Exemple #1
0
int
auth_Validate(struct bundle *bundle, const char *name,
             const char *key, struct physical *physical)
{
  /* Used by PAP routines */

  FILE *fp;
  int n, lineno;
  char *vector[5], buff[LINE_LEN];
  const char *slash;

  fp = OpenSecret(SECRETFILE);
again:
  lineno = 0;
  if (fp != NULL) {
    while (fgets(buff, sizeof buff, fp)) {
      lineno++;
      if (buff[0] == '#')
        continue;
      buff[strcspn(buff, "\n")] = '\0';
      memset(vector, '\0', sizeof vector);
      if ((n = MakeArgs(buff, vector, VECSIZE(vector), PARSE_REDUCE)) < 0)
        log_Printf(LogWARN, "%s: %d: Invalid line\n", SECRETFILE, lineno);
      if (n < 2)
        continue;
      if (strcmp(vector[0], name) == 0) {
        CloseSecret(fp);
        return auth_CheckPasswd(name, vector[1], key);
      }
    }
  }

  if ((slash = strrchr(name, '\\')) != NULL && slash[1]) {
    /* Look for the name without the leading domain */
    name = slash + 1;
    if (fp != NULL) {
      rewind(fp);
      goto again;
    }
  }

  if (fp != NULL)
    CloseSecret(fp);

#ifndef NOPASSWDAUTH
  if (Enabled(bundle, OPT_PASSWDAUTH))
    return auth_CheckPasswd(name, "*", key);
#endif

  return 0;			/* Invalid */
}
Exemple #2
0
char *
auth_GetSecret(struct bundle *bundle, const char *name, int len,
               struct physical *physical)
{
    /* Used by CHAP routines */

    FILE *fp;
    int n, lineno;
    char *vector[5];
    const char *slash;
    static char buff[LINE_LEN];	/* vector[] will point here when returned */

    fp = OpenSecret(SECRETFILE);
    if (fp == NULL)
        return (NULL);

again:
    lineno = 0;
    while (fgets(buff, sizeof buff, fp)) {
        lineno++;
        if (buff[0] == '#')
            continue;
        n = strlen(buff) - 1;
        if (buff[n] == '\n')
            buff[n] = '\0';	/* Trim the '\n' */
        memset(vector, '\0', sizeof vector);
        if ((n = MakeArgs(buff, vector, VECSIZE(vector), PARSE_REDUCE)) < 0)
            log_Printf(LogWARN, "%s: %d: Invalid line\n", SECRETFILE, lineno);
        if (n < 2)
            continue;
        if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) {
            CloseSecret(fp);
            return vector[1];
        }
    }

    if ((slash = strrchr(name, '\\')) != NULL && slash[1]) {
        /* Go back and look for the name without the leading domain */
        len -= slash - name + 1;
        name = slash + 1;
        rewind(fp);
        goto again;
    }

    CloseSecret(fp);
    return (NULL);		/* Invalid */
}
Exemple #3
0
int
auth_SetPhoneList(const char *name, char *phone, int phonelen)
{
  FILE *fp;
  int n, lineno;
  char *vector[6], buff[LINE_LEN];
  const char *slash;

  fp = OpenSecret(SECRETFILE);
  if (fp != NULL) {
again:
    lineno = 0;
    while (fgets(buff, sizeof buff, fp)) {
      lineno++;
      if (buff[0] == '#')
        continue;
      buff[strlen(buff) - 1] = '\0';
      memset(vector, '\0', sizeof vector);
      if ((n = MakeArgs(buff, vector, VECSIZE(vector), PARSE_REDUCE)) < 0)
        log_Printf(LogWARN, "%s: %d: Invalid line\n", SECRETFILE, lineno);
      if (n < 5)
        continue;
      if (strcmp(vector[0], name) == 0) {
        CloseSecret(fp);
        if (*vector[4] == '\0')
          return 0;
        strncpy(phone, vector[4], phonelen - 1);
        phone[phonelen - 1] = '\0';
        return 1;		/* Valid */
      }
    }

    if ((slash = strrchr(name, '\\')) != NULL && slash[1]) {
      /* Look for the name without the leading domain */
      name = slash + 1;
      rewind(fp);
      goto again;
    }

    CloseSecret(fp);
  }
  *phone = '\0';
  return 0;
}
Exemple #4
0
static char *
GetLabel(char *line, const char *filename, int linenum)
{
  char *argv[MAXARGS];
  int argc, len;

  argc = MakeArgs(line, argv, MAXARGS, PARSE_REDUCE);

  if (argc == 2 && !strcmp(argv[1], ":"))
    return argv[0];

  if (argc != 1 || (len = strlen(argv[0])) < 2 || argv[0][len-1] != ':') {
      log_Printf(LogWARN, "Bad label in %s (line %d) - missing colon\n",
                 filename, linenum);
      return NULL;
  }
  argv[0][len-1] = '\0';	/* Lose the ':' */

  return argv[0];
}
Exemple #5
0
int
auth_Select(struct bundle *bundle, const char *name)
{
  FILE *fp;
  int n, lineno;
  char *vector[5], buff[LINE_LEN];
  const char *slash;

  if (*name == '\0') {
    ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
    return 1;
  }

#ifndef NORADIUS
  if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE &&
	bundle->radius.ip.s_addr != RADIUS_INADDR_POOL) {
    /* We've got a radius IP - it overrides everything */
    if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip))
      return 0;
    ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr);
    /* Continue with ppp.secret in case we've got a new label */
  }
#endif

  fp = OpenSecret(SECRETFILE);
  if (fp != NULL) {
again:
    lineno = 0;
    while (fgets(buff, sizeof buff, fp)) {
      lineno++;
      if (buff[0] == '#')
        continue;
      buff[strlen(buff) - 1] = '\0';
      memset(vector, '\0', sizeof vector);
      if ((n = MakeArgs(buff, vector, VECSIZE(vector), PARSE_REDUCE)) < 0)
        log_Printf(LogWARN, "%s: %d: Invalid line\n", SECRETFILE, lineno);
      if (n < 2)
        continue;
      if (strcmp(vector[0], name) == 0) {
        CloseSecret(fp);
#ifndef NORADIUS
        if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) {
#endif
          if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
              !ipcp_UseHisaddr(bundle, vector[2], 1))
            return 0;
          ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
#ifndef NORADIUS
        }
#endif
        if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
          bundle_SetLabel(bundle, vector[3]);
        return 1;		/* Valid */
      }
    }

    if ((slash = strrchr(name, '\\')) != NULL && slash[1]) {
      /* Look for the name without the leading domain */
      name = slash + 1;
      rewind(fp);
      goto again;
    }

    CloseSecret(fp);
  }

#ifndef NOPASSWDAUTH
  /* Let 'em in anyway - they must have been in the passwd file */
  ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
  return 1;
#else
#ifndef NORADIUS
  if (bundle->radius.valid)
    return 1;
#endif

  /* Disappeared from ppp.secret ??? */
  return 0;
#endif
}
Exemple #6
0
struct device *
exec_Create(struct physical *p)
{
  struct execdevice *dev;

  dev = NULL;
  if (p->fd < 0) {
    if (*p->name.full == '!') {
      int fids[2], type;
  
      if ((dev = malloc(sizeof *dev)) == NULL) {
        log_Printf(LogWARN, "%s: Cannot allocate an exec device: %s\n",
                   p->link.name, strerror(errno));
        return NULL;
      }
      dev->fd_out = -1;
  
      p->fd--;	/* We own the device but maybe can't use it - change fd */
      type = physical_IsSync(p) ? SOCK_DGRAM : SOCK_STREAM;
  
      if (socketpair(AF_UNIX, type, PF_UNSPEC, fids) < 0) {
        log_Printf(LogPHASE, "Unable to create pipe for line exec: %s\n",
                   strerror(errno));
        free(dev);
        dev = NULL;
      } else {
        static int child_status;		/* This variable is abused ! */
        int stat, argc, i, ret, wret, pidpipe[2];
        pid_t pid, realpid;
        char *argv[MAXARGS];
  
        stat = fcntl(fids[0], F_GETFL, 0);
        if (stat > 0) {
          stat |= O_NONBLOCK;
          fcntl(fids[0], F_SETFL, stat);
        }
        realpid = getpid();
        if (pipe(pidpipe) == -1) {
          log_Printf(LogPHASE, "Unable to pipe for line exec: %s\n",
                     strerror(errno));
          close(fids[1]);
          close(fids[0]);
          free(dev);
          dev = NULL;
        } else switch ((pid = fork())) {
          case -1:
            log_Printf(LogPHASE, "Unable to fork for line exec: %s\n",
                       strerror(errno));
            close(pidpipe[0]);
            close(pidpipe[1]);
            close(fids[1]);
            close(fids[0]);
            break;
  
          case 0:
            close(pidpipe[0]);
            close(fids[0]);
            timer_TermService();
  #ifndef NOSUID
            setuid(ID0realuid());
  #endif
  
            child_status = 0;
            switch ((pid = vfork())) {
              case 0:
                close(pidpipe[1]);
                break;
  
              case -1:
                ret = errno;
                log_Printf(LogPHASE, "Unable to vfork to drop parent: %s\n",
                           strerror(errno));
                close(pidpipe[1]);
                _exit(ret);
  
              default:
                write(pidpipe[1], &pid, sizeof pid);
                close(pidpipe[1]);
                _exit(child_status);	/* The error from exec() ! */
            }
  
            log_Printf(LogDEBUG, "Exec'ing ``%s''\n", p->name.base);
  
            if ((argc = MakeArgs(p->name.base, argv, VECSIZE(argv),
                                 PARSE_REDUCE|PARSE_NOHASH)) < 0) {
              log_Printf(LogWARN, "Syntax error in exec command\n");
              _exit(ESRCH);
            }
  
            command_Expand(argv, argc, (char const *const *)argv,
                           p->dl->bundle, 0, realpid);
  
            dup2(fids[1], STDIN_FILENO);
            dup2(fids[1], STDOUT_FILENO);
            dup2(fids[1], STDERR_FILENO);
            for (i = getdtablesize(); i > STDERR_FILENO; i--)
              fcntl(i, F_SETFD, 1);
  
            execvp(*argv, argv);
            child_status = errno;		/* Only works for vfork() */
            printf("execvp failed: %s: %s\r\n", *argv, strerror(child_status));
            _exit(child_status);
            break;
  
          default:
            close(pidpipe[1]);
            close(fids[1]);
            if (read(pidpipe[0], &p->session_owner, sizeof p->session_owner) !=
                sizeof p->session_owner)
              p->session_owner = (pid_t)-1;
            close(pidpipe[0]);
            while ((wret = waitpid(pid, &stat, 0)) == -1 && errno == EINTR)
              ;
            if (wret == -1) {
              log_Printf(LogWARN, "Waiting for child process: %s\n",
                         strerror(errno));
              close(fids[0]);
              p->session_owner = (pid_t)-1;
              break;
            } else if (WIFSIGNALED(stat)) {
              log_Printf(LogWARN, "Child process received sig %d !\n",
                         WTERMSIG(stat));
              close(fids[0]);
              p->session_owner = (pid_t)-1;
              break;
            } else if (WIFSTOPPED(stat)) {
              log_Printf(LogWARN, "Child process received stop sig %d !\n",
                         WSTOPSIG(stat));
              /* I guess that's ok.... */
            } else if ((ret = WEXITSTATUS(stat))) {
              log_Printf(LogWARN, "Cannot exec \"%s\": %s\n", p->name.base,
                         strerror(ret));
              close(fids[0]);
              p->session_owner = (pid_t)-1;
              break;
            }
            p->fd = fids[0];
            log_Printf(LogDEBUG, "Using descriptor %d for child\n", p->fd);
        }
      }
    }
  } else {
    struct stat st;

    if (fstat(p->fd, &st) != -1 && (st.st_mode & S_IFIFO)) {
      if ((dev = malloc(sizeof *dev)) == NULL)
        log_Printf(LogWARN, "%s: Cannot allocate an exec device: %s\n",
                   p->link.name, strerror(errno));
      else if (p->fd == STDIN_FILENO) {
        log_Printf(LogPHASE, "%s: Using stdin/stdout to communicate with "
                   "parent (pipe mode)\n", p->link.name);
        dev->fd_out = dup(STDOUT_FILENO);

        /* Hook things up so that we monitor dev->fd_out */
        p->desc.UpdateSet = exec_UpdateSet;
        p->desc.IsSet = exec_IsSet;
      } else
        dev->fd_out = -1;
    }
  }

  if (dev) {
    memcpy(&dev->dev, &baseexecdevice, sizeof dev->dev);
    physical_SetupStack(p, dev->dev.name, PHYSICAL_NOFORCE);
    if (p->cfg.cd.necessity != CD_DEFAULT)
      log_Printf(LogWARN, "Carrier settings ignored\n");
    return &dev->dev;
  }

  return NULL;
}