X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fsession.c;h=3d1fb6d7ccc1f912e1454eacdd10e20f2a22626d;hp=05dcb769994190879741a83dca51fe952113ad6d;hb=4a54e34cf5629f9fed61f0b7d69ee3ba4d874bc6;hpb=e5b9a1061f126b36c558aea09fd76fd691ebf018 diff --git a/pppd/session.c b/pppd/session.c index 05dcb76..3d1fb6d 100644 --- a/pppd/session.c +++ b/pppd/session.c @@ -68,11 +68,27 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include #include + +#ifdef HAVE_CRYPT_H #include +#endif + +#ifdef HAVE_SHADOW_H +#include +#endif + +#include +#include +#include +#include #include "pppd.h" #include "session.h" @@ -109,10 +125,7 @@ static pam_handle_t *pamh = NULL; */ static int conversation (int num_msg, -#ifndef SOL2 - const -#endif - struct pam_message **msg, + const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { int replies = 0; @@ -157,25 +170,21 @@ static struct pam_conv pam_conv_data = { #endif /* #ifdef USE_PAM */ int -session_start(flags, user, passwd, ttyName, msg) - const int flags; - const char *user; - const char *passwd; - const char *ttyName; - char **msg; +session_start(const int flags, const char *user, const char *passwd, const char *ttyName, char **msg) { - bool ok = 1; #ifdef USE_PAM + bool ok = 1; const char *usr; int pam_error; bool try_session = 0; #else /* #ifdef USE_PAM */ struct passwd *pw; -#ifdef HAS_SHADOW + char *cbuf; +#ifdef HAVE_SHADOW_H struct spwd *spwd; struct spwd *getspnam(); long now = 0; -#endif /* #ifdef HAS_SHADOW */ +#endif /* #ifdef HAVE_SHADOW_H */ #endif /* #ifdef USE_PAM */ SET_MSG(msg, SUCCESS_MSG); @@ -289,9 +298,11 @@ session_start(flags, user, passwd, ttyName, msg) #else /* #ifdef USE_PAM */ /* - * Use the non-PAM methods directly + * Use the non-PAM methods directly. 'pw' will remain NULL if the user + * has not been authenticated using local UNIX system services. */ + pw = NULL; if ((SESS_AUTH & flags)) { pw = getpwnam(user); @@ -303,7 +314,7 @@ session_start(flags, user, passwd, ttyName, msg) if (pw == NULL) return SESSION_FAILED; -#ifdef HAS_SHADOW +#ifdef HAVE_SHADOW_H spwd = getspnam(user); endspent(); @@ -334,13 +345,17 @@ session_start(flags, user, passwd, ttyName, msg) /* We have a valid shadow entry, keep the password */ pw->pw_passwd = spwd->sp_pwdp; -#endif /* #ifdef HAS_SHADOW */ +#endif /* #ifdef HAVE_SHADOW_H */ /* * If no passwd, don't let them login if we're authenticating. */ - if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 - || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) + if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2) + return SESSION_FAILED; +#ifdef HAVE_CRYPT_H + cbuf = crypt(passwd, pw->pw_passwd); + if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0) +#endif return SESSION_FAILED; } @@ -357,16 +372,23 @@ session_start(flags, user, passwd, ttyName, msg) logged_in = 1; #if defined(_PATH_LASTLOG) && !defined(USE_PAM) - { + /* + * Enter the user in lastlog only if he has been authenticated using + * local system services. If he has not, then we don't know what his + * UID might be, and lastlog is indexed by UID. + */ + if (pw != NULL) { struct lastlog ll; int fd; + time_t tnow; if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); memset((void *)&ll, 0, sizeof(ll)); - (void)time(&ll.ll_time); - (void)strncpy(ll.ll_line, ttyName, sizeof(ll.ll_line)); - (void)strncpy(ll.ll_host, ifname, sizeof(ll.ll_host)); + (void)time(&tnow); + ll.ll_time = tnow; + strlcpy(ll.ll_line, ttyName, sizeof(ll.ll_line)); + strlcpy(ll.ll_host, ifname, sizeof(ll.ll_host)); (void)write(fd, (char *)&ll, sizeof(ll)); (void)close(fd); }