X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=139aca106f57d1ccc4a6f9cddb995f486ba55937;hb=a8ac4606ea90b5951d701b303e0ddcb87934c9e1;hp=778397d7b02df33237c7e159f68a7378ad33b9e6;hpb=52e781b87df66bd5a4eb075791f4d91604016144;p=ppp.git

diff --git a/pppd/auth.c b/pppd/auth.c
index 778397d..139aca1 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.50 1999/04/01 07:08:47 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.55 1999/07/23 06:55:05 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -78,12 +78,6 @@ static char rcsid[] = "$Id: auth.c,v 1.50 1999/04/01 07:08:47 paulus Exp $";
 #endif
 #include "pathnames.h"
 
-/* Used for storing a sequence of words.  Usually malloced. */
-struct wordlist {
-    struct wordlist	*next;
-    char		*word;
-};
-
 /* Bits in scan_authfile return value */
 #define NONWILD_SERVER	1
 #define NONWILD_CLIENT	2
@@ -102,6 +96,9 @@ static int logged_in;
 /* List of addresses which the peer may use. */
 static struct permitted_ip *addresses[NUM_PPP];
 
+/* Extra options to apply, from the secrets file entry for the peer. */
+static struct wordlist *extra_options;
+
 /* Number of network protocols which we have opened. */
 static int num_np_open;
 
@@ -367,6 +364,7 @@ link_established(unit)
 	if (!wo->neg_upap || !null_login(unit)) {
 	    warn("peer refused to authenticate: terminating link");
 	    lcp_close(unit, "peer refused to authenticate");
+	    status = EXIT_PEER_AUTH_FAILED;
 	    return;
 	}
     }
@@ -405,8 +403,6 @@ static void
 network_phase(unit)
     int unit;
 {
-    int i;
-    struct protent *protp;
     lcp_options *go = &lcp_gotoptions[unit];
 
     /*
@@ -431,6 +427,23 @@ network_phase(unit)
     }
 #endif
 
+    /*
+     * Process extra options from the secrets file
+     */
+    if (extra_options) {
+	options_from_list(extra_options, 1);
+	free_wordlist(extra_options);
+	extra_options = 0;
+    }
+    start_networks();
+}
+
+void
+start_networks()
+{
+    int i;
+    struct protent *protp;
+
     phase = PHASE_NETWORK;
 #if 0
     if (!demand)
@@ -439,7 +452,7 @@ network_phase(unit)
     for (i = 0; (protp = protocols[i]) != NULL; ++i)
         if (protp->protocol < 0xC000 && protp->enabled_flag
 	    && protp->open != NULL) {
-	    (*protp->open)(unit);
+	    (*protp->open)(0);
 	    if (protp->protocol != PPP_CCP)
 		++num_np_open;
 	}
@@ -460,6 +473,7 @@ auth_peer_fail(unit, protocol)
      * Authentication failure: take the link down
      */
     lcp_close(unit, "Authentication failed");
+    status = EXIT_PEER_AUTH_FAILED;
 }
 
 /*
@@ -561,7 +575,7 @@ np_up(unit, proto)
 	/*
 	 * At this point we consider that the link has come up successfully.
 	 */
-	need_holdoff = 0;
+	status = EXIT_OK;
 
 	if (idle_time_limit > 0)
 	    TIMEOUT(check_idle, NULL, idle_time_limit);
@@ -625,6 +639,8 @@ check_idle(arg)
 	/* link is idle: shut it down. */
 	notice("Terminating connection due to lack of activity.");
 	lcp_close(0, "Link inactive");
+	need_holdoff = 0;
+	status = EXIT_IDLE_TIMEOUT;
     } else {
 	TIMEOUT(check_idle, NULL, idle_time_limit - itime);
     }
@@ -639,6 +655,7 @@ connect_time_expired(arg)
 {
     info("Connect time expired");
     lcp_close(0, "Connect time expired");	/* Close connection */
+    status = EXIT_CONNECT_TIME;
 }
 
 /*
@@ -785,7 +802,8 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen)
     } else {
 	check_access(f, filename);
 	if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
-	    || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
+	    || (!uselogin && secret[0] != 0
+		&& (cryptpap || strcmp(passwd, secret) != 0)
 		&& strcmp(crypt(passwd, secret), secret) != 0)) {
 	    warn("PAP authentication failure for %s", user);
 	    ret = UPAP_AUTHNAK;
@@ -1016,7 +1034,7 @@ plogin(user, passwd, msg, msglen)
 		(void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET);
 		memset((void *)&ll, 0, sizeof(ll));
 		(void)time(&ll.ll_time);
-		(void)strlcpy(ll.ll_line, tty, sizeof(ll.ll_line));
+		(void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
 		(void)write(fd, (char *)&ll, sizeof(ll));
 		(void)close(fd);
 	    }
@@ -1260,14 +1278,16 @@ get_secret(unit, client, server, secret, secret_len, save_addrs)
 
 /*
  * set_allowed_addrs() - set the list of allowed addresses.
+ * Also looks for `--' indicating options to apply for this peer
+ * and leaves the following words in extra_options.
  */
 static void
 set_allowed_addrs(unit, addrs)
     int unit;
     struct wordlist *addrs;
 {
-    int n = 0;
-    struct wordlist *ap;
+    int n;
+    struct wordlist *ap, **pap;
     struct permitted_ip *ip;
     char *ptr_word, *ptr_mask;
     struct hostent *hp;
@@ -1279,9 +1299,23 @@ set_allowed_addrs(unit, addrs)
     if (addresses[unit] != NULL)
 	free(addresses[unit]);
     addresses[unit] = NULL;
+    if (extra_options != NULL)
+	free_wordlist(extra_options);
+    extra_options = NULL;
 
-    for (ap = addrs; ap != NULL; ap = ap->next)
-	++n;
+    /*
+     * Count the number of IP addresses given, and chop off
+     * any extra options for this peer.
+     */
+    for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next, ++n) {
+	if (strcmp(ap->word, "--") == 0) {
+	    /* rest are options */
+	    *pap = 0;
+	    extra_options = ap->next;
+	    free(ap);
+	    break;
+	}
+    }
     if (n == 0)
 	return;
     ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip));