Пример #1
0
/*
 * auth_check_options - called to check authentication options.
 */
void auth_check_options(void)
{
    lcp_options *wo = &lcp_wantoptions[0];
    int can_auth;
    ipcp_options *ipwo = &ipcp_wantoptions[0];
    u32_t remote;
    
    /* Default our_name to hostname, and user to our_name */
    if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname)
        strcpy(ppp_settings.our_name, ppp_settings.hostname);
    if (ppp_settings.user[0] == 0)
        strcpy(ppp_settings.user, ppp_settings.our_name);
    
    /* If authentication is required, ask peer for CHAP or PAP. */
    if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
        wo->neg_chap = 1;
        wo->neg_upap = 1;
    }
    
    /*
     * Check whether we have appropriate secrets to use
     * to authenticate the peer.
     */
    can_auth = wo->neg_upap && have_pap_secret();
    if (!can_auth && wo->neg_chap) {
        remote = ipwo->accept_remote? 0: ipwo->hisaddr;
        can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
    }
    
    if (ppp_settings.auth_required && !can_auth) {
        ppp_panic("No auth secret");
    }
}
Пример #2
0
/*
 * auth_check_options - called to check authentication options.
 */
void
auth_check_options(void)
{
    lcp_options *wo = &lcp_wantoptions[0];
    int can_auth;
    ipcp_options *ipwo = &ipcp_wantoptions[0];
    u_int32_t remote;

    /* Default our_name to hostname, and user to our_name */
    if (our_name[0] == 0 || usehostname)
	strcpy(our_name, hostname);
    if (user[0] == 0)
	strcpy(user, our_name);

    /* If authentication is required, ask peer for CHAP or PAP. */
    if (auth_required && !wo->neg_chap && !wo->neg_upap) {
	wo->neg_chap = 1;
	wo->neg_upap = 1;
    }

    /*
     * Check whether we have appropriate secrets to use
     * to authenticate the peer.
     */
    can_auth = wo->neg_upap && (uselogin || have_pap_secret());
    if (!can_auth && wo->neg_chap) {
	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
	can_auth = have_chap_secret(remote_name, our_name, remote);
    }

    if (auth_required && !can_auth) {
	option_error("peer authentication required but no suitable secret(s) found\n");
	if (remote_name[0] == 0)
	    option_error("for authenticating any peer to us (%s)\n", our_name);
	else
	    option_error("for authenticating peer %s to us (%s)\n",
			 remote_name, our_name);
	exit(1);
    }

    /*
     * Check whether the user tried to override certain values
     * set by root.
     */
    if (!auth_required && auth_req_info.priv > 0) {
	if (!default_device && devnam_info.priv == 0) {
	    option_error("can't override device name when noauth option used");
	    exit(1);
	}
	if ((connector != NULL && connector_info.priv == 0)
	    || (disconnector != NULL && disconnector_info.priv == 0)
	    || (welcomer != NULL && welcomer_info.priv == 0)) {
	    option_error("can't override connect, disconnect or welcome");
	    option_error("option values when noauth option used");
	    exit(1);
	}
    }
}
Пример #3
0
/*
 * auth_reset - called when LCP is starting negotiations to recheck
 * authentication options, i.e. whether we have appropriate secrets
 * to use for authenticating ourselves and/or the peer.
 */
void auth_reset(int unit)
{
    lcp_options *go = &lcp_gotoptions[unit];
    lcp_options *ao = &lcp_allowoptions[0];
    ipcp_options *ipwo = &ipcp_wantoptions[0];
    u32_t remote;
    
    AUTHDEBUG((LOG_INFO, "auth_reset: %d\n", unit));
    ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
    ao->neg_chap = !ppp_settings.refuse_chap && have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0);
    
    if (go->neg_upap && !have_pap_secret())
        go->neg_upap = 0;
    if (go->neg_chap) {
        remote = ipwo->accept_remote? 0: ipwo->hisaddr;
        if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote))
            go->neg_chap = 0;
    }
}
Пример #4
0
/*
 * auth_reset - called when LCP is starting negotiations to recheck
 * authentication options, i.e. whether we have appropriate secrets
 * to use for authenticating ourselves and/or the peer.
 */
void
auth_reset(int unit)
{
    lcp_options *go = &lcp_gotoptions[unit];
    lcp_options *ao = &lcp_allowoptions[0];
    ipcp_options *ipwo = &ipcp_wantoptions[0];
    u_int32_t remote;

    ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL));
    ao->neg_chap = !refuse_chap
	&& have_chap_secret(user, remote_name, (u_int32_t)0);

    if (go->neg_upap && !uselogin && !have_pap_secret())
	go->neg_upap = 0;
    if (go->neg_chap) {
	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
	if (!have_chap_secret(remote_name, our_name, remote))
	    go->neg_chap = 0;
    }
}