#include <grp.h>
#include <string.h>
#include <strings.h>
+#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
bool explicit_user = 0; /* Set if "user" option supplied */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+char path_upapfile[MAXPATHLEN]; /* Pathname of pap-secrets file */
+char path_chapfile[MAXPATHLEN]; /* Pathname of chap-secrets file */
#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
char *cacert_file = NULL; /* CA certificate file (pem format) */
"Set remote name for authentication", OPT_PRIO | OPT_STATIC,
&explicit_remote, MAXNAMELEN },
+ { "pap-secrets", o_string, path_upapfile,
+ "Set pathname of pap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+ NULL, MAXPATHLEN },
+
+ { "chap-secrets", o_string, path_chapfile,
+ "Set pathname of chap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+ NULL, MAXPATHLEN },
+
{ "login", o_bool, &uselogin,
"Use system password database for PAP", OPT_A2COPY | 1 ,
&session_mgmt },
char *name, int namelen)
{
int bit;
+ const char *prot;
switch (protocol) {
case PPP_CHAP:
bit = CHAP_PEER;
+ prot = "CHAP";
switch (prot_flavor) {
case CHAP_MD5:
bit |= CHAP_MD5_PEER;
break;
case PPP_PAP:
bit = PAP_PEER;
+ prot = "PAP";
break;
case PPP_EAP:
bit = EAP_PEER;
+ prot = "EAP";
break;
default:
warn("auth_peer_success: unknown protocol %x", protocol);
+ prot = "unknown protocol";
return;
}
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
ppp_script_setenv("PEERNAME", peer_authname, 0);
+ notice("Peer %q authenticated with %s", peer_authname, prot);
/* Save the authentication method for later. */
auth_done[unit] |= bit;
* Open the file of pap secrets and scan for a suitable secret
* for authenticating this user.
*/
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
f = fopen(filename, "r");
* Open the file of pap secrets and scan for a suitable secret.
*/
if (ret <= 0) {
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
addrs = NULL;
f = fopen(filename, "r");
if (f == NULL)
return ret;
}
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return ret;
}
- filename = PPP_PATH_UPAPFILE;
+ filename = path_upapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
}
}
- filename = PPP_PATH_CHAPFILE;
+ filename = path_chapfile;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return 0;
}
} else {
- filename = PPP_PATH_CHAPFILE;
+ filename = path_chapfile;
addrs = NULL;
secbuf[0] = 0;
auth_number(void)
{
struct wordlist *wp = permitted_numbers;
- int l;
+ size_t l;
/* Allow all if no authorization list. */
if (!wp)
while (wp) {
/* trailing '*' wildcard */
l = strlen(wp->word);
- if ((wp->word)[l - 1] == '*')
- l--;
- if (!strncasecmp(wp->word, remote_number, l))
+ if (l > 0 && (wp->word)[l - 1] == '*') {
+ if (!strncasecmp(wp->word, remote_number, l - 1))
+ return 1;
+ } else if (strcasecmp(wp->word, remote_number) == 0)
return 1;
wp = wp->next;
}