X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fsession.c;h=473e51e1912f63074eb7c1d058a601f17fc2749e;hb=3a7593be1582b204214f1ff9bbce849e22a81876;hp=05dcb769994190879741a83dca51fe952113ad6d;hpb=e5b9a1061f126b36c558aea09fd76fd691ebf018;p=ppp.git

diff --git a/pppd/session.c b/pppd/session.c
index 05dcb76..473e51e 100644
--- a/pppd/session.c
+++ b/pppd/session.c
@@ -73,6 +73,13 @@
 #include <string.h>
 #include <pwd.h>
 #include <crypt.h>
+#ifdef HAS_SHADOW
+#include <shadow.h>
+#endif
+#include <time.h>
+#include <utmp.h>
+#include <fcntl.h>
+#include <unistd.h>
 #include "pppd.h"
 #include "session.h"
 
@@ -164,13 +171,14 @@ session_start(flags, user, passwd, ttyName, msg)
     const char *ttyName;
     char **msg;
 {
-    bool ok = 1;
 #ifdef USE_PAM
+    bool ok = 1;
     const char *usr;
     int pam_error;
     bool try_session = 0;
 #else /* #ifdef USE_PAM */
     struct passwd *pw;
+    char *cbuf;
 #ifdef HAS_SHADOW
     struct spwd *spwd;
     struct spwd *getspnam();
@@ -289,9 +297,11 @@ session_start(flags, user, passwd, ttyName, msg)
 #else /* #ifdef USE_PAM */
 
 /*
- * Use the non-PAM methods directly
+ * Use the non-PAM methods directly.  'pw' will remain NULL if the user
+ * has not been authenticated using local UNIX system services.
  */
 
+    pw = NULL;
     if ((SESS_AUTH & flags)) {
 	pw = getpwnam(user);
 
@@ -339,8 +349,10 @@ session_start(flags, user, passwd, ttyName, msg)
 	/*
 	 * If no passwd, don't let them login if we're authenticating.
 	 */
-        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
-            || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
+        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
+            return SESSION_FAILED;
+	cbuf = crypt(passwd, pw->pw_passwd);
+	if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
             return SESSION_FAILED;
     }
 
@@ -357,16 +369,23 @@ session_start(flags, user, passwd, ttyName, msg)
 	logged_in = 1;
 
 #if defined(_PATH_LASTLOG) && !defined(USE_PAM)
-	{
+	/*
+	 * Enter the user in lastlog only if he has been authenticated using
+	 * local system services.  If he has not, then we don't know what his
+	 * UID might be, and lastlog is indexed by UID.
+	 */
+	if (pw != NULL) {
             struct lastlog ll;
             int fd;
+	    time_t tnow;
 
             if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
                 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET);
                 memset((void *)&ll, 0, sizeof(ll));
-                (void)time(&ll.ll_time);
-                (void)strncpy(ll.ll_line, ttyName, sizeof(ll.ll_line));
-                (void)strncpy(ll.ll_host, ifname, sizeof(ll.ll_host));
+		(void)time(&tnow);
+                ll.ll_time = tnow;
+                strlcpy(ll.ll_line, ttyName, sizeof(ll.ll_line));
+                strlcpy(ll.ll_host, ifname, sizeof(ll.ll_host));
                 (void)write(fd, (char *)&ll, sizeof(ll));
                 (void)close(fd);
             }