From 8f09b151a39f156131f85b7d018443d81c7e6308 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Sun, 15 Jun 2008 06:53:06 +0000 Subject: [PATCH] Make pppd use blank username/password when explicitly specified Patch from Jon Dubovsky. Previously pppd would use its default strategies for working out a username and password/secret to use if the user gave the empty string to the user and/or password options. Now we set a flag when an explicit username is given, and don't do the default username calculation if the flag is set. Similarly for the password. --- pppd/auth.c | 26 +++++++++++++++++++------- pppd/options.c | 6 +++++- pppd/pppd.h | 12 ++++++------ 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/pppd/auth.c b/pppd/auth.c index 8189787..424b3e5 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -68,7 +68,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: auth.c,v 1.113 2007/06/19 02:08:35 carlsonj Exp $" +#define RCSID "$Id: auth.c,v 1.114 2008/06/15 06:53:06 paulus Exp $" #include #include @@ -230,6 +230,8 @@ bool usehostname = 0; /* Use hostname for our_name */ bool auth_required = 0; /* Always require authentication from peer */ bool allow_any_ip = 0; /* Allow peer to use any IP address */ bool explicit_remote = 0; /* User specified explicit remote name */ +bool explicit_user = 0; /* Set if "user" option supplied */ +bool explicit_passwd = 0; /* Set if "password" option supplied */ char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ static char *uafname; /* name of most recent +ua file */ @@ -355,11 +357,13 @@ option_t auth_options[] = { OPT_PRIO | OPT_A2STRVAL, &uafname }, { "user", o_string, user, - "Set name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN }, + "Set name for auth with peer", OPT_PRIO | OPT_STATIC, + &explicit_user, MAXNAMELEN }, { "password", o_string, passwd, "Password for authenticating us to the peer", - OPT_PRIO | OPT_STATIC | OPT_HIDE, NULL, MAXSECRETLEN }, + OPT_PRIO | OPT_STATIC | OPT_HIDE, + &explicit_passwd, MAXSECRETLEN }, { "usehostname", o_bool, &usehostname, "Must use hostname for authentication", 1 }, @@ -446,10 +450,14 @@ setupapfile(argv) if (l > 0 && p[l-1] == '\n') p[l-1] = 0; - if (override_value("user", option_priority, fname)) + if (override_value("user", option_priority, fname)) { strlcpy(user, u, sizeof(user)); - if (override_value("passwd", option_priority, fname)) + explicit_user = 1; + } + if (override_value("passwd", option_priority, fname)) { strlcpy(passwd, p, sizeof(passwd)); + explicit_passwd = 1; + } return (1); } @@ -770,7 +778,9 @@ link_established(unit) chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { - if (passwd[0] == 0) { + /* If a blank password was explicitly given as an option, trust + the user and don't try to look up one. */ + if (passwd[0] == 0 && !explicit_passwd) { passwd_from_file = 1; if (!get_pap_passwd(passwd)) error("No secret found for PAP login"); @@ -1212,7 +1222,9 @@ auth_check_options() /* Default our_name to hostname, and user to our_name */ if (our_name[0] == 0 || usehostname) strlcpy(our_name, hostname, sizeof(our_name)); - if (user[0] == 0) + /* If a blank username was explicitly given as an option, trust + the user and don't use our_name */ + if (user[0] == 0 && !explicit_user) strlcpy(user, our_name, sizeof(user)); /* diff --git a/pppd/options.c b/pppd/options.c index 0285b1b..482eab9 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -40,7 +40,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: options.c,v 1.101 2008/06/03 12:07:13 paulus Exp $" +#define RCSID "$Id: options.c,v 1.102 2008/06/15 06:53:06 paulus Exp $" #include #include @@ -796,6 +796,10 @@ process_option(opt, cmd, argv) break; } + /* + * If addr2 wasn't used by any flag (OPT_A2COPY, etc.) but is set, + * treat it as a bool and set/clear it based on the OPT_A2CLR bit. + */ if (opt->addr2 && (opt->flags & (OPT_A2COPY|OPT_ENABLE |OPT_A2PRINTER|OPT_A2STRVAL|OPT_A2LIST|OPT_A2OR)) == 0) *(bool *)(opt->addr2) = !(opt->flags & OPT_A2CLR); diff --git a/pppd/pppd.h b/pppd/pppd.h index ae38f67..06f1658 100644 --- a/pppd/pppd.h +++ b/pppd/pppd.h @@ -39,7 +39,7 @@ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * $Id: pppd.h,v 1.93 2008/06/03 12:06:37 paulus Exp $ + * $Id: pppd.h,v 1.94 2008/06/15 06:53:06 paulus Exp $ */ /* @@ -115,19 +115,19 @@ typedef struct { #define OPT_VALUE 0xff /* mask for presupplied value */ #define OPT_HEX 0x100 /* int option is in hex */ #define OPT_NOARG 0x200 /* option doesn't take argument */ -#define OPT_OR 0x400 /* OR in argument to value */ -#define OPT_INC 0x800 /* increment value */ +#define OPT_OR 0x400 /* for u32, OR in argument to value */ +#define OPT_INC 0x400 /* for o_int, increment value */ #define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */ #define OPT_PRIV 0x1000 /* privileged option */ #define OPT_STATIC 0x2000 /* string option goes into static array */ +#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */ #define OPT_LLIMIT 0x4000 /* check value against lower limit */ #define OPT_ULIMIT 0x8000 /* check value against upper limit */ #define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT) #define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */ #define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */ -#define OPT_A2LIST 0x10000 /* for o_special, keep list of values */ -#define OPT_A2CLRB 0x10000 /* o_bool, clr val bits in *(u_char *)addr2 */ -#define OPT_NOINCR 0x20000 /* value mustn't be increased */ +#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */ +#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */ #define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */ #define OPT_PRIO 0x80000 /* process option priorities for this option */ #define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */ -- 2.39.2