Attachment #121887 for bug #180180




			       struct wordlist **, struct wordlist **,
			       char *, int));
static void free_wordlist __P((struct wordlist *));
static void auth_script __P((char *, int));
static void auth_script_done __P((void *));
static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
static int  some_ip_ok __P((struct wordlist *));

	if (auth_script_state == s_up && auth_script_pid == 0) {
	    update_link_stats(unit);
	    auth_script_state = s_down;
	    auth_script(_PATH_AUTHDOWN, 0);
	}
    }
    if (!doing_multilink) {

	auth_state = s_up;
	if (auth_script_state == s_down && auth_script_pid == 0) {
	    auth_script_state = s_up;
	    auth_script(_PATH_AUTHUP, 0);
	}
    }


     * Authentication failure: take the link down
     */
    status = EXIT_PEER_AUTH_FAILED;
    auth_script(_PATH_AUTHFAIL, 1);
    lcp_close(unit, "Authentication failed");
}


     * authentication secrets.
     */
    status = EXIT_AUTH_TOPEER_FAILED;
    auth_script(_PATH_AUTHFAIL, 1);
    lcp_close(unit, "Failed to authenticate ourselves to peer");
}


    if (user[0] == 0)
	strlcpy(user, our_name, sizeof(user));

    script_setenv("LOCALNAME", user, 0);

    /*
     * If we have a default route, require the peer to authenticate
     * unless the noauth option was given or the real user is root.

    case s_up:
	if (auth_state == s_down) {
	    auth_script_state = s_down;
	    auth_script(_PATH_AUTHDOWN, 0);
	}
	break;
    case s_down:
	if (auth_state == s_up) {
	    auth_script_state = s_up;
	    auth_script(_PATH_AUTHUP, 0);
	}
	break;
    }

 * interface-name peer-name real-user tty speed
 */
static void
auth_script(script, wait)
    char *script;
    int wait;
{
    char strspeed[32];
    struct passwd *pw;

    argv[5] = strspeed;
    argv[6] = NULL;

    if (wait)
	run_program(script, argv, 0, NULL, NULL, 1);
    else
	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}

Lines 27-32 Link Here

(-)ppp-2.4.4.orig/pppd/pathnames.h (+1 lines)
27	#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"	27	#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
28	#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"	28	#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
29	#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"	29	#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
		30	#define _PATH_AUTHFAIL _ROOT_PATH "/etc/ppp/auth-fail"
30	#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."	31	#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
31	#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"	32	#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
32	#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"	33	#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"

Lines 1531-1538 Link Here

(-)ppp-2.4.4.orig/pppd/pppd.8 (-2 / +12 lines)
1531	Pppd invokes scripts at various stages in its processing which can be	1531	Pppd invokes scripts at various stages in its processing which can be
1532	used to perform site-specific ancillary processing. These scripts are	1532	used to perform site-specific ancillary processing. These scripts are
1533	usually shell scripts, but could be executable code files instead.	1533	usually shell scripts, but could be executable code files instead.
1534	Pppd does not wait for the scripts to finish (except for the ip-pre-up	1534	Pppd does not wait for the scripts to finish (except for the ip-pre-up,
1535	script). The scripts are	1535	and auth-fail scripts). The scripts are
1536	executed as root (with the real and effective user-id set to 0), so	1536	executed as root (with the real and effective user-id set to 0), so
1537	that they can do things such as update routing tables or run	1537	that they can do things such as update routing tables or run
1538	privileged daemons. Be careful that the contents of these scripts do	1538	privileged daemons. Be careful that the contents of these scripts do
Lines 1560-1565 Link Here
1560	The authenticated name of the peer. This is only set if the peer	1560	The authenticated name of the peer. This is only set if the peer
1561	authenticates itself.	1561	authenticates itself.
1562	.TP	1562	.TP
		1563	.B LOCALNAME
		1564	The username passed to the user option of the pppd daemon. This is
		1565	handy to identify which account was used for authentication purposes
		1566	when multiple accounts is available.
		1567	.TP
1563	.B SPEED	1568	.B SPEED
1564	The baud rate of the tty device.	1569	The baud rate of the tty device.
1565	.TP	1570	.TP
Lines 1612-1617 Link Here
1612	/etc/ppp/auth\-up was previously executed. It is executed in the same	1617	/etc/ppp/auth\-up was previously executed. It is executed in the same
1613	manner with the same parameters as /etc/ppp/auth\-up.	1618	manner with the same parameters as /etc/ppp/auth\-up.
1614	.TP	1619	.TP
		1620	.B /etc/ppp/auth\-fail
		1621	A program or script which is executed should authentication fail. pppd
		1622	waits for this script to finish. It is executed in the same manner, with
		1623	the same parameters as /etc/ppp/auth\-up.
		1624	.TP
1615	.B /etc/ppp/ip\-pre\-up	1625	.B /etc/ppp/ip\-pre\-up
1616	A program or script which is executed just before the ppp network	1626	A program or script which is executed just before the ppp network
1617	interface is brought up. It is executed with the same parameters as	1627	interface is brought up. It is executed with the same parameters as

Return to bug 180180

Lines 260-266 Link Here

(-)ppp-2.4.4.orig/pppd/auth.c (-7 / +15 lines)
260	struct wordlist , struct wordlist ,	260	struct wordlist , struct wordlist ,
261	char *, int));	261	char *, int));
262	static void free_wordlist __P((struct wordlist *));	262	static void free_wordlist __P((struct wordlist *));
263	static void auth_script __P((char *));	263	static void auth_script __P((char *, int));
264	static void auth_script_done __P((void *));	264	static void auth_script_done __P((void *));
265	static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));	265	static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));
266	static int some_ip_ok __P((struct wordlist *));	266	static int some_ip_ok __P((struct wordlist *));
Lines 683-689 Link Here
683	if (auth_script_state == s_up && auth_script_pid == 0) {	683	if (auth_script_state == s_up && auth_script_pid == 0) {
684	update_link_stats(unit);	684	update_link_stats(unit);
685	auth_script_state = s_down;	685	auth_script_state = s_down;
686	auth_script(_PATH_AUTHDOWN);	686	auth_script(_PATH_AUTHDOWN, 0);
687	}	687	}
688	}	688	}
689	if (!doing_multilink) {	689	if (!doing_multilink) {
Lines 814-820 Link Here
814	auth_state = s_up;	814	auth_state = s_up;
815	if (auth_script_state == s_down && auth_script_pid == 0) {	815	if (auth_script_state == s_down && auth_script_pid == 0) {
816	auth_script_state = s_up;	816	auth_script_state = s_up;
817	auth_script(_PATH_AUTHUP);	817	auth_script(_PATH_AUTHUP, 0);
818	}	818	}
819	}	819	}
820		820
Lines 913-918 Link Here
913	* Authentication failure: take the link down	913	* Authentication failure: take the link down
914	*/	914	*/
915	status = EXIT_PEER_AUTH_FAILED;	915	status = EXIT_PEER_AUTH_FAILED;
		916	auth_script(_PATH_AUTHFAIL, 1);
916	lcp_close(unit, "Authentication failed");	917	lcp_close(unit, "Authentication failed");
917	}	918	}
918		919
Lines 991-996 Link Here
991	* authentication secrets.	992	* authentication secrets.
992	*/	993	*/
993	status = EXIT_AUTH_TOPEER_FAILED;	994	status = EXIT_AUTH_TOPEER_FAILED;
		995	auth_script(_PATH_AUTHFAIL, 1);
994	lcp_close(unit, "Failed to authenticate ourselves to peer");	996	lcp_close(unit, "Failed to authenticate ourselves to peer");
995	}	997	}
996		998
Lines 1223-1228 Link Here
1223	if (user[0] == 0)	1225	if (user[0] == 0)
1224	strlcpy(user, our_name, sizeof(user));	1226	strlcpy(user, our_name, sizeof(user));
1225		1227
		1228	script_setenv("LOCALNAME", user, 0);
		1229
1226	/*	1230	/*
1227	* If we have a default route, require the peer to authenticate	1231	* If we have a default route, require the peer to authenticate
1228	* unless the noauth option was given or the real user is root.	1232	* unless the noauth option was given or the real user is root.
Lines 2524-2536 Link Here
2524	case s_up:	2528	case s_up:
2525	if (auth_state == s_down) {	2529	if (auth_state == s_down) {
2526	auth_script_state = s_down;	2530	auth_script_state = s_down;
2527	auth_script(_PATH_AUTHDOWN);	2531	auth_script(_PATH_AUTHDOWN, 0);
2528	}	2532	}
2529	break;	2533	break;
2530	case s_down:	2534	case s_down:
2531	if (auth_state == s_up) {	2535	if (auth_state == s_up) {
2532	auth_script_state = s_up;	2536	auth_script_state = s_up;
2533	auth_script(_PATH_AUTHUP);	2537	auth_script(_PATH_AUTHUP, 0);
2534	}	2538	}
2535	break;	2539	break;
2536	}	2540	}
Lines 2541-2548 Link Here
2541	* interface-name peer-name real-user tty speed	2545	* interface-name peer-name real-user tty speed
2542	*/	2546	*/
2543	static void	2547	static void
2544	auth_script(script)	2548	auth_script(script, wait)
2545	char *script;	2549	char *script;
		2550	int wait;
2546	{	2551	{
2547	char strspeed[32];	2552	char strspeed[32];
2548	struct passwd *pw;	2553	struct passwd *pw;
Lines 2566-2570 Link Here
2566	argv[5] = strspeed;	2571	argv[5] = strspeed;
2567	argv[6] = NULL;	2572	argv[6] = NULL;
2568		2573
2569	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);	2574	if (wait)
		2575	run_program(script, argv, 0, NULL, NULL, 1);
		2576	else
		2577	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
2570	}	2578	}