*/
#ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.50 1999/04/01 07:08:47 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.55 1999/07/23 06:55:05 paulus Exp $";
#endif
#include <stdio.h>
#endif
#include "pathnames.h"
-/* Used for storing a sequence of words. Usually malloced. */
-struct wordlist {
- struct wordlist *next;
- char *word;
-};
-
/* Bits in scan_authfile return value */
#define NONWILD_SERVER 1
#define NONWILD_CLIENT 2
/* List of addresses which the peer may use. */
static struct permitted_ip *addresses[NUM_PPP];
+/* Extra options to apply, from the secrets file entry for the peer. */
+static struct wordlist *extra_options;
+
/* Number of network protocols which we have opened. */
static int num_np_open;
if (!wo->neg_upap || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
lcp_close(unit, "peer refused to authenticate");
+ status = EXIT_PEER_AUTH_FAILED;
return;
}
}
network_phase(unit)
int unit;
{
- int i;
- struct protent *protp;
lcp_options *go = &lcp_gotoptions[unit];
/*
}
#endif
+ /*
+ * Process extra options from the secrets file
+ */
+ if (extra_options) {
+ options_from_list(extra_options, 1);
+ free_wordlist(extra_options);
+ extra_options = 0;
+ }
+ start_networks();
+}
+
+void
+start_networks()
+{
+ int i;
+ struct protent *protp;
+
phase = PHASE_NETWORK;
#if 0
if (!demand)
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol < 0xC000 && protp->enabled_flag
&& protp->open != NULL) {
- (*protp->open)(unit);
+ (*protp->open)(0);
if (protp->protocol != PPP_CCP)
++num_np_open;
}
* Authentication failure: take the link down
*/
lcp_close(unit, "Authentication failed");
+ status = EXIT_PEER_AUTH_FAILED;
}
/*
/*
* At this point we consider that the link has come up successfully.
*/
- need_holdoff = 0;
+ status = EXIT_OK;
if (idle_time_limit > 0)
TIMEOUT(check_idle, NULL, idle_time_limit);
/* link is idle: shut it down. */
notice("Terminating connection due to lack of activity.");
lcp_close(0, "Link inactive");
+ need_holdoff = 0;
+ status = EXIT_IDLE_TIMEOUT;
} else {
TIMEOUT(check_idle, NULL, idle_time_limit - itime);
}
{
info("Connect time expired");
lcp_close(0, "Connect time expired"); /* Close connection */
+ status = EXIT_CONNECT_TIME;
}
/*
} else {
check_access(f, filename);
if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
- || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
+ || (!uselogin && secret[0] != 0
+ && (cryptpap || strcmp(passwd, secret) != 0)
&& strcmp(crypt(passwd, secret), secret) != 0)) {
warn("PAP authentication failure for %s", user);
ret = UPAP_AUTHNAK;
(void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET);
memset((void *)&ll, 0, sizeof(ll));
(void)time(&ll.ll_time);
- (void)strlcpy(ll.ll_line, tty, sizeof(ll.ll_line));
+ (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
(void)write(fd, (char *)&ll, sizeof(ll));
(void)close(fd);
}
/*
* set_allowed_addrs() - set the list of allowed addresses.
+ * Also looks for `--' indicating options to apply for this peer
+ * and leaves the following words in extra_options.
*/
static void
set_allowed_addrs(unit, addrs)
int unit;
struct wordlist *addrs;
{
- int n = 0;
- struct wordlist *ap;
+ int n;
+ struct wordlist *ap, **pap;
struct permitted_ip *ip;
char *ptr_word, *ptr_mask;
struct hostent *hp;
if (addresses[unit] != NULL)
free(addresses[unit]);
addresses[unit] = NULL;
+ if (extra_options != NULL)
+ free_wordlist(extra_options);
+ extra_options = NULL;
- for (ap = addrs; ap != NULL; ap = ap->next)
- ++n;
+ /*
+ * Count the number of IP addresses given, and chop off
+ * any extra options for this peer.
+ */
+ for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next, ++n) {
+ if (strcmp(ap->word, "--") == 0) {
+ /* rest are options */
+ *pap = 0;
+ extra_options = ap->next;
+ free(ap);
+ break;
+ }
+ }
if (n == 0)
return;
ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip));
projects / ppp.git / blobdiff