X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fsession.c;h=2f1c83e5552cd3afd59813e82d6b8bdf3de6294b;hp=32901a24546f5913b67cdced816f002de9edc6e3;hb=HEAD;hpb=5ab66a84426007d5da830b4ffe35067e25fe54f1

diff --git a/pppd/session.c b/pppd/session.c
index 32901a2..f08d8e1 100644
--- a/pppd/session.c
+++ b/pppd/session.c
@@ -17,7 +17,7 @@
  * 3. Redistributions of any form whatsoever must retain the following
  *    acknowledgment:
  *    "This product includes software developed by Paul Mackerras
- *     <paulus@samba.org>".
+ *     <paulus@ozlabs.org>".
  *
  * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
@@ -68,24 +68,33 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <pwd.h>
+
+#ifdef HAVE_CRYPT_H
 #include <crypt.h>
-#ifdef HAS_SHADOW
+#endif
+
+#ifdef HAVE_SHADOW_H
 #include <shadow.h>
 #endif
+
 #include <time.h>
 #include <utmp.h>
 #include <fcntl.h>
 #include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
 #include "session.h"
 
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
 #include <security/pam_appl.h>
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
 
 #define SET_MSG(var, msg) if (var != NULL) { var[0] = msg; }
 #define COPY_STRING(s) ((s) ? strdup(s) : NULL)
@@ -100,7 +109,7 @@
 /* We have successfully started a session */
 static bool logged_in = 0;
 
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
 /*
  * Static variables used to communicate between the conversation function
  * and the server_login function
@@ -116,10 +125,7 @@ static pam_handle_t *pamh = NULL;
  */
 
 static int conversation (int num_msg,
-#ifndef SOL2
-    const
-#endif
-    struct pam_message **msg,
+    const struct pam_message **msg,
     struct pam_response **resp, void *appdata_ptr)
 {
     int replies = 0;
@@ -161,29 +167,25 @@ static struct pam_conv pam_conv_data = {
     &conversation,
     NULL
 };
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
 
 int
-session_start(flags, user, passwd, ttyName, msg)
-    const int flags;
-    const char *user;
-    const char *passwd;
-    const char *ttyName;
-    char **msg;
+session_start(const int flags, const char *user, const char *passwd, const char *ttyName, char **msg)
 {
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
     bool ok = 1;
     const char *usr;
     int pam_error;
     bool try_session = 0;
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
     struct passwd *pw;
-#ifdef HAS_SHADOW
+    char *cbuf;
+#ifdef HAVE_SHADOW_H
     struct spwd *spwd;
     struct spwd *getspnam();
     long now = 0;
-#endif /* #ifdef HAS_SHADOW */
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef HAVE_SHADOW_H */
+#endif /* #ifdef PPP_WITH_PAM */
 
     SET_MSG(msg, SUCCESS_MSG);
 
@@ -197,7 +199,7 @@ session_start(flags, user, passwd, ttyName, msg)
        return SESSION_FAILED;
     }
 
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
     /* Find the '\\' in the username */
     /* This needs to be fixed to support different username schemes */
     if ((usr = strchr(user, '\\')) == NULL)
@@ -293,7 +295,7 @@ session_start(flags, user, passwd, ttyName, msg)
     /* If our PAM checks have already failed, then we must return a failure */
     if (!ok) return SESSION_FAILED;
 
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
 
 /*
  * Use the non-PAM methods directly.  'pw' will remain NULL if the user
@@ -312,7 +314,7 @@ session_start(flags, user, passwd, ttyName, msg)
 	if (pw == NULL)
 	    return SESSION_FAILED;
 
-#ifdef HAS_SHADOW
+#ifdef HAVE_SHADOW_H
 
 	spwd = getspnam(user);
 	endspent();
@@ -343,17 +345,21 @@ session_start(flags, user, passwd, ttyName, msg)
 	/* We have a valid shadow entry, keep the password */
 	pw->pw_passwd = spwd->sp_pwdp;
 
-#endif /* #ifdef HAS_SHADOW */
+#endif /* #ifdef HAVE_SHADOW_H */
 
 	/*
 	 * If no passwd, don't let them login if we're authenticating.
 	 */
-        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
-            || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
+        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
+            return SESSION_FAILED;
+#ifdef HAVE_CRYPT_H
+	cbuf = crypt(passwd, pw->pw_passwd);
+	if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
+#endif
             return SESSION_FAILED;
     }
 
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
 
     /*
      * Write a wtmp entry for this user.
@@ -365,7 +371,7 @@ session_start(flags, user, passwd, ttyName, msg)
 	logwtmp(ttyName, user, ifname); /* Add wtmp login entry */
 	logged_in = 1;
 
-#if defined(_PATH_LASTLOG) && !defined(USE_PAM)
+#if defined(_PATH_LASTLOG) && !defined(PPP_WITH_PAM)
 	/*
 	 * Enter the user in lastlog only if he has been authenticated using
 	 * local system services.  If he has not, then we don't know what his
@@ -381,13 +387,13 @@ session_start(flags, user, passwd, ttyName, msg)
                 memset((void *)&ll, 0, sizeof(ll));
 		(void)time(&tnow);
                 ll.ll_time = tnow;
-                (void)strncpy(ll.ll_line, ttyName, sizeof(ll.ll_line));
-                (void)strncpy(ll.ll_host, ifname, sizeof(ll.ll_host));
+                strlcpy(ll.ll_line, ttyName, sizeof(ll.ll_line));
+                strlcpy(ll.ll_host, ifname, sizeof(ll.ll_host));
                 (void)write(fd, (char *)&ll, sizeof(ll));
                 (void)close(fd);
             }
 	}
-#endif /* _PATH_LASTLOG and not USE_PAM */
+#endif /* _PATH_LASTLOG and not PPP_WITH_PAM */
 	info("user %s logged in on tty %s intf %s", user, ttyName, ifname);
     }
 
@@ -400,7 +406,7 @@ session_start(flags, user, passwd, ttyName, msg)
 void
 session_end(const char* ttyName)
 {
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
     int pam_error = PAM_SUCCESS;
 
     if (pamh != NULL) {