fix compile problems on OSF/1

[ppp.git] / pppd / auth.c

diff --git a/pppd/auth.c b/pppd/auth.c
index 994395a355ae9980001a4932252bc44cb655edfe..4b68650ab4ec1f9f2e45a8e422d970eab3f546c5 100644 (file)
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.40 1999/01/19 23:59:14 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.44 1999/03/08 01:47:54 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -154,10 +154,7 @@ static int  scan_authfile __P((FILE *, char *, char *, u_int32_t, char *,
 static void free_wordlist __P((struct wordlist *));
 static void auth_script __P((char *));
 static void set_allowed_addrs __P((int, struct wordlist *));
-
-#ifdef OLD_OPTIONS
 static int setupapfile __P((char **));
-#endif
 
 /*
  * Authentication-related options.
@@ -170,7 +167,7 @@ option_t auth_options[] = {
     { "refuse-pap", o_bool, &refuse_pap,
       "Don't agree to auth to peer with PAP", 1 },
     { "-pap", o_bool, &refuse_pap,
-      "Don't allow UPAP authentication with peer", 1 },
+      "Don't allow PAP authentication with peer", 1 },
     { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
       "Require CHAP authentication from peer", 1, &auth_required },
     { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
@@ -196,14 +193,11 @@ option_t auth_options[] = {
       "Use system password database for PAP", 1 },
     { "papcrypt", o_bool, &cryptpap,
       "PAP passwords are encrypted", 1 },
-#if OLD_OPTIONS
     { "+ua", o_special, setupapfile,
       "Get PAP user and password from file" },
-#endif
     { NULL }
 };
 
-#if OLD_OPTIONS
 /*
  * setupapfile - specifies UPAP info for authenticating with peer.
  */
@@ -217,14 +211,19 @@ setupapfile(argv)
     lcp_allowoptions[0].neg_upap = 1;
 
     /* open user info file */
-    if ((ufile = fopen(*argv, "r")) == NULL) {
+    seteuid(getuid());
+    ufile = fopen(*argv, "r");
+    seteuid(0);
+    if (ufile == NULL) {
        option_error("unable to open user login data file %s", *argv);
        return 0;
     }
+#if 0  /* check done by setting effective UID above */
     if (!readable(fileno(ufile))) {
        option_error("%s: access denied", *argv);
        return 0;
     }
+#endif
     check_access(ufile, *argv);
 
     /* get username */
@@ -245,7 +244,6 @@ setupapfile(argv)
 
     return (1);
 }
-#endif
 
 
 /*
@@ -635,6 +633,13 @@ auth_check_options()
        wo->neg_upap = 0;
     }
 
+    /*
+     * If we have a default route, require the peer to authenticate
+     * unless the noauth option was given.
+     */
+    if (!auth_required && !allow_any_ip && have_route_to(0))
+       auth_required = 1;
+
     /*
      * Check whether we have appropriate secrets to use
      * to authenticate the peer.
@@ -1284,6 +1289,12 @@ auth_ip_addr(unit, addr)
     int unit;
     u_int32_t addr;
 {
+
+    if (addresses[unit] == NULL) {
+       if (auth_required)
+           return 0;           /* no addresses authorized */
+       return allow_any_ip || !have_route_to(addr);
+    }
     return ip_addr_check(addr, addresses[unit]);
 }
 
@@ -1302,11 +1313,8 @@ ip_addr_check(addr, addrs)
     if (bad_ip_adrs(addr))
        return 0;
 
-    if (addrs == NULL) {
-       if (auth_required)
-           return 0;           /* no addresses authorized */
-       return allow_any_ip || !have_route_to(addr);
-    }
+    if (addrs == NULL)
+       return 0;               /* no addresses authorized */
 
     for (; addrs != NULL; addrs = addrs->next) {
        /* "-" means no addresses authorized, "*" means any address allowed */
@@ -1533,6 +1541,8 @@ scan_authfile(f, client, server, ipaddr, secret, addrs, filename)
 
        /*
         * Check if the given IP address is allowed by the wordlist.
+        * XXX accepts this entry even if it has no allowed IP addresses
+        * if they didn't specify a remote IP address. XXX
         */
        if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) {
            free_wordlist(alist);