int (*idle_time_hook)(struct ppp_idle *) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
int (*idle_time_hook)(struct ppp_idle *) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
-int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts) = NULL;
+pap_auth_hook_fn *pap_auth_hook = NULL;
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
+const char *
+ppp_remote_name()
+{
+ return remote_name;
+}
+
+const char *
+ppp_get_remote_number(void)
+{
+ return remote_number;
+}
+
+void
+ppp_set_remote_number(const char *buf)
+{
+ if (buf) {
+ strlcpy(remote_number, buf, sizeof(remote_number));
+ }
+}
+
+const char *
+ppp_peer_authname(char *buf, size_t bufsz)
+{
+ if (buf && bufsz > 0) {
+ strlcpy(buf, peer_authname, bufsz);
+ return buf;
+ }
+ return peer_authname;
+}
+
if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
notify(link_down_notifier, 0);
auth_state = s_down;
if (auth_script_state == s_up && auth_script_pid == 0) {
notify(link_down_notifier, 0);
auth_state = s_down;
if (auth_script_state == s_up && auth_script_pid == 0) {
new_phase(PHASE_ESTABLISH);
}
/* XXX if doing_multilink, should do something to stop
new_phase(PHASE_ESTABLISH);
}
/* XXX if doing_multilink, should do something to stop
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL);
if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL);
set_allowed_addrs(unit, NULL, NULL);
} else if (!wo->neg_upap || uselogin || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
set_allowed_addrs(unit, NULL, NULL);
} else if (!wo->neg_upap || uselogin || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
return;
}
if (need_peer_eap && !ho->neg_eap) {
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
return;
}
if (need_peer_eap && !ho->neg_eap) {
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
- if (maxconnect > 0)
- TIMEOUT(connect_time_expired, 0, maxconnect);
+ if (ppp_get_max_connect_time() > 0)
+ TIMEOUT(connect_time_expired, 0, ppp_get_max_connect_time());
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
- unsigned int used;
-
- update_link_stats(ifunit);
- link_stats_valid=0;
-
- switch(maxoctets_dir) {
- case PPP_OCTETS_DIRECTION_IN:
- used = link_stats.bytes_in;
- break;
- case PPP_OCTETS_DIRECTION_OUT:
- used = link_stats.bytes_out;
- break;
- case PPP_OCTETS_DIRECTION_MAXOVERAL:
- case PPP_OCTETS_DIRECTION_MAXSESSION:
- used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out;
- break;
- default:
- used = link_stats.bytes_in+link_stats.bytes_out;
- break;
+ unsigned int used = 0;
+ ppp_link_stats_st stats;
+
+ if (ppp_get_link_stats(&stats)) {
+ switch(maxoctets_dir) {
+ case PPP_OCTETS_DIRECTION_IN:
+ used = stats.bytes_in;
+ break;
+ case PPP_OCTETS_DIRECTION_OUT:
+ used = stats.bytes_out;
+ break;
+ case PPP_OCTETS_DIRECTION_MAXOVERAL:
+ case PPP_OCTETS_DIRECTION_MAXSESSION:
+ used = (stats.bytes_in > stats.bytes_out)
+ ? stats.bytes_in
+ : stats.bytes_out;
+ break;
+ default:
+ used = stats.bytes_in+stats.bytes_out;
+ break;
+ }
tlim = idle_time_hook(&idle);
} else {
itime = MIN(idle.xmit_idle, idle.recv_idle);
tlim = idle_time_hook(&idle);
} else {
itime = MIN(idle.xmit_idle, idle.recv_idle);
/* Default our_name to hostname, and user to our_name */
if (our_name[0] == 0 || usehostname)
/* Default our_name to hostname, and user to our_name */
if (our_name[0] == 0 || usehostname)
/* If a blank username was explicitly given as an option, trust
the user and don't use our_name */
if (user[0] == 0 && !explicit_user)
/* If a blank username was explicitly given as an option, trust
the user and don't use our_name */
if (user[0] == 0 && !explicit_user)
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
- * bad_ip_adrs - return 1 if the IP address is one we don't want
- * to use, such as an address in the loopback net or a multicast address.
- * addr is in network byte order.
+ * Check if given addr in network byte order is in the looback network, or a multicast address.
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)