Plugin for supplying CHAP password via a dedicated fd. (Arvin Schnell <arvin@suse...

[ppp.git] / pppd / plugins / passwordfd.c

diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c
new file mode 100644 (file)
index 0000000..d718f3b
--- /dev/null
+++ b/pppd/plugins/passwordfd.c
@@ -0,0 +1,82 @@
+
+/*
+ *  Author: Arvin Schnell <arvin@suse.de>
+ *
+ *  This plugin let's you pass the password to the pppd via
+ *  a file descriptor. That's easy and secure - no fiddling
+ *  with pap- and chap-secrets files.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "pppd.h"
+
+char pppd_version[] = VERSION;
+
+static int passwdfd = -1;
+static char save_passwd[MAXSECRETLEN];
+
+static option_t options[] = {
+    { "passwordfd", o_int, &passwdfd,
+      "Receive password on this file descriptor" },
+    { NULL }
+};
+
+static int pwfd_check (void)
+{
+    return 1;
+}
+
+static int pwfd_passwd (char *user, char *passwd)
+{
+    int readgood, red;
+
+    if (passwdfd == -1)
+       return -1;
+
+    if (passwd == NULL)
+       return 1;
+
+    if (passwdfd == -2) {
+       strcpy (passwd, save_passwd);
+       return 1;
+    }
+
+    readgood = 0;
+    do {
+       red = read (passwdfd, passwd + readgood, MAXSECRETLEN - 1 - readgood);
+       if (red == 0)
+           break;
+       if (red < 0) {
+           error ("Can't read secret from fd\n");
+           readgood = -1;
+           break;
+       }
+       readgood += red;
+    } while (readgood < MAXSECRETLEN - 1);
+
+    close (passwdfd);
+
+    if (readgood < 0)
+       return 0;
+
+    passwd[readgood] = 0;
+    strcpy (save_passwd, passwd);
+    passwdfd = -2;
+
+    return 1;
+}
+
+void plugin_init (void)
+{
+    add_options (options);
+
+    pap_check_hook = pwfd_check;
+    pap_passwd_hook = pwfd_passwd;
+
+    chap_check_hook = pwfd_check;
+    chap_passwd_hook = pwfd_passwd;
+}