X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=002ec859f880abb2363982e62220902385272fa6;hb=71d3de90eae52087b405e962ca650b71cec79c67;hp=a4f7775adb6a5ff69ff090e590b7008bf01eb1cd;hpb=5116fdc189652e3c39e2581a01b7ff5b4cefd514;p=ppp.git diff --git a/pppd/auth.c b/pppd/auth.c index a4f7775..002ec85 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -73,7 +73,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: auth.c,v 1.92 2003/02/16 22:29:50 paulus Exp $" +#define RCSID "$Id: auth.c,v 1.95 2003/06/11 23:56:26 paulus Exp $" #include #include @@ -114,7 +114,7 @@ #include "ecp.h" #include "ipcp.h" #include "upap.h" -#include "chap.h" +#include "chap-new.h" #include "eap.h" #ifdef CBCP_SUPPORT #include "cbcp.h" @@ -186,6 +186,12 @@ void (*pap_logout_hook) __P((void)) = NULL; /* Hook for a plugin to get the PAP password for authenticating us */ int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; +/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */ +int (*chap_check_hook) __P((void)) = NULL; + +/* Hook for a plugin to get the CHAP password for authenticating us */ +int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; + /* Hook for a plugin to say whether it is OK if the peer refuses to authenticate. */ int (*null_auth_hook) __P((struct wordlist **paddrs, @@ -428,7 +434,8 @@ setupapfile(argv) /* get username */ if (fgets(u, MAXNAMELEN - 1, ufile) == NULL - || fgets(p, MAXSECRETLEN - 1, ufile) == NULL){ + || fgets(p, MAXSECRETLEN - 1, ufile) == NULL) { + fclose(ufile); option_error("unable to read user login data file %s", fname); return 0; } @@ -633,7 +640,7 @@ link_established(unit) eap_authpeer(unit, our_name); auth |= EAP_PEER; } else if (go->neg_chap) { - ChapAuthPeer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); + chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; } else if (go->neg_upap) { upap_authpeer(unit); @@ -643,7 +650,7 @@ link_established(unit) eap_authwithpeer(unit, user); auth |= EAP_WITHPEER; } else if (ho->neg_chap) { - ChapAuthWithPeer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); + chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { if (passwd[0] == 0) { @@ -799,7 +806,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen) case PPP_CHAP: bit = CHAP_PEER; switch (prot_flavor) { - case CHAP_DIGEST_MD5: + case CHAP_MD5: bit |= CHAP_MD5_PEER; break; #ifdef CHAPMS @@ -875,7 +882,7 @@ auth_withpeer_success(unit, protocol, prot_flavor) case PPP_CHAP: bit = CHAP_WITHPEER; switch (prot_flavor) { - case CHAP_DIGEST_MD5: + case CHAP_MD5: bit |= CHAP_MD5_WITHPEER; break; #ifdef CHAPMS @@ -1149,6 +1156,14 @@ auth_check_options() exit(1); } + + /* + * Early check for remote number authorization. + */ + if (!auth_number()) { + warn("calling number %q is not authorized", remote_number); + exit(EXIT_CNID_AUTH_FAILED); + } } /* @@ -1977,7 +1992,7 @@ set_allowed_addrs(unit, addrs, opts) } else { np = getnetbyname (ptr_word); if (np != NULL && np->n_addrtype == AF_INET) { - a = htonl (*(u_int32_t *)np->n_net); + a = htonl ((u_int32_t)np->n_net); if (ptr_mask == NULL) { /* calculate appropriate mask for net */ ah = ntohl(a);