X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=bff01a7b432d54d1b6550b806eb6675a7a104b22;hb=b077002b88d6e941583641ccc73aefebdc3d3ef6;hp=9a6bfb1a8a4a1b38c7778eeb6ed7869aac908361;hpb=37a8acc7ee2527693d0c8ba82b2eaea249abde34;p=ppp.git diff --git a/pppd/auth.c b/pppd/auth.c index 9a6bfb1..bff01a7 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -32,7 +32,7 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#define RCSID "$Id: auth.c,v 1.68 2001/03/08 05:11:10 paulus Exp $" +#define RCSID "$Id: auth.c,v 1.71 2001/11/09 10:33:42 paulus Exp $" #include #include @@ -132,6 +132,18 @@ void (*pap_logout_hook) __P((void)) = NULL; /* Hook for a plugin to get the PAP password for authenticating us */ int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; +/* Hook for a plugin to say whether it is OK if the peer + refuses to authenticate. */ +int (*null_auth_hook) __P((struct wordlist **paddrs, + struct wordlist **popts)) = NULL; + +/* A notifier for when the peer has authenticated itself, + and we are proceeding to the network phase. */ +struct notifier *auth_up_notifier = NULL; + +/* A notifier for when the link goes down. */ +struct notifier *link_down_notifier = NULL; + /* * This is used to ensure that we don't start an auth-up/down * script while one is already running. @@ -407,6 +419,7 @@ link_down(unit) int i; struct protent *protp; + notify(link_down_notifier, 0); auth_state = s_down; if (auth_script_state == s_up && auth_script_pid == 0) { update_link_stats(unit); @@ -424,7 +437,7 @@ link_down(unit) num_np_open = 0; num_np_up = 0; if (phase != PHASE_DEAD) - new_phase(PHASE_TERMINATE); + new_phase(PHASE_ESTABLISH); } /* @@ -509,6 +522,7 @@ network_phase(unit) * If the peer had to authenticate, run the auth-up script now. */ if (go->neg_chap || go->neg_upap) { + notify(auth_up_notifier, 0); auth_state = s_up; if (auth_script_state == s_down && auth_script_pid == 0) { auth_script_state = s_up; @@ -727,6 +741,7 @@ np_down(unit, proto) { if (--num_np_up == 0) { UNTIMEOUT(check_idle, NULL); + UNTIMEOUT(connect_time_expired, NULL); new_phase(PHASE_NETWORK); } } @@ -1250,19 +1265,29 @@ null_login(unit) struct wordlist *addrs, *opts; char secret[MAXWORDLEN]; + /* + * Check if a plugin wants to handle this. + */ + ret = -1; + if (null_auth_hook) + ret = (*null_auth_hook)(&addrs, &opts); + /* * Open the file of pap secrets and scan for a suitable secret. */ - filename = _PATH_UPAPFILE; - addrs = NULL; - f = fopen(filename, "r"); - if (f == NULL) - return 0; - check_access(f, filename); + if (ret <= 0) { + filename = _PATH_UPAPFILE; + addrs = NULL; + f = fopen(filename, "r"); + if (f == NULL) + return 0; + check_access(f, filename); - i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename); - ret = i >= 0 && secret[0] == 0; - BZERO(secret, sizeof(secret)); + i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename); + ret = i >= 0 && secret[0] == 0; + BZERO(secret, sizeof(secret)); + fclose(f); + } if (ret) set_allowed_addrs(unit, addrs, opts); @@ -1271,7 +1296,6 @@ null_login(unit) if (addrs != 0) free_wordlist(addrs); - fclose(f); return ret; } @@ -1605,8 +1629,15 @@ set_allowed_addrs(unit, addrs, opts) * which is a single host, then use that if we find one. */ if (suggested_ip != 0 - && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) + && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) { wo->hisaddr = suggested_ip; + /* + * Do we insist on this address? No, if there are other + * addresses authorized than the suggested one. + */ + if (n > 1) + wo->accept_remote = 1; + } } /*