X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fauth.c;h=e78773ef90e3c7b8f6706aed07a66cde99bac88a;hb=bf69479845b0dc57e75423be4dd2491cadda1f89;hp=e435e6c7fea0d540e875f05a6cdf26f051f0f9b2;hpb=bc3775fa3f711516fbd0890035a8ddc145ad2ff0;p=ppp.git diff --git a/pppd/auth.c b/pppd/auth.c index e435e6c..e78773e 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -68,7 +68,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: auth.c,v 1.105 2005/07/12 01:07:59 paulus Exp $" +#define RCSID "$Id: auth.c,v 1.110 2006/06/04 07:04:57 paulus Exp $" #include #include @@ -418,9 +418,13 @@ setupapfile(argv) fname = strdup(*argv); if (fname == NULL) novm("+ua file name"); - seteuid(getuid()); + if (seteuid(getuid()) == -1) { + option_error("unable to reset uid before opening %s: %m", fname); + return ; + } ufile = fopen(fname, "r"); - seteuid(0); + if (seteuid(0) == -1) + fatal("unable to regain privileges: %m"); if (ufile == NULL) { option_error("unable to open user login data file %s", fname); return 0; @@ -652,6 +656,8 @@ link_terminated(unit) the_channel->disconnect(); devfd = -1; } + if (the_channel->cleanup) + (*the_channel->cleanup)(); if (doing_multilink && multilink_master) { if (!bundle_terminating) @@ -744,8 +750,8 @@ link_established(unit) set_allowed_addrs(unit, NULL, NULL); } else if (!wo->neg_upap || uselogin || !null_login(unit)) { warn("peer refused to authenticate: terminating link"); - lcp_close(unit, "peer refused to authenticate"); status = EXIT_PEER_AUTH_FAILED; + lcp_close(unit, "peer refused to authenticate"); return; } } @@ -904,8 +910,8 @@ auth_peer_fail(unit, protocol) /* * Authentication failure: take the link down */ - lcp_close(unit, "Authentication failed"); status = EXIT_PEER_AUTH_FAILED; + lcp_close(unit, "Authentication failed"); } /* @@ -982,8 +988,8 @@ auth_withpeer_fail(unit, protocol) * is no point in persisting without any way to get updated * authentication secrets. */ - lcp_close(unit, "Failed to authenticate ourselves to peer"); status = EXIT_AUTH_TOPEER_FAILED; + lcp_close(unit, "Failed to authenticate ourselves to peer"); } /* @@ -994,10 +1000,12 @@ auth_withpeer_success(unit, protocol, prot_flavor) int unit, protocol, prot_flavor; { int bit; + const char *prot = ""; switch (protocol) { case PPP_CHAP: bit = CHAP_WITHPEER; + prot = "CHAP"; switch (prot_flavor) { case CHAP_MD5: bit |= CHAP_MD5_WITHPEER; @@ -1016,15 +1024,19 @@ auth_withpeer_success(unit, protocol, prot_flavor) if (passwd_from_file) BZERO(passwd, MAXSECRETLEN); bit = PAP_WITHPEER; + prot = "PAP"; break; case PPP_EAP: bit = EAP_WITHPEER; + prot = "EAP"; break; default: warn("auth_withpeer_success: unknown protocol %x", protocol); bit = 0; } + notice("%s authentication succeeded", prot); + /* Save the authentication method for later. */ auth_done[unit] |= bit; @@ -1141,9 +1153,9 @@ check_maxoctets(arg) diff = maxoctets - used; if(diff < 0) { notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used); + status = EXIT_TRAFFIC_LIMIT; lcp_close(0, "Traffic limit"); need_holdoff = 0; - status = EXIT_TRAFFIC_LIMIT; } else { TIMEOUT(check_maxoctets, NULL, maxoctets_timeout); } @@ -1173,9 +1185,9 @@ check_idle(arg) if (tlim <= 0) { /* link is idle: shut it down. */ notice("Terminating connection due to lack of activity."); + status = EXIT_IDLE_TIMEOUT; lcp_close(0, "Link inactive"); need_holdoff = 0; - status = EXIT_IDLE_TIMEOUT; } else { TIMEOUT(check_idle, NULL, tlim); } @@ -2552,5 +2564,5 @@ auth_script(script) argv[5] = strspeed; argv[6] = NULL; - auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); + auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0); }