; +} + +sub dseconds($) { + my ($total) = @_; + + my $seconds = $total % 60; $total = ($total - $seconds)/60; + my $minutes = $total % 60; $total = ($total - $minutes)/60; + my $hours = $total % 24; $total = ($total - $hours)/24; + my $days = $total; + if ($days > 0) { + return(sprintf("%d-%02d:%02d:%02d",$days,$hours,$minutes,$seconds)); + } else { + return(sprintf("%02d:%02d:%02d",$hours,$minutes,$seconds)); + } +} + +my $program="autopppd"; + +setlogsock('unix'); +openlog($program, 'cons,pid', 'daemon'); + +my $pppd_start_time; +my $pppd_end_time; +my $pppd_run_time; +my $pppd_fail; +my $delay=0; +my $idelay=0; + +my @delays = ( + toseconds("00:01:00"), # 1 minute + toseconds("00:07:00"), # 8 minutes + toseconds("00:07:00"), # 15 minutes + toseconds("00:15:00"), # 30 minutes + toseconds("00:30:00"), # 1 hour + toseconds("01:00:00"), # 2 hours + toseconds("01:00:00"), # 3 hours + toseconds("03:00:00"), # 6 hours + toseconds("06:00:00"), # 12 hours + toseconds("12:00:00"), # 24 hours + toseconds("24:00:00") # 48 hours + ); + +# action == 0 => immediate retry (!FIXME! needs to have some delay) +# action == 1 => delayed retry +# action == 2 => abort + +my $code = { + 0 => { message=>"pppd detached", action=> 2 }, + 1 => { message=>"fatal error", action=> 2 }, + 2 => { message=>"options error", action=> 2 }, + 3 => { message=>"not setuid-root error", action=> 2 }, + 4 => { message=>"no kernel support for PPP", action=> 2 }, + 5 => { message=>"SIGINT or SIGTERM or SIGHUP", action=> 1 }, + 6 => { message=>"Serial port locked", action=> 1 }, # should be 0 + 7 => { message=>"Serial port open error", action=> 1 }, + 8 => { message=>"Connect failed", action=> 1 }, + 9 => { message=>"Could not execute pty command", action=> 1 }, + 10 => { message=>"PPP negotiation failed", action=> 1 }, + 11 => { message=>"Peer failed to authenticate", action=> 1 }, + 12 => { message=>"Link was idle", action=> 1 }, + 13 => { message=>"Time limit exceeded", action=> 1 }, + 14 => { message=>"call back not implemented", action=> 2 }, + 15 => { message=>"peer not responding", action=> 1 }, + 16 => { message=>"modem hang up", action=> 1 }, + 17 => { message=>"Serial loopback detected", action=> 1 }, + 18 => { message=>"Init script failed", action=> 1 }, + 19 => { message=>"We failed to authenticate", action=> 1 }, +}; + +while (1) +{ + $pppd_start_time=time; + syslog('info', 'restarting pppd'); + + # logging sometimes stopped working after ppp was running for + # some time. lets see if closing and reopening the log file helps... + closelog(); + + # run ppp + my $rc=system("pppd","-detach",@ARGV); + + # reopon log file + openlog($program, 'cons,pid', 'daemon'); + + # calculate run time + $pppd_end_time=time; + $pppd_run_time=$pppd_end_time-$pppd_start_time; + + my $pppd_code = ($? >> 8); + my $pppd_signal = $? & 127; + my $pppd_coredump = $? & 128; + + $pppd_fail = 1; + if ($pppd_signal != 0) { + if ($pppd_coredump) + { syslog('err',"pppd died with signal $pppd_signal, coredump"); } + else + { syslog('err',"pppd died with signal $pppd_signal"); } + } + elsif ($pppd_coredump) { + syslog('err',"pppd died with coredump"); + } + elsif (defined($code->{$pppd_code}) && $code->{$pppd_code}{"action"} == 0) { + syslog('err', "pppd returned: ".$code->{$pppd_code}{"message"}." ($pppd_code), immediate retry"); + $pppd_fail = 0; + } + elsif (defined($code->{$pppd_code}) && $code->{$pppd_code}{"action"} == 1) { + syslog('err', "pppd returned: ".$code->{$pppd_code}{"message"}." ($pppd_code), delayed retry"); + $pppd_fail = 1; + } + elsif (defined($code->{$pppd_code}) && $code->{$pppd_code}{"action"} >= 2) { + syslog('err', "pppd returned: ".$code->{$pppd_code}{"message"}." ($pppd_code), aborting"); + exit(255); + unlink $pidfile; + } + elsif (defined($code->{$pppd_code}) && $code->{$pppd_code}{"action"} >= 2) { + syslog('err', "pppd returned: unknown error ($pppd_code), delayed retry"); + $pppd_fail = 1; + } + # if it hasn't ran for at least an hour, then somthing went wrong + elsif ($pppd_run_time < toseconds("01:00:00")) { + syslog('err',"pppd session didn't last 1 hour, delayed retry"); + $pppd_fail = 1; + } + else { $pppd_fail = 0; } + + # if not failed, then reset delay. + if (!$pppd_fail) { $idelay = 0; } + + # get next delay. + $delay = $delays[$idelay]; + + # log statistics. + syslog('info',"rc=".waitstat($rc)." runtime=".dseconds($pppd_run_time)." delay[$idelay]=".dseconds($delay).""); + + # delay for desired time. + sleep($delay); + + # increment delay for next time. + if (defined($delays[$idelay+1])) { $idelay++; } +} + +closelog(); +unlink $pidfile; + diff --git a/debian/extra/bash_completion/poff b/debian/extra/bash_completion/poff new file mode 100644 index 0000000..484427b --- /dev/null +++ b/debian/extra/bash_completion/poff @@ -0,0 +1,31 @@ +# Debian GNU/Linux pon/poff(1) completion +# Copyright 2002 Baruch Even +# License: GNU GPL v2 or later + +_poff() +{ + local prev cur conns + + [ -r /etc/ppp/peers/ ] || return 0 + + COMPREPLY=() + prev=${COMP_WORDS[COMP_CWORD-1]} + cur=${COMP_WORDS[COMP_CWORD]} + conns=$(\ls --color=none /etc/ppp/peers | egrep -v '(\.bak|~)$') + + if [[ "$cur" == -* ]]; then + COMPREPLY=( $(compgen -W '-r -d -c -a -h -v' -- $cur) ) + return 0 + fi + + # first parameter on line or first since an option? + if [ $COMP_CWORD -eq 1 ] && [[ "$cur" != -* ]] || \ + [[ "$prev" == -* ]]; then + COMPREPLY=( $(compgen -o filenames -W "$conns" $cur) ) + fi + + return 0 +} +complete -F _poff poff + +# vim:ft=sh: diff --git a/debian/extra/bash_completion/pon b/debian/extra/bash_completion/pon new file mode 100644 index 0000000..b953ca0 --- /dev/null +++ b/debian/extra/bash_completion/pon @@ -0,0 +1,23 @@ +# Debian GNU/Linux pon/poff(1) completion +# Copyright 2002 Baruch Even +# License: GNU GPL v2 or later + +_pon() +{ + local cur conns + + [ -r /etc/ppp/peers/ ] || return 0 + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + conns=$(\ls --color=none /etc/ppp/peers | egrep -v '(\.bak|~)$') + + if [ $COMP_CWORD -eq 1 ]; then + COMPREPLY=( $(compgen -o filenames -W "$conns" $cur) ) + fi + + return 0 +} +complete -F _pon pon + +# vim:ft=sh: diff --git a/debian/extra/chap-secrets b/debian/extra/chap-secrets new file mode 100644 index 0000000..7fc2ddc --- /dev/null +++ b/debian/extra/chap-secrets @@ -0,0 +1,4 @@ +# Secrets for authentication using CHAP +# client server secret IP addresses + + diff --git a/debian/extra/chatscripts/gprs b/debian/extra/chatscripts/gprs new file mode 100644 index 0000000..5620593 --- /dev/null +++ b/debian/extra/chatscripts/gprs @@ -0,0 +1,38 @@ +# You can use this script unmodified to connect to cellular networks. +# The APN is specified in the peers file as the argument of the -T command +# line option of chat(8). + +# For details about the AT commands involved please consult the relevant +# standard: 3GPP TS 27.007 - AT command set for User Equipment (UE). +# (http://www.3gpp.org/ftp/Specs/html-info/27007.htm) + +ABORT BUSY +ABORT VOICE +ABORT "NO CARRIER" +ABORT "NO DIALTONE" +ABORT "NO DIAL TONE" +ABORT "NO ANSWER" +ABORT "DELAYED" +ABORT "ERROR" + +# cease if the modem is not attached to the network yet +ABORT "+CGATT: 0" + +"" AT +TIMEOUT 12 +OK ATH +OK ATE1 + +# +CPIN provides the SIM card PIN +#OK "AT+CPIN=1234" + +# +CFUN may allow to configure the handset to limit operations to +# GPRS/EDGE/UMTS/etc to save power, but the arguments are not standard +# except for 1 which means "full functionality". +#OK AT+CFUN=1 + +OK AT+CGDCONT=1,"IP","\T","",0,0 +OK ATD*99# +TIMEOUT 22 +CONNECT "" + diff --git a/debian/extra/chatscripts/pap b/debian/extra/chatscripts/pap new file mode 100644 index 0000000..093c326 --- /dev/null +++ b/debian/extra/chatscripts/pap @@ -0,0 +1,22 @@ +# You can use this script unmodified to connect to sites which allow +# authentication via PAP, CHAP and similar protocols. +# This script can be shared among different pppd peer configurations. +# To use it, add something like this to your /etc/ppp/peers/ file: +# +# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER" +# user YOUR-USERNAME-IN-PAP-SECRETS +# noauth + +# Uncomment the following line to see the connect speed. +# It will be logged to stderr or to the file specified with the -r chat option. +#REPORT CONNECT + +ABORT BUSY +ABORT VOICE +ABORT "NO CARRIER" +ABORT "NO DIALTONE" +ABORT "NO DIAL TONE" +"" ATZ +OK ATDT\T +CONNECT "" + diff --git a/debian/extra/defaultroute b/debian/extra/defaultroute new file mode 100644 index 0000000..337747c --- /dev/null +++ b/debian/extra/defaultroute @@ -0,0 +1,51 @@ +From: Marek Michalkiewicz +To: Debian Bug Tracking System +Subject: Bug#85426: default route uses wrong interface with the same IP address + +Package: ppp +Version: 2.4.0f-1 +Severity: wishlist + +The pppd "defaultroute" option, when the ppp0 interface comes up, seems +to do the equivalent of "route add default gw $ip_address", and I think +it should do the equivalent of "route add default dev ppp0" instead. + +In most normal cases this shouldn't matter (because each interface has +its own unique IP address), but specifying the interface by name (not +by its IP address) may be preferable if there is more than one interface +with the same IP address. + +I have a dummy0 interface with the same IP address as that of ppp0. +This makes it possible to connect to the box from the internal LAN +using its normal hostname (even if ppp0 is down at the moment), and +to run named (possibly started before ppp0 comes up) as non-root. + +Using the "defaultroute" option causes pppd to set up the default route +via dummy0 (first device found with matching IP address), not ppp0. +I've worked around this by disabling the pppd defaultroute option and +creating a small shell script called /etc/ppp/ip-up.d/000defaultroute +(run before 00ipmasq) with the following contents: + +#! /bin/sh +set -e +/sbin/route add default dev $PPP_IFACE + +This gets the default route right (no corresponding ip-down script is +necessary - when ppp0 goes down, the route is removed automatically). +Please consider at least documenting this workaround, as I think it +may be useful to someone. + +Thanks, +Marek + +-- System Information +Debian Release: testing/unstable +Architecture: i386 +Kernel: Linux alf 2.2.19pre7 #1 Sat Jan 27 15:26:41 CET 2001 i586 + +Versions of packages ppp depends on: +ii libc6 2.2.1-1 GNU C Library: Shared libraries an +ii libpam-modules 0.72-12 Pluggable Authentication Modules f +ii libpam0g 0.72-12 Pluggable Authentication Modules l +ii netbase 4.05 Basic TCP/IP networking system +ii sysvinit 2.78-4 System-V like init. diff --git a/debian/extra/dh_ppp b/debian/extra/dh_ppp new file mode 100755 index 0000000..51a5581 --- /dev/null +++ b/debian/extra/dh_ppp @@ -0,0 +1,194 @@ +#!/usr/bin/perl -w + +=head1 NAME + +dh_ppp - calculate ppp dependencies + +=cut + +use strict; +use warnings; +use Debian::Debhelper::Dh_Lib; +use Dpkg::Shlibs::Objdump; +use File::Find; + +=head1 SYNOPSIS + +B [S>] [B<--breaks>] [B<--force>] [B<--plugin-dir>] + +=head1 DESCRIPTION + +B is a debhelper program that adds appropriate ppp dependencies on +packages that build pppd plugins. + +By default, some entries are added to B that ensure that +packages which contain plugins that are loaded into pppd depend on an +appropriate version of the ppp package. + +You may prefer to use a B relationship instead, for example if your +package supplies a pppd plugin but does not require it for normal operation. In +that case you should supply the B<--breaks> option and B will be +populated instead of B. + +Substvars entries are only added if a pppd plugin is detected in the build +products, unless B<--force> is specified. Plugins are detected by searching a +package's build products for libraries with a symbol named B. + +A warning is emitted if a plugin is found that does not also contain a +B symbol. + +Please note there is a B addon named B which can be used to +automatically invoke B for you. + +=head1 FILES + +=over 4 + +=item /usr/share/ppp-dev/substvars + +Template substitution variables. The values in this file are used when +populating the B or B substition variables, or they +may be manually copied into a package's substvars if one wishes not to use +B. + +=back + +=head1 OPTIONS + +=over 4 + +=item B<--breaks> + +Rather than populating B to ensure an appropriate version of +B is used, populate B such that a inappropriate version of +B may not be used. + +=item B<--force> + +Do not try to detect pppd plugins in the package, and always assume that a +plugin is present. This will cause B (or B) to +always be populated. + +=item B<--plugin-dir> + +Simply outputs the path to the pppd plugins directory for the current ABI +version. When this flag is specified, B makes no attempt to detect any +plugins nor does it update any substitution variables. + +=back + +=head1 NOTES + +Note that this command is not idempotent. L should be called +between invocations of this command (with the same arguments). Otherwise, it +may cause multiple instances of the same text to be added to the substition +variables. + +Note that B should be run before B. The B sequence +addon for B does the right thing, this note is only relevant when you are +calling B manually. + +=cut + +init(options => { + "breaks" => \$dh{BREAKS}, + "force" => \$dh{FORCE}, + "plugin-dir" => \$dh{PLUGIN_DIR}, +}); + +sub detect_plugins { + my $package = shift; + my $tmpdir = tmpdir($package); + my @shared_objects; + my @plugins; + + find({ + wanted => sub { + my $name = $File::Find::name; + return unless -f $name; + return unless $name =~ m,^$tmpdir/usr/lib/.*\.so$,; + push @shared_objects, $name; + }, + no_chdir => 1, + }, $tmpdir); + + my $od = new Dpkg::Shlibs::Objdump(); + + for my $so (@shared_objects) { + verbose_print("Scanning $so for symbol information"); + + my $objid = $od->analyze($so); + unless (defined($objid) && $objid) { + warning("Dpkg::Shlibs::Objdump couldn't parse $so"); + next; + } + + my $object = $od->get_object($objid); + + my $init = $object->get_symbol("plugin_init"); + if (!defined($init)) { + verbose_print("File $so does not look like a pppd " . + "plugin. Ignoring."); + next; + } + + push @plugins, $so; + + my $ver = $object->get_symbol("pppd_version"); + if (!defined($ver)) { + warning("File $so looks like a pppd plugin but " . + "lacks a pppd_version symbol!"); + } + } + + return @plugins; +} + +my %substvars; +sub load_substvars { + return if %substvars; + + open(VARS, '<', '/usr/share/ppp-dev/substvars') or + error("Failed to load template substvars"); + while () { + chomp; + my ($var, $value) = split /=/, $_, 2; + my @pkgs = split /, /, $value; + $substvars{$var} = \@pkgs; + } + close(VARS); + + for my $var (qw(ppp:Depends ppp:Breaks)) { + error("$var not defined in substvars template") + unless defined($substvars{$var}); + } +} + +if ($dh{PLUGIN_DIR}) { + inhibit_log(); + load_substvars(); + + print join(', ', @{$substvars{'ppp:PluginDir'}}) . "\n"; + exit 0; +} + +foreach my $package (@{$dh{DOPACKAGES}}) { + next unless $dh{FORCE} or detect_plugins($package); + + load_substvars(); + + my $var = $dh{BREAKS} ? 'Breaks' : 'Depends'; + for my $pkg (@{$substvars{"ppp:$var"}}) { + addsubstvar($package, "misc:$var", $pkg); + } +} + +=head1 SEE ALSO + +L + +=head1 AUTHORS + +Chris Boot + +=cut diff --git a/debian/extra/filters b/debian/extra/filters new file mode 100644 index 0000000..526b2d2 --- /dev/null +++ b/debian/extra/filters @@ -0,0 +1,14 @@ +# +# These filter rules should prevent unwanted internet services to +# keep your connections up by ignoring their connection requests +# and your 'go way' responses. +# +# Activate them by activating the line 'file /etc/ppp/filters' in +# /etc/ppp/options. +# +# Note: This has nothing to do with firewall rules. It only affects +# the idle time calculation of the kernel/pppd. +# + +active-filter 'outbound and not icmp[0] == 3 and not tcp[13] & 4 != 0' + diff --git a/debian/extra/interfaces b/debian/extra/interfaces new file mode 100644 index 0000000..f294e4b --- /dev/null +++ b/debian/extra/interfaces @@ -0,0 +1,51 @@ +# copy one of these examples to /etc/network/interfaces + +# The VP, VC and encapsulation must match the ones used by your ISP, these +# examples use 8.35 with LLC encapsulation and assume that ATM interface +# 0 is the DSL modem. +# br2684ctl and atmarp are part of the br2684ctl and atm-tools packages, +# check the atmarp(8) and br2684ctl(8) man pages for details about the +# command line options. + + +# PPPoE +# You need to create an appropriate /etc/ppp/peers/pppoe file, look at +# /usr/share/doc/ppp/examples/peers-pppoe for an example and configure it +# to use the nas0 interface. +auto pppoe +iface pppoe inet ppp + provider pppoe + pre-up br2684ctl -b -c 0 -a 0.8.35 + pre-up ip link set up nas0 + post-down kill $(cat /var/run/nas0.pid) + + +# RFC 1483 bridged, with dynamically assigned address +auto nas0 +iface nas0 inet dhcp + pre-up br2684ctl -b -c ${IFACE#nas} -a 0.8.35 + post-down kill $(cat /var/run/$IFACE.pid) + + +# RFC 1483 bridged, with statically assigned address +auto nas0 +iface nas0 inet static + address 192.0.2.1 + netmask 255.255.255.0 + broadcast 192.0.2.255 + gateway 192.0.2.254 + pre-up br2684ctl -b -c ${IFACE#nas} -a 0.8.35 + post-down kill $(cat /var/run/$IFACE.pid) + + +# Classical IP over ATM (CLIP) +# This assumes that atmarpd is already running. +auto atm0 +iface atm0 inet static + address 192.0.2.1 + netmask 255.255.255.0 + broadcast 192.0.2.255 + gateway 192.0.2.254 + pre-up atmarp -c $IFACE + post-up atmarp -s 192.0.2.254 0.8.35 + diff --git a/debian/extra/ip-down b/debian/extra/ip-down new file mode 100755 index 0000000..07f3659 --- /dev/null +++ b/debian/extra/ip-down @@ -0,0 +1,52 @@ +#!/bin/sh +# +# This script is run by the pppd _after_ the link is brought down. +# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete +# routes, unset IP addresses etc. you should create script(s) there. +# +# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named +# after that package), so choose local script names with that in mind. +# +# This script is called with the following arguments: +# Arg Name Example +# $1 Interface name ppp0 +# $2 The tty ttyS1 +# $3 The link speed 38400 +# $4 Local IP number 12.34.56.78 +# $5 Peer IP number 12.34.56.99 +# $6 Optional ``ipparam'' value foo + +# The environment is cleared before executing this script +# so the path must be reset +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH + +# These variables are for the use of the scripts run by run-parts +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + +# as an additional convenience, $PPP_TTYNAME is set to the tty name, +# stripped of /dev/ (if present) for easier matching. +PPP_TTYNAME=`/usr/bin/basename "$2"` +export PPP_TTYNAME + +# If /var/log/ppp-ipupdown.log exists use it for logging. +if [ -e /var/log/ppp-ipupdown.log ]; then + exec >> /var/log/ppp-ipupdown.log 2>&1 + echo $0 $@ + echo +fi + +# This script can be used to override the .d files supplied by other packages. +if [ -x /etc/ppp/ip-down.local ]; then + exec /etc/ppp/ip-down.local "$@" +fi + +run-parts /etc/ppp/ip-down.d \ + --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6" + diff --git a/debian/extra/ip-down.d/0000usepeerdns b/debian/extra/ip-down.d/0000usepeerdns new file mode 100755 index 0000000..2740a97 --- /dev/null +++ b/debian/extra/ip-down.d/0000usepeerdns @@ -0,0 +1,24 @@ +#!/bin/sh -e + +# exit if the resolvconf package is installed +[ -x /sbin/resolvconf ] && exit 0 + +# follow any symlink to find the real file +if [ -e /etc/resolv.conf ]; then + REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf) +else + REALRESOLVCONF=/etc/resolv.conf +fi + +# if an old resolv.conf file exists, restore it +if [ -e $REALRESOLVCONF.pppd-backup.$PPP_IFACE ]; then + mv -f $REALRESOLVCONF.pppd-backup.$PPP_IFACE $REALRESOLVCONF + + # restart nscd because resolv.conf has changed + if [ -e /var/run/nscd.pid ]; then + /etc/init.d/nscd restart || true + fi +fi + +exit 0 + diff --git a/debian/extra/ip-up b/debian/extra/ip-up new file mode 100755 index 0000000..9cbeb97 --- /dev/null +++ b/debian/extra/ip-up @@ -0,0 +1,59 @@ +#!/bin/sh +# +# This script is run by the pppd after the link is established. +# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes, +# set IP address, run the mailq etc. you should create script(s) there. +# +# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named +# after that package), so choose local script names with that in mind. +# +# This script is called with the following arguments: +# Arg Name Example +# $1 Interface name ppp0 +# $2 The tty ttyS1 +# $3 The link speed 38400 +# $4 Local IP number 12.34.56.78 +# $5 Peer IP number 12.34.56.99 +# $6 Optional ``ipparam'' value foo + +# The environment is cleared before executing this script +# so the path must be reset +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH + +# These variables are for the use of the scripts run by run-parts +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + +# as an additional convenience, $PPP_TTYNAME is set to the tty name, +# stripped of /dev/ (if present) for easier matching. +PPP_TTYNAME=`/usr/bin/basename "$2"` +export PPP_TTYNAME + +# If /var/log/ppp-ipupdown.log exists use it for logging. +if [ -e /var/log/ppp-ipupdown.log ]; then + exec > /var/log/ppp-ipupdown.log 2>&1 + echo $0 $@ + echo +fi + +# This script can be used to override the .d files supplied by other packages. +if [ -x /etc/ppp/ip-up.local ]; then + exec /etc/ppp/ip-up.local "$@" +fi + +run-parts /etc/ppp/ip-up.d \ + --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6" + +# if pon was called with the "quick" argument, stop pppd +if [ -e /var/run/ppp-quick ]; then + rm /var/run/ppp-quick + wait + kill $PPPD_PID +fi + diff --git a/debian/extra/ip-up.d/0000usepeerdns b/debian/extra/ip-up.d/0000usepeerdns new file mode 100755 index 0000000..fa3c913 --- /dev/null +++ b/debian/extra/ip-up.d/0000usepeerdns @@ -0,0 +1,40 @@ +#!/bin/sh -e + +# this variable is only set if the usepeerdns pppd option is being used +[ "$USEPEERDNS" ] || exit 0 + +# exit if the resolvconf package is installed +[ -x /sbin/resolvconf ] && exit 0 + +case "$6" in + nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*) + # NetworkManager handles it + exit 0 + ;; +esac + +# create the file if it does not exist +if [ ! -e /etc/resolv.conf ]; then + : > /etc/resolv.conf +fi + +# follow any symlink to find the real file +REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf) + +# merge the new nameservers with the other options from the old configuration +{ + cat /etc/ppp/resolv.conf + grep --invert-match '^nameserver[[:space:]]' "$REALRESOLVCONF" || true +} > "$REALRESOLVCONF.tmp" + +# backup the old configuration and install the new one +cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE" +mv -f "$REALRESOLVCONF.tmp" "$REALRESOLVCONF" + +# restart nscd because resolv.conf has changed +if [ -e /var/run/nscd.pid ]; then + /etc/init.d/nscd restart || true +fi + +exit 0 + diff --git a/debian/extra/ipv6-down b/debian/extra/ipv6-down new file mode 100755 index 0000000..3cef511 --- /dev/null +++ b/debian/extra/ipv6-down @@ -0,0 +1,28 @@ +#!/bin/sh + +# These variables are for the use of the scripts run by run-parts. +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + +# The environment is cleared before executing this script. +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH + +# If /var/log/ppp-ipupdown.log exists use it for logging. +if [ -e /var/log/ppp-ipupdown.log ]; then + exec >> /var/log/ppp-ipupdown.log 2>&1 +fi + +# This script can be used to override the .d files supplied by other packages. +if [ -x /etc/ppp/ipv6-down.local ]; then + exec /etc/ppp/ipv6-down.local "$@" +fi + +run-parts /etc/ppp/ipv6-down.d \ + --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6" + diff --git a/debian/extra/ipv6-up b/debian/extra/ipv6-up new file mode 100755 index 0000000..05c4e75 --- /dev/null +++ b/debian/extra/ipv6-up @@ -0,0 +1,35 @@ +#!/bin/sh + +# These variables are for the use of the scripts run by run-parts. +PPP_IFACE="$1" +PPP_TTY="$2" +PPP_SPEED="$3" +PPP_LOCAL="$4" +PPP_REMOTE="$5" +PPP_IPPARAM="$6" +export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM + +# The environment is cleared before executing this script. +PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin +export PATH + +# If /var/log/ppp-ipupdown.log exists use it for logging. +if [ -e /var/log/ppp-ipupdown.log ]; then + exec >> /var/log/ppp-ipupdown.log 2>&1 +fi + +# This script can be used to override the .d files supplied by other packages. +if [ -x /etc/ppp/ipv6-up.local ]; then + exec /etc/ppp/ipv6-up.local "$@" +fi + +run-parts /etc/ppp/ipv6-up.d \ + --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6" + +# if pon was called with the "quick" argument, stop pppd +if [ -e /var/run/ppp-quick ]; then + rm /var/run/ppp-quick + wait + kill $PPPD_PID +fi + diff --git a/debian/extra/lib/Debian/Debhelper/Sequence/ppp.pm b/debian/extra/lib/Debian/Debhelper/Sequence/ppp.pm new file mode 100644 index 0000000..db4abc5 --- /dev/null +++ b/debian/extra/lib/Debian/Debhelper/Sequence/ppp.pm @@ -0,0 +1,10 @@ +#!/usr/bin/perl +use strict; +use warnings; +use Debian::Debhelper::Dh_Lib; + +# dh_ppp runs unconditionally, and before dh_gencontrol, so that the latter can +# use the substvars that are put into place by the former. +insert_before("dh_gencontrol", "dh_ppp"); + +1; diff --git a/debian/extra/options b/debian/extra/options new file mode 100644 index 0000000..706647d --- /dev/null +++ b/debian/extra/options @@ -0,0 +1,348 @@ +# /etc/ppp/options +# +# Originally created by Jim Knoble +# Modified for Debian by alvar Bray +# Modified for PPP Server setup by Christoph Lameter +# +# To quickly see what options are active in this file, use this command: +# egrep -v '#|^ *$' /etc/ppp/options + +# Specify which DNS Servers the incoming Win95 or WinNT Connection should use +# Two Servers can be remotely configured +# ms-dns 192.168.1.1 +# ms-dns 192.168.1.2 + +# Specify which WINS Servers the incoming connection Win95 or WinNT should use +# ms-wins 192.168.1.50 +# ms-wins 192.168.1.51 + +# Run the executable or shell command specified after pppd has +# terminated the link. This script could, for example, issue commands +# to the modem to cause it to hang up if hardware modem control signals +# were not available. +#disconnect "chat -- \d+++\d\c OK ath0 OK" + +# async character map -- 32-bit hex; each bit is a character +# that needs to be escaped for pppd to receive it. 0x00000001 +# represents '\x01', and 0x80000000 represents '\x1f'. +asyncmap 0 + +# Require the peer to authenticate itself before allowing network +# packets to be sent or received. +# Please do not disable this setting. It is expected to be standard in +# future releases of pppd. Use the call option (see manpage) to disable +# authentication for specific peers. +auth + +# Use hardware flow control (i.e. RTS/CTS) to control the flow of data +# on the serial port. +crtscts + +# Use software flow control (i.e. XON/XOFF) to control the flow of data +# on the serial port. +#xonxoff + +# Specifies that certain characters should be escaped on transmission +# (regardless of whether the peer requests them to be escaped with its +# async control character map). The characters to be escaped are +# specified as a list of hex numbers separated by commas. Note that +# almost any character can be specified for the escape option, unlike +# the asyncmap option which only allows control characters to be +# specified. The characters which may not be escaped are those with hex +# values 0x20 - 0x3f or 0x5e. +#escape 11,13,ff + +# Don't use the modem control lines. +#local + +# Specifies that pppd should use a UUCP-style lock on the serial device +# to ensure exclusive access to the device. +lock + +# Don't show the passwords when logging the contents of PAP packets. +# This is the default. +hide-password + +# When logging the contents of PAP packets, this option causes pppd to +# show the password string in the log message. +#show-password + +# Use the modem control lines. On Ultrix, this option implies hardware +# flow control, as for the crtscts option. (This option is not fully +# implemented.) +modem + +# Set the MRU [Maximum Receive Unit] value to for negotiation. pppd +# will ask the peer to send packets of no more than bytes. The +# minimum MRU value is 128. The default MRU value is 1500. A value of +# 296 is recommended for slow links (40 bytes for TCP/IP header + 256 +# bytes of data). +#mru 542 + +# Set the interface netmask to , a 32 bit netmask in "decimal dot" +# notation (e.g. 255.255.255.0). +#netmask 255.255.255.0 + +# Disables the default behaviour when no local IP address is specified, +# which is to determine (if possible) the local IP address from the +# hostname. With this option, the peer will have to supply the local IP +# address during IPCP negotiation (unless it specified explicitly on the +# command line or in an options file). +#noipdefault + +# Enables the "passive" option in the LCP. With this option, pppd will +# attempt to initiate a connection; if no reply is received from the +# peer, pppd will then just wait passively for a valid LCP packet from +# the peer (instead of exiting, as it does without this option). +#passive + +# With this option, pppd will not transmit LCP packets to initiate a +# connection until a valid LCP packet is received from the peer (as for +# the "passive" option with old versions of pppd). +#silent + +# Don't request or allow negotiation of any options for LCP and IPCP +# (use default values). +#-all + +# Disable Address/Control compression negotiation (use default, i.e. +# address/control field disabled). +#-ac + +# Disable asyncmap negotiation (use the default asyncmap, i.e. escape +# all control characters). +#-am + +# Don't fork to become a background process (otherwise pppd will do so +# if a serial device is specified). +#-detach + +# Disable IP address negotiation (with this option, the remote IP +# address must be specified with an option on the command line or in +# an options file). +#-ip + +# Disable IPCP negotiation and IP communication. This option should +# only be required if the peer is buggy and gets confused by requests +# from pppd for IPCP negotiation. +#noip + +# Disable magic number negotiation. With this option, pppd cannot +# detect a looped-back line. +#-mn + +# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e. +# 1500). +#-mru + +# Disable protocol field compression negotiation (use default, i.e. +# protocol field compression disabled). +#-pc + +# Require the peer to authenticate itself using PAP. +#+pap + +# Don't agree to authenticate using PAP. +#-pap + +# Require the peer to authenticate itself using CHAP [Cryptographic +# Handshake Authentication Protocol] authentication. +#+chap + +# Don't agree to authenticate using CHAP. +#-chap + +# Disable negotiation of Van Jacobson style IP header compression (use +# default, i.e. no compression). +#-vj + +# Increase debugging level (same as -d). If this option is given, pppd +# will log the contents of all control packets sent or received in a +# readable form. The packets are logged through syslog with facility +# daemon and level debug. This information can be directed to a file by +# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If +# pppd is compiled with extra debugging enabled, it will log messages +# using facility local2 instead of daemon). +#debug + +# Append the domain name to the local host name for authentication +# purposes. For example, if gethostname() returns the name porsche, +# but the fully qualified domain name is porsche.Quotron.COM, you would +# use the domain option to set the domain name to Quotron.COM. +#domain + +# Enable debugging code in the kernel-level PPP driver. The argument n +# is a number which is the sum of the following values: 1 to enable +# general debug messages, 2 to request that the contents of received +# packets be printed, and 4 to request that the contents of transmitted +# packets be printed. +#kdebug n + +# Set the MTU [Maximum Transmit Unit] value to . Unless the peer +# requests a smaller value via MRU negotiation, pppd will request that +# the kernel networking code send data packets of no more than n bytes +# through the PPP network interface. +#mtu + +# Set the name of the local system for authentication purposes to . +# This is a privileged option. With this option, pppd will use lines in the +# secrets files which have as the second field when looking for a +# secret to use in authenticating the peer. In addition, unless overridden +# with the user option, will be used as the name to send to the peer +# when authenticating the local system to the peer. (Note that pppd does +# not append the domain name to .) +#name + +# Enforce the use of the hostname as the name of the local system for +# authentication purposes (overrides the name option). +#usehostname + +# Set the assumed name of the remote system for authentication purposes +# to . +#remotename + +# Add an entry to this system's ARP [Address Resolution Protocol] +# table with the IP address of the peer and the Ethernet address of this +# system. +#proxyarp + +# Use the system password database for authenticating the peer using +# PAP. Note: mgetty already provides this option. If this is specified +# then dialin from users using a script under Linux to fire up ppp wont work. +# login + +# If this option is given, pppd will send an LCP echo-request frame to the +# peer every n seconds. Normally the peer should respond to the echo-request +# by sending an echo-reply. This option can be used with the +# lcp-echo-failure option to detect that the peer is no longer connected. +lcp-echo-interval 30 + +# If this option is given, pppd will presume the peer to be dead if n +# LCP echo-requests are sent without receiving a valid LCP echo-reply. +# If this happens, pppd will terminate the connection. Use of this +# option requires a non-zero value for the lcp-echo-interval parameter. +# This option can be used to enable pppd to terminate after the physical +# connection has been broken (e.g., the modem has hung up) in +# situations where no hardware modem control lines are available. +lcp-echo-failure 4 + +# Set the LCP restart interval (retransmission timeout) to seconds +# (default 3). +#lcp-restart + +# Set the maximum number of LCP terminate-request transmissions to +# (default 3). +#lcp-max-terminate + +# Set the maximum number of LCP configure-request transmissions to +# (default 10). +#lcp-max-configure + +# Set the maximum number of LCP configure-NAKs returned before starting +# to send configure-Rejects instead to (default 10). +#lcp-max-failure + +# Set the IPCP restart interval (retransmission timeout) to +# seconds (default 3). +#ipcp-restart + +# Set the maximum number of IPCP terminate-request transmissions to +# (default 3). +#ipcp-max-terminate + +# Set the maximum number of IPCP configure-request transmissions to +# (default 10). +#ipcp-max-configure + +# Set the maximum number of IPCP configure-NAKs returned before starting +# to send configure-Rejects instead to (default 10). +#ipcp-max-failure + +# Set the PAP restart interval (retransmission timeout) to seconds +# (default 3). +#pap-restart + +# Set the maximum number of PAP authenticate-request transmissions to +# (default 10). +#pap-max-authreq + +# Set the maximum time that pppd will wait for the peer to authenticate +# itself with PAP to seconds (0 means no limit). +#pap-timeout + +# Set the CHAP restart interval (retransmission timeout for +# challenges) to seconds (default 3). +#chap-restart + +# Set the maximum number of CHAP challenge transmissions to +# (default 10). +#chap-max-challenge + +# If this option is given, pppd will rechallenge the peer every +# seconds. +#chap-interval + +# With this option, pppd will accept the peer's idea of our local IP +# address, even if the local IP address was specified in an option. +#ipcp-accept-local + +# With this option, pppd will accept the peer's idea of its (remote) IP +# address, even if the remote IP address was specified in an option. +#ipcp-accept-remote + +# Disable the IPXCP and IPX protocols. +# To let pppd pass IPX packets comment this out --- you'll probably also +# want to install ipxripd, and have the Internal IPX Network option enabled +# in your kernel. /usr/doc/HOWTO/IPX-HOWTO.gz contains more info. +noipx + +# Exit once a connection has been made and terminated. This is the default, +# unless the `persist' or `demand' option has been specified. +#nopersist + +# Do not exit after a connection is terminated; instead try to reopen +# the connection. +#persist + +# Terminate after n consecutive failed connection attempts. +# A value of 0 means no limit. The default value is 10. +#maxfail + +# Initiate the link only on demand, i.e. when data traffic is present. +# With this option, the remote IP address must be specified by the user on +# the command line or in an options file. Pppd will initially configure +# the interface and enable it for IP traffic without connecting to the peer. +# When traffic is available, pppd will connect to the peer and perform +# negotiation, authentication, etc. When this is completed, pppd will +# commence passing data packets (i.e., IP packets) across the link. +#demand + +# Specifies that pppd should disconnect if the link is idle for seconds. +# The link is idle when no data packets (i.e. IP packets) are being sent or +# received. Note: it is not advisable to use this option with the persist +# option without the demand option. If the active-filter option is given, +# data packets which are rejected by the specified activity filter also +# count as the link being idle. +#idle + +# Specifies how many seconds to wait before re-initiating the link after +# it terminates. This option only has any effect if the persist or demand +# option is used. The holdoff period is not applied if the link was +# terminated because it was idle. +#holdoff + +# Wait for up n milliseconds after the connect script finishes for a valid +# PPP packet from the peer. At the end of this time, or when a valid PPP +# packet is received from the peer, pppd will commence negotiation by +# sending its first LCP packet. The default value is 1000 (1 second). +# This wait period only applies if the connect or pty option is used. +#connect-delay + +# Packet filtering: for more information, see pppd(8) +# Any packets matching the filter expression will be interpreted as link +# activity, and will cause a "demand" connection to be activated, and reset +# the idle connection timer. (idle option) +# The filter expression is akin to that of tcpdump(1) +#active-filter + +# ------ diff --git a/debian/extra/options.ttyXX b/debian/extra/options.ttyXX new file mode 100644 index 0000000..f4b1f5b --- /dev/null +++ b/debian/extra/options.ttyXX @@ -0,0 +1,22 @@ +# If you need to set up multiple serial lines differently, then copy this +# file to options. for each with a modem on it. +# +# Example: +# options.ttyS1 for the second serial port (a.k.a. COM2) +# +# Edit the following line so that the first IP address mentioned is the +# IP address or name of your host, while the second is the IP address +# or name of the remote machine. + +hostname:remotepeername +# 192.168.0.1:192.168.0.2 + +# You may also put additional settings in each file, just like in the +# general options file. For example: +# +# noauth +# debug +# defaultroute +# mtu 296 +# +# Read pppd(8) for more information. diff --git a/debian/extra/pap-secrets b/debian/extra/pap-secrets new file mode 100644 index 0000000..197f13b --- /dev/null +++ b/debian/extra/pap-secrets @@ -0,0 +1,43 @@ +# +# /etc/ppp/pap-secrets +# +# This is a pap-secrets file to be used with the AUTO_PPP function of +# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option +# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn) +# after a user has passed this file. Don't be disturbed therefore by the fact +# that this file defines logins with any password for users. /etc/passwd +# (again, /etc/shadow, too) will catch passwd mismatches. +# +# This file should block ALL users that should not be able to do AUTO_PPP. +# AUTO_PPP bypasses the usual login program so it's necessary to list all +# system userids with regular passwords here. +# +# ATTENTION: The definitions here can allow users to login without a +# password if you don't use the login option of pppd! The mgetty Debian +# package already provides this option; make sure you don't change that. + +# INBOUND connections + +# Every regular user can use PPP and has to use passwords from /etc/passwd +* hostname "" * + +# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any +# other accounts that should not be able to use pppd! +guest hostname "*" - +master hostname "*" - +root hostname "*" - +support hostname "*" - +stats hostname "*" - + +# OUTBOUND connections + +# Here you should add your userid password to connect to your providers via +# PAP. The * means that the password is to be used for ANY host you connect +# to. Thus you do not have to worry about the foreign machine name. Just +# replace password with your password. +# If you have different providers with different passwords then you better +# remove the following line. + +#-HOSTNAME- * password + + diff --git a/debian/extra/peers-gprs b/debian/extra/peers-gprs new file mode 100644 index 0000000..56a2421 --- /dev/null +++ b/debian/extra/peers-gprs @@ -0,0 +1,39 @@ +# example configuration for a GPRS/UMTS/HDSPA connection +# +# See the manual page pppd(8) for information on all the options. + +# If your carrier requires authentication, uncomment this directive and +# replace myusername@realm with the login name provided by them. +# If authentication is used, there should be a matching entry with the +# password in /etc/ppp/pap-secrets and/or /etc/ppp/chap-secrets. +#user "myusername@realm" + +# MUST CHANGE: replace ******** with the APN name specific to your +# mobile carrier and data plan. +# The /etc/chatscripts/gprs chat script may be modified to change the +# modem initialization string. +connect "/usr/sbin/chat -v -f /etc/chatscripts/gprs -T ********" + +# Serial device to which the modem is connected. +/dev/modem + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +defaultroute + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + +# Disable some PPP protocol features which are usually not supported by +# mobile carriers. +novj +novjccomp +noccp +nomagic + diff --git a/debian/extra/peers-pppoa b/debian/extra/peers-pppoa new file mode 100644 index 0000000..eaf0938 --- /dev/null +++ b/debian/extra/peers-pppoa @@ -0,0 +1,32 @@ +# example configuration for the kernel space PPP over ATM driver +# +# See the manual page pppd(8) for information on all the options. + +# MUST CHANGE: replace myusername@realm with the PPP login name given to +# your by your provider. +# There should be a matching entry with the password in /etc/ppp/pap-secrets +# and/or /etc/ppp/chap-secrets. +user "myusername@realm" + +# Load the PPPoA plugin. +plugin pppoatm.so + +# VP.VC pair used by your ISP. +8.35 + +# Enable this option if your ISP uses PPPoA with LLC encapsulation. +#llc-encaps + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +defaultroute + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + diff --git a/debian/extra/peers-pppoe b/debian/extra/peers-pppoe new file mode 100644 index 0000000..b680f8d --- /dev/null +++ b/debian/extra/peers-pppoe @@ -0,0 +1,29 @@ +# example configuration for the kernel space PPP over Ethernet driver +# +# See the manual page pppd(8) for information on all the options. + +# MUST CHANGE: replace myusername@realm with the PPP login name given to +# your by your provider. +# There should be a matching entry with the password in /etc/ppp/pap-secrets +# and/or /etc/ppp/chap-secrets. +user "myusername@realm" + +# Load the PPPoE plugin. +plugin rp-pppoe.so + +# Ethernet interface to which the modem is connected. +eth0 + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +defaultroute + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + diff --git a/debian/extra/per-linkname b/debian/extra/per-linkname new file mode 100644 index 0000000..8b65e6c --- /dev/null +++ b/debian/extra/per-linkname @@ -0,0 +1,33 @@ +Date: Mon, 06 Oct 2003 16:00:25 +0200 +From: Eyal Rozenberg +Subject: ppp per-linkname script dir + +(I'm writing you as the maintainer of the Debian ppp package) + +On my system, I sometime find it necessary to run different commands for +different peers/providers after the ppp connection, like specific +complex routing configuration, etc. To do so I have added the files +/etc/ppp/ip-up.d/00peer-specific and /etc/ppp/ip-down.d/00peer-specific +whose contents is: +------------------------------------------------------------------ + +#!/bin/bash +# +# run peer-specific (or, rather, 'link-name' specific) scripts + +if [ -n "$LINKNAME" ] ; then + run-parts /etc/ppp/ip-up.d/$LINKNAME +fi + +exit 0 + +------------------------------------------------------------------ + +and the same thing for if-down.d (but with its respective directory +name). To use these, one must set the linkname pppd option in the files +under /etc/ppp/peers - but that's a good idea anyway. + +Perhaps you would consider adding such files to the ppp package. + +Eyal Rozenberg + diff --git a/debian/extra/plog b/debian/extra/plog new file mode 100644 index 0000000..84d2c73 --- /dev/null +++ b/debian/extra/plog @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -s /var/log/ppp.log ]; then + exec tail "$@" /var/log/ppp.log +else + exec tail "$@" /var/log/syslog | grep ' \(pppd\|chat\)\[' +fi diff --git a/debian/extra/poff b/debian/extra/poff new file mode 100644 index 0000000..c95de74 --- /dev/null +++ b/debian/extra/poff @@ -0,0 +1,107 @@ +#!/bin/sh + +# $Id: poff,v 1.8 1999/08/28 16:34:51 phil Exp $ +# Written by John Hasler and based on work +# by Phil Hands . Distributed under the GNU GPL + +if [ -x /usr/bin/kill ]; then + KILL="/usr/bin/kill" +else + KILL="/bin/kill" +fi +SIG=TERM +DONE="stopped" +MODE="" + +usage () +{ + cat < pon.txt +.\" +.TH PON 1 "July 2000" "Debian Project" "Debian PPPD" +.SH NAME +pon, poff, plog \- starts up, shuts down or lists the log of PPP connections +.SH SYNOPSIS +.B pon +[ isp\-name [ options ] ] +.br +.B poff +[ \-r ] [ \-d ] [ \-c ] [ \-a ] [ \-h ] [ isp\-name ] +.br +.B plog +[ arguments ] +.SH DESCRIPTION +This manual page describes the \fBpon\fP, \fBplog\fP and \fBpoff\fP +scripts, which allow users to control PPP connections. +.PP +.SS pon +\fBpon\fP, invoked without arguments, runs the \fI/etc/ppp/ppp_on_boot\fP +file, if it exists and is executable. Otherwise, a PPP connection will be +started using configuration from \fI/etc/ppp/peers/provider\fP. +This is the default behaviour unless an \fBisp\-name\fP argument is given. +.PP +For instance, to use ISP configuration "myisp" run: +.IP +pon myisp +.PP +\fBpon\fP will then use the options file \fI/etc/ppp/peers/myisp\fP. +You can pass additional \fBpppd options\fP after the ISP name, too. +\fBpon\fP can be used to run multiple, simultaneous PPP connections. +.PP +\fBpon\fP takes the following command line options: +.RS +.TP +.B "\-q" "\-\-quick" +disconnect when ip\-up finishes running. +This function is only available to the \fIroot\fP user. +.SS poff +\fBpoff\fP closes a PPP connection. If more than one PPP connection exists, +the one named in the argument to \fBpoff\fP will be killed, e.g. +.IP +poff myprovider2 +.PP +will terminate the connection to myprovider2, and leave the PPP connections +to e.g. "myprovider1" or "myprovider3" up and running. +.PP +\fBpoff\fP takes the following command line options: +.RS +.TP +.B "\-r" +causes the connection to be redialed after it is dropped. +.TP +.B "\-d" +toggles the state of pppd's debug option. +.TP +.B "\-c" +causes +.BR pppd (8) +to renegotiate compression. +.TP +.B "\-a" +stops all running ppp connections. If the argument \fBisp\-name\fP +is given it will be ignored. +.TP +.B "\-h" +displays help information. +.TP +.B "\-v" +prints the version and exits. +.PP +If no argument is given, \fBpoff\fP will stop or signal pppd if and only +if there is exactly one running. If more than one connection is active, +it will exit with an error code of 1. +.PP +.SS plog +\fBplog\fP shows you the last few lines of \fI/var/log/ppp.log\fP. If that +file doesn't exist, it shows you the last few lines of your +\fI/var/log/syslog\fP file, but excluding the lines not generated by pppd. +This script makes use of the +.BR tail (1) +command, so arguments that can be passed to +.BR tail (1) +can also be passed to \fBplog\fP. +.PP +Note: the \fBplog\fP script can only be used by root or another system +administrator in group "adm", due to security reasons. Also, to have all +pppd-generated information in one logfile, that plog can show, you need the +following line in your \fI/etc/syslog.conf\fP file: +.PP +local2.* \-/var/log/ppp.log +.RE +.SH FILES +.TP +.I /etc/ppp/options +PPPd system options file. +.TP +.I /etc/ppp/pap\-secrets +System PAP passwords file. +.TP +.I /etc/ppp/chap\-secrets +System CHAP passwords file. +.TP +.I /etc/ppp/peers/ +Directory holding the peer options files. The default file is called +\fIprovider\fP. +.TP +.I /etc/chatscripts/provider +The chat script invoked from the default \fI/etc/ppp/peers/provider\fP. +.TP +.I /var/log/ppp.log +The default PPP log file. +.SH AUTHORS +The p-commands were written by Christoph Lameter . +Updated and revised by Philip Hands . +.br +This manual was written by Othmar Pasteka . Modified +by Rob Levin , with some extensions taken from +the old p-commands manual written by John Hasler . +.SH "SEE ALSO" +.BR pppd (8), +.BR chat (8), +.BR tail (1). diff --git a/debian/extra/popp b/debian/extra/popp new file mode 100644 index 0000000..4b1addf --- /dev/null +++ b/debian/extra/popp @@ -0,0 +1,33 @@ +#!/usr/bin/perl -w +# +# popp connects to your provider and returns. You are able to +# see pppd proceed dialing. Once the connection is +# established pppd returns. +# +# Exit Status: taken from pppd +# +# Example: popp && mailsync +# +# This will dial your default provider, you will see pppd +# progress and as soon as the connection's established, your +# mail will get synchronized +# +# Version: 0.1 28-Dec-2001 "Tomas Pospisek" + +use strict; + +my $ret; + +my $pid = fork(); + +unless ($pid) { + # child + exec "plog -f"; +} else { + # parent + my $provider = "provider" unless @ARGV; + $ret = system "pon $provider @ARGV updetach"; + kill "SIGTERM", $pid; +}; + +exit $ret / 256; # perlbizzare diff --git a/debian/extra/pppoe-discovery.8 b/debian/extra/pppoe-discovery.8 new file mode 100644 index 0000000..6aa28be --- /dev/null +++ b/debian/extra/pppoe-discovery.8 @@ -0,0 +1,86 @@ +.\" pppoe-discovery.8 written by +.\" Ben Hutchings , based on pppoe.8. +.\" Licenced under the GPL version 2 or later. +.TH PPPOE-DISCOVERY 8 "22 January 2006" +.SH NAME +pppoe\-discovery \- perform PPPoE discovery +.SH SYNOPSIS +.B pppoe\-discovery +[ +.I options +] +.br +.BR pppoe\-discovery " { " \-V " | " \-h " }" +.SH DESCRIPTION +.LP +\fBpppoe\-discovery\fR performs the same discovery process as +\fBpppoe\fR, but does not initiate a session. +It sends a PADI packet and then prints the names of access +concentrators in each PADO packet it receives. +.SH OPTIONS +.TP +.BI \-I " interface" +.RS +The \fB\-I\fR option specifies the Ethernet interface to use. +Under Linux, it is typically eth0 or eth1. +The interface should be \(lqup\(rq before you start +\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an +IP address. +The default interface is eth0. +.RE +.TP +.BI \-D " file_name" +.RS +The \fB\-D\fR option causes every packet to be dumped to the specified +\fIfile_name\fR. +This is intended for debugging only. +.RE +.TP +.B \-U +.RS +Causes \fBpppoe\-discovery\fR to use the Host-Uniq tag in its discovery +packets. +This lets you run multiple instances of \fBpppoe\-discovery\fR and/or +\fBpppoe\fR without having their discovery packets interfere with one +another. +You must supply this option to \fIall\fR instances that you intend to +run simultaneously. +.RE +.TP +.BI \-S " service_name" +.RS +Specifies the desired service name. +\fBpppoe\-discovery\fR will only accept access concentrators which can +provide the specified service. +In most cases, you should \fInot\fR specify this option. +Use it only if you know that there are multiple access concentrators +or know that you need a specific service name. +.RE +.TP +.BI \-C " ac_name" +.RS +Specifies the desired access concentrator name. +\fBpppoe\-discovery\fR will only accept the specified access +concentrator. +In most cases, you should \fInot\fR specify this option. +Use it only if you know that there are multiple access concentrators. +If both the \fB\-S\fR and \fB\-C\fR options are specified, they must +\fIboth\fR match. +.RE +.TP +.B \-A +.RS +This option is accepted for compatibility with \fBpppoe\fR, but has no +effect. +.RE +.TP +.BR \-V " | " \-h +.RS +Either of these options causes \fBpppoe\-discovery\fR to print its +version number and usage information, then exit. +.RE +.SH AUTHORS +\fBpppoe\-discovery\fR was written by Marco d'Itri , +based on \fBpppoe\fR by David F. Skoll . +.SH SEE ALSO +pppoe(8), pppoe-sniff(8) diff --git a/debian/extra/provider.chatscript b/debian/extra/provider.chatscript new file mode 100644 index 0000000..3b34837 --- /dev/null +++ b/debian/extra/provider.chatscript @@ -0,0 +1,19 @@ +# This is the chat script used to dial out to your default service provider. +# Please customize the entries enclosed in parenthesis to match your setup. +# Only the "provider" file will be handled by poff and pon (unless with +# extra command line arguments). +# +# Remember to edit /etc/ppp/peers/provider accordingly. +# +# ATZW2 as a default init string +# - On all hayes compatible modems, W2 will correctly report the connect +# speed. +# +ABORT BUSY +ABORT "NO CARRIER" +ABORT VOICE +ABORT "NO DIALTONE" +"" ATZW2 +OK ATDT +ogin +word \q diff --git a/debian/extra/provider.peer b/debian/extra/provider.peer new file mode 100644 index 0000000..e74d71a --- /dev/null +++ b/debian/extra/provider.peer @@ -0,0 +1,35 @@ +# example configuration for a dialup connection authenticated with PAP or CHAP +# +# This is the default configuration used by pon(1) and poff(1). +# See the manual page pppd(8) for information on all the options. + +# MUST CHANGE: replace myusername@realm with the PPP login name given to +# your by your provider. +# There should be a matching entry with the password in /etc/ppp/pap-secrets +# and/or /etc/ppp/chap-secrets. +user "myusername@realm" + +# MUST CHANGE: replace ******** with the phone number of your provider. +# The /etc/chatscripts/pap chat script may be modified to change the +# modem initialization string. +connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********" + +# Serial device to which the modem is connected. +/dev/modem + +# Speed of the serial line. +115200 + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +defaultroute + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + diff --git a/debian/extra/udeb/ip-up b/debian/extra/udeb/ip-up new file mode 100755 index 0000000..aad760a --- /dev/null +++ b/debian/extra/udeb/ip-up @@ -0,0 +1,13 @@ +#!/bin/sh +# adds the DNS servers got via ppp to the global resolv.conf +# License: GPL +# Copyright Eddy Petrișor 2006 + +umask 0022 # normally ran by pppd with 0077 +: >> /etc/resolv.conf +MARK='added by D-I (pppd)' +cp /etc/resolv.conf /tmp/resolv.conf.tmp +sed "/#$MARK/d" /tmp/resolv.conf.tmp > /etc/resolv.conf +rm -f /tmp/resolv.conf.tmp +[ "$DNS1" ] && echo "nameserver $DNS1 #$MARK" >> /etc/resolv.conf +[ "$DNS2" ] && echo "nameserver $DNS2 #$MARK" >> /etc/resolv.conf diff --git a/debian/extra/udeb/options b/debian/extra/udeb/options new file mode 100644 index 0000000..24b085c --- /dev/null +++ b/debian/extra/udeb/options @@ -0,0 +1,8 @@ +asyncmap 0 +auth +crtscts +lock +hide-password +modem +lcp-echo-interval 30 +lcp-echo-failure 4 diff --git a/debian/extra/udeb/post-base-installer.d/30ppp b/debian/extra/udeb/post-base-installer.d/30ppp new file mode 100755 index 0000000..58d0d08 --- /dev/null +++ b/debian/extra/udeb/post-base-installer.d/30ppp @@ -0,0 +1,16 @@ +#!/bin/sh -e +# Configure ppp for the target system +# Note: netcfg takes care of general networking configuration files + +# We can only do this after ppp has been installed to ensure correct permissions +apt-install ppp || true + +if [ ! -d /target/etc/ppp/peers ]; then + logger -t ppp-udeb "Error: directory /target/etc/ppp/peers does not exist" + logger -t ppp-udeb "There may have been an error installing ppp" + exit 1 +fi + +# We copy over already existing files, so permissions are preserved +cp /etc/ppp/*-secrets /target/etc/ppp/ +cp /etc/ppp/peers/provider /target/etc/ppp/peers/ diff --git a/debian/extra/userscripts-down b/debian/extra/userscripts-down new file mode 100644 index 0000000..6162626 --- /dev/null +++ b/debian/extra/userscripts-down @@ -0,0 +1,7 @@ +#!/bin/sh -e + +getent passwd | awk -F: '{print $1 " " $6}' | \ +while read user home; do + [ -x $home/.ip-up.d/ ] && su $user run-parts $home/.ip-up.d/ +done + diff --git a/debian/extra/userscripts-up b/debian/extra/userscripts-up new file mode 100644 index 0000000..6162626 --- /dev/null +++ b/debian/extra/userscripts-up @@ -0,0 +1,7 @@ +#!/bin/sh -e + +getent passwd | awk -F: '{print $1 " " $6}' | \ +while read user home; do + [ -x $home/.ip-up.d/ ] && su $user run-parts $home/.ip-up.d/ +done + diff --git a/debian/gen_substvars_dev b/debian/gen_substvars_dev new file mode 100755 index 0000000..eb0cd2d --- /dev/null +++ b/debian/gen_substvars_dev @@ -0,0 +1,17 @@ +#!/bin/sh + +if [ $# -ne 2 ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +UPSTREAM=$1 +ABI=$2 +ABI_NEXT=$(($ABI + 1)) +PKG="ppp" + +cat <= ${UPSTREAM}-${ABI}+~), ${PKG} (<< ${UPSTREAM}-${ABI_NEXT}~) +${PKG}:Breaks=${PKG} (<< ${UPSTREAM}-${ABI}+~), ${PKG} (>= ${UPSTREAM}-${ABI_NEXT}~) +${PKG}:PluginDir=/usr/lib/pppd/${UPSTREAM} +EOF diff --git a/debian/patches/0001-abort-on-errors-in-subdir-builds.patch b/debian/patches/0001-abort-on-errors-in-subdir-builds.patch new file mode 100644 index 0000000..8b0d09e --- /dev/null +++ b/debian/patches/0001-abort-on-errors-in-subdir-builds.patch @@ -0,0 +1,48 @@ +From 5e90783d11a59268e05f4cfb29ce2343b13e8ab2 Mon Sep 17 00:00:00 2001 +From: Martin von Gagern +Date: Sat, 9 Aug 2014 22:44:45 -0400 +Subject: [PATCH 01/16] abort on errors in subdir builds + +The current recursive loops do not check the exit status of make +in subdirs which leads to `make` passing even when a subdir failed +to compile or install. + +URL: https://bugs.gentoo.org/334727 +Signed-off-by: Martin von Gagern +Signed-off-by: Mike Frysinger +--- + pppd/plugins/Makefile.linux | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux +index ab8cf50d9472..8a90e393a057 100644 +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -27,7 +27,7 @@ include .depend + endif + + all: $(PLUGINS) +- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done ++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit $$?; done + + %.so: %.c + $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ +@@ -37,12 +37,12 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h) + install: $(PLUGINS) + $(INSTALL) -d $(LIBDIR) + $(INSTALL) $? $(LIBDIR) +- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install; done ++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install || exit $$?; done + + clean: + rm -f *.o *.so *.a +- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean; done ++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean || exit $$?; done + + depend: + $(CPP) -M $(CFLAGS) *.c >.depend +- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend; done ++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend || exit $$?; done +-- +2.15.1 + diff --git a/debian/patches/0002-pppd-add-support-for-defaultroute-metric-option.patch b/debian/patches/0002-pppd-add-support-for-defaultroute-metric-option.patch new file mode 100644 index 0000000..f80d27a --- /dev/null +++ b/debian/patches/0002-pppd-add-support-for-defaultroute-metric-option.patch @@ -0,0 +1,165 @@ +From 35e5a569c988b1ff865b02a24d9a727a00db4da9 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Tue, 3 Jun 2014 08:53:47 +0000 +Subject: [PATCH 02/16] pppd: add support for defaultroute-metric option + +This allows user to specify the 'metric' (or 'prio') for the default +route set by pppd. This is useful in multi-ISP setups where there +might be more than one default gateway. + +Signed-off-by: Natanael Copa +--- + pppd/options.c | 5 +++++ + pppd/pppd.8 | 6 ++++++ + pppd/sys-linux.c | 28 +++++++++++++++++++--------- + 3 files changed, 30 insertions(+), 9 deletions(-) + +diff --git a/pppd/options.c b/pppd/options.c +index 45fa742cd9ce..ca3f8750c8bb 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -121,6 +121,7 @@ bool dryrun; /* print out option values and exit */ + char *domain; /* domain name set by domain option */ + int child_wait = 5; /* # seconds to wait for children at exit */ + struct userenv *userenv_list; /* user environment variables */ ++int dfl_route_metric = -1; /* metric of the default route to set over the PPP link */ + + #ifdef MAXOCTETS + unsigned int maxoctets = 0; /* default - no limit */ +@@ -299,6 +300,10 @@ option_t general_options[] = { + "Unset user environment variable", + OPT_A2PRINTER | OPT_NOPRINT, (void *)user_unsetprint }, + ++ { "defaultroute-metric", o_int, &dfl_route_metric, ++ "Metric to use for the default route (Linux only; -1 for default behavior)", ++ OPT_PRIV|OPT_LLIMIT|OPT_INITONLY, NULL, 0, -1 }, ++ + #ifdef HAVE_MULTILINK + { "multilink", o_bool, &multilink, + "Enable multilink operation", OPT_PRIO | 1 }, +diff --git a/pppd/pppd.8 b/pppd/pppd.8 +index e2768b135273..c508d277df3a 100644 +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -121,6 +121,12 @@ the gateway, when IPCP negotiation is successfully completed. + This entry is removed when the PPP connection is broken. This option + is privileged if the \fInodefaultroute\fR option has been specified. + .TP ++.B defaultroute-metric ++Define the metric of the \fIdefaultroute\fR and only add it if there ++is no other default route with the same metric. With the default ++value of -1, the route is only added if there is no default route at ++all. ++.TP + .B disconnect \fIscript + Execute the command specified by \fIscript\fR, by passing it to a + shell, after +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index 72a7727c403f..37bdda4d7818 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -232,7 +232,7 @@ static int baud_rate_of (int speed); + static void close_route_table (void); + static int open_route_table (void); + static int read_route_table (struct rtentry *rt); +-static int defaultroute_exists (struct rtentry *rt); ++static int defaultroute_exists (struct rtentry *rt, int metric); + static int get_ether_addr (u_int32_t ipaddr, struct sockaddr *hwaddr, + char *name, int namelen); + static void decode_version (char *buf, int *version, int *mod, int *patch); +@@ -242,6 +242,8 @@ static int make_ppp_unit(void); + + extern u_char inpacket_buf[]; /* borrowed from main.c */ + ++extern int dfl_route_metric; ++ + /* + * SET_SA_FAMILY - set the sa_family field of a struct sockaddr, + * if it exists. +@@ -1439,7 +1441,7 @@ static char *path_to_procfs(const char *tail) + FILE *route_fd = (FILE *) 0; + static char route_buffer[512]; + static int route_dev_col, route_dest_col, route_gw_col; +-static int route_flags_col, route_mask_col; ++static int route_flags_col, route_metric_col, route_mask_col; + static int route_num_cols; + + static int open_route_table (void); +@@ -1482,6 +1484,7 @@ static int open_route_table (void) + route_dest_col = 1; + route_gw_col = 2; + route_flags_col = 3; ++ route_metric_col = 6; + route_mask_col = 7; + route_num_cols = 8; + +@@ -1542,6 +1545,7 @@ static int read_route_table(struct rtentry *rt) + SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); + + rt->rt_flags = (short) strtoul(cols[route_flags_col], NULL, 16); ++ rt->rt_metric = (short) strtoul(cols[route_metric_col], NULL, 10); + rt->rt_dev = cols[route_dev_col]; + + return 1; +@@ -1550,9 +1554,10 @@ static int read_route_table(struct rtentry *rt) + /******************************************************************** + * + * defaultroute_exists - determine if there is a default route ++ * with the given metric (or negative for any) + */ + +-static int defaultroute_exists (struct rtentry *rt) ++static int defaultroute_exists (struct rtentry *rt, int metric) + { + int result = 0; + +@@ -1565,7 +1570,8 @@ static int defaultroute_exists (struct rtentry *rt) + + if (kernel_version > KVERSION(2,1,0) && SIN_ADDR(rt->rt_genmask) != 0) + continue; +- if (SIN_ADDR(rt->rt_dst) == 0L) { ++ if (SIN_ADDR(rt->rt_dst) == 0L && (metric < 0 ++ || rt->rt_metric == metric)) { + result = 1; + break; + } +@@ -1612,13 +1618,13 @@ int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) + { + struct rtentry rt; + +- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { ++ if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) { + if (rt.rt_flags & RTF_GATEWAY) +- error("not replacing existing default route via %I", +- SIN_ADDR(rt.rt_gateway)); ++ error("not replacing existing default route via %I with metric %d", ++ SIN_ADDR(rt.rt_gateway), dfl_route_metric); + else +- error("not replacing existing default route through %s", +- rt.rt_dev); ++ error("not replacing existing default route through %s with metric %d", ++ rt.rt_dev, dfl_route_metric); + return 0; + } + +@@ -1626,6 +1632,7 @@ int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) + SET_SA_FAMILY (rt.rt_dst, AF_INET); + + rt.rt_dev = ifname; ++ rt.rt_metric = dfl_route_metric + 1; /* +1 for binary compatibility */ + + if (kernel_version > KVERSION(2,1,0)) { + SET_SA_FAMILY (rt.rt_genmask, AF_INET); +@@ -1660,6 +1667,9 @@ int cifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) + + rt.rt_dev = ifname; + ++ rt.rt_dev = ifname; ++ rt.rt_metric = dfl_route_metric + 1; /* +1 for binary compatibility */ ++ + if (kernel_version > KVERSION(2,1,0)) { + SET_SA_FAMILY (rt.rt_genmask, AF_INET); + SIN_ADDR(rt.rt_genmask) = 0L; +-- +2.15.1 + diff --git a/debian/patches/0003-scripts-Avoid-killing-wrong-pppd.patch b/debian/patches/0003-scripts-Avoid-killing-wrong-pppd.patch new file mode 100644 index 0000000..2f143a1 --- /dev/null +++ b/debian/patches/0003-scripts-Avoid-killing-wrong-pppd.patch @@ -0,0 +1,29 @@ +From 67811a647d399db5d188a242827760615a0f86b5 Mon Sep 17 00:00:00 2001 +From: radaiming +Date: Sat, 13 Dec 2014 14:42:34 +0800 +Subject: [PATCH 03/16] scripts: Avoid killing wrong pppd + + poff could kill other pppd processes when there are many pppd + running on different serial port. + + Signed-off-by: Ming Dai +--- + scripts/poff | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/poff b/scripts/poff +index 3f55a7f40010..5b45d98a2b6a 100644 +--- a/scripts/poff ++++ b/scripts/poff +@@ -91,7 +91,7 @@ if test "$#" -eq 0 -o "$MODE" = "all" ; then + fi + + # There is an argument, so kill the pppd started on that provider. +-PID=`ps axw | grep "[ /]pppd call $1" | awk '{print $1}'` ++PID=`ps axw | grep "[ /]pppd call $1" | grep -w "$1" | awk '{print $1}'` + if test -n "$PID" ; then + $KILL -$SIG $PID || { + echo "$0: $KILL failed. None ${DONE}." +-- +2.15.1 + diff --git a/debian/patches/0004-pppd-Fix-sign-extension-when-displaying-bytes-in-oct.patch b/debian/patches/0004-pppd-Fix-sign-extension-when-displaying-bytes-in-oct.patch new file mode 100644 index 0000000..a5242b0 --- /dev/null +++ b/debian/patches/0004-pppd-Fix-sign-extension-when-displaying-bytes-in-oct.patch @@ -0,0 +1,30 @@ +From 5e8c3cb256a7e86e3572a82a75d51c6850efdbdc Mon Sep 17 00:00:00 2001 +From: "Philip A. Prindeville" +Date: Fri, 19 Dec 2014 17:52:58 -0700 +Subject: [PATCH 04/16] pppd: Fix sign-extension when displaying bytes in octal + +print_string() displays characters as \\%.03o but without first +casting it from "char" to "unsigned char" so it gets sign-extended +to an int. This causes output like \37777777630 instead of \230. + +Signed-off-by: Philip A. Prindeville +--- + pppd/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/utils.c b/pppd/utils.c +index 29bf970905d5..3ac1b60926d2 100644 +--- a/pppd/utils.c ++++ b/pppd/utils.c +@@ -625,7 +625,7 @@ print_string(p, len, printer, arg) + printer(arg, "\\t"); + break; + default: +- printer(arg, "\\%.3o", c); ++ printer(arg, "\\%.3o", (unsigned char) c); + } + } + } +-- +2.15.1 + diff --git a/debian/patches/0005-Suppress-false-error-message-on-PPPoE-disconnect.patch b/debian/patches/0005-Suppress-false-error-message-on-PPPoE-disconnect.patch new file mode 100644 index 0000000..af24658 --- /dev/null +++ b/debian/patches/0005-Suppress-false-error-message-on-PPPoE-disconnect.patch @@ -0,0 +1,33 @@ +From 219aac3b53d0827549377f1bfe22853ee52d4405 Mon Sep 17 00:00:00 2001 +From: Simon Farnsworth +Date: Sun, 1 Mar 2015 11:49:06 +0000 +Subject: [PATCH 05/16] Suppress false error message on PPPoE disconnect + +Once the kernel handles PPPoE PADTs correctly[1], a PADT triggered +disconnect will result in EALREADY when pppd tries to clear the session ID. + +Simply ignore the error if, and only if, the error is EALREADY + +[1] https://patchwork.ozlabs.org/patch/444717/ + +Signed-off-by: Simon Farnsworth +--- + pppd/plugins/rp-pppoe/plugin.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c +index a8c2bb4f4a6a..da50cdf2b9d3 100644 +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -270,7 +270,7 @@ PPPOEDisconnectDevice(void) + memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ); + memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN); + if (connect(conn->sessionSocket, (struct sockaddr *) &sp, +- sizeof(struct sockaddr_pppox)) < 0) ++ sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY) + error("Failed to disconnect PPPoE socket: %d %m", errno); + close(conn->sessionSocket); + /* don't send PADT?? */ +-- +2.15.1 + diff --git a/debian/patches/0006-Send-PADT-on-PPPoE-disconnect.patch b/debian/patches/0006-Send-PADT-on-PPPoE-disconnect.patch new file mode 100644 index 0000000..33e6f89 --- /dev/null +++ b/debian/patches/0006-Send-PADT-on-PPPoE-disconnect.patch @@ -0,0 +1,31 @@ +From cd2c14f998c57bbe6a01dc5854f2763c0d7f31fb Mon Sep 17 00:00:00 2001 +From: Simon Farnsworth +Date: Sun, 1 Mar 2015 11:53:58 +0000 +Subject: [PATCH 06/16] Send PADT on PPPoE disconnect + +Once we've terminated the PPP session, there is no chance of a PPP layer +disconnect. Some PPPoE relays don't detect the PPP session going down, and +depend on a long timeout or a PPPoE PADT to terminate the session. + +Send a PADT on disconnect to work around these buggy relays. + +Signed-off-by: Simon Farnsworth +--- + pppd/plugins/rp-pppoe/plugin.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -273,9 +273,10 @@ + sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY) + error("Failed to disconnect PPPoE socket: %d %m", errno); + close(conn->sessionSocket); +- /* don't send PADT?? */ +- if (conn->discoverySocket >= 0) ++ if (conn->discoverySocket >= 0) { ++ sendPADT(conn, NULL); + close(conn->discoverySocket); ++ } + } + + static void diff --git a/debian/patches/0007-pppd-ipxcp-Prevent-buffer-overrun-on-remote-router-n.patch b/debian/patches/0007-pppd-ipxcp-Prevent-buffer-overrun-on-remote-router-n.patch new file mode 100644 index 0000000..0c9becf --- /dev/null +++ b/debian/patches/0007-pppd-ipxcp-Prevent-buffer-overrun-on-remote-router-n.patch @@ -0,0 +1,31 @@ +From fe149de624f96629a7f46732055d8f718c74b856 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Fri, 14 Aug 2015 17:56:26 +1000 +Subject: [PATCH 07/16] pppd: ipxcp: Prevent buffer overrun on remote router + name + +This fixes an if condition to prevent a possible 1-byte overrun +on ipxcp_hisoptions[0].name. + +Reported-by: "Sabas Rosales, Blanca E" +Signed-off-by: Paul Mackerras +--- + pppd/ipxcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/ipxcp.c b/pppd/ipxcp.c +index 7b2343e15537..aaff10f76200 100644 +--- a/pppd/ipxcp.c ++++ b/pppd/ipxcp.c +@@ -1194,7 +1194,7 @@ ipxcp_reqci(f, inp, len, reject_if_disagree) + case IPX_ROUTER_NAME: + if (cilen >= CILEN_NAME) { + int name_size = cilen - CILEN_NAME; +- if (name_size > sizeof (ho->name)) ++ if (name_size >= sizeof (ho->name)) + name_size = sizeof (ho->name) - 1; + memset (ho->name, 0, sizeof (ho->name)); + memcpy (ho->name, p, name_size); +-- +2.15.1 + diff --git a/debian/patches/0008-pppd-Fix-ccp_options.mppe-type.patch b/debian/patches/0008-pppd-Fix-ccp_options.mppe-type.patch new file mode 100644 index 0000000..e32a626 --- /dev/null +++ b/debian/patches/0008-pppd-Fix-ccp_options.mppe-type.patch @@ -0,0 +1,30 @@ +From 234edab99a6bb250cc9ecd384cca27b0c8b475ce Mon Sep 17 00:00:00 2001 +From: Sylvain Rochet +Date: Wed, 25 Mar 2015 00:25:18 +0100 +Subject: [PATCH 08/16] pppd: Fix ccp_options.mppe type + +This corrects the type of ccp_options.mppe; it is actually a bitfield of +MPPE_OPT_* and not a boolean. + +Signed-off-by: Sylvain Rochet +Signed-off-by: Paul Mackerras +--- + pppd/ccp.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/ccp.h b/pppd/ccp.h +index 6f4a2fee0a2c..76446db007c0 100644 +--- a/pppd/ccp.h ++++ b/pppd/ccp.h +@@ -37,7 +37,7 @@ typedef struct ccp_options { + bool predictor_2; /* do Predictor-2? */ + bool deflate_correct; /* use correct code for deflate? */ + bool deflate_draft; /* use draft RFC code for deflate? */ +- bool mppe; /* do MPPE? */ ++ u_char mppe; /* MPPE bitfield */ + u_short bsd_bits; /* # bits/code for BSD Compress */ + u_short deflate_size; /* lg(window size) for Deflate */ + short method; /* code for chosen compression method */ +-- +2.15.1 + diff --git a/debian/patches/0009-pppd-Fix-ccp_cilen-calculated-size-if-both-deflate_c.patch b/debian/patches/0009-pppd-Fix-ccp_cilen-calculated-size-if-both-deflate_c.patch new file mode 100644 index 0000000..7b293d1 --- /dev/null +++ b/debian/patches/0009-pppd-Fix-ccp_cilen-calculated-size-if-both-deflate_c.patch @@ -0,0 +1,33 @@ +From 094cb8ae4c61db225e67fedadb4964f846dd0c27 Mon Sep 17 00:00:00 2001 +From: Sylvain Rochet +Date: Tue, 24 Mar 2015 21:21:40 +0100 +Subject: [PATCH 09/16] pppd: Fix ccp_cilen calculated size if both + deflate_correct and deflate_draft are enabled + +This fixes a bug where ccp_cilen() will return 4 bytes less than +necessary for the addci buffer if both deflate_correct and +deflate_draft are enabled. + +Signed-off-by: Sylvain Rochet +Signed-off-by: Paul Mackerras +--- + pppd/ccp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/pppd/ccp.c b/pppd/ccp.c +index 5814f358eb44..7d7922afcfc0 100644 +--- a/pppd/ccp.c ++++ b/pppd/ccp.c +@@ -676,7 +676,8 @@ ccp_cilen(f) + ccp_options *go = &ccp_gotoptions[f->unit]; + + return (go->bsd_compress? CILEN_BSD_COMPRESS: 0) +- + (go->deflate? CILEN_DEFLATE: 0) ++ + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0) ++ + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0) + + (go->predictor_1? CILEN_PREDICTOR_1: 0) + + (go->predictor_2? CILEN_PREDICTOR_2: 0) + + (go->mppe? CILEN_MPPE: 0); +-- +2.15.1 + diff --git a/debian/patches/0010-Fix-a-typo-in-comment.-Diff-from-Yuuichi-Someya.patch b/debian/patches/0010-Fix-a-typo-in-comment.-Diff-from-Yuuichi-Someya.patch new file mode 100644 index 0000000..ad418ef --- /dev/null +++ b/debian/patches/0010-Fix-a-typo-in-comment.-Diff-from-Yuuichi-Someya.patch @@ -0,0 +1,25 @@ +From f831f27c309fb2f4dfca3336a9f144993e02c225 Mon Sep 17 00:00:00 2001 +From: YASUOKA Masahiko +Date: Wed, 16 Mar 2016 13:39:19 +0900 +Subject: [PATCH 10/16] Fix a typo in comment. Diff from Yuuichi Someya. + +--- + pppd/fsm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/fsm.c b/pppd/fsm.c +index c200cc3a8438..e9bd34f0e8f4 100644 +--- a/pppd/fsm.c ++++ b/pppd/fsm.c +@@ -468,7 +468,7 @@ fsm_rconfreq(f, id, inp, len) + f->nakloops = 0; + + } else { +- /* we sent CONFACK or CONFREJ */ ++ /* we sent CONFNAK or CONFREJ */ + if (f->state != ACKRCVD) + f->state = REQSENT; + if( code == CONFNAK ) +-- +2.15.1 + diff --git a/debian/patches/0011-plog-count-only-relevant-lines-from-syslog.patch b/debian/patches/0011-plog-count-only-relevant-lines-from-syslog.patch new file mode 100644 index 0000000..14d1e66 --- /dev/null +++ b/debian/patches/0011-plog-count-only-relevant-lines-from-syslog.patch @@ -0,0 +1,24 @@ +From 2ecc3c7ce01d01e514c8a514b16c45aec1d5613f Mon Sep 17 00:00:00 2001 +From: Dmitry Deshevoy +Date: Thu, 31 Mar 2016 23:39:32 +0400 +Subject: [PATCH 11/16] plog: count only relevant lines from syslog + +Closes paulusmack/ppp#42 +--- + scripts/plog | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/plog b/scripts/plog +index 84d2c7340cc6..7cb53346413d 100644 +--- a/scripts/plog ++++ b/scripts/plog +@@ -3,5 +3,5 @@ + if [ -s /var/log/ppp.log ]; then + exec tail "$@" /var/log/ppp.log + else +- exec tail "$@" /var/log/syslog | grep ' \(pppd\|chat\)\[' ++ exec grep ' \(pppd\|chat\)\[' /var/log/syslog | tail "$@" + fi +-- +2.15.1 + diff --git a/debian/patches/0012-Change-include-from-sys-errno.h-to-errno.h.patch b/debian/patches/0012-Change-include-from-sys-errno.h-to-errno.h.patch new file mode 100644 index 0000000..d31f188 --- /dev/null +++ b/debian/patches/0012-Change-include-from-sys-errno.h-to-errno.h.patch @@ -0,0 +1,33 @@ +From 56a4760236ee0a606075404c5704801feffa646c Mon Sep 17 00:00:00 2001 +From: Stefan Nickl +Date: Wed, 10 Aug 2016 21:32:21 +0200 +Subject: [PATCH 12/16] Change include from sys/errno.h to errno.h + +According to POSIX, the canonical location for errno.h is on the top level. + +Signed-off-by: Stefan Nickl +--- + pppd/sys-linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index b4a435d2a993..20b42ac3e80c 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -73,12 +73,12 @@ + #include + #include + #include +-#include + #include + #include + #include + #include + ++#include + #include + #include + #include +-- +2.15.1 + diff --git a/debian/patches/0013-pppd-allow-use-of-arbitrary-interface-names.patch b/debian/patches/0013-pppd-allow-use-of-arbitrary-interface-names.patch new file mode 100644 index 0000000..8e54024 --- /dev/null +++ b/debian/patches/0013-pppd-allow-use-of-arbitrary-interface-names.patch @@ -0,0 +1,214 @@ +From bbcdc4366bbee6c3f4e1ddda31e4eec8c1b3ccc2 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Tue, 23 Aug 2016 16:10:21 +1000 +Subject: [PATCH 13/16] pppd: allow use of arbitrary interface names + +This is a modified version of a patch from openSUSE that enables PPP interfaces +to be called arbitrary names, rather than simply pppX where X is the unit +number. + +The modifications from the stock openSUSE patch are: +- refresh patch on top of 018_ip-up_option.diff +- fix a printf format-string vulnerability in pppd/main.c:set_ifunit() +- clarify the pppd.8 manpage additions +- patch pppstats/pppstats.c to query renamed interfaces without complaint + +Origin: SUSE +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458646 +Forwarded: no +Reviewed-by: Chris Boot +Signed-off-by: Paul Mackerras +--- + pppd/main.c | 16 ++++++---------- + pppd/options.c | 5 +++++ + pppd/pppd.8 | 8 +++++++- + pppd/pppd.h | 11 +++++++++++ + pppd/sys-linux.c | 15 +++++++++++++++ + pppstats/pppstats.c | 12 ++++++------ + 6 files changed, 50 insertions(+), 17 deletions(-) + +diff --git a/pppd/main.c b/pppd/main.c +index 6d50d1bac1d9..f1986ed68d0b 100644 +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -124,7 +124,7 @@ + static const char rcsid[] = RCSID; + + /* interface vars */ +-char ifname[32]; /* Interface name */ ++char ifname[MAXIFNAMELEN]; /* Interface name */ + int ifunit; /* Interface unit number */ + + struct channel *the_channel; +@@ -298,13 +298,6 @@ struct protent *protocols[] = { + NULL + }; + +-/* +- * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name. +- */ +-#if !defined(PPP_DRV_NAME) +-#define PPP_DRV_NAME "ppp" +-#endif /* !defined(PPP_DRV_NAME) */ +- + int + main(argc, argv) + int argc; +@@ -737,8 +730,11 @@ void + set_ifunit(iskey) + int iskey; + { +- info("Using interface %s%d", PPP_DRV_NAME, ifunit); +- slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); ++ if (req_ifname[0] != '\0') ++ slprintf(ifname, sizeof(ifname), "%s", req_ifname); ++ else ++ slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); ++ info("Using interface %s", ifname); + script_setenv("IFNAME", ifname, iskey); + if (iskey) { + create_pidfile(getpid()); /* write pid to file */ +diff --git a/pppd/options.c b/pppd/options.c +index c06a2b4ad8ed..177488ca6813 100644 +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -114,6 +114,7 @@ char linkname[MAXPATHLEN]; /* logical name for link */ + bool tune_kernel; /* may alter kernel settings */ + int connect_delay = 1000; /* wait this many ms after connect script */ + int req_unit = -1; /* requested interface unit */ ++char req_ifname[MAXIFNAMELEN]; /* requested interface name */ + bool multilink = 0; /* Enable multilink operation */ + char *bundle_name = NULL; /* bundle name for multilink */ + bool dump_options; /* print out option values */ +@@ -284,6 +285,10 @@ option_t general_options[] = { + "PPP interface unit number to use if possible", + OPT_PRIO | OPT_LLIMIT, 0, 0 }, + ++ { "ifname", o_string, req_ifname, ++ "Set PPP interface name", ++ OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXIFNAMELEN }, ++ + { "dump", o_bool, &dump_options, + "Print out option values after parsing all options", 1 }, + { "dryrun", o_bool, &dryrun, +diff --git a/pppd/pppd.8 b/pppd/pppd.8 +index c508d277df3a..06e945fce998 100644 +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -1079,7 +1079,13 @@ under Linux and FreeBSD 2.2.8 and later. + .TP + .B unit \fInum + Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound +-connections. ++connections. If the unit is already in use a dynamically allocated number will ++be used. ++.TP ++.B ifname \fIstring ++Set the ppp interface name for outbound connections. If the interface name is ++already in use, or if the name cannot be used for any other reason, pppd will ++terminate. + .TP + .B unset \fIname + Remove a variable from the environment variable for scripts that are +diff --git a/pppd/pppd.h b/pppd/pppd.h +index 247fa153739b..1a1bf0b99582 100644 +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -80,6 +80,16 @@ + #define MAXARGS 1 /* max # args to a command */ + #define MAXNAMELEN 256 /* max length of hostname or name for auth */ + #define MAXSECRETLEN 256 /* max length of password or secret */ ++#define MAXIFNAMELEN 32 /* max length of interface name; or use IFNAMSIZ, can we ++ always include net/if.h? */ ++ ++/* ++ * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name. ++ * Where should PPP_DRV_NAME come from? Do we include it here? ++ */ ++#if !defined(PPP_DRV_NAME) ++#define PPP_DRV_NAME "ppp" ++#endif /* !defined(PPP_DRV_NAME) */ + + /* + * Option descriptor structure. +@@ -318,6 +328,7 @@ extern bool tune_kernel; /* May alter kernel settings as necessary */ + extern int connect_delay; /* Time to delay after connect script */ + extern int max_data_rate; /* max bytes/sec through charshunt */ + extern int req_unit; /* interface unit number to use */ ++extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */ + extern bool multilink; /* enable multilink operation */ + extern bool noendpoint; /* don't send or accept endpt. discrim. */ + extern char *bundle_name; /* bundle name for multilink */ +diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c +index b4a435d2a993..b832031f7e26 100644 +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -643,6 +643,21 @@ static int make_ppp_unit() + } + if (x < 0) + error("Couldn't create new ppp unit: %m"); ++ ++ if (x == 0 && req_ifname[0] != '\0') { ++ struct ifreq ifr; ++ char t[MAXIFNAMELEN]; ++ memset(&ifr, 0, sizeof(struct ifreq)); ++ slprintf(t, sizeof(t), "%s%d", PPP_DRV_NAME, ifunit); ++ strncpy(ifr.ifr_name, t, IF_NAMESIZE); ++ strncpy(ifr.ifr_newname, req_ifname, IF_NAMESIZE); ++ x = ioctl(sock_fd, SIOCSIFNAME, &ifr); ++ if (x < 0) ++ error("Couldn't rename interface %s to %s: %m", t, req_ifname); ++ else ++ info("Renamed interface %s to %s", t, req_ifname); ++ } ++ + return x; + } + +diff --git a/pppstats/pppstats.c b/pppstats/pppstats.c +index 6367988eb96b..46cb9c24942b 100644 +--- a/pppstats/pppstats.c ++++ b/pppstats/pppstats.c +@@ -88,7 +88,6 @@ int aflag; /* print absolute values, not deltas */ + int dflag; /* print data rates, not bytes */ + int interval, count; + int infinite; +-int unit; + int s; /* socket or /dev/ppp file descriptor */ + int signalled; /* set if alarm goes off "early" */ + char *progname; +@@ -449,6 +448,7 @@ main(argc, argv) + { + int c; + #ifdef STREAMS ++ int unit; + char *dev; + #endif + +@@ -506,11 +506,6 @@ main(argc, argv) + if (argc > 0) + interface = argv[0]; + +- if (sscanf(interface, PPP_DRV_NAME "%d", &unit) != 1) { +- fprintf(stderr, "%s: invalid interface '%s' specified\n", +- progname, interface); +- } +- + #ifndef STREAMS + { + struct ifreq ifr; +@@ -535,6 +530,11 @@ main(argc, argv) + } + + #else /* STREAMS */ ++ if (sscanf(interface, PPP_DRV_NAME "%d", &unit) != 1) { ++ fprintf(stderr, "%s: invalid interface '%s' specified\n", ++ progname, interface); ++ } ++ + #ifdef __osf__ + dev = "/dev/streams/ppp"; + #else +-- +2.15.1 + diff --git a/debian/patches/0014-pppd-Remove-unused-declaration-of-ttyname.patch b/debian/patches/0014-pppd-Remove-unused-declaration-of-ttyname.patch new file mode 100644 index 0000000..6c03199 --- /dev/null +++ b/debian/patches/0014-pppd-Remove-unused-declaration-of-ttyname.patch @@ -0,0 +1,25 @@ +From 66ae569f1c6fb12df8a463c8beb9afc0c7e5f7f0 Mon Sep 17 00:00:00 2001 +From: George Burgess IV +Date: Fri, 9 Sep 2016 17:36:54 -0700 +Subject: [PATCH 14/16] pppd: Remove unused declaration of ttyname. + +Signed-off-by: George Burgess IV +--- + pppd/main.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/pppd/main.c b/pppd/main.c +index 6d50d1bac1d9..aef9e8477592 100644 +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -257,7 +257,6 @@ static void cleanup_db __P((void)); + static void handle_events __P((void)); + void print_link_stats __P((void)); + +-extern char *ttyname __P((int)); + extern char *getlogin __P((void)); + int main __P((int, char *[])); + +-- +2.15.1 + diff --git a/debian/patches/0015-pppd-Provide-error-implementation-in-pppoe-discovery.patch b/debian/patches/0015-pppd-Provide-error-implementation-in-pppoe-discovery.patch new file mode 100644 index 0000000..f221ccd --- /dev/null +++ b/debian/patches/0015-pppd-Provide-error-implementation-in-pppoe-discovery.patch @@ -0,0 +1,52 @@ +From b7b97dea6eb042fae0dfaca39cbb190411e5fd31 Mon Sep 17 00:00:00 2001 +From: Stefan Nickl +Date: Wed, 10 Aug 2016 16:52:12 +0200 +Subject: [PATCH 15/16] pppd: Provide error() implementation in pppoe-discovery + +The pppoe-discovery program calls error() from the CHECK_ROOM macro +defined in pppoe.h. Since pppoe-discovery is a standalone program not +linked with the rest of pppd, the only way this could build is by +linking to glibc's proprietary error(3) function instead of the function +of the same name (but with different arguments) defined in pppd/utils.c. + +So with glibc this builds, but will probably crash when the assertion is +triggered. As the assertion is unlikely to fail, nobody has noticed. + +The build however fails with musl libc or uClibc since they don't +provide the doppelganger. + +Signed-off-by: Stefan Nickl +--- + pppd/plugins/rp-pppoe/pppoe-discovery.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c +index 3d3bf4eecc81..55037dffb023 100644 +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -9,6 +9,7 @@ + * + */ + ++#include + #include + #include + #include +@@ -55,6 +56,14 @@ void die(int status) + exit(status); + } + ++void error(char *fmt, ...) ++{ ++ va_list pvar; ++ va_start(pvar, fmt); ++ vfprintf(stderr, fmt, pvar); ++ va_end(pvar); ++} ++ + /* Initialize frame types to RFC 2516 values. Some broken peers apparently + use different frame types... sigh... */ + +-- +2.15.1 + diff --git a/debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch b/debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch new file mode 100644 index 0000000..185bbb1 --- /dev/null +++ b/debian/patches/0016-pppoe-include-netinet-in.h-before-linux-in.h.patch @@ -0,0 +1,49 @@ +From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Mon, 9 Jan 2017 13:34:23 +0000 +Subject: [PATCH 16/16] pppoe: include netinet/in.h before linux/in.h + +This fixes builds with newer kernels. Basically, needs to be +included before otherwise the earlier, unaware of the latter, +tries to redefine symbols and structures. Also, doesn't work +alone anymore, since it pulls the headers in the wrong order, so we better +include early. +--- + pppd/plugins/rp-pppoe/pppoe.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +index 9ab2eee3914c..c4aaa6e68856 100644 +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -47,6 +47,10 @@ + #include + #endif + ++/* This has to be included before Linux 4.8's linux/in.h ++ * gets dragged in. */ ++#include ++ + /* Ugly header files on some Linux boxes... */ + #if defined(HAVE_LINUX_IF_H) + #include +@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t; + #include + #endif + +-#include +- + #ifdef HAVE_NETINET_IF_ETHER_H + #include + +@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t; + #endif + + +- + /* Ethernet frame types according to RFC 2516 */ + #define ETH_PPPOE_DISCOVERY 0x8863 + #define ETH_PPPOE_SESSION 0x8864 +-- +2.15.1 + diff --git a/debian/patches/010_scripts_README.diff b/debian/patches/010_scripts_README.diff new file mode 100644 index 0000000..0ff2948 --- /dev/null +++ b/debian/patches/010_scripts_README.diff @@ -0,0 +1,20 @@ +--- ppp-2.4.0b4.orig/scripts/README ++++ ppp-2.4.0b4/scripts/README +@@ -141,3 +141,17 @@ + are escaped. This may need to be modified depending on the ssh (or + pseudo-tty) implementation which may differ across platforms, for further + optimizations. ++ ++------------------------------------------------------------------------ ++ ++12. pon, poff and ip-up ++ ++These are modified version of the pon/poff/ip-up scripts contributed by Yann ++Dirson . They allow you to call "pon quick" respectively ++"pon quick my-isp" to just call the provider for running you ip-up scripts in ++/etc/ppp/ip-up.d. This can be useful to check for incoming/flush outgoing ++mail, without the necessary delay before hangup introduced by diald or such. ++ ++These scripts break the possibility to connect to multiple ISPs at once, so ++they are included only here. ++ diff --git a/debian/patches/011_scripts_redialer.diff b/debian/patches/011_scripts_redialer.diff new file mode 100644 index 0000000..657f566 --- /dev/null +++ b/debian/patches/011_scripts_redialer.diff @@ -0,0 +1,152 @@ +--- ppp-2.4.0b4.orig/scripts/redialer ++++ ppp-2.4.0b4/scripts/redialer +@@ -1,96 +1,69 @@ + #!/bin/sh +-################################################################### + # +-# These parameters control the attack dialing sequence. ++# A chatscript that will attempt to dial multiple numbers in sequence, until ++# you get connected. + # +-# Maximum number of attempts to reach the telephone number(s) +-MAX_ATTEMPTS=10 +- +-# Delay between each of the attempts. This is a parameter to sleep +-# so use "15s" for 15 seconds, "1m" for 1 minute, etc. +-SLEEP_DELAY=15s +- +-################################################################### ++# To use: edit /etc/peers/provider, and change the connect line to read: ++# connect "/usr/local/bin/redialer" + # +-# This is a list of telephone numbers. Add new numbers if you wish +-# and see the function 'callall' below for the dial process. +-PHONE1=555-1212 +-PHONE2=411 ++# See below for configuration. + +-################################################################### ++# This is a list of chatscripts to use to get connected, and (optional) ++# telephone numbers to call for each of those chatscripts. + # +-# If you use the ppp-on script, then these are passed to this routine +-# automatically. There is no need to define them here. If not, then +-# you will need to set the values. +-# +-ACCOUNT=my_account_name +-PASSWORD=my_password ++# Note that in the chatscripts, you may use #NUMBER#, this will be replaced ++# with the number it is calling. You might want to use this to only have one ++# chatscript that is used for all numbers, or you might need multiple ++# chatscripts. + +-################################################################### +-# +-# Function to initialize the modem and ensure that it is in command +-# state. This may not be needed, but it doesn't hurt. +-# +-function initialize +-{ +- chat -v TIMEOUT 3 '' AT 'OK-+++\c-OK' +- return +-} ++PHONE1=123456789 ++CHAT1=/etc/chatscripts/provider + +-################################################################### +-# +-# Script to dial a telephone +-# +-function callnumber +-{ +-chat -v \ +- ABORT '\nBUSY\r' \ +- ABORT '\nNO ANSWER\r' \ +- ABORT '\nRINGING\r\n\r\nRINGING\r' \ +- '' ATDT$1 \ +- CONNECT '' \ +- ogin:--ogin: $ACCOUNT \ +- assword: $PASSWORD +-# +-# If the connection was successful then end the whole script with a +-# success. +-# +- if [ "$?" = "0" ]; then +- exit 0 +- fi ++PHONE2=912345678 ++CHAT2=/etc/chatscripts/provider + +- return +-} ++PHONE3=891234567 ++CHAT3=/etc/chatscripts/provider + +-################################################################### +-# +-# Script to dial any telephone number +-# +-function callall +-{ +-# echo "dialing attempt number: $1" >/dev/console +- callnumber $PHONE1 +-# callnumber $PHONE2 +-} ++PHONE4=789123456 ++CHAT4=/etc/chatscripts/provider + +-################################################################### +-# +-# Initialize the modem to ensure that it is in the command state +-# +-initialize +-if [ ! "$?" = "0" ]; then +- exit 1 +-fi ++PHONE5=001234567 ++CHAT5=/etc/chatscripts/provider + ++# How long to sleep between retries: + # +-# Dial telephone numbers until one answers +-# ++# Note that this is a parameter to sleep so use "15s" for 15 seconds, ++# "1m" for 1 minute, etc ++SLEEP_DELAY=1s ++ ++# The code below does the dialing. ++ + attempt=0 + while : ; do +- attempt=`expr $attempt + 1` +- callall $attempt +- if [ "$attempt" = "$MAX_ATTEMPTS" ]; then +- exit 1 +- fi +- sleep "$SLEEP_DELAY" ++ attempt=`expr $attempt + 1` ++ NUMBER=`eval echo '$PHONE'$attempt` ++ CHAT=`eval echo '$CHAT'$attempt` ++ if [ ! "$CHAT" ]; then ++ attempt=0 ++ else ++ logger "Dialing attempt number: $attempt" ++ sed s/#NUMBER#/$NUMBER/ $CHAT >/etc/chatscripts/tmpchat ++ /usr/sbin/chat -v -f /etc/chatscripts/tmpchat ++ rm -f /etc/chatscripts/tmpchat ++ case $? in ++ 0) logger Connection established ; exit 0;; ++ 1) logger chat: exit 1, see manpage for details. ; exit 1;; ++ 2) logger chat: exit 2, see manpage for details. ; exit 2;; ++ 3) logger chat: exit 3, see manpage for details. ;; ++ 4) logger Line busy. ;; ++ 5) logger No Carrier. ;; ++ 6) logger A call is coming. Exiting! ; exit 1;; ++ 7) logger No dialtone. ;; ++ 8) logger An error occured. Exiting! ; exit 1;; ++ *) logger chat: exit $?, see manpage for details. ;; ++ esac ++ logger "Waiting $SLEEP_DELAY seconds before next try." ++ sleep $SLEEP_DELAY ++ fi + done diff --git a/debian/patches/018_ip-up_option.diff b/debian/patches/018_ip-up_option.diff new file mode 100644 index 0000000..7b2c33e --- /dev/null +++ b/debian/patches/018_ip-up_option.diff @@ -0,0 +1,84 @@ +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -1984,7 +1984,7 @@ + */ + if (ipcp_script_state == s_down && ipcp_script_pid == 0) { + ipcp_script_state = s_up; +- ipcp_script(_PATH_IPUP, 0); ++ ipcp_script(path_ipup, 0); + } + } + +@@ -2034,7 +2034,7 @@ + /* Execute the ip-down script */ + if (ipcp_script_state == s_up && ipcp_script_pid == 0) { + ipcp_script_state = s_down; +- ipcp_script(_PATH_IPDOWN, 0); ++ ipcp_script(path_ipdown, 0); + } + } + +@@ -2097,13 +2097,13 @@ + case s_up: + if (ipcp_fsm[0].state != OPENED) { + ipcp_script_state = s_down; +- ipcp_script(_PATH_IPDOWN, 0); ++ ipcp_script(path_ipdown, 0); + } + break; + case s_down: + if (ipcp_fsm[0].state == OPENED) { + ipcp_script_state = s_up; +- ipcp_script(_PATH_IPUP, 0); ++ ipcp_script(path_ipup, 0); + } + break; + } +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -308,6 +308,9 @@ + struct protent *protp; + char numbuf[16]; + ++ strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup)); ++ strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown)); ++ + link_stats_valid = 0; + new_phase(PHASE_INITIALIZE); + +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -114,6 +114,8 @@ + bool tune_kernel; /* may alter kernel settings */ + int connect_delay = 1000; /* wait this many ms after connect script */ + int req_unit = -1; /* requested interface unit */ ++char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ ++char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */ + char req_ifname[MAXIFNAMELEN]; /* requested interface name */ + bool multilink = 0; /* Enable multilink operation */ + char *bundle_name = NULL; /* bundle name for multilink */ +@@ -304,6 +306,13 @@ + "Unset user environment variable", + OPT_A2PRINTER | OPT_NOPRINT, (void *)user_unsetprint }, + ++ { "ip-up-script", o_string, path_ipup, ++ "Set pathname of ip-up script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ { "ip-down-script", o_string, path_ipdown, ++ "Set pathname of ip-down script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ + #ifdef HAVE_MULTILINK + { "multilink", o_bool, &multilink, + "Enable multilink operation", OPT_PRIO | 1 }, +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -328,6 +328,8 @@ + extern int connect_delay; /* Time to delay after connect script */ + extern int max_data_rate; /* max bytes/sec through charshunt */ + extern int req_unit; /* interface unit number to use */ ++extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ ++extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ + extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */ + extern bool multilink; /* enable multilink operation */ + extern bool noendpoint; /* don't send or accept endpt. discrim. */ diff --git a/debian/patches/CVE-2020-8597.patch b/debian/patches/CVE-2020-8597.patch new file mode 100644 index 0000000..0ab5366 --- /dev/null +++ b/debian/patches/CVE-2020-8597.patch @@ -0,0 +1,35 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel +Signed-off-by: Paul Mackerras +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1661,7 +1661,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -2251,7 +2251,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; diff --git a/debian/patches/adaptive_echos b/debian/patches/adaptive_echos new file mode 100644 index 0000000..f752f83 --- /dev/null +++ b/debian/patches/adaptive_echos @@ -0,0 +1,56 @@ +--- a/pppd/lcp.c ++++ b/pppd/lcp.c +@@ -73,6 +73,7 @@ static void lcp_delayed_up __P((void *)) + */ + int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ + int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ ++bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */ + bool lax_recv = 0; /* accept control chars in asyncmap */ + bool noendpoint = 0; /* don't send/accept endpoint discriminator */ + +@@ -151,6 +152,8 @@ static option_t lcp_option_list[] = { + OPT_PRIO }, + { "lcp-echo-interval", o_int, &lcp_echo_interval, + "Set time in seconds between LCP echo requests", OPT_PRIO }, ++ { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive, ++ "Suppress LCP echo requests if traffic was received", 1 }, + { "lcp-restart", o_int, &lcp_fsm[0].timeouttime, + "Set time in seconds between LCP retransmissions", OPT_PRIO }, + { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits, +@@ -2331,6 +2334,22 @@ LcpSendEchoRequest (f) + } + } + ++ /* ++ * If adaptive echos have been enabled, only send the echo request if ++ * no traffic was received since the last one. ++ */ ++ if (lcp_echo_adaptive) { ++ static unsigned int last_pkts_in = 0; ++ ++ update_link_stats(f->unit); ++ link_stats_valid = 0; ++ ++ if (link_stats.pkts_in != last_pkts_in) { ++ last_pkts_in = link_stats.pkts_in; ++ return; ++ } ++ } ++ + /* + * Make and send the echo request frame. + */ +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -557,6 +557,11 @@ to 1) if the \fIproxyarp\fR option is us + dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to + 1) in demand mode if the local address changes. + .TP ++.B lcp\-echo\-adaptive ++If this option is used with the \fIlcp\-echo\-failure\fR option then ++pppd will send LCP echo\-request frames only if no traffic was received ++from the peer since the last echo\-request was sent. ++.TP + .B lcp\-echo\-failure \fIn + If this option is given, pppd will presume the peer to be dead + if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP diff --git a/debian/patches/chat_man b/debian/patches/chat_man new file mode 100644 index 0000000..5771206 --- /dev/null +++ b/debian/patches/chat_man @@ -0,0 +1,23 @@ +chat(8): document the TIMEOUT directive + +--- ppp-2.4.4.orig/chat/chat.8 2006-12-16 12:56:11.000000000 +0100 ++++ ppp-2.4.4/chat/chat.8 2006-12-16 13:49:44.000000000 +0100 +@@ -35,7 +35,8 @@ + is not received within the time limit then the reply string is not + sent. An alternate reply may be sent or the script will fail if there + is no alternate reply string. A failed script will cause the +-\fIchat\fR program to terminate with a non-zero error code. ++\fIchat\fR program to terminate with a non-zero error code. You can ++also use the TIMEOUT string in order to specify the timeout. + .TP + .B \-r \fI + Set the file for output of the report strings. If you use the keyword +@@ -348,7 +349,7 @@ + .LP + .SH TIMEOUT + The initial timeout value is 45 seconds. This may be changed using the \fB\-t\fR +-parameter. ++parameter. You can also specify "TIMEOUT 0". + .LP + To change the timeout value for the next expect string, the following + example may be used: diff --git a/debian/patches/cifdefroute.dif b/debian/patches/cifdefroute.dif new file mode 100644 index 0000000..f8bdbab --- /dev/null +++ b/debian/patches/cifdefroute.dif @@ -0,0 +1,300 @@ +Description: Add replacedefaultroute option + +Adds an option to pppd to control whether to replace existing default routes +when using the 'defaultroute' option. + +If defaultroute and replacedefaultroute are both set, pppd replaces an existing +default route with the new default route. The old default route is restored when +the connection is taken down. + +Origin: vendor, https://build.opensuse.org/source/network/ppp/ppp-2.4.2-cifdefroute.diff?rev=7a0fdeff0b29437dd7f4581c95c7255a +Forwarded: no +Reviewed-by: Chris Boot +Last-Update: 2014-01-26 + +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -198,6 +198,16 @@ + "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, + &ipcp_wantoptions[0].default_route }, + ++#ifdef __linux__ ++ { "replacedefaultroute", o_bool, ++ &ipcp_wantoptions[0].replace_default_route, ++ "Replace default route", 1 ++ }, ++ { "noreplacedefaultroute", o_bool, ++ &ipcp_allowoptions[0].replace_default_route, ++ "Never replace default route", OPT_A2COPY, ++ &ipcp_wantoptions[0].replace_default_route }, ++#endif + { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, + "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, + { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, +@@ -271,7 +281,7 @@ + ip_active_pkt + }; + +-static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); ++static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); + static void ipcp_script __P((char *, int)); /* Run an up/down script */ + static void ipcp_script_done __P((void *)); + +@@ -1761,7 +1771,12 @@ + if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) + return 0; + if (wo->default_route) ++#ifndef __linux__ + if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) ++#else ++ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[u] = 1; + if (wo->proxy_arp) + if (sifproxyarp(u, wo->hisaddr)) +@@ -1849,7 +1864,8 @@ + */ + if (demand) { + if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { +- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); ++ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route); + if (go->ouraddr != wo->ouraddr) { + warn("Local IP address changed to %I", go->ouraddr); + script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); +@@ -1874,7 +1890,12 @@ + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) ++#ifndef __linux__ + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++#else ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -1924,7 +1945,12 @@ + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) ++#ifndef __linux__ + if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++#else ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) ++#endif + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -2002,7 +2028,7 @@ + sifnpmode(f->unit, PPP_IP, NPMODE_DROP); + sifdown(f->unit); + ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, +- ipcp_hisoptions[f->unit].hisaddr); ++ ipcp_hisoptions[f->unit].hisaddr, 0); + } + + /* Execute the ip-down script */ +@@ -2018,16 +2044,25 @@ + * proxy arp entries, etc. + */ + static void +-ipcp_clear_addrs(unit, ouraddr, hisaddr) ++ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) + int unit; + u_int32_t ouraddr; /* local address */ + u_int32_t hisaddr; /* remote address */ ++ bool replacedefaultroute; + { + if (proxy_arp_set[unit]) { + cifproxyarp(unit, hisaddr); + proxy_arp_set[unit] = 0; + } +- if (default_route_set[unit]) { ++ /* If replacedefaultroute, sifdefaultroute will be called soon ++ * with replacedefaultroute set and that will overwrite the current ++ * default route. This is the case only when doing demand, otherwise ++ * during demand, this cifdefaultroute would restore the old default ++ * route which is not what we want in this case. In the non-demand ++ * case, we'll delete the default route and restore the old if there ++ * is one saved by an sifdefaultroute with replacedefaultroute. ++ */ ++ if (!replacedefaultroute && default_route_set[unit]) { + cifdefaultroute(unit, ouraddr, hisaddr); + default_route_set[unit] = 0; + } +--- a/pppd/ipcp.h ++++ b/pppd/ipcp.h +@@ -70,6 +70,7 @@ + bool old_addrs; /* Use old (IP-Addresses) option? */ + bool req_addr; /* Ask peer to send IP address? */ + bool default_route; /* Assign default route through interface? */ ++ bool replace_default_route; /* Replace default route through interface? */ + bool proxy_arp; /* Make proxy ARP entry for peer? */ + bool neg_vj; /* Van Jacobson Compression? */ + bool old_vj; /* use old (short) form of VJ option? */ +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -121,6 +121,11 @@ + This entry is removed when the PPP connection is broken. This option + is privileged if the \fInodefaultroute\fR option has been specified. + .TP ++.B replacedefaultroute ++This option is a flag to the defaultroute option. If defaultroute is ++set and this flag is also set, pppd replaces an existing default route ++with the new default route. ++.TP + .B disconnect \fIscript + Execute the command specified by \fIscript\fR, by passing it to a + shell, after +@@ -739,7 +744,12 @@ + .TP + .B nodefaultroute + Disable the \fIdefaultroute\fR option. The system administrator who +-wishes to prevent users from creating default routes with pppd ++wishes to prevent users from adding a default route with pppd ++can do so by placing this option in the /etc/ppp/options file. ++.TP ++.B noreplacedefaultroute ++Disable the \fIreplacedefaultroute\fR option. The system administrator who ++wishes to prevent users from replacing a default route with pppd + can do so by placing this option in the /etc/ppp/options file. + .TP + .B nodeflate +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -664,7 +664,11 @@ + int cif6addr __P((int, eui64_t, eui64_t)); + /* Remove an IPv6 address from i/f */ + #endif ++#ifndef __linux__ + int sifdefaultroute __P((int, u_int32_t, u_int32_t)); ++#else ++int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); ++#endif + /* Create default route through i/f */ + int cifdefaultroute __P((int, u_int32_t, u_int32_t)); + /* Delete default route through i/f */ +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -207,6 +207,8 @@ + static int if_is_up; /* Interface has been marked up */ + static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ + static int have_default_route; /* Gateway for default route added */ ++static struct rtentry old_def_rt; /* Old default route */ ++static int default_rt_repl_rest; /* replace and restore old default rt */ + static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ + static char proxy_arp_dev[16]; /* Device for proxy arp entry */ + static u_int32_t our_old_addr; /* for detecting address changes */ +@@ -1549,6 +1551,9 @@ + p = NULL; + } + ++ SET_SA_FAMILY (rt->rt_dst, AF_INET); ++ SET_SA_FAMILY (rt->rt_gateway, AF_INET); ++ + SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); + SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); + SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); +@@ -1618,22 +1623,53 @@ + /******************************************************************** + * + * sifdefaultroute - assign a default route through the address given. +- */ +- +-int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) +-{ +- struct rtentry rt; +- +- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { +- if (rt.rt_flags & RTF_GATEWAY) +- error("not replacing existing default route via %I", +- SIN_ADDR(rt.rt_gateway)); +- else +- error("not replacing existing default route through %s", +- rt.rt_dev); +- return 0; ++ * ++ * If the global default_rt_repl_rest flag is set, then this function ++ * already replaced the original system defaultroute with some other ++ * route and it should just replace the current defaultroute with ++ * another one, without saving the current route. Use: demand mode, ++ * when pppd sets first a defaultroute it it's temporary ppp0 addresses ++ * and then changes the temporary addresses to the addresses for the real ++ * ppp connection when it has come up. ++ */ ++ ++int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) ++{ ++ struct rtentry rt, tmp_rt; ++ struct rtentry *del_rt = NULL; ++ ++ if (default_rt_repl_rest) { ++ /* We have already reclaced the original defaultroute, if we ++ * are called again, we will delete the current default route ++ * and set the new default route in this function. ++ * - this is normally only the case the doing demand: */ ++ if (defaultroute_exists( &tmp_rt )) ++ del_rt = &tmp_rt; ++ } else if ( defaultroute_exists( &old_def_rt ) && ++ strcmp( old_def_rt.rt_dev, ifname ) != 0) { ++ /* We did not yet replace an existing default route, let's ++ * check if we should save and replace a default route: ++ */ ++ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); ++ ++ if (old_gateway != gateway) { ++ if (!replace) { ++ error("not replacing default route to %s [%I]", ++ old_def_rt.rt_dev, old_gateway); ++ return 0; ++ } else { ++ // we need to copy rt_dev because we need it permanent too: ++ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1); ++ strcpy(tmp_dev, old_def_rt.rt_dev); ++ old_def_rt.rt_dev = tmp_dev; ++ ++ notice("replacing old default route to %s [%I]", ++ old_def_rt.rt_dev, old_gateway); ++ default_rt_repl_rest = 1; ++ del_rt = &old_def_rt; ++ } ++ } + } +- + memset (&rt, 0, sizeof (rt)); + SET_SA_FAMILY (rt.rt_dst, AF_INET); + +@@ -1650,6 +1686,12 @@ + error("default route ioctl(SIOCADDRT): %m"); + return 0; + } ++ if (default_rt_repl_rest && del_rt) ++ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { ++ if ( ! ok_error ( errno )) ++ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno); ++ return 0; ++ } + + have_default_route = 1; + return 1; +@@ -1685,6 +1727,16 @@ + return 0; + } + } ++ if (default_rt_repl_rest) { ++ notice("restoring old default route to %s [%I]", ++ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); ++ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { ++ if ( ! ok_error ( errno )) ++ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno); ++ return 0; ++ } ++ default_rt_repl_rest = 0; ++ } + + return 1; + } diff --git a/debian/patches/close_dev_ppp b/debian/patches/close_dev_ppp new file mode 100644 index 0000000..6a601d6 --- /dev/null +++ b/debian/patches/close_dev_ppp @@ -0,0 +1,35 @@ +be sure to close /dev/ppp when reconnecting + +From: Simon Peter +Subject: Bug#306261: pppd does not properly close /dev/ppp on persist + +When using the kernel PPPoE driver, pppd never +closes /dev/ppp when the link has come down. + +It opens superfluous fds to the device each time it re-opens the +connection, with the unclosed ones falsely reported always ready for +data by select(). + +This makes pppd eat up 100% CPU time after the first persist because of +the always instantly returning select() on the unclosed fds. + +The problem also occurs with the upstream version, but does not occur +when a pty/tty device is used for the ppp connection. + + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -453,6 +453,13 @@ int generic_establish_ppp (int fd) + if (new_style_driver) { + int flags; + ++ /* if a ppp_fd is already open, close it first */ ++ if(ppp_fd > 0) { ++ close(ppp_fd); ++ remove_fd(ppp_fd); ++ ppp_fd = -1; ++ } ++ + /* Open an instance of /dev/ppp and connect the channel to it */ + if (ioctl(fd, PPPIOCGCHAN, &chindex) == -1) { + error("Couldn't get channel number: %m"); diff --git a/debian/patches/eaptls-mppe.patch b/debian/patches/eaptls-mppe.patch new file mode 100644 index 0000000..d94e953 --- /dev/null +++ b/debian/patches/eaptls-mppe.patch @@ -0,0 +1,3298 @@ +Description: EAP-TLS authentication support for PPP +Origin: https://www.nikhef.nl/~janjust/ppp/download.html +Bug-Debian: https://bugs.debian.org/602503 +Bug-Ubuntu: https://launchpad.net/bugs/643417 +Forwarded: not-needed +Author: Jan Just Keijser +Last-Update: 2018-11-04 + +This patch is based on ppp-2.4.7-eaptls-mppe-1.102.patch, with the following +changes: + + - Patch refreshed to remove fuzz. + - Trailing spaces removed. + +--- /dev/null ++++ b/README.eap-tls +@@ -0,0 +1,291 @@ ++EAP-TLS authentication support for PPP ++====================================== ++ ++1. Intro ++ ++ The Extensible Authentication Protocol (EAP; RFC 3748) is a ++ security protocol that can be used with PPP. It provides a means ++ to plug in multiple optional authentication methods. ++ ++ Transport Level Security (TLS; RFC 5216) provides for mutual ++ authentication, integrity-protected ciphersuite negotiation and ++ key exchange between two endpoints. It also provides for optional ++ MPPE encryption. ++ ++ EAP-TLS (RFC 2716) incapsulates the TLS messages in EAP packets, ++ allowing TLS mutual authentication to be used as a generic EAP ++ mechanism. It also provides optional encryption using the MPPE ++ protocol. ++ ++ This patch provide EAP-TLS support to pppd. ++ This authentication method can be used in both client or server ++ mode. ++ ++2. Building ++ ++ To build pppd with EAP-TLS support, OpenSSL (http://www.openssl.org) ++ is required. Any version from 0.9.7 should work. ++ ++ Configure, compile, and install as usual. ++ ++3. Configuration ++ ++ On the client side there are two ways to configure EAP-TLS: ++ ++ 1. supply the appropriate 'ca', 'cert' and 'key' command-line parameters ++ ++ 2. edit the /etc/ppp/eaptls-client file. ++ Insert a line for each system with which you use EAP-TLS. ++ The line is composed of this fields separated by tab: ++ ++ - Client name ++ The name used by the client for authentication, can be * ++ - Server name ++ The name of the server, can be * ++ - Client certificate file ++ The file containing the certificate chain for the ++ client in PEM format ++ - Server certificate file ++ If you want to specify the certificate that the ++ server is allowed to use, put the certificate file name. ++ Else put a dash '-'. ++ - CA certificate file ++ The file containing the trusted CA certificates in PEM ++ format. ++ - Client private key file ++ The file containing the client private key in PEM format. ++ ++ ++ On the server side edit the /etc/ppp/eaptls-server file. ++ Insert a line for each system with which you use EAP-TLS. ++ The line is composed of this fields separated by tab: ++ ++ - Client name ++ The name used by the client for authentication, can be * ++ - Server name ++ The name of the server, can be * ++ - Client certificate file ++ If you want to specify the certificate that the ++ client is allowed to use, put the certificate file name. ++ Else put a dash '-'. ++ - Server certificate file ++ The file containing the certificate chain for the ++ server in PEM format ++ - CA certificate file ++ The file containing the trusted CA certificates in PEM format. ++ - Client private key file ++ The file containing the server private key in PEM format. ++ - addresses ++ A list of IP addresses the client is allowed to use. ++ ++ ++ OpenSSL engine support is included starting with v0.95 of this patch. ++ Currently the only engine tested is the 'pkcs11' engine (hardware token ++ support). To use the 'pksc11' engine: ++ - Use a special private key fileiname in the /etc/ppp/eaptls-client file: ++ : ++ e.g. ++ pkcs11:123456 ++ ++ - The certificate can also be loaded from the 'pkcs11' engine using ++ a special client certificate filename in the /etc/ppp/eaptls-client file: ++ : ++ e.g. ++ pkcs11:123456 ++ ++ - Create an /etc/ppp/openssl.cnf file to load the right OpenSSL engine prior ++ to starting 'pppd'. A sample openssl.cnf file is ++ ++ openssl_conf = openssl_def ++ ++ [ openssl_def ] ++ engines = engine_section ++ ++ [ engine_section ] ++ pkcs11 = pkcs11_section ++ ++ [ pkcs11_section ] ++ engine_id = pkcs11 ++ dynamic_path = /usr/lib64/openssl/engines/engine_pkcs11.so ++ MODULE_PATH = /usr/lib64/libeTPkcs11.so ++ init = 0 ++ ++ - There are two ways to specify a password/PIN for the PKCS11 engine: ++ - inside the openssl.cnf file using ++ PIN = your-secret-pin ++ Note The keyword 'PIN' is case sensitive! ++ - Using the 'password' in the ppp options file. ++ From v0.97 of the eap-tls patch the password can also be supplied ++ using the appropriate 'eaptls_passwd_hook' (see plugins/passprompt.c ++ for an example). ++ ++ ++4. Options ++ ++ These pppd options are available: ++ ++ ca ++ Use the CA public certificate found in in PEM format ++ cert ++ Use the client public certificate found in in PEM format ++ or in engine:engine_id format ++ key ++ Use the client private key found in in PEM format ++ or in engine:engine_id format ++ crl ++ Use the Certificate Revocation List (CRL) file in PEM format. ++ crl-dir ++ Use CRL files from directory . It contains CRL files in PEM ++ format and each file contains a CRL. The files are looked up ++ by the issuer name hash value. Use the c_rehash utility ++ to create necessary links. ++ need-peer-eap ++ If the peer doesn't ask us to authenticate or doesn't use eap ++ to authenticate us, disconnect. ++ ++ Note: ++ password-encrypted certificates can be used as of v0.94 of this ++ patch. The password for the eap-tls.key file is specified using ++ the regular ++ password .... ++ statement in the ppp options file, or by using the appropriate ++ plugin which supplies a 'eaptls_passwd_hook' routine. ++ ++5. Connecting ++ ++ If you're setting up a pppd server, edit the EAP-TLS configuration file ++ as written above and then run pppd with the 'auth' option to authenticate ++ the client. The EAP-TLS method will be used if the other eap methods can't ++ be used (no secrets). ++ ++ If you're setting up a client, edit the configuration file and then run ++ pppd with 'remotename' option to specify the server name. Add the ++ 'need-peer-eap' option if you want to be sure the peer ask you to ++ authenticate (and to use eap) and to disconnect if it doesn't. ++ ++6. Example ++ ++ The following example can be used to connect a Linux client with the 'pptp' ++ package to a Linux server running the 'pptpd' (PoPToP) package. The server ++ was configured with a certificate with name (CN) 'pptp-server', the client ++ was configured with a certificate with name (CN) 'pptp-client', both ++ signed by the same Certificate Authority (CA). ++ ++ Server side: ++ - /etc/pptpd.conf file: ++ option /etc/ppp/options-pptpd-eaptls ++ localip 172.16.1.1 ++ remoteip 172.16.1.10-20 ++ - /etc/ppp/options-pptpd-eaptls file: ++ name pptp-server ++ lock ++ mtu 1500 ++ mru 1450 ++ auth ++ lcp-echo-failure 3 ++ lcp-echo-interval 5 ++ nodeflate ++ nobsdcomp ++ nopredictor1 ++ nopcomp ++ noaccomp ++ ++ require-eap ++ require-mppe-128 ++ ++ crl /home/janjust/ppp/keys/crl.pem ++ ++ debug ++ logfile /tmp/pppd.log ++ ++ - /etc/ppp/eaptls-server file: ++ * pptp-server - /etc/ppp/pptp-server.crt /etc/ppp/ca.crt /etc/ppp/pptp-server.key * ++ ++ - On the server, run ++ pptdp --conf /etc/pptpd.conf ++ ++ Client side: ++ - Run ++ pppd noauth require-eap require-mppe-128 \ ++ ipcp-accept-local ipcp-accept-remote noipdefault \ ++ cert /etc/ppp/keys/pptp-client.crt \ ++ key /etc/ppp/keys/pptp-client.key \ ++ ca /etc/ppp/keys/ca.crt \ ++ name pptp-client remotename pptp-server \ ++ debug logfile /tmp/pppd.log ++ pty "pptp pptp-server.example.com --nolaunchpppd" ++ ++ Check /var/log/messages and the files /tmp/pppd.log on both sides for debugging info. ++ ++7. Notes ++ ++ This is experimental code. ++ Send suggestions and comments to Jan Just Keijser ++ ++8. Changelog of ppp-<>-eaptls-mppe-* patches ++ ++v0.7 (22-Nov-2005) ++ - First version of the patch to include MPPE support ++ - ppp-2.4.3 only ++v0.9 (25-Jul-2006) ++ - Bug fixes ++ - First version for ppp-2.4.4 ++v0.91 (03-Sep-2006) ++ - Added missing #include for md5.h ++ - Last version for ppp-2.4.3 ++v0.92 (22-Apr-2008) ++ - Fix for openssl 0.9.8 issue with md5 function overload. ++v0.93 (14-Aug-2008) ++ - Make sure 'noauth' option can be used to bypass server certificate verification. ++v0.94 (15-Oct-2008) ++ - Added support for password-protected private keys by (ab)using the 'password' field. ++v0.95 (23-Dec-2009) ++ - First version with OpenSSL engine support. ++v0.96 (27-Jan-2010) ++ - Added fully functional support for OpenSSL engines (PKCS#11) ++ - First version for ppp-2.4.5 ++v0.97 (20-Apr-2010) ++ - Some bug fixes for v0.96 ++ - Added support for entering the password via a plugin. The sample plugin ++ .../pppd/plugins/passprompt.c has been extended with EAP-TLS support. ++ The "old" methods using the password option or the /etc/ppp/openssl.cnf file still work. ++ - Added support for specifying the client CA, certificate and private key on the command-line ++ or via the ppp config file. ++v0.98 (20-Apr-2010) ++ - Fix initialisation bug when using ca/cert/key command-line options. ++ - Last version for ppp-2.4.4 ++v0.99 (05-Oct-2010) ++ - Fix coredump when using multilink option. ++v0.991 (08-Aug-2011) ++ - Fix compilation issue with openssl 1.0. ++v0.992 (01-Dec-2011) ++ - Fix compilation issue with eaptls_check_hook and passwordfd plugin. ++v0.993 (24-Apr-2012) ++ - Fix compilation issue when EAP_TLS=n in pppd/Makefile. ++v0.994 (11-Jun-2012) ++ - Fix compilation issue on Ubuntu 11.10. ++v0.995 (27-May-2014) ++ - Add support for a CRL file using the command-line option 'crl' ++ (prior only 'crl-dir' was supported). ++ - Fix segfault when pkcs11 enginename was not specified correctly. ++ - Fix segfault when client was misconfigured. ++ - Disable SSL Session Ticket support as Windows 8 does not support this. ++v0.996 (28-May-2014) ++ - Fix minor bug where SessionTicket message was printed as 'Unknown SSL3 code 4' ++ - Add EAP-TLS-specific options to pppd.8 manual page. ++ - Updated README.eap-tls file with new options and provide an example. ++v0.997 (19-Jun-2014) ++ - Change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET ++ - Fix bug in initialisation code with fragmented packets. ++v0.998 (13-Mar-2015) ++ - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1023620 ++v0.999 (11-May-2017) ++ - Add support for OpenSSL 1.1: the code will now compile against OpenSSL 1.0.x or 1.1.x. ++v1.101 (1-Jun-2018) ++ - Fix vulnerabilities CVE-2018-11574. ++v1.102 (2-Nov-2018) ++ - Add TLS 1.2 support. Windows 7/8 will connect using TLS 1.0, Windows 10 clients using TLS 1.2. ++ This works both when compiling against OpenSSL 1.0.1+ and 1.1+. ++ - Print warning when certificate is either not yet valid or has expired. ++ - Perform better peer certificate checks. ++ - Allow certificate chain files to be used. +--- /dev/null ++++ b/etc.ppp/eaptls-client +@@ -0,0 +1,10 @@ ++# Parameters for authentication using EAP-TLS (client) ++ ++# client name (can be *) ++# server name (can be *) ++# client certificate file (required) ++# server certificate file (optional, if unused put '-') ++# CA certificate file (required) ++# client private key file (required) ++ ++#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key +--- /dev/null ++++ b/etc.ppp/eaptls-server +@@ -0,0 +1,11 @@ ++# Parameters for authentication using EAP-TLS (server) ++ ++# client name (can be *) ++# server name (can be *) ++# client certificate file (optional, if unused put '-') ++# server certificate file (required) ++# CA certificate file (required) ++# server private key file (required) ++# allowed addresses (required, can be *) ++ ++#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24 +--- /dev/null ++++ b/etc.ppp/openssl.cnf +@@ -0,0 +1,14 @@ ++openssl_conf = openssl_def ++ ++[ openssl_def ] ++engines = engine_section ++ ++[ engine_section ] ++pkcs11 = pkcs11_section ++ ++[ pkcs11_section ] ++engine_id = pkcs11 ++dynamic_path = /usr/lib64/openssl/engines/engine_pkcs11.so ++MODULE_PATH = /usr/lib64/libeTPkcs11.so ++init = 0 ++ +--- a/linux/Makefile.top ++++ b/linux/Makefile.top +@@ -26,7 +26,7 @@ + cd pppdump; $(MAKE) $(MFLAGS) install + + install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \ +- $(ETCDIR)/chap-secrets ++ $(ETCDIR)/chap-secrets $(ETCDIR)/eaptls-server $(ETCDIR)/eaptls-client + + install-devel: + cd pppd; $(MAKE) $(MFLAGS) install-devel +@@ -37,6 +37,10 @@ + $(INSTALL) -c -m 600 etc.ppp/pap-secrets $@ + $(ETCDIR)/chap-secrets: + $(INSTALL) -c -m 600 etc.ppp/chap-secrets $@ ++$(ETCDIR)/eaptls-server: ++ $(INSTALL) -c -m 600 etc.ppp/eaptls-server $@ ++$(ETCDIR)/eaptls-client: ++ $(INSTALL) -c -m 600 etc.ppp/eaptls-client $@ + + $(BINDIR): + $(INSTALL) -d -m 755 $@ +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -76,6 +76,9 @@ + # Use libutil + USE_LIBUTIL=y + ++# Enable EAP-TLS authentication (requires libssl and libcrypto) ++USE_EAPTLS=y ++ + MAXOCTETS=y + + INCLUDE_DIRS= -I../include +@@ -116,6 +119,15 @@ + PPPDOBJS += sha1.o + endif + ++# EAP-TLS ++ifdef USE_EAPTLS ++CFLAGS += -DUSE_EAPTLS=1 -I/usr/kerberos/include ++LIBS += -lssl -lcrypto ++PPPDSRC += eap-tls.c ++HEADERS += eap-tls.h ++PPPDOBJS += eap-tls.o ++endif ++ + ifdef HAS_SHADOW + CFLAGS += -DHAS_SHADOW + #LIBS += -lshadow $(LIBS) +--- a/pppd/auth.c ++++ b/pppd/auth.c +@@ -109,6 +109,9 @@ + #include "upap.h" + #include "chap-new.h" + #include "eap.h" ++#ifdef USE_EAPTLS ++#include "eap-tls.h" ++#endif + #ifdef CBCP_SUPPORT + #include "cbcp.h" + #endif +@@ -183,6 +186,11 @@ + /* Hook for a plugin to get the CHAP password for authenticating us */ + int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; + ++#ifdef USE_EAPTLS ++/* Hook for a plugin to get the EAP-TLS password for authenticating us */ ++int (*eaptls_passwd_hook) __P((char *user, char *passwd)) = NULL; ++#endif ++ + /* Hook for a plugin to say whether it is OK if the peer + refuses to authenticate. */ + int (*null_auth_hook) __P((struct wordlist **paddrs, +@@ -238,6 +246,14 @@ + bool explicit_user = 0; /* Set if "user" option supplied */ + bool explicit_passwd = 0; /* Set if "password" option supplied */ + char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ ++#ifdef USE_EAPTLS ++char *cacert_file = NULL; /* CA certificate file (pem format) */ ++char *cert_file = NULL; /* client certificate file (pem format) */ ++char *privkey_file = NULL; /* client private key file (pem format) */ ++char *crl_dir = NULL; /* directory containing CRL files */ ++char *crl_file = NULL; /* Certificate Revocation List (CRL) file (pem format) */ ++bool need_peer_eap = 0; /* Require peer to authenticate us */ ++#endif + + static char *uafname; /* name of most recent +ua file */ + +@@ -254,6 +270,19 @@ + static int have_chap_secret __P((char *, char *, int, int *)); + static int have_srp_secret __P((char *client, char *server, int need_ip, + int *lacks_ipp)); ++ ++#ifdef USE_EAPTLS ++static int have_eaptls_secret_server ++__P((char *client, char *server, int need_ip, int *lacks_ipp)); ++static int have_eaptls_secret_client __P((char *client, char *server)); ++static int scan_authfile_eaptls __P((FILE * f, char *client, char *server, ++ char *cli_cert, char *serv_cert, ++ char *ca_cert, char *pk, ++ struct wordlist ** addrs, ++ struct wordlist ** opts, ++ char *filename, int flags)); ++#endif ++ + static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); + static int scan_authfile __P((FILE *, char *, char *, char *, + struct wordlist **, struct wordlist **, +@@ -401,6 +430,15 @@ + "Set telephone number(s) which are allowed to connect", + OPT_PRIV | OPT_A2LIST }, + ++#ifdef USE_EAPTLS ++ { "ca", o_string, &cacert_file, "EAP-TLS CA certificate in PEM format" }, ++ { "cert", o_string, &cert_file, "EAP-TLS client certificate in PEM format" }, ++ { "key", o_string, &privkey_file, "EAP-TLS client private key in PEM format" }, ++ { "crl-dir", o_string, &crl_dir, "Use CRLs in directory" }, ++ { "crl", o_string, &crl_file, "Use specific CRL file" }, ++ { "need-peer-eap", o_bool, &need_peer_eap, ++ "Require the peer to authenticate us", 1 }, ++#endif /* USE_EAPTLS */ + { NULL } + }; + +@@ -730,6 +768,9 @@ + lcp_options *wo = &lcp_wantoptions[unit]; + lcp_options *go = &lcp_gotoptions[unit]; + lcp_options *ho = &lcp_hisoptions[unit]; ++#ifdef USE_EAPTLS ++ lcp_options *ao = &lcp_allowoptions[unit]; ++#endif + int i; + struct protent *protp; + +@@ -764,6 +805,22 @@ + } + } + ++#ifdef USE_EAPTLS ++ if (need_peer_eap && !ao->neg_eap) { ++ warn("eap required to authenticate us but no suitable secrets"); ++ lcp_close(unit, "couldn't negotiate eap"); ++ status = EXIT_AUTH_TOPEER_FAILED; ++ return; ++ } ++ ++ if (need_peer_eap && !ho->neg_eap) { ++ warn("peer doesn't want to authenticate us with eap"); ++ lcp_close(unit, "couldn't negotiate eap"); ++ status = EXIT_PEER_AUTH_FAILED; ++ return; ++ } ++#endif ++ + new_phase(PHASE_AUTHENTICATE); + auth = 0; + if (go->neg_eap) { +@@ -1277,6 +1334,15 @@ + our_name, 1, &lacks_ip); + } + ++#ifdef USE_EAPTLS ++ if (!can_auth && wo->neg_eap) { ++ can_auth = ++ have_eaptls_secret_server((explicit_remote ? remote_name : ++ NULL), our_name, 1, &lacks_ip); ++ ++ } ++#endif ++ + if (auth_required && !can_auth && noauth_addrs == NULL) { + if (default_auth) { + option_error( +@@ -1331,7 +1397,11 @@ + passwd[0] != 0 || + (hadchap == 1 || (hadchap == -1 && have_chap_secret(user, + (explicit_remote? remote_name: NULL), 0, NULL))) || +- have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)); ++ have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL) ++#ifdef USE_EAPTLS ++ || have_eaptls_secret_client(user, (explicit_remote? remote_name: NULL)) ++#endif ++ ); + + hadchap = -1; + if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) +@@ -1346,8 +1416,14 @@ + !have_chap_secret((explicit_remote? remote_name: NULL), our_name, + 1, NULL))) && + !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, +- NULL)) ++ NULL) ++#ifdef USE_EAPTLS ++ && !have_eaptls_secret_server((explicit_remote? remote_name: NULL), ++ our_name, 1, NULL) ++#endif ++ ) + go->neg_eap = 0; ++ + } + + +@@ -1709,6 +1785,7 @@ + } + + ++ + /* + * get_secret - open the CHAP secret file and return the secret + * for authenticating the given client on the given server. +@@ -2361,3 +2438,335 @@ + + auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0); + } ++ ++ ++#ifdef USE_EAPTLS ++static int ++have_eaptls_secret_server(client, server, need_ip, lacks_ipp) ++ char *client; ++ char *server; ++ int need_ip; ++ int *lacks_ipp; ++{ ++ FILE *f; ++ int ret; ++ char *filename; ++ struct wordlist *addrs; ++ char servcertfile[MAXWORDLEN]; ++ char clicertfile[MAXWORDLEN]; ++ char cacertfile[MAXWORDLEN]; ++ char pkfile[MAXWORDLEN]; ++ ++ filename = _PATH_EAPTLSSERVFILE; ++ f = fopen(filename, "r"); ++ if (f == NULL) ++ return 0; ++ ++ if (client != NULL && client[0] == 0) ++ client = NULL; ++ else if (server != NULL && server[0] == 0) ++ server = NULL; ++ ++ ret = ++ scan_authfile_eaptls(f, client, server, clicertfile, servcertfile, ++ cacertfile, pkfile, &addrs, NULL, filename, ++ 0); ++ ++ fclose(f); ++ ++/* ++ if (ret >= 0 && !eaptls_init_ssl(1, cacertfile, servcertfile, ++ clicertfile, pkfile)) ++ ret = -1; ++*/ ++ ++ if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { ++ if (lacks_ipp != 0) ++ *lacks_ipp = 1; ++ ret = -1; ++ } ++ if (addrs != 0) ++ free_wordlist(addrs); ++ ++ return ret >= 0; ++} ++ ++ ++static int ++have_eaptls_secret_client(client, server) ++ char *client; ++ char *server; ++{ ++ FILE *f; ++ int ret; ++ char *filename; ++ struct wordlist *addrs = NULL; ++ char servcertfile[MAXWORDLEN]; ++ char clicertfile[MAXWORDLEN]; ++ char cacertfile[MAXWORDLEN]; ++ char pkfile[MAXWORDLEN]; ++ ++ if (client != NULL && client[0] == 0) ++ client = NULL; ++ else if (server != NULL && server[0] == 0) ++ server = NULL; ++ ++ if (cacert_file && cert_file && privkey_file) ++ return 1; ++ ++ filename = _PATH_EAPTLSCLIFILE; ++ f = fopen(filename, "r"); ++ if (f == NULL) ++ return 0; ++ ++ ret = ++ scan_authfile_eaptls(f, client, server, clicertfile, servcertfile, ++ cacertfile, pkfile, &addrs, NULL, filename, ++ 0); ++ fclose(f); ++ ++/* ++ if (ret >= 0 && !eaptls_init_ssl(0, cacertfile, clicertfile, ++ servcertfile, pkfile)) ++ ret = -1; ++*/ ++ ++ if (addrs != 0) ++ free_wordlist(addrs); ++ ++ return ret >= 0; ++} ++ ++ ++static int ++scan_authfile_eaptls(f, client, server, cli_cert, serv_cert, ca_cert, pk, ++ addrs, opts, filename, flags) ++ FILE *f; ++ char *client; ++ char *server; ++ char *cli_cert; ++ char *serv_cert; ++ char *ca_cert; ++ char *pk; ++ struct wordlist **addrs; ++ struct wordlist **opts; ++ char *filename; ++ int flags; ++{ ++ int newline; ++ int got_flag, best_flag; ++ struct wordlist *ap, *addr_list, *alist, **app; ++ char word[MAXWORDLEN]; ++ ++ if (addrs != NULL) ++ *addrs = NULL; ++ if (opts != NULL) ++ *opts = NULL; ++ addr_list = NULL; ++ if (!getword(f, word, &newline, filename)) ++ return -1; /* file is empty??? */ ++ newline = 1; ++ best_flag = -1; ++ for (;;) { ++ /* ++ * Skip until we find a word at the start of a line. ++ */ ++ while (!newline && getword(f, word, &newline, filename)); ++ if (!newline) ++ break; /* got to end of file */ ++ ++ /* ++ * Got a client - check if it's a match or a wildcard. ++ */ ++ got_flag = 0; ++ if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { ++ newline = 0; ++ continue; ++ } ++ if (!ISWILD(word)) ++ got_flag = NONWILD_CLIENT; ++ ++ /* ++ * Now get a server and check if it matches. ++ */ ++ if (!getword(f, word, &newline, filename)) ++ break; ++ if (newline) ++ continue; ++ if (!ISWILD(word)) { ++ if (server != NULL && strcmp(word, server) != 0) ++ continue; ++ got_flag |= NONWILD_SERVER; ++ } ++ ++ /* ++ * Got some sort of a match - see if it's better than what ++ * we have already. ++ */ ++ if (got_flag <= best_flag) ++ continue; ++ ++ /* ++ * Get the cli_cert ++ */ ++ if (!getword(f, word, &newline, filename)) ++ break; ++ if (newline) ++ continue; ++ if (strcmp(word, "-") != 0) { ++ strlcpy(cli_cert, word, MAXWORDLEN); ++ } else ++ cli_cert[0] = 0; ++ ++ /* ++ * Get serv_cert ++ */ ++ if (!getword(f, word, &newline, filename)) ++ break; ++ if (newline) ++ continue; ++ if (strcmp(word, "-") != 0) { ++ strlcpy(serv_cert, word, MAXWORDLEN); ++ } else ++ serv_cert[0] = 0; ++ ++ /* ++ * Get ca_cert ++ */ ++ if (!getword(f, word, &newline, filename)) ++ break; ++ if (newline) ++ continue; ++ strlcpy(ca_cert, word, MAXWORDLEN); ++ ++ /* ++ * Get pk ++ */ ++ if (!getword(f, word, &newline, filename)) ++ break; ++ if (newline) ++ continue; ++ strlcpy(pk, word, MAXWORDLEN); ++ ++ ++ /* ++ * Now read address authorization info and make a wordlist. ++ */ ++ app = &alist; ++ for (;;) { ++ if (!getword(f, word, &newline, filename) || newline) ++ break; ++ ap = (struct wordlist *) ++ malloc(sizeof(struct wordlist) + strlen(word) + 1); ++ if (ap == NULL) ++ novm("authorized addresses"); ++ ap->word = (char *) (ap + 1); ++ strcpy(ap->word, word); ++ *app = ap; ++ app = &ap->next; ++ } ++ *app = NULL; ++ /* ++ * This is the best so far; remember it. ++ */ ++ best_flag = got_flag; ++ if (addr_list) ++ free_wordlist(addr_list); ++ addr_list = alist; ++ ++ if (!newline) ++ break; ++ } ++ ++ /* scan for a -- word indicating the start of options */ ++ for (app = &addr_list; (ap = *app) != NULL; app = &ap->next) ++ if (strcmp(ap->word, "--") == 0) ++ break; ++ /* ap = start of options */ ++ if (ap != NULL) { ++ ap = ap->next; /* first option */ ++ free(*app); /* free the "--" word */ ++ *app = NULL; /* terminate addr list */ ++ } ++ if (opts != NULL) ++ *opts = ap; ++ else if (ap != NULL) ++ free_wordlist(ap); ++ if (addrs != NULL) ++ *addrs = addr_list; ++ else if (addr_list != NULL) ++ free_wordlist(addr_list); ++ ++ return best_flag; ++} ++ ++ ++int ++get_eaptls_secret(unit, client, server, clicertfile, servcertfile, ++ cacertfile, pkfile, am_server) ++ int unit; ++ char *client; ++ char *server; ++ char *clicertfile; ++ char *servcertfile; ++ char *cacertfile; ++ char *pkfile; ++ int am_server; ++{ ++ FILE *fp; ++ int ret; ++ char *filename = NULL; ++ struct wordlist *addrs = NULL; ++ struct wordlist *opts = NULL; ++ ++ /* in client mode the ca+cert+privkey can also be specified as options */ ++ if (!am_server && cacert_file && cert_file && privkey_file ) ++ { ++ strlcpy( clicertfile, cert_file, MAXWORDLEN ); ++ strlcpy( cacertfile, cacert_file, MAXWORDLEN ); ++ strlcpy( pkfile, privkey_file, MAXWORDLEN ); ++ servcertfile[0] = '\0'; ++ } ++ else ++ { ++ filename = (am_server ? _PATH_EAPTLSSERVFILE : _PATH_EAPTLSCLIFILE); ++ addrs = NULL; ++ ++ fp = fopen(filename, "r"); ++ if (fp == NULL) ++ { ++ error("Can't open eap-tls secret file %s: %m", filename); ++ return 0; ++ } ++ ++ check_access(fp, filename); ++ ++ ret = scan_authfile_eaptls(fp, client, server, clicertfile, servcertfile, ++ cacertfile, pkfile, &addrs, &opts, filename, 0); ++ ++ fclose(fp); ++ ++ if (ret < 0) return 0; ++ } ++ ++ if (eaptls_passwd_hook) ++ { ++ dbglog( "Calling eaptls password hook" ); ++ if ( (*eaptls_passwd_hook)(pkfile, passwd) < 0) ++ { ++ error("Unable to obtain EAP-TLS password for %s (%s) from plugin", ++ client, pkfile); ++ return 0; ++ } ++ } ++ if (am_server) ++ set_allowed_addrs(unit, addrs, opts); ++ else if (opts != NULL) ++ free_wordlist(opts); ++ if (addrs != NULL) ++ free_wordlist(addrs); ++ ++ return 1; ++} ++#endif ++ +--- a/pppd/ccp.c ++++ b/pppd/ccp.c +@@ -540,6 +540,9 @@ + if (go->mppe) { + ccp_options *ao = &ccp_allowoptions[f->unit]; + int auth_mschap_bits = auth_done[f->unit]; ++#ifdef USE_EAPTLS ++ int auth_eap_bits = auth_done[f->unit]; ++#endif + int numbits; + + /* +@@ -567,8 +570,23 @@ + lcp_close(f->unit, "MPPE required but not available"); + return; + } ++ ++#ifdef USE_EAPTLS ++ /* ++ * MPPE is also possible in combination with EAP-TLS. ++ * It is not possible to detect if we're doing EAP or EAP-TLS ++ * at this stage, hence we accept all forms of EAP. If TLS is ++ * not used then the MPPE keys will not be derived anyway. ++ */ ++ /* Leave only the eap auth bits set */ ++ auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); ++ ++ if ((numbits == 0) && (auth_eap_bits == 0)) { ++ error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); ++#else + if (!numbits) { +- error("MPPE required, but MS-CHAP[v2] auth not performed."); ++ error("MPPE required, but MS-CHAP[v2] auth not performed."); ++#endif + lcp_close(f->unit, "MPPE required but not available"); + return; + } +--- a/pppd/chap-md5.c ++++ b/pppd/chap-md5.c +@@ -36,7 +36,11 @@ + #include "chap-new.h" + #include "chap-md5.h" + #include "magic.h" ++#ifdef USE_EAPTLS ++#include "eap-tls.h" ++#else + #include "md5.h" ++#endif /* USE_EAPTLS */ + + #define MD5_HASH_SIZE 16 + #define MD5_MIN_CHALLENGE 16 +--- /dev/null ++++ b/pppd/eap-tls.c +@@ -0,0 +1,1383 @@ ++/* * eap-tls.c - EAP-TLS implementation for PPP ++ * ++ * Copyright (c) Beniamino Galvani 2005 All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. The name(s) of the authors of this software must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. ++ * ++ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO ++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY ++ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN ++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING ++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "pppd.h" ++#include "eap.h" ++#include "eap-tls.h" ++#include "fsm.h" ++#include "lcp.h" ++#include "pathnames.h" ++ ++/* The openssl configuration file and engines can be loaded only once */ ++static CONF *ssl_config = NULL; ++static ENGINE *cert_engine = NULL; ++static ENGINE *pkey_engine = NULL; ++ ++#ifdef MPPE ++ ++#define EAPTLS_MPPE_KEY_LEN 32 ++ ++/* ++ * The following stuff is only needed if SSL_export_keying_material() is not available ++ */ ++ ++#if OPENSSL_VERSION_NUMBER < 0x10001000L ++ ++/* ++ * https://wiki.openssl.org/index.php/1.1_API_Changes ++ * tries to provide some guidance but ultimately falls short. ++ * ++ */ ++ ++static void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ if (ctx != NULL) { ++ HMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++ ++static HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); ++ if (ctx != NULL) ++ HMAC_CTX_init(ctx); ++ return ctx; ++} ++ ++static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, ++ size_t outlen) ++{ ++ if (outlen == 0) ++ return sizeof(ssl->s3->client_random); ++ if (outlen > sizeof(ssl->s3->client_random)) ++ outlen = sizeof(ssl->s3->client_random); ++ memcpy(out, ssl->s3->client_random, outlen); ++ return outlen; ++} ++ ++static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, ++ size_t outlen) ++{ ++ if (outlen == 0) ++ return sizeof(ssl->s3->server_random); ++ if (outlen > sizeof(ssl->s3->server_random)) ++ outlen = sizeof(ssl->s3->server_random); ++ memcpy(out, ssl->s3->server_random, outlen); ++ return outlen; ++} ++ ++static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, ++ unsigned char *out, size_t outlen) ++{ ++ if (outlen == 0) ++ return session->master_key_length; ++ if (outlen > session->master_key_length) ++ outlen = session->master_key_length; ++ memcpy(out, session->master_key, outlen); ++ return outlen; ++} ++ ++ ++/* ++ * TLS PRF from RFC 2246 ++ */ ++static void P_hash(const EVP_MD *evp_md, ++ const unsigned char *secret, unsigned int secret_len, ++ const unsigned char *seed, unsigned int seed_len, ++ unsigned char *out, unsigned int out_len) ++{ ++ HMAC_CTX *ctx_a, *ctx_out; ++ unsigned char a[HMAC_MAX_MD_CBLOCK]; ++ unsigned int size; ++ ++ ctx_a = HMAC_CTX_new(); ++ ctx_out = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx_a, secret, secret_len, evp_md, NULL); ++ HMAC_Init_ex(ctx_out, secret, secret_len, evp_md, NULL); ++ ++ size = HMAC_size(ctx_out); ++ ++ /* Calculate A(1) */ ++ HMAC_Update(ctx_a, seed, seed_len); ++ HMAC_Final(ctx_a, a, NULL); ++ ++ while (1) { ++ /* Calculate next part of output */ ++ HMAC_Update(ctx_out, a, size); ++ HMAC_Update(ctx_out, seed, seed_len); ++ ++ /* Check if last part */ ++ if (out_len < size) { ++ HMAC_Final(ctx_out, a, NULL); ++ memcpy(out, a, out_len); ++ break; ++ } ++ ++ /* Place digest in output buffer */ ++ HMAC_Final(ctx_out, out, NULL); ++ HMAC_Init_ex(ctx_out, NULL, 0, NULL, NULL); ++ out += size; ++ out_len -= size; ++ ++ /* Calculate next A(i) */ ++ HMAC_Init_ex(ctx_a, NULL, 0, NULL, NULL); ++ HMAC_Update(ctx_a, a, size); ++ HMAC_Final(ctx_a, a, NULL); ++ } ++ ++ HMAC_CTX_free(ctx_a); ++ HMAC_CTX_free(ctx_out); ++ memset(a, 0, sizeof(a)); ++} ++ ++static void PRF(const unsigned char *secret, unsigned int secret_len, ++ const unsigned char *seed, unsigned int seed_len, ++ unsigned char *out, unsigned char *buf, unsigned int out_len) ++{ ++ unsigned int i; ++ unsigned int len = (secret_len + 1) / 2; ++ const unsigned char *s1 = secret; ++ const unsigned char *s2 = secret + (secret_len - len); ++ ++ P_hash(EVP_md5(), s1, len, seed, seed_len, out, out_len); ++ P_hash(EVP_sha1(), s2, len, seed, seed_len, buf, out_len); ++ ++ for (i=0; i < out_len; i++) { ++ out[i] ^= buf[i]; ++ } ++} ++ ++static int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, ++ const char *label, size_t llen, ++ const unsigned char *p, size_t plen, ++ int use_context) ++{ ++ unsigned char seed[64 + 2*SSL3_RANDOM_SIZE]; ++ unsigned char buf[4*EAPTLS_MPPE_KEY_LEN]; ++ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; ++ size_t master_key_length; ++ unsigned char *pp; ++ ++ pp = seed; ++ ++ memcpy(pp, label, llen); ++ pp += llen; ++ ++ llen += SSL_get_client_random(s, pp, SSL3_RANDOM_SIZE); ++ pp += SSL3_RANDOM_SIZE; ++ ++ llen += SSL_get_server_random(s, pp, SSL3_RANDOM_SIZE); ++ ++ master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, ++ sizeof(master_key)); ++ PRF(master_key, master_key_length, seed, llen, out, buf, olen); ++ ++ return 1; ++} ++ ++#endif /* OPENSSL_VERSION_NUMBER < 0x10001000L */ ++ ++ ++/* ++ * OpenSSL 1.1+ introduced a generic TLS_method() ++ * For older releases we substitute the appropriate method ++ */ ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#define TLS_method SSLv23_method ++ ++#define SSL3_RT_HEADER 0x100 ++ ++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ ++ ++ ++/* ++ * Generate keys according to RFC 2716 and add to reply ++ */ ++void eaptls_gen_mppe_keys(struct eaptls_session *ets, const char *prf_label, ++ int client) ++{ ++ unsigned char out[4*EAPTLS_MPPE_KEY_LEN]; ++ size_t prf_size = strlen(prf_label); ++ unsigned char *p; ++ ++ if (SSL_export_keying_material(ets->ssl, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) ++ { ++ warn( "EAP-TLS: Failed generating keying material" ); ++ return; ++ } ++ ++ /* ++ * We now have the master send and receive keys. ++ * From these, generate the session send and receive keys. ++ * (see RFC3079 / draft-ietf-pppext-mppe-keys-03.txt for details) ++ */ ++ if (client) ++ { ++ p = out; ++ BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); ++ p += EAPTLS_MPPE_KEY_LEN; ++ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); ++ } ++ else ++ { ++ p = out; ++ BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) ); ++ p += EAPTLS_MPPE_KEY_LEN; ++ BCOPY( p, mppe_send_key, sizeof(mppe_send_key) ); ++ } ++ ++ mppe_keys_set = 1; ++} ++ ++#endif ++ ++void log_ssl_errors( void ) ++{ ++ unsigned long ssl_err = ERR_get_error(); ++ ++ if (ssl_err != 0) ++ dbglog("EAP-TLS SSL error stack:"); ++ while (ssl_err != 0) { ++ dbglog( ERR_error_string( ssl_err, NULL ) ); ++ ssl_err = ERR_get_error(); ++ } ++} ++ ++ ++int password_callback (char *buf, int size, int rwflag, void *u) ++{ ++ if (buf) ++ { ++ strncpy (buf, passwd, size); ++ return strlen (buf); ++ } ++ return 0; ++} ++ ++ ++CONF *eaptls_ssl_load_config( void ) ++{ ++ CONF *config; ++ int ret_code; ++ long error_line = 33; ++ ++ config = NCONF_new( NULL ); ++ dbglog( "Loading OpenSSL config file" ); ++ ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line ); ++ if (ret_code == 0) ++ { ++ warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line ); ++ NCONF_free( config ); ++ config = NULL; ++ ERR_clear_error(); ++ } ++ ++ dbglog( "Loading OpenSSL built-ins" ); ++ ENGINE_load_builtin_engines(); ++ OPENSSL_load_builtin_modules(); ++ ++ dbglog( "Loading OpenSSL configured modules" ); ++ if (CONF_modules_load( config, NULL, 0 ) <= 0 ) ++ { ++ warn( "EAP-TLS: Error loading OpenSSL modules" ); ++ log_ssl_errors(); ++ config = NULL; ++ } ++ ++ return config; ++} ++ ++ENGINE *eaptls_ssl_load_engine( char *engine_name ) ++{ ++ ENGINE *e = NULL; ++ ++ dbglog( "Enabling OpenSSL auto engines" ); ++ ENGINE_register_all_complete(); ++ ++ dbglog( "Loading OpenSSL '%s' engine support", engine_name ); ++ e = ENGINE_by_id( engine_name ); ++ if (!e) ++ { ++ dbglog( "EAP-TLS: Cannot load '%s' engine support, trying 'dynamic'", engine_name ); ++ e = ENGINE_by_id( "dynamic" ); ++ if (e) ++ { ++ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine_name, 0) ++ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) ++ { ++ warn( "EAP-TLS: Error loading dynamic engine '%s'", engine_name ); ++ log_ssl_errors(); ++ ENGINE_free(e); ++ e = NULL; ++ } ++ } ++ else ++ { ++ warn( "EAP-TLS: Cannot load dynamic engine support" ); ++ } ++ } ++ ++ if (e) ++ { ++ dbglog( "Initialising engine" ); ++ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) ++ { ++ warn( "EAP-TLS: Cannot use that engine" ); ++ log_ssl_errors(); ++ ENGINE_free(e); ++ e = NULL; ++ } ++ } ++ ++ return e; ++} ++ ++/* ++ * Initialize the SSL stacks and tests if certificates, key and crl ++ * for client or server use can be loaded. ++ */ ++SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, ++ char *certfile, char *peer_certfile, char *privkeyfile) ++{ ++ char *cert_engine_name = NULL; ++ char *cert_identifier = NULL; ++ char *pkey_engine_name = NULL; ++ char *pkey_identifier = NULL; ++ SSL_CTX *ctx; ++ SSL *ssl; ++ X509_STORE *certstore; ++ X509_LOOKUP *lookup; ++ X509 *tmp; ++ int ret; ++ ++ /* ++ * Without these can't continue ++ */ ++ if (!cacertfile[0]) ++ { ++ error("EAP-TLS: CA certificate missing"); ++ return NULL; ++ } ++ ++ if (!certfile[0]) ++ { ++ error("EAP-TLS: User certificate missing"); ++ return NULL; ++ } ++ ++ if (!privkeyfile[0]) ++ { ++ error("EAP-TLS: User private key missing"); ++ return NULL; ++ } ++ ++ SSL_library_init(); ++ SSL_load_error_strings(); ++ ++ ctx = SSL_CTX_new(TLS_method()); ++ ++ if (!ctx) { ++ error("EAP-TLS: Cannot initialize SSL CTX context"); ++ goto fail; ++ } ++ ++ /* if the certificate filename is of the form engine:id. e.g. ++ pkcs11:12345 ++ then we try to load and use this engine. ++ If the certificate filename starts with a / or . then we ++ ALWAYS assume it is a file and not an engine/pkcs11 identifier ++ */ ++ if ( index( certfile, '/' ) == NULL && index( certfile, '.') == NULL ) ++ { ++ cert_identifier = index( certfile, ':' ); ++ ++ if (cert_identifier) ++ { ++ cert_engine_name = certfile; ++ *cert_identifier = '\0'; ++ cert_identifier++; ++ ++ dbglog( "Found certificate engine '%s'", cert_engine_name ); ++ dbglog( "Found certificate identifier '%s'", cert_identifier ); ++ } ++ } ++ ++ /* if the privatekey filename is of the form engine:id. e.g. ++ pkcs11:12345 ++ then we try to load and use this engine. ++ If the privatekey filename starts with a / or . then we ++ ALWAYS assume it is a file and not an engine/pkcs11 identifier ++ */ ++ if ( index( privkeyfile, '/' ) == NULL && index( privkeyfile, '.') == NULL ) ++ { ++ pkey_identifier = index( privkeyfile, ':' ); ++ ++ if (pkey_identifier) ++ { ++ pkey_engine_name = privkeyfile; ++ *pkey_identifier = '\0'; ++ pkey_identifier++; ++ ++ dbglog( "Found privatekey engine '%s'", pkey_engine_name ); ++ dbglog( "Found privatekey identifier '%s'", pkey_identifier ); ++ } ++ } ++ ++ if (cert_identifier && pkey_identifier) ++ { ++ if (strlen( cert_identifier ) == 0) ++ { ++ if (strlen( pkey_identifier ) == 0) ++ error( "EAP-TLS: both the certificate and privatekey identifiers are missing!" ); ++ else ++ { ++ dbglog( "Substituting privatekey identifier for certificate identifier" ); ++ cert_identifier = pkey_identifier; ++ } ++ } ++ else ++ { ++ if (strlen( pkey_identifier ) == 0) ++ { ++ dbglog( "Substituting certificate identifier for privatekey identifier" ); ++ pkey_identifier = cert_identifier; ++ } ++ } ++ ++ } ++ ++ /* load the openssl config file only once */ ++ if (!ssl_config) ++ { ++ if (cert_engine_name || pkey_engine_name) ++ ssl_config = eaptls_ssl_load_config(); ++ ++ if (ssl_config && cert_engine_name) ++ cert_engine = eaptls_ssl_load_engine( cert_engine_name ); ++ ++ if (ssl_config && pkey_engine_name) ++ { ++ /* don't load the same engine twice */ ++ if ( cert_engine && strcmp( cert_engine_name, pkey_engine_name) == 0 ) ++ pkey_engine = cert_engine; ++ else ++ pkey_engine = eaptls_ssl_load_engine( pkey_engine_name ); ++ } ++ } ++ ++ SSL_CTX_set_default_passwd_cb (ctx, password_callback); ++ ++ if (!SSL_CTX_load_verify_locations(ctx, cacertfile, NULL)) ++ { ++ error("EAP-TLS: Cannot load or verify CA file %s", cacertfile); ++ goto fail; ++ } ++ ++ if (init_server) ++ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cacertfile)); ++ ++ if (cert_engine) ++ { ++ struct ++ { ++ const char *s_slot_cert_id; ++ X509 *cert; ++ } cert_info; ++ ++ cert_info.s_slot_cert_id = cert_identifier; ++ cert_info.cert = NULL; ++ ++ if (!ENGINE_ctrl_cmd( cert_engine, "LOAD_CERT_CTRL", 0, &cert_info, NULL, 0 ) ) ++ { ++ error( "EAP-TLS: Error loading certificate with id '%s' from engine", cert_identifier ); ++ goto fail; ++ } ++ ++ if (cert_info.cert) ++ { ++ dbglog( "Got the certificate, adding it to SSL context" ); ++ dbglog( "subject = %s", X509_NAME_oneline( X509_get_subject_name( cert_info.cert ), NULL, 0 ) ); ++ if (SSL_CTX_use_certificate(ctx, cert_info.cert) <= 0) ++ { ++ error("EAP-TLS: Cannot use PKCS11 certificate %s", cert_identifier); ++ goto fail; ++ } ++ } ++ else ++ { ++ warn("EAP-TLS: Cannot load PKCS11 key %s", cert_identifier); ++ log_ssl_errors(); ++ } ++ } ++ else ++ { ++ if (!SSL_CTX_use_certificate_chain_file(ctx, certfile)) ++ { ++ error( "EAP-TLS: Cannot use public certificate %s", certfile ); ++ goto fail; ++ } ++ } ++ ++ ++ /* ++ * Check the Before and After dates of the certificate ++ */ ++ ssl = SSL_new(ctx); ++ tmp = SSL_get_certificate(ssl); ++ ++ ret = X509_cmp_time(X509_get_notBefore(tmp), NULL); ++ if (ret == 0) ++ { ++ warn( "EAP-TLS: Failed to read certificate notBefore field."); ++ } ++ if (ret > 0) ++ { ++ warn( "EAP-TLS: Your certificate is not yet valid!"); ++ } ++ ++ ret = X509_cmp_time(X509_get_notAfter(tmp), NULL); ++ if (ret == 0) ++ { ++ warn( "EAP-TLS: Failed to read certificate notAfter field."); ++ } ++ if (ret < 0) ++ { ++ warn( "EAP-TLS: Your certificate has expired!"); ++ } ++ SSL_free(ssl); ++ ++ if (pkey_engine) ++ { ++ EVP_PKEY *pkey = NULL; ++ PW_CB_DATA cb_data; ++ ++ cb_data.password = passwd; ++ cb_data.prompt_info = pkey_identifier; ++ ++ dbglog( "Loading private key '%s' from engine", pkey_identifier ); ++ pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, NULL, &cb_data); ++ if (pkey) ++ { ++ dbglog( "Got the private key, adding it to SSL context" ); ++ if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0) ++ { ++ error("EAP-TLS: Cannot use PKCS11 key %s", pkey_identifier); ++ goto fail; ++ } ++ } ++ else ++ { ++ warn("EAP-TLS: Cannot load PKCS11 key %s", pkey_identifier); ++ log_ssl_errors(); ++ } ++ } ++ else ++ { ++ if (!SSL_CTX_use_PrivateKey_file(ctx, privkeyfile, SSL_FILETYPE_PEM)) ++ { ++ error("EAP-TLS: Cannot use private key %s", privkeyfile); ++ goto fail; ++ } ++ } ++ ++ if (SSL_CTX_check_private_key(ctx) != 1) { ++ error("EAP-TLS: Private key %s fails security check", privkeyfile); ++ goto fail; ++ } ++ ++ /* Explicitly set the NO_TICKETS flag to support Win7/Win8 clients */ ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 ++#ifdef SSL_OP_NO_TICKET ++ | SSL_OP_NO_TICKET ++#endif ++ ); ++ ++ SSL_CTX_set_verify_depth(ctx, 5); ++ SSL_CTX_set_verify(ctx, ++ SSL_VERIFY_PEER | ++ SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ++ &ssl_verify_callback); ++ ++ if (crl_dir) { ++ if (!(certstore = SSL_CTX_get_cert_store(ctx))) { ++ error("EAP-TLS: Failed to get certificate store"); ++ goto fail; ++ } ++ ++ if (!(lookup = ++ X509_STORE_add_lookup(certstore, X509_LOOKUP_hash_dir()))) { ++ error("EAP-TLS: Store lookup for CRL failed"); ++ ++ goto fail; ++ } ++ ++ X509_LOOKUP_add_dir(lookup, crl_dir, X509_FILETYPE_PEM); ++ X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK); ++ } ++ ++ if (crl_file) { ++ FILE *fp = NULL; ++ X509_CRL *crl = NULL; ++ ++ fp = fopen(crl_file, "r"); ++ if (!fp) { ++ error("EAP-TLS: Cannot open CRL file '%s'", crl_file); ++ goto fail; ++ } ++ ++ crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); ++ if (!crl) { ++ error("EAP-TLS: Cannot read CRL file '%s'", crl_file); ++ goto fail; ++ } ++ ++ if (!(certstore = SSL_CTX_get_cert_store(ctx))) { ++ error("EAP-TLS: Failed to get certificate store"); ++ goto fail; ++ } ++ if (!X509_STORE_add_crl(certstore, crl)) { ++ error("EAP-TLS: Cannot add CRL to certificate store"); ++ goto fail; ++ } ++ X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK); ++ ++ } ++ ++ /* ++ * If a peer certificate file was specified, it must be valid, else fail ++ */ ++ if (peer_certfile[0]) { ++ if (!(tmp = get_X509_from_file(peer_certfile))) { ++ error("EAP-TLS: Error loading client certificate from file %s", ++ peer_certfile); ++ goto fail; ++ } ++ X509_free(tmp); ++ } ++ ++ return ctx; ++ ++fail: ++ log_ssl_errors(); ++ SSL_CTX_free(ctx); ++ return NULL; ++} ++ ++/* ++ * Determine the maximum packet size by looking at the LCP handshake ++ */ ++ ++int eaptls_get_mtu(int unit) ++{ ++ int mtu, mru; ++ ++ lcp_options *wo = &lcp_wantoptions[unit]; ++ lcp_options *go = &lcp_gotoptions[unit]; ++ lcp_options *ho = &lcp_hisoptions[unit]; ++ lcp_options *ao = &lcp_allowoptions[unit]; ++ ++ mtu = ho->neg_mru? ho->mru: PPP_MRU; ++ mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU; ++ mtu = MIN(MIN(mtu, mru), ao->mru)- PPP_HDRLEN - 10; ++ ++ dbglog("MTU = %d", mtu); ++ return mtu; ++} ++ ++ ++/* ++ * Init the ssl handshake (server mode) ++ */ ++int eaptls_init_ssl_server(eap_state * esp) ++{ ++ struct eaptls_session *ets; ++ char servcertfile[MAXWORDLEN]; ++ char clicertfile[MAXWORDLEN]; ++ char cacertfile[MAXWORDLEN]; ++ char pkfile[MAXWORDLEN]; ++ /* ++ * Allocate new eaptls session ++ */ ++ esp->es_server.ea_session = malloc(sizeof(struct eaptls_session)); ++ if (!esp->es_server.ea_session) ++ fatal("Allocation error"); ++ ets = esp->es_server.ea_session; ++ ++ if (!esp->es_server.ea_peer) { ++ error("EAP-TLS: Error: client name not set (BUG)"); ++ return 0; ++ } ++ ++ strncpy(ets->peer, esp->es_server.ea_peer, MAXWORDLEN); ++ ++ dbglog( "getting eaptls secret" ); ++ if (!get_eaptls_secret(esp->es_unit, esp->es_server.ea_peer, ++ esp->es_server.ea_name, clicertfile, ++ servcertfile, cacertfile, pkfile, 1)) { ++ error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"", ++ esp->es_server.ea_peer, esp->es_server.ea_name ); ++ return 0; ++ } ++ ++ ets->mtu = eaptls_get_mtu(esp->es_unit); ++ ++ ets->ctx = eaptls_init_ssl(1, cacertfile, servcertfile, clicertfile, pkfile); ++ if (!ets->ctx) ++ goto fail; ++ ++ if (!(ets->ssl = SSL_new(ets->ctx))) ++ goto fail; ++ ++ /* ++ * Set auto-retry to avoid timeouts on BIO_read ++ */ ++ SSL_set_mode(ets->ssl, SSL_MODE_AUTO_RETRY); ++ ++ /* ++ * Initialize the BIOs we use to read/write to ssl engine ++ */ ++ ets->into_ssl = BIO_new(BIO_s_mem()); ++ ets->from_ssl = BIO_new(BIO_s_mem()); ++ SSL_set_bio(ets->ssl, ets->into_ssl, ets->from_ssl); ++ ++ SSL_set_msg_callback(ets->ssl, ssl_msg_callback); ++ SSL_set_msg_callback_arg(ets->ssl, ets); ++ ++ /* ++ * Attach the session struct to the connection, so we can later ++ * retrieve it when doing certificate verification ++ */ ++ SSL_set_ex_data(ets->ssl, 0, ets); ++ ++ SSL_set_accept_state(ets->ssl); ++ ++ ets->data = NULL; ++ ets->datalen = 0; ++ ets->alert_sent = 0; ++ ets->alert_recv = 0; ++ ++ /* ++ * If we specified the client certificate file, store it in ets->peercertfile, ++ * so we can check it later in ssl_verify_callback() ++ */ ++ if (clicertfile[0]) ++ strncpy(&ets->peercertfile[0], clicertfile, MAXWORDLEN); ++ else ++ ets->peercertfile[0] = 0; ++ ++ return 1; ++ ++fail: ++ SSL_CTX_free(ets->ctx); ++ return 0; ++} ++ ++/* ++ * Init the ssl handshake (client mode) ++ */ ++int eaptls_init_ssl_client(eap_state * esp) ++{ ++ struct eaptls_session *ets; ++ char servcertfile[MAXWORDLEN]; ++ char clicertfile[MAXWORDLEN]; ++ char cacertfile[MAXWORDLEN]; ++ char pkfile[MAXWORDLEN]; ++ ++ /* ++ * Allocate new eaptls session ++ */ ++ esp->es_client.ea_session = malloc(sizeof(struct eaptls_session)); ++ if (!esp->es_client.ea_session) ++ fatal("Allocation error"); ++ ets = esp->es_client.ea_session; ++ ++ /* ++ * If available, copy server name in ets; it will be used in cert ++ * verify ++ */ ++ if (esp->es_client.ea_peer) ++ strncpy(ets->peer, esp->es_client.ea_peer, MAXWORDLEN); ++ else ++ ets->peer[0] = 0; ++ ++ ets->mtu = eaptls_get_mtu(esp->es_unit); ++ ++ dbglog( "calling get_eaptls_secret" ); ++ if (!get_eaptls_secret(esp->es_unit, esp->es_client.ea_name, ++ ets->peer, clicertfile, ++ servcertfile, cacertfile, pkfile, 0)) { ++ error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"", ++ esp->es_client.ea_name, ets->peer ); ++ return 0; ++ } ++ ++ dbglog( "calling eaptls_init_ssl" ); ++ ets->ctx = eaptls_init_ssl(0, cacertfile, clicertfile, servcertfile, pkfile); ++ if (!ets->ctx) ++ goto fail; ++ ++ ets->ssl = SSL_new(ets->ctx); ++ ++ if (!ets->ssl) ++ goto fail; ++ ++ /* ++ * Initialize the BIOs we use to read/write to ssl engine ++ */ ++ dbglog( "Initializing SSL BIOs" ); ++ ets->into_ssl = BIO_new(BIO_s_mem()); ++ ets->from_ssl = BIO_new(BIO_s_mem()); ++ SSL_set_bio(ets->ssl, ets->into_ssl, ets->from_ssl); ++ ++ SSL_set_msg_callback(ets->ssl, ssl_msg_callback); ++ SSL_set_msg_callback_arg(ets->ssl, ets); ++ ++ /* ++ * Attach the session struct to the connection, so we can later ++ * retrieve it when doing certificate verification ++ */ ++ SSL_set_ex_data(ets->ssl, 0, ets); ++ ++ SSL_set_connect_state(ets->ssl); ++ ++ ets->data = NULL; ++ ets->datalen = 0; ++ ets->alert_sent = 0; ++ ets->alert_recv = 0; ++ ++ /* ++ * If we specified the server certificate file, store it in ++ * ets->peercertfile, so we can check it later in ++ * ssl_verify_callback() ++ */ ++ if (servcertfile[0]) ++ strncpy(ets->peercertfile, servcertfile, MAXWORDLEN); ++ else ++ ets->peercertfile[0] = 0; ++ ++ return 1; ++ ++fail: ++ dbglog( "eaptls_init_ssl_client: fail" ); ++ SSL_CTX_free(ets->ctx); ++ return 0; ++ ++} ++ ++void eaptls_free_session(struct eaptls_session *ets) ++{ ++ if (ets->ssl) ++ SSL_free(ets->ssl); ++ ++ if (ets->ctx) ++ SSL_CTX_free(ets->ctx); ++ ++ free(ets); ++} ++ ++/* ++ * Handle a received packet, reassembling fragmented messages and ++ * passing them to the ssl engine ++ */ ++int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len) ++{ ++ u_char flags; ++ u_int tlslen = 0; ++ u_char dummy[65536]; ++ ++ if (len < 1) { ++ warn("EAP-TLS: received no or invalid data"); ++ return 1; ++ } ++ ++ GETCHAR(flags, inp); ++ len--; ++ ++ if (flags & EAP_TLS_FLAGS_LI && len > 4) { ++ /* ++ * LenghtIncluded flag set -> this is the first packet of a message ++ */ ++ ++ /* ++ * the first 4 octets are the length of the EAP-TLS message ++ */ ++ GETLONG(tlslen, inp); ++ len -= 4; ++ ++ if (!ets->data) { ++ ++ if (tlslen > EAP_TLS_MAX_LEN) { ++ error("EAP-TLS: TLS message length > %d, truncated", EAP_TLS_MAX_LEN); ++ tlslen = EAP_TLS_MAX_LEN; ++ } ++ ++ /* ++ * Allocate memory for the whole message ++ */ ++ ets->data = malloc(tlslen); ++ if (!ets->data) ++ fatal("EAP-TLS: allocation error\n"); ++ ++ ets->datalen = 0; ++ ets->tlslen = tlslen; ++ } ++ else ++ warn("EAP-TLS: non-first LI packet? that's odd..."); ++ } ++ else if (!ets->data) { ++ /* ++ * A non fragmented message without LI flag ++ */ ++ ++ ets->data = malloc(len); ++ if (!ets->data) ++ fatal("EAP-TLS: allocation error\n"); ++ ++ ets->datalen = 0; ++ ets->tlslen = len; ++ } ++ ++ if (flags & EAP_TLS_FLAGS_MF) ++ ets->frag = 1; ++ else ++ ets->frag = 0; ++ ++ if (len < 0) { ++ warn("EAP-TLS: received malformed data"); ++ return 1; ++ } ++ ++ if (len + ets->datalen > ets->tlslen) { ++ warn("EAP-TLS: received data > TLS message length"); ++ return 1; ++ } ++ ++ BCOPY(inp, ets->data + ets->datalen, len); ++ ets->datalen += len; ++ ++ if (!ets->frag) { ++ ++ /* ++ * If we have the whole message, pass it to ssl ++ */ ++ ++ if (ets->datalen != ets->tlslen) { ++ warn("EAP-TLS: received data != TLS message length"); ++ return 1; ++ } ++ ++ if (BIO_write(ets->into_ssl, ets->data, ets->datalen) == -1) ++ log_ssl_errors(); ++ ++ SSL_read(ets->ssl, dummy, 65536); ++ ++ free(ets->data); ++ ets->data = NULL; ++ ets->datalen = 0; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Return an eap-tls packet in outp. ++ * A TLS message read from the ssl engine is buffered in ets->data. ++ * At each call we control if there is buffered data and send a ++ * packet of mtu bytes. ++ */ ++int eaptls_send(struct eaptls_session *ets, u_char ** outp) ++{ ++ bool first = 0; ++ int size; ++ u_char fromtls[65536]; ++ int res; ++ u_char *start; ++ ++ start = *outp; ++ ++ if (!ets->data) { ++ ++ if(!ets->alert_sent) ++ SSL_read(ets->ssl, fromtls, 65536); ++ ++ /* ++ * Read from ssl ++ */ ++ if ((res = BIO_read(ets->from_ssl, fromtls, 65536)) == -1) ++ { ++ warn("EAP-TLS send: No data from BIO_read"); ++ return 1; ++ } ++ ++ ets->datalen = res; ++ ++ ets->data = malloc(ets->datalen); ++ BCOPY(fromtls, ets->data, ets->datalen); ++ ++ ets->offset = 0; ++ first = 1; ++ ++ } ++ ++ size = ets->datalen - ets->offset; ++ ++ if (size > ets->mtu) { ++ size = ets->mtu; ++ ets->frag = 1; ++ } else ++ ets->frag = 0; ++ ++ PUTCHAR(EAPT_TLS, *outp); ++ ++ /* ++ * Set right flags and length if necessary ++ */ ++ if (ets->frag && first) { ++ PUTCHAR(EAP_TLS_FLAGS_LI | EAP_TLS_FLAGS_MF, *outp); ++ PUTLONG(ets->datalen, *outp); ++ } else if (ets->frag) { ++ PUTCHAR(EAP_TLS_FLAGS_MF, *outp); ++ } else ++ PUTCHAR(0, *outp); ++ ++ /* ++ * Copy the data in outp ++ */ ++ BCOPY(ets->data + ets->offset, *outp, size); ++ INCPTR(size, *outp); ++ ++ /* ++ * Copy the packet in retransmission buffer ++ */ ++ BCOPY(start, &ets->rtx[0], *outp - start); ++ ets->rtx_len = *outp - start; ++ ++ ets->offset += size; ++ ++ if (ets->offset >= ets->datalen) { ++ ++ /* ++ * The whole message has been sent ++ */ ++ ++ free(ets->data); ++ ets->data = NULL; ++ ets->datalen = 0; ++ ets->offset = 0; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Get the sent packet from the retransmission buffer ++ */ ++void eaptls_retransmit(struct eaptls_session *ets, u_char ** outp) ++{ ++ BCOPY(ets->rtx, *outp, ets->rtx_len); ++ INCPTR(ets->rtx_len, *outp); ++} ++ ++/* ++ * Verify a certificate. ++ * Most of the work (signatures and issuer attributes checking) ++ * is done by ssl; we check the CN in the peer certificate ++ * against the peer name. ++ */ ++int ssl_verify_callback(int ok, X509_STORE_CTX * ctx) ++{ ++ char subject[256]; ++ char cn_str[256]; ++ X509 *peer_cert; ++ int err, depth; ++ SSL *ssl; ++ struct eaptls_session *ets; ++ ++ peer_cert = X509_STORE_CTX_get_current_cert(ctx); ++ err = X509_STORE_CTX_get_error(ctx); ++ depth = X509_STORE_CTX_get_error_depth(ctx); ++ ++ dbglog("certificate verify depth: %d", depth); ++ ++ if (auth_required && !ok) { ++ X509_NAME_oneline(X509_get_subject_name(peer_cert), ++ subject, 256); ++ ++ X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert), ++ NID_commonName, cn_str, 256); ++ ++ dbglog("Certificate verification error:\n depth: %d CN: %s" ++ "\n err: %d (%s)\n", depth, cn_str, err, ++ X509_verify_cert_error_string(err)); ++ ++ return 0; ++ } ++ ++ ssl = X509_STORE_CTX_get_ex_data(ctx, ++ SSL_get_ex_data_X509_STORE_CTX_idx()); ++ ++ ets = (struct eaptls_session *)SSL_get_ex_data(ssl, 0); ++ ++ if (ets == NULL) { ++ error("Error: SSL_get_ex_data returned NULL"); ++ return 0; ++ } ++ ++ log_ssl_errors(); ++ ++ if (!depth) { /* This is the peer certificate */ ++ ++ X509_NAME_oneline(X509_get_subject_name(peer_cert), ++ subject, 256); ++ ++ X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert), ++ NID_commonName, cn_str, 256); ++ ++ /* ++ * If acting as client and the name of the server wasn't specified ++ * explicitely, we can't verify the server authenticity ++ */ ++ if (!ets->peer[0]) { ++ warn("Peer name not specified: no check"); ++ return ok; ++ } ++ ++ /* ++ * Check the CN ++ */ ++ if (strcmp(cn_str, ets->peer)) { ++ error ++ ("Certificate verification error: CN (%s) != peer_name (%s)", ++ cn_str, ets->peer); ++ return 0; ++ } ++ ++ warn("Certificate CN: %s , peer name %s", cn_str, ets->peer); ++ ++ /* ++ * If a peer certificate file was specified, here we check it ++ */ ++ if (ets->peercertfile[0]) { ++ if (ssl_cmp_certs(&ets->peercertfile[0], peer_cert) ++ != 0) { ++ error ++ ("Peer certificate doesn't match stored certificate"); ++ return 0; ++ } ++ } ++ } ++ ++ return ok; ++} ++ ++/* ++ * Compare a certificate with the one stored in a file ++ */ ++int ssl_cmp_certs(char *filename, X509 * a) ++{ ++ X509 *b; ++ int ret; ++ ++ if (!(b = get_X509_from_file(filename))) ++ return 1; ++ ++ ret = X509_cmp(a, b); ++ X509_free(b); ++ ++ return ret; ++ ++} ++ ++X509 *get_X509_from_file(char *filename) ++{ ++ FILE *fp; ++ X509 *ret; ++ ++ if (!(fp = fopen(filename, "r"))) ++ return NULL; ++ ++ ret = PEM_read_X509(fp, NULL, NULL, NULL); ++ ++ fclose(fp); ++ ++ return ret; ++} ++ ++/* ++ * Every sent & received message this callback function is invoked, ++ * so we know when alert messages have arrived or are sent and ++ * we can print debug information about TLS handshake. ++ */ ++void ++ssl_msg_callback(int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL * ssl, void *arg) ++{ ++ char string[256]; ++ struct eaptls_session *ets = (struct eaptls_session *)arg; ++ unsigned char code; ++ const unsigned char*msg = buf; ++ int hvers = msg[1] << 8 | msg[2]; ++ ++ if(write_p) ++ strcpy(string, " -> "); ++ else ++ strcpy(string, " <- "); ++ ++ switch(content_type) { ++ ++ case SSL3_RT_HEADER: ++ strcat(string, "SSL/TLS Header: "); ++ switch(hvers) { ++ case SSL3_VERSION: ++ strcat(string, "SSL 3.0"); ++ break; ++ case TLS1_VERSION: ++ strcat(string, "TLS 1.0"); ++ break; ++ case TLS1_1_VERSION: ++ strcat(string, "TLS 1.1"); ++ break; ++ case TLS1_2_VERSION: ++ strcat(string, "TLS 1.2"); ++ break; ++ default: ++ strcat(string, "Unknown version"); ++ } ++ break; ++ ++ case SSL3_RT_ALERT: ++ strcat(string, "Alert: "); ++ code = msg[1]; ++ ++ if (write_p) { ++ ets->alert_sent = 1; ++ ets->alert_sent_desc = code; ++ } else { ++ ets->alert_recv = 1; ++ ets->alert_recv_desc = code; ++ } ++ ++ strcat(string, SSL_alert_desc_string_long(code)); ++ break; ++ ++ case SSL3_RT_CHANGE_CIPHER_SPEC: ++ strcat(string, "ChangeCipherSpec"); ++ break; ++ ++ case SSL3_RT_HANDSHAKE: ++ ++ strcat(string, "Handshake: "); ++ code = msg[0]; ++ ++ switch(code) { ++ case SSL3_MT_HELLO_REQUEST: ++ strcat(string,"Hello Request"); ++ break; ++ case SSL3_MT_CLIENT_HELLO: ++ strcat(string,"Client Hello"); ++ break; ++ case SSL3_MT_SERVER_HELLO: ++ strcat(string,"Server Hello"); ++ break; ++#ifdef SSL3_MT_NEWSESSION_TICKET ++ case SSL3_MT_NEWSESSION_TICKET: ++ strcat(string,"New Session Ticket"); ++ break; ++#endif ++ case SSL3_MT_CERTIFICATE: ++ strcat(string,"Certificate"); ++ break; ++ case SSL3_MT_SERVER_KEY_EXCHANGE: ++ strcat(string,"Server Key Exchange"); ++ break; ++ case SSL3_MT_CERTIFICATE_REQUEST: ++ strcat(string,"Certificate Request"); ++ break; ++ case SSL3_MT_SERVER_DONE: ++ strcat(string,"Server Hello Done"); ++ break; ++ case SSL3_MT_CERTIFICATE_VERIFY: ++ strcat(string,"Certificate Verify"); ++ break; ++ case SSL3_MT_CLIENT_KEY_EXCHANGE: ++ strcat(string,"Client Key Exchange"); ++ break; ++ case SSL3_MT_FINISHED: ++ strcat(string,"Finished: "); ++ hvers = SSL_version(ssl); ++ switch(hvers) { ++ case SSL3_VERSION: ++ strcat(string, "SSL 3.0"); ++ break; ++ case TLS1_VERSION: ++ strcat(string, "TLS 1.0"); ++ break; ++ case TLS1_1_VERSION: ++ strcat(string, "TLS 1.1"); ++ break; ++ case TLS1_2_VERSION: ++ strcat(string, "TLS 1.2"); ++ break; ++ default: ++ strcat(string, "Unknown version"); ++ } ++ break; ++ default: ++ sprintf( string, "Handshake: Unknown SSL3 code received: %d", code ); ++ } ++ break; ++ ++ default: ++ sprintf( string, "SSL message contains unknown content type: %d", content_type ); ++ ++ } ++ ++ /* Alert messages must always be displayed */ ++ if(content_type == SSL3_RT_ALERT) ++ error("%s", string); ++ else ++ dbglog("%s", string); ++} ++ +--- /dev/null ++++ b/pppd/eap-tls.h +@@ -0,0 +1,107 @@ ++/* ++ * eap-tls.h ++ * ++ * Copyright (c) Beniamino Galvani 2005 All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. The name(s) of the authors of this software must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. ++ * ++ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO ++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY ++ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY ++ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN ++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING ++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * ++ */ ++ ++#ifndef __EAP_TLS_H__ ++#define __EAP_TLS_H__ ++ ++#include "eap.h" ++ ++#include ++#include ++#include ++ ++#define EAP_TLS_FLAGS_LI 128 /* length included flag */ ++#define EAP_TLS_FLAGS_MF 64 /* more fragments flag */ ++#define EAP_TLS_FLAGS_START 32 /* start flag */ ++ ++#define EAP_TLS_MAX_LEN 65536 /* max eap tls packet size */ ++ ++struct eaptls_session ++{ ++ u_char *data; /* buffered data */ ++ int datalen; /* buffered data len */ ++ int offset; /* from where to send */ ++ int tlslen; /* total length of tls data */ ++ bool frag; /* packet is fragmented */ ++ SSL_CTX *ctx; ++ SSL *ssl; /* ssl connection */ ++ BIO *from_ssl; ++ BIO *into_ssl; ++ char peer[MAXWORDLEN]; /* peer name */ ++ char peercertfile[MAXWORDLEN]; ++ bool alert_sent; ++ u_char alert_sent_desc; ++ bool alert_recv; ++ u_char alert_recv_desc; ++ char rtx[65536]; /* retransmission buffer */ ++ int rtx_len; ++ int mtu; /* unit mtu */ ++}; ++ ++typedef struct pw_cb_data ++{ ++ const void *password; ++ const char *prompt_info; ++} PW_CB_DATA; ++ ++ ++int ssl_verify_callback(int, X509_STORE_CTX *); ++void ssl_msg_callback(int write_p, int version, int ct, const void *buf, ++ size_t len, SSL * ssl, void *arg); ++ ++X509 *get_X509_from_file(char *filename); ++int ssl_cmp_certs(char *filename, X509 * a); ++ ++SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, ++ char *certfile, char *peer_certfile, char *privkeyfile); ++int eaptls_init_ssl_server(eap_state * esp); ++int eaptls_init_ssl_client(eap_state * esp); ++void eaptls_free_session(struct eaptls_session *ets); ++ ++int eaptls_receive(struct eaptls_session *ets, u_char * inp, int len); ++int eaptls_send(struct eaptls_session *ets, u_char ** outp); ++void eaptls_retransmit(struct eaptls_session *ets, u_char ** outp); ++ ++int get_eaptls_secret(int unit, char *client, char *server, ++ char *clicertfile, char *servcertfile, char *cacertfile, ++ char *pkfile, int am_server); ++ ++#ifdef MPPE ++#include "mppe.h" /* MPPE_MAX_KEY_LEN */ ++extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; ++extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; ++extern int mppe_keys_set; ++ ++void eaptls_gen_mppe_keys(struct eaptls_session *ets, const char *prf_label, int client); ++ ++#endif ++ ++#endif +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -43,6 +43,11 @@ + * Based on draft-ietf-pppext-eap-srp-03.txt. + */ + ++/* ++ * Modification by Beniamino Galvani, Mar 2005 ++ * Implemented EAP-TLS authentication ++ */ ++ + #define RCSID "$Id: eap.c,v 1.4 2004/11/09 22:39:25 paulus Exp $" + + /* +@@ -62,8 +67,12 @@ + + #include "pppd.h" + #include "pathnames.h" +-#include "md5.h" + #include "eap.h" ++#ifdef USE_EAPTLS ++#include "eap-tls.h" ++#else ++#include "md5.h" ++#endif /* USE_EAPTLS */ + + #ifdef USE_SRP + #include +@@ -209,6 +218,9 @@ + esp->es_server.ea_id = (u_char)(drand48() * 0x100); + esp->es_client.ea_timeout = EAP_DEFREQTIME; + esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ; ++#ifdef USE_EAPTLS ++ esp->es_client.ea_using_eaptls = 0; ++#endif /* USE_EAPTLS */ + } + + /* +@@ -436,8 +448,16 @@ + u_char vals[2]; + struct b64state bs; + #endif /* USE_SRP */ ++#ifdef USE_EAPTLS ++ struct eaptls_session *ets; ++ int secret_len; ++ char secret[MAXWORDLEN]; ++#endif /* USE_EAPTLS */ + + esp->es_server.ea_timeout = esp->es_savedtime; ++#ifdef USE_EAPTLS ++ esp->es_server.ea_prev_state = esp->es_server.ea_state; ++#endif /* USE_EAPTLS */ + switch (esp->es_server.ea_state) { + case eapBadAuth: + return; +@@ -562,9 +582,79 @@ + break; + } + #endif /* USE_SRP */ ++#ifdef USE_EAPTLS ++ if (!get_secret(esp->es_unit, esp->es_server.ea_peer, ++ esp->es_server.ea_name, secret, &secret_len, 1)) { ++ ++ esp->es_server.ea_state = eapTlsStart; ++ break; ++ } ++#endif /* USE_EAPTLS */ ++ + esp->es_server.ea_state = eapMD5Chall; + break; + ++#ifdef USE_EAPTLS ++ case eapTlsStart: ++ /* Initialize ssl session */ ++ if(!eaptls_init_ssl_server(esp)) { ++ esp->es_server.ea_state = eapBadAuth; ++ break; ++ } ++ ++ esp->es_server.ea_state = eapTlsRecv; ++ break; ++ ++ case eapTlsRecv: ++ ets = (struct eaptls_session *) esp->es_server.ea_session; ++ ++ if(ets->alert_sent) { ++ esp->es_server.ea_state = eapTlsSendAlert; ++ break; ++ } ++ ++ if (status) { ++ esp->es_server.ea_state = eapBadAuth; ++ break; ++ } ++ ets = (struct eaptls_session *) esp->es_server.ea_session; ++ ++ if(ets->frag) ++ esp->es_server.ea_state = eapTlsSendAck; ++ else ++ esp->es_server.ea_state = eapTlsSend; ++ break; ++ ++ case eapTlsSend: ++ ets = (struct eaptls_session *) esp->es_server.ea_session; ++ ++ if(ets->frag) ++ esp->es_server.ea_state = eapTlsRecvAck; ++ else ++ if(SSL_is_init_finished(ets->ssl)) ++ esp->es_server.ea_state = eapTlsRecvClient; ++ else ++ esp->es_server.ea_state = eapTlsRecv; ++ break; ++ ++ case eapTlsSendAck: ++ esp->es_server.ea_state = eapTlsRecv; ++ break; ++ ++ case eapTlsRecvAck: ++ if (status) { ++ esp->es_server.ea_state = eapBadAuth; ++ break; ++ } ++ ++ esp->es_server.ea_state = eapTlsSend; ++ break; ++ ++ case eapTlsSendAlert: ++ esp->es_server.ea_state = eapTlsRecvAlertAck; ++ break; ++#endif /* USE_EAPTLS */ ++ + case eapSRP1: + #ifdef USE_SRP + ts = (struct t_server *)esp->es_server.ea_session; +@@ -718,6 +808,30 @@ + INCPTR(esp->es_server.ea_namelen, outp); + break; + ++#ifdef USE_EAPTLS ++ case eapTlsStart: ++ PUTCHAR(EAPT_TLS, outp); ++ PUTCHAR(EAP_TLS_FLAGS_START, outp); ++ eap_figure_next_state(esp, 0); ++ break; ++ ++ case eapTlsSend: ++ eaptls_send(esp->es_server.ea_session, &outp); ++ eap_figure_next_state(esp, 0); ++ break; ++ ++ case eapTlsSendAck: ++ PUTCHAR(EAPT_TLS, outp); ++ PUTCHAR(0, outp); ++ eap_figure_next_state(esp, 0); ++ break; ++ ++ case eapTlsSendAlert: ++ eaptls_send(esp->es_server.ea_session, &outp); ++ eap_figure_next_state(esp, 0); ++ break; ++#endif /* USE_EAPTLS */ ++ + #ifdef USE_SRP + case eapSRP1: + PUTCHAR(EAPT_SRP, outp); +@@ -904,11 +1018,57 @@ + eap_server_timeout(arg) + void *arg; + { ++#ifdef USE_EAPTLS ++ u_char *outp; ++ u_char *lenloc; ++ int outlen; ++#endif /* USE_EAPTLS */ ++ + eap_state *esp = (eap_state *) arg; + + if (!eap_server_active(esp)) + return; + ++#ifdef USE_EAPTLS ++ switch(esp->es_server.ea_prev_state) { ++ ++ /* ++ * In eap-tls the state changes after a request, so we return to ++ * previous state ... ++ */ ++ case(eapTlsStart): ++ case(eapTlsSendAck): ++ esp->es_server.ea_state = esp->es_server.ea_prev_state; ++ break; ++ ++ /* ++ * ... or resend the stored data ++ */ ++ case(eapTlsSend): ++ case(eapTlsSendAlert): ++ outp = outpacket_buf; ++ MAKEHEADER(outp, PPP_EAP); ++ PUTCHAR(EAP_REQUEST, outp); ++ PUTCHAR(esp->es_server.ea_id, outp); ++ lenloc = outp; ++ INCPTR(2, outp); ++ ++ eaptls_retransmit(esp->es_server.ea_session, &outp); ++ ++ outlen = (outp - outpacket_buf) - PPP_HDRLEN; ++ PUTSHORT(outlen, lenloc); ++ output(esp->es_unit, outpacket_buf, outlen + PPP_HDRLEN); ++ esp->es_server.ea_requests++; ++ ++ if (esp->es_server.ea_timeout > 0) ++ TIMEOUT(eap_server_timeout, esp, esp->es_server.ea_timeout); ++ ++ return; ++ default: ++ break; ++ } ++#endif /* USE_EAPTLS */ ++ + /* EAP ID number must not change on timeout. */ + eap_send_request(esp); + } +@@ -1166,6 +1326,81 @@ + } + #endif /* USE_SRP */ + ++#ifdef USE_EAPTLS ++/* ++ * Send an EAP-TLS response message with tls data ++ */ ++static void ++eap_tls_response(esp, id) ++eap_state *esp; ++u_char id; ++{ ++ u_char *outp; ++ int outlen; ++ u_char *lenloc; ++ ++ outp = outpacket_buf; ++ ++ MAKEHEADER(outp, PPP_EAP); ++ ++ PUTCHAR(EAP_RESPONSE, outp); ++ PUTCHAR(id, outp); ++ ++ lenloc = outp; ++ INCPTR(2, outp); ++ ++ /* ++ If the id in the request is unchanged, we must retransmit ++ the old data ++ */ ++ if(id == esp->es_client.ea_id) ++ eaptls_retransmit(esp->es_client.ea_session, &outp); ++ else ++ eaptls_send(esp->es_client.ea_session, &outp); ++ ++ outlen = (outp - outpacket_buf) - PPP_HDRLEN; ++ PUTSHORT(outlen, lenloc); ++ ++ output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen); ++ ++ esp->es_client.ea_id = id; ++ ++} ++ ++/* ++ * Send an EAP-TLS ack ++ */ ++static void ++eap_tls_sendack(esp, id) ++eap_state *esp; ++u_char id; ++{ ++ u_char *outp; ++ int outlen; ++ u_char *lenloc; ++ ++ outp = outpacket_buf; ++ ++ MAKEHEADER(outp, PPP_EAP); ++ ++ PUTCHAR(EAP_RESPONSE, outp); ++ PUTCHAR(id, outp); ++ esp->es_client.ea_id = id; ++ ++ lenloc = outp; ++ INCPTR(2, outp); ++ ++ PUTCHAR(EAPT_TLS, outp); ++ PUTCHAR(0, outp); ++ ++ outlen = (outp - outpacket_buf) - PPP_HDRLEN; ++ PUTSHORT(outlen, lenloc); ++ ++ output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen); ++ ++} ++#endif /* USE_EAPTLS */ ++ + static void + eap_send_nak(esp, id, type) + eap_state *esp; +@@ -1320,6 +1555,11 @@ + char rhostname[256]; + MD5_CTX mdContext; + u_char hash[MD5_SIGNATURE_SIZE]; ++#ifdef USE_EAPTLS ++ u_char flags; ++ struct eaptls_session *ets = esp->es_client.ea_session; ++#endif /* USE_EAPTLS */ ++ + #ifdef USE_SRP + struct t_client *tc; + struct t_num sval, gval, Nval, *Ap, Bval; +@@ -1456,6 +1696,100 @@ + esp->es_client.ea_namelen); + break; + ++#ifdef USE_EAPTLS ++ case EAPT_TLS: ++ ++ switch(esp->es_client.ea_state) { ++ ++ case eapListen: ++ ++ if (len < 1) { ++ error("EAP: received EAP-TLS Listen packet with no data"); ++ /* Bogus request; wait for something real. */ ++ return; ++ } ++ GETCHAR(flags, inp); ++ if(flags & EAP_TLS_FLAGS_START){ ++ ++ esp->es_client.ea_using_eaptls = 1; ++ ++ if (explicit_remote){ ++ esp->es_client.ea_peer = strdup(remote_name); ++ esp->es_client.ea_peerlen = strlen(remote_name); ++ } else ++ esp->es_client.ea_peer = NULL; ++ ++ /* Init ssl session */ ++ if(!eaptls_init_ssl_client(esp)) { ++ dbglog("cannot init ssl"); ++ eap_send_nak(esp, id, EAPT_TLS); ++ esp->es_client.ea_using_eaptls = 0; ++ break; ++ } ++ ++ ets = esp->es_client.ea_session; ++ eap_tls_response(esp, id); ++ esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : ++ eapTlsRecv); ++ break; ++ } ++ ++ /* The server has sent a bad start packet. */ ++ eap_send_nak(esp, id, EAPT_TLS); ++ break; ++ ++ case eapTlsRecvAck: ++ eap_tls_response(esp, id); ++ esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : ++ eapTlsRecv); ++ break; ++ ++ case eapTlsRecv: ++ if (len < 1) { ++ error("EAP: discarding EAP-TLS Receive packet with no data"); ++ /* Bogus request; wait for something real. */ ++ return; ++ } ++ eaptls_receive(ets, inp, len); ++ ++ if(ets->frag) { ++ eap_tls_sendack(esp, id); ++ esp->es_client.ea_state = eapTlsRecv; ++ break; ++ } ++ ++ if(ets->alert_recv) { ++ eap_tls_sendack(esp, id); ++ esp->es_client.ea_state = eapTlsRecvFailure; ++ break; ++ } ++ ++ /* Check if TLS handshake is finished */ ++ if(SSL_is_init_finished(ets->ssl)){ ++#ifdef MPPE ++ eaptls_gen_mppe_keys( ets, "client EAP encryption", 1 ); ++#endif ++ eaptls_free_session(ets); ++ eap_tls_sendack(esp, id); ++ esp->es_client.ea_state = eapTlsRecvSuccess; ++ break; ++ } ++ ++ eap_tls_response(esp,id); ++ esp->es_client.ea_state = (ets->frag ? eapTlsRecvAck : ++ eapTlsRecv); ++ ++ break; ++ ++ default: ++ eap_send_nak(esp, id, EAPT_TLS); ++ esp->es_client.ea_using_eaptls = 0; ++ break; ++ } ++ ++ break; ++#endif /* USE_EAPTLS */ ++ + #ifdef USE_SRP + case EAPT_SRP: + if (len < 1) { +@@ -1737,6 +2071,11 @@ + u_char dig[SHA_DIGESTSIZE]; + #endif /* USE_SRP */ + ++#ifdef USE_EAPTLS ++ struct eaptls_session *ets; ++ u_char flags; ++#endif /* USE_EAPTLS */ ++ + if (esp->es_server.ea_id != id) { + dbglog("EAP: discarding Response %d; expected ID %d", id, + esp->es_server.ea_id); +@@ -1776,6 +2115,64 @@ + eap_figure_next_state(esp, 0); + break; + ++#ifdef USE_EAPTLS ++ case EAPT_TLS: ++ switch(esp->es_server.ea_state) { ++ ++ case eapTlsRecv: ++ ++ ets = (struct eaptls_session *) esp->es_server.ea_session; ++ eap_figure_next_state(esp, ++ eaptls_receive(esp->es_server.ea_session, inp, len)); ++ ++ if(ets->alert_recv) { ++ eap_send_failure(esp); ++ break; ++ } ++ break; ++ ++ case eapTlsRecvAck: ++ if(len > 1) { ++ dbglog("EAP-TLS ACK with extra data"); ++ } ++ eap_figure_next_state(esp, 0); ++ break; ++ ++ case eapTlsRecvClient: ++ /* Receive authentication response from client */ ++ ++ if (len > 0) { ++ GETCHAR(flags, inp); ++ ++ if(len == 1 && !flags) { /* Ack = ok */ ++#ifdef MPPE ++ eaptls_gen_mppe_keys( esp->es_server.ea_session, "client EAP encryption", 0 ); ++#endif ++ eap_send_success(esp); ++ } ++ else { /* failure */ ++ warn("Server authentication failed"); ++ eap_send_failure(esp); ++ } ++ } ++ else ++ warn("Bogus EAP-TLS packet received from client"); ++ ++ eaptls_free_session(esp->es_server.ea_session); ++ ++ break; ++ ++ case eapTlsRecvAlertAck: ++ eap_send_failure(esp); ++ break; ++ ++ default: ++ eap_figure_next_state(esp, 1); ++ break; ++ } ++ break; ++#endif /* USE_EAPTLS */ ++ + case EAPT_NOTIFICATION: + dbglog("EAP unexpected Notification; response discarded"); + break; +@@ -1807,6 +2204,13 @@ + esp->es_server.ea_state = eapMD5Chall; + break; + ++#ifdef USE_EAPTLS ++ /* Send EAP-TLS start packet */ ++ case EAPT_TLS: ++ esp->es_server.ea_state = eapTlsStart; ++ break; ++#endif /* USE_EAPTLS */ ++ + default: + dbglog("EAP: peer requesting unknown Type %d", vallen); + switch (esp->es_server.ea_state) { +@@ -2018,13 +2422,27 @@ + int id; + int len; + { +- if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp)) { ++ if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp) ++#ifdef USE_EAPTLS ++ && esp->es_client.ea_state != eapTlsRecvSuccess ++#endif /* USE_EAPTLS */ ++ ) { + dbglog("EAP unexpected success message in state %s (%d)", + eap_state_name(esp->es_client.ea_state), + esp->es_client.ea_state); + return; + } + ++#ifdef USE_EAPTLS ++ if(esp->es_client.ea_using_eaptls && esp->es_client.ea_state != ++ eapTlsRecvSuccess) { ++ dbglog("EAP-TLS unexpected success message in state %s (%d)", ++ eap_state_name(esp->es_client.ea_state), ++ esp->es_client.ea_state); ++ return; ++ } ++#endif /* USE_EAPTLS */ ++ + if (esp->es_client.ea_timeout > 0) { + UNTIMEOUT(eap_client_timeout, (void *)esp); + } +@@ -2150,6 +2568,9 @@ + int code, id, len, rtype, vallen; + u_char *pstart; + u_int32_t uval; ++#ifdef USE_EAPTLS ++ u_char flags; ++#endif /* USE_EAPTLS */ + + if (inlen < EAP_HEADERLEN) + return (0); +@@ -2214,6 +2635,24 @@ + } + break; + ++#ifdef USE_EAPTLS ++ case EAPT_TLS: ++ if (len < 1) ++ break; ++ GETCHAR(flags, inp); ++ len--; ++ ++ if(flags == 0 && len == 0){ ++ printer(arg, " Ack"); ++ break; ++ } ++ ++ printer(arg, flags & EAP_TLS_FLAGS_LI ? " L":" -"); ++ printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-"); ++ printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- "); ++ break; ++#endif /* USE_EAPTLS */ ++ + case EAPT_SRP: + if (len < 3) + goto truncated; +@@ -2325,6 +2764,25 @@ + } + break; + ++#ifdef USE_EAPTLS ++ case EAPT_TLS: ++ if (len < 1) ++ break; ++ GETCHAR(flags, inp); ++ len--; ++ ++ if(flags == 0 && len == 0){ ++ printer(arg, " Ack"); ++ break; ++ } ++ ++ printer(arg, flags & EAP_TLS_FLAGS_LI ? " L":" -"); ++ printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-"); ++ printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- "); ++ ++ break; ++#endif /* USE_EAPTLS */ ++ + case EAPT_NAK: + if (len <= 0) { + printer(arg, " "); +@@ -2426,3 +2884,4 @@ + + return (inp - pstart); + } ++ +--- a/pppd/eap.h ++++ b/pppd/eap.h +@@ -84,6 +84,16 @@ + eapClosed, /* Authentication not in use */ + eapListen, /* Client ready (and timer running) */ + eapIdentify, /* EAP Identify sent */ ++ eapTlsStart, /* Send EAP-TLS start packet */ ++ eapTlsRecv, /* Receive EAP-TLS tls data */ ++ eapTlsSendAck, /* Send EAP-TLS ack */ ++ eapTlsSend, /* Send EAP-TLS tls data */ ++ eapTlsRecvAck, /* Receive EAP-TLS ack */ ++ eapTlsRecvClient, /* Receive EAP-TLS auth response from client*/ ++ eapTlsSendAlert, /* Send EAP-TLS tls alert (server)*/ ++ eapTlsRecvAlertAck, /* Receive EAP-TLS ack after sending alert */ ++ eapTlsRecvSuccess, /* Receive EAP success */ ++ eapTlsRecvFailure, /* Receive EAP failure */ + eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */ + eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */ + eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */ +@@ -95,9 +105,18 @@ + + #define EAP_STATES \ + "Initial", "Pending", "Closed", "Listen", "Identify", \ ++ "TlsStart", "TlsRecv", "TlsSendAck", "TlsSend", "TlsRecvAck", "TlsRecvClient",\ ++ "TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \ + "SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth" + +-#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) ++#ifdef USE_EAPTLS ++#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\ ++ (esp)->es_client.ea_state != eapPending &&\ ++ (esp)->es_client.ea_state != eapClosed) ++#else ++#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) ++#endif /* USE_EAPTLS */ ++ + #define eap_server_active(esp) \ + ((esp)->es_server.ea_state >= eapIdentify && \ + (esp)->es_server.ea_state <= eapMD5Chall) +@@ -112,11 +131,17 @@ + u_short ea_namelen; /* Length of our name */ + u_short ea_peerlen; /* Length of peer's name */ + enum eap_state_code ea_state; ++#ifdef USE_EAPTLS ++ enum eap_state_code ea_prev_state; ++#endif + u_char ea_id; /* Current id */ + u_char ea_requests; /* Number of Requests sent/received */ + u_char ea_responses; /* Number of Responses */ + u_char ea_type; /* One of EAPT_* */ + u_int32_t ea_keyflags; /* SRP shared key usage flags */ ++#ifdef USE_EAPTLS ++ bool ea_using_eaptls; ++#endif + }; + + /* +@@ -139,7 +164,12 @@ + * Timeouts. + */ + #define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */ ++#ifdef USE_EAPTLS ++#define EAP_DEFTRANSMITS 30 /* max # times to transmit */ ++ /* certificates can be long ... */ ++#else + #define EAP_DEFTRANSMITS 10 /* max # times to transmit */ ++#endif /* USE_EAPTLS */ + #define EAP_DEFREQTIME 20 /* Time to wait for peer request */ + #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ + +--- a/pppd/md5.c ++++ b/pppd/md5.c +@@ -33,6 +33,8 @@ + *********************************************************************** + */ + ++#ifndef USE_EAPTLS ++ + #include + #include "md5.h" + +@@ -305,3 +307,5 @@ + ** End of md5.c ** + ******************************** (cut) ******************************** + */ ++#endif /* USE_EAPTLS */ ++ +--- a/pppd/md5.h ++++ b/pppd/md5.h +@@ -36,6 +36,7 @@ + ** documentation and/or software. ** + *********************************************************************** + */ ++#ifndef USE_EAPTLS + + #ifndef __MD5_INCLUDE__ + +@@ -63,3 +64,5 @@ + + #define __MD5_INCLUDE__ + #endif /* __MD5_INCLUDE__ */ ++ ++#endif /* USE_EAPTLS */ +--- a/pppd/pathnames.h ++++ b/pppd/pathnames.h +@@ -21,6 +21,13 @@ + #define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" + #define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" + #define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets" ++ ++#ifdef USE_EAPTLS ++#define _PATH_EAPTLSCLIFILE _ROOT_PATH "/etc/ppp/eaptls-client" ++#define _PATH_EAPTLSSERVFILE _ROOT_PATH "/etc/ppp/eaptls-server" ++#define _PATH_OPENSSLCONFFILE _ROOT_PATH "/etc/ppp/openssl.cnf" ++#endif /* USE_EAPTLS */ ++ + #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" + #define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" + #define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -4,6 +4,9 @@ + LDFLAGS = $(LDOPTS) + INSTALL = install + ++# EAP-TLS ++CFLAGS += -DUSE_EAPTLS=1 ++ + DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 +--- a/pppd/plugins/passprompt.c ++++ b/pppd/plugins/passprompt.c +@@ -107,4 +107,7 @@ + { + add_options(options); + pap_passwd_hook = promptpass; ++#ifdef USE_EAPTLS ++ eaptls_passwd_hook = promptpass; ++#endif + } +--- a/pppd/plugins/passwordfd.c ++++ b/pppd/plugins/passwordfd.c +@@ -79,4 +79,8 @@ + + chap_check_hook = pwfd_check; + chap_passwd_hook = pwfd_passwd; ++ ++#ifdef USE_EAPTLS ++ eaptls_passwd_hook = pwfd_passwd; ++#endif + } +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -253,6 +253,12 @@ + compression in the corresponding direction. Use \fInobsdcomp\fR or + \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. + .TP ++.B ca \fIca-file ++(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority ++(CA) file (in PEM format), needed for setting up an EAP-TLS connection. ++This option is used on the client-side in conjunction with the \fBcert\fR ++and \fBkey\fR options. ++.TP + .B cdtrcts + Use a non-standard hardware flow control (i.e. DTR/CTS) to control + the flow of data on the serial port. If neither the \fIcrtscts\fR, +@@ -264,6 +270,12 @@ + bi-directional flow control. The sacrifice is that this flow + control mode does not permit using DTR as a modem control line. + .TP ++.B cert \fIcertfile ++(EAP-TLS) Use the file \fIcertfile\fR as the X.509 certificate (in PEM ++format), needed for setting up an EAP-TLS connection. This option is ++used on the client-side in conjunction with the \fBca\fR and ++\fBkey\fR options. ++.TP + .B chap\-interval \fIn + If this option is given, pppd will rechallenge the peer every \fIn\fR + seconds. +@@ -292,6 +304,18 @@ + 1000 (1 second). This wait period only applies if the \fBconnect\fR + or \fBpty\fR option is used. + .TP ++.B crl \fIfilename ++(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List ++to check for the validity of the peer's certificate. This option is not ++mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR ++option. ++.TP ++.B crl-dir \fIdirectory ++(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in ++has format ($hash.r0) to check for the validity of the peer's certificate. ++This option is not mandatory for setting up an EAP-TLS connection. ++Also see the \fBcrl\fR option. ++.TP + .B debug + Enables connection debugging facilities. + If this option is given, pppd will log the contents of all +@@ -561,6 +585,12 @@ + the kernel are logged by syslog(1) to a file as directed in the + /etc/syslog.conf configuration file. + .TP ++.B key \fIkeyfile ++(EAP-TLS) Use the file \fIkeyfile\fR as the private key file (in PEM ++format), needed for setting up an EAP-TLS connection. This option is ++used on the client-side in conjunction with the \fBca\fR and ++\fBcert\fR options. ++.TP + .B ktune + Enables pppd to alter kernel settings as appropriate. Under Linux, + pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward +@@ -724,6 +754,9 @@ + Disable Address/Control compression in both directions (send and + receive). + .TP ++.B need-peer-eap ++(EAP-TLS) Require the peer to verify our authentication credentials. ++.TP + .B noauth + Do not require the peer to authenticate itself. This option is + privileged. +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -338,6 +338,11 @@ + extern bool dryrun; /* check everything, print options, exit */ + extern int child_wait; /* # seconds to wait for children at end */ + ++#ifdef USE_EAPTLS ++extern char *crl_dir; ++extern char *crl_file; ++#endif /* USE_EAPTLS */ ++ + #ifdef MAXOCTETS + extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ + extern int maxoctets_dir; /* Direction : +@@ -758,6 +763,10 @@ + extern int (*chap_passwd_hook) __P((char *user, char *passwd)); + extern void (*multilink_join_hook) __P((void)); + ++#ifdef USE_EAPTLS ++extern int (*eaptls_passwd_hook) __P((char *user, char *passwd)); ++#endif ++ + /* Let a plugin snoop sent and received packets. Useful for L2TP */ + extern void (*snoop_recv_hook) __P((unsigned char *p, int len)); + extern void (*snoop_send_hook) __P((unsigned char *p, int len)); diff --git a/debian/patches/fix_linkpidfile b/debian/patches/fix_linkpidfile new file mode 100644 index 0000000..76b0ac5 --- /dev/null +++ b/debian/patches/fix_linkpidfile @@ -0,0 +1,39 @@ +make sure that the linkpidfile is always created + +Subject: Bug#284382: ppp: linkpidfile is not created upon detachment +From: + +Package: ppp +Version: 2.4.2+20040428-2 +Severity: wishlist + +When pppd detaches from the parent normally, that is, without nodetach +or updetach set, the linkpidfile is not created even when linkname is +set. + +This is because the create_linkpidfile call in detach() is only made +if the linkpidfile is filled in. However, linkpidfile is never filled +in until create_linkpidfile has been called. + +IMHO the call should be made uncondtionally in detach() since +create_linkpidfile does its own check on linkname anyway. + +Please note that the version of pppd in woody always wrote the +linkpidfile after detaching. It did so in main() however. That +call has now been removed which is why I'm seeing this problem. + +[...] + +-- +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -770,8 +770,7 @@ detach() + /* update pid files if they have been written already */ + if (pidfilename[0]) + create_pidfile(pid); +- if (linkpidfile[0]) +- create_linkpidfile(pid); ++ create_linkpidfile(pid); + exit(0); /* parent dies */ + } + setsid(); diff --git a/debian/patches/glibc-2.28.patch b/debian/patches/glibc-2.28.patch new file mode 100644 index 0000000..f6a6570 --- /dev/null +++ b/debian/patches/glibc-2.28.patch @@ -0,0 +1,107 @@ +From 3c7b86229f7bd2600d74db14b1fe5b3896be3875 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= +Date: Fri, 6 Apr 2018 14:27:18 +0200 +Subject: [PATCH] pppd: Use openssl for the DES instead of the libcrypt / glibc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875] + +It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped +libcrypt. The libxcrypt standalone package can be used instead, but +it dropped the old setkey/encrypt API which ppp uses for DES. There +is support for using openssl in pppcrypt.c, but it contains typos +preventing it from compiling and seems to be written for an ancient +openssl version. + +This updates the code to use current openssl. + +[paulus@ozlabs.org - wrote the commit description, fixed comment in + Makefile.linux.] + +Signed-off-by: Jaroslav Škarvada +Signed-off-by: Paul Mackerras +--- + pppd/Makefile.linux | 7 ++++--- + pppd/pppcrypt.c | 18 +++++++++--------- + 2 files changed, 13 insertions(+), 12 deletions(-) +--- ppp-2.4.7.orig/pppd/Makefile.linux ++++ ppp-2.4.7/pppd/Makefile.linux +@@ -35,10 +35,10 @@ endif + COPTS = -O2 -pipe -Wall -g + LIBS = -lcrypto + +-# Uncomment the next 2 lines to include support for Microsoft's ++# Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. + CHAPMS=y +-USE_CRYPT=y ++#USE_CRYPT=y + # Don't use MSLANMAN unless you really know what you're doing. + #MSLANMAN=y + # Uncomment the next line to include support for MPPE. CHAPMS (above) must +@@ -142,7 +142,8 @@ endif + + ifdef NEEDDES + ifndef USE_CRYPT +-LIBS += -ldes $(LIBS) ++CFLAGS += -I/usr/include/openssl ++LIBS += -lcrypto + else + CFLAGS += -DUSE_CRYPT=1 + endif +--- ppp-2.4.7.orig/pppd/pppcrypt.c ++++ ppp-2.4.7/pppd/pppcrypt.c +@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w + des_key[7] = Get7Bits(key, 49); + + #ifndef USE_CRYPT +- des_set_odd_parity((des_cblock *)des_key); ++ DES_set_odd_parity((DES_cblock *)des_key); + #endif + } + +@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ + } + + #else /* USE_CRYPT */ +-static des_key_schedule key_schedule; ++static DES_key_schedule key_schedule; + + bool + DesSetkey(key) + u_char *key; + { +- des_cblock des_key; ++ DES_cblock des_key; + MakeKey(key, des_key); +- des_set_key(&des_key, key_schedule); ++ DES_set_key(&des_key, &key_schedule); + return (1); + } + + bool +-DesEncrypt(clear, key, cipher) ++DesEncrypt(clear, cipher) + u_char *clear; /* IN 8 octets */ + u_char *cipher; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, +- key_schedule, 1); ++ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, ++ &key_schedule, 1); + return (1); + } + +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) + u_char *cipher; /* IN 8 octets */ + u_char *clear; /* OUT 8 octets */ + { +- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear, +- key_schedule, 0); ++ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, ++ &key_schedule, 0); + return (1); + } + diff --git a/debian/patches/ipv6-accept-remote b/debian/patches/ipv6-accept-remote new file mode 100644 index 0000000..98a0f3b --- /dev/null +++ b/debian/patches/ipv6-accept-remote @@ -0,0 +1,54 @@ +--- a/pppd/ipv6cp.c ++++ b/pppd/ipv6cp.c +@@ -234,6 +234,8 @@ static option_t ipv6cp_option_list[] = { + + { "ipv6cp-accept-local", o_bool, &ipv6cp_allowoptions[0].accept_local, + "Accept peer's interface identifier for us", 1 }, ++ { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote, ++ "Accept peer's interface identifier for itself", 1 }, + + { "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip, + "Use (default) IPv4 address as interface identifier", 1 }, +@@ -426,6 +428,7 @@ ipv6cp_init(unit) + memset(ao, 0, sizeof(*ao)); + + wo->accept_local = 1; ++ wo->accept_remote = 1; + wo->neg_ifaceid = 1; + ao->neg_ifaceid = 1; + +@@ -951,7 +954,7 @@ ipv6cp_reqci(f, inp, len, reject_if_disa + orc = CONFREJ; /* Reject CI */ + break; + } +- if (!eui64_iszero(wo->hisid) && ++ if (!eui64_iszero(wo->hisid) && !wo->accept_remote && + !eui64_equals(ifaceid, wo->hisid) && + eui64_iszero(go->hisid)) { + +--- a/pppd/ipv6cp.h ++++ b/pppd/ipv6cp.h +@@ -150,7 +150,8 @@ + typedef struct ipv6cp_options { + int neg_ifaceid; /* Negotiate interface identifier? */ + int req_ifaceid; /* Ask peer to send interface identifier? */ +- int accept_local; /* accept peer's value for iface id? */ ++ int accept_local; /* accept peer's value for our iface id? */ ++ int accept_remote; /* accept peer's value for his iface id? */ + int opt_local; /* ourtoken set by option */ + int opt_remote; /* histoken set by option */ + int use_ip; /* use IP as interface identifier */ +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -462,6 +462,11 @@ With this option, pppd will accept the p + interface identifier, even if the local IPv6 interface identifier + was specified in an option. + .TP ++.B ipv6cp\-accept\-remote ++With this option, pppd will accept the peer's idea of its (remote) ++IPv6 interface identifier, even if the remote IPv6 interface ++identifier was specified in an option. ++.TP + .B ipv6cp\-max\-configure \fIn + Set the maximum number of IPv6CP configure-request transmissions to + \fIn\fR (default 10). diff --git a/debian/patches/load_ppp_generic_if_needed b/debian/patches/load_ppp_generic_if_needed new file mode 100644 index 0000000..1e39ae6 --- /dev/null +++ b/debian/patches/load_ppp_generic_if_needed @@ -0,0 +1,68 @@ +From 053fa32a9ccd0ac1fbbda50db7aff7fdae18652a Mon Sep 17 00:00:00 2001 +From: Alexander Sack +Date: Thu, 18 Dec 2008 05:33:13 +0100 +Subject: [PATCH] port: ppp-2.4.4rel/debian/patches/load_ppp_generic_if_needed + +--- + pppd/sys-linux.c | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 files changed, 41 insertions(+), 0 deletions(-) + +Index: ppp-2.4.7-2+4ubuntu1/pppd/sys-linux.c +=================================================================== +--- ppp-2.4.7-2+4ubuntu1.orig/pppd/sys-linux.c ++++ ppp-2.4.7-2+4ubuntu1/pppd/sys-linux.c +@@ -92,6 +92,7 @@ + #include + #include + #include ++#include + + /* This is in netdevice.h. However, this compile will fail miserably if + you attempt to include netdevice.h because it has so many references +@@ -2126,6 +2127,46 @@ + + if (kernel_version >= KVERSION(2,3,13)) { + error("Couldn't open the /dev/ppp device: %m"); ++ char modprobePath[PATH_MAX] = ""; ++ int status, p, count; ++ pid_t pid; ++ ++ fd = open("/proc/sys/kernel/modprobe", O_RDONLY); ++ if (fd >= 0) { ++ int count = read(fd, modprobePath, PATH_MAX - 1); ++ if (count < 1) ++ modprobePath[0] = 0; ++ else if (modprobePath[count - 1] == '\n') ++ modprobePath[count - 1] = 0; ++ close(fd); ++ } ++ ++ if (modprobePath[0] == 0) ++ strcpy(modprobePath, "/sbin/modprobe"); ++ ++ switch (pid = fork()) { ++ case 0: /* child */ ++ setenv("PATH", "/sbin", 1); ++ status = execl(modprobePath, "modprobe", "ppp_generic", NULL); ++ case -1: /* couldn't fork */ ++ errno = ENOENT; ++ default: /* parent */ ++ do ++ p = waitpid(pid, &status, 0); ++ while (p == -1 && count++ < 4); ++ ++ sleep (5); ++ ++ } ++ ++ if ((fd = open("/dev/ppp", O_RDWR)) >= 0) { ++ new_style_driver = 1; ++ driver_version = 2; ++ driver_modification = 4; ++ driver_patch = 0; ++ close(fd); ++ return 1; ++ } + if (errno == ENOENT) + no_ppp_msg = + "You need to create the /dev/ppp device node by\n" diff --git a/debian/patches/makefiles_cleanup b/debian/patches/makefiles_cleanup new file mode 100644 index 0000000..0d8ac44 --- /dev/null +++ b/debian/patches/makefiles_cleanup @@ -0,0 +1,260 @@ +Makefiles cleanup + +Factor-out $COPTS and $LDOPTS to allow distributions to easily override +them. Properly use $LDFLAGS when linking and $CFLAGS when compiling. +Do not strip the installed binaries: this should be done by the +packaging system if required. + +--- a/chat/Makefile.linux ++++ b/chat/Makefile.linux +@@ -12,20 +12,21 @@ + + COPTS= -O2 -g -pipe + CFLAGS= $(COPTS) $(CDEFS) ++LDFLAGS=$(LDOPTS) + + INSTALL= install + + all: chat + + chat: chat.o +- $(CC) -o chat chat.o ++ $(CC) $(LDFLAGS) -o chat chat.o + + chat.o: chat.c + $(CC) -c $(CFLAGS) -o chat.o chat.c + + install: chat + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c chat $(BINDIR) ++ $(INSTALL) -c chat $(BINDIR) + $(INSTALL) -c -m 644 chat.8 $(MANDIR) + + clean: +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -1,7 +1,7 @@ + #CC = gcc + COPTS = -O2 -g + CFLAGS = $(COPTS) -I.. -I../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = $(LDOPTS) + INSTALL = install + + DESTDIR = $(INSTROOT)@DESTDIR@ +@@ -30,7 +30,7 @@ + for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit $$?; done + + %.so: %.c +- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^ ++ $(CC) -o $@ $(LDFLAGS) -shared $(CFLAGS) $^ + + VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h) + +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -1,7 +1,7 @@ + #CC = gcc + COPTS = -O2 -g + CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = $(LDOPTS) + INSTALL = install + + #*********************************************************************** +@@ -33,7 +33,7 @@ + all: $(PLUGIN) + + $(PLUGIN): $(PLUGIN_OBJS) +- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) ++ $(CC) $(LDFLAGS) -o $@ -shared $^ $(LIBS) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +--- a/pppd/plugins/pppol2tp/Makefile.linux ++++ b/pppd/plugins/pppol2tp/Makefile.linux +@@ -1,7 +1,7 @@ + #CC = gcc + COPTS = -O2 -g + CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC +-LDFLAGS = -shared ++LDFLAGS = $(LDOPTS) + INSTALL = install + + #*********************************************************************** +@@ -16,7 +16,7 @@ + all: $(PLUGINS) + + %.so: %.o +- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS) ++ $(CC) $(LDFLAGS) -o $@ -shared $^ $(LIBS) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,9 @@ + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++COPTS=-g -O2 ++CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++LDFLAGS= $(LDOPTS) + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +@@ -36,20 +38,20 @@ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radius.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) + $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) + $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) + + radius.so: radius.o libradiusclient.a +- $(CC) -o radius.so -shared radius.o libradiusclient.a ++ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a + + radattr.so: radattr.o +- $(CC) -o radattr.so -shared radattr.o ++ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o + + radrealms.so: radrealms.o +- $(CC) -o radrealms.so -shared radrealms.o ++ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o + + CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ + clientid.o sendserver.o lock.o util.o md5.o +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -27,10 +27,12 @@ + + COPTS=-O2 -g + CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"' ++LDFLAGS=$(LDOPTS) ++ + all: rp-pppoe.so pppoe-discovery + + pppoe-discovery: pppoe-discovery.o debug.o +- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o ++ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o + + pppoe-discovery.o: pppoe-discovery.c + $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c +@@ -39,13 +41,13 @@ + $(CC) $(CFLAGS) -c -o debug.o debug.c + + rp-pppoe.so: plugin.o discovery.o if.o common.o +- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o ++ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared $^ + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) ++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) + $(INSTALL) -d -m 755 $(BINDIR) +- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) + + clean: + rm -f *.o *.so pppoe-discovery +--- a/pppstats/Makefile.linux ++++ b/pppstats/Makefile.linux +@@ -10,23 +10,24 @@ + PPPSTATOBJS = pppstats.o + + #CC = gcc +-COPTS = -O ++COPTS = -O2 -g + COMPILE_FLAGS = -I../include + LIBS = + + INSTALL= install + + CFLAGS = $(COPTS) $(COMPILE_FLAGS) ++LDFLAGS= $(LDOPTS) + + all: pppstats + + install: pppstats + -mkdir -p $(MANDIR) +- $(INSTALL) -s -c pppstats $(BINDIR) ++ $(INSTALL) -c pppstats $(BINDIR) + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) + + pppstats: $(PPPSTATSRCS) +- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS) ++ $(CC) $(LDFLAGS) $(CFLAGS) -o pppstats pppstats.c $(LIBS) + + clean: + rm -f pppstats *~ #* core +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,7 +2,10 @@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++COPTS=-O2 -g ++CFLAGS= $(COPTS) -I../include/net ++LDFLAGS=$(LDOPTS) ++ + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install +@@ -10,12 +13,12 @@ + all: pppdump + + pppdump: $(OBJS) +- $(CC) -o pppdump $(OBJS) ++ $(CC) $(LDFLAGS) -o pppdump $(OBJS) + + clean: + rm -f pppdump $(OBJS) *~ + + install: + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c pppdump $(BINDIR) ++ $(INSTALL) -c pppdump $(BINDIR) + $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -83,6 +83,7 @@ + COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP + + CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' ++LDFLAGS=$(LDOPTS) + + ifdef CHAPMS + CFLAGS += -DCHAPMS=1 +@@ -102,7 +103,7 @@ + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include + LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto + TARGETS += srp-entry +-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry ++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry + MANPAGES += srp-entry.8 + EXTRACLEAN += srp-entry.o + NEEDDES=y +@@ -208,13 +209,13 @@ + install: pppd + mkdir -p $(BINDIR) $(MANDIR) + $(EXTRAINSTALL) +- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd ++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd + if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ + chmod o-rx,u+s $(BINDIR)/pppd; fi + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) + + pppd: $(PPPDOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) ++ $(CC) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) + + srp-entry: srp-entry.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) diff --git a/debian/patches/no_crypt_hack b/debian/patches/no_crypt_hack new file mode 100644 index 0000000..ff6be10 --- /dev/null +++ b/debian/patches/no_crypt_hack @@ -0,0 +1,47 @@ +The udeb package does not have crypt(3). +This patch makes authentication always fail, since it is not needed anyway +for dialout. + +--- a/pppd/auth.c ++++ b/pppd/auth.c +@@ -1442,8 +1442,10 @@ check_passwd(unit, auser, userlen, apass + if (secret[0] != 0 && !login_secret) { + /* password given in pap-secrets - must match */ + if (cryptpap || strcmp(passwd, secret) != 0) { ++#ifndef NO_CRYPT_HACK + char *cbuf = crypt(passwd, secret); + if (!cbuf || strcmp(cbuf, secret) != 0) ++#endif + ret = UPAP_AUTHNAK; + } + } +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -121,10 +121,14 @@ CFLAGS += -DHAS_SHADOW + #LIBS += -lshadow $(LIBS) + endif + ++ifdef NO_CRYPT_HACK ++CFLAGS += -DNO_CRYPT_HACK ++else + ifneq ($(wildcard /usr/include/crypt.h),) + CFLAGS += -DHAVE_CRYPT_H=1 + LIBS += -lcrypt + endif ++endif + + ifdef USE_LIBUTIL + CFLAGS += -DHAVE_LOGWTMP=1 +--- a/pppd/session.c ++++ b/pppd/session.c +@@ -351,8 +351,10 @@ session_start(flags, user, passwd, ttyNa + */ + if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2) + return SESSION_FAILED; ++#ifndef NO_CRYPT_HACK + cbuf = crypt(passwd, pw->pw_passwd); + if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0) ++#endif + return SESSION_FAILED; + } + diff --git a/debian/patches/ppp-2.3.11-oedod.dif b/debian/patches/ppp-2.3.11-oedod.dif new file mode 100644 index 0000000..e436ff9 --- /dev/null +++ b/debian/patches/ppp-2.3.11-oedod.dif @@ -0,0 +1,172 @@ +--- a/pppd/demand.c ++++ b/pppd/demand.c +@@ -36,6 +36,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -43,6 +45,8 @@ + #include + #include + #include ++#include ++#include + #ifdef PPP_FILTER + #include + #endif +@@ -221,6 +225,14 @@ loop_chars(p, n) + int c, rv; + + rv = 0; ++ ++/* check for synchronous connection... */ ++ ++ if ( (p[0] == 0xFF) && (p[1] == 0x03) ) { ++ rv = loop_frame(p,n); ++ return rv; ++ } ++ + for (; n > 0; --n) { + c = *p++; + if (c == PPP_FLAG) { +@@ -299,17 +311,102 @@ loop_frame(frame, len) + * loopback, now that the real serial link is up. + */ + void +-demand_rexmit(proto) ++demand_rexmit(proto, newip) + int proto; ++ u_int32_t newip; + { + struct packet *pkt, *prev, *nextpkt; ++ unsigned short checksum; ++ unsigned short pkt_checksum = 0; ++ unsigned iphdr; ++ struct timeval tv; ++ char cv = 0; ++ char ipstr[16]; + + prev = NULL; + pkt = pend_q; + pend_q = NULL; ++ tv.tv_sec = 1; ++ tv.tv_usec = 0; ++ select(0,NULL,NULL,NULL,&tv); /* Sleep for 1 Seconds */ + for (; pkt != NULL; pkt = nextpkt) { + nextpkt = pkt->next; + if (PPP_PROTOCOL(pkt->data) == proto) { ++ if ( (proto == PPP_IP) && newip ) { ++ /* Get old checksum */ ++ ++ iphdr = (pkt->data[4] & 15) << 2; ++ checksum = *((unsigned short *) (pkt->data+14)); ++ if (checksum == 0xFFFF) { ++ checksum = 0; ++ } ++ ++ ++ if (pkt->data[13] == 17) { ++ pkt_checksum = *((unsigned short *) (pkt->data+10+iphdr)); ++ if (pkt_checksum) { ++ cv = 1; ++ if (pkt_checksum == 0xFFFF) { ++ pkt_checksum = 0; ++ } ++ } ++ else { ++ cv = 0; ++ } ++ } ++ ++ if (pkt->data[13] == 6) { ++ pkt_checksum = *((unsigned short *) (pkt->data+20+iphdr)); ++ cv = 1; ++ if (pkt_checksum == 0xFFFF) { ++ pkt_checksum = 0; ++ } ++ } ++ ++ /* Delete old Source-IP-Address */ ++ checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ pkt_checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ pkt_checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ /* Change Source-IP-Address */ ++ * ((u_int32_t *) (pkt->data + 16)) = newip; ++ ++ /* Add new Source-IP-Address */ ++ checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ pkt_checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ pkt_checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ /* Write new checksum */ ++ if (!checksum) { ++ checksum = 0xFFFF; ++ } ++ *((unsigned short *) (pkt->data+14)) = checksum; ++ if (pkt->data[13] == 6) { ++ *((unsigned short *) (pkt->data+20+iphdr)) = pkt_checksum; ++ } ++ if (cv && (pkt->data[13] == 17) ) { ++ *((unsigned short *) (pkt->data+10+iphdr)) = pkt_checksum; ++ } ++ ++ /* Log Packet */ ++ strcpy(ipstr,inet_ntoa(*( (struct in_addr *) (pkt->data+16)))); ++ if (pkt->data[13] == 1) { ++ syslog(LOG_INFO,"Open ICMP %s -> %s\n", ++ ipstr, ++ inet_ntoa(*( (struct in_addr *) (pkt->data+20)))); ++ } else { ++ syslog(LOG_INFO,"Open %s %s:%d -> %s:%d\n", ++ pkt->data[13] == 6 ? "TCP" : "UDP", ++ ipstr, ++ ntohs(*( (short *) (pkt->data+iphdr+4))), ++ inet_ntoa(*( (struct in_addr *) (pkt->data+20))), ++ ntohs(*( (short *) (pkt->data+iphdr+6)))); ++ } ++ } + output(0, pkt->data, pkt->length); + free(pkt); + } else { +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -1875,7 +1875,7 @@ ipcp_up(f) + proxy_arp_set[f->unit] = 1; + + } +- demand_rexmit(PPP_IP); ++ demand_rexmit(PPP_IP,go->ouraddr); + sifnpmode(f->unit, PPP_IP, NPMODE_PASS); + + } else { +--- a/pppd/ipv6cp.c ++++ b/pppd/ipv6cp.c +@@ -1232,7 +1232,7 @@ ipv6cp_up(f) + } + + } +- demand_rexmit(PPP_IPV6); ++ demand_rexmit(PPP_IPV6,0); + sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS); + + } else { +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -564,7 +564,7 @@ void demand_conf __P((void)); /* config + void demand_block __P((void)); /* set all NPs to queue up packets */ + void demand_unblock __P((void)); /* set all NPs to pass packets */ + void demand_discard __P((void)); /* set all NPs to discard packets */ +-void demand_rexmit __P((int)); /* retransmit saved frames for an NP */ ++void demand_rexmit __P((int, u_int32_t)); /* retransmit saved frames for an NP*/ + int loop_chars __P((unsigned char *, int)); /* process chars from loopback */ + int loop_frame __P((unsigned char *, int)); /* should we bring link up? */ + diff --git a/debian/patches/ppp-2.4.2-stripMSdomain b/debian/patches/ppp-2.4.2-stripMSdomain new file mode 100644 index 0000000..d52e386 --- /dev/null +++ b/debian/patches/ppp-2.4.2-stripMSdomain @@ -0,0 +1,35 @@ +diff -ruN ppp.orig/pppd/chap-new.c ppp/pppd/chap-new.c +--- ppp.orig/pppd/chap-new.c 2003-11-27 23:25:17.000000000 +0100 ++++ ppp/pppd/chap-new.c 2003-12-02 12:26:21.000000000 +0100 +@@ -57,6 +57,7 @@ + int chap_timeout_time = 3; + int chap_max_transmits = 10; + int chap_rechallenge_time = 0; ++int chapms_strip_domain = 0; + + /* + * Command-line options. +@@ -68,6 +69,8 @@ + "Set max #xmits for challenge", OPT_PRIO }, + { "chap-interval", o_int, &chap_rechallenge_time, + "Set interval for rechallenge", OPT_PRIO }, ++ { "chapms-strip-domain", o_bool, &chapms_strip_domain, ++ "Strip the domain prefix before the Username", 1 }, + { NULL } + }; + +@@ -338,6 +341,14 @@ + /* Null terminate and clean remote name. */ + slprintf(rname, sizeof(rname), "%.*v", len, name); + name = rname; ++ ++ /* strip the MS domain name */ ++ if (chapms_strip_domain && strrchr(rname, '\\')) { ++ char tmp[MAXNAMELEN+1]; ++ ++ strcpy(tmp, strrchr(rname, '\\') + 1); ++ strcpy(rname, tmp); ++ } + } + + if (chap_verify_hook) diff --git a/debian/patches/ppp-2.4.4-strncatfix.patch b/debian/patches/ppp-2.4.4-strncatfix.patch new file mode 100644 index 0000000..a69e1d0 --- /dev/null +++ b/debian/patches/ppp-2.4.4-strncatfix.patch @@ -0,0 +1,31 @@ +Description: fix a potential buffer overflow in clientid.c:rc_map2id() + +This fixes the following compile-time warning when building with +-D_FORTIFY_SOURCE=2: + +In file included from /usr/include/string.h:638:0, + from ./includes.h:26, + from clientid.c:12: +In function 'strncat', + inlined from 'rc_map2id' at clientid.c:113:9: +/usr/include/i386-linux-gnu/bits/string3.h:150:3: warning: call to +__builtin___strncat_chk might overflow destination buffer [enabled by default] + return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); + ^ + +Origin: vendor, https://build.opensuse.org/source/network/ppp/ppp-2.4.4-strncatfix.patch?rev=7a0fdeff0b29437dd7f4581c95c7255a +Forwarded: no +Reviewed-by: Chris Boot +Last-Update: 2014-01-12 + +--- ppp-2.4.4/pppd/plugins/radius/clientid.c.xx 2006-12-19 10:25:19.000000000 +0100 ++++ ppp-2.4.4/pppd/plugins/radius/clientid.c 2006-12-19 10:25:45.000000000 +0100 +@@ -110,7 +110,7 @@ + if (*name != '/') + strcpy(ttyname, "/dev/"); + +- strncat(ttyname, name, sizeof(ttyname)); ++ strncat(ttyname, name, sizeof(ttyname)-strlen(ttyname)-1); + + for(p = map2id_list; p; p = p->next) + if (!strcmp(ttyname, p->name)) return p->id; diff --git a/debian/patches/pppd-soname-hack.patch b/debian/patches/pppd-soname-hack.patch new file mode 100644 index 0000000..ad7d417 --- /dev/null +++ b/debian/patches/pppd-soname-hack.patch @@ -0,0 +1,30 @@ +Description: Add a SONAME to the pppd binary + This hack inserts a SONAME into the pppd binary, which allows us to + run dpkg-gensymbols/dh_makeshlibs over the resulting binary. This is + useful so that we can use Debian's standard build infrastructure to + help track the ppp binary's ABI, which is used by plugins. +Author: Chris Boot +Forwarded: not-needed +Last-Update: 2015-12-05 + +--- ppp-2.4.7.orig/pppd/Makefile.linux ++++ ppp-2.4.7/pppd/Makefile.linux +@@ -206,6 +206,8 @@ endif + + INSTALL= install + ++VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' patchlevel.h) ++ + all: $(TARGETS) + + install: pppd +@@ -217,7 +219,8 @@ install: pppd + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) + + pppd: $(PPPDOBJS) +- $(CC) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) ++ $(CC) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS) \ ++ -Wl,-soname,pppd.so.$(VERSION) + + srp-entry: srp-entry.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS) diff --git a/debian/patches/pppdump_use_zlib b/debian/patches/pppdump_use_zlib new file mode 100644 index 0000000..9438cbf --- /dev/null +++ b/debian/patches/pppdump_use_zlib @@ -0,0 +1,49 @@ +support building pppdump with the system zlib + +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,18 +2,42 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + ++DO_DEFLATE=y ++DO_BSD_COMPRESS=y ++HAVE_ZLIB=n ++ + COPTS=-O2 -g + CFLAGS= $(COPTS) -I../include/net + LDFLAGS=$(LDOPTS) + +-OBJS = pppdump.o bsd-comp.o deflate.o zlib.o ++OBJS = pppdump.o ++LIBS = ++ ++ifdef DO_DEFLATE ++CFLAGS += -DDO_DEFLATE=1 ++OBJS += deflate.o ++ifdef HAVE_ZLIB ++LIBS += -lz ++else ++OBJS += zlib.o ++endif ++else ++CFLAGS += -DDO_DEFLATE=0 ++endif ++ ++ifdef DO_BSD_COMPRESS ++CFLAGS += -DDO_BSD_COMPRESS=1 ++OBJS += bsd-comp.o ++else ++CFLAGS += -DDO_BSD_COMPRESS=0 ++endif + + INSTALL= install + + all: pppdump + + pppdump: $(OBJS) +- $(CC) $(LDFLAGS) -o pppdump $(OBJS) ++ $(CC) $(LDFLAGS) -o pppdump $(OBJS) $(LIBS) + + clean: + rm -f pppdump $(OBJS) *~ diff --git a/debian/patches/pppoatm_cleanup b/debian/patches/pppoatm_cleanup new file mode 100644 index 0000000..f0f9f04 --- /dev/null +++ b/debian/patches/pppoatm_cleanup @@ -0,0 +1,78 @@ +cosmetic cleanup of the pppoatm plugin + +Removed some debugging messages and generally cleaned up the source. + +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -70,18 +70,20 @@ static int setdevname_pppoatm(const char + { + struct sockaddr_atmpvc addr; + extern struct stat devstat; ++ + if (device_got_set) + return 0; +- //info("PPPoATM setdevname_pppoatm: '%s'", cp); ++ + memset(&addr, 0, sizeof addr); + if (text2atm(cp, (struct sockaddr *) &addr, sizeof(addr), +- T2A_PVC | T2A_NAME) < 0) { +- if(doit) +- info("atm does not recognize: %s", cp); ++ T2A_PVC | T2A_NAME | T2A_WILDCARD) < 0) { ++ if (doit) ++ info("cannot parse the ATM address: %s", cp); + return 0; +- } +- if (!doit) return 1; +- //if (!dev_set_ok()) return -1; ++ } ++ if (!doit) ++ return 1; ++ + memcpy(&pvcaddr, &addr, sizeof pvcaddr); + strlcpy(devnam, cp, sizeof devnam); + devstat.st_mode = S_IFSOCK; +@@ -93,7 +95,6 @@ static int setdevname_pppoatm(const char + lcp_allowoptions[0].neg_asyncmap = 0; + lcp_wantoptions[0].neg_pcompression = 0; + } +- info("PPPoATM setdevname_pppoatm - SUCCESS:%s", cp); + device_got_set = 1; + return 1; + } +@@ -108,6 +109,7 @@ static void no_device_given_pppoatm(void + static void set_line_discipline_pppoatm(int fd) + { + struct atm_backend_ppp be; ++ + be.backend_num = ATM_BACKEND_PPP; + if (!llc_encaps) + be.encaps = PPPOATM_ENCAPS_VC; +@@ -115,6 +117,7 @@ static void set_line_discipline_pppoatm( + be.encaps = PPPOATM_ENCAPS_LLC; + else + be.encaps = PPPOATM_ENCAPS_AUTODETECT; ++ + if (ioctl(fd, ATM_SETBACKEND, &be) < 0) + fatal("ioctl(ATM_SETBACKEND): %m"); + } +@@ -174,7 +177,7 @@ static void disconnect_pppoatm(void) + + void plugin_init(void) + { +-#if defined(__linux__) ++#ifdef linux + extern int new_style_driver; /* From sys-linux.c */ + if (!ppp_available() && !new_style_driver) + fatal("Kernel doesn't support ppp_generic - " +@@ -182,9 +185,9 @@ void plugin_init(void) + #else + fatal("No PPPoATM support on this OS"); + #endif +- info("PPPoATM plugin_init"); + add_options(pppoa_options); + } ++ + struct channel pppoa_channel = { + options: pppoa_options, + process_extra_options: NULL, diff --git a/debian/patches/pppoatm_resolver_light b/debian/patches/pppoatm_resolver_light new file mode 100644 index 0000000..84dc0f2 --- /dev/null +++ b/debian/patches/pppoatm_resolver_light @@ -0,0 +1,76 @@ +disable unneeded code in the pppoatm plugin + +This patch halves the size of the PPPoA plugin by disabling features +which are never used with normal DSL connections (i.e. parsing of QoS +configuration directives and DNS resolution of VP/VC addresses). +It is especially useful for install images and embedded systems. + +A next step could be removing text2qos.c, text2atm.c, misc.c and ans.c +and encourage users interested in the complete features to link the +plugin with the real libatm. I really doubt anybody cares, anyway. + + +--- a/pppd/plugins/pppoatm/Makefile.linux ++++ b/pppd/plugins/pppoatm/Makefile.linux +@@ -25,9 +25,13 @@ ifdef HAVE_LIBATM + LIBS := -latm + else + CFLAGS += -I. ++PLUGIN_OBJS += text2atm.o ++ifdef USE_FULL_ATM_RESOLVER ++CFLAGS += -DUSE_FULL_ATM_RESOLVER + PLUGIN_OBJS += text2qos.o text2atm.o misc.o ans.o + LIBS := -lresolv + endif ++endif + + #********* + all: $(PLUGIN) +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -142,8 +142,12 @@ static int connect_pppoatm(void) + qos.txtp.traffic_class = qos.rxtp.traffic_class = ATM_UBR; + /* TODO: support simplified QoS setting */ + if (qosstr != NULL) ++#ifdef USE_FULL_ATM_RESOLVER + if (text2qos(qosstr, &qos, 0)) + fatal("Can't parse QoS: \"%s\""); ++#else ++ fatal("qos support has not been compiled in"); ++#endif + qos.txtp.max_sdu = lcp_allowoptions[0].mru + pppoatm_overhead(); + qos.rxtp.max_sdu = lcp_wantoptions[0].mru + pppoatm_overhead(); + qos.aal = ATM_AAL5; +--- a/pppd/plugins/pppoatm/text2atm.c ++++ b/pppd/plugins/pppoatm/text2atm.c +@@ -72,6 +72,7 @@ static int try_pvc(const char *text,stru + } + + ++#ifdef USE_FULL_ATM_RESOLVER + static int do_try_nsap(const char *text,struct sockaddr_atmsvc *addr,int flags) + { + const char *walk; +@@ -221,6 +222,7 @@ static int try_name(const char *text,str + (void) fclose(file); + return result; + } ++#endif + + + int text2atm(const char *text,struct sockaddr *addr,int length,int flags) +@@ -234,6 +236,7 @@ int text2atm(const char *text,struct soc + result = try_pvc(text,(struct sockaddr_atmpvc *) addr,flags); + if (result != TRY_OTHER) return result; + } ++#ifdef USE_FULL_ATM_RESOLVER + if ((flags & T2A_SVC) && length >= sizeof(struct sockaddr_atmsvc)) { + result = try_nsap(text,(struct sockaddr_atmsvc *) addr,flags); + if (result != TRY_OTHER) return result; +@@ -245,5 +248,6 @@ int text2atm(const char *text,struct soc + if (result == TRY_OTHER && !(flags & T2A_LOCAL)) + result = ans_byname(text,(struct sockaddr_atmsvc *) addr,length,flags); + if (result != TRY_OTHER) return result; ++#endif + return -1; + } diff --git a/debian/patches/pppoe_noads b/debian/patches/pppoe_noads new file mode 100644 index 0000000..3af35e3 --- /dev/null +++ b/debian/patches/pppoe_noads @@ -0,0 +1,12 @@ +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -345,9 +345,6 @@ plugin_init(void) + } + + add_options(Options); +- +- info("RP-PPPoE plugin version %s compiled against pppd %s", +- RP_VERSION, VERSION); + } + + void pppoe_check_options(void) diff --git a/debian/patches/pr-28-pppoe-custom-host-uniq-tag.patch b/debian/patches/pr-28-pppoe-custom-host-uniq-tag.patch new file mode 100644 index 0000000..7c4a9f9 --- /dev/null +++ b/debian/patches/pr-28-pppoe-custom-host-uniq-tag.patch @@ -0,0 +1,303 @@ +From: Matteo Croce +Date: Sat, 21 Nov 2015 18:45:43 +0100 +Subject: [PATCH] pppoe: custom host-uniq tag +Forwarded: https://github.com/paulusmack/ppp/pull/28 +Reviewed-by: Chris Boot + +Add pppoe 'host-uniq' option to set an arbitrary +host-uniq tag instead of the pppd pid. +Some ISPs use such tag to authenticate the CPE, +so it must be set to a proper value to connect. + +Signed-off-by: Matteo Croce +Signed-off-by: Jo-Philipp Wich +--- + pppd/plugins/rp-pppoe/common.c | 14 ++++----- + pppd/plugins/rp-pppoe/discovery.c | 51 +++++++++++++-------------------- + pppd/plugins/rp-pppoe/plugin.c | 7 ++++- + pppd/plugins/rp-pppoe/pppoe-discovery.c | 38 +++++++++++++++--------- + pppd/plugins/rp-pppoe/pppoe.h | 31 +++++++++++++++++++- + 5 files changed, 86 insertions(+), 55 deletions(-) + +diff --git a/pppd/plugins/rp-pppoe/common.c b/pppd/plugins/rp-pppoe/common.c +index 89c633c773f9..8f175ece345b 100644 +--- a/pppd/plugins/rp-pppoe/common.c ++++ b/pppd/plugins/rp-pppoe/common.c +@@ -119,15 +119,11 @@ sendPADT(PPPoEConnection *conn, char const *msg) + conn->session = 0; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Copy error message */ +diff --git a/pppd/plugins/rp-pppoe/discovery.c b/pppd/plugins/rp-pppoe/discovery.c +index 04877cb8295f..5db8d0defc37 100644 +--- a/pppd/plugins/rp-pppoe/discovery.c ++++ b/pppd/plugins/rp-pppoe/discovery.c +@@ -80,13 +80,10 @@ static void + parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data, + void *extra) + { +- int *val = (int *) extra; +- if (type == TAG_HOST_UNIQ && len == sizeof(pid_t)) { +- pid_t tmp; +- memcpy(&tmp, data, len); +- if (tmp == getpid()) { +- *val = 1; +- } ++ PPPoETag *tag = extra; ++ ++ if (type == TAG_HOST_UNIQ && len == ntohs(tag->length)) { ++ tag->length = memcmp(data, tag->payload, len); + } + } + +@@ -104,16 +101,16 @@ parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data, + static int + packetIsForMe(PPPoEConnection *conn, PPPoEPacket *packet) + { +- int forMe = 0; ++ PPPoETag hostUniq = conn->hostUniq; + + /* If packet is not directed to our MAC address, forget it */ + if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0; + + /* If we're not using the Host-Unique tag, then accept the packet */ +- if (!conn->useHostUniq) return 1; ++ if (!conn->hostUniq.length) return 1; + +- parsePacket(packet, parseForHostUniq, &forMe); +- return forMe; ++ parsePacket(packet, parseForHostUniq, &hostUniq); ++ return !hostUniq.length; + } + + /********************************************************************** +@@ -301,16 +298,12 @@ sendPADI(PPPoEConnection *conn) + } + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid) + TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len + TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Add our maximum MTU/MRU */ +@@ -478,16 +471,12 @@ sendPADR(PPPoEConnection *conn) + cursor += namelen + TAG_HDR_SIZE; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid)+TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len+TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Add our maximum MTU/MRU */ +diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c +index c89be94250bc..eb395182f77c 100644 +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -68,6 +68,7 @@ static char *existingSession = NULL; + static int printACNames = 0; + static char *pppoe_reqd_mac = NULL; + unsigned char pppoe_reqd_mac_addr[6]; ++static char *host_uniq = NULL; + + static int PPPoEDevnameHook(char *cmd, char **argv, int doit); + static option_t Options[] = { +@@ -85,6 +86,8 @@ static option_t Options[] = { + "Be verbose about discovered access concentrators"}, + { "pppoe-mac", o_string, &pppoe_reqd_mac, + "Only connect to specified MAC address" }, ++ { "host-uniq", o_string, &host_uniq, ++ "Specify custom Host-Uniq" }, + { NULL } + }; + int (*OldDevnameHook)(char *cmd, char **argv, int doit) = NULL; +@@ -110,7 +113,6 @@ PPPOEInitDevice(void) + conn->ifName = devnam; + conn->discoverySocket = -1; + conn->sessionSocket = -1; +- conn->useHostUniq = 1; + conn->printACNames = printACNames; + conn->discoveryTimeout = PADI_TIMEOUT; + return 1; +@@ -166,6 +168,9 @@ PPPOEConnectDevice(void) + if (lcp_wantoptions[0].mru > ifr.ifr_mtu - TOTAL_OVERHEAD) + lcp_wantoptions[0].mru = ifr.ifr_mtu - TOTAL_OVERHEAD; + ++ if (host_uniq && !parseHostUniq(host_uniq, &conn->hostUniq)) ++ fatal("Illegal value for host-uniq option"); ++ + conn->acName = acName; + conn->serviceName = pppd_pppoe_service; + strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam)); +diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c +index 3d3bf4eecc81..f4f527128c2f 100644 +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -347,7 +347,7 @@ packetIsForMe(PPPoEConnection *conn, PPPoEPacket *packet) + if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0; + + /* If we're not using the Host-Unique tag, then accept the packet */ +- if (!conn->useHostUniq) return 1; ++ if (!conn->hostUniq.length) return 1; + + parsePacket(packet, parseForHostUniq, &forMe); + return forMe; +@@ -473,16 +473,12 @@ sendPADI(PPPoEConnection *conn) + cursor += namelen + TAG_HDR_SIZE; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid) + TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len + TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + packet.length = htons(plen); +@@ -644,7 +640,7 @@ int main(int argc, char *argv[]) + + memset(conn, 0, sizeof(PPPoEConnection)); + +- while ((opt = getopt(argc, argv, "I:D:VUAS:C:h")) > 0) { ++ while ((opt = getopt(argc, argv, "I:D:VUW:AS:C:h")) > 0) { + switch(opt) { + case 'S': + conn->serviceName = xstrdup(optarg); +@@ -653,7 +649,23 @@ int main(int argc, char *argv[]) + conn->acName = xstrdup(optarg); + break; + case 'U': +- conn->useHostUniq = 1; ++ if(conn->hostUniq.length) { ++ fprintf(stderr, "-U and -W are mutually exclusive\n"); ++ exit(EXIT_FAILURE); ++ } ++ char pidbuf[5]; ++ snprintf(pidbuf, sizeof(pidbuf), "%04x", getpid()); ++ parseHostUniq(pidbuf, &conn->hostUniq); ++ break; ++ case 'W': ++ if(conn->hostUniq.length) { ++ fprintf(stderr, "-U and -W are mutually exclusive\n"); ++ exit(EXIT_FAILURE); ++ } ++ if (!parseHostUniq(optarg, &conn->hostUniq)) { ++ fprintf(stderr, "Invalid host-uniq argument: %s\n", optarg); ++ exit(EXIT_FAILURE); ++ } + break; + case 'D': + conn->debugFile = fopen(optarg, "w"); +diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h +index 9ab2eee3914c..86d2b1e47a25 100644 +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -21,6 +21,8 @@ + + #include /* For FILE */ + #include /* For pid_t */ ++#include ++#include + + /* How do we access raw Ethernet devices? */ + #undef USE_LINUX_PACKET +@@ -235,7 +237,7 @@ typedef struct PPPoEConnectionStruct { + char *serviceName; /* Desired service name, if any */ + char *acName; /* Desired AC name, if any */ + int synchronous; /* Use synchronous PPP */ +- int useHostUniq; /* Use Host-Uniq tag */ ++ PPPoETag hostUniq; /* Use Host-Uniq tag */ + int printACNames; /* Just print AC names */ + FILE *debugFile; /* Debug file for dumping packets */ + int numPADOs; /* Number of PADO packets received */ +@@ -291,6 +293,33 @@ void pppoe_printpkt(PPPoEPacket *packet, + void (*printer)(void *, char *, ...), void *arg); + void pppoe_log_packet(const char *prefix, PPPoEPacket *packet); + ++static inline int parseHostUniq(const char *uniq, PPPoETag *tag) ++{ ++ int i, len = strlen(uniq); ++ ++#define hex(x) \ ++ (((x) <= '9') ? ((x) - '0') : \ ++ (((x) <= 'F') ? ((x) - 'A' + 10) : \ ++ ((x) - 'a' + 10))) ++ ++ if (len % 2) ++ return 0; ++ ++ for (i = 0; i < len; i += 2) ++ { ++ if (!isxdigit(uniq[i]) || !isxdigit(uniq[i+1])) ++ return 0; ++ ++ tag->payload[i / 2] = (char)(16 * hex(uniq[i]) + hex(uniq[i+1])); ++ } ++ ++#undef hex ++ ++ tag->type = htons(TAG_HOST_UNIQ); ++ tag->length = htons(len / 2); ++ return 1; ++} ++ + #define SET_STRING(var, val) do { if (var) free(var); var = strDup(val); } while(0); + + #define CHECK_ROOM(cursor, start, len) \ +-- +2.8.1 + diff --git a/debian/patches/radius-config.c-unkown-typo b/debian/patches/radius-config.c-unkown-typo new file mode 100644 index 0000000..9eef8ef --- /dev/null +++ b/debian/patches/radius-config.c-unkown-typo @@ -0,0 +1,33 @@ +Description: Correct unkown => unknown typo +Author: Chris Boot +Last-Update: 2013-09-09 + +--- ppp-2.4.5+git20130610.orig/pppd/plugins/radius/config.c ++++ ppp-2.4.5+git20130610/pppd/plugins/radius/config.c +@@ -271,7 +271,7 @@ char *rc_conf_str(char *optname) + option = find_option(optname, OT_STR); + + if (option == NULL) +- fatal("rc_conf_str: unkown config option requested: %s", optname); ++ fatal("rc_conf_str: unknown config option requested: %s", optname); + return (char *)option->val; + } + +@@ -282,7 +282,7 @@ int rc_conf_int(char *optname) + option = find_option(optname, OT_INT|OT_AUO); + + if (option == NULL) +- fatal("rc_conf_int: unkown config option requested: %s", optname); ++ fatal("rc_conf_int: unknown config option requested: %s", optname); + return *((int *)option->val); + } + +@@ -293,7 +293,7 @@ SERVER *rc_conf_srv(char *optname) + option = find_option(optname, OT_SRV); + + if (option == NULL) +- fatal("rc_conf_srv: unkown config option requested: %s", optname); ++ fatal("rc_conf_srv: unknown config option requested: %s", optname); + return (SERVER *)option->val; + } + diff --git a/debian/patches/radius_mtu b/debian/patches/radius_mtu new file mode 100644 index 0000000..807b27b --- /dev/null +++ b/debian/patches/radius_mtu @@ -0,0 +1,30 @@ +add support for the Framed-MTU Radius attribute + +http://ppp.samba.org/cgi-bin/ppp-bugs/incoming?id=1532 + +From: klepikov_a@up.ua +To: ppp-bugs@ppp.samba.org +Subject: Radius plugin does not set MTU on ppp interface +Date: Mon, 22 Jan 2007 12:36:59 +0000 (GMT) + +Full_Name: Alexander Klepikov +Version: 2.4.3 +OS: rhl 7.3 (2.4.20-28.7bigmem) +Submission from: (NULL) (213.130.21.73) + + +This patch allows radius plugin to deal with Framed-MTU Radius attribute and to +set MTU on interface. + +--- a/pppd/plugins/radius/radius.c ++++ b/pppd/plugins/radius/radius.c +@@ -657,6 +657,9 @@ radius_setparams(VALUE_PAIR *vp, char *m + memcpy(rstate.class, vp->strvalue, rstate.class_len); + } /* else too big for our buffer - ignore it */ + break; ++ case PW_FRAMED_MTU: ++ netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue)); ++ break; + } + + diff --git a/debian/patches/rc_mksid-no-buffer-overflow b/debian/patches/rc_mksid-no-buffer-overflow new file mode 100644 index 0000000..c6f7a0f --- /dev/null +++ b/debian/patches/rc_mksid-no-buffer-overflow @@ -0,0 +1,23 @@ +Description: Fix buffer overflow in rc_mksid() + rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. + . + If the process id is bigger than 65535 (FFFF), its hex representation will be + longer than 4 characters, resulting in a buffer overflow. + . + The bug can be exploited to cause a remote DoS. + . +Author: Emanuele Rocca +Bug-Debian: https://bugs.debian.org/782450 +Last-Update: <2015-04-14> + +--- ppp-2.4.6.orig/pppd/plugins/radius/util.c ++++ ppp-2.4.6/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () % 65535, + cnt & 0xFF); + cnt++; + return buf; diff --git a/debian/patches/readable_connerrs b/debian/patches/readable_connerrs new file mode 100644 index 0000000..a63607f --- /dev/null +++ b/debian/patches/readable_connerrs @@ -0,0 +1,15 @@ +make _PATH_CONNERRS world readable + +There is nothing security-sensitive there. + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -1637,7 +1637,7 @@ device_script(program, in, out, dont_wai + if (log_to_fd >= 0) + errfd = log_to_fd; + else +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600); ++ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + + ++conn_running; + pid = safe_fork(in, out, errfd); diff --git a/debian/patches/replace-vendored-hash-functions.patch b/debian/patches/replace-vendored-hash-functions.patch new file mode 100644 index 0000000..02c059a --- /dev/null +++ b/debian/patches/replace-vendored-hash-functions.patch @@ -0,0 +1,1185 @@ +Description: Replace vendored hash functions with libcrypto +Bug-Debian: https://bugs.debian.org/826625 +Forwarded: no +Author: Chris Boot +Last-Update: 2017-12-17 + +This patch switches ppp's use of the embedded implementations of MD4, MD5 and +SHA1 for those found in OpenSSL's libcrypto. This is inspired by the patch to +switch to the libmd versions of these functions, but using libcrypto is +preferable both due to the patch being slightly less invasive and also because +of our use of the EAP-TLS patch which requires OpenSSL. + +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -11,16 +11,16 @@ + + TARGETS = pppd + +-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \ +- ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \ ++PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c ccp.c \ ++ ecp.c ipxcp.c auth.c options.c sys-linux.c chap_ms.c \ + demand.c utils.c tty.c eap.c chap-md5.c session.c + + HEADERS = ccp.h session.h chap-new.h ecp.h fsm.h ipcp.h \ +- ipxcp.h lcp.h magic.h md5.h patchlevel.h pathnames.h pppd.h \ ++ ipxcp.h lcp.h magic.h patchlevel.h pathnames.h pppd.h \ + upap.h eap.h + + MANPAGES = pppd.8 +-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \ ++PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o ccp.o \ + ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \ + eap.o chap-md5.o session.o + +@@ -33,7 +33,7 @@ + # CC = gcc + # + COPTS = -O2 -pipe -Wall -g +-LIBS = ++LIBS = -lcrypto + + # Uncomment the next 2 lines to include support for Microsoft's + # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux. +@@ -91,8 +91,8 @@ + ifdef CHAPMS + CFLAGS += -DCHAPMS=1 + NEEDDES=y +-PPPDOBJS += md4.o chap_ms.o +-HEADERS += md4.h chap_ms.h ++PPPDOBJS += chap_ms.o ++HEADERS += chap_ms.h + ifdef MSLANMAN + CFLAGS += -DMSLANMAN=1 + endif +@@ -104,25 +104,18 @@ + # EAP SRP-SHA1 + ifdef USE_SRP + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include +-LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto ++LIBS += -lsrp -L/usr/local/ssl/lib + TARGETS += srp-entry + EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry + MANPAGES += srp-entry.8 + EXTRACLEAN += srp-entry.o + NEEDDES=y +-else +-# OpenSSL has an integrated version of SHA-1, and its implementation +-# is incompatible with this local SHA-1 implementation. We must use +-# one or the other, not both. +-PPPDSRCS += sha1.c +-HEADERS += sha1.h +-PPPDOBJS += sha1.o + endif + + # EAP-TLS + ifdef USE_EAPTLS + CFLAGS += -DUSE_EAPTLS=1 -I/usr/kerberos/include +-LIBS += -lssl -lcrypto ++LIBS += -lssl + PPPDSRC += eap-tls.c + HEADERS += eap-tls.h + PPPDOBJS += eap-tls.o +--- a/pppd/chap-md5.c ++++ b/pppd/chap-md5.c +@@ -39,7 +39,7 @@ + #ifdef USE_EAPTLS + #include "eap-tls.h" + #else +-#include "md5.h" ++#include + #endif /* USE_EAPTLS */ + + #define MD5_HASH_SIZE 16 +--- a/pppd/chap_ms.c ++++ b/pppd/chap_ms.c +@@ -89,8 +89,8 @@ + #include "pppd.h" + #include "chap-new.h" + #include "chap_ms.h" +-#include "md4.h" +-#include "sha1.h" ++#include ++#include + #include "pppcrypt.h" + #include "magic.h" + +@@ -535,8 +535,8 @@ + char *username, u_char Challenge[8]) + + { +- SHA1_CTX sha1Context; +- u_char sha1Hash[SHA1_SIGNATURE_SIZE]; ++ SHA_CTX sha1Context; ++ u_char sha1Hash[SHA_DIGEST_LENGTH]; + char *user; + + /* remove domain from "domain\username" */ +@@ -574,23 +574,11 @@ + static void + NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) + { +-#ifdef __NetBSD__ +- /* NetBSD uses the libc md4 routines which take bytes instead of bits */ +- int mdlen = secret_len; +-#else +- int mdlen = secret_len * 8; +-#endif + MD4_CTX md4Context; + +- MD4Init(&md4Context); +- /* MD4Update can take at most 64 bytes at a time */ +- while (mdlen > 512) { +- MD4Update(&md4Context, secret, 512); +- secret += 64; +- mdlen -= 512; +- } +- MD4Update(&md4Context, secret, mdlen); +- MD4Final(hash, &md4Context); ++ MD4_Init(&md4Context); ++ MD4_Update(&md4Context, secret, secret_len); ++ MD4_Final(hash, &md4Context); + + } + +@@ -671,8 +659,8 @@ + 0x6E }; + + int i; +- SHA1_CTX sha1Context; +- u_char Digest[SHA1_SIGNATURE_SIZE]; ++ SHA_CTX sha1Context; ++ u_char Digest[SHA_DIGEST_LENGTH]; + u_char Challenge[8]; + + SHA1_Init(&sha1Context); +@@ -725,8 +713,8 @@ + void + mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) + { +- SHA1_CTX sha1Context; +- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ ++ SHA_CTX sha1Context; ++ u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ + + SHA1_Init(&sha1Context); + SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); +@@ -769,9 +757,9 @@ + mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], + u_char NTResponse[24], int IsServer) + { +- SHA1_CTX sha1Context; +- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ +- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ ++ SHA_CTX sha1Context; ++ u_char MasterKey[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ ++ u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */ + + u_char SHApad1[40] = + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -71,7 +71,7 @@ + #ifdef USE_EAPTLS + #include "eap-tls.h" + #else +-#include "md5.h" ++#include + #endif /* USE_EAPTLS */ + + #ifdef USE_SRP +--- a/pppd/md4.c ++++ /dev/null +@@ -1,299 +0,0 @@ +-/* +-** ******************************************************************** +-** md4.c -- Implementation of MD4 Message Digest Algorithm ** +-** Updated: 2/16/90 by Ronald L. Rivest ** +-** (C) 1990 RSA Data Security, Inc. ** +-** ******************************************************************** +-*/ +- +-/* +-** To use MD4: +-** -- Include md4.h in your program +-** -- Declare an MDstruct MD to hold the state of the digest +-** computation. +-** -- Initialize MD using MDbegin(&MD) +-** -- For each full block (64 bytes) X you wish to process, call +-** MD4Update(&MD,X,512) +-** (512 is the number of bits in a full block.) +-** -- For the last block (less than 64 bytes) you wish to process, +-** MD4Update(&MD,X,n) +-** where n is the number of bits in the partial block. A partial +-** block terminates the computation, so every MD computation +-** should terminate by processing a partial block, even if it +-** has n = 0. +-** -- The message digest is available in MD.buffer[0] ... +-** MD.buffer[3]. (Least-significant byte of each word +-** should be output first.) +-** -- You can print out the digest using MDprint(&MD) +-*/ +- +-/* Implementation notes: +-** This implementation assumes that ints are 32-bit quantities. +-*/ +- +-#define TRUE 1 +-#define FALSE 0 +- +-/* Compile-time includes +-*/ +-#include +-#include "md4.h" +-#include "pppd.h" +- +-/* Compile-time declarations of MD4 "magic constants". +-*/ +-#define I0 0x67452301 /* Initial values for MD buffer */ +-#define I1 0xefcdab89 +-#define I2 0x98badcfe +-#define I3 0x10325476 +-#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */ +-#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */ +-/* C2 and C3 are from Knuth, The Art of Programming, Volume 2 +-** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley. +-** Table 2, page 660. +-*/ +- +-#define fs1 3 /* round 1 shift amounts */ +-#define fs2 7 +-#define fs3 11 +-#define fs4 19 +-#define gs1 3 /* round 2 shift amounts */ +-#define gs2 5 +-#define gs3 9 +-#define gs4 13 +-#define hs1 3 /* round 3 shift amounts */ +-#define hs2 9 +-#define hs3 11 +-#define hs4 15 +- +-/* Compile-time macro declarations for MD4. +-** Note: The "rot" operator uses the variable "tmp". +-** It assumes tmp is declared as unsigned int, so that the >> +-** operator will shift in zeros rather than extending the sign bit. +-*/ +-#define f(X,Y,Z) ((X&Y) | ((~X)&Z)) +-#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z)) +-#define h(X,Y,Z) (X^Y^Z) +-#define rot(X,S) (tmp=X,(tmp<>(32-S))) +-#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s) +-#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s) +-#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s) +- +-/* MD4print(MDp) +-** Print message digest buffer MDp as 32 hexadecimal digits. +-** Order is from low-order byte of buffer[0] to high-order byte of +-** buffer[3]. +-** Each byte is printed with high-order hexadecimal digit first. +-** This is a user-callable routine. +-*/ +-void +-MD4Print(MDp) +-MD4_CTX *MDp; +-{ +- int i,j; +- for (i=0;i<4;i++) +- for (j=0;j<32;j=j+8) +- printf("%02x",(MDp->buffer[i]>>j) & 0xFF); +-} +- +-/* MD4Init(MDp) +-** Initialize message digest buffer MDp. +-** This is a user-callable routine. +-*/ +-void +-MD4Init(MDp) +-MD4_CTX *MDp; +-{ +- int i; +- MDp->buffer[0] = I0; +- MDp->buffer[1] = I1; +- MDp->buffer[2] = I2; +- MDp->buffer[3] = I3; +- for (i=0;i<8;i++) MDp->count[i] = 0; +- MDp->done = 0; +-} +- +-/* MDblock(MDp,X) +-** Update message digest buffer MDp->buffer using 16-word data block X. +-** Assumes all 16 words of X are full of data. +-** Does not update MDp->count. +-** This routine is not user-callable. +-*/ +-static void +-MDblock(MDp,Xb) +-MD4_CTX *MDp; +-unsigned char *Xb; +-{ +- register unsigned int tmp, A, B, C, D; +- unsigned int X[16]; +- int i; +- +- for (i = 0; i < 16; ++i) { +- X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24); +- Xb += 4; +- } +- +- A = MDp->buffer[0]; +- B = MDp->buffer[1]; +- C = MDp->buffer[2]; +- D = MDp->buffer[3]; +- /* Update the message digest buffer */ +- ff(A , B , C , D , 0 , fs1); /* Round 1 */ +- ff(D , A , B , C , 1 , fs2); +- ff(C , D , A , B , 2 , fs3); +- ff(B , C , D , A , 3 , fs4); +- ff(A , B , C , D , 4 , fs1); +- ff(D , A , B , C , 5 , fs2); +- ff(C , D , A , B , 6 , fs3); +- ff(B , C , D , A , 7 , fs4); +- ff(A , B , C , D , 8 , fs1); +- ff(D , A , B , C , 9 , fs2); +- ff(C , D , A , B , 10 , fs3); +- ff(B , C , D , A , 11 , fs4); +- ff(A , B , C , D , 12 , fs1); +- ff(D , A , B , C , 13 , fs2); +- ff(C , D , A , B , 14 , fs3); +- ff(B , C , D , A , 15 , fs4); +- gg(A , B , C , D , 0 , gs1); /* Round 2 */ +- gg(D , A , B , C , 4 , gs2); +- gg(C , D , A , B , 8 , gs3); +- gg(B , C , D , A , 12 , gs4); +- gg(A , B , C , D , 1 , gs1); +- gg(D , A , B , C , 5 , gs2); +- gg(C , D , A , B , 9 , gs3); +- gg(B , C , D , A , 13 , gs4); +- gg(A , B , C , D , 2 , gs1); +- gg(D , A , B , C , 6 , gs2); +- gg(C , D , A , B , 10 , gs3); +- gg(B , C , D , A , 14 , gs4); +- gg(A , B , C , D , 3 , gs1); +- gg(D , A , B , C , 7 , gs2); +- gg(C , D , A , B , 11 , gs3); +- gg(B , C , D , A , 15 , gs4); +- hh(A , B , C , D , 0 , hs1); /* Round 3 */ +- hh(D , A , B , C , 8 , hs2); +- hh(C , D , A , B , 4 , hs3); +- hh(B , C , D , A , 12 , hs4); +- hh(A , B , C , D , 2 , hs1); +- hh(D , A , B , C , 10 , hs2); +- hh(C , D , A , B , 6 , hs3); +- hh(B , C , D , A , 14 , hs4); +- hh(A , B , C , D , 1 , hs1); +- hh(D , A , B , C , 9 , hs2); +- hh(C , D , A , B , 5 , hs3); +- hh(B , C , D , A , 13 , hs4); +- hh(A , B , C , D , 3 , hs1); +- hh(D , A , B , C , 11 , hs2); +- hh(C , D , A , B , 7 , hs3); +- hh(B , C , D , A , 15 , hs4); +- MDp->buffer[0] += A; +- MDp->buffer[1] += B; +- MDp->buffer[2] += C; +- MDp->buffer[3] += D; +-} +- +-/* MD4Update(MDp,X,count) +-** Input: X -- a pointer to an array of unsigned characters. +-** count -- the number of bits of X to use. +-** (if not a multiple of 8, uses high bits of last byte.) +-** Update MDp using the number of bits of X given by count. +-** This is the basic input routine for an MD4 user. +-** The routine completes the MD computation when count < 512, so +-** every MD computation should end with one call to MD4Update with a +-** count less than 512. A call with count 0 will be ignored if the +-** MD has already been terminated (done != 0), so an extra call with +-** count 0 can be given as a "courtesy close" to force termination +-** if desired. +-*/ +-void +-MD4Update(MDp,X,count) +-MD4_CTX *MDp; +-unsigned char *X; +-unsigned int count; +-{ +- unsigned int i, tmp, bit, byte, mask; +- unsigned char XX[64]; +- unsigned char *p; +- +- /* return with no error if this is a courtesy close with count +- ** zero and MDp->done is true. +- */ +- if (count == 0 && MDp->done) return; +- /* check to see if MD is already done and report error */ +- if (MDp->done) +- { printf("\nError: MD4Update MD already done."); return; } +- +- /* Add count to MDp->count */ +- tmp = count; +- p = MDp->count; +- while (tmp) +- { tmp += *p; +- *p++ = tmp; +- tmp = tmp >> 8; +- } +- +- /* Process data */ +- if (count == 512) +- { /* Full block of data to handle */ +- MDblock(MDp,X); +- } +- else if (count > 512) /* Check for count too large */ +- { +- printf("\nError: MD4Update called with illegal count value %d.", +- count); +- return; +- } +- else /* partial block -- must be last block so finish up */ +- { +- /* Find out how many bytes and residual bits there are */ +- byte = count >> 3; +- bit = count & 7; +- /* Copy X into XX since we need to modify it */ +- if (count) +- for (i=0;i<=byte;i++) XX[i] = X[i]; +- for (i=byte+1;i<64;i++) XX[i] = 0; +- /* Add padding '1' bit and low-order zeros in last byte */ +- mask = 1 << (7 - bit); +- XX[byte] = (XX[byte] | mask) & ~( mask - 1); +- /* If room for bit count, finish up with this block */ +- if (byte <= 55) +- { +- for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; +- MDblock(MDp,XX); +- } +- else /* need to do two blocks to finish up */ +- { +- MDblock(MDp,XX); +- for (i=0;i<56;i++) XX[i] = 0; +- for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; +- MDblock(MDp,XX); +- } +- /* Set flag saying we're done with MD computation */ +- MDp->done = 1; +- } +-} +- +-/* +-** Finish up MD4 computation and return message digest. +-*/ +-void +-MD4Final(buf, MD) +-unsigned char *buf; +-MD4_CTX *MD; +-{ +- int i, j; +- unsigned int w; +- +- MD4Update(MD, NULL, 0); +- for (i = 0; i < 4; ++i) { +- w = MD->buffer[i]; +- for (j = 0; j < 4; ++j) { +- *buf++ = w; +- w >>= 8; +- } +- } +-} +- +-/* +-** End of md4.c +-****************************(cut)***********************************/ +--- a/pppd/md4.h ++++ /dev/null +@@ -1,64 +0,0 @@ +- +-/* +-** ******************************************************************** +-** md4.h -- Header file for implementation of ** +-** MD4 Message Digest Algorithm ** +-** Updated: 2/13/90 by Ronald L. Rivest ** +-** (C) 1990 RSA Data Security, Inc. ** +-** ******************************************************************** +-*/ +- +-#ifndef __P +-# if defined(__STDC__) || defined(__GNUC__) +-# define __P(x) x +-# else +-# define __P(x) () +-# endif +-#endif +- +- +-/* MDstruct is the data structure for a message digest computation. +-*/ +-typedef struct { +- unsigned int buffer[4]; /* Holds 4-word result of MD computation */ +- unsigned char count[8]; /* Number of bits processed so far */ +- unsigned int done; /* Nonzero means MD computation finished */ +-} MD4_CTX; +- +-/* MD4Init(MD4_CTX *) +-** Initialize the MD4_CTX prepatory to doing a message digest +-** computation. +-*/ +-extern void MD4Init __P((MD4_CTX *MD)); +- +-/* MD4Update(MD,X,count) +-** Input: X -- a pointer to an array of unsigned characters. +-** count -- the number of bits of X to use (an unsigned int). +-** Updates MD using the first "count" bits of X. +-** The array pointed to by X is not modified. +-** If count is not a multiple of 8, MD4Update uses high bits of +-** last byte. +-** This is the basic input routine for a user. +-** The routine terminates the MD computation when count < 512, so +-** every MD computation should end with one call to MD4Update with a +-** count less than 512. Zero is OK for a count. +-*/ +-extern void MD4Update __P((MD4_CTX *MD, unsigned char *X, unsigned int count)); +- +-/* MD4Print(MD) +-** Prints message digest buffer MD as 32 hexadecimal digits. +-** Order is from low-order byte of buffer[0] to high-order byte +-** of buffer[3]. +-** Each byte is printed with high-order hexadecimal digit first. +-*/ +-extern void MD4Print __P((MD4_CTX *)); +- +-/* MD4Final(buf, MD) +-** Returns message digest from MD and terminates the message +-** digest computation. +-*/ +-extern void MD4Final __P((unsigned char *, MD4_CTX *)); +- +-/* +-** End of md4.h +-****************************(cut)***********************************/ +--- a/pppd/md5.c ++++ /dev/null +@@ -1,311 +0,0 @@ +- +- +-/* +- *********************************************************************** +- ** md5.c -- the source code for MD5 routines ** +- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** +- ** Created: 2/17/90 RLR ** +- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. ** +- *********************************************************************** +- */ +- +-/* +- *********************************************************************** +- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** +- ** ** +- ** License to copy and use this software is granted provided that ** +- ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** +- ** Digest Algorithm" in all material mentioning or referencing this ** +- ** software or this function. ** +- ** ** +- ** License is also granted to make and use derivative works ** +- ** provided that such works are identified as "derived from the RSA ** +- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** +- ** material mentioning or referencing the derived work. ** +- ** ** +- ** RSA Data Security, Inc. makes no representations concerning ** +- ** either the merchantability of this software or the suitability ** +- ** of this software for any particular purpose. It is provided "as ** +- ** is" without express or implied warranty of any kind. ** +- ** ** +- ** These notices must be retained in any copies of any part of this ** +- ** documentation and/or software. ** +- *********************************************************************** +- */ +- +-#ifndef USE_EAPTLS +- +-#include +-#include "md5.h" +- +-/* +- *********************************************************************** +- ** Message-digest routines: ** +- ** To form the message digest for a message M ** +- ** (1) Initialize a context buffer mdContext using MD5_Init ** +- ** (2) Call MD5_Update on mdContext and M ** +- ** (3) Call MD5_Final on mdContext ** +- ** The message digest is now in mdContext->digest[0...15] ** +- *********************************************************************** +- */ +- +-/* forward declaration */ +-static void Transform (UINT4 *buf, UINT4 *in); +- +-static unsigned char PADDING[64] = { +- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +-}; +- +-/* F, G, H and I are basic MD5 functions */ +-#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +-#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +-#define H(x, y, z) ((x) ^ (y) ^ (z)) +-#define I(x, y, z) ((y) ^ ((x) | (~z))) +- +-/* ROTATE_LEFT rotates x left n bits */ +-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) +- +-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ +-/* Rotation is separate from addition to prevent recomputation */ +-#define FF(a, b, c, d, x, s, ac) \ +- {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ +- (a) = ROTATE_LEFT ((a), (s)); \ +- (a) += (b); \ +- } +-#define GG(a, b, c, d, x, s, ac) \ +- {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ +- (a) = ROTATE_LEFT ((a), (s)); \ +- (a) += (b); \ +- } +-#define HH(a, b, c, d, x, s, ac) \ +- {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ +- (a) = ROTATE_LEFT ((a), (s)); \ +- (a) += (b); \ +- } +-#define II(a, b, c, d, x, s, ac) \ +- {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ +- (a) = ROTATE_LEFT ((a), (s)); \ +- (a) += (b); \ +- } +- +-#ifdef __STDC__ +-#define UL(x) x##U +-#else +-#define UL(x) x +-#endif +- +-/* The routine MD5_Init initializes the message-digest context +- mdContext. All fields are set to zero. +- */ +-void MD5_Init (mdContext) +-MD5_CTX *mdContext; +-{ +- mdContext->i[0] = mdContext->i[1] = (UINT4)0; +- +- /* Load magic initialization constants. +- */ +- mdContext->buf[0] = (UINT4)0x67452301; +- mdContext->buf[1] = (UINT4)0xefcdab89; +- mdContext->buf[2] = (UINT4)0x98badcfe; +- mdContext->buf[3] = (UINT4)0x10325476; +-} +- +-/* The routine MD5Update updates the message-digest context to +- account for the presence of each of the characters inBuf[0..inLen-1] +- in the message whose digest is being computed. +- */ +-void MD5_Update (mdContext, inBuf, inLen) +-MD5_CTX *mdContext; +-unsigned char *inBuf; +-unsigned int inLen; +-{ +- UINT4 in[16]; +- int mdi; +- unsigned int i, ii; +- +- /* compute number of bytes mod 64 */ +- mdi = (int)((mdContext->i[0] >> 3) & 0x3F); +- +- /* update number of bits */ +- if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0]) +- mdContext->i[1]++; +- mdContext->i[0] += ((UINT4)inLen << 3); +- mdContext->i[1] += ((UINT4)inLen >> 29); +- +- while (inLen--) { +- /* add new character to buffer, increment mdi */ +- mdContext->in[mdi++] = *inBuf++; +- +- /* transform if necessary */ +- if (mdi == 0x40) { +- for (i = 0, ii = 0; i < 16; i++, ii += 4) +- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | +- (((UINT4)mdContext->in[ii+2]) << 16) | +- (((UINT4)mdContext->in[ii+1]) << 8) | +- ((UINT4)mdContext->in[ii]); +- Transform (mdContext->buf, in); +- mdi = 0; +- } +- } +-} +- +-/* The routine MD5Final terminates the message-digest computation and +- ends with the desired message digest in mdContext->digest[0...15]. +- */ +-void MD5_Final (hash, mdContext) +-unsigned char hash[]; +-MD5_CTX *mdContext; +-{ +- UINT4 in[16]; +- int mdi; +- unsigned int i, ii; +- unsigned int padLen; +- +- /* save number of bits */ +- in[14] = mdContext->i[0]; +- in[15] = mdContext->i[1]; +- +- /* compute number of bytes mod 64 */ +- mdi = (int)((mdContext->i[0] >> 3) & 0x3F); +- +- /* pad out to 56 mod 64 */ +- padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); +- MD5_Update (mdContext, PADDING, padLen); +- +- /* append length in bits and transform */ +- for (i = 0, ii = 0; i < 14; i++, ii += 4) +- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | +- (((UINT4)mdContext->in[ii+2]) << 16) | +- (((UINT4)mdContext->in[ii+1]) << 8) | +- ((UINT4)mdContext->in[ii]); +- Transform (mdContext->buf, in); +- +- /* store buffer in digest */ +- for (i = 0, ii = 0; i < 4; i++, ii += 4) { +- mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF); +- mdContext->digest[ii+1] = +- (unsigned char)((mdContext->buf[i] >> 8) & 0xFF); +- mdContext->digest[ii+2] = +- (unsigned char)((mdContext->buf[i] >> 16) & 0xFF); +- mdContext->digest[ii+3] = +- (unsigned char)((mdContext->buf[i] >> 24) & 0xFF); +- } +- memcpy(hash, mdContext->digest, 16); +-} +- +-/* Basic MD5 step. Transforms buf based on in. +- */ +-static void Transform (buf, in) +-UINT4 *buf; +-UINT4 *in; +-{ +- UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; +- +- /* Round 1 */ +-#define S11 7 +-#define S12 12 +-#define S13 17 +-#define S14 22 +- FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */ +- FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */ +- FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */ +- FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */ +- FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */ +- FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */ +- FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */ +- FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */ +- FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */ +- FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */ +- FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */ +- FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */ +- FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */ +- FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */ +- FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */ +- FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */ +- +- /* Round 2 */ +-#define S21 5 +-#define S22 9 +-#define S23 14 +-#define S24 20 +- GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */ +- GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */ +- GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */ +- GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */ +- GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */ +- GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */ +- GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */ +- GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */ +- GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */ +- GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */ +- GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */ +- GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */ +- GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */ +- GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */ +- GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */ +- GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */ +- +- /* Round 3 */ +-#define S31 4 +-#define S32 11 +-#define S33 16 +-#define S34 23 +- HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */ +- HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */ +- HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */ +- HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */ +- HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */ +- HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */ +- HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */ +- HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */ +- HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */ +- HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */ +- HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */ +- HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */ +- HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */ +- HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */ +- HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */ +- HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */ +- +- /* Round 4 */ +-#define S41 6 +-#define S42 10 +-#define S43 15 +-#define S44 21 +- II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */ +- II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */ +- II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */ +- II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */ +- II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */ +- II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */ +- II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */ +- II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */ +- II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */ +- II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */ +- II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */ +- II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */ +- II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */ +- II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */ +- II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */ +- II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */ +- +- buf[0] += a; +- buf[1] += b; +- buf[2] += c; +- buf[3] += d; +-} +- +-/* +- *********************************************************************** +- ** End of md5.c ** +- ******************************** (cut) ******************************** +- */ +-#endif /* USE_EAPTLS */ +- +--- a/pppd/md5.h ++++ /dev/null +@@ -1,68 +0,0 @@ +-/* +- *********************************************************************** +- ** md5.h -- header file for implementation of MD5 ** +- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** +- ** Created: 2/17/90 RLR ** +- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** +- ** Revised (for MD5): RLR 4/27/91 ** +- ** -- G modified to have y&~z instead of y&z ** +- ** -- FF, GG, HH modified to add in last register done ** +- ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** +- ** -- distinct additive constant for each step ** +- ** -- round 4 added, working mod 7 ** +- *********************************************************************** +- */ +- +-/* +- *********************************************************************** +- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** +- ** ** +- ** License to copy and use this software is granted provided that ** +- ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** +- ** Digest Algorithm" in all material mentioning or referencing this ** +- ** software or this function. ** +- ** ** +- ** License is also granted to make and use derivative works ** +- ** provided that such works are identified as "derived from the RSA ** +- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** +- ** material mentioning or referencing the derived work. ** +- ** ** +- ** RSA Data Security, Inc. makes no representations concerning ** +- ** either the merchantability of this software or the suitability ** +- ** of this software for any particular purpose. It is provided "as ** +- ** is" without express or implied warranty of any kind. ** +- ** ** +- ** These notices must be retained in any copies of any part of this ** +- ** documentation and/or software. ** +- *********************************************************************** +- */ +-#ifndef USE_EAPTLS +- +-#ifndef __MD5_INCLUDE__ +- +-/* typedef a 32-bit type */ +-#ifdef _LP64 +-typedef unsigned int UINT4; +-typedef int INT4; +-#else +-typedef unsigned long UINT4; +-typedef long INT4; +-#endif +-#define _UINT4_T +- +-/* Data structure for MD5 (Message-Digest) computation */ +-typedef struct { +- UINT4 i[2]; /* number of _bits_ handled mod 2^64 */ +- UINT4 buf[4]; /* scratch buffer */ +- unsigned char in[64]; /* input buffer */ +- unsigned char digest[16]; /* actual digest after MD5Final call */ +-} MD5_CTX; +- +-void MD5_Init (MD5_CTX *mdContext); +-void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen); +-void MD5_Final (unsigned char hash[], MD5_CTX *mdContext); +- +-#define __MD5_INCLUDE__ +-#endif /* __MD5_INCLUDE__ */ +- +-#endif /* USE_EAPTLS */ +--- a/pppd/plugins/radius/md5.c ++++ b/pppd/plugins/radius/md5.c +@@ -1,7 +1,7 @@ + /* + * $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ + */ +-#include "md5.h" ++#include + + void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen) + { +--- a/pppd/plugins/radius/radius.c ++++ b/pppd/plugins/radius/radius.c +@@ -31,7 +31,7 @@ + #ifdef CHAPMS + #include "chap_ms.h" + #ifdef MPPE +-#include "md5.h" ++#include + #endif + #endif + #include "radiusclient.h" +--- a/pppd/plugins/winbind.c ++++ b/pppd/plugins/winbind.c +@@ -38,7 +38,7 @@ + #include "chap-new.h" + #include "chap_ms.h" + #ifdef MPPE +-#include "md5.h" ++#include + #endif + #include "fsm.h" + #include "ipcp.h" +--- a/pppd/sha1.c ++++ /dev/null +@@ -1,170 +0,0 @@ +-/* +- * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c +- * +- * SHA-1 in C +- * By Steve Reid +- * 100% Public Domain +- * +- * Test Vectors (from FIPS PUB 180-1) +- * "abc" +- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +- * A million repetitions of "a" +- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +- */ +- +-/* #define SHA1HANDSOFF * Copies data before messing with it. */ +- +-#include +-#include /* htonl() */ +-#include +-#include "sha1.h" +- +-static void +-SHA1_Transform(u_int32_t[5], const unsigned char[64]); +- +-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) +- +-/* blk0() and blk() perform the initial expand. */ +-/* I got the idea of expanding during the round function from SSLeay */ +-#define blk0(i) (block->l[i] = htonl(block->l[i])) +-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ +- ^block->l[(i+2)&15]^block->l[i&15],1)) +- +-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); +- +- +-/* Hash a single 512-bit block. This is the core of the algorithm. */ +- +-static void +-SHA1_Transform(u_int32_t state[5], const unsigned char buffer[64]) +-{ +- u_int32_t a, b, c, d, e; +- typedef union { +- unsigned char c[64]; +- u_int32_t l[16]; +- } CHAR64LONG16; +- CHAR64LONG16 *block; +- +-#ifdef SHA1HANDSOFF +- static unsigned char workspace[64]; +- block = (CHAR64LONG16 *) workspace; +- memcpy(block, buffer, 64); +-#else +- block = (CHAR64LONG16 *) buffer; +-#endif +- /* Copy context->state[] to working vars */ +- a = state[0]; +- b = state[1]; +- c = state[2]; +- d = state[3]; +- e = state[4]; +- /* 4 rounds of 20 operations each. Loop unrolled. */ +- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); +- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); +- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); +- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); +- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); +- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); +- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); +- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); +- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); +- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); +- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); +- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); +- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); +- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); +- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); +- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); +- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); +- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); +- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); +- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); +- /* Add the working vars back into context.state[] */ +- state[0] += a; +- state[1] += b; +- state[2] += c; +- state[3] += d; +- state[4] += e; +- /* Wipe variables */ +- a = b = c = d = e = 0; +-} +- +- +-/* SHA1Init - Initialize new context */ +- +-void +-SHA1_Init(SHA1_CTX *context) +-{ +- /* SHA1 initialization constants */ +- context->state[0] = 0x67452301; +- context->state[1] = 0xEFCDAB89; +- context->state[2] = 0x98BADCFE; +- context->state[3] = 0x10325476; +- context->state[4] = 0xC3D2E1F0; +- context->count[0] = context->count[1] = 0; +-} +- +- +-/* Run your data through this. */ +- +-void +-SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len) +-{ +- unsigned int i, j; +- +- j = (context->count[0] >> 3) & 63; +- if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; +- context->count[1] += (len >> 29); +- i = 64 - j; +- while (len >= i) { +- memcpy(&context->buffer[j], data, i); +- SHA1_Transform(context->state, context->buffer); +- data += i; +- len -= i; +- i = 64; +- j = 0; +- } +- +- memcpy(&context->buffer[j], data, len); +-} +- +- +-/* Add padding and return the message digest. */ +- +-void +-SHA1_Final(unsigned char digest[20], SHA1_CTX *context) +-{ +- u_int32_t i, j; +- unsigned char finalcount[8]; +- +- for (i = 0; i < 8; i++) { +- finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] +- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ +- } +- SHA1_Update(context, (unsigned char *) "\200", 1); +- while ((context->count[0] & 504) != 448) { +- SHA1_Update(context, (unsigned char *) "\0", 1); +- } +- SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ +- for (i = 0; i < 20; i++) { +- digest[i] = (unsigned char) +- ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); +- } +- /* Wipe variables */ +- i = j = 0; +- memset(context->buffer, 0, 64); +- memset(context->state, 0, 20); +- memset(context->count, 0, 8); +- memset(&finalcount, 0, 8); +-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ +- SHA1Transform(context->state, context->buffer); +-#endif +-} +- +--- a/pppd/sha1.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* sha1.h */ +- +-/* If OpenSSL is in use, then use that version of SHA-1 */ +-#ifdef OPENSSL +-#include +-#define __SHA1_INCLUDE_ +-#endif +- +-#ifndef __SHA1_INCLUDE_ +- +-#ifndef SHA1_SIGNATURE_SIZE +-#ifdef SHA_DIGESTSIZE +-#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE +-#else +-#define SHA1_SIGNATURE_SIZE 20 +-#endif +-#endif +- +-typedef struct { +- u_int32_t state[5]; +- u_int32_t count[2]; +- unsigned char buffer[64]; +-} SHA1_CTX; +- +-extern void SHA1_Init(SHA1_CTX *); +-extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int); +-extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *); +- +-#define __SHA1_INCLUDE_ +-#endif /* __SHA1_INCLUDE_ */ +- diff --git a/debian/patches/resolv.conf_no_log b/debian/patches/resolv.conf_no_log new file mode 100644 index 0000000..ae16946 --- /dev/null +++ b/debian/patches/resolv.conf_no_log @@ -0,0 +1,11 @@ +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -2063,7 +2063,7 @@ create_resolv(peerdns1, peerdns2) + + f = fopen(_PATH_RESOLV, "w"); + if (f == NULL) { +- error("Failed to create %s: %m", _PATH_RESOLV); ++ /* error("Failed to create %s: %m", _PATH_RESOLV); */ + return; + } + diff --git a/debian/patches/secure-card-interpreter-fix b/debian/patches/secure-card-interpreter-fix new file mode 100644 index 0000000..b1ad74f --- /dev/null +++ b/debian/patches/secure-card-interpreter-fix @@ -0,0 +1,19 @@ +Description: Change path to expect in secure-card example script + +This fixes the lintian warning: +I: ppp: example-wrong-path-for-interpreter + usr/share/doc/ppp/examples/scripts/secure-card + (#!/usr/local/bin/expect != /usr/bin/expect) + +Author: Chris Boot +Forwarded: not-needed +Last-Update: 2013-09-09 + +--- ppp-2.4.5+git20130610.orig/scripts/secure-card ++++ ppp-2.4.5+git20130610/scripts/secure-card +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/expect -f ++#!/usr/bin/expect -f + # + # This script was written by Jim Isaacson . It is + # designed to work as a script to use the SecureCARD(tm) device. This diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..8323680 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,65 @@ +# merged in upstream Git, but not yet released +0001-abort-on-errors-in-subdir-builds.patch +#0002-pppd-add-support-for-defaultroute-metric-option.patch +0003-scripts-Avoid-killing-wrong-pppd.patch +0004-pppd-Fix-sign-extension-when-displaying-bytes-in-oct.patch +0005-Suppress-false-error-message-on-PPPoE-disconnect.patch +0006-Send-PADT-on-PPPoE-disconnect.patch +0007-pppd-ipxcp-Prevent-buffer-overrun-on-remote-router-n.patch +0008-pppd-Fix-ccp_options.mppe-type.patch +0009-pppd-Fix-ccp_cilen-calculated-size-if-both-deflate_c.patch +0010-Fix-a-typo-in-comment.-Diff-from-Yuuichi-Someya.patch +0011-plog-count-only-relevant-lines-from-syslog.patch +0012-Change-include-from-sys-errno.h-to-errno.h.patch +0013-pppd-allow-use-of-arbitrary-interface-names.patch +0014-pppd-Remove-unused-declaration-of-ttyname.patch +0015-pppd-Provide-error-implementation-in-pppoe-discovery.patch +0016-pppoe-include-netinet-in.h-before-linux-in.h.patch + +# to be merged upstream +adaptive_echos +makefiles_cleanup +close_dev_ppp +chat_man +fix_linkpidfile +pppdump_use_zlib +pppoatm_resolver_light +pppoatm_cleanup +pppoe_noads +readable_connerrs +radius-config.c-unkown-typo + +# github pull requests +pr-28-pppoe-custom-host-uniq-tag.patch + +# not ready to be merged +011_scripts_redialer.diff +cifdefroute.dif +ppp-2.3.11-oedod.dif +radius_mtu + +# rejected by the upstream maintainer +018_ip-up_option.diff +ppp-2.4.2-stripMSdomain +setenv_call_file + +ipv6-accept-remote +ppp-2.4.4-strncatfix.patch + +# debian-specific +010_scripts_README.diff +no_crypt_hack +resolv.conf_no_log +zzz_config +secure-card-interpreter-fix +rc_mksid-no-buffer-overflow +pppd-soname-hack.patch +eaptls-mppe.patch +replace-vendored-hash-functions.patch + +# nmu +glibc-2.28.patch +# ubuntu +load_ppp_generic_if_needed + +CVE-2020-8597.patch diff --git a/debian/patches/setenv_call_file b/debian/patches/setenv_call_file new file mode 100644 index 0000000..fa215ac --- /dev/null +++ b/debian/patches/setenv_call_file @@ -0,0 +1,24 @@ +export $CALL_FILE to the link scripts + +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -1472,6 +1472,7 @@ callfile(argv) + if ((fname = (char *) malloc(l)) == NULL) + novm("call file name"); + slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg); ++ script_setenv("CALL_FILE", arg, 0); + + ok = options_from_file(fname, 1, 1, 1); + +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -1656,6 +1656,9 @@ the connection. + .B LINKNAME + The logical name of the link, set with the \fIlinkname\fR option. + .TP ++.B CALL_FILE ++The value of the \fIcall\fR option. ++.TP + .B DNS1 + If the peer supplies DNS server addresses, this variable is set to the + first DNS server address supplied (whether or not the usepeerdns diff --git a/debian/patches/zzz_config b/debian/patches/zzz_config new file mode 100644 index 0000000..6979e92 --- /dev/null +++ b/debian/patches/zzz_config @@ -0,0 +1,69 @@ +Debian-specific changes. + +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -61,14 +61,14 @@ HAVE_MULTILINK=y + USE_TDB=y + + HAS_SHADOW=y +-#USE_PAM=y ++USE_PAM=y + HAVE_INET6=y + + # Enable plugins + PLUGIN=y + + # Enable Microsoft proprietary Callback Control Protocol +-#CBCP=y ++CBCP=y + + # Enable EAP SRP-SHA1 authentication (requires libsrp) + #USE_SRP=y +@@ -182,11 +182,9 @@ LIBS += -ldl + endif + + ifdef FILTER +-ifneq ($(wildcard /usr/include/pcap-bpf.h),) + LIBS += -lpcap + CFLAGS += -DPPP_FILTER + endif +-endif + + ifdef HAVE_INET6 + PPPDSRCS += ipv6cp.c eui64.c +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,9 +2,9 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-DO_DEFLATE=y ++#DO_DEFLATE=y + DO_BSD_COMPRESS=y +-HAVE_ZLIB=n ++HAVE_ZLIB=y + + COPTS=-O2 -g + CFLAGS= $(COPTS) -I../include/net +--- a/pppd/pathnames.h ++++ b/pppd/pathnames.h +@@ -28,7 +28,7 @@ + #define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" + #define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" + #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." +-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors" ++#define _PATH_CONNERRS _ROOT_PATH "/var/log/ppp-connect-errors" + #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" + #define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" + +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -852,7 +852,7 @@ extern void (*snoop_send_hook) __P((unsi + || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP) + #define LOG_PPP LOG_LOCAL2 + #else +-#define LOG_PPP LOG_DAEMON ++#define LOG_PPP LOG_LOCAL2 + #endif + #endif /* LOG_PPP */ + diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..361550b --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] ppp-udeb.templates diff --git a/debian/po/be.po b/debian/po/be.po new file mode 100644 index 0000000..3f44679 --- /dev/null +++ b/debian/po/be.po @@ -0,0 +1,169 @@ +# translation of be.po_[k9cdzb].po to Belarusian (Official spelling) +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Pavel Piatruk , 2007. +# Pavel Piatruk , 2008. +msgid "" +msgstr "" +"Project-Id-Version: be.po_[k9cdzb]\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2008-11-20 23:20+0200\n" +"Last-Translator: Pavel Piatruk \n" +"Language-Team: Belarusian (Official spelling) \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Наладзіць і запусціць злучэнне PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Без канцэтратара PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Усе сеткавыя інтэрфейсы былі апрабаваныя, але не вызначана PPPoE " +"канцэнтратара." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Наладжванне PPPoE перарвана. Спроба можа быць здзейснена зноў выбарам " +"адпаведнага пункта меню." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Калі ласка, увядзіце імя карыстальніка для злучэння PPP." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Логін інтэрнэт-рахунка:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Калі ласка, увядзіце імя карыстальніка для злучэння PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Гэтая інфармацыя павінна быць прадастаўлена вам вашым Інтэрнэт-правайдэрам." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Пароль інтэрнэт-рахунка:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Калі ласка, увядзіце пароль для злучэння PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Няма інтэрфейса Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Сеціва PPPoE не можа быць наладжана, бо не вызначана інтэрфейсаў Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Пошук канцэнтратараў на ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Спраўджванне не атрымалася" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Спроба злучэння PPPoE была здзейснена, але прадастаўленыя звесткі ўвахода " +"некарэктныя." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Калі ласка, праверце ўведзеныя логін ды пароль." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Неапрацавальная памылка" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Невызначаная памылка адбылася падчас спробы злучэння." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Калі ласка, чакайце..." diff --git a/debian/po/ca.po b/debian/po/ca.po new file mode 100644 index 0000000..04b5971 --- /dev/null +++ b/debian/po/ca.po @@ -0,0 +1,184 @@ +# +# Catalan translation for ppp package. +# Copyright (C) 2008 Marco d'Itri. +# This file is distributed under the same license as the ppp package. +# +# Jordà Polo , 2007, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2008-11-20 19:04+0100\n" +"Last-Translator: Jordà Polo \n" +"Language-Team: Catalan \n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configura i inicia una connexió PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "No s'ha trobat el concentrador PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"S'han provat totes les interfícies de xarxa, però no s'ha detectat cap " +"concentrador PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"S'ha avortat la configuració del PPPoE. Podeu tornar-ho a intentar " +"seleccionant l'entrada del menú corresponent." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Si us plau, introduïu el nom d'usuari de la connexió PPP." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nom d'usuari del compte de l'ISP:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Si us plau, introduïu el nom d'usuari de la connexió PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Aquesta informació us l'hauria de proporcionar el vostre proveïdor de " +"serveis d'Internet." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Contrasenya del compte de l'ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Si us plau, introduïu la contrasenya de la connexió PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "No s'ha trobat la interfície Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"No s'ha pogut configurar la xarxa PPPoE ja que no ha estat possible detectar " +"cap interfície Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "S'està cercant un concentrador a ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "L'autenticació ha fallat" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"S'ha intentat establir una connexió PPPoE, però el nom d'usuari indicat " +"segurament és incorrecte." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Comproveu el nom d'usuari i la contrasenya que heu introduït." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Error inesperat" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"S'ha trobat un error no identificat mentre s'intentava establir la connexió." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Si us plau, espereu..." + +#~ msgid "PPP login:" +#~ msgstr "Nom d'usuari PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Sembla que l'intent d'establir la connexió ha provocat un error " +#~ "inesperat. És probable que alguna situació excepcional impedeixi " +#~ "l'establiment de la connexió." diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 0000000..73650f9 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,167 @@ +# Czech PO debconf template translation of ppp. +# Copyright (C) 2007 Miroslav Kure > +# This file is distributed under the same license as the ppp package. +# Miroslav Kure , 2007 - 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-09-09 13:02+0100\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Nastavit a spustit PPPoE spojení" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Žádný PPPoE koncentrátor" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Byla prověřena všechna síťová rozhraní, ale nebyl rozpoznán žádný PPPoE " +"koncentrátor." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Nastavení PPPoE bylo přerušeno. Můžete se pokusit o nové nastavení výběrem " +"příslušné položky v menu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Název rozhraní:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Zadejte prosím název síťového rozhraní připojeného k PPPoE modemu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Uživatelské jméno u poskytovatele připojení:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Zadejte prosím uživatelské jméno pro toto PPP spojení." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Tuto informaci by vám měl sdělit váš poskytovatel připojení k Internetu." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Heslo u poskytovatele připojení:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Zadejte prosím heslo pro toto PPP připojení." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Žádné ethernetové rozhraní" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Síťování pomocí PPPoE nemůže být nastaveno, protože nebylo rozpoznáno žádné " +"ethernetové rozhraní." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Hledám koncentrátory na ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autentizace se nezdařila" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Pokus o PPPoE spojení selhal, nejspíše kvůli chybným přihlašovacím údajům." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "" +"Zkontrolujte prosím, zda jste zadali správné uživatelské jméno a heslo." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Neošetřená chyba" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Při pokusu o navázání spojení se vyskytla neznámá chyba." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Čekejte prosím..." + diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 0000000..e3ba492 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,171 @@ +# Danish translation ppp. +# Copyright (C) 2010 ppp & nedenstående oversættere. +# This file is distributed under the same license as the ppp package. +# Claus Hindsgaul , 2004. +# Claus Hindsgaul , 2006, 2007. +# Joe Hansen (joedalton2@yahoo.dk), 2010, 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-08-30 16:42+0000\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Sæt PPPoE-forbindelse op og start den" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Ingen PPPoE-concentrator" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Alle netkort er blevet forespurgt, men der blev ikke fundet nogen PPPoE-" +"concentator." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Opsætningen af PPPoE blev afbrudt. Et nyt forsøg kan foretages ved at vælge " +"det relevante menupunkt." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Navn på grænseflade:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Indtast venligst navnet for netværksgrænsefladen forbundet til PPPoE-modemmet." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Brugernavn for ISP-konto:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Angiv brugernavn for PPP-forbindelsen." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Denne information skal du have modtaget af din internetudbyder." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Adgangskode for ISP-konto:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Angiv PPP-forbindelsens adgangskode." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Intet Ethernet-netkort" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE-netværk kan ikke sættes op, da der ikke blev fundet et Ethernet-" +"netkort." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Søger efter concentratorer på ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Mislykket autentifikation" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Det blev forsøgt at forbinde med PPPoE, men de givne logind-oplysninger var " +"ugyldige." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Sørg for at skrive det korrekte brugernavn og adgangskode." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Ikke-håndteret fejl" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Der opstod en uidentificeret fejl under forsøg på at oprette en forbindelse." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Vent venligst..." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..600cf5a --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,173 @@ +# Translation of ppp debconf templates to German +# Copyright (C) Helge Kreutzmann , 2006, 2007, +# Chris Leick 2012. +# This file is distributed under the same license as the ppp package. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-08-30 22:08+0200\n" +"Last-Translator: Chris Leick \n" +"Language-Team: de \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Konfiguriere und Starte eine PPPoE-Verbindung" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Kein PPPoE-Konzentrator" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Alle Netzschnittstellen wurden getestet, aber es wurde kein " +"PPPoE-Konzentrator erkannt." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Die Konfiguration von PPPoE wurde abgebrochen. Sie kann erneut versucht " +"werden, indem der relevante Menü-Eintrag ausgewählt wird." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Name der Schnittstelle:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Bitte geben Sie den Namen der Netzschnittstelle ein, die mit dem PPPoE-Modem " +"verbunden ist." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Benutzername beim Internet-Diensteanbieter:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Bitte geben Sie den Benutzernamen für die PPP-Verbindung ein." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Diese Informationen sollten Ihnen von Ihrem Internet-Diensteanbieter " +"bereitgestellt worden sein." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Passwort beim Internet-Diensteanbieter:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Bitte geben Sie das Passwort für die PPP-Verbindung ein." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Keine Ethernet-Schnittstelle" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE-Vernetzung kann nicht konfiguriert werden, da keine Ethernet-" +"Schnittstelle erkannt wurde." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Suche nach Konzentratoren auf ${IFACE} …" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Fehlgeschlagene Authentifikation" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Es wurde ein PPPoE-Verbindungsaufbau versucht, aber die angegebenen " +"Anmeldeinformationen waren wahrscheinlich nicht korrekt." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "" +"Bitte überprüfen Sie den angegebenen Benutzernamen und das angegebene " +"Passwort." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Nicht behandelter Fehler" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Ein nicht identifizierter Fehler trat beim Versuch des Verbindungsaufbaus " +"auf." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Bitte warten …" diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..4be7d0f --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,206 @@ +# ppp debconf translation to spanish +# Copyright (C) 2004-2007 Software in the Public Interest +# This file is distributed under the same license as the ppp package. +# +# Changes: +# - Initial translation +# Lucas Wall , 2004 +# - Updating templates for package version 2.4.4rel-2 +# Nacho Barrientos Arias , 2006 +# - Update for version 2.2.4rel, 2.4.5-5.1 +# Javier Fernández-Sanguino , 2007, 2012 +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.4rel-2\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-09-04 01:54+0200\n" +"Last-Translator: Javier Fernandez-Sanguino \n" +"Language-Team: Debian l10n Spanish \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurar e iniciar una conexión PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "No se ha encontrado ningún concentrador PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Se han analizado todas las interfaces de red pero no se ha encontrado ningún " +"concentrador PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Se ha abortado la configuración de PPPoE. Puede intentarlo de nuevo " +"seleccionando la opción pertinente en el menú." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Nombre de la interfaz:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Introduzca el nombre de la interfaz de red conectada al módem PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nombre de usuario de la cuenta del ISP:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Introduzca el usuario para la conexión PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Esta información debería de habérsela suministrado su proveedor de servicios " +"de Internet (ISP)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Contraseña de la cuenta del ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Introduzca la contraseña para la conexión PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "No hay una interfaz Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"La conexión PPPoE no se pudo configurar debido a que no se han detectado " +"interfaces Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Buscando servidores PPPoE en ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Falló la autenticación" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Se intentó iniciar una conexión PPPoE pero la información de acceso " +"proporcionada posiblemente sea incorrecta." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Compruebe el nombre de usuario y contraseñas suministrados." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Error no gestionado" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Se ha producido un error no identificado mientras se intentaba establecer la " +"conexión." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Espere por favor..." + +#~ msgid "PPP login:" +#~ msgstr "Usuario para la conexión PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Parece que el intento de crear una conexión dió lugar a un tipo de error " +#~ "no manejado por este programa. Posiblemente hay alguna situación fuera de " +#~ "lo normal que impide que la conexión se establezca." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 0000000..9b9d3c5 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,167 @@ +# translation of eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2007. +# Iñaki Larrañaga Murgoitio , 2012. +msgid "" +msgstr "" +"Project-Id-Version: eu\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-09-01 10:49+0200\n" +"Last-Translator: Iaki Larraaga Murgoitio \n" +"Language-Team: Basque \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Konfiguratu eta abiarazi PPPoE konexioa" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Ez da PPPoE bilgunerik aurkitu" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Sareko interfaze guztiak probatu dira baina ez da PPPoE bilgunerik aurkitu." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"PPPoE-ren konfigurazioa bertan behera utzi da. Berriro abiaraz daiteke " +"menuko sarrera egokia aukeratuz." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Interfazearen izena:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Idatzi PPPoE modemarekin konektatuta dagoen sareko interfazearen izena." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "ISP kontuaren erabiltzaile-izena:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Idatzi PPP konexioaren erabiltzaile-izena." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Datu hauek zure Interneteko hornitzaileak eman behar izan dizkizu." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "ISP kontuaren pasahitza:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Idatzi zure PPP konexioren pasahitza." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Ez dago Ethernet interfazerik" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Ezin da PPPoE sarea konfiguratu ez baita ethernet interfazerik atzeman." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Bilguneen bila ${IFACE} interfazean..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Huts egin du autentifikatzean" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"PPPoE konexioaren saiakera egin da, baina baliteke emandako saio-hasierako " +"informazioa gaizki egotea." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Egiaztatu erabiltzaile-izena eta pasahitza ongi idatzi dituzula." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Kudeatu gabeko errorea" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Errore ezezaguna gertatu da konexioa sortzen saiatzean." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Itxaron..." diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 0000000..a98a990 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,163 @@ +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2007-10-28 00:37+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Aseta ja käynnistä PPPoE-yhteys" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Ei PPPoE-keskitintä" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Kaikki verkkoliitynnät on tutkittu, mutta PPPoE-keskitintä ei löydetty." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"PPPoE:n asetus on keskeytetty. Sitä voidaan yrittää uudelleen valitsemalla " +"asiaankuuluva valikon kohta." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Anna PPP-yhteyden käyttäjätunnus." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "ISP-käyttäjätunnus: " + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Anna PPP-yhteyden käyttäjätunnus." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Tämä tieto sinun olisi tullut saada Internet-palveluntarjoajaltasi." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "ISP-salasana:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Anna PPP-yhteyden salasana." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Ei Ethernet-liityntää" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE-verkkoyhteyttä ei voida asettaa, koska yhtään Ethernet-liityntää ei " +"havaittu." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Etsitään keskittimiä liitynnästä ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Tunnistautuminen epäonnistui" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"PPPoE-yhteyttä yritettiin luoda, mutta annetut kirjautumistiedot olivat " +"luultavasti virheellisiä." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Tarkista antamasi käyttäjätunnus ja salasana." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Käsittelemätön virhe" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Luotaessa yhteyttä tapahtui tuntematon virhe." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Odota..." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..ec74189 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,176 @@ +# Translation of ppp debconf templates to French +# Copyright (C) 2006-2007, 2012 Debian French l10n team +# This file is distributed under the same license as the ppp package. +# +# Olivier Gauwin +# Cyril Brulebois , 2006-2007. +# David Prévot , 2012. +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.2\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-08-30 15:22-0400\n" +"Last-Translator: David Prévot \n" +"Language-Team: French \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" +"X-Generator: Lokalize 1.4\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurer et activer les connexions réseau PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Aucun concentrateur trouvé" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Toutes les interfaces réseau ont été testées mais aucun concentrateur PPPoE " +"n'a été détecté." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"La configuration de PPPoE a été interrompue. Vous pouvez la tenter à nouveau " +"en choisissant l'entrée de menu correspondante." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Nom de l'interface :" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Veuillez indiquer le nom de l'interface réseau connectée au modem PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Identifiant pour la connexion PPP :" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Veuillez indiquer l'identifiant à utiliser pour la connexion PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Cette information est habituellement disponible auprès de votre fournisseur " +"d'accès Internet (« FAI »)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Mot de passe pour la connexion PPP :" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Veuillez indiquer le mot de passe pour la connexion PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Aucune interface Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"La configuration PPPoE n'a pas pu être effectuée car aucune interface " +"Ethernet n'a été détectée." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Recherche de concentrateurs sur ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Identification échouée" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Une tentative de connexion PPPoE a eu lieu mais l'identification a échoué, " +"probablement à cause d'un mauvais identifiant ou d'un mauvais mot de passe." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "" +"Veuillez vérifier que vous avez indiqué les bons identifiant et mot de passe." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Erreur inconnue" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Une erreur inconnue s'est produite lors de la tentative de création de la " +"connexion." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Veuillez patienter..." + diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 0000000..a924b06 --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,178 @@ +# Galician translation of ppp's debconf templates +# This file is distributed under the same license as the ppp package. +# Jacobo Tarrio , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2007-10-24 20:44+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurar e iniciar unha conexión de PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Non hai un concentrador PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Buscouse en tódalas interfaces de rede, pero non se detectou ningún " +"concentrador PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Cancelouse a configuración de PPPoE. Pódese volver tentar escollendo a " +"entrada de menú relevante." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Introduza o nome de usuario para a conexión PPP." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nome de usuario da conta de acceso:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Introduza o nome de usuario para a conexión PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Esta información debeulla proporcionar o fornecedor de Internet." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Contrasinal da conta de acceso:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Introduza o contrasinal para a conexión PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Ningunha interface Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Non se pode configurar a rede PPPoE porque non se detectou ningunha " +"interface Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "A buscar concentradores en ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "A autenticación fallou" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Tentouse establecer unha conexión PPPoE, pero a información de " +"identificación que se forneceu probablemente non era correcta." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Comprobe o nome de usuario e contrasinal que forneceu." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Erro descoñecido" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Houbo un erro non identificado mentres se tentaba crear a conexión." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Por favor, agarde..." + +#~ msgid "PPP login:" +#~ msgstr "Usuario de PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Semella que a tentativa de crear unha conexión resultou nun erro " +#~ "descoñecido. Probablemente haxa unha situación excepcional que impida " +#~ "establecer a conexión." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 0000000..bb4fca2 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,197 @@ +# ppp - Italian Debconf messages +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.4rel\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2007-01-29 20:50+0200\n" +"Last-Translator: Marco d'Itri \n" +"Language-Team: Italian \n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configura e attiva una connessione PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +#, fuzzy +#| msgid "No concentrator was found" +msgid "No PPPoE concentrator" +msgstr "Non stato trovato un concentratore" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Si cercato su ogni interfaccia di rete, ma non stato trovato un " +"concentratore per PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +#, fuzzy +#| msgid "" +#| "The configuration of PPPoE is aborted. It can be attempted again by " +#| "selecting the relevant menu entry." +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"La configurazione di PPPoE annullata. Pu essere tentata di nuovo " +"selezionando la voce dal men." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Inserire l'username per la connessione PPP." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Inserire l'username per la connessione PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +#, fuzzy +#| msgid "" +#| "This information should have been provided to you by your Internet " +#| "Service Provider." +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Questa informazione dovrebbe essere stata fornita dal proprio Internet " +"Service Provider." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +#, fuzzy +#| msgid "PPP password:" +msgid "ISP account password:" +msgstr "Password PPP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Inserire la password per la connessione PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +#, fuzzy +#| msgid "No Ethernet interface found" +msgid "No Ethernet interface" +msgstr "Non stata trovata una interfaccia Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"La connessione PPPoE non pu essre configurata perch non stata trovata " +"alcuna interfaccia Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Ricerca di concentratori su ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autenticazione fallita" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +#, fuzzy +#| msgid "" +#| "A PPPoE connection was attempted, but the provided login information was " +#| "incorrect. Because of this the authentication failed." +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Si tentato di connettersi con PPPoE ma l'autenticazione fallita perch " +"le informazioni di login fornite non sono valide." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +#, fuzzy +#| msgid "Please make sure you type the correct username and password." +msgid "Please check the username and password you provided." +msgstr "Assicurarsi di avere scritto username e password corretti." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Errore non gestito" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Attendere..." + +#~ msgid "PPP login:" +#~ msgstr "Login PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Sembra che il tentativo di creare una connessione abbia causato un errore " +#~ "non gestito. Probabilmente una situazione eccezionale impedisce di " +#~ "stabilire la connessione." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 0000000..abcfaa3 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,176 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2008-07-05 09:52+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "PPPoE 接続の設定と開始" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "コンセントレータが見つかりません" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"すべてのネットワークインターフェイスを確認しましたが、PPPoE コンセントレータ" +"は検出されませんでした。" + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"PPPoE 設定を中断しました。適切なメニューを選べば再度設定を試みることが可能で" +"す。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "インターフェイスの名前:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"PPPoE モデムに接続されているネットワークインターフェイスの名前を入力してくだ" +"さい。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "プロバイダのユーザ名:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "PPP 接続のユーザ名を入力してください。" + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "この情報は、あなたが利用しているプロバイダから提供されているはずです。" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "プロバイダのパスワード:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "PPP 接続のパスワードを入力してください。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "イーサネットインターフェイスが見つかりません" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"イーサネットインターフェイスが検出されなかったので、PPPoE ネットワーク接続の" +"設定は行われません。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "${IFACE} に繋がっているコンセントレータを探しています…" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "認証に失敗しました" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"PPPoE 接続を行おうとしましたが、入力されたログイン情報におそらく間違いがあり" +"ます。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "ユーザ名とパスワードを確認してください。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "予期しないエラーが発生しました" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "接続を試みた際に不明なエラーが発生しました。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "しばらくお待ちください..." diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 0000000..f508039 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,182 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ppp package. +# Hans Fredrik Nordhaug , 2006-2007. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2007-11-09 18:17+0100\n" +"Last-Translator: Hans Fredrik Nordhaug \n" +"Language-Team: Norwegian Bokmål \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Konfigurer og start en PPPoE-forbindelse" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Ingen PPPoE-konsentrator" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Alle nettverksgrensesnitt ble undersøkt, men en PPPoE-konsentrator ble ikke " +"funnet." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Konfigurasjonen av PPPoE ble avbrutt. Man kan prøve igjen ved å velge " +"relevant menyoppføring." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Skriv brukernavnet for PPP-forbindelsen." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Brukernavn for ISP-konto:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Skriv brukernavnet for PPP-forbindelsen." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Denne informasjonen skulle du ha fått fra din internettleverandør (ISP)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Passord for ISP-kontoen:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Skriv inn passordet for PPP-forbindelsen." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Intet Ethernet-grensesnitt" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE-nettverk kan ikke konfigureres fordi intet Ethernet-grensesnitt ble " +"funnet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Søk etter konsentratorer på ${IFACE} ..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autentisering feilet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"En PPPoE-forbindelse ble forsøkt opprettet, men den oppgitte " +"innloggingsinformasjonen var sannsynligvis feil. " + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Sjekk at du skriver riktig brukernavn og passord." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Ukjent feil" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"En uidentifisert feil oppstod under forsøket på å opprette en forbindelse." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Vent litt ..." + +#~ msgid "PPP login:" +#~ msgstr "PPP-innlogging:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Det ser ut til forsøket på å opprette en forbindelse resulterte i en " +#~ "ukjent feil. Sannsynligvis er det en uvanlig situasjon som forhindrer " +#~ "opprettelsen av forbindelsen." diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..a8573f2 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,172 @@ +# Dutch translation of ppp debconf templates. +# Copyright (C) 2004, 2006, 2007, 2012 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ppp package. +# Frans Pop , 2004, 2006. +# Frans Pop , 2007. +# Jeroen Schot , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-09-03 16:50+0200\n" +"Last-Translator: Jeroen Schot \n" +"Language-Team: Debian l10n Dutch \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Een PPPoE-verbinding configureren en starten" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Geen PPPoE concentrator" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Alle netwerkinterfaces zijn afgetast, maar er is geen PPPoE concentrator " +"gevonden." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"De configuratie van PPPoE is afgebroken. Het kan opnieuw worden geprobeerd " +"door de relevante regel in het menu te selecteren." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Naam van de interface:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Geef de naam op van de netwerkinterface die is verbonden met de PPPoE-modem." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Gebruikersnaam voor uw internetaccount:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Geef de gebruikersnaam voor de PPP-verbinding." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Deze informatie zou aan u verstrekt moeten zijn door uw internetprovider " +"(ISP)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Wachtwoord voor uw Internet account:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Geef het wachtwoord voor de PPP-verbinding." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Geen ethernet-interface" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Er is geen ethernet-interface gevonden en daardoor is het niet mogelijk " +"PPPoE te configureren." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Bezig met zoeken van concentrators op ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Authenticatie mislukt" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Geprobeerd is een PPPoE-verbinding tot stand te brengen, maar waarschijnlijk " +"waren de opgegeven aanmeldgegevens onjuist." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Controleer de juistheid van uw gebruikersnaam en wachtwoord." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Onbekende fout" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Er heeft zich een onverwachte fout voorgedaan bij het tot stand brengen van " +"een verbinding." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Even geduld..." diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 0000000..adfe8e2 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,173 @@ +# debconf templates for ppp package +# Polish translation +# Copyright (C) +# +# This file is distributed under the same license as the ppp package. +# +# Łukasz Paździora, 2008. +# Michał Kułach , 2012. +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-09-01 01:01+0200\n" +"Last-Translator: Michał Kułach \n" +"Language-Team: Polish \n" +"Language: pl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" +"X-Generator: Lokalize 1.4\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Konfiguracja i uruchomienie połączenia PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Brak koncentratora PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Sprawdzono wszystkie interfejsy sieciowe, ale koncentrator PPPoE nie został " +"znaleziony." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Konfiguracja PPPoE została przerwana. Można ponowić jej próbę wybierając " +"odpowiednią pozycję z menu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Nazwa interfejsu:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Proszę podać nazwę interfejsu sieciowego, podłączonego do modemu PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nazwa konta użytkownika u dostawcy Internetu:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Proszę podać nazwę użytkownika do połączenia PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Ta informacja powinna zostać dostarczona przez dostawcę Internetu." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Hasło do konta użytkownika u dostawcy Internetu:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Proszę podać hasło do połączenia PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Brak interfejsu Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Połączenie PPPoE nie może zostać skonfigurowane, ponieważ nie wykryto " +"interfejsu Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Szukanie koncentratorów w ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Błąd podczas uwierzytelniania" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Próbowano nawiązać połączenie PPPoE, ale prawdopodobnie podano nieprawidłowe " +"dane." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Proszę sprawdzić podaną nazwę użytkownika i hasło." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Nieobsługiwany błąd" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"W trakcie próby utworzenia połączenia wystąpił niezidentyfikowany błąd." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Proszę czekać..." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 0000000..07c3f4a --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,186 @@ +# Portuguese translation for ppp's debconf messages +# Copyright (C) 2007 Carlos Lisboa +# This file is distributed under the same license as the ppp package. +# Simão Pedro Cardoso , 2005 +# Carlos Lisboa , 2007 +# Miguel Figueiredo , 2007 +# +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-09-04 21:43+0100\n" +"Last-Translator: Carlos Lisboa \n" +"Language-Team: Portuguese \n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurar e iniciar uma ligação PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Não foi encontrado nenhum concentrador PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"As interfaces de rede foram todas sondadas, mas não foi detectado " +"nenhumconcentrador PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"A configuração do PPPoE foi abortada. Pode tentar novamente escolhendo a " +"entrada relevante do menu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Nome do interface:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Por favor escolha o nome do dispositivo de rede ligado ao seu modem PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nome do utilizador da canta do ISP" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Introduza o utilizador para a ligação PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Esta informação deve ter sido dada pelo seu Provedor de Serviços de Internet." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Palavra-chave da conta do ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Introduza a palavra-chave para a ligação PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Nenhuma interface Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"A rede PPPoE não pode ser configurada porque não foi detectada nenhuma " +"interface Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "A procurar por concentradores em ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "A autenticação falhou" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Foi tentada uma ligação PPPoE, mas a informação de login dada provavelemente " +"estava incorrecta." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "" +"Por favor verifique o nome de utilizador e a palavra-chave que introduziu." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Erro desconhecido" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Ocorreu um erro não identificado ao tentar criar uma ligação." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Por favor aguarde..." + +#~ msgid "PPP login:" +#~ msgstr "Utilizador PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Parece que ao tentar criar a ligação resultou num erro desconhecido. " +#~ "Provavelmente existe alguma situação excepcional que impede que se " +#~ "estabeleça a ligação." + +#, fuzzy +#~ msgid "Your PPPoE username" +#~ msgstr "O seu nome de utilizador" diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 0000000..336f4e1 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,171 @@ +# Debconf translations for ppp. +# Copyright (C) 2012 THE ppp'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ppp package. +# Flamarion Jorge , 2010. +# José dos Santos Júnior , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-09-03 22:36-0300\n" +"Last-Translator: J. S. Júnior \n" +"Language-Team: Brazilian Portuguese \n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurar e iniciar uma conexão PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Nenhum concentrador PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Todas as interfaces de rede foram testadas, mas nenhum concentrador PPPoE " +"foi encontrado." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"A configuração do PPPoE foi cancelada. Ela pode ser tentada novamente " +"através da seleção da entrada de menu relevante." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Nome da interface:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Por favor, informe o nome da interface de rede conectada ao modem PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Nome de usuário da conta no ISP:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Por favor, informe o nome de usuário para a conexão PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Essa informação deve ter sido fornecida por seu Provedor de Serviços de " +"Internet." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Senha da conta no ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Por favor, informe a senha para a conexão PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Nenhuma interface Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Não foi possível configurar a rede PPPoE porque nenhuma interface Ethernet " +"foi detectada." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Procurando por concentradores na ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Falha na autenticação" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Uma conexão PPPoE foi tentada, mas a informação de login fornecida " +"provavelmente estava incorreta." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Por favor, verifique o nome de usuário e senha que você informou." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Erro desconhecido" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Um erro não identificado aconteceu ao tentar criar uma conexão." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Por favor, aguarde..." diff --git a/debian/po/ro.po b/debian/po/ro.po new file mode 100644 index 0000000..627549e --- /dev/null +++ b/debian/po/ro.po @@ -0,0 +1,233 @@ +# translation of ro.po to Romanian +# Romanian translation of ppp-udeb templates +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ppp-udeb package. +# +# Eddy Petrișor , 2006, 2007. +msgid "" +msgstr "" +"Project-Id-Version: ro\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2012-09-03 11:37+0300\n" +"Last-Translator: Eddy Petrișor \n" +"Language-Team: Romanian \n" +"Language: ro\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " +"20)) ? 1 : 2;\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Configurează și pornește o conexiune PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Nici un concentrator PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Au fost examinate toate interfețele, dar nu a fost detectat nici un " +"concentrator PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Configurarea PPPoE a fost abandonată. Poate fi încercată din nou, prin " +"selectarea intrării relevante din meniu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Numele interfeței:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Introduceți numele interfeței de rețea conectată la modemul PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Numele de utilizator pentru contul de servicii internet:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Introduceți numele de utilizator pentru conexiunea PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Această informație ar trebui să o fi primit de la furnizorul dumneavoastră " +"de servicii internet." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Parola pentru contul de servicii internet:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Introduceți parola pentru conexiunea PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Nici o interfață Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Conectarea prin PPPoE nu poate fi configurată deoarece nu a fost detectată " +"nici o interfață Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Se caută concentratoare prin ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autentificarea a eșuat" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"S-a încercat conectarea PPPoE, însă informațiile de autentificare furnizate " +"probabil că au fost incorecte." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Verificați numele de utilizator și parola pe care ați introdus-o." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Eroare netratată" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"A avut loc o eroare neidentificată în timp ce se încerca crearea conexiunii." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Vă rugăm să așteptați..." + +#~ msgid "PPP login:" +#~ msgstr "Autentificare PPP:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "Se pare că încercarea de conectare a dus la apariția unei erori " +#~ "netratate. Probabil că o situație excepțională împiedică realizarea " +#~ "conexiunii." + +#~ msgid "Concentrator detection failed" +#~ msgstr "Detecția concentratorului a eșuat" + +#~ msgid "" +#~ "No concentrator was found while trying to configure PPPoE. The PPPoE " +#~ "connections can be automatically detected by searching for a concentrator." +#~ msgstr "" +#~ "Nici un concetrator nu a fost găsit în timpul încercării de configurare a " +#~ "PPPoE. Conexiunile PPPoE pot fi detectate automat prin căutarea unui " +#~ "concentrator." + +#~ msgid "This was attempted on all known network interfaces in the system." +#~ msgstr "" +#~ "Acest lucru a fost încercat pe toate interfețele cunoscute din sistem." + +#~ msgid "You should check that connection cables are properly plugged in." +#~ msgstr "" +#~ "Ar trebui să verificați că mufele cablurilor de conectare sunt bine " +#~ "introduse în calculator." + +#~ msgid "Ethernet card detection failed" +#~ msgstr "Detecția interfeței Ethernet a eșuat" + +#~ msgid "" +#~ "No Ethernet card was detected. In order to configure PPPoE on the system, " +#~ "at least one Ethernet card is needed." +#~ msgstr "" +#~ "Nu a fost detectată nici o interfață Ethernet. Pentru a configura PPPoE " +#~ "pentru acest sistem, este nevoie de cel puțin o interfață de rețea." + +#~ msgid "" +#~ "Also, please note that currently the installer does not support automatic " +#~ "configuration of dial-up connections and this kind of configuration " +#~ "should be done manually." +#~ msgstr "" +#~ "De asemenea, a se reține că în prezent programul de instalare nu suportă " +#~ "configurarea automatică a conexiunilor dial-up, iar acest tip de " +#~ "conexiuni ar trebui să fie configurate manual." + +#~ msgid "Your PPPoE username" +#~ msgstr "Numele de utilizator PPPoE" + +#~ msgid "" +#~ "If the system does have an Ethernet card, then this could mean that it " +#~ "was not detected by the installer." +#~ msgstr "" +#~ "Dacă sistemul are o interfață Ethernet, atunci acest lucru ar putea " +#~ "însemna că nu a fost detectată de programul de instalare." diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 0000000..9253165 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,169 @@ +# Translation of ppp PO templates to Russian +# Copyright (C) 1984-2004 +# This file is distributed under the same license as the ppp package. +# +# Mikhail Gusarov , 2006. +# Yuri Kozlov , 2012. +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-08-31 18:34+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" +"X-Generator: Lokalize 1.4\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Настройка и установка соединения PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Нет концентратора PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Была выполнена проверка всех сетевых интерфейсов, но концентратор PPPoE не " +"был обнаружен." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Настройка PPPoE была прервана. Она может быть повторена выбором " +"соответствующего пункта меню." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Имя интерфейса:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Введите имя сетевого интерфейса, к которому подключён модем PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Имя пользователя учётной записи у провайдера:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Введите имя пользователя для соединения PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Эту информацию должен был предоставить ваш Интернет-провайдер (ISP)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Пароль к учётной записи провайдера:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Введите пароль для соединения PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Отсутствует интерфейс Ethernet." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Настройка соединения PPPoE невозможна, так как не было обнаружено ни одного " +"интерфейса Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Поиск концентраторов PPPoE через интерфейс ${IFACE}…" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Ошибка аутентификации" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Была предпринята попытка установки соединения PPPoE, но указанная " +"регистрационная информация, вероятно, ошибочна." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Проверьте указанные имя пользователя и пароль." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Необработанная ошибка" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "При попытке создать соединение произошла неизвестная ошибка." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Пожалуйста подождите…" diff --git a/debian/po/sk.po b/debian/po/sk.po new file mode 100644 index 0000000..3b87b7e --- /dev/null +++ b/debian/po/sk.po @@ -0,0 +1,171 @@ +# Slovak translations for ppp package +# Slovenské preklady pre balík ppp. +# Copyright (C) 2012 THE ppp'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ppp package. +# Automatically generated, 2012. +# Slavko , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.5-5.1\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-09-11 19:04+0200\n" +"Last-Translator: Slavko \n" +"Language-Team: slovenčina \n" +"Language: sk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-POFile-SpellExtra: IFACE PPP ISP PPPoE Ethernet\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Nastaviť a spustiť spojenie PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Žiadny koncentrátor PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Boli vyskúšané všetky sieťové rozhrania, ale koncentrátor PPPoE nebol " +"zistený." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Konfigurácia PPPoE bola zrušená. Môžete sa o to pokúsiť znova, zvolením " +"príslušnej položky menu." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Názov rozhrania:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Prosím, zadajte názov sieťového rozhrania pripojeného k modemu PPPoE." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Používateľské meno účtu ISP:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Prosím, zadajte používateľské meno spojenia PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Túto informáciu by ste mali dostať od svojho Poskytovateľa pripojenia k " +"internetu (ISP)." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Heslo účtu ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Prosím, zadajte heslo spojenia PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Žiadne rozhranie Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Pripojenie PPPoE nemožno nastaviť, pretože nebolo zistené žiadne rozhranie " +"Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Hľadanie koncentrátorov na ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autentifikácia zlyhala" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Pripojenie PPPoE bolo vyskúšané, ale zadané prihlasovacie informácie sú asi " +"zlé." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Prosím, skontrolujte zadané používateľské meno a heslo." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Neznáma chyba" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Pri pokuse o vytvorenie spojenia nastala neznáma chyba." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Prosím, počkajte..." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 0000000..c6bd524 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,168 @@ +# Translation of ppp debconf template to Swedish +# Copyright (C) 2012 Martin Bagge +# This file is distributed under the same license as the ppp package. +# +# Martin Ågren , 2008. +# Martin Bagge , 2012 +msgid "" +msgstr "" +"Project-Id-Version: ppp_2.4.4rel-10_sv\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2008-07-19 12:21+0200\n" +"Last-Translator: Martin Bagge \n" +"Language-Team: Swedish \n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Konfigurera och starta en PPPoE-anslutning" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Ingen PPPoE-koncentrator" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Alla nätverksgränssnitt har genomsökts men ingen PPPoE-koncentrator hittades." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Konfigurationen av PPPoE har avbrutits. Den kan startas om genom att välja " +"den relevanta menyposten." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Gränssnittsnamn:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Ange namnet på nätverkskortet som är anslutet till PPPoE-modemet." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Användarnamn hos internetleverantör:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Ange användarnamnet för PPP-anslutningen." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "Denna information ska din internetleverantör ha delgivit dig." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Lösenord hos internetleverantör:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Ange lösenordet för PPP-anslutningen." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Inget Ethernet-gränssnitt" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE-nätverket kan inte konfigureras på grund av att inget Ethernet-" +"gränssnitt hittades." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Söker efter koncentratorer på ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Autentisering misslyckades" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"En PPPoE-anslutning försöktes men den tillhandahållna " +"inloggningsinformationen var troligen felaktig." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Kontrollera det användarnamn och lösenord du angav." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Ohanterat fel" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" +"Ett oidentifierat fel inträffade medan ett försök till uppkoppling gjordes." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Var god vänta..." diff --git a/debian/po/ta.po b/debian/po/ta.po new file mode 100644 index 0000000..9ca3f2b --- /dev/null +++ b/debian/po/ta.po @@ -0,0 +1,200 @@ +# translation of templates.po to TAMIL +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Dr.T.Vasudevan , 2007. +msgid "" +msgstr "" +"Project-Id-Version: templates\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2007-01-17 17:27+0530\n" +"Last-Translator: Dr.T.Vasudevan \n" +"Language-Team: TAMIL \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "ஒரு பிபிபிஓஈ இணைப்பை வடிவமைத்து ஆரம்பிக்கவும்." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +#, fuzzy +#| msgid "No concentrator was found" +msgid "No PPPoE concentrator" +msgstr "குவிப்பி ஏதும் கண்டு பிடிக்க இயலவில்லை." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"எல்லா வலை இடை முகங்களும் சோதிக்கப்பட்டன. ஆனால் பிபிபிஓஈ குவிப்பி ஏதும் கண்டு பிடிக்க " +"இயலவில்லை." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +#, fuzzy +#| msgid "" +#| "The configuration of PPPoE is aborted. It can be attempted again by " +#| "selecting the relevant menu entry." +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"பிபிபிஓஈ வடிவமைப்பு கைவிடப்பட்டது.மீண்டும் அதை சரியான மெனு உள்ளீட்டின் மூலம் துவக்கலாம்." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +#, fuzzy +#| msgid "Please enter the username for the PPP connection." +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "பிபிபி இணைப்புக்கு பயனர் பெயரை உள்ளிடுக" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "பிபிபி இணைப்புக்கு பயனர் பெயரை உள்ளிடுக" + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +#, fuzzy +#| msgid "" +#| "This information should have been provided to you by your Internet " +#| "Service Provider." +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "உங்களுக்கு இந்த தகவல் உங்கள் சேவையாளரால் தரப் பட்டு இருக்க வேண்டும். " + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +#, fuzzy +#| msgid "PPP password:" +msgid "ISP account password:" +msgstr "பிபிபி கடவுச் சொல்:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "தயை செய்து பிபிபி இணைப்புக்கு கடவுச் சொல்லை உள்ளிடவும்." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +#, fuzzy +#| msgid "No Ethernet interface found" +msgid "No Ethernet interface" +msgstr "ஈதர்நெட் இடைமுகம் ஏதும் கண்டு பிடிக்கப் படவில்லை." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"ஈதர்நெட் இடைமுகம் ஏதும் கண்டு பிடிக்கப் படவில்லையாதலால் பிபிபிஓஈ வலையமைப்பை வடிவமைக்க " +"முடியவில்லை." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "${IFACE} இல் ...குவிப்பிகளுக்கு தேடுகிறது." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "உண்மைப் படுத்தல் தோல்வியுற்றது." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +#, fuzzy +#| msgid "" +#| "A PPPoE connection was attempted, but the provided login information was " +#| "incorrect. Because of this the authentication failed." +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"ஒரு பிபிபிஓஈ இணைப்பு முயற்சி செய்யப் பட்டது. ஆனால் கொடுக்கப் பட்ட உள்நுழைவு தகவல் " +"சரியில்லை. அதனால் உண்மைப் படுத்தல் தோல்வியுற்றது." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +#, fuzzy +#| msgid "Please make sure you type the correct username and password." +msgid "Please check the username and password you provided." +msgstr "" +"தயவு செய்து சரியான பயனர் பெயரும் கடவுச் சொல்லும் உள்ளிடுகிறீர்களா என உறுதி செய்து " +"கொள்ளவும்." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "கையாளாத பிழை " + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "பொறுத்திருக்கவும்..." + +#~ msgid "PPP login:" +#~ msgstr "பிபிபி உள் நுழைவு:" + +#~ msgid "" +#~ "It seems that the attempt to create a connection resulted in an unhandled " +#~ "error. Probably there is some exceptional situation which prevents " +#~ "establishing the connection." +#~ msgstr "" +#~ "இணைப்பை ஏற்படுத்தும் முயற்சி கையாளாத பிழையை ஏற்படுத்தியது போலுள்ளது. அனேகமாக ஏதோ " +#~ "ஒரு வித்தியாசமான நிலை இணப்பு ஏற்படுத்துவதை தடுக்கிறது." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..f645827 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,158 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "" + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 0000000..fda0bce --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,168 @@ +# Turkish translation of ppp. +# This file is distributed under the same license as the ppp package. +# Deniz Bahadır GÜR , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-08-30 14:53-0400\n" +"PO-Revision-Date: 2008-12-02 12:56+0300\n" +"Last-Translator: Deniz Bahadır GÜR \n" +"Language-Team: Turkish \n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Bir PPPoE bağlantısı yapılandır ve başlat" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "PPPoE yoğunlaştırıcısı yok" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"Bütün ağ arayüzleri araştırıldı, fakat bir PPPoE yoğunlaştırıcısı bulunamadı." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"PPPoE yapılandırması durduruldu. İlgili menüyü kullanarak tekrar " +"yapılandırılabilir." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Arayüz adı:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "" +"Lütfen modeminize bağlı olan ağ arayüzü adını giriniz." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "ISS kullanıcı adı:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Lütfen PPP bağlantısı için kullanıcı adınızı giriniz." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Bu bilgi, Internet Servis Sağlayıcınız tarafından sağlanmış olmalı." + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "ISS parolası:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Lütfen PPP bağlantısı için parolanızı giriniz." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Ethernet arayüzü yok" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"PPPoE ağı yapılandırılamadı çünkü Ethernet arayüzü bulunamadı" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "${IFACE} üzerinde yoğunlaştırıcı aranıyor..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Doğrulama başarısız" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Bir PPPoE bağlantısı kurulmaya çalışıldı, fakat verdiğiniz giriş bilgileri " +"muhtemelen yanlış." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Lütfen girdiğiniz kullanıcı adı ve parolayı kontrol ediniz." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Yakalanamayan hata" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Bağlantı kurulmaya çalışılırken, tanımlanamayan bir hata oluştu." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Lütfen bekleyin..." + +#~ msgid "Your PPPoE username" +#~ msgstr "PPPoE kullanıcı adınız" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 0000000..c1f2e08 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,169 @@ +# Vietnamese translation for PPP. +# Copyright © 2012 Free Software Foundation, Inc. +# Nguyen Vu Hung , 2012 +# Clytie Siddall , 2005-2007. +# +msgid "" +msgstr "" +"Project-Id-Version: ppp 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-08-31 14:48+0700\n" +"Last-Translator: Nguyen Vu Hung \n" +"Language-Team: The Most Project \n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b1\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "Cấu hình và khởi chạy kết nối PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "Không có bộ tập trung PPPoE" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "Đã dò tìm mọi giao diện mạng, nhưng chưa tìm thấy bộ tập trung PPPoE." + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "" +"Tiến trình cấu hình PPPoE bị hủy bỏ. Bạn vẫn có thể thử lại bằng cách chọn " +"mục trình đơn thích hợp." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "Tên giao diện:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "Hãy nhập tên của giao diện mạng kết nối tới PPPoE modem." + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "Tên người dùng của tài khoản ISP:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "Hãy gõ tên người dùng cho kết nối PPP." + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "" +"Thông tin này nên được cung cấp bởi Nhà Cung cấp Dịch vụ Internet (ISP)," + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "Mật khẩu của tài khoản ISP:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "Hãy gõ mật khẩu cho kết nối PPP." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "Không có giao diện Ethernet" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "" +"Không thể cấu hình chức năng chạy mạng PPPoE vì chưa phát hiện giao diện " +"Ethernet." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "Đang tìm kiếm bộ tập trung trên ${IFACE}..." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "Lỗi xác thực" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "" +"Đã thử kết nối PPPoE, nhưng thông tin đăng nhập đã cung cấp rất có thể không " +"đúng." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "Hãy kiểm tra lại tên người dùng và mật khẩu bạn đã cung cấp." + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "Lỗi chưa xử lý" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "Gặp lỗi không rõ khi thử thiết lập kết nối." + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "Hãy đợi..." + +#~ msgid "Your PPPoE username" +#~ msgstr "Tên người dùng PPPoE của bạn" diff --git a/debian/po/zh_CN.po b/debian/po/zh_CN.po new file mode 100644 index 0000000..e5fc9c9 --- /dev/null +++ b/debian/po/zh_CN.po @@ -0,0 +1,158 @@ +# po-debconf translation for ppp +# Copyright (C) 2008 Marco d'Itri +# This file is distributed under the same license as the ppp package. +# Li, Zhi , Zhi , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-08-31 14:17+0800\n" +"Last-Translator: Li, Zhi \n" +"Language-Team: Chinese \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n!=1);\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "设置并启动 PPPoE 连接" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "没有可用的 PPPoE 设备" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "已搜寻过所有网络接口,但是没有找到任何可用的 PPPoE 设备。" + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "这次 PPPoE 的设置已经取消,您可以通过选取相关菜单选项再次设置。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "接口名称:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "请输入连接 PPPoE modem 的网络接口名称。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "ISP 用户名:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "请输入 PPP 连接的用户名。" + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "此信息可以从您的网络服务提供商 (ISP) 那里获得。" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "ISP 账户口令:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "请输入 PPP 连接的口令。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "没有以太网接口" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "无法配置 PPPoE 网络,因为找不到任何网络接口。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "在 {IFACE} 中查找设备……" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "认证失败" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "尝试建立 PPPoE 连接,但是提供的登录信息可能有误。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "请检查用户名和口令是否正确。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "无法处理的错误。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "尝试建立连接时发生无法识别的错误。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "请稍候……" diff --git a/debian/po/zh_TW.po b/debian/po/zh_TW.po new file mode 100644 index 0000000..ba54dff --- /dev/null +++ b/debian/po/zh_TW.po @@ -0,0 +1,161 @@ +# po-debconf translation for ppp +# Copyright (C) 2008 Marco d'Itri +# This file is distributed under the same license as the ppp package. +# Kanru Chen , 2008. +# V字龍 | Vdragon , 2012. +# +msgid "" +msgstr "" +"Project-Id-Version: 2.4.4rel-10\n" +"Report-Msgid-Bugs-To: ppp@packages.debian.org\n" +"POT-Creation-Date: 2012-09-02 11:02-0400\n" +"PO-Revision-Date: 2012-08-31 14:58+0800\n" +"Last-Translator: V字龍 | Vdragon \n" +"Language-Team: Debian-user in Chinese [Big5] \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: text +#. Description +#. Main menu item +#: ../ppp-udeb.templates:2001 +msgid "Configure and start a PPPoE connection" +msgstr "設定並啟用一個 PPPoE 連線" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "No PPPoE concentrator" +msgstr "沒有發現可用的 PPPoE數據機(PPPoE concentrator)" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 +msgid "" +"All network interfaces have been probed, but a PPPoE concentrator was not " +"detected." +msgstr "" +"已搜尋過所有的網路介面,但是沒有找到任何可用的 PPPoE數據機(PPPoE " +"concentrator)。" + +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#. Type: error +#. Description +#: ../ppp-udeb.templates:3001 ../ppp-udeb.templates:7001 +#: ../ppp-udeb.templates:9001 ../ppp-udeb.templates:10001 +msgid "" +"The configuration of PPPoE has been aborted. It can be attempted again by " +"selecting the relevant menu entry." +msgstr "PPPoE 的設定程序已經被中斷,您可以透過選取相關的選單項目再次重新設定。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "Interface name:" +msgstr "介面名稱:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:4001 +msgid "" +"Please enter the name of the network interface connected to the PPPoE modem." +msgstr "請輸入連接至 PPPoE數據機 的網路介面名稱。" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "ISP account username:" +msgstr "網路服務提供商(Internet Service Provider)的使用者帳號名稱:" + +#. Type: string +#. Description +#: ../ppp-udeb.templates:5001 +msgid "Please enter the username for the PPP connection." +msgstr "請輸入用於 PPP連線 的使用者帳號名稱。" + +#. Type: string +#. Description +#. Type: password +#. Description +#: ../ppp-udeb.templates:5001 ../ppp-udeb.templates:6001 +msgid "" +"This information should have been provided by your Internet Service Provider." +msgstr "您的網路服務提供商(Internet Service Provider)應該會提供您這個資訊。" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "ISP account password:" +msgstr "網路服務提供商(Internet Service Provider) 使用者帳號密碼:" + +#. Type: password +#. Description +#: ../ppp-udeb.templates:6001 +msgid "Please enter the password for the PPP connection." +msgstr "請輸入 PPP 連線的密碼。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "No Ethernet interface" +msgstr "無任何乙太網路(ethernet)介面" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:7001 +msgid "" +"PPPoE networking cannot be configured because no Ethernet interface was " +"detected." +msgstr "無法設定 PPPoE 網路連線,因為找不到任何乙太網路(ethernet)介面。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:8001 +msgid "Searching for concentrators on ${IFACE}..." +msgstr "正在於 ${IFACE} 上搜尋可用的 PPPoE數據機(PPPoE concentrator)……" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Failed authentication" +msgstr "認證失敗" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "" +"A PPPoE connection was attempted, but the provided login information was " +"probably incorrect." +msgstr "嘗試 PPPoE 連線失敗,您提供的登入資訊可能有誤。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:9001 +msgid "Please check the username and password you provided." +msgstr "請檢查使用者名稱與密碼是否正確。" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "Unhandled error" +msgstr "無法處理的錯誤" + +#. Type: error +#. Description +#: ../ppp-udeb.templates:10001 +msgid "An unidentified error happened while attempting to create a connection." +msgstr "嘗試建立連線時發生無法辨別的錯誤。" + +#. Type: text +#. Description +#: ../ppp-udeb.templates:11001 +msgid "Please wait..." +msgstr "請稍候……" diff --git a/debian/ppp-dev.README.Debian b/debian/ppp-dev.README.Debian new file mode 100644 index 0000000..544c2ea --- /dev/null +++ b/debian/ppp-dev.README.Debian @@ -0,0 +1,54 @@ +README.Debian for ppp-dev +========================= + +ppp-dev provides dh_ppp(1p), a debhelper(7) helper program that adds +appropriate substitution variables for packages that build pppd plugins. This +essentially adds the right incantations to a package's Depends or Breaks +control file field(s). + +If you are using ppp-dev so that your package may build a plugin that is +intended to be loaded into pppd, you should use one of the three provided +mechanisms to generate correct Depends or Breaks. + +The Problem +----------- + +pppd is a program that loads plugins into itself using dlopen(). Much like with +shared libraries, plugins depend on a particular ABI within the host in order +to interact with it. If this ABI changes, plugins built against the old ABI may +break or misbehave. Unlike with shared libraries there is currently no standard +way to track the ABI automatically, such as with symbols files and SONAMEs, so +pppd must improvise. This allows us to ensure that dpkg/apt know about the +change and the change can be tracked using standard Debian infrastructure +tools. + +Debhelper Sequencer +------------------- + +If your package that builds ppp plugins uses the debhelper(7) sequencer, you +can simply add '--with ppp' to your "dh $@" line. This will cause dh_ppp(1p) to +be automatically invoked for your package with default arguments. + +If you wish to provide additional arguments to dh_ppp(1p), you may override it +in the standard way, for example:: + + override_dh_ppp: + dh_ppp --breaks + +Please see the dh_ppp(1p) man page for more information on its arguments and +how it works. + +dh_ppp(1p) helper +----------------- + +If you are not using the dh sequencer, you may invoke dh_ppp(1p) manually. +Please see its man page for further information about its arguments and how it +works. + +Raw substvars manipulation +-------------------------- + +If you don't wish to use either of the above mechanism, there are generated +substvars in /usr/share/ppp-dev/substvars (in the ppp-dev package) that can be +incorporated into your own debian/[package.]substvars file. Just use either the +ppp:Depends or ppp:Breaks as you find most appropriate for your package. diff --git a/debian/ppp-dev.dirs b/debian/ppp-dev.dirs new file mode 100644 index 0000000..71080cb --- /dev/null +++ b/debian/ppp-dev.dirs @@ -0,0 +1 @@ +/usr/ diff --git a/debian/ppp-dev.install b/debian/ppp-dev.install new file mode 100644 index 0000000..5ecc34a --- /dev/null +++ b/debian/ppp-dev.install @@ -0,0 +1,2 @@ +debian/extra/dh_ppp usr/bin +debian/extra/lib/Debian/Debhelper/Sequence/ppp.pm usr/share/perl5/Debian/Debhelper/Sequence/ diff --git a/debian/ppp-dev.manpages b/debian/ppp-dev.manpages new file mode 100644 index 0000000..538c865 --- /dev/null +++ b/debian/ppp-dev.manpages @@ -0,0 +1 @@ +debian/extra/dh_ppp.1p diff --git a/debian/ppp-udeb.dirs b/debian/ppp-udeb.dirs new file mode 100644 index 0000000..4b9e6ff --- /dev/null +++ b/debian/ppp-udeb.dirs @@ -0,0 +1,5 @@ +etc/network/ +etc/ppp/peers/ +usr/lib/post-base-installer.d/ +usr/lib/pppd/ +usr/sbin/ diff --git a/debian/ppp-udeb.install b/debian/ppp-udeb.install new file mode 100644 index 0000000..f09d1d9 --- /dev/null +++ b/debian/ppp-udeb.install @@ -0,0 +1,5 @@ +debian/extra/udeb/ip-up etc/ppp/ +debian/extra/udeb/options etc/ppp/ +debian/extra/udeb/post-base-installer.d/* usr/lib/post-base-installer.d +debian/tmp-udeb/usr/lib/pppd/ usr/lib/ +debian/tmp-udeb/usr/sbin/ usr/ diff --git a/debian/ppp-udeb.postinst b/debian/ppp-udeb.postinst new file mode 100644 index 0000000..11984a2 --- /dev/null +++ b/debian/ppp-udeb.postinst @@ -0,0 +1,346 @@ +#!/bin/sh +set -e + +. /usr/share/debconf/confmodule + +INTERFACES=$(grep : /proc/net/dev | cut -d':' -f1 | sort | sed -e 's/ *//' | grep -E '^(en|eth|nas|tap|nic-)') +db_get ppp/interface +PPPOE="$RET" +db_capb backup + +log() { + logger -t DEBUG:ppp-udeb $* +} + +fail() { + logger -t FAIL:ppp-udeb $* +} + +ppp_concentrator_on() { + db_subst ppp/detect_progress IFACE "${1}" || true + if [ -z "$(ip link show $1 up)" ]; then + log "$1 was not configured. ppp-udeb will bring it up" + PPPUP=yes + ip link set $1 up + else + log "$1 was already up" + PPPUP=no + fi + MAXWAIT=20; IW=5; TOTWAIT=$(($MAXWAIT + $MAXWAIT + $IW)) + R=0 + db_progress START 0 $TOTWAIT ppp/detect_progress + for P in "" "-U" ; do + rm -f /tmp/probe-finished /tmp/ppp-errors + ( R=$(/usr/sbin/pppoe-discovery -A $P -I $1 2>/tmp/ppp-errors | \ + grep AC | wc -l) + echo $R > /tmp/probe-finished ) & + WAIT=0 + TO=0 + + while [ ! -f /tmp/probe-finished ]; do + log "Timeout detected $TO" + sleep 1 + db_progress STEP 1 + WAIT=$(($WAIT + 1)) + if [ $WAIT -ge $MAXWAIT ]; then + touch /tmp/probe-finished + fi + TO=$(grep Timeout /tmp/ppp-errors 2>/dev/null | wc -l || true) + if [ $TO -eq 1 ]; then + touch /tmp/probe-finished + break + fi + log "pppoe probe output size: $(cat /tmp/probe-finished 2> /dev/null)" + done + R=$(cat /tmp/probe-finished 2>/dev/null || true) + if [ -n "$R" -a 1$R -ne 10 ]; then + break + fi + if [ -z "$P" ]; then + sleep $IW + db_progress STEP $IW + fi + done + + PROCESS=$(ps -A | grep pppoe-discovery | sed s:^[[:space:]]::g | \ + cut -f1 -d' ' || true) + if [ $TO -ne 1 -a "$PROCESS" ]; then + kill $PROCESS + fi + rm -f /tmp/probe-finished /tmp/ppp-errors + db_progress STOP + + if [ -n "$R" -a 1$R -ne 10 ]; then + return 0 + else + return 1 + fi +} + +reset_if_needed() { + # Bring down an earlier pppoe connection, if there is one + if [ -e $PIDF ] + then + PID=$(cat $PIDF) + log "found PID file $PIDF which refers to process $PID; searching for the pppd process" + if [ -z "$(ps | grep "^\s*$PID" | sed "s/^\s*$PID\s.*$/$PID/")" ] + then + log "$PID not found; removing pid file" + else + log "$PID found; killing it and removing pid file" + kill $PID || true + fi + rm -f $PIDF + fi + + # Bring down previously raised interface + if [ "$PPPOE" != "_" ]; then + ip link set "$PPPOE" down + db_set ppp/interface "_" + fi +} + +valid_hostname() { + if [ $(echo -n "$1" | wc -c) -lt 2 ] || + [ $(echo -n "$1" | wc -c) -gt 63 ] || + [ "$(echo -n "$1" | sed 's/[^-\.[:alnum:]]//g')" != "$1" ] || + [ "$(echo -n "$1" | grep "\(^-\|-$\)")" ]; then + return 1 + fi + return 0 +} + +# Sanity check: we rely on some netcfg functionality but cannot depend on it; +# netcfg should always be present, but bail out if it is not +if [ ! -e /bin/netcfg ]; then + fail "required package netcfg is not installed" + exit 1 +fi + +# Bring up the loopback interface +if [ -z "$(ip link show lo up)" ]; then + ip link set lo up + ip addr flush dev lo + ip addr add 127.0.0.1/8 dev lo +fi + +if [ -z "$INTERFACES" ]; then + fail "no Ethernet interfaces detected" + db_input critical ppp/detect_failed || true + db_go || true + exit 1 +fi + +PIDF=/var/run/ppp-udeb.pid +reset_if_needed + +# Test each of the interfaces for a concentrator; stop when one is found +for IFACE in $INTERFACES; do + if ppp_concentrator_on $IFACE; then + log "setting pppoe connection on $IFACE" + db_set ppp/interface $IFACE + break + else + if [ "$PPPUP" = yes ]; then + log "no concentrator found on $IFACE; will bring the interface back down" + ip link set $IFACE down + else + log "ppp-udeb no concentrator found on $IFACE" + fi + IFACE='' + fi +done + +if [ -z "$IFACE" ]; then + fail "no concentrators detected" + db_input critical ppp/no_concentrators || true + db_go || true + exit 1 +fi + +db_input high ppp/username || true +db_go || exit 10 +db_get ppp/username +USERNAME="$RET" + +db_input high ppp/password || true +db_go || exit 10 +db_get ppp/password +PASSWORD="$RET" + +# Clear answers in case the script is run a second time +db_unregister ppp/password +db_unregister ppp/username + + +# Ask for the hostname and domainname to use for the system +# (using the netcfg templates!) +while true; do + db_input high netcfg/get_hostname || [ $? -eq 30 ] + db_input high netcfg/get_domain || [ $? -eq 30 ] + db_go || exit 10 + db_get netcfg/get_hostname + HOSTNAME="$RET" + if valid_hostname "$HOSTNAME"; then + db_get netcfg/get_domain + DOMAINNAME="$RET" + break + else + db_input high netcfg/invalid_hostname || true + db_fset netcfg/get_hostname seen false + fi +done + + +# FIXME: lo snippet should not be ppp-udeb's job +cat > /etc/network/interfaces < /etc/hosts + +if [ "$HOSTNAME" ]; then + echo "$HOSTNAME" >/etc/hostname + + if [ "$DOMAINNAME" ]; then + echo -e "127.0.1.1\t$HOSTNAME.$DOMAINNAME\t$HOSTNAME" >> /etc/hosts + else + echo -e "127.0.1.1\t$HOSTNAME" >> /etc/hosts + fi +fi + +cat >> /etc/hosts < /etc/ppp/peers/provider +# kernel space PPPoE driver configuration +# +# See the manual page pppd(8) for information on all the options. + +# MUST CHANGE: Uncomment the following line, replacing the user@provider.net +# by the DSL user name given to your by your DSL provider. +# There should be a matching entry with the password in /etc/ppp/pap-secrets +# and/or /etc/ppp/chap-secrets. +#user "myusername@myprovider.net" +user "$USERNAME" + +#linkname provider +#debug + +# Load the pppoe plugin. Change the ethernet interface name if needed. +plugin rp-pppoe.so +$IFACE + +# Assumes that your IP address is allocated dynamically by the ISP. +noipdefault +# Try to get the name server addresses from the ISP. +usepeerdns +# Use this connection as the default route. +# Comment out if you already have the correct default route installed. +defaultroute + +# Make sure that sensitive data does not get into the logs +hide-password + +# Peer should be alive +lcp-echo-interval 20 +lcp-echo-failure 3 + +# Makes pppd "dial again" when the connection is lost. +persist + +# Do not ask the remote to authenticate. +noauth + +# RFC 2516, paragraph 7 mandates that the following options MUST NOT be +# requested and MUST be rejected if requested by the peer: +# Address-and-Control-Field-Compression (ACFC) +noaccomp +# Asynchronous-Control-Character-Map (ACCM) +default-asyncmap + +# Do not try to negotiate other kinds of compression. +nopcomp +noccp +novj +EOF + +: > /etc/ppp/pap-secrets +chmod 600 /etc/ppp/pap-secrets +cat < /etc/ppp/pap-secrets +#GENERATED-BY-DEBIAN-INSTALLER# +"$USERNAME" * "$PASSWORD" +EOF +cp /etc/ppp/pap-secrets /etc/ppp/chap-secrets + +log-output -t depmod +log-output -t ppp-udeb modprobe pppoe + +log-output -t ppp-udeb pppd call provider +sleep 1 # allow forking +PID=`ps | grep 'call provider' | grep pppd | sed 's:\s*\([0-9]*\).*$:\1:g'` +echo $PID > $PIDF + +STEP=0 +db_progress START 0 31 ppp/please_wait +log "Waiting for message from pppd[$PID]" +while [ "$STEP" -lt 30 ] +do + ANSWER=$(grep -E "pppd\[$PID\]:.(PAP|CHAP)\ authentication\ (failed|succeeded)" /var/log/syslog | tail -n 1 | sed -e 's:^.*\(failed\).*$:\1:g' -e 's:^.*\(succeeded\).*$:\1:g') + if [ "$ANSWER" = "succeeded" ] || [ "$ANSWER" = "failed" ] + then + STEP=30 + log "got result: authentication $ANSWER" + else + log "Answer unknown" + fi + sleep 1 + STEP=$(expr $STEP + 1) + db_progress STEP 1 +done +db_progress STOP + +if [ "$ANSWER" = "failed" ]; then + fail "authentication failed" + (rm -f $PIDF && kill $PID) || true 2> /dev/null + db_input critical ppp/wrong_login || true + db_go || true + exit 1 +elif [ -z "$ANSWER" ] && [ "$STEP" -ge 30 ]; then + fail "unhandled error detected" + (rm -f $PIDF && kill $PID) || true 2>/dev/null + db_input critical ppp/unhandled || true + db_go || true + exit 1 +else + # Handle a fallback DNS + if ! [ -s /etc/resolv.conf ] && db_get netcfg/get_nameservers; then + for nameserver in $RET; do + echo "nameserver $nameserver" >>/etc/resolv.conf + done + fi +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/ppp-udeb.templates b/debian/ppp-udeb.templates new file mode 100644 index 0000000..ceb1c68 --- /dev/null +++ b/debian/ppp-udeb.templates @@ -0,0 +1,81 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: debian-installer/ppp-udeb/title +Type: text +# Main menu item +_Description: Configure and start a PPPoE connection + +Template: ppp/no_concentrators +Type: error +_Description: No PPPoE concentrator + All network interfaces have been probed, but a PPPoE concentrator was + not detected. + . + The configuration of PPPoE has been aborted. It can be attempted again by + selecting the relevant menu entry. + +Template: ppp/interface +Type: string +Default: _ +_Description: Interface name: + Please enter the name of the network interface connected to the PPPoE + modem. + +Template: ppp/username +Type: string +_Description: ISP account username: + Please enter the username for the PPP connection. + . + This information should have been provided by your Internet Service + Provider. + +Template: ppp/password +Type: password +_Description: ISP account password: + Please enter the password for the PPP connection. + . + This information should have been provided by your Internet Service + Provider. + +Template: ppp/detect_failed +Type: error +_Description: No Ethernet interface + PPPoE networking cannot be configured because no Ethernet interface was + detected. + . + The configuration of PPPoE has been aborted. It can be attempted again by + selecting the relevant menu entry. + +Template: ppp/detect_progress +Type: text +_Description: Searching for concentrators on ${IFACE}... + +Template: ppp/wrong_login +Type: error +_Description: Failed authentication + A PPPoE connection was attempted, but the provided login information was + probably incorrect. + . + Please check the username and password you provided. + . + The configuration of PPPoE has been aborted. It can be attempted again by + selecting the relevant menu entry. + +Template: ppp/unhandled +Type: error +_Description: Unhandled error + An unidentified error happened while attempting to create a connection. + . + The configuration of PPPoE has been aborted. It can be attempted again by + selecting the relevant menu entry. + +Template: ppp/please_wait +Type: text +_Description: Please wait... diff --git a/debian/ppp-udeb.todo b/debian/ppp-udeb.todo new file mode 100644 index 0000000..2ee4d7e --- /dev/null +++ b/debian/ppp-udeb.todo @@ -0,0 +1,5 @@ +- how to blend well with netcfg? + - the new patch proposes assigning menu order 17 to ppp-udeb, so + is ran before netcfg + +# vim:tw=72:sw=4:ts=4:nowrap diff --git a/debian/ppp.dirs b/debian/ppp.dirs new file mode 100644 index 0000000..b496eb8 --- /dev/null +++ b/debian/ppp.dirs @@ -0,0 +1,8 @@ +etc/chatscripts/ +etc/ppp/ip-down.d/ +etc/ppp/ip-up.d/ +etc/ppp/ipv6-down.d/ +etc/ppp/ipv6-up.d/ +etc/ppp/peers/ +usr/bin/ +usr/share/ppp/ diff --git a/debian/ppp.docs b/debian/ppp.docs new file mode 100644 index 0000000..641cb2e --- /dev/null +++ b/debian/ppp.docs @@ -0,0 +1,14 @@ +FAQ +PLUGINS +README +README.MPPE +README.MSCHAP80 +README.MSCHAP81 +README.cbcp +README.pppoe +README.pppol2tp +README.pwfd +SETUP +debian/extra/README.STATIC-IP +debian/extra/README.win9x +debian/extra/defaultroute diff --git a/debian/ppp.examples b/debian/ppp.examples new file mode 100644 index 0000000..7d30435 --- /dev/null +++ b/debian/ppp.examples @@ -0,0 +1,9 @@ +debian/extra/autopppd +debian/extra/filters +debian/extra/interfaces +debian/extra/options.ttyXX +debian/extra/peers-* +debian/extra/per-linkname +debian/extra/popp +debian/extra/userscripts-* +scripts/ diff --git a/debian/ppp.install b/debian/ppp.install new file mode 100644 index 0000000..63668e9 --- /dev/null +++ b/debian/ppp.install @@ -0,0 +1,20 @@ +debian/extra/bash_completion/poff usr/share/bash-completion/completions/ +debian/extra/bash_completion/pon usr/share/bash-completion/completions/ +debian/extra/chap-secrets usr/share/ppp/ +debian/extra/chatscripts/ etc/ +debian/extra/ip-down etc/ppp/ +debian/extra/ip-down.d/ etc/ppp/ +debian/extra/ip-up etc/ppp/ +debian/extra/ip-up.d/ etc/ppp/ +debian/extra/ipv6-down etc/ppp/ +debian/extra/ipv6-up etc/ppp/ +debian/extra/options etc/ppp/ +debian/extra/pap-secrets usr/share/ppp/ +debian/extra/plog usr/bin/ +debian/extra/poff usr/bin/ +debian/extra/pon usr/bin/ +debian/extra/provider.chatscript usr/share/ppp/ +debian/extra/provider.peer usr/share/ppp/ +debian/tmp-ppp/usr/lib/pppd/* usr/lib/pppd/ +debian/tmp-ppp/usr/sbin/* usr/sbin/ +debian/tmp-ppp/usr/share/man/* usr/share/man/ diff --git a/debian/ppp.links b/debian/ppp.links new file mode 100644 index 0000000..28ef6df --- /dev/null +++ b/debian/ppp.links @@ -0,0 +1,2 @@ +usr/share/man/man1/pon.1 usr/share/man/man1/plog.1 +usr/share/man/man1/pon.1 usr/share/man/man1/poff.1 diff --git a/debian/ppp.lintian-overrides b/debian/ppp.lintian-overrides new file mode 100644 index 0000000..e012141 --- /dev/null +++ b/debian/ppp.lintian-overrides @@ -0,0 +1,17 @@ + +# false positive; radrealms.c verified to build with -D_FORTIFY_SOURCE=2 +ppp binary: hardening-no-fortify-functions usr/lib/pppd/2.4.7/radrealms.so + +# pppd-dns is a one-shot init script; status doesn't make sense +ppp binary: init.d-script-does-not-implement-optional-option etc/init.d/pppd-dns status + +# makes new files owned by group dip so that world read can be safely removed +ppp binary: non-standard-dir-perm etc/chatscripts/ 2750 != 0755 +ppp binary: non-standard-dir-perm etc/ppp/peers/ 2750 != 0755 + +# Documentation on connecting win9x clients to a Linux PPP server +ppp binary: package-contains-readme-for-other-platform-or-distro usr/share/doc/ppp/README.win9x + +# setuid root required to allow non-root (members of dip) to run ppp +ppp binary: setuid-binary usr/sbin/pppd 4754 root/dip + diff --git a/debian/ppp.logrotate b/debian/ppp.logrotate new file mode 100644 index 0000000..3505463 --- /dev/null +++ b/debian/ppp.logrotate @@ -0,0 +1,9 @@ +/var/log/ppp-connect-errors { + weekly + rotate 4 + missingok + notifempty + compress + nocreate +} + diff --git a/debian/ppp.maintscript b/debian/ppp.maintscript new file mode 100644 index 0000000..507fa1e --- /dev/null +++ b/debian/ppp.maintscript @@ -0,0 +1,2 @@ +# Has been moved to /usr/share/bash-completion/completions/pon +rm_conffile /etc/bash_completion.d/pon 2.4.7-1+2~ diff --git a/debian/ppp.manpages b/debian/ppp.manpages new file mode 100644 index 0000000..57cf540 --- /dev/null +++ b/debian/ppp.manpages @@ -0,0 +1,2 @@ +debian/extra/pon.1 +debian/extra/pppoe-discovery.8 diff --git a/debian/ppp.pam b/debian/ppp.pam new file mode 100644 index 0000000..b3e3a68 --- /dev/null +++ b/debian/ppp.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +# Information for the PPPD process with the 'login' option. +auth required pam_nologin.so +@include common-auth +@include common-account +@include common-session diff --git a/debian/ppp.postinst b/debian/ppp.postinst new file mode 100644 index 0000000..357364a --- /dev/null +++ b/debian/ppp.postinst @@ -0,0 +1,59 @@ +#!/bin/sh +set -e + +everything() { + +# install /etc/ppp/pap-secrets and /etc/ppp/chap-secrets from templates, +# if necessary +for file in pap-secrets chap-secrets; do + if [ -f /etc/ppp/$file ]; then + TAG=$(head --lines=1 /etc/ppp/$file) + if [ "$TAG" = "#GENERATED-BY-DEBIAN-INSTALLER#" ]; then + (sed -e "s/-HOSTNAME-/$HOST/g" /usr/share/ppp/$file; \ + cat /etc/ppp/$file) > /etc/ppp/$file.tmp + mv /etc/ppp/$file.tmp /etc/ppp/$file + fi + else + sed -e "s/-HOSTNAME-/$HOST/g" < /usr/share/ppp/$file > /etc/ppp/$file + fi + chmod 600 /etc/ppp/$file +done + +# install template provider files +if [ ! -f /etc/ppp/peers/provider ]; then + install -g dip -m 640 /usr/share/ppp/provider.peer \ + /etc/ppp/peers/provider +fi +if [ ! -f /etc/chatscripts/provider ]; then + install -g dip -m 640 /usr/share/ppp/provider.chatscript \ + /etc/chatscripts/provider +fi + +# fix the log files permissions +LOG_FILES="/var/log/ppp.log /var/log/ppp-connect-errors" +for file in $LOG_FILES; do + [ -e $file ] || continue + chown root:adm $file + chmod 640 $file +done + +} + +case "$1" in + configure) + everything + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + diff --git a/debian/ppp.postrm b/debian/ppp.postrm new file mode 100644 index 0000000..0f79e51 --- /dev/null +++ b/debian/ppp.postrm @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +delete_etc_files() { + rm -f /etc/ppp/pap-secrets /etc/ppp/chap-secrets /etc/ppp/resolv.conf \ + /etc/ppp/peers/provider /etc/chatscripts/provider + rmdir --ignore-fail-on-non-empty /etc/ppp/peers/ /etc/ppp/ \ + /etc/ppp/ip-up.d/ /etc/ppp/ip-down.d/ \ + /etc/chatscripts/ +} + +delete_var_files() { + rm -f /var/log/ppp.log /var/log/ppp-connect-errors \ + /var/log/ppp-ipupdown.log +} + +case "$1" in + remove) + ;; + + purge) + delete_etc_files + delete_var_files + ;; + + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + diff --git a/debian/ppp.pppd-dns.init b/debian/ppp.pppd-dns.init new file mode 100644 index 0000000..38baef0 --- /dev/null +++ b/debian/ppp.pppd-dns.init @@ -0,0 +1,23 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: pppd-dns +# Required-Start: $local_fs +# Required-Stop: +# Default-Start: S +# Default-Stop: +# Short-Description: Restore resolv.conf if the system crashed. +# Description: Restore /etc/resolv.conf if the system crashed before the +# ppp link was shut down. +### END INIT INFO + +. /lib/lsb/init-functions + +case "$1" in + start) ;; + stop|restart|force-reload) exit 0 ;; + *) echo "Usage: $0 {start|stop|restart|force-reload}" >&2; exit 1 ;; +esac + +[ -x /etc/ppp/ip-down.d/0000usepeerdns ] \ + && exec /etc/ppp/ip-down.d/0000usepeerdns + diff --git a/debian/ppp.pppd-dns.service b/debian/ppp.pppd-dns.service new file mode 100644 index 0000000..00509cf --- /dev/null +++ b/debian/ppp.pppd-dns.service @@ -0,0 +1,10 @@ +[Unit] +Description=Restore /etc/resolv.conf if the system crashed before the ppp link was shut down + +[Service] +Type=oneshot +ExecStart=/etc/ppp/ip-down.d/0000usepeerdns + +[Install] +WantedBy=multi-user.target + diff --git a/debian/ppp.preinst b/debian/ppp.preinst new file mode 100644 index 0000000..616561f --- /dev/null +++ b/debian/ppp.preinst @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +case "$1" in + install|upgrade) + if dpkg --compare-versions "$2" le "2.4.5-4"; then + + if dpkg --compare-versions "$2" le "2.4.4b1-1"; then + rm -f /etc/init.d/ppp + update-rc.d ppp remove + fi + + rm -f /etc/apm/event.d/ppp + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/ppp.prerm b/debian/ppp.prerm new file mode 100644 index 0000000..90c9043 --- /dev/null +++ b/debian/ppp.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +# If we are removing ppp we have to stop all ppp's + +if [ "$1" = remove ]; then + echo -n "Stopping all PPP connections..." + start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/pppd || true + echo "done." +fi + +#DEBHELPER# diff --git a/debian/ppp.symbols b/debian/ppp.symbols new file mode 100644 index 0000000..45caff8 --- /dev/null +++ b/debian/ppp.symbols @@ -0,0 +1,514 @@ +pppd.so.2.4.7 ppp #MINVER# +# Ignore all symbols that start with an underscore in the Base module + (regex|optional)"^_.*@Base$" 2.4.7-1+2~ +# Ignore $global$ which seems to appear on hppa only + (optional)$global$@Base 2.4.7-1+2~ +# Ignore everything that claims it's part of glibc + (regex|optional)"@GLIBC_" 2.4.7-1+2~ +# All others should be pppd symbols + ChallengeHash@Base 2.4.7-1+2~ + ChapMS2@Base 2.4.7-1+2~ + ChapMS@Base 2.4.7-1+2~ + DesDecrypt@Base 2.4.7-1+2~ + DesEncrypt@Base 2.4.7-1+2~ + DesSetkey@Base 2.4.7-1+2~ + GenerateAuthenticatorResponse@Base 2.4.7-1+2~ + GetMask@Base 2.4.7-1+2~ + active_filter@Base 2.4.7-1+2~ + add_fd@Base 2.4.7-1+2~ + add_notifier@Base 2.4.7-1+2~ + add_options@Base 2.4.7-1+2~ + allow_any_ip@Base 2.4.7-1+2~ + allowed_address_hook@Base 2.4.7-1+2~ + asked_to_quit@Base 2.4.7-1+2~ + auth_check_options@Base 2.4.7-1+2~ + auth_done@Base 2.4.7-1+2~ + auth_ip_addr@Base 2.4.7-1+2~ + auth_number@Base 2.4.7-1+2~ + auth_options@Base 2.4.7-1+2~ + auth_peer_fail@Base 2.4.7-1+2~ + auth_peer_success@Base 2.4.7-1+2~ + auth_required@Base 2.4.7-1+2~ + auth_reset@Base 2.4.7-1+2~ + auth_up_notifier@Base 2.4.7-1+2~ + auth_withpeer_fail@Base 2.4.7-1+2~ + auth_withpeer_success@Base 2.4.7-1+2~ + bad_ip_adrs@Base 2.4.7-1+2~ + baud_rate@Base 2.4.7-1+2~ + blinks_id@Base 2.4.7-1+2~ + bundle_attach@Base 2.4.7-1+2~ + bundle_eof@Base 2.4.7-1+2~ + bundle_id@Base 2.4.7-1+2~ + bundle_name@Base 2.4.7-1+2~ + bundle_terminating@Base 2.4.7-1+2~ + cacert_file@Base 2.4.7-2+1~ + callback_script@Base 2.4.7-1+2~ + cbcp@Base 2.4.7-1+2~ + cbcp_codenames@Base 2.4.7-1+2~ + cbcp_optionnames@Base 2.4.7-1+2~ + cbcp_protent@Base 2.4.7-1+2~ + ccp_allowoptions@Base 2.4.7-1+2~ + ccp_fatal_error@Base 2.4.7-1+2~ + ccp_flags_set@Base 2.4.7-1+2~ + ccp_fsm@Base 2.4.7-1+2~ + ccp_gotoptions@Base 2.4.7-1+2~ + ccp_hisoptions@Base 2.4.7-1+2~ + ccp_protent@Base 2.4.7-1+2~ + ccp_test@Base 2.4.7-1+2~ + ccp_wantoptions@Base 2.4.7-1+2~ + cert_file@Base 2.4.7-2+1~ + cfg_bundle@Base 2.4.7-1+2~ + chap_auth_peer@Base 2.4.7-1+2~ + chap_auth_with_peer@Base 2.4.7-1+2~ + chap_check_hook@Base 2.4.7-1+2~ + chap_max_transmits@Base 2.4.7-1+2~ + chap_md5_init@Base 2.4.7-1+2~ + chap_mdtype_all@Base 2.4.7-1+2~ + chap_passwd_hook@Base 2.4.7-1+2~ + chap_protent@Base 2.4.7-1+2~ + chap_rechallenge_time@Base 2.4.7-1+2~ + chap_register_digest@Base 2.4.7-1+2~ + chap_timeout_time@Base 2.4.7-1+2~ + chap_verify_hook@Base 2.4.7-1+2~ + chapms_init@Base 2.4.7-1+2~ + chapms_strip_domain@Base 2.4.7-1+2~ + charshunt_pid@Base 2.4.7-1+2~ + check_options@Base 2.4.7-1+2~ + check_passwd@Base 2.4.7-1+2~ + child_wait@Base 2.4.7-1+2~ + childwait_done@Base 2.4.7-1+2~ + cif6addr@Base 2.4.7-1+2~ + cifaddr@Base 2.4.7-1+2~ + cifdefaultroute@Base 2.4.7-1+2~ + cifproxyarp@Base 2.4.7-1+2~ + cipxfaddr@Base 2.4.7-1+2~ + clean_check@Base 2.4.7-1+2~ + cleanup_tty@Base 2.4.7-1+2~ + complete_read@Base 2.4.7-1+2~ + connect_delay@Base 2.4.7-1+2~ + connect_script@Base 2.4.7-1+2~ + connect_tty@Base 2.4.7-1+2~ + continue_networks@Base 2.4.7-1+2~ + crl_dir@Base 2.4.7-2+1~ + crl_file@Base 2.4.7-2+1~ + crtscts@Base 2.4.7-1+2~ + cryptpap@Base 2.4.7-1+2~ + current_option@Base 2.4.7-1+2~ + data_start@Base 2.4.7-1+2~ + db_key@Base 2.4.7-1+2~ + dbglog@Base 2.4.7-1+2~ + debug@Base 2.4.7-1+2~ + default_device@Base 2.4.7-1+2~ + demand@Base 2.4.7-1+2~ + demand_block@Base 2.4.7-1+2~ + demand_conf@Base 2.4.7-1+2~ + demand_discard@Base 2.4.7-1+2~ + demand_rexmit@Base 2.4.7-1+2~ + demand_unblock@Base 2.4.7-1+2~ + destroy_bundle@Base 2.4.7-1+2~ + detach@Base 2.4.7-1+2~ + detached@Base 2.4.7-1+2~ + devfd@Base 2.4.7-1+2~ + device_script@Base 2.4.7-1+2~ + devnam@Base 2.4.7-1+2~ + devnam_fixed@Base 2.4.7-1+2~ + devstat@Base 2.4.7-1+2~ + die@Base 2.4.7-1+2~ + disable_defaultip@Base 2.4.7-1+2~ + disconnect_script@Base 2.4.7-1+2~ + disconnect_tty@Base 2.4.7-1+2~ + do_callback@Base 2.4.7-1+2~ + doing_callback@Base 2.4.7-1+2~ + doing_multilink@Base 2.4.7-1+2~ + domain@Base 2.4.7-1+2~ + dryrun@Base 2.4.7-1+2~ + dump_options@Base 2.4.7-1+2~ + dump_packet@Base 2.4.7-1+2~ + eap_authpeer@Base 2.4.7-1+2~ + eap_authwithpeer@Base 2.4.7-1+2~ + eap_protent@Base 2.4.7-1+2~ + eap_states@Base 2.4.7-1+2~ + eaptls_free_session@Base 2.4.7-2+1~ + eaptls_gen_mppe_keys@Base 2.4.7-2+1~ + eaptls_get_mtu@Base 2.4.7-2+1~ + eaptls_init_ssl@Base 2.4.7-2+1~ + eaptls_init_ssl_client@Base 2.4.7-2+1~ + eaptls_init_ssl_server@Base 2.4.7-2+1~ + eaptls_passwd_hook@Base 2.4.7-2+1~ + eaptls_receive@Base 2.4.7-2+1~ + eaptls_retransmit@Base 2.4.7-2+1~ + eaptls_send@Base 2.4.7-2+1~ + eaptls_ssl_load_config@Base 2.4.7-2+1~ + eaptls_ssl_load_engine@Base 2.4.7-2+1~ + ecp_allowoptions@Base 2.4.7-1+2~ + ecp_fsm@Base 2.4.7-1+2~ + ecp_gotoptions@Base 2.4.7-1+2~ + ecp_hisoptions@Base 2.4.7-1+2~ + ecp_protent@Base 2.4.7-1+2~ + ecp_wantoptions@Base 2.4.7-1+2~ + end_pr_log@Base 2.4.7-1+2~ + endpoint_specified@Base 2.4.7-1+2~ + epdisc_to_str@Base 2.4.7-1+2~ + error@Base 2.4.7-1+2~ + error_count@Base 2.4.7-1+2~ + escape_flag@Base 2.4.7-1+2~ + ether_to_eui64@Base 2.4.7-1+2~ + eui64_ntoa@Base 2.4.7-1+2~ + exitnotify@Base 2.4.7-1+2~ + explicit_passwd@Base 2.4.7-1+2~ + explicit_remote@Base 2.4.7-1+2~ + explicit_user@Base 2.4.7-1+2~ + fatal@Base 2.4.7-1+2~ + fcs@Base 2.4.7-1+2~ + fd_devnull@Base 2.4.7-1+2~ + fd_ppp@Base 2.4.7-1+2~ + flush_flag@Base 2.4.7-1+2~ + fork_notifier@Base 2.4.7-1+2~ + frame@Base 2.4.7-1+2~ + framelen@Base 2.4.7-1+2~ + framemax@Base 2.4.7-1+2~ + fsm_close@Base 2.4.7-1+2~ + fsm_init@Base 2.4.7-1+2~ + fsm_input@Base 2.4.7-1+2~ + fsm_lowerdown@Base 2.4.7-1+2~ + fsm_lowerup@Base 2.4.7-1+2~ + fsm_open@Base 2.4.7-1+2~ + fsm_protreject@Base 2.4.7-1+2~ + fsm_sdata@Base 2.4.7-1+2~ + general_options@Base 2.4.7-1+2~ + generic_disestablish_ppp@Base 2.4.7-1+2~ + generic_establish_ppp@Base 2.4.7-1+2~ + get_X509_from_file@Base 2.4.7-2+1~ + get_eaptls_secret@Base 2.4.7-2+1~ + get_first_ethernet@Base 2.4.7-1+2~ + get_host_seed@Base 2.4.7-1+2~ + get_idle_time@Base 2.4.7-1+2~ + get_if_hwaddr@Base 2.4.7-1+2~ + get_loop_output@Base 2.4.7-1+2~ + get_ppp_stats@Base 2.4.7-1+2~ + get_pty@Base 2.4.7-1+2~ + get_secret@Base 2.4.7-1+2~ + get_srp_secret@Base 2.4.7-1+2~ + getword@Base 2.4.7-1+2~ + got_sighup@Base 2.4.7-1+2~ + got_sigterm@Base 2.4.7-1+2~ + got_sigusr2@Base 2.4.7-1+2~ + groups@Base 2.4.7-1+2~ + have_route_to@Base 2.4.7-1+2~ + holdoff@Base 2.4.7-1+2~ + holdoff_hook@Base 2.4.7-1+2~ + holdoff_specified@Base 2.4.7-1+2~ + hostname@Base 2.4.7-1+2~ + hungup@Base 2.4.7-1+2~ + idle_time_hook@Base 2.4.7-1+2~ + idle_time_limit@Base 2.4.7-1+2~ + ifname@Base 2.4.7-1+2~ + ifunit@Base 2.4.7-1+2~ + info@Base 2.4.7-1+2~ + init_pr_log@Base 2.4.7-1+2~ + initializer@Base 2.4.7-1+2~ + inpacket_buf@Base 2.4.7-1+2~ + inspeed@Base 2.4.7-1+2~ + int_option@Base 2.4.7-1+2~ + ip_choose_hook@Base 2.4.7-1+2~ + ip_down_hook@Base 2.4.7-1+2~ + ip_down_notifier@Base 2.4.7-1+2~ + ip_ntoa@Base 2.4.7-1+2~ + ip_up_hook@Base 2.4.7-1+2~ + ip_up_notifier@Base 2.4.7-1+2~ + ipcp_allowoptions@Base 2.4.7-1+2~ + ipcp_fsm@Base 2.4.7-1+2~ + ipcp_gotoptions@Base 2.4.7-1+2~ + ipcp_hisoptions@Base 2.4.7-1+2~ + ipcp_protent@Base 2.4.7-1+2~ + ipcp_wantoptions@Base 2.4.7-1+2~ + ipparam@Base 2.4.7-1+2~ + ipv6_down_hook@Base 2.4.7-1+2~ + ipv6_down_notifier@Base 2.4.7-1+2~ + ipv6_up_hook@Base 2.4.7-1+2~ + ipv6_up_notifier@Base 2.4.7-1+2~ + ipv6cp_allowoptions@Base 2.4.7-1+2~ + ipv6cp_fsm@Base 2.4.7-1+2~ + ipv6cp_gotoptions@Base 2.4.7-1+2~ + ipv6cp_hisoptions@Base 2.4.7-1+2~ + ipv6cp_protent@Base 2.4.7-1+2~ + ipv6cp_wantoptions@Base 2.4.7-1+2~ + ipxcp_allowoptions@Base 2.4.7-1+2~ + ipxcp_fsm@Base 2.4.7-1+2~ + ipxcp_gotoptions@Base 2.4.7-1+2~ + ipxcp_hisoptions@Base 2.4.7-1+2~ + ipxcp_protent@Base 2.4.7-1+2~ + ipxcp_wantoptions@Base 2.4.7-1+2~ + kdebugflag@Base 2.4.7-1+2~ + kill_link@Base 2.4.7-1+2~ + lax_recv@Base 2.4.7-1+2~ + lcp_allowoptions@Base 2.4.7-1+2~ + lcp_close@Base 2.4.7-1+2~ + lcp_echo_adaptive@Base 2.4.7-1+2~ + lcp_echo_fails@Base 2.4.7-1+2~ + lcp_echo_interval@Base 2.4.7-1+2~ + lcp_fsm@Base 2.4.7-1+2~ + lcp_gotoptions@Base 2.4.7-1+2~ + lcp_hisoptions@Base 2.4.7-1+2~ + lcp_loopbackfail@Base 2.4.7-1+2~ + lcp_lowerdown@Base 2.4.7-1+2~ + lcp_lowerup@Base 2.4.7-1+2~ + lcp_open@Base 2.4.7-1+2~ + lcp_protent@Base 2.4.7-1+2~ + lcp_sprotrej@Base 2.4.7-1+2~ + lcp_wantoptions@Base 2.4.7-1+2~ + link_connect_time@Base 2.4.7-1+2~ + link_down@Base 2.4.7-1+2~ + link_down_notifier@Base 2.4.7-1+2~ + link_established@Base 2.4.7-1+2~ + link_required@Base 2.4.7-1+2~ + link_stats@Base 2.4.7-1+2~ + link_stats_valid@Base 2.4.7-1+2~ + link_terminated@Base 2.4.7-1+2~ + linkname@Base 2.4.7-1+2~ + listen_time@Base 2.4.7-1+2~ + llv6_ntoa@Base 2.4.7-1+2~ + lock@Base 2.4.7-1+2~ + lock_db@Base 2.4.7-1+2~ + locked@Base 2.4.7-1+2~ + lockflag@Base 2.4.7-1+2~ + log_default@Base 2.4.7-1+2~ + log_ssl_errors@Base 2.4.7-2+1~ + log_to_fd@Base 2.4.7-1+2~ + loop_chars@Base 2.4.7-1+2~ + loop_frame@Base 2.4.7-1+2~ + magic@Base 2.4.7-1+2~ + magic_init@Base 2.4.7-1+2~ + main@Base 2.4.7-1+2~ + make_new_bundle@Base 2.4.7-1+2~ + master_detach@Base 2.4.7-1+2~ + max_data_rate@Base 2.4.7-1+2~ + maxconnect@Base 2.4.7-1+2~ + maxfail@Base 2.4.7-1+2~ + maxoctets@Base 2.4.7-1+2~ + maxoctets_dir@Base 2.4.7-1+2~ + maxoctets_timeout@Base 2.4.7-1+2~ + modem@Base 2.4.7-1+2~ + mp_bundle_terminated@Base 2.4.7-1+2~ + mp_check_options@Base 2.4.7-1+2~ + mp_exit_bundle@Base 2.4.7-1+2~ + mp_join_bundle@Base 2.4.7-1+2~ + mppe_keys_set@Base 2.4.7-1+2~ + mppe_recv_key@Base 2.4.7-1+2~ + mppe_send_key@Base 2.4.7-1+2~ + mppe_set_keys2@Base 2.4.7-1+2~ + mppe_set_keys@Base 2.4.7-1+2~ + multilink@Base 2.4.7-1+2~ + multilink_join_hook@Base 2.4.7-1+2~ + multilink_master@Base 2.4.7-1+2~ + need_holdoff@Base 2.4.7-1+2~ + need_peer_eap@Base 2.4.7-2+1~ + netif_get_mtu@Base 2.4.7-1+2~ + netif_set_mtu@Base 2.4.7-1+2~ + netmask@Base 2.4.7-1+2~ + new_phase@Base 2.4.7-1+2~ + new_phase_hook@Base 2.4.7-1+2~ + new_style_driver@Base 2.4.7-1+2~ + ngroups@Base 2.4.7-1+2~ + no_ifaceid_neg@Base 2.4.7-1+2~ + no_ppp_msg@Base 2.4.7-1+2~ + nodetach@Base 2.4.7-1+2~ + noendpoint@Base 2.4.7-1+2~ + noremoteip@Base 2.4.7-1+2~ + notice@Base 2.4.7-1+2~ + notify@Base 2.4.7-1+2~ + notty@Base 2.4.7-1+2~ + novm@Base 2.4.7-1+2~ + np_down@Base 2.4.7-1+2~ + np_finished@Base 2.4.7-1+2~ + np_up@Base 2.4.7-1+2~ + null_auth_hook@Base 2.4.7-1+2~ + open_ccp_flag@Base 2.4.7-1+2~ + open_ppp_loopback@Base 2.4.7-1+2~ + option_error@Base 2.4.7-1+2~ + option_priority@Base 2.4.7-1+2~ + option_source@Base 2.4.7-1+2~ + options_for_tty@Base 2.4.7-1+2~ + options_from_file@Base 2.4.7-1+2~ + options_from_list@Base 2.4.7-1+2~ + options_from_user@Base 2.4.7-1+2~ + our_name@Base 2.4.7-1+2~ + outpacket_buf@Base 2.4.7-1+2~ + output@Base 2.4.7-1+2~ + override_value@Base 2.4.7-1+2~ + pap_auth_hook@Base 2.4.7-1+2~ + pap_check_hook@Base 2.4.7-1+2~ + pap_logout_hook@Base 2.4.7-1+2~ + pap_passwd_hook@Base 2.4.7-1+2~ + pap_protent@Base 2.4.7-1+2~ + parse_args@Base 2.4.7-1+2~ + parse_dotted_ip@Base 2.4.7-1+2~ + pass_filter@Base 2.4.7-1+2~ + passwd@Base 2.4.7-1+2~ + password_callback@Base 2.4.7-2+1~ + path_ipdown@Base 2.4.7-1+2~ + path_ipup@Base 2.4.7-1+2~ + peer_authname@Base 2.4.7-1+2~ + peer_mru@Base 2.4.7-1+2~ + pend_q@Base 2.4.7-1+2~ + pend_qtail@Base 2.4.7-1+2~ + persist@Base 2.4.7-1+2~ + phase@Base 2.4.7-1+2~ + phasechange@Base 2.4.7-1+2~ + pidchange@Base 2.4.7-1+2~ + ppp_available@Base 2.4.7-1+2~ + ppp_dev_fd@Base 2.4.7-1+2~ + ppp_devnam@Base 2.4.7-1+2~ + ppp_recv_config@Base 2.4.7-1+2~ + ppp_send_config@Base 2.4.7-1+2~ + ppp_session_number@Base 2.4.7-1+2~ + pppdb@Base 2.4.7-1+2~ + pr_log@Base 2.4.7-1+2~ + print_link_stats@Base 2.4.7-1+2~ + print_options@Base 2.4.7-1+2~ + print_string@Base 2.4.7-1+2~ + privileged@Base 2.4.7-1+2~ + privileged_option@Base 2.4.7-1+2~ + privkey_file@Base 2.4.7-2+1~ + privopen@Base 2.4.7-1+2~ + progname@Base 2.4.7-1+2~ + protocol_list@Base 2.4.7-1+2~ + protocol_name@Base 2.4.7-1+2~ + protocols@Base 2.4.7-1+2~ + pty_socket@Base 2.4.7-1+2~ + ptycommand@Base 2.4.7-1+2~ + random_bytes@Base 2.4.7-1+2~ + read_packet@Base 2.4.7-1+2~ + record_child@Base 2.4.7-1+2~ + record_file@Base 2.4.7-1+2~ + refuse_chap@Base 2.4.7-1+2~ + refuse_eap@Base 2.4.7-1+2~ + refuse_mppe_stateful@Base 2.4.7-1+2~ + refuse_mschap@Base 2.4.7-1+2~ + refuse_mschap_v2@Base 2.4.7-1+2~ + refuse_pap@Base 2.4.7-1+2~ + relock@Base 2.4.7-1+2~ + remote_name@Base 2.4.7-1+2~ + remote_number@Base 2.4.7-1+2~ + remove_fd@Base 2.4.7-1+2~ + remove_notifier@Base 2.4.7-1+2~ + remove_pidfiles@Base 2.4.7-1+2~ + reopen_log@Base 2.4.7-1+2~ + req_ifname@Base 2.4.7-1+2~ + req_unit@Base 2.4.7-1+2~ + reset_link_stats@Base 2.4.7-1+2~ + restore_tty@Base 2.4.7-1+2~ + route_fd@Base 2.4.7-1+2~ + run_program@Base 2.4.7-1+2~ + s_env_nalloc@Base 2.4.7-1+2~ + safe_fork@Base 2.4.7-1+2~ + script_env@Base 2.4.7-1+2~ + script_setenv@Base 2.4.7-1+2~ + script_unsetenv@Base 2.4.7-1+2~ + session_end@Base 2.4.7-1+2~ + session_mgmt@Base 2.4.7-1+2~ + session_start@Base 2.4.7-1+2~ + set_filters@Base 2.4.7-1+2~ + set_ifunit@Base 2.4.7-1+2~ + set_mppe_enc_types@Base 2.4.7-1+2~ + set_up_tty@Base 2.4.7-1+2~ + setdtr@Base 2.4.7-1+2~ + setipaddr@Base 2.4.7-1+2~ + sif6addr@Base 2.4.7-1+2~ + sif6down@Base 2.4.7-1+2~ + sif6up@Base 2.4.7-1+2~ + sifaddr@Base 2.4.7-1+2~ + sifdefaultroute@Base 2.4.7-1+2~ + sifdown@Base 2.4.7-1+2~ + sifnpmode@Base 2.4.7-1+2~ + sifproxyarp@Base 2.4.7-1+2~ + sifup@Base 2.4.7-1+2~ + sifvjcomp@Base 2.4.7-1+2~ + sigreceived@Base 2.4.7-1+2~ + sipxfaddr@Base 2.4.7-1+2~ + slprintf@Base 2.4.7-1+2~ + snoop_recv_hook@Base 2.4.7-1+2~ + snoop_send_hook@Base 2.4.7-1+2~ + speeds@Base 2.4.7-1+2~ + ssl_cmp_certs@Base 2.4.7-2+1~ + ssl_msg_callback@Base 2.4.7-2+1~ + ssl_verify_callback@Base 2.4.7-2+1~ + start_link@Base 2.4.7-1+2~ + start_networks@Base 2.4.7-1+2~ + status@Base 2.4.7-1+2~ + stop_bits@Base 2.4.7-1+2~ + str_to_epdisc@Base 2.4.7-1+2~ + strlcat@Base 2.4.7-1+2~ + strlcpy@Base 2.4.7-1+2~ + sync_serial@Base 2.4.7-1+2~ + sys_check_options@Base 2.4.7-1+2~ + sys_cleanup@Base 2.4.7-1+2~ + sys_close@Base 2.4.7-1+2~ + sys_init@Base 2.4.7-1+2~ + tdb_append@Base 2.4.7-1+2~ + tdb_chainlock@Base 2.4.7-1+2~ + tdb_chainlock_read@Base 2.4.7-1+2~ + tdb_chainunlock@Base 2.4.7-1+2~ + tdb_chainunlock_read@Base 2.4.7-1+2~ + tdb_clear_spinlocks@Base 2.4.7-1+2~ + tdb_close@Base 2.4.7-1+2~ + tdb_create_rwlocks@Base 2.4.7-1+2~ + tdb_delete@Base 2.4.7-1+2~ + tdb_dump_all@Base 2.4.7-1+2~ + tdb_error@Base 2.4.7-1+2~ + tdb_errorstr@Base 2.4.7-1+2~ + tdb_exists@Base 2.4.7-1+2~ + tdb_fetch@Base 2.4.7-1+2~ + tdb_firstkey@Base 2.4.7-1+2~ + tdb_lockall@Base 2.4.7-1+2~ + tdb_logging_function@Base 2.4.7-1+2~ + tdb_nextkey@Base 2.4.7-1+2~ + tdb_null@Base 2.4.7-1+2~ + tdb_open@Base 2.4.7-1+2~ + tdb_open_ex@Base 2.4.7-1+2~ + tdb_printfreelist@Base 2.4.7-1+2~ + tdb_reopen@Base 2.4.7-1+2~ + tdb_reopen_all@Base 2.4.7-1+2~ + tdb_set_lock_alarm@Base 2.4.7-1+2~ + tdb_spinlock@Base 2.4.7-1+2~ + tdb_spinunlock@Base 2.4.7-1+2~ + tdb_store@Base 2.4.7-1+2~ + tdb_traverse@Base 2.4.7-1+2~ + tdb_unlockall@Base 2.4.7-1+2~ + the_channel@Base 2.4.7-1+2~ + timeout@Base 2.4.7-1+2~ + tty_channel@Base 2.4.7-1+2~ + tty_check_options@Base 2.4.7-1+2~ + tty_close_fds@Base 2.4.7-1+2~ + tty_disestablish_ppp@Base 2.4.7-1+2~ + tty_do_send_config@Base 2.4.7-1+2~ + tty_establish_ppp@Base 2.4.7-1+2~ + tty_init@Base 2.4.7-1+2~ + tty_mode@Base 2.4.7-1+2~ + tty_options@Base 2.4.7-1+2~ + tty_process_extra_options@Base 2.4.7-1+2~ + tty_recv_config@Base 2.4.7-1+2~ + tty_send_config@Base 2.4.7-1+2~ + tty_set_xaccm@Base 2.4.7-1+2~ + tune_kernel@Base 2.4.7-1+2~ + uid@Base 2.4.7-1+2~ + unlock@Base 2.4.7-1+2~ + unlock_db@Base 2.4.7-1+2~ + unsuccess@Base 2.4.7-1+2~ + untimeout@Base 2.4.7-1+2~ + upap@Base 2.4.7-1+2~ + upap_authpeer@Base 2.4.7-1+2~ + upap_authwithpeer@Base 2.4.7-1+2~ + update_link_stats@Base 2.4.7-1+2~ + updetach@Base 2.4.7-1+2~ + upper_layers_down@Base 2.4.7-1+2~ + usehostname@Base 2.4.7-1+2~ + uselogin@Base 2.4.7-1+2~ + user@Base 2.4.7-1+2~ + userenv_list@Base 2.4.7-1+2~ + using_pty@Base 2.4.7-1+2~ + vslprintf@Base 2.4.7-1+2~ + wait_input@Base 2.4.7-1+2~ + warn@Base 2.4.7-1+2~ + welcomer@Base 2.4.7-1+2~ + xmit_accm@Base 2.4.7-1+2~ diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..972fa87 --- /dev/null +++ b/debian/rules @@ -0,0 +1,154 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Activate full hardening build flags +export DEB_BUILD_MAINT_OPTIONS := hardening=+all + +PKD := $(abspath $(dir $(MAKEFILE_LIST))) + +include /usr/share/dpkg/default.mk + +DIR_PPP := $(CURDIR)/debian/ppp +DIR_PPP_DEV := $(CURDIR)/debian/ppp-dev + +TMP_PPP := $(CURDIR)/debian/tmp-ppp +TMP_UDEB := $(CURDIR)/debian/tmp-udeb + +PPP_PLUGIN_ABI := $(shell awk -F '"' '/VERSION/ { print $$2; }' \ + $(CURDIR)/pppd/patchlevel.h) +VERSION_DEBIAN := $(shell echo '$(DEB_VERSION)' | \ + perl -ne 'print $$1 if m{^(?:\d+:)?(?:\d.*)\-(\d+.*)$$};') +VERSION_ABI_PART := $(shell echo "$(VERSION_DEBIAN)" | \ + perl -ne 'print $$1 if m{^(^\d+)\+};') + +UDEB_MAKEOPTS := \ + CHAPMS= USE_CRYPT= NO_CRYPT_HACK=1 MPPE= FILTER= HAVE_MULTILINK= \ + USE_TDB= HAS_SHADOW= USE_PAM= HAVE_INET6= CBCP= USE_SRP= MAXOCTETS= \ + USE_BUILTIN_CRYPTO=1 USE_EAPTLS= +UDEB_PLUGIN_DIRS := pppoatm rp-pppoe + +############################################################################## +%: + dh $@ + +override_dh_testdir: + dh_testdir + if [ "$(PPP_PLUGIN_ABI)" != "$(DEB_VERSION_UPSTREAM)" ]; then \ + echo; echo "**********"; \ + echo "VERSION in pppd/patchlevel.h must match upstream version."; \ + echo "Upstream version is '$(DEB_VERSION_UPSTREAM)'"; \ + echo "VERSION is '$(PPP_PLUGIN_ABI)'"; \ + echo "Aborting the build."; \ + echo "**********"; echo; \ + exit 1; \ + fi + if [ -z "$(VERSION_ABI_PART)" ]; then \ + echo; echo "**********"; \ + echo "No ABI component found in the Debian revision field."; \ + echo "Please see debian/README.source for more information."; \ + echo "Aborting the build."; \ + echo "**********"; echo; \ + exit 1; \ + fi + +override_dh_auto_clean: + rm -rf pppd-udeb changelog-from-README $(TMP_PPP) $(TMP_UDEB) \ + debian/extra/dh_ppp.1p + [ ! -f Makefile ] || $(MAKE) dist-clean + +override_dh_auto_configure: + ./configure --prefix=/usr + if [ ! -d pppd-udeb/ ]; then \ + mkdir pppd-udeb/ && \ + cp -ldpR pppd/* pppd-udeb/; \ + fi + cd pppd-udeb/ && make clean + cd pppd-udeb/plugins/ && make clean + perl -i -pe 's/ -DIPX_CHANGE\b//' pppd-udeb/Makefile + +changelog-from-README: + { \ + sed -e "/^What's new in ppp-/,/^. New hooks have been added./!d" README ; \ + echo ; \ + echo ; \ + cat Changes-2.3 ; \ + } > changelog-from-README + +override_dh_auto_build-arch: changelog-from-README + dh_auto_build -- \ + COPTS="$(CFLAGS) $(CPPFLAGS)" LDOPTS="$(LDFLAGS)" + dh_auto_build -Dpppd-udeb/ -- \ + COPTS="$(CFLAGS) $(CPPFLAGS) -Os -fomit-frame-pointer" \ + LDOPTS="$(LDFLAGS)" \ + $(UDEB_MAKEOPTS) + dh_auto_build -Dpppd-udeb/plugins -- \ + COPTS="$(CFLAGS) $(CPPFLAGS) -Os -fomit-frame-pointer" \ + LDOPTS="$(LDFLAGS)" \ + SUBDIRS="$(UDEB_PLUGIN_DIRS)" PLUGINS= + +override_dh_auto_build-indep: changelog-from-README + pod2man --section=1p --utf8 debian/extra/dh_ppp \ + debian/extra/dh_ppp.1p + +override_dh_auto_install-arch: + dh_auto_install --destdir=$(TMP_PPP)/usr/ + dh_auto_install -Dpppd-udeb/ --destdir=$(TMP_UDEB)/usr/ -- \ + $(UDEB_MAKEOPTS) + + for DIR in $(UDEB_PLUGIN_DIRS); do \ + dh_auto_install -Dpppd-udeb/plugins/$$DIR \ + --destdir=$(TMP_UDEB)/usr/; \ + done + +override_dh_auto_install-indep: + $(MAKE) install-devel DESTDIR=$(DIR_PPP_DEV)/usr/ + mkdir -p $(DIR_PPP_DEV)/usr/share/ppp-dev + $(PKD)/gen_substvars_dev $(DEB_VERSION_UPSTREAM) $(VERSION_ABI_PART) \ + > $(DIR_PPP_DEV)/usr/share/ppp-dev/substvars + +override_dh_installchangelogs: + dh_installchangelogs changelog-from-README + +override_dh_installexamples-arch: + dh_installexamples + + # use our own version, not the upstream one + mv $(DIR_PPP)/usr/share/doc/ppp/examples/autopppd \ + $(DIR_PPP)/usr/share/doc/ppp/examples/scripts/ + +override_dh_installinit: + dh_installinit --name=pppd-dns --no-stop-on-upgrade --no-start + +override_dh_installsystemd: + dh_installsystemd --name=pppd-dns --no-stop-on-upgrade --no-start + +override_dh_perl: + dh_perl -d --package=ppp-dev + dh_perl --no-package=ppp-dev + +override_dh_fixperms-arch: + dh_fixperms + chown root:dip \ + $(DIR_PPP)/etc/chatscripts/ \ + $(DIR_PPP)/etc/ppp/ \ + $(DIR_PPP)/etc/ppp/peers/ \ + $(DIR_PPP)/usr/sbin/pppd + chmod 4754 $(DIR_PPP)/usr/sbin/pppd + chmod 2750 $(DIR_PPP)/etc/ppp/peers/ $(DIR_PPP)/etc/chatscripts/ + +# Force dpkg-gensymbols to inspect pppd (it doesn't end .so) so that the +# symbols file is generated. This needs the SONAME hack that gets applied in +# debian/patches/pppd-soname-hack.patch to work. The -c2 below makes sure that +# the build fails if there are any discrepancies in the symbols file in order +# to catch ABI changes. +override_dh_makeshlibs: + dh_makeshlibs --package=ppp -- -c2 -edebian/ppp/usr/sbin/pppd -V + dh_makeshlibs --no-package=ppp + +## http://wiki.debian.org/onlyjob/get-orig-source +get-orig-source: $(info I: $(DEB_SOURCE)_$(DEB_VERSION_UPSTREAM)) + @echo "# Downloading..." + uscan --noconf --verbose --rename --destdir=$(CURDIR) --check-dirname-level=0 --force-download --download-version $(DEB_VERSION_UPSTREAM) $(PKD) diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..0a24c8f --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,102 @@ +pub 4096R/9E4295D605F66CE9 2011-10-12 + Key fingerprint = 631E 179E 370C D727 A7F2 A33A 9E42 95D6 05F6 6CE9 +uid [ unknown] Paul Mackerras (Signing key) + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBE6U85gBEACYU+BDUOcO7uG3S2JilDFgHjr0i9bpoHjvEiFp63i6SDXPtWl4 +QtOVXM+f3uahAHyzfrJ0xe9Jx0hDDVNZqsk3jnEj5siAMAm80atoST5h4bk5TE9w +5fIOqUuKWh4i7bJOnUzmGoIF9N0xVCfcSaU4+kzRtnBnTPon+q+brDc79Tyk7PVj +P/2YTa5Vjzx1zqrHTOFBwXRk1RyVSATDAvqkA8vVw1odhmCP7EhKKT7nLBh8swz4 +DVk8ylVCkB+6UFlAXlq8c0cbFMB8Zjr9gYJaQ4nxJVQcSFizS67EalathxeHOjjg +QUK9kCWExOfkcf3zAfKxFUM6oq/iH+A1O0ieVYKxbGHYDZLmMAgkJweDhbyWzSoZ +WeWneuIIxaPvxH3wHDf5NLlsHaiTxoR08zq2PN5IHEmYgR6nvYxAd3ZXLEojWXZB +AbOIZxPUvbB+DHF+7WYMKPdBLWvY6W8w0t4EYOt5N0W+/+AL2ZTCYJjZCHvhZxhC +ki8grkIcShPf6BQLe3UJc/maJGu0Co1mhiCYx2a3AAkq8E1NZ0nzEP9+eoGohjvF +ht5P/omDpU/VrZOBrgCFBDHUymvBsKw9ofaLUIplH4gJRHB47pLLFob3LDzbXyb4 +GB3LrOuioqLaVgrjz6lymzxXVTzHlQkAYayN4jvve6jauFQF/QAZg1gotwARAQAB +tC9QYXVsIE1hY2tlcnJhcyAoU2lnbmluZyBrZXkpIDxwYXVsdXNAc2FtYmEub3Jn +PokCHAQQAQIABgUCTpT4/gAKCRDNW4dL6sGz9T6fD/4/lZuDrmBEX4pNkeLy3k8e +4yhURNxbAus1E7d56PJITEJx1LwpDysMJQaXf30XSlLr4X8XIkAGJNqdb1UAxpuq +QnH0oAwf0VtKFIwV/90g+622pVrrxTg81dXsR9j0Noc0djLpoKPcZiKiColIPtye +TAp+M6ugPEcDmjuFNLbDFWQ+g69U4wnRgICjcBTNA/CHqKgdkCPFjCkoay9K/szJ +vMYJ6D9PxJuikMfUTFBNZCJ1PQLXDyZZbx0FpCDBiqgH0oXrSQB7QlqddXMvVXNh +UVG3IY6JuFZQaUbfIGXO+XFtn1t1UkE2tsjhAO/fn01Aw7a4VvSDxOsn6lUnFgxA +o1WtVEPEP0ctyTWVgQlxkzlB4klfuCREsLBNynuS4dOgy3u+DqlqcNwSnABJFDDS +C9Cez3zxC1zAdcVfW7NNXrlallRFTX0iTd7iJhlNjbvYAoUWMXWedc9KhDQtXy6A +1KkvhdU0jSWJrCxzQAPsVUHIW7EFf3U3dNrZNNHEveVz8mGBthyYEBz115cDn5g0 +YJRXiWxQ1/dGFJMtnC1/ykIFiAR8ZL6zVVeQjuQTT1WKhyfxgitiCJR+qjxG3b/n +f1xSt26lswyqTGVCLj39L3TU4epuFXYRyZnMc8FZvX1zlA/83hBpxD2wkXdhJNt+ +jUyxS9SLRIgCtU8kdxb9JIkCHAQQAQIABgUCTpztgQAKCRDZIA5s0a248WecD/9h +89Tsu5CfKmhAL/mS33bWrreWg9w2ZvUQJ8yquPjVAgdrno7D/oOUhoC8wEoM7wwT +J4gv2HDNsNGeyB58ajiHyrAKEWFVpkr27DlTTw52F4MPZAn6IG0GXzETaZa00MOc +7YivWA7PbQGwhs7wiTvxzjEQxN6zZzA/eB8XWC452Qsn5pc7xPFlFaPq3yeIScgc +DQmO3YQiS/lfwCEoPoL9zgVhVfFu9coVVQylnGaJV4ibArNkU1nJ+RgMn/UmQtFW +yjAUBi9Ogq3l1KQ22RybDkQtQVxCXfh7xWGdhiJw5mqePSr3QlwYVpIO/7tovMGO +ELihPW00Pm5XC2Jav+FljoMZkNU4qdVZa8du85eSiV33yyF5RxWqbpdtKqMpvwlA +IUfYuW+p2VaeoNw34U9yhagWRSSy5jGiW0vo+nGc6PEjeg1u9GZUDt7BrcfALgVP +ZyQLWAe2qKJgtKL01GVBfhanHjYiUnCeA4qOeEG8vCQc+gmNhM89JCUV+f5D/5Fz +DxCGxCZKQRvhgSWeBGw0uzfBBGDmKDtlwJlzpuS+6Pec1/nuWBhaKb0RXO0BFnGy +pzPfGSq5sjekjbh/oUL5oZ163vvTfDsvC2l2CDHgidvio4fyfQIDOFwBayCZhrcf +cjf29qaRKAe8i6k2CUiFhbFz6c/BzCPg1YOaOS062YkCIAQQAQIACgUCTpT5PAMF +AXgACgkQkNE7g/JkgWUq5RAAr2P/Ff5IBrNkwP6Uc84JeOOZAhS/0gPg9HqENTpb +oHXODy8xH5yxG4lwyNidyuWVDd1b6fUZ5gE2x7qIPU7vmeVix9vma+2B0ndx2Al+ +qHJcO6xu0/iyF9RfgrcJh+pyGCeuyEcVGB0tPs7Y7GFeuV9b8/5yVyOqfmFARA1u +kH7M4ni+SX5k9f9mOV65x6lmJd8pp2x5oe1xnH92Ra/Xr4B2qkvhMyaI5I1lIvk1 +4xZQ9R1dSzJjhopFQbOEXBmb4yDYgdzyy1hIc/dtBwojJkfvB8+4mjr/fBEHAVFa +7hM4eDa21Ze0kMZ+0BPUa2P14bH/pLIYRYwd4dcMaPoevsTAHpWqoWT2SyxrFtr+ +TH/OpZKp21bRN6VDBojJUmx/KeJjCfo2Xvo97KEkWrUmcv9WxwXZVevI1HXIAPFn +c22kmATbQNEwzBXo+hHnnSUB97pJW+hDh44xjZTjLX5xz+sd4xbLkhAfcHRhhEcv +G4HOfSDYbZKnYAEN7eDijoO25OtIxSCczDC17r7fSJWolxLW1nWnlckPtxrYHnWW +0hCTX1wnOYzNcIRbdbcGL+e66ZT9eQDEGYoJku8xKqxJWvekfnVcUeB4Y2SwVdq4 +U/kHTjAggOYuM/aHxAM2LfNfWfrgDuZQcItRYFV0cMFMlI3rXBYnvPPUtU9c5qP+ +/JWJAiAEEAECAAoFAk6U+f4DBQE8AAoJEFcNXmq0LVJTgo8P/11kdGCmmnA87iCx +0k7CjdhwIH3ITwe4rVt8K9HvdrlzCQwWWpIFB+0dtGknUwHoXW9tHfZ3dZirzfEJ +1XImWE2tH/P/9Xcn2O3avjBj/+t7fMfEMENoRZap60Jp7D5WayYqhAwuPOi+otGP +7n/Acp5xN9OS17qvdfnbiO1fdZj10nQCPFdE7MP+0U9/qjXylgiEO9ri7ijh4cuF +01zCMRLc6fBv9cS+pU64C7AWoayg9fE7/C39JtN8aMntsNwVEvVvWqegOMV0gFJl +sqsdqGxUoYUyy3/rWIB+7ZR5l2L1Kblt+ItP+zOqt/uC6CJF8IlxW2Q+BlxlfSu3 +HPVZyBWJQPVGnDALqoUMognHfsV4lkJFPExTfWvC2Kfto/KbP6Og8WupcFSSI/G6 +CwRvwgTbcV18k+RGQ2Iny4tVX7pdg1+L6djuHVlcpH8qCibPGnYpTm93FkidB3Ub +87ZYO2jcSLcJnZCr5iNTT6tW+SchTupvd9gv9WXGvuNBZSn6zkKdRi9wzSZe6RkC +G1AjY3qmInthbvdLOP5G/FrFxkLcnNDwv3IxQFtUCT0/rM4xKYgTvr91LcnxK2Hc +tNxAdISN/OPSgTiubc44e8cHN3K+rl+zqSAqcFLwJdr9vEMSf+div0kDjPVsEWlU +LV3U6PrOVL1D/a48sLGKXfscq/P0iQIgBBMBCAAKBQJOlPrxAwUBPAAKCRBeRCCI +7WMuhylqD/oD+LLi5ix4Yp9sJT36falK3gxfeqOb4klZKrmZ6D5e7b+E/DUAPwyu +xEJBmJ3ZzwYd1Qe78PdLANQQd3+1Vz0P6SZ3rFrOAeDhNpmbtl89B6eo+787TQ8H +LplFndj83ziZbsr043tabMdUwrwzqYx7xqT+GNWS1xY95U+fSk++iGyeoK1thCn0 +Opv4s8FYQZw5p5jj6lz67pUv7IUpv3P6x31O0/jb+F0m/FONC+mtwzemepJctxxs +B/SL5ypQa+hq4YEq7w0XtJOWEv3DdOIu/rKn00i0kpF+drEHeCvEtAxw9EVdxpkm +flKwX9g8QowWdk3bdqZRa4jxlmF4CJIzAQmUsCfo++l3tzL8qYyaZe9/eaQcCAbS +tkTt7uB2qki9pM6AdP2W0/Yr7I7EFKsIANABwnEXxPxW+wYycXvCfhUdmeqcuuu3 +y/6LXBd2WMFcfqB/Yg8IloyJO1rZWc1+l08xw3eLfkSxZaF0XPDqHQRV9s0fY7mK +6U/4+dRVpnpt8Rqoo+Loi4DDAyaZjhSZO8fHC6rwPc96P33ZqLWixTOHMdua8APT +rFQar+cepBcaK8Qr+S9Q9BXdxeG/eUnRjqG69jG+Zdlx2ZA4zOaPIdkE9CgkIHxV +z+s0WMv1bLua06aUXe2Fc+a7XeD6TmSmdcMbxr7XCkHdORAzUecJGokCIAQTAQgA +CgUCTpUG3wMFATwACgkQWtJCEcBg0cikhRAAluVdH0GzGyEiYX7cRmqPb5wOfiht +bndw/I5PeYUAYzTsHaCdsZi5mrygN0zNS8WdDE4sl+4EGe9WiwgH/ZMIrItsq+fX +FakFzA5tFiLYu58dg7p2lqCZyX69PRt2u462tueHqdFb9boRW3GysiCpB2z+0yKM +Li+yRNr75u+zltDv0so+/zzUkcN1sM5gguThNs4L1LAsQS6Cf+lXz9pyGUeqnRUH +QrEQPsIlon3neidJ1rL2haKi9pi9pLzk35LFcmh7vFyaRhgBqs5lbPUY4kT3psm5 +eBzr5bytJ4Iwbflo78If2MbOT6NqRhztlTV0MUce5AoYpqygwhX5OO0AQ1xhh1mF +hfzFxMh/CdFsSU9lUnl/jE9CTGnOD/e2PggoBZ69HfG1XjlYQh42mvs51LAi+jIe +BD5llX5JliHtM1mnlcB1ZNcuTxflIHpD763eL7t8w3xhVlE1H+pSQQXL2Hm7CuY7 +l2RhkQjcHo9gdNTTj2J1DZ3MBzZEoeMiqCJUB0ks/FjYxbiO/dsD04u9c8w7IOLm +j7pjIevm3aiqc7PezI/c2XBCIAFgL6dl8/2FWrKVXbGJdmN9rJ0S2dCYWMz994fC +q0D2iUIOfoYZ1Db7TIMhOzMq2rTqC63wq82JjBW4ooaprJ7LO8TKpsV5Qud3A5zH +U2C9KtE6jWrxlkuJAjgEEwECACIFAk6U85gCGwMGCwkIBwMCBhUIAgkKCwQWAgMB +Ah4BAheAAAoJEJ5CldYF9mzpjzgP/RKJuRGzzD2I4+3owd6R5t0m8/xfdzWH7ynA +mv8Bo678F3oCxuxzjc7QMg9n7a/NS34kkxPvYj3GxJo3Lya1mjviHdy7k1U7zXuz +cs7v0qTNg1FQyLLqig6Va1zuRVIwFNyUcU8j7HGguwSSRaJLG8FxLjcgrWfIwsW/ +me58Z1Sa8YeKemeQ7nIrIkG4FbjHDNiwbWc/Ak3gDiMFIJjVbip0Sc78jxIgu8TD +fIpZGvwOVxw23CfDBLlkm9nCtxEwODlNof8WEuoStnh4o9ijkpVm8AW7aQAMu9/s +JLtb9ihLpbAtWGkWAiRNZcmfVpL4NBK1sWJpexw5bgO7MFg8bvieD8sX1qKHfvHh +ALOJG/FgmNSk1xIaKCKF+16OggruBcVB9UGtI3bahP8HvS9DTV7pfgH4T1Ew8pFg +F2BpTYBZw8yeJVrBpUSttSrumuERayvTtW75dwd8AB+e5FinGFYA3tYvwv6Byw2l +ikPnv4NoNO6KE/YMySMhW0/Ax3xWAD+WuaAiyp0drQH5ralsbkqBl9NiHAWNm5o2 +dahHoljr8/lkGzAMf9ZdHuNjTg71DhytkiJ8/hDy8q6EP7mkkk55Ud8jYMoZq9Ap +ZZZeYKhSMFbHLE08wy6EdzWG+SD0W8nvWi/AQzuqP/kxWlkO2GBgHUFAASKooqxF +lOsLutsZ +=ALo8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..454c345 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.asc/ \ +https://download.samba.org/pub/ppp/ppp-([0-9\.]+)\.tar\.gz