X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=4271af687102dc62e3c2e3b47d3fc8ab1d70d0f8;hb=733c00a6ce0244ba5003f4f71a014db8200a30fe;hp=8189787b198f26c13b90d8b5dd2c3d207edc5777;hpb=e5b9a1061f126b36c558aea09fd76fd691ebf018;p=ppp.git

diff --git a/pppd/auth.c b/pppd/auth.c
index 8189787..4271af6 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -68,7 +68,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: auth.c,v 1.113 2007/06/19 02:08:35 carlsonj Exp $"
+#define RCSID	"$Id: auth.c,v 1.117 2008/07/01 12:27:56 paulus Exp $"
 
 #include <stdio.h>
 #include <stddef.h>
@@ -190,6 +190,11 @@ int (*null_auth_hook) __P((struct wordlist **paddrs,
 
 int (*allowed_address_hook) __P((u_int32_t addr)) = NULL;
 
+#ifdef HAVE_MULTILINK
+/* Hook for plugin to hear when an interface joins a multilink bundle */
+void (*multilink_join_hook) __P((void)) = NULL;
+#endif
+
 /* A notifier for when the peer has authenticated itself,
    and we are proceeding to the network phase. */
 struct notifier *auth_up_notifier = NULL;
@@ -230,6 +235,8 @@ bool usehostname = 0;		/* Use hostname for our_name */
 bool auth_required = 0;		/* Always require authentication from peer */
 bool allow_any_ip = 0;		/* Allow peer to use any IP address */
 bool explicit_remote = 0;	/* User specified explicit remote name */
+bool explicit_user = 0;		/* Set if "user" option supplied */
+bool explicit_passwd = 0;	/* Set if "password" option supplied */
 char remote_name[MAXNAMELEN];	/* Peer's name for authentication */
 
 static char *uafname;		/* name of most recent +ua file */
@@ -355,11 +362,13 @@ option_t auth_options[] = {
       OPT_PRIO | OPT_A2STRVAL, &uafname },
 
     { "user", o_string, user,
-      "Set name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN },
+      "Set name for auth with peer", OPT_PRIO | OPT_STATIC,
+      &explicit_user, MAXNAMELEN },
 
     { "password", o_string, passwd,
       "Password for authenticating us to the peer",
-      OPT_PRIO | OPT_STATIC | OPT_HIDE, NULL, MAXSECRETLEN },
+      OPT_PRIO | OPT_STATIC | OPT_HIDE,
+      &explicit_passwd, MAXSECRETLEN },
 
     { "usehostname", o_bool, &usehostname,
       "Must use hostname for authentication", 1 },
@@ -446,10 +455,14 @@ setupapfile(argv)
     if (l > 0 && p[l-1] == '\n')
 	p[l-1] = 0;
 
-    if (override_value("user", option_priority, fname))
+    if (override_value("user", option_priority, fname)) {
 	strlcpy(user, u, sizeof(user));
-    if (override_value("passwd", option_priority, fname))
+	explicit_user = 1;
+    }
+    if (override_value("passwd", option_priority, fname)) {
 	strlcpy(passwd, p, sizeof(passwd));
+	explicit_passwd = 1;
+    }
 
     return (1);
 }
@@ -540,12 +553,11 @@ link_required(unit)
 void start_link(unit)
     int unit;
 {
-    char *msg;
-
+    status = EXIT_CONNECT_FAILED;
     new_phase(PHASE_SERIALCONN);
 
+    hungup = 0;
     devfd = the_channel->connect();
-    msg = "Connect script failed";
     if (devfd < 0)
 	goto fail;
 
@@ -558,7 +570,6 @@ void start_link(unit)
      * gives us.  Thus we don't need the tdb_writelock/tdb_writeunlock.
      */
     fd_ppp = the_channel->establish_ppp(devfd);
-    msg = "ppp establishment failed";
     if (fd_ppp < 0) {
 	status = EXIT_FATAL_ERROR;
 	goto disconnect;
@@ -655,9 +666,11 @@ link_terminated(unit)
 	(*the_channel->cleanup)();
 
     if (doing_multilink && multilink_master) {
-	if (!bundle_terminating)
+	if (!bundle_terminating) {
 	    new_phase(PHASE_MASTER);
-	else
+	    if (master_detach && !detached)
+		detach();
+	} else
 	    mp_bundle_terminated();
     } else
 	new_phase(PHASE_DEAD);
@@ -770,7 +783,9 @@ link_established(unit)
 	chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype));
 	auth |= CHAP_WITHPEER;
     } else if (ho->neg_upap) {
-	if (passwd[0] == 0) {
+	/* If a blank password was explicitly given as an option, trust
+	   the user and don't try to look up one. */
+	if (passwd[0] == 0 && !explicit_passwd) {
 	    passwd_from_file = 1;
 	    if (!get_pap_passwd(passwd))
 		error("No secret found for PAP login");
@@ -845,6 +860,8 @@ start_networks(unit)
 #ifdef HAVE_MULTILINK
     if (multilink) {
 	if (mp_join_bundle()) {
+	    if (multilink_join_hook)
+		(*multilink_join_hook)();
 	    if (updetach && !nodetach)
 		detach();
 	    return;
@@ -1123,7 +1140,6 @@ static void
 check_maxoctets(arg)
     void *arg;
 {
-    int diff;
     unsigned int used;
 
     update_link_stats(ifunit);
@@ -1144,8 +1160,7 @@ check_maxoctets(arg)
 	    used = link_stats.bytes_in+link_stats.bytes_out;
 	    break;
     }
-    diff = maxoctets - used;
-    if(diff < 0) {
+    if (used > maxoctets) {
 	notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used);
 	status = EXIT_TRAFFIC_LIMIT;
 	lcp_close(0, "Traffic limit");
@@ -1212,7 +1227,9 @@ auth_check_options()
     /* Default our_name to hostname, and user to our_name */
     if (our_name[0] == 0 || usehostname)
 	strlcpy(our_name, hostname, sizeof(our_name));
-    if (user[0] == 0)
+    /* If a blank username was explicitly given as an option, trust
+       the user and don't use our_name */
+    if (user[0] == 0 && !explicit_user)
 	strlcpy(user, our_name, sizeof(user));
 
     /*
@@ -1424,9 +1441,11 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
 	    }
 	    if (secret[0] != 0 && !login_secret) {
 		/* password given in pap-secrets - must match */
-		if ((cryptpap || strcmp(passwd, secret) != 0)
-		    && strcmp(crypt(passwd, secret), secret) != 0)
-		    ret = UPAP_AUTHNAK;
+		if (cryptpap || strcmp(passwd, secret) != 0) {
+		    char *cbuf = crypt(passwd, secret);
+		    if (!cbuf || strcmp(cbuf, secret) != 0)
+			ret = UPAP_AUTHNAK;
+		}
 	    }
 	}
 	fclose(f);