[src/trunk]: src/usr.sbin/pppd/pppd merge changes.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/pppd/pppd merge changes.
From: christos <christos%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 06:10:37 +0000
details:   https://anonhg.NetBSD.org/src/rev/15bd96b4afb3
branches:  trunk
changeset: 475751:15bd96b4afb3
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Aug 25 02:07:41 1999 +0000

description:
merge changes.

diffstat:

 usr.sbin/pppd/pppd/Makefile     |     9 +-
 usr.sbin/pppd/pppd/auth.c       |   982 ++++++++++------
 usr.sbin/pppd/pppd/cbcp.c       |    88 +-
 usr.sbin/pppd/pppd/ccp.c        |   178 ++-
 usr.sbin/pppd/pppd/ccp.h        |    16 +-
 usr.sbin/pppd/pppd/chap.c       |   111 +-
 usr.sbin/pppd/pppd/chap_ms.c    |    51 +-
 usr.sbin/pppd/pppd/demand.c     |    13 +-
 usr.sbin/pppd/pppd/eui64.c      |    17 +-
 usr.sbin/pppd/pppd/eui64.h      |     4 +-
 usr.sbin/pppd/pppd/fsm.c        |    76 +-
 usr.sbin/pppd/pppd/ipcp.c       |   535 +++++++-
 usr.sbin/pppd/pppd/ipcp.h       |    29 +-
 usr.sbin/pppd/pppd/ipv6cp.c     |    22 +-
 usr.sbin/pppd/pppd/ipv6cp.h     |     4 +-
 usr.sbin/pppd/pppd/ipxcp.c      |   273 +++-
 usr.sbin/pppd/pppd/ipxcp.h      |    28 +-
 usr.sbin/pppd/pppd/lcp.c        |   217 ++-
 usr.sbin/pppd/pppd/lcp.h        |    30 +-
 usr.sbin/pppd/pppd/magic.c      |    10 +-
 usr.sbin/pppd/pppd/main.c       |  1690 +++++++++++++++++----------
 usr.sbin/pppd/pppd/options.c    |  2336 ++++++++++----------------------------
 usr.sbin/pppd/pppd/patchlevel.h |     9 +-
 usr.sbin/pppd/pppd/pathnames.h  |    10 +-
 usr.sbin/pppd/pppd/pppd.8       |   357 +++++-
 usr.sbin/pppd/pppd/pppd.h       |   306 +++-
 usr.sbin/pppd/pppd/sys-bsd.c    |   552 +++++---
 usr.sbin/pppd/pppd/upap.c       |   109 +-
 usr.sbin/pppd/pppd/utils.c      |    13 +-
 29 files changed, 4463 insertions(+), 3612 deletions(-)

diffs (truncated from 13082 to 300 lines):

diff -r 31d8190a88b7 -r 15bd96b4afb3 usr.sbin/pppd/pppd/Makefile
--- a/usr.sbin/pppd/pppd/Makefile       Wed Aug 25 02:04:05 1999 +0000
+++ b/usr.sbin/pppd/pppd/Makefile       Wed Aug 25 02:07:41 1999 +0000
@@ -1,10 +1,11 @@
-#      $NetBSD: Makefile,v 1.25 1998/08/27 06:55:16 christos Exp $
+#      $NetBSD: Makefile,v 1.26 1999/08/25 02:07:41 christos Exp $
 
 PCAPDIR=${.CURDIR}/../../../lib/libpcap
 
 PROG=  pppd
-SRCS=  auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \
-       ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c upap.c
+SRCS=  auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c eui64.c fsm.c \
+       ipcp.c ipv6cp.c ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c \
+       upap.c utils.c
 
 .PATH: ${PCAPDIR}
 MAN=   pppd.8
@@ -16,5 +17,7 @@
 CPPFLAGS+= -I. -DHAVE_PATHS_H 
 CPPFLAGS+= -I${PCAPDIR} -DPPP_FILTER
 CPPFLAGS+= -DCBCP_SUPPORT -DCHAPMS -DUSE_CRYPT -DMSLANMAN
+# XXX: Does not work (yet)
+#CPPFLAGS+= -DINET6
 
 .include <bsd.prog.mk>
diff -r 31d8190a88b7 -r 15bd96b4afb3 usr.sbin/pppd/pppd/auth.c
--- a/usr.sbin/pppd/pppd/auth.c Wed Aug 25 02:04:05 1999 +0000
+++ b/usr.sbin/pppd/pppd/auth.c Wed Aug 25 02:07:41 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth.c,v 1.24 1999/05/12 18:50:52 thorpej Exp $        */
+/*     $NetBSD: auth.c,v 1.25 1999/08/25 02:07:41 christos Exp $       */
 
 /*
  * auth.c - PPP authentication and phase control.
@@ -37,9 +37,9 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #if 0
-static char rcsid[] = "Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp ";
+#define RCSID  "Id: auth.c,v 1.57 1999/08/13 06:46:10 paulus Exp "
 #else
-__RCSID("$NetBSD: auth.c,v 1.24 1999/05/12 18:50:52 thorpej Exp $");
+__RCSID("$NetBSD: auth.c,v 1.25 1999/08/25 02:07:41 christos Exp $");
 #endif
 #endif
 
@@ -47,8 +47,8 @@
 #include <stddef.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <syslog.h>
 #include <pwd.h>
+#include <grp.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -85,11 +85,9 @@
 #endif
 #include "pathnames.h"
 
-/* Used for storing a sequence of words.  Usually malloced. */
-struct wordlist {
-    struct wordlist    *next;
-    char               word[1];
-};
+#ifdef RCSID
+static const char rcsid[] = RCSID;
+#endif
 
 /* Bits in scan_authfile return value */
 #define NONWILD_SERVER 1
@@ -97,9 +95,6 @@
 
 #define ISWILD(word)   (word[0] == '*' && word[1] == 0)
 
-#define FALSE  0
-#define TRUE   1
-
 /* The name by which the peer authenticated itself to us. */
 char peer_authname[MAXNAMELEN];
 
@@ -109,11 +104,11 @@
 /* Set if we have successfully called plogin() */
 static int logged_in;
 
-/* Set if we have run the /etc/ppp/auth-up script. */
-static int did_authup;
+/* List of addresses which the peer may use. */
+static struct permitted_ip *addresses[NUM_PPP];
 
-/* List of addresses which the peer may use. */
-static struct wordlist *addresses[NUM_PPP];
+/* Extra options to apply, from the secrets file entry for the peer. */
+static struct wordlist *extra_options;
 
 /* Number of network protocols which we have opened. */
 static int num_np_open;
@@ -124,6 +119,32 @@
 /* Set if we got the contents of passwd[] from the pap-secrets file. */
 static int passwd_from_file;
 
+/*
+ * This is used to ensure that we don't start an auth-up/down
+ * script while one is already running.
+ */
+enum script_state {
+    s_down,
+    s_up
+};
+
+static enum script_state auth_state = s_down;
+static enum script_state auth_script_state = s_down;
+static pid_t auth_script_pid = 0;
+
+/*
+ * Option variables.
+ */
+bool uselogin = 0;             /* Use /etc/passwd for checking PAP */
+bool cryptpap = 0;             /* Passwords in pap-secrets are encrypted */
+bool refuse_pap = 0;           /* Don't wanna auth. ourselves with PAP */
+bool refuse_chap = 0;          /* Don't wanna auth. ourselves with CHAP */
+bool usehostname = 0;          /* Use hostname for our_name */
+bool auth_required = 0;                /* Always require authentication from peer */
+bool allow_any_ip = 0;         /* Allow peer to use any IP address */
+bool explicit_remote = 0;      /* User specified explicit remote name */
+char remote_name[MAXNAMELEN];  /* Peer's name for authentication */
+
 /* Bits in auth_pending[] */
 #define PAP_WITHPEER   1
 #define PAP_PEER       2
@@ -141,14 +162,134 @@
 static void plogout __P((void));
 static int  null_login __P((int));
 static int  get_pap_passwd __P((char *));
-static int  have_pap_secret __P((void));
-static int  have_chap_secret __P((char *, char *, u_int32_t));
-static int  ip_addr_check __P((u_int32_t, struct wordlist *));
-static int  scan_authfile __P((FILE *, char *, char *, u_int32_t, char *,
+static int  have_pap_secret __P((int *));
+static int  have_chap_secret __P((char *, char *, int, int *));
+static int  ip_addr_check __P((u_int32_t, struct permitted_ip *));
+static int  scan_authfile __P((FILE *, char *, char *, char *,
                               struct wordlist **, char *));
 static void free_wordlist __P((struct wordlist *));
 static void auth_script __P((char *));
+static void auth_script_done __P((void *));
 static void set_allowed_addrs __P((int, struct wordlist *));
+static int  some_ip_ok __P((struct wordlist *));
+static int  setupapfile __P((char **));
+static int  privgroup __P((char **));
+static void check_access __P((FILE *, char *));
+
+/*
+ * Authentication-related options.
+ */
+option_t auth_options[] = {
+    { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
+      "Require PAP authentication from peer", 1, &auth_required },
+    { "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
+      "Require PAP authentication from peer", 1, &auth_required },
+    { "refuse-pap", o_bool, &refuse_pap,
+      "Don't agree to auth to peer with PAP", 1 },
+    { "-pap", o_bool, &refuse_pap,
+      "Don't allow PAP authentication with peer", 1 },
+    { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
+      "Require CHAP authentication from peer", 1, &auth_required },
+    { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
+      "Require CHAP authentication from peer", 1, &auth_required },
+    { "refuse-chap", o_bool, &refuse_chap,
+      "Don't agree to auth to peer with CHAP", 1 },
+    { "-chap", o_bool, &refuse_chap,
+      "Don't allow CHAP authentication with peer", 1 },
+    { "name", o_string, our_name,
+      "Set local name for authentication",
+      OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
+    { "user", o_string, user,
+      "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
+    { "usehostname", o_bool, &usehostname,
+      "Must use hostname for authentication", 1 },
+    { "remotename", o_string, remote_name,
+      "Set remote name for authentication", OPT_STATIC,
+      &explicit_remote, MAXNAMELEN },
+    { "auth", o_bool, &auth_required,
+      "Require authentication from peer", 1 },
+    { "noauth", o_bool, &auth_required,
+      "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
+    {  "login", o_bool, &uselogin,
+      "Use system password database for PAP", 1 },
+    { "papcrypt", o_bool, &cryptpap,
+      "PAP passwords are encrypted", 1 },
+    { "+ua", o_special, setupapfile,
+      "Get PAP user and password from file" },
+    { "password", o_string, passwd,
+      "Password for authenticating us to the peer", OPT_STATIC,
+      NULL, MAXSECRETLEN },
+    { "privgroup", o_special, privgroup,
+      "Allow group members to use privileged options", OPT_PRIV },
+    { NULL }
+};
+
+/*
+ * setupapfile - specifies UPAP info for authenticating with peer.
+ */
+static int
+setupapfile(argv)
+    char **argv;
+{
+    FILE * ufile;
+    int l;
+
+    lcp_allowoptions[0].neg_upap = 1;
+
+    /* open user info file */
+    seteuid(getuid());
+    ufile = fopen(*argv, "r");
+    seteuid(0);
+    if (ufile == NULL) {
+       option_error("unable to open user login data file %s", *argv);
+       return 0;
+    }
+    check_access(ufile, *argv);
+
+    /* get username */
+    if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
+       || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
+       option_error("unable to read user login data file %s", *argv);
+       return 0;
+    }
+    fclose(ufile);
+
+    /* get rid of newlines */
+    l = strlen(user);
+    if (l > 0 && user[l-1] == '\n')
+       user[l-1] = 0;
+    l = strlen(passwd);
+    if (l > 0 && passwd[l-1] == '\n')
+       passwd[l-1] = 0;
+
+    return (1);
+}
+
+
+/*
+ * privgroup - allow members of the group to have privileged access.
+ */
+static int
+privgroup(argv)
+    char **argv;
+{
+    struct group *g;
+    int i;
+
+    g = getgrnam(*argv);
+    if (g == 0) {
+       option_error("group %s is unknown", *argv);
+       return 0;
+    }
+    for (i = 0; i < ngroups; ++i) {
+       if (groups[i] == g->gr_gid) {
+           privileged = 1;
+           break;
+       }
+    }
+    return 1;
+}
+
 
 /*
  * An Open on LCP has requested a change from Dead to Establish phase.
@@ -173,7 +314,7 @@
     if (logged_in)
        plogout();
     phase = PHASE_DEAD;
-    syslog(LOG_NOTICE, "Connection terminated.");
+    notice("Connection terminated.");
 }
 
 /*
@@ -186,9 +327,10 @@
     int i;
     struct protent *protp;
 
-    if (did_authup) {
+    auth_state = s_down;
+    if (auth_script_state == s_up && auth_script_pid == 0) {
+       auth_script_state = s_down;
        auth_script(_PATH_AUTHDOWN);
-       did_authup = 0;
     }
     for (i = 0; (protp = protocols[i]) != NULL; ++i) {
        if (!protp->enabled_flag)
@@ -234,8 +376,9 @@
         * of "" and a password of "".  If that's not OK, boot it out.
         */
        if (!wo->neg_upap || !null_login(unit)) {
-           syslog(LOG_WARNING, "peer refused to authenticate");
+           warn("peer refused to authenticate: terminating link");
            lcp_close(unit, "peer refused to authenticate");
+           status = EXIT_PEER_AUTH_FAILED;
Prev by Date: [src/trunk]: src/sys Spelling.
Next by Date: [src/trunk]: src/usr.sbin/pppd/pppstats resolve conflicts
Previous by Thread: [src/trunk]: src/sys Spelling.
Next by Thread: [src/trunk]: src/usr.sbin/pppd/pppstats resolve conflicts
Indexes:
Home | Main Index | Thread Index | Old Index