New CHAP implementation, rewritten from scratch to avoid the code

[ppp.git] / pppd / auth.c

diff --git a/pppd/auth.c b/pppd/auth.c
index a4f7775adb6a5ff69ff090e590b7008bf01eb1cd..002ec859f880abb2363982e62220902385272fa6 100644 (file)
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -73,7 +73,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID  "$Id: auth.c,v 1.92 2003/02/16 22:29:50 paulus Exp $"
+#define RCSID  "$Id: auth.c,v 1.95 2003/06/11 23:56:26 paulus Exp $"
 
 #include <stdio.h>
 #include <stddef.h>
@@ -114,7 +114,7 @@
 #include "ecp.h"
 #include "ipcp.h"
 #include "upap.h"
-#include "chap.h"
+#include "chap-new.h"
 #include "eap.h"
 #ifdef CBCP_SUPPORT
 #include "cbcp.h"
@@ -186,6 +186,12 @@ void (*pap_logout_hook) __P((void)) = NULL;
 /* Hook for a plugin to get the PAP password for authenticating us */
 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
 
+/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */
+int (*chap_check_hook) __P((void)) = NULL;
+
+/* Hook for a plugin to get the CHAP password for authenticating us */
+int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL;
+
 /* Hook for a plugin to say whether it is OK if the peer
    refuses to authenticate. */
 int (*null_auth_hook) __P((struct wordlist **paddrs,
@@ -428,7 +434,8 @@ setupapfile(argv)
 
     /* get username */
     if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
-       || fgets(p, MAXSECRETLEN - 1, ufile) == NULL){
+       || fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
+       fclose(ufile);
        option_error("unable to read user login data file %s", fname);
        return 0;
     }
@@ -633,7 +640,7 @@ link_established(unit)
        eap_authpeer(unit, our_name);
        auth |= EAP_PEER;
     } else if (go->neg_chap) {
-       ChapAuthPeer(unit, our_name, CHAP_DIGEST(go->chap_mdtype));
+       chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype));
        auth |= CHAP_PEER;
     } else if (go->neg_upap) {
        upap_authpeer(unit);
@@ -643,7 +650,7 @@ link_established(unit)
        eap_authwithpeer(unit, user);
        auth |= EAP_WITHPEER;
     } else if (ho->neg_chap) {
-       ChapAuthWithPeer(unit, user, CHAP_DIGEST(ho->chap_mdtype));
+       chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype));
        auth |= CHAP_WITHPEER;
     } else if (ho->neg_upap) {
        if (passwd[0] == 0) {
@@ -799,7 +806,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen)
     case PPP_CHAP:
        bit = CHAP_PEER;
        switch (prot_flavor) {
-       case CHAP_DIGEST_MD5:
+       case CHAP_MD5:
            bit |= CHAP_MD5_PEER;
            break;
 #ifdef CHAPMS
@@ -875,7 +882,7 @@ auth_withpeer_success(unit, protocol, prot_flavor)
     case PPP_CHAP:
        bit = CHAP_WITHPEER;
        switch (prot_flavor) {
-       case CHAP_DIGEST_MD5:
+       case CHAP_MD5:
            bit |= CHAP_MD5_WITHPEER;
            break;
 #ifdef CHAPMS
@@ -1149,6 +1156,14 @@ auth_check_options()
 
        exit(1);
     }
+
+    /*
+     * Early check for remote number authorization.
+     */
+    if (!auth_number()) {
+       warn("calling number %q is not authorized", remote_number);
+       exit(EXIT_CNID_AUTH_FAILED);
+    }
 }
 
 /*
@@ -1977,7 +1992,7 @@ set_allowed_addrs(unit, addrs, opts)
        } else {
            np = getnetbyname (ptr_word);
            if (np != NULL && np->n_addrtype == AF_INET) {
-               a = htonl (*(u_int32_t *)np->n_net);
+               a = htonl ((u_int32_t)np->n_net);
                if (ptr_mask == NULL) {
                    /* calculate appropriate mask for net */
                    ah = ntohl(a);