initial commit of file from CVS for e-smith-pptpd on Wed 12 Jul 09:04:53 BST 2023

root/etc/e-smith/db/configuration/defaults/pptpd/TCPPort

@@ -0,0 +1 @@
+1723

root/etc/e-smith/db/configuration/defaults/pptpd/access

@@ -0,0 +1 @@
+public

root/etc/e-smith/db/configuration/defaults/pptpd/sessions

@@ -0,0 +1 @@
+0

root/etc/e-smith/db/configuration/defaults/pptpd/status

@@ -0,0 +1 @@
+disabled

root/etc/e-smith/db/configuration/defaults/pptpd/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/migrate/10NoPPTPStartIP

@@ -0,0 +1,4 @@
+{
+    # We don't need $pptpd{StartIP} any more
+    $DB->get_prop_and_delete('pptpd', 'StartIP');
+}

root/etc/e-smith/events/actions/clear-pptp-interfaces

@@ -0,0 +1,3 @@
+#! /bin/sh
+
+exec /sbin/e-smith/config delprop pptpd Interfaces

root/etc/e-smith/events/actions/pptp-interface-access

@@ -0,0 +1,63 @@
+#!/usr/bin/perl -w
+
+#----------------------------------------------------------------------
+# copyright (C) 2002 Mitel Networks Corporaton.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+#
+# Technical support for this program is available from e-smith, inc.
+# For details, please visit our web site at www.e-smith.com or
+# call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000
+#----------------------------------------------------------------------
+
+package esmith;
+
+use strict;
+use Errno;
+use esmith::util;
+use esmith::ConfigDB;
+
+use constant SIGEVENT => '/sbin/e-smith/signal-event';
+
+my $db = esmith::ConfigDB->open;
+my $pptpd = $db->get('pptpd');
+my %ifaces = map { $_ => 1 } split /,/, $pptpd->prop('Interfaces') || '';
+
+my $event = $ARGV[0] || die "Event name must be given\n";
+my $ipparam = $ARGV[6] || "(none)";
+exit 0 unless ($ipparam eq "pptpd");
+my $interface = $ARGV[1] || die "Couldn't determine interface name\n";
+
+if ($event eq "ip-down")
+{
+    # Remove this interface.
+    if (exists $ifaces{$interface})
+    {
+	delete $ifaces{$interface};
+    }
+}
+elsif ($event eq "ip-up.pptpd")
+{
+    # Add this interface.
+    $ifaces{$interface} = 1;
+}
+else
+{
+    die "Don't know what to do for event $event\n";
+}
+
+$pptpd->set_prop('Interfaces', join ',', keys %ifaces);
+
+exit(0);

root/etc/e-smith/templates.metadata/etc/ppp/options.pptpd

@@ -0,0 +1,3 @@
+PERMS=0644
+UID="root"
+GID="root"

root/etc/e-smith/templates.metadata/etc/pptpd.conf

@@ -0,0 +1,3 @@
+PERMS=0644
+UID="root"
+GID="root"

root/etc/e-smith/templates/etc/dhcpd.conf/04TakePPTPDAddresses

@@ -0,0 +1,21 @@
+{
+    my $pptpd_status = $pptpd{status} || 'disabled';
+    my $pptpd_sessions = $pptpd{sessions} || 0;
+
+    # Do nothing unless we have to
+    return "" unless ($pptpd_status eq 'enabled' && $pptpd_sessions);
+
+    # Calculate pptpd start and end addresses
+    $pptpd_end_addr =  esmith::util::IPquadToAddr($endDynamicIPRange);
+    $pptpd_start_addr = $pptpd_end_addr - $pptpd_sessions + 1;
+    # and correct the DHCP dynamic address range
+    $endDynamicIPRange = esmith::util::IPaddrToQuad($pptpd_end_addr - $pptpd_sessions);
+
+    return "# Addresses from " .
+	esmith::util::IPaddrToQuad($pptpd_start_addr) .
+	" to " .
+	esmith::util::IPaddrToQuad($pptpd_start_addr + $pptpd_sessions - 1) .
+	" taken for PPTP sessions";
+}
+
+

root/etc/e-smith/templates/etc/hosts.allow/pptpd

@@ -0,0 +1,6 @@
+{
+    my $status = $pptpd{status} || 'disabled';
+    $sessions = $pptpd{sessions} || 0;
+    $status = 'disabled' unless $sessions > 0;
+    $OUT = $status eq 'enabled' ? "pptpd: ALL" : "# pptpd is disabled";
+}

root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam20pptpd

@@ -0,0 +1,3 @@
+    pptpd)
+	/sbin/e-smith/signal-event ip-up.pptpd "$@"
+    			;;

root/etc/e-smith/templates/etc/ppp/options.pptpd/auth

@@ -0,0 +1 @@
+auth

root/etc/e-smith/templates/etc/ppp/options.pptpd/debug

@@ -0,0 +1,4 @@
+{
+    my $debug = $pptpd{debug} || 'no';
+    $OUT = $debug eq 'yes' ? "debug" : "# debug is not enabled";
+}

root/etc/e-smith/templates/etc/ppp/options.pptpd/domain

@@ -0,0 +1 @@
+domain { "$DomainName" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/ipparam

@@ -0,0 +1,2 @@
+# Tell ip-up and ip-down who is running them
+ipparam pptpd

root/etc/e-smith/templates/etc/ppp/options.pptpd/lcp-echo-options

@@ -0,0 +1,2 @@
+lcp-echo-interval 15
+lcp-echo-failure 10

root/etc/e-smith/templates/etc/ppp/options.pptpd/lock

@@ -0,0 +1 @@
+lock

root/etc/e-smith/templates/etc/ppp/options.pptpd/mppe

@@ -0,0 +1,5 @@
+nodeflate
+nobsdcomp
+require-mppe-128
+nomppe-40
+nomppe-stateful # refuse stateful mode, i.e. use stateless

root/etc/e-smith/templates/etc/ppp/options.pptpd/mru

@@ -0,0 +1 @@
+{ $pptpd{mru} ? "mru $pptpd{mru}" : "# mru not set" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/ms-dns

@@ -0,0 +1 @@
+ms-dns { "$LocalIP" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/ms-wins

@@ -0,0 +1,8 @@
+{
+    # Grab our local WINS server setting, unless another fragment
+    # has already set it
+    $_WINSServer ||= $DB->wins_server;
+    $OUT .= defined $_WINSServer ?
+	"ms-wins $_WINSServer" :
+	"# Network has no WINS server set";
+}

root/etc/e-smith/templates/etc/ppp/options.pptpd/mtu

@@ -0,0 +1 @@
+{ $pptpd{mtu} ? "mtu $pptpd{mtu}" : "# mtu not set" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/name

@@ -0,0 +1 @@
+name { "$SystemName" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/netmask

@@ -0,0 +1 @@
+netmask { "$LocalNetmask" }

root/etc/e-smith/templates/etc/ppp/options.pptpd/nologfd

@@ -0,0 +1 @@
+nologfd

root/etc/e-smith/templates/etc/ppp/options.pptpd/passive

@@ -0,0 +1,4 @@
+{
+    my $passive = $pptpd{Passive} || 'enabled';
+    $OUT = ($passive eq 'enabled') ? "passive" : "# passive mode is disabled in db";
+}

root/etc/e-smith/templates/etc/ppp/options.pptpd/proxyarp

@@ -0,0 +1 @@
+proxyarp

root/etc/e-smith/templates/etc/ppp/options.pptpd/radius

@@ -0,0 +1 @@
+plugin radius.so

root/etc/e-smith/templates/etc/ppp/options.pptpd/require-chap

@@ -0,0 +1,4 @@
+refuse-pap
+refuse-chap
+refuse-mschap
+require-mschap-v2 # Need MSCHAP-v2 to initialise encryption key

root/etc/e-smith/templates/etc/pptpd.conf/debug

@@ -0,0 +1,4 @@
+{
+    my $debug = $pptpd{debug} || 'no';
+    $OUT = $debug eq 'yes' ? "debug" : "# debug is not enabled";
+}

root/etc/e-smith/templates/etc/pptpd.conf/localip

@@ -0,0 +1,27 @@
+{
+# TAG: localip
+#
+#	Specifies the local and remote IP address ranges.
+#
+#	You can specify single IP addresses seperated by commas or you can
+#	specify ranges, or both. For example:
+#
+#		192.168.0.234,192.168.0.245-249,192.168.0.254
+#
+#	IMPORTANT RESTRICTIONS:
+#
+#	1. No spaces are permitted between commas or within addresses.
+#
+#	2. If you give more IP addresses than MAX_CONNECTIONS, it will
+#	   start at the beginning of the list and go until it gets 
+#	   MAX_CONNECTIONS IPs. Others will be ignored.
+#
+#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
+#	   you must type 234-238 if you mean this.
+#
+#	4. If you give a single localIP, that's ok - all local IPs will
+#	   be set to the given one. You MUST still give at least one remote
+#	   IP for each simultaneous client.
+#
+}
+localip { $LocalIP }

root/etc/e-smith/templates/etc/pptpd.conf/noipparm

@@ -0,0 +1,7 @@
+{
+# TAG: noipparam
+#       Suppress the passing of the client's IP address to PPP, which is
+#       done by default otherwise.
+#
+}
+noipparam

root/etc/e-smith/templates/etc/pptpd.conf/option

@@ -0,0 +1,8 @@
+{
+# TAG: option
+#
+#	Specifies the location of the PPP options file.
+#	By default PPP looks in '/etc/ppp/options'
+#
+}
+option /etc/ppp/options.pptpd

root/etc/e-smith/templates/etc/pptpd.conf/pidfile

@@ -0,0 +1,8 @@
+{
+# TAG: pidfile
+#
+#	This defines the file name in which pptpd should store its process
+#	ID (or pid).  The default is /var/run/pptpd.pid.
+#
+}
+pidfile /var/run/pptpd.pid

root/etc/e-smith/templates/etc/pptpd.conf/remoteip

@@ -0,0 +1,61 @@
+{
+# TAG: remoteip
+#
+#	Specifies the local and remote IP address ranges.
+#
+#	You can specify single IP addresses seperated by commas or you can
+#	specify ranges, or both. For example:
+#
+#		192.168.0.234,192.168.0.245-249,192.168.0.254
+#
+#	IMPORTANT RESTRICTIONS:
+#
+#	1. No spaces are permitted between commas or within addresses.
+#
+#	2. If you give more IP addresses than MAX_CONNECTIONS, it will
+#	   start at the beginning of the list and go until it gets 
+#	   MAX_CONNECTIONS IPs. Others will be ignored.
+#
+#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
+#	   you must type 234-238 if you mean this.
+#
+#	4. If you give a single localIP, that's ok - all local IPs will
+#	   be set to the given one. You MUST still give at least one remote
+#	   IP for each simultaneous client.
+#
+    return "# pptpd disabled - no remoteip"
+	unless ($pptpd{status} eq 'enabled');
+
+    # PPTPD can't do ranges in the form 192.168.42.200-192.168.42.210
+    # (Grrrr!!!) so we need to use the 192.168.42.200-210 format
+
+    my $netmaskBits = esmith::util::IPquadToAddr ($LocalNetmask);
+
+    my $sessions = $pptpd{sessions} || 0;
+
+    # Calculate pptpd start and end addresses
+    my $endIP = $dhcpd{end};
+    my $end_addr =  esmith::util::IPquadToAddr($endIP);
+    my $start_addr = $end_addr - $sessions + 1;
+    my $startIP = esmith::util::IPaddrToQuad($start_addr);
+    my @start = split(/\./, $startIP);
+    my @end = split(/\./, $endIP);
+
+    $OUT .= "remoteip ";
+
+    my $start = shift @start;
+    my $end  = shift @end ;
+    $OUT .= ($start eq $end) ? "$start." : "$start-$end.";
+
+    $start = shift @start;
+    $end  = shift @end ;
+    $OUT .= ($start eq $end) ? "$start." : "$start-$end.";
+
+    $start = shift @start;
+    $end  = shift @end ;
+    $OUT .= ($start eq $end) ? "$start." : "$start-$end.";
+
+    $start = shift @start;
+    $end  = shift @end ;
+    $OUT .= ($start eq $end) ? "$start" : "$start-$end";
+}

root/etc/e-smith/templates/etc/pptpd.conf/speed

@@ -0,0 +1,8 @@
+{
+# TAG: speed
+#
+#	Specifies the speed for the PPP daemon to talk at.
+#	Some PPP daemons will ignore this value.
+#
+}
+speed 460800

root/etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowGRE

@@ -0,0 +1,9 @@
+{
+# I'm not certain that this is needed. This should be handled by
+# connection tracking - we should only accept GRE packets from
+# sites we've already negotiated PPTP connections with.
+}    /sbin/iptables --new-chain gre-in
+    /sbin/iptables --append INPUT -p 47 -j gre-in
+    /sbin/iptables --append INPUT -p 47 -j denylog
+    /sbin/iptables --append gre-in ! -d $OUTERNET -j denylog
+    /sbin/iptables --append gre-in -j denylog

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PPPconnAdjust00Start

@@ -0,0 +1,11 @@
+{
+    $OUT = "";
+    if ((%pptpd) and (exists $pptpd{Interfaces}))
+    {
+	$OUT .=<<'EOF';
+    OLD_PPPconn=$(get_safe_id PPPconn filter find)
+    NEW_PPPconn=$(get_safe_id PPPconn filter new)
+    /sbin/iptables --new-chain $NEW_PPPconn
+EOF
+    }
+}

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PPPconnAdjust50adjust_conns

@@ -0,0 +1,14 @@
+{
+    $OUT = "";
+    if ((%pptpd) and (exists $pptpd{Interfaces}))
+    {
+	my @interfaces = split /,/, $pptpd{Interfaces};
+	foreach my $interface (sort @interfaces)
+	{
+	    $OUT .=<<"EOF";
+    /sbin/iptables --insert \$NEW_PPPconn --in-interface $interface -j ACCEPT
+    /sbin/iptables --insert \$NEW_PPPconn --out-interface $interface -j ACCEPT
+EOF
+	}
+    }
+}

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90PPPconnAdjust99Finish

@@ -0,0 +1,13 @@
+{
+    $OUT = "";
+    if ((%pptpd) and (exists $pptpd{Interfaces}))
+    {
+	$OUT .=<<'EOF';
+    # Destroy the old chain and put in the new one.
+    /sbin/iptables --replace PPPconn 1 \
+	--jump $NEW_PPPconn
+    /sbin/iptables --flush $OLD_PPPconn
+    /sbin/iptables --delete-chain $OLD_PPPconn
+EOF
+    }
+}

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustGRE

@@ -0,0 +1,9 @@
+{
+    my $pptpd_status = $pptpd{status} || 'disabled';
+
+    my $target = ($pptpd_status eq 'enabled') ? "ACCEPT" : "denylog";
+
+    $OUT = 
+    "    /sbin/iptables --replace gre-in 1 ! -d \$OUTERNET -j denylog\n" .
+    "    /sbin/iptables --replace gre-in 2 -j $target";
+}

root/usr/lib/systemd/system/pptpd.service.d/50-koozali.conf

@@ -0,0 +1,5 @@
+[Service]
+ExecStartPre=/sbin/e-smith/service-status pptpd
+
+[Install]
+WantedBy=sme-server.target