* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: auth.c,v 1.72 2002/01/11 18:07:45 etbe Exp $"
+#define RCSID "$Id: auth.c,v 1.73 2002/01/22 16:02:58 dfs Exp $"
#include <stdio.h>
#include <stddef.h>
int (*null_auth_hook) __P((struct wordlist **paddrs,
struct wordlist **popts)) = NULL;
+int (*allowed_address_hook) __P((u_int32_t addr)) = NULL;
+
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
BZERO(passwd, sizeof(passwd));
if (addrs != 0)
free_wordlist(addrs);
+ if (opts != 0) {
+ free_wordlist(opts);
+ }
return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
}
}
char *filename;
struct wordlist *addrs;
+ if (chap_check_hook) {
+ ret = (*chap_check_hook)();
+ if (ret >= 0) {
+ return ret;
+ }
+ }
+
filename = _PATH_CHAPFILE;
f = fopen(filename, "r");
if (f == NULL)
if (!am_server && passwd[0] != 0) {
strlcpy(secbuf, passwd, sizeof(secbuf));
+ } else if (!am_server && chap_passwd_hook) {
+ if ( (*chap_passwd_hook)(client, secbuf) < 0) {
+ error("Unable to obtain CHAP password for %s on %s from plugin",
+ client, server);
+ return 0;
+ }
} else {
filename = _PATH_CHAPFILE;
addrs = NULL;
if (bad_ip_adrs(addr))
return 0;
+ if (allowed_address_hook) {
+ ok = allowed_address_hook(addr);
+ if (ok >= 0) return ok;
+ }
+
if (addresses[unit] != NULL) {
ok = ip_addr_check(addr, addresses[unit]);
if (ok >= 0)
return ok;
}
+
if (auth_required)
return 0; /* no addresses authorized */
return allow_any_ip || privileged || !have_route_to(addr);