Fix build with gcc-2.95 (tested on sparc, simh-vax was too slow).
Remove some useless linux-specific code which tried to modify the routing table by running "/bin/ip". Because this code has no error checking and failed silently, no one noticed it. Noticed it now because it didn't compile with gcc-2.95. Don't install useless documentation. Install useful notes on protocol insecurity instead. Tweak the man page a little. Dunno if anyone is still using Bezeq ADSL modems that need the --quirks option, but move the information here just in case. Clean up MESSAGE; don't shout at everybody about security holes in a particular kind of modem that's almost 10 years old. ok naddy@
This commit is contained in:
parent
1bfb4a027a
commit
652a2e6714
@ -1,15 +1,16 @@
|
||||
# $OpenBSD: Makefile,v 1.19 2008/11/11 16:23:26 naddy Exp $
|
||||
# $OpenBSD: Makefile,v 1.20 2009/03/08 21:57:24 stsp Exp $
|
||||
# $NetBSD: Makefile,v 1.1.1.1 2000/04/10 01:14:01 jtk Exp $
|
||||
|
||||
COMMENT= PPTP client package for Microsoft VPN servers
|
||||
|
||||
DISTNAME= pptp-1.7.2
|
||||
PKGNAME= ${DISTNAME}p0
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=pptpclient/}
|
||||
|
||||
HOMEPAGE= http://pptpclient.sf.net
|
||||
|
||||
MAINTAINER= Stefan Sperling <stsp@stsp.name>
|
||||
MAINTAINER= Stefan Sperling <stsp@openbsd.org>
|
||||
|
||||
# GPL
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
@ -23,19 +24,14 @@ NO_REGRESS= Yes
|
||||
MAKE_ENV+= PPPD=/usr/sbin/ppp
|
||||
CFLAGS+= -DUSER_PPP
|
||||
|
||||
DIRS= Documentation
|
||||
|
||||
post-patch:
|
||||
@cd ${WRKSRC}; sed -e s,PREFIX,${PREFIX}, < \
|
||||
${FILESDIR}/pptp_8 > pptp.8
|
||||
@perl -pi -e "s,PREFIX,${PREFIX}," ${WRKSRC}/USING
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/pptp ${PREFIX}/sbin
|
||||
${INSTALL_MAN} ${WRKSRC}/pptp.8 ${PREFIX}/man/man8
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/pptp
|
||||
${INSTALL_DATA} ${WRKSRC}/USING ${PREFIX}/share/doc/pptp/
|
||||
@cd ${WRKSRC} && \
|
||||
tar cf - ${DIRS} | (cd ${PREFIX}/share/doc/pptp && tar -xf -)
|
||||
${INSTALL_DATA} ${WRKSRC}/PROTOCOL-SECURITY ${PREFIX}/share/doc/pptp/
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: pptp_8,v 1.6 2007/10/23 22:13:38 naddy Exp $
|
||||
.\" $OpenBSD: pptp_8,v 1.7 2009/03/08 21:57:24 stsp Exp $
|
||||
.\" Manual page for pptp-1.1.0
|
||||
.\" Information gleaned from USING file in the distribution
|
||||
.\" SH section heading
|
||||
@ -42,6 +42,8 @@ to negotiate the connection with MS-CHAP authentication.
|
||||
Because
|
||||
.Nm
|
||||
uses GRE, the net.inet.gre.allow sysctl needs to be enabled.
|
||||
.Nm
|
||||
will automatically try to enable this sysctl on startup.
|
||||
.Pp
|
||||
The
|
||||
.Ar hostname
|
||||
@ -67,12 +69,14 @@ to remote host as phone number.
|
||||
.It Fl -nolaunchpppd
|
||||
Do not launch a ppp daemon, for use as a ppp daemon pty.
|
||||
.It Fl -quirks Ar quirk
|
||||
Work around a buggy PPTP implementation.
|
||||
The only currently recognised value is
|
||||
.Ar BEZEQ_ISRAEL .
|
||||
See the file
|
||||
.Pa PREFIX/share/doc/pptp/USING
|
||||
for details.
|
||||
Some ADSL providers and some ADSL hardware are buggy or not conforming
|
||||
to the RFC, and require special handling. To this end,
|
||||
.Nm
|
||||
supports a 'quirks' mechanism.
|
||||
Currently, only '--quirks BEZEQ_ISRAEL' is defined, for connecting to
|
||||
Bezeq (the Israeli phone company) ADSL service.
|
||||
Only some of the equipment used by Bezeq needs this option, but even
|
||||
the equipment that does not need it works fine with it.
|
||||
.It Fl -debug
|
||||
Run in foreground (for debugging with gdb).
|
||||
.It Fl -sync
|
||||
@ -101,7 +105,9 @@ Bind to specified IP address instead of wildcard.
|
||||
Sets the debugging level (0=low, 1=default, 2=high).
|
||||
.Sh EXAMPLES
|
||||
.Ss PPTP on a stand-alone VPN client
|
||||
This example assumes that you want to use pptp to connect
|
||||
This example assumes that you want to use
|
||||
.Nm
|
||||
to connect
|
||||
to a VPN and use the VPN connection as your default route.
|
||||
Let us assume that the VPN server was called vpn-gateway.net.
|
||||
.Pp
|
||||
@ -148,7 +154,7 @@ host route to the VPN gateway. For example:
|
||||
.Bd -literal
|
||||
#!/bin/sh
|
||||
gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
|
||||
route add -host vpn-gateway.net ${gw}
|
||||
/sbin/route add -host vpn-gateway.net ${gw}
|
||||
.Ed
|
||||
.Pp
|
||||
Call the script from
|
||||
@ -237,7 +243,7 @@ For example:
|
||||
.Bd -literal
|
||||
#!/bin/sh
|
||||
gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
|
||||
route add -host vpn-gateway.net ${gw}
|
||||
/sbin/route add -host vpn-gateway.net ${gw}
|
||||
.Ed
|
||||
.Pp
|
||||
Call the script from
|
||||
@ -312,19 +318,20 @@ file in /var/run/tunX.pid, where X is the number of the tun device used.
|
||||
.Pa /var/run/pptp/<ip-address>
|
||||
is created as a socket. It is used for communicating with an existing
|
||||
PPTP call manager for a given remote server host.
|
||||
.Sh CAVEATS
|
||||
The PPTP protocol is insecure.
|
||||
.Sh SEE ALSO
|
||||
.Xr ppp 8 ,
|
||||
.Xr gre 4 ,
|
||||
.Xr pf 4 ,
|
||||
.Xr pf.conf 5 ,
|
||||
.Pa PREFIX/share/doc/pptp/USING .
|
||||
.Pa PREFIX/share/doc/pptp/PROTOCOL-SECURITY .
|
||||
.Sh HISTORY
|
||||
This man page appeared first in
|
||||
.Nx
|
||||
\'s pptp package.
|
||||
.Sh AUTHORS
|
||||
.An Stefan Sperling Aq stsp@stsp.name
|
||||
(detailed option description, EXAMPLES section),
|
||||
.An Stefan Sperling Aq stsp@openbsd.org
|
||||
.An C. Scott Ananian Aq cananian@alumni.princeton.edu ,
|
||||
.An John Kohl Aq jtk@NetBSD.org
|
||||
(patches and original man page).
|
||||
|
@ -1,6 +1,6 @@
|
||||
$OpenBSD: patch-Makefile,v 1.6 2008/11/11 16:23:26 naddy Exp $
|
||||
--- Makefile.orig Wed May 14 08:33:55 2008
|
||||
+++ Makefile Sat Sep 20 17:44:51 2008
|
||||
$OpenBSD: patch-Makefile,v 1.7 2009/03/08 21:57:24 stsp Exp $
|
||||
--- Makefile.orig Wed May 14 07:33:55 2008
|
||||
+++ Makefile Fri Mar 6 15:45:41 2009
|
||||
@@ -4,19 +4,19 @@ RELEASE=
|
||||
|
||||
#################################################################
|
||||
@ -24,3 +24,12 @@ $OpenBSD: patch-Makefile,v 1.6 2008/11/11 16:23:26 naddy Exp $
|
||||
LIBS = -lutil
|
||||
# Solaris 10
|
||||
# LIBS = -lnsl -lsocket -lresolv
|
||||
@@ -29,7 +29,7 @@ PPTP_BIN = pptp
|
||||
PPTP_OBJS = pptp.o pptp_gre.o ppp_fcs.o \
|
||||
pptp_ctrl.o dirutil.o vector.o \
|
||||
inststr.o util.o version.o test.o \
|
||||
- pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o \
|
||||
+ pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o \
|
||||
pptp_compat.o
|
||||
|
||||
PPTP_DEPS = pptp_callmgr.h pptp_gre.h ppp_fcs.h util.h test.h \
|
||||
|
@ -1,6 +1,6 @@
|
||||
$OpenBSD: patch-inststr_c,v 1.2 2007/10/23 22:13:38 naddy Exp $
|
||||
--- inststr.c.orig Mon Feb 13 04:07:42 2006
|
||||
+++ inststr.c Tue Sep 18 07:24:08 2007
|
||||
$OpenBSD: patch-inststr_c,v 1.3 2009/03/08 21:57:24 stsp Exp $
|
||||
--- inststr.c.orig Wed May 14 07:33:55 2008
|
||||
+++ inststr.c Thu Mar 5 23:07:12 2009
|
||||
@@ -20,7 +20,7 @@ inststr(int argc, char **argv, char **environ, char *s
|
||||
|
||||
for (ptr = argv[0]; *ptr; *(ptr++) = '\0');
|
||||
@ -10,3 +10,14 @@ $OpenBSD: patch-inststr_c,v 1.2 2007/10/23 22:13:38 naddy Exp $
|
||||
} else
|
||||
{
|
||||
/* Stolen from the source to perl 4.036 (assigning to $0) */
|
||||
@@ -31,8 +31,9 @@ inststr(int argc, char **argv, char **environ, char *s
|
||||
/* than lower numbered elements. */
|
||||
char *ptr, *ptr2;
|
||||
int count;
|
||||
+ int aligned;
|
||||
UL mask = ~(UL)(PTRSIZE == 4 ? 3 : PTRSIZE == 8 ? 7 : PTRSIZE == 16 ? 15 : 0);
|
||||
- int aligned = (mask < ~(UL)0) && (((UL)(argv[0]) & mask) == (UL)(argv[0]));
|
||||
+ aligned = (mask < ~(UL)0) && (((UL)(argv[0]) & mask) == (UL)(argv[0]));
|
||||
ptr = argv[0] + strlen(argv[0]);
|
||||
if (argv[argc - 1] >= argv[1]) {
|
||||
/* argv pointers in ascending memory order */
|
||||
|
33
net/pptp/patches/patch-pptp_c
Normal file
33
net/pptp/patches/patch-pptp_c
Normal file
@ -0,0 +1,33 @@
|
||||
$OpenBSD: patch-pptp_c,v 1.1 2009/03/08 21:57:24 stsp Exp $
|
||||
--- pptp.c.orig Thu Mar 5 22:54:51 2009
|
||||
+++ pptp.c Thu Mar 5 22:56:53 2009
|
||||
@@ -193,6 +193,7 @@ int main(int argc, char **argv, char **envp)
|
||||
* '\0' */
|
||||
char * volatile phonenr = NULL;
|
||||
volatile int launchpppd = 1, debug = 0;
|
||||
+ char *tty_name;
|
||||
|
||||
while(1){
|
||||
/* structure with all recognised options for pptp */
|
||||
@@ -391,7 +392,7 @@ int main(int argc, char **argv, char **envp)
|
||||
file2fd("/dev/null", "wb", STDERR_FILENO);
|
||||
}
|
||||
|
||||
- char *tty_name = ttyname(tty_fd);
|
||||
+ tty_name = ttyname(tty_fd);
|
||||
snprintf(buf, sizeof(buf), "pptp: GRE-to-PPP gateway on %s",
|
||||
tty_name ? tty_name : "(null)");
|
||||
#ifdef PR_SET_NAME
|
||||
@@ -494,9 +495,11 @@ void launch_callmgr(struct in_addr inetaddr, char *pho
|
||||
{
|
||||
char *my_argv[3] = { argv[0], inet_ntoa(inetaddr), phonenr };
|
||||
char buf[128];
|
||||
- snprintf(buf, sizeof(buf), "pptp: call manager for %s", my_argv[1]);
|
||||
#ifdef PR_SET_NAME
|
||||
int rc;
|
||||
+#endif
|
||||
+ snprintf(buf, sizeof(buf), "pptp: call manager for %s", my_argv[1]);
|
||||
+#ifdef PR_SET_NAME
|
||||
rc = prctl(PR_SET_NAME, "pptpcm", 0, 0, 0);
|
||||
if (rc != 0) perror("prctl");
|
||||
#else
|
12
net/pptp/patches/patch-pptp_callmgr_c
Normal file
12
net/pptp/patches/patch-pptp_callmgr_c
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-pptp_callmgr_c,v 1.1 2009/03/08 21:57:24 stsp Exp $
|
||||
--- pptp_callmgr.c.orig Fri Mar 6 15:44:54 2009
|
||||
+++ pptp_callmgr.c Fri Mar 6 15:45:00 2009
|
||||
@@ -120,8 +120,6 @@ int callmgr_main(int argc, char **argv, char **envp)
|
||||
phonenr = argc == 3 ? argv[2] : NULL;
|
||||
if (inet_aton(argv[1], &inetaddr) == 0)
|
||||
fatal("Invalid IP address: %s", argv[1]);
|
||||
- routing_init(inet_ntoa(inetaddr));
|
||||
- routing_start();
|
||||
/* Step 1: Open sockets. */
|
||||
if ((inet_sock = open_inetsock(inetaddr)) < 0)
|
||||
fatal("Could not open control connection to %s", argv[1]);
|
83
net/pptp/patches/patch-routing_c
Normal file
83
net/pptp/patches/patch-routing_c
Normal file
@ -0,0 +1,83 @@
|
||||
$OpenBSD: patch-routing_c,v 1.1 2009/03/08 21:57:24 stsp Exp $
|
||||
--- routing.c.orig Fri Mar 6 15:31:31 2009
|
||||
+++ routing.c Fri Mar 6 15:43:43 2009
|
||||
@@ -1,79 +0,0 @@
|
||||
-/*
|
||||
- routing.c, manipulating routing table for PPTP Client
|
||||
- Copyright (C) 2006 James Cameron <quozl@us.netrek.org>
|
||||
-
|
||||
- This program is free software; you can redistribute it and/or modify
|
||||
- it under the terms of the GNU General Public License as published by
|
||||
- the Free Software Foundation; either version 2 of the License, or
|
||||
- (at your option) any later version.
|
||||
-
|
||||
- This program is distributed in the hope that it will be useful,
|
||||
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
- GNU General Public License for more details.
|
||||
-
|
||||
- You should have received a copy of the GNU General Public License
|
||||
- along with this program; if not, write to the Free Software
|
||||
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
-
|
||||
-*/
|
||||
-
|
||||
-#include <sys/types.h>
|
||||
-#include <unistd.h>
|
||||
-#include <stdio.h>
|
||||
-#include <string.h>
|
||||
-#include "routing.h"
|
||||
-
|
||||
-/* route to the server */
|
||||
-char *route;
|
||||
-
|
||||
-/*
|
||||
-
|
||||
-Design discussion.
|
||||
-
|
||||
-The primary task of this module is to add a host route to the PPTP
|
||||
-server so that the kernel continues to deliver PPTP control and data
|
||||
-connection packets to the server despite the new PPP interface that is
|
||||
-created. The flag --no-host-route is to disable this (not yet implemented).
|
||||
-
|
||||
-A secondary task may be to implement all-to-tunnel routing if the
|
||||
-appropriate flag is specified on the command line. The flag
|
||||
---route-all is to implement this (not yet implemented).
|
||||
-
|
||||
-Caveat.
|
||||
-
|
||||
-It is not possible from the "ip route" command to determine if a host
|
||||
-route already exists, so it isn't practical to put the routing table
|
||||
-back exactly as it was.
|
||||
-
|
||||
-We have a choice of either leaving our route lying around, or
|
||||
-destroying a route that the user had pre-arranged. Both are
|
||||
-unfortunate. The flag --remove-host-route is to remove the route
|
||||
-regardless (not yet implemented).
|
||||
-
|
||||
-*/
|
||||
-
|
||||
-void routing_init(char *ip) {
|
||||
- char buf[256];
|
||||
- snprintf(buf, 255, "/bin/ip route get %s", ip);
|
||||
- FILE *p = popen(buf, "r");
|
||||
- fgets(buf, 255, p);
|
||||
- /* TODO: check for failure of fgets */
|
||||
- route = strdup(buf);
|
||||
- pclose(p);
|
||||
- /* TODO: check for failure of command */
|
||||
-}
|
||||
-
|
||||
-void routing_start() {
|
||||
- char buf[256];
|
||||
- snprintf(buf, 255, "/bin/ip route replace %s", route);
|
||||
- FILE *p = popen(buf, "r");
|
||||
- pclose(p);
|
||||
-}
|
||||
-
|
||||
-void routing_end() {
|
||||
- char buf[256];
|
||||
- snprintf(buf, 255, "/bin/ip route delete %s", route);
|
||||
- FILE *p = popen(buf, "r");
|
||||
- pclose(p);
|
||||
-}
|
@ -1,12 +1,2 @@
|
||||
You will need to allow gre traffic for pptp to work:
|
||||
sysctl net.inet.gre.allow=1
|
||||
pptp will automatically try to set this sysctl before opening a gre socket.
|
||||
|
||||
See http://www.schneier.com/pptp-faq.html for a list of security flaws.
|
||||
==========================================================================
|
||||
ATTENTION:
|
||||
Alcatel ADSL modems contain default logins with easily computed passwords.
|
||||
See http://security.sdsc.edu/self-help/alcatel/ for more information.
|
||||
==========================================================================
|
||||
You may want to use TCP/IP packet filter rules to prevent unauthorized
|
||||
access to your modem (from internal net or spoofed/bounced TCP/IP packets).
|
||||
PPTP IS NOT SECURE, see ${LOCALBASE}/share/doc/pptp/PROTOCOL-SECURITY
|
||||
and http://www.schneier.com/pptp.html for more information.
|
||||
|
@ -1,9 +1,5 @@
|
||||
@comment $OpenBSD: PLIST,v 1.7 2008/11/11 16:23:26 naddy Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.8 2009/03/08 21:57:24 stsp Exp $
|
||||
@man man/man8/pptp.8
|
||||
@bin sbin/pptp
|
||||
share/doc/pptp/
|
||||
share/doc/pptp/Documentation/
|
||||
share/doc/pptp/Documentation/DESIGN.CALLMGR
|
||||
share/doc/pptp/Documentation/DESIGN.PPTP
|
||||
share/doc/pptp/Documentation/PORTING
|
||||
share/doc/pptp/USING
|
||||
share/doc/pptp/PROTOCOL-SECURITY
|
||||
|
Loading…
Reference in New Issue
Block a user