X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=8ab97ab669fb50c16b5519be75c0c59abb27cad4;hb=c48617290e993c0c195b661a4d738ea30fabab05;hp=c87f4003a244b2328c3aebfdce0602bf4057e67f;hpb=f65f63638727f0f0c1b32c9a1cce26818201e753;p=ppp.git

diff --git a/pppd/auth.c b/pppd/auth.c
index c87f400..8ab97ab 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.25 1996/07/01 01:10:24 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.28 1996/10/08 04:35:02 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -54,7 +54,7 @@ static char rcsid[] = "$Id: auth.c,v 1.25 1996/07/01 01:10:24 paulus Exp $";
 #ifdef SVR4
 #include <crypt.h>
 #else
-#ifdef SUNOS4
+#if defined(SUNOS4) || defined(ULTRIX)
 extern char *crypt();
 #endif
 #endif
@@ -78,12 +78,11 @@ extern char *crypt();
 #include "ipcp.h"
 #include "upap.h"
 #include "chap.h"
+#ifdef CBCP_SUPPORT
+#include "cbcp.h"
+#endif
 #include "pathnames.h"
 
-#if defined(sun) && defined(sparc)
-#include <alloca.h>
-#endif /*sparc*/
-
 /* Used for storing a sequence of words.  Usually malloced. */
 struct wordlist {
     struct wordlist	*next;
@@ -144,6 +143,9 @@ static int  scan_authfile __P((FILE *, char *, char *, u_int32_t, char *,
 			       struct wordlist **, char *));
 static void free_wordlist __P((struct wordlist *));
 static void auth_script __P((char *));
+#ifdef CBCP_SUPPORT
+static void callback_phase __P((int));
+#endif
 
 /*
  * An Open on LCP has requested a change from Dead to Establish phase.
@@ -244,7 +246,7 @@ link_established(unit)
 	auth |= PAP_PEER;
     }
     if (ho->neg_chap) {
-	ChapAuthWithPeer(unit, our_name, ho->chap_mdtype);
+	ChapAuthWithPeer(unit, user, ho->chap_mdtype);
 	auth |= CHAP_WITHPEER;
     } else if (ho->neg_upap) {
 	if (passwd[0] == 0) {
@@ -280,6 +282,17 @@ network_phase(unit)
 	did_authup = 1;
     }
 
+#ifdef CBCP_SUPPORT
+    /*
+     * If we negotiated callback, do it now.
+     */
+    if (go->neg_cbcp) {
+	phase = PHASE_CALLBACK;
+	(*cbcp_protent.open)(unit);
+	return;
+    }
+#endif
+
     phase = PHASE_NETWORK;
 #if 0
     if (!demand)
@@ -341,7 +354,7 @@ auth_peer_success(unit, protocol, name, namelen)
 
     /*
      * If there is no more authentication still to be done,
-     * proceed to the network phase.
+     * proceed to the network (or callback) phase.
      */
     if ((auth_pending[unit] &= ~bit) == 0)
         network_phase(unit);
@@ -389,7 +402,7 @@ auth_withpeer_success(unit, protocol)
 
     /*
      * If there is no more authentication still being done,
-     * proceed to the network phase.
+     * proceed to the network (or callback) phase.
      */
     if ((auth_pending[unit] &= ~bit) == 0)
 	network_phase(unit);
@@ -451,6 +464,7 @@ check_idle(arg)
     if (itime >= idle_time_limit) {
 	/* link is idle: shut it down. */
 	syslog(LOG_INFO, "Terminating connection due to lack of activity.");
+	need_holdoff = 0;
 	lcp_close(0, "Link inactive");
     } else {
 	TIMEOUT(check_idle, NULL, idle_time_limit - itime);
@@ -468,6 +482,12 @@ auth_check_options()
     ipcp_options *ipwo = &ipcp_wantoptions[0];
     u_int32_t remote;
 
+    /* Check that we are running as root. */
+    if (geteuid() != 0) {
+	option_error("must be run with root privileges");
+	exit(1);
+    }
+
     /* Default our_name to hostname, and user to our_name */
     if (our_name[0] == 0 || usehostname)
 	strcpy(our_name, hostname);
@@ -491,11 +511,27 @@ auth_check_options()
     }
 
     if (auth_required && !can_auth) {
-	fprintf(stderr, "\
-pppd: peer authentication required but no suitable secret(s) found\n");
+	option_error("peer authentication required but no suitable secret(s) found\n");
 	exit(1);
     }
 
+    /*
+     * Check whether the user tried to override certain values
+     * set by root.
+     */
+    if (!auth_required && auth_req_info.priv > 0) {
+	if (!default_device && devnam_info.priv == 0) {
+	    option_error("can't override device name when noauth option used");
+	    exit(1);
+	}
+	if (connector != NULL && connector_info.priv == 0
+	    || disconnector != NULL && disconnector_info.priv == 0
+	    || welcomer != NULL && welcomer_info.priv == 0) {
+	    option_error("can't override connect, disconnect or welcome");
+	    option_error("option values when noauth option used");
+	    exit(1);
+	}
+    }
 }
 
 /*
@@ -514,7 +550,7 @@ auth_reset(unit)
 
     ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL));
     ao->neg_chap = !refuse_chap
-	&& have_chap_secret(our_name, remote_name, (u_int32_t)0);
+	&& have_chap_secret(user, remote_name, (u_int32_t)0);
 
     if (go->neg_upap && !uselogin && !have_pap_secret())
 	go->neg_upap = 0;
@@ -900,7 +936,8 @@ null_login(unit)
  * could be found.
  */
 static int
-get_pap_passwd(char *passwd)
+get_pap_passwd(passwd)
+    char *passwd;
 {
     char *filename;
     FILE *f;