X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=3904d47508f743e670e3c3de389138199a3ed529;hb=0f9a7931d88adb8df9d962997c7cd92969f1d80d;hp=d554bfd0f7e6aecb5cfa921f903a160fd45cc92f;hpb=cb67581446e926290c6147634f7f467f48c806b5;p=ppp.git diff --git a/pppd/auth.c b/pppd/auth.c index d554bfd..3904d47 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -73,7 +73,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: auth.c,v 1.93 2003/03/03 05:11:45 paulus Exp $" +#define RCSID "$Id: auth.c,v 1.98 2004/10/31 22:23:18 paulus Exp $" #include #include @@ -114,7 +114,7 @@ #include "ecp.h" #include "ipcp.h" #include "upap.h" -#include "chap.h" +#include "chap-new.h" #include "eap.h" #ifdef CBCP_SUPPORT #include "cbcp.h" @@ -186,6 +186,12 @@ void (*pap_logout_hook) __P((void)) = NULL; /* Hook for a plugin to get the PAP password for authenticating us */ int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; +/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */ +int (*chap_check_hook) __P((void)) = NULL; + +/* Hook for a plugin to get the CHAP password for authenticating us */ +int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; + /* Hook for a plugin to say whether it is OK if the peer refuses to authenticate. */ int (*null_auth_hook) __P((struct wordlist **paddrs, @@ -634,7 +640,7 @@ link_established(unit) eap_authpeer(unit, our_name); auth |= EAP_PEER; } else if (go->neg_chap) { - ChapAuthPeer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); + chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; } else if (go->neg_upap) { upap_authpeer(unit); @@ -644,7 +650,7 @@ link_established(unit) eap_authwithpeer(unit, user); auth |= EAP_WITHPEER; } else if (ho->neg_chap) { - ChapAuthWithPeer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); + chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { if (passwd[0] == 0) { @@ -800,7 +806,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen) case PPP_CHAP: bit = CHAP_PEER; switch (prot_flavor) { - case CHAP_DIGEST_MD5: + case CHAP_MD5: bit |= CHAP_MD5_PEER; break; #ifdef CHAPMS @@ -876,7 +882,7 @@ auth_withpeer_success(unit, protocol, prot_flavor) case PPP_CHAP: bit = CHAP_WITHPEER; switch (prot_flavor) { - case CHAP_DIGEST_MD5: + case CHAP_MD5: bit |= CHAP_MD5_WITHPEER; break; #ifdef CHAPMS @@ -1066,8 +1072,8 @@ connect_time_expired(arg) void *arg; { info("Connect time expired"); - lcp_close(0, "Connect time expired"); /* Close connection */ status = EXIT_CONNECT_TIME; + lcp_close(0, "Connect time expired"); /* Close connection */ } /* @@ -1103,12 +1109,14 @@ auth_check_options() if (auth_required) { allow_any_ip = 0; if (!wo->neg_chap && !wo->neg_upap && !wo->neg_eap) { - wo->neg_chap = 1; wo->chap_mdtype = MDTYPE_ALL; + wo->neg_chap = 1; + wo->chap_mdtype = chap_mdtype_all; wo->neg_upap = 1; wo->neg_eap = 1; } } else { - wo->neg_chap = 0; wo->chap_mdtype = MDTYPE_NONE; + wo->neg_chap = 0; + wo->chap_mdtype = MDTYPE_NONE; wo->neg_upap = 0; wo->neg_eap = 0; } @@ -1245,14 +1253,15 @@ check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) if (pap_auth_hook) { ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts); if (ret >= 0) { + /* note: set_allowed_addrs() saves opts (but not addrs): + don't free it! */ if (ret) set_allowed_addrs(unit, addrs, opts); - BZERO(passwd, sizeof(passwd)); + else if (opts != 0) + free_wordlist(opts); if (addrs != 0) free_wordlist(addrs); - if (opts != 0) { - free_wordlist(opts); - } + BZERO(passwd, sizeof(passwd)); return ret? UPAP_AUTHACK: UPAP_AUTHNAK; } } @@ -1986,7 +1995,7 @@ set_allowed_addrs(unit, addrs, opts) } else { np = getnetbyname (ptr_word); if (np != NULL && np->n_addrtype == AF_INET) { - a = htonl (*(u_int32_t *)np->n_net); + a = htonl ((u_int32_t)np->n_net); if (ptr_mask == NULL) { /* calculate appropriate mask for net */ ah = ntohl(a);