181 lines
5.1 KiB
Text
181 lines
5.1 KiB
Text
$NetBSD: patch-bb,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
|
|
|
|
--- pppd/auth.c.orig2 Sat Sep 25 12:36:32 1999
|
|
+++ pppd/auth.c Sat Sep 25 12:48:02 1999
|
|
@@ -74,8 +74,16 @@
|
|
#ifdef CBCP_SUPPORT
|
|
#include "cbcp.h"
|
|
#endif
|
|
+#ifdef CHAPMS
|
|
+#include "chap_ms.h"
|
|
+#endif
|
|
#include "pathnames.h"
|
|
|
|
+#ifdef DYNAMIC
|
|
+#define _PATH_DYNAMIC "/etc/ppp/getaddr"
|
|
+#endif
|
|
+static char xuser[MAXNAMELEN];
|
|
+
|
|
static const char rcsid[] = RCSID;
|
|
|
|
/* Bits in scan_authfile return value */
|
|
@@ -108,6 +116,11 @@
|
|
/* Set if we got the contents of passwd[] from the pap-secrets file. */
|
|
static int passwd_from_file;
|
|
|
|
+#ifdef CBCP_SUPPORT
|
|
+/* Set if we have done call-back sequences. */
|
|
+static int did_callback;
|
|
+#endif
|
|
+
|
|
/*
|
|
* This is used to ensure that we don't start an auth-up/down
|
|
* script while one is already running.
|
|
@@ -144,7 +157,7 @@
|
|
|
|
/* Prototypes for procedures local to this file. */
|
|
|
|
-static void network_phase __P((int));
|
|
+void network_phase __P((int));
|
|
static void check_idle __P((void *));
|
|
static void connect_time_expired __P((void *));
|
|
static int plogin __P((char *, char *, char **, int *));
|
|
@@ -177,14 +190,36 @@
|
|
"Don't agree to auth to peer with PAP", 1 },
|
|
{ "-pap", o_bool, &refuse_pap,
|
|
"Don't allow PAP authentication with peer", 1 },
|
|
- { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
|
|
- "Require CHAP authentication from peer", 1, &auth_required },
|
|
- { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
|
|
- "Require CHAP authentication from peer", 1, &auth_required },
|
|
+ { "require-chap", o_special_noarg, reqchap,
|
|
+ "Require CHAP authentication from peer" },
|
|
+ { "+chap", o_special_noarg, reqchap,
|
|
+ "Require CHAP authentication from peer" },
|
|
{ "refuse-chap", o_bool, &refuse_chap,
|
|
"Don't agree to auth to peer with CHAP", 1 },
|
|
{ "-chap", o_bool, &refuse_chap,
|
|
"Don't allow CHAP authentication with peer", 1 },
|
|
+ { "refuse-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
|
|
+ "Don't allow md5-digest style CHAP", 0 },
|
|
+ { "-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
|
|
+ "Don't allow md5-digest style CHAP", 0 },
|
|
+#ifdef CHAPMS
|
|
+ { "require-chapms", o_special_noarg, reqchapms,
|
|
+ "Require MSCHAP (v1) authentication" },
|
|
+ { "+chapms", o_special_noarg, reqchapms,
|
|
+ "Require MSCHAP (v1) authentication" },
|
|
+ { "refuse-chapms", o_special_noarg, nochapms,
|
|
+ "Refuse MSCHAP (v1) authentication" },
|
|
+ { "-chapms", o_special_noarg, nochapms,
|
|
+ "Refuse MSCHAP (v1) authentication" },
|
|
+ { "require-chapms-v2", o_special_noarg, reqchapms_v2,
|
|
+ "Require MSCHAP-v2 authentication" },
|
|
+ { "+chapms-v2", o_special_noarg, reqchapms_v2,
|
|
+ "Require MSCHAP-v2 authentication" },
|
|
+ { "refuse-chapms-v2", o_special_noarg, nochapms_v2,
|
|
+ "Refuse MSCHAP-v2 authentication" },
|
|
+ { "-chapms-v2", o_special_noarg, nochapms_v2,
|
|
+ "Refuse MSCHAP-v2 authentication" },
|
|
+#endif
|
|
{ "name", o_string, our_name,
|
|
"Set local name for authentication",
|
|
OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
|
|
@@ -402,11 +437,14 @@
|
|
/*
|
|
* Proceed to the network phase.
|
|
*/
|
|
-static void
|
|
+void
|
|
network_phase(unit)
|
|
int unit;
|
|
{
|
|
lcp_options *go = &lcp_gotoptions[unit];
|
|
+#ifdef CBCP_SUPPORT
|
|
+ lcp_options *ho = &lcp_hisoptions[unit];
|
|
+#endif
|
|
|
|
/*
|
|
* If the peer had to authenticate, run the auth-up script now.
|
|
@@ -423,8 +461,9 @@
|
|
/*
|
|
* If we negotiated callback, do it now.
|
|
*/
|
|
- if (go->neg_cbcp) {
|
|
+ if ((go->neg_cbcp || ho->neg_cbcp) && !did_callback) {
|
|
phase = PHASE_CALLBACK;
|
|
+ did_callback = 1;
|
|
(*cbcp_protent.open)(unit);
|
|
return;
|
|
}
|
|
@@ -510,6 +549,8 @@
|
|
namelen = sizeof(peer_authname) - 1;
|
|
BCOPY(name, peer_authname, namelen);
|
|
peer_authname[namelen] = 0;
|
|
+ BCOPY(name, xuser, namelen);
|
|
+ xuser[namelen] = 0;
|
|
script_setenv("PEERNAME", peer_authname);
|
|
|
|
/*
|
|
@@ -1291,6 +1332,61 @@
|
|
|
|
return 1;
|
|
}
|
|
+
|
|
+#ifdef DYNAMIC
|
|
+/*
|
|
+ * get_ip_addr_dynamic - scans dynamic-givable address space for
|
|
+ * most recently used address for given user.
|
|
+ */
|
|
+int
|
|
+get_ip_addr_dynamic(unit, addr)
|
|
+ int unit;
|
|
+ u_int32_t *addr;
|
|
+{
|
|
+ u_int32_t a;
|
|
+ struct wordlist *addrs;
|
|
+ FILE *fd;
|
|
+ int dfd;
|
|
+ char command[256];
|
|
+ char mypid[40], *s;
|
|
+ char address[50];
|
|
+ u_int32_t mask;
|
|
+
|
|
+ if ((addrs = addresses[unit]) == NULL)
|
|
+ return 0; /* no restriction */
|
|
+
|
|
+ fd = (FILE *)NULL;
|
|
+ for(; addrs != NULL; addrs = addrs->next) {
|
|
+ if(strcmp(addrs->word, "*") != 0)
|
|
+ continue;
|
|
+ sprintf(mypid, "/var/tmp/ppp_dynamic.%d", getpid());
|
|
+ sprintf(command, "%s %s %s %s", _PATH_DYNAMIC, xuser, devnam, mypid);
|
|
+ dfd = open("/dev/null", O_RDWR);
|
|
+ device_script(command, dfd, dfd);
|
|
+ close(dfd);
|
|
+ fd = fopen(mypid, "r");
|
|
+ if(fd == (FILE *)NULL)
|
|
+ break;
|
|
+ if(fgets(address, sizeof(address), fd) == (char *)NULL)
|
|
+ break;
|
|
+ if((s = strchr(address, '\n')) != (char *)NULL)
|
|
+ *s = '\0';
|
|
+ a = inet_addr(address);
|
|
+ if(a == -1L)
|
|
+ break;
|
|
+ fclose(fd);
|
|
+ unlink(mypid);
|
|
+ *addr = a;
|
|
+ return 1;
|
|
+ }
|
|
+ if(fd != (FILE *)NULL)
|
|
+ {
|
|
+ fclose(fd);
|
|
+ unlink(mypid);
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+#endif
|
|
|
|
/*
|
|
* set_allowed_addrs() - set the list of allowed addresses.
|