X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fauth.c;h=a8e50042570286e55d3cd14af09d5b091eea70fe;hp=ea6bf7b10d4b8dad4d27f28de832c788c51e941c;hb=c6f8d6a7f8325a40950cc9334acf1f453bb1dfeb;hpb=2d521b28a3060834254b8edca0cda6904f974744 diff --git a/pppd/auth.c b/pppd/auth.c index ea6bf7b..a8e5004 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.3 1994/04/18 03:59:28 paulus Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.7 1994/08/09 06:29:14 paulus Exp $"; #endif #include @@ -55,14 +55,11 @@ static char rcsid[] = "$Id: auth.c,v 1.3 1994/04/18 03:59:28 paulus Exp $"; #include "upap.h" #include "chap.h" #include "ipcp.h" +#include "ccp.h" #include "pathnames.h" #ifdef sparc #include -#ifndef __GNUC__ -/* why alloca.h doesn't define what alloca() returns is a mystery */ -/* char *alloca __ARGS((int)); */ -#endif /*__GNUC__*/ #endif /*sparc*/ /* Used for storing a sequence of words. Usually malloced. */ @@ -104,6 +101,7 @@ static struct wordlist *addresses[NPPP]; /* Prototypes */ void check_access __ARGS((FILE *, char *)); +static void network_phase __ARGS((int)); static int login __ARGS((char *, char *, char **, int *)); static void logout __ARGS((void)); static int null_login __ARGS((int)); @@ -134,6 +132,8 @@ void link_terminated(unit) int unit; { + if (phase == PHASE_DEAD) + return; if (logged_in) logout(); phase = PHASE_DEAD; @@ -147,6 +147,8 @@ void link_down(unit) int unit; { + ipcp_close(0); + ccp_close(0); phase = PHASE_TERMINATE; } @@ -195,10 +197,20 @@ link_established(unit) } auth_pending[unit] = auth; - if (!auth) { - phase = PHASE_NETWORK; - ipcp_open(unit); - } + if (!auth) + network_phase(unit); +} + +/* + * Proceed to the network phase. + */ +static void +network_phase(unit) + int unit; +{ + phase = PHASE_NETWORK; + ipcp_open(unit); + ccp_open(unit); } /* @@ -244,6 +256,7 @@ auth_peer_success(unit, protocol) if ((auth_pending[unit] &= ~bit) == 0) { phase = PHASE_NETWORK; ipcp_open(unit); + ccp_open(unit); } } @@ -280,16 +293,15 @@ auth_withpeer_success(unit, protocol) default: syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", protocol); + bit = 0; } /* * If there is no more authentication still being done, * proceed to the network phase. */ - if ((auth_pending[unit] &= ~bit) == 0) { - phase = PHASE_NETWORK; - ipcp_open(unit); - } + if ((auth_pending[unit] &= ~bit) == 0) + network_phase(unit); } @@ -643,6 +655,7 @@ get_secret(unit, client, server, secret, secret_len, save_addrs) char *server; char *secret; int *secret_len; + int save_addrs; { FILE *f; int ret, len; @@ -696,6 +709,10 @@ auth_ip_addr(unit, addr) struct hostent *hp; struct wordlist *addrs; + /* don't allow loopback or multicast address */ + if (bad_ip_adrs(addr)) + return 0; + if ((addrs = addresses[unit]) == NULL) return 1; /* no restriction */ @@ -717,6 +734,20 @@ auth_ip_addr(unit, addr) return 0; /* not in list => can't have it */ } +/* + * bad_ip_adrs - return 1 if the IP address is one we don't want + * to use, such as an address in the loopback net or a multicast address. + * addr is in network byte order. + */ +int +bad_ip_adrs(addr) + u_long addr; +{ + addr = ntohl(addr); + return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET + || IN_MULTICAST(addr) || IN_BADCLASS(addr); +} + /* * check_access - complain if a secret file has too-liberal permissions. */ @@ -843,7 +874,7 @@ scan_authfile(f, client, server, secret, addrs, filename) */ if (addr_list) free_wordlist(addr_list); - addr_list = NULL; + addr_list = addr_last = NULL; for (;;) { if (!getword(f, word, &newline, filename) || newline) break;