Attachment #238827 for bug #296267




			       struct wordlist **, struct wordlist **,
			       char *, int));
static void free_wordlist __P((struct wordlist *));
static void auth_script __P((char *, int));
static void auth_script_done __P((void *));
static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
static int  some_ip_ok __P((struct wordlist *));

	if (auth_script_state == s_up && auth_script_pid == 0) {
	    update_link_stats(unit);
	    auth_script_state = s_down;
	    auth_script(_PATH_AUTHDOWN, 0);
	}
    }
    if (!doing_multilink) {

	auth_state = s_up;
	if (auth_script_state == s_down && auth_script_pid == 0) {
	    auth_script_state = s_up;
	    auth_script(_PATH_AUTHUP, 0);
	}
    }


     * Authentication failure: take the link down
     */
    status = EXIT_PEER_AUTH_FAILED;
    auth_script(_PATH_AUTHFAIL, 1);
    lcp_close(unit, "Authentication failed");
}


     * authentication secrets.
     */
    status = EXIT_AUTH_TOPEER_FAILED;
    auth_script(_PATH_AUTHFAIL, 1);
    lcp_close(unit, "Failed to authenticate ourselves to peer");
}


    if (user[0] == 0)
	strlcpy(user, our_name, sizeof(user));

    script_setenv("LOCALNAME", user, 0);

    /*
     * If we have a default route, require the peer to authenticate
     * unless the noauth option was given or the real user is root.

    case s_up:
	if (auth_state == s_down) {
	    auth_script_state = s_down;
	    auth_script(_PATH_AUTHDOWN, 0);
	}
	break;
    case s_down:
	if (auth_state == s_up) {
	    auth_script_state = s_up;
	    auth_script(_PATH_AUTHUP, 0);
	}
	break;
    }

 * interface-name peer-name real-user tty speed
 */
static void
auth_script(script, wait)
    char *script;
    int wait;
{
    char strspeed[32];
    struct passwd *pw;

    argv[5] = strspeed;
    argv[6] = NULL;

    if (wait)
	run_program(script, argv, 0, NULL, NULL, 1);
    else
	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}

Lines 27-32 Link Here

(-)ppp-2.4.4.orig/pppd/pathnames.h (+1 lines)
27	#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"	27	#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
28	#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"	28	#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
29	#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"	29	#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
		30	#define _PATH_AUTHFAIL _ROOT_PATH "/etc/ppp/auth-fail"
30	#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."	31	#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
31	#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"	32	#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
32	#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"	33	#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"

Lines 1531-1538 Link Here

(-)ppp-2.4.4.orig/pppd/pppd.8 (-2 / +12 lines)
1531	Pppd invokes scripts at various stages in its processing which can be	1531	Pppd invokes scripts at various stages in its processing which can be
1532	used to perform site-specific ancillary processing. These scripts are	1532	used to perform site-specific ancillary processing. These scripts are
1533	usually shell scripts, but could be executable code files instead.	1533	usually shell scripts, but could be executable code files instead.
1534	Pppd does not wait for the scripts to finish (except for the ip-pre-up	1534	Pppd does not wait for the scripts to finish (except for the ip-pre-up,
1535	script). The scripts are	1535	and auth-fail scripts). The scripts are
1536	executed as root (with the real and effective user-id set to 0), so	1536	executed as root (with the real and effective user-id set to 0), so
1537	that they can do things such as update routing tables or run	1537	that they can do things such as update routing tables or run
1538	privileged daemons. Be careful that the contents of these scripts do	1538	privileged daemons. Be careful that the contents of these scripts do
Lines 1560-1565 Link Here
1560	The authenticated name of the peer. This is only set if the peer	1560	The authenticated name of the peer. This is only set if the peer
1561	authenticates itself.	1561	authenticates itself.
1562	.TP	1562	.TP
		1563	.B LOCALNAME
		1564	The username passed to the user option of the pppd daemon. This is
		1565	handy to identify which account was used for authentication purposes
		1566	when multiple accounts are available.
		1567	.TP
1563	.B SPEED	1568	.B SPEED
1564	The baud rate of the tty device.	1569	The baud rate of the tty device.
1565	.TP	1570	.TP
Lines 1612-1617 Link Here
1612	/etc/ppp/auth\-up was previously executed. It is executed in the same	1617	/etc/ppp/auth\-up was previously executed. It is executed in the same
1613	manner with the same parameters as /etc/ppp/auth\-up.	1618	manner with the same parameters as /etc/ppp/auth\-up.
1614	.TP	1619	.TP
		1620	.B /etc/ppp/auth\-fail
		1621	A program or script which is executed should authentication fail. pppd
		1622	waits for this script to finish. It is executed in the same manner, with
		1623	the same parameters as /etc/ppp/auth\-up.
		1624	.TP
1615	.B /etc/ppp/ip\-pre\-up	1625	.B /etc/ppp/ip\-pre\-up
1616	A program or script which is executed just before the ppp network	1626	A program or script which is executed just before the ppp network
1617	interface is brought up. It is executed with the same parameters as	1627	interface is brought up. It is executed with the same parameters as

Return to bug 296267

Lines 260-266 Link Here

(-)ppp-2.4.4.orig/pppd/auth.c (-7 / +15 lines)
260	struct wordlist , struct wordlist ,	260	struct wordlist , struct wordlist ,
261	char *, int));	261	char *, int));
262	static void free_wordlist __P((struct wordlist *));	262	static void free_wordlist __P((struct wordlist *));
263	static void auth_script __P((char *));	263	static void auth_script __P((char *, int));
264	static void auth_script_done __P((void *));	264	static void auth_script_done __P((void *));
265	static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));	265	static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));
266	static int some_ip_ok __P((struct wordlist *));	266	static int some_ip_ok __P((struct wordlist *));
Lines 683-689 Link Here
683	if (auth_script_state == s_up && auth_script_pid == 0) {	683	if (auth_script_state == s_up && auth_script_pid == 0) {
684	update_link_stats(unit);	684	update_link_stats(unit);
685	auth_script_state = s_down;	685	auth_script_state = s_down;
686	auth_script(_PATH_AUTHDOWN);	686	auth_script(_PATH_AUTHDOWN, 0);
687	}	687	}
688	}	688	}
689	if (!doing_multilink) {	689	if (!doing_multilink) {
Lines 814-820 Link Here
814	auth_state = s_up;	814	auth_state = s_up;
815	if (auth_script_state == s_down && auth_script_pid == 0) {	815	if (auth_script_state == s_down && auth_script_pid == 0) {
816	auth_script_state = s_up;	816	auth_script_state = s_up;
817	auth_script(_PATH_AUTHUP);	817	auth_script(_PATH_AUTHUP, 0);
818	}	818	}
819	}	819	}
820		820
Lines 913-918 Link Here
913	* Authentication failure: take the link down	913	* Authentication failure: take the link down
914	*/	914	*/
915	status = EXIT_PEER_AUTH_FAILED;	915	status = EXIT_PEER_AUTH_FAILED;
		916	auth_script(_PATH_AUTHFAIL, 1);
916	lcp_close(unit, "Authentication failed");	917	lcp_close(unit, "Authentication failed");
917	}	918	}
918		919
Lines 991-996 Link Here
991	* authentication secrets.	992	* authentication secrets.
992	*/	993	*/
993	status = EXIT_AUTH_TOPEER_FAILED;	994	status = EXIT_AUTH_TOPEER_FAILED;
		995	auth_script(_PATH_AUTHFAIL, 1);
994	lcp_close(unit, "Failed to authenticate ourselves to peer");	996	lcp_close(unit, "Failed to authenticate ourselves to peer");
995	}	997	}
996		998
Lines 1221-1226 Link Here
1221	if (user[0] == 0)	1223	if (user[0] == 0)
1222	strlcpy(user, our_name, sizeof(user));	1224	strlcpy(user, our_name, sizeof(user));
1223		1225
		1226	script_setenv("LOCALNAME", user, 0);
		1227
1224	/*	1228	/*
1225	* If we have a default route, require the peer to authenticate	1229	* If we have a default route, require the peer to authenticate
1226	* unless the noauth option was given or the real user is root.	1230	* unless the noauth option was given or the real user is root.
Lines 2522-2534 Link Here
2522	case s_up:	2526	case s_up:
2523	if (auth_state == s_down) {	2527	if (auth_state == s_down) {
2524	auth_script_state = s_down;	2528	auth_script_state = s_down;
2525	auth_script(_PATH_AUTHDOWN);	2529	auth_script(_PATH_AUTHDOWN, 0);
2526	}	2530	}
2527	break;	2531	break;
2528	case s_down:	2532	case s_down:
2529	if (auth_state == s_up) {	2533	if (auth_state == s_up) {
2530	auth_script_state = s_up;	2534	auth_script_state = s_up;
2531	auth_script(_PATH_AUTHUP);	2535	auth_script(_PATH_AUTHUP, 0);
2532	}	2536	}
2533	break;	2537	break;
2534	}	2538	}
Lines 2539-2546 Link Here
2539	* interface-name peer-name real-user tty speed	2543	* interface-name peer-name real-user tty speed
2540	*/	2544	*/
2541	static void	2545	static void
2542	auth_script(script)	2546	auth_script(script, wait)
2543	char *script;	2547	char *script;
		2548	int wait;
2544	{	2549	{
2545	char strspeed[32];	2550	char strspeed[32];
2546	struct passwd *pw;	2551	struct passwd *pw;
Lines 2564-2568 Link Here
2564	argv[5] = strspeed;	2569	argv[5] = strspeed;
2565	argv[6] = NULL;	2570	argv[6] = NULL;
2566		2571
2567	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);	2572	if (wait)
		2573	run_program(script, argv, 0, NULL, NULL, 1);
		2574	else
		2575	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
2568	}	2576	}