PSARC 2009/317 Solaris PPP/PPPoE Updates

4695172 3COM has its own incompatible dialect of PPPoE
4704518 security checks on chap peer name cause interoperability problems
4711045 pppd should not be discarding debug information on fatal signals
4711046 pppoec should provide a way to limit match against wildcard service
4714306 sppptun should not use M_ERROR to signal protocol problems
4743677 pppd can trigger latent access server bug
4750809 pppd needs lint cleanup
4947676 spppcomp_wput() allows an unprivileged process to "hang" the system.
5058886 PPPD misses first LCP configuration request
5060749 need a way to log demand-dial action at higher priority
5093264 PPPoE server can omit Service-Name tag in PADS response
6291911 ugly preremove script in SUNWpppdt causes messages on pkgrm from zone
6589814 pppd disavows bad echo-reply count
6636684 PPP should work in non-global exclusive-stack zones
6637245 sppp driver has half-baked _mi_driver_info function
6704096 SUNWpppdu and SUNWpppdr package dependency and content issues
6753945 sppptun doesn't honor clearview vanity naming feature.

3 files changed, 80 insertions, 53 deletions

diff --git a/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c b/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c
index 24e69c8edd..de1602ce6e 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c
@@ -21,12 +21,10 @@
 /*
  * PPPoE Server-mode daemon option parsing.
  *
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -851,7 +849,7 @@ dispatch_keyword(struct parse_state *psp, const char *keybuf)
 	for (kep = key_list; kep->kwe_word != NULL; kep++) {
 		if (kep->kwe_in == psp->ps_state &&
 		    (*kep->kwe_word == '\0' ||
-			strcasecmp(kep->kwe_word, keybuf) == 0)) {
+		    strcasecmp(kep->kwe_word, keybuf) == 0)) {
 			if (kep->kwe_func != NULL)
 				retv = (*kep->kwe_func)(psp->ps_csvc, keybuf);
 			psp->ps_state = kep->kwe_out;
@@ -1419,9 +1417,8 @@ organize_state(struct parse_state *psp)
 						if ((*se2pp)->se_name ==
 						    slp->sl_entry.se_name ||
 						    strcmp((*se2pp)->
-							se_name,
-							slp->sl_entry.
-							se_name) == 0)
+						    se_name, slp->sl_entry.
+						    se_name) == 0)
 							break;
 					/*
 					 * We retain a service if it's
@@ -1627,7 +1624,7 @@ get_device_list(struct parse_state *psp, int tunfd)
 	for (dlpp = &psp->ps_star; (dlp = *dlpp) != NULL; ) {
 		for (dla = dlalt; dla != NULL; dla = dla->dl_next)
 			if (strcmp(dla->dl_name, dlp->dl_name) == 0)
-			    break;
+				break;
 		if (dla == NULL) {
 			*dlpp = dlp->dl_next;
 			free(dlp);
@@ -1959,10 +1956,6 @@ locate_service(poep_t *poep, int plen, const char *iname, ppptun_atype *pap,
 				break;
 			}
 			seppe = sepp + dep->de_nservices;
-			/* Clients's requested service must appear in reply. */
-			if (tlen != 0 || (ispadi &&
-				    !(glob_svc.se_flags & SEF_NOWILD)))
-				(void) poe_tag_copy(opoe, tagp);
 			if (tlen == 0) {
 				/*
 				 * If config specifies "nowild" in a
@@ -1976,29 +1969,43 @@ locate_service(poep_t *poep, int plen, const char *iname, ppptun_atype *pap,
 					sepp = seppe;
 				while (sepp < seppe) {
 					sep = *sepp++;
-					if ((ispadi || !(sep->se_flags &
-						    SEF_NOWILD)) &&
-					    allow_service(sep, pap)) {
-						nsvcs++;
-						*srvp = (void *)sep;
-						if (poep->poep_code ==
-						    POECODE_PADR)
-							break;
-						if (sep->se_name[0] == '\0')
-							continue;
-						(void) poe_add_str(opoe,
-						    POETT_SERVICE,
-						    sep->se_name);
-					}
+					if (sep->se_name[0] == '\0' ||
+					    (sep->se_flags & SEF_NOWILD) ||
+					    !allow_service(sep, pap))
+						continue;
+					*srvp = (void *)sep;
+					/*
+					 * RFC requires that PADO includes the
+					 * wildcard service request in response
+					 * to PADI.
+					 */
+					if (ispadi && nsvcs == 0 &&
+					    !(glob_svc.se_flags & SEF_NOWILD))
+						(void) poe_tag_copy(opoe, tagp);
+					nsvcs++;
+					(void) poe_add_str(opoe, POETT_SERVICE,
+					    sep->se_name);
+					/* If PADR, then one is enough */
+					if (!ispadi)
+						break;
 				}
+				/* Just for generating error messages */
+				if (nsvcs == 0)
+					(void) poe_tag_copy(opoe, tagp);
 			} else {
+				/*
+				 * Clients's requested service must appear in
+				 * reply.
+				 */
+				(void) poe_tag_copy(opoe, tagp);
+
 				/* Requested specific service; find it. */
 				cp = (char *)POET_DATA(tagp);
 				while (sepp < seppe) {
 					sep = *sepp++;
 					if (strlen(sep->se_name) == tlen &&
 					    strncasecmp(sep->se_name, cp,
-						tlen) == 0) {
+					    tlen) == 0) {
 						if (allow_service(sep, pap)) {
 							nsvcs++;
 							*srvp = (void *)sep;
@@ -2276,7 +2283,7 @@ dump_configuration(FILE *fp)
 	    "Global debug level %d, log to %s; current level %d\n",
 	    glob_svc.se_debug,
 	    ((glob_svc.se_log == NULL || *glob_svc.se_log == '\0') ?
-		"syslog" : glob_svc.se_log),
+	    "syslog" : glob_svc.se_log),
 	    log_level);
 	if (cur_options == NULL) {
 		(void) fprintf(fp, "No current configuration.\n");
diff --git a/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoec.c b/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoec.c
index f306b718e4..30f9744d26 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoec.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoec.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -22,12 +21,10 @@
 /*
  * PPPoE Client-mode "chat" utility for use with Solaris PPP 4.0.
  *
- * Copyright 2000-2002 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -623,7 +620,7 @@ send_padi(int localid)
 	ppptun_atype destaddr;
 
 	poep = poe_mkheader(pkt_output, POECODE_PADI, 0);
-	(void) poe_add_str(poep, POETT_SERVICE, "");
+	(void) poe_add_str(poep, POETT_SERVICE, service);
 	(void) poe_add_long(poep, POETT_UNIQ, localid);
 	(void) memset(&destaddr, '\0', sizeof (destaddr));
 	(void) memcpy(destaddr.pta_pppoe.ptma_mac, ether_bcast,
@@ -802,7 +799,7 @@ save_message(const poemsg_t *pmsg)
 	char *cp;
 
 	newmsg = (poemsg_t *)malloc(sizeof (*pmsg) + pmsg->poemsg_len +
-		strlen(pmsg->poemsg_iname) + 1);
+	    strlen(pmsg->poemsg_iname) + 1);
 	if (newmsg != NULL) {
 		newmsg->poemsg_next = NULL;
 		newmsg->poemsg_data = (const poep_t *)(newmsg + 1);
@@ -868,7 +865,7 @@ send_padr(poesm_t *psm, const poemsg_t *pado)
 			}
 			if (service[0] == '\0' ||
 			    (tlen == strlen(service) &&
-				memcmp(service, POET_DATA(tagp), tlen) == 0)) {
+			    memcmp(service, POET_DATA(tagp), tlen) == 0)) {
 				(void) poe_tag_copy(poep, tagp);
 				hassvc = B_TRUE;
 			}
@@ -895,7 +892,7 @@ send_padr(poesm_t *psm, const poemsg_t *pado)
 		tagp = POET_NEXT(tagp);
 	}
 	if (!hassvc) {
-		if (haswild)
+		if (haswild && service[0] == '\0')
 			(void) poe_add_str(poep, POETT_SERVICE, "");
 		else
 			return (1);
@@ -1313,7 +1310,7 @@ get_sequence(const poemsg_t *pmsg)
  * events occur.
  */
 static int
-use_server(poemsg_t *pado)
+use_server(poemsg_t *pado, const ppptun_atype *pap)
 {
 	struct server_filter *sfp;
 	const uchar_t *sndp;
@@ -1321,6 +1318,7 @@ use_server(poemsg_t *pado)
 	const uchar_t *maskp;
 	int i;
 	int passmatched;
+	int tlen;
 	const uint8_t *tagp;
 	int ttyp;
 
@@ -1331,12 +1329,29 @@ use_server(poemsg_t *pado)
 	ttyp = POETT_END;
 	while (poe_tagcheck(pado->poemsg_data, pado->poemsg_len, tagp)) {
 		ttyp = POET_GET_TYPE(tagp);
-		if (ttyp == POETT_END || ttyp == POETT_SERVICE)
+		if (ttyp == POETT_END)
 			break;
+		if (ttyp == POETT_SERVICE) {
+			/*
+			 * If the user has requested a specific service, then
+			 * this selection is exclusive.  We never use the
+			 * wildcard for this.
+			 */
+			tlen = POET_GET_LENG(tagp);
+			if (service[0] == '\0' || (strlen(service) == tlen &&
+			    memcmp(service, POET_DATA(tagp), tlen) == 0))
+				break;
+			/* just in case we run off the end */
+			ttyp = POETT_END;
+		}
 		tagp = POET_NEXT(tagp);
 	}
-	if (ttyp != POETT_SERVICE)
+	if (ttyp != POETT_SERVICE) {
+		if (verbose)
+			logerr("%s: Discard unusable offer from %s; service "
+			    "'%s' not seen\n", myname, ehost(pap), service);
 		return (-1);
+	}
 
 	passmatched = 0;
 	for (sfp = sfhead; sfp != NULL; sfp = sfp->sf_next) {
@@ -1365,8 +1380,12 @@ use_server(poemsg_t *pado)
 		if (!sfp->sf_isexcept)
 			return (PCSME_RPADOP);
 	}
-	if (onlyflag)
+	if (onlyflag) {
+		if (verbose)
+			logerr("%s: Discard unusable offer from %s; server not "
+			    "matched\n", myname, ehost(pap));
 		return (-1);
+	}
 	return (PCSME_RPADO);
 }
 
@@ -1480,9 +1499,8 @@ find_server(int localid)
 		if ((poep->poep_code == POECODE_PADT ||
 		    poep->poep_code == POECODE_PADS) &&
 		    (psm.poesm_firstoff == NULL ||
-			memcmp(&psm.poesm_firstoff->poemsg_sender,
-			    &pmsg.poemsg_sender,
-			    sizeof (pmsg.poemsg_sender)) != 0)) {
+		    memcmp(&psm.poesm_firstoff->poemsg_sender,
+		    &pmsg.poemsg_sender, sizeof (pmsg.poemsg_sender)) != 0)) {
 			if (verbose) {
 				logerr("%s: Unexpected peer %s", myname,
 				    ehost(&ptc->ptc_address));
@@ -1534,7 +1552,7 @@ find_server(int localid)
 			if (retv != 0)
 				break;
 			/* Ignore offers from servers we don't want. */
-			if ((retv = use_server(&pmsg)) < 0)
+			if ((retv = use_server(&pmsg, &ptc->ptc_address)) < 0)
 				break;
 			/* Dispatch either RPADO or RAPDO+ event. */
 			handle_event(&psm, retv, &pmsg);
diff --git a/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoed.c b/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoed.c
index 294a04d824..a9479ab178 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoed.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/pppoe/pppoed.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -22,12 +21,10 @@
 /*
  * PPPoE Server-mode daemon for use with Solaris PPP 4.0.
  *
- * Copyright (c) 2000-2001 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -305,6 +302,11 @@ handle_input(uint32_t *ctrlbuf, int ctrllen, uint32_t *databuf, int datalen)
 		logdbg("%s unplumbed", ptc->ptc_name);
 		return;
 
+	case PTCA_BADCTRL:
+		logwarn("bad control data on %s for session %u", ptc->ptc_name,
+		    ptc->ptc_rsessid);
+		return;
+
 	default:
 		logdbg("unexpected code %d from driver", ptc->ptc_action);
 		return;