3 --- pppd/auth.c.orig2 Sat Sep 25 12:36:32 1999
4 +++ pppd/auth.c Sat Sep 25 12:48:02 1999
12 #include "pathnames.h"
15 +#define _PATH_DYNAMIC "/etc/ppp/getaddr"
17 +static char xuser[MAXNAMELEN];
19 static const char rcsid[] = RCSID;
21 /* Bits in scan_authfile return value */
23 /* Set if we got the contents of passwd[] from the pap-secrets file. */
24 static int passwd_from_file;
27 +/* Set if we have done call-back sequences. */
28 +static int did_callback;
32 * This is used to ensure that we don't start an auth-up/down
33 * script while one is already running.
36 /* Prototypes for procedures local to this file. */
38 -static void network_phase __P((int));
39 +void network_phase __P((int));
40 static void check_idle __P((void *));
41 static void connect_time_expired __P((void *));
42 static int plogin __P((char *, char *, char **, int *));
44 "Don't agree to auth to peer with PAP", 1 },
45 { "-pap", o_bool, &refuse_pap,
46 "Don't allow PAP authentication with peer", 1 },
47 - { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
48 - "Require CHAP authentication from peer", 1, &auth_required },
49 - { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
50 - "Require CHAP authentication from peer", 1, &auth_required },
51 + { "require-chap", o_special_noarg, reqchap,
52 + "Require CHAP authentication from peer" },
53 + { "+chap", o_special_noarg, reqchap,
54 + "Require CHAP authentication from peer" },
55 { "refuse-chap", o_bool, &refuse_chap,
56 "Don't agree to auth to peer with CHAP", 1 },
57 { "-chap", o_bool, &refuse_chap,
58 "Don't allow CHAP authentication with peer", 1 },
59 + { "refuse-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
60 + "Don't allow md5-digest style CHAP", 0 },
61 + { "-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
62 + "Don't allow md5-digest style CHAP", 0 },
64 + { "require-chapms", o_special_noarg, reqchapms,
65 + "Require MSCHAP (v1) authentication" },
66 + { "+chapms", o_special_noarg, reqchapms,
67 + "Require MSCHAP (v1) authentication" },
68 + { "refuse-chapms", o_special_noarg, nochapms,
69 + "Refuse MSCHAP (v1) authentication" },
70 + { "-chapms", o_special_noarg, nochapms,
71 + "Refuse MSCHAP (v1) authentication" },
72 + { "require-chapms-v2", o_special_noarg, reqchapms_v2,
73 + "Require MSCHAP-v2 authentication" },
74 + { "+chapms-v2", o_special_noarg, reqchapms_v2,
75 + "Require MSCHAP-v2 authentication" },
76 + { "refuse-chapms-v2", o_special_noarg, nochapms_v2,
77 + "Refuse MSCHAP-v2 authentication" },
78 + { "-chapms-v2", o_special_noarg, nochapms_v2,
79 + "Refuse MSCHAP-v2 authentication" },
81 { "name", o_string, our_name,
82 "Set local name for authentication",
83 OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
86 * Proceed to the network phase.
93 lcp_options *go = &lcp_gotoptions[unit];
95 + lcp_options *ho = &lcp_hisoptions[unit];
99 * If the peer had to authenticate, run the auth-up script now.
102 * If we negotiated callback, do it now.
104 - if (go->neg_cbcp) {
105 + if ((go->neg_cbcp || ho->neg_cbcp) && !did_callback) {
106 phase = PHASE_CALLBACK;
108 (*cbcp_protent.open)(unit);
112 namelen = sizeof(peer_authname) - 1;
113 BCOPY(name, peer_authname, namelen);
114 peer_authname[namelen] = 0;
115 + BCOPY(name, xuser, namelen);
116 + xuser[namelen] = 0;
117 script_setenv("PEERNAME", peer_authname);
120 @@ -1291,6 +1332,61 @@
127 + * get_ip_addr_dynamic - scans dynamic-givable address space for
128 + * most recently used address for given user.
131 +get_ip_addr_dynamic(unit, addr)
136 + struct wordlist *addrs;
140 + char mypid[40], *s;
144 + if ((addrs = addresses[unit]) == NULL)
145 + return 0; /* no restriction */
148 + for(; addrs != NULL; addrs = addrs->next) {
149 + if(strcmp(addrs->word, "*") != 0)
151 + sprintf(mypid, "/var/tmp/ppp_dynamic.%d", getpid());
152 + sprintf(command, "%s %s %s %s", _PATH_DYNAMIC, xuser, devnam, mypid);
153 + dfd = open("/dev/null", O_RDWR);
154 + device_script(command, dfd, dfd);
156 + fd = fopen(mypid, "r");
157 + if(fd == (FILE *)NULL)
159 + if(fgets(address, sizeof(address), fd) == (char *)NULL)
161 + if((s = strchr(address, '\n')) != (char *)NULL)
163 + a = inet_addr(address);
171 + if(fd != (FILE *)NULL)
181 * set_allowed_addrs() - set the list of allowed addresses.