/*
* auth.c - PPP authentication and phase control.
*
- * Copyright (c) 1993-2002 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1993-2024 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@ozlabs.org>".
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#define RCSID "$Id: auth.c,v 1.117 2008/07/01 12:27:56 paulus Exp $"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <grp.h>
#include <string.h>
#include <strings.h>
+#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
bool explicit_user = 0; /* Set if "user" option supplied */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+char path_upapfile[MAXPATHLEN]; /* Pathname of pap-secrets file */
+char path_chapfile[MAXPATHLEN]; /* Pathname of chap-secrets file */
#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
char *cacert_file = NULL; /* CA certificate file (pem format) */
"Set remote name for authentication", OPT_PRIO | OPT_STATIC,
&explicit_remote, MAXNAMELEN },
+ { "pap-secrets", o_string, path_upapfile,
+ "Set pathname of pap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+ NULL, MAXPATHLEN },
+
+ { "chap-secrets", o_string, path_chapfile,
+ "Set pathname of chap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+ NULL, MAXPATHLEN },
+
{ "login", o_bool, &uselogin,
"Use system password database for PAP", OPT_A2COPY | 1 ,
&session_mgmt },
{
if (buf) {
strlcpy(remote_number, buf, sizeof(remote_number));
+ ppp_script_setenv("REMOTENUMBER", remote_number, 0);
}
}
char *name, int namelen)
{
int bit;
+ const char *prot;
switch (protocol) {
case PPP_CHAP:
bit = CHAP_PEER;
+ prot = "CHAP";
switch (prot_flavor) {
case CHAP_MD5:
bit |= CHAP_MD5_PEER;
break;
case PPP_PAP:
bit = PAP_PEER;
+ prot = "PAP";
break;
case PPP_EAP:
bit = EAP_PEER;
+ prot = "EAP";
break;
default:
warn("auth_peer_success: unknown protocol %x", protocol);
+ prot = "unknown protocol";
return;
}
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
ppp_script_setenv("PEERNAME", peer_authname, 0);
+ notice("Peer %q authenticated with %s", peer_authname, prot);
/* Save the authentication method for later. */
auth_done[unit] |= bit;
info("Connect time expired");
ppp_set_status(EXIT_CONNECT_TIME);
lcp_close(0, "Connect time expired"); /* Close connection */
+ need_holdoff = 0;
}
/*
* Open the file of pap secrets and scan for a suitable secret
* for authenticating this user.
*/
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
f = fopen(filename, "r");
* Open the file of pap secrets and scan for a suitable secret.
*/
if (ret <= 0) {
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
addrs = NULL;
f = fopen(filename, "r");
if (f == NULL)
return ret;
}
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return ret;
}
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
}
}
- filename = PPP_PATH_CHAPFILE;
+ filename = path_chapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return 0;
}
} else {
- filename = PPP_PATH_CHAPFILE;
+ filename = path_chapfile;
addrs = NULL;
secbuf[0] = 0;
auth_number(void)
{
struct wordlist *wp = permitted_numbers;
- int l;
+ size_t l;
/* Allow all if no authorization list. */
if (!wp)
while (wp) {
/* trailing '*' wildcard */
l = strlen(wp->word);
- if ((wp->word)[l - 1] == '*')
- l--;
- if (!strncasecmp(wp->word, remote_number, l))
+ if (l > 0 && (wp->word)[l - 1] == '*') {
+ if (!strncasecmp(wp->word, remote_number, l - 1))
+ return 1;
+ } else if (strcasecmp(wp->word, remote_number) == 0)
return 1;
wp = wp->next;
}
projects / ppp.git / blobdiff