#define RCSID "$Id: auth.c,v 1.117 2008/07/01 12:27:56 paulus Exp $"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <arpa/inet.h>
-#ifdef HAS_SHADOW
+#ifdef HAVE_SHADOW_H
#include <shadow.h>
#ifndef PW_PPP
#define PW_PPP PW_LOGIN
#endif
#include <time.h>
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
#ifdef SYSTEMD
#include <systemd/sd-daemon.h>
#endif
bool tls_verify_key_usage = 0;
bool need_peer_eap = 0; /* Require peer to authenticate us */
#endif
+bool tls_verify_cert = 0; /* Do not verify server's SSL certificate */
static char *uafname; /* name of most recent +ua file */
-extern char *crypt (const char *, const char *);
-
/* Prototypes for procedures local to this file. */
static void network_phase (int);
"Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST },
+ { "tls-verify-certificate", o_bool, &tls_verify_cert,
+ "Enable server's SSL certificate validation", 1 },
+
#ifdef USE_EAPTLS
{ "ca", o_string, &cacert_file, "EAP-TLS CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "EAP-TLS CA certificate directory" },
if (secret[0] != 0 && !login_secret) {
/* password given in pap-secrets - must match */
if (cryptpap || strcmp(passwd, secret) != 0) {
+#ifdef HAVE_CRYPT_H
char *cbuf = crypt(passwd, secret);
if (!cbuf || strcmp(cbuf, secret) != 0)
+#endif
ret = UPAP_AUTHNAK;
}
}