X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fauth.c;h=f384cb800cabcd066ca62ad670c1d7fc936e01b7;hp=ebdb8d35b65f45f489ece5b2233519384c31252c;hb=0816630b7e90b23792599af619d6950841891b9b;hpb=f4bbdad033923f1577cb00f516a5316feaa12233

diff --git a/pppd/auth.c b/pppd/auth.c
index ebdb8d3..f384cb8 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.26 1996/08/28 06:39:12 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.29 1996/10/08 06:43:15 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -54,7 +54,7 @@ static char rcsid[] = "$Id: auth.c,v 1.26 1996/08/28 06:39:12 paulus Exp $";
 #ifdef SVR4
 #include <crypt.h>
 #else
-#ifdef SUNOS4
+#if defined(SUNOS4) || defined(ULTRIX)
 extern char *crypt();
 #endif
 #endif
@@ -62,6 +62,7 @@ extern char *crypt();
 #ifdef USE_PAM
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
+int isexpired (struct passwd *, struct spwd *);
 #endif
 
 #ifdef HAS_SHADOW
@@ -78,12 +79,11 @@ extern char *crypt();
 #include "ipcp.h"
 #include "upap.h"
 #include "chap.h"
+#ifdef CBCP_SUPPORT
+#include "cbcp.h"
+#endif
 #include "pathnames.h"
 
-#if defined(sun) && defined(sparc)
-#include <alloca.h>
-#endif /*sparc*/
-
 /* Used for storing a sequence of words.  Usually malloced. */
 struct wordlist {
     struct wordlist	*next;
@@ -144,6 +144,9 @@ static int  scan_authfile __P((FILE *, char *, char *, u_int32_t, char *,
 			       struct wordlist **, char *));
 static void free_wordlist __P((struct wordlist *));
 static void auth_script __P((char *));
+#ifdef CBCP_SUPPORT
+static void callback_phase __P((int));
+#endif
 
 /*
  * An Open on LCP has requested a change from Dead to Establish phase.
@@ -280,6 +283,17 @@ network_phase(unit)
 	did_authup = 1;
     }
 
+#ifdef CBCP_SUPPORT
+    /*
+     * If we negotiated callback, do it now.
+     */
+    if (go->neg_cbcp) {
+	phase = PHASE_CALLBACK;
+	(*cbcp_protent.open)(unit);
+	return;
+    }
+#endif
+
     phase = PHASE_NETWORK;
 #if 0
     if (!demand)
@@ -341,7 +355,7 @@ auth_peer_success(unit, protocol, name, namelen)
 
     /*
      * If there is no more authentication still to be done,
-     * proceed to the network phase.
+     * proceed to the network (or callback) phase.
      */
     if ((auth_pending[unit] &= ~bit) == 0)
         network_phase(unit);
@@ -389,7 +403,7 @@ auth_withpeer_success(unit, protocol)
 
     /*
      * If there is no more authentication still being done,
-     * proceed to the network phase.
+     * proceed to the network (or callback) phase.
      */
     if ((auth_pending[unit] &= ~bit) == 0)
 	network_phase(unit);
@@ -469,12 +483,6 @@ auth_check_options()
     ipcp_options *ipwo = &ipcp_wantoptions[0];
     u_int32_t remote;
 
-    /* Check that we are running as root. */
-    if (geteuid() != 0) {
-	option_error("must be run with root privileges");
-	exit(1);
-    }
-
     /* Default our_name to hostname, and user to our_name */
     if (our_name[0] == 0 || usehostname)
 	strcpy(our_name, hostname);
@@ -499,6 +507,11 @@ auth_check_options()
 
     if (auth_required && !can_auth) {
 	option_error("peer authentication required but no suitable secret(s) found\n");
+	if (remote_name[0] == 0)
+	    option_error("for authenticating any peer to us (%s)\n", our_name);
+	else
+	    option_error("for authenticating peer %s to us (%s)\n",
+			 remote_name, our_name);
 	exit(1);
     }
 
@@ -773,7 +786,7 @@ login(user, passwd, msg, msglen)
  * Define the fields for the credintial validation
  */
     (void) pam_set_item (pamh, PAM_AUTHTOK, passwd);
-    (void) pam_set_item (pamh, PAM_TTY, devnam);
+    (void) pam_set_item (pamh, PAM_TTY,     devnam);
 /*
  * Validate the user
  */
@@ -802,14 +815,20 @@ login(user, passwd, msg, msglen)
     struct spwd *getspnam();
 #endif
 
-    if ((pw = getpwnam(user)) == NULL) {
+    pw = getpwnam(user);
+    if (pw == NULL) {
 	return (UPAP_AUTHNAK);
     }
 
 #ifdef HAS_SHADOW
-    if ((spwd = getspnam(user)) == NULL) {
-        pw->pw_passwd = "";
-    } else {
+    spwd = getspnam(user);
+    endspent();
+    if (spwd) {
+	/* check the age of the password entry */
+	if (isexpired(pw, spwd)) {
+	    syslog(LOG_WARNING,"Expired password for %s",user);
+	    return (UPAP_AUTHNAK);
+	}
 	pw->pw_passwd = spwd->sp_pwdp;
     }
 #endif
@@ -817,33 +836,12 @@ login(user, passwd, msg, msglen)
     /*
      * XXX If no passwd, let them login without one.
      */
-    if (pw->pw_passwd == '\0') {
-	return (UPAP_AUTHACK);
-    }
-
-#ifdef HAS_SHADOW
-    if (pw->pw_passwd) {
-	if (pw->pw_passwd[0] == '@') {
-	    if (pw_auth (pw->pw_passwd+1, pw->pw_name, PW_PPP, NULL)) {
-		return (UPAP_AUTHNAK);
-	    }
-	} else {
-	    epasswd = pw_encrypt(passwd, pw->pw_passwd);
-	    if (strcmp(epasswd, pw->pw_passwd)) {
-		return (UPAP_AUTHNAK);
-	    }
-	}
-	/* check the age of the password entry */
-	if (spwd && (isexpired (pw, spwd) != 0)) {
+    if (pw->pw_passwd != NULL && *pw->pw_passwd != '\0') {
+    	epasswd = crypt(passwd, pw->pw_passwd);
+	if (strcmp(epasswd, pw->pw_passwd) != 0) {
 	    return (UPAP_AUTHNAK);
 	}
     }
-#else
-    epasswd = crypt(passwd, pw->pw_passwd);
-    if (strcmp(epasswd, pw->pw_passwd)) {
-	return (UPAP_AUTHNAK);
-    }
-#endif
 #endif /* #ifdef USE_PAM */
 
     syslog(LOG_INFO, "user %s logged in", user);
@@ -923,7 +921,8 @@ null_login(unit)
  * could be found.
  */
 static int
-get_pap_passwd(char *passwd)
+get_pap_passwd(passwd)
+    char *passwd;
 {
     char *filename;
     FILE *f;