Added support for auth-fail script if authentication fails.
Updated man page.
This commit is contained in:
parent
6fc5a9f9de
commit
0fad3ac4c8
|
@ -69,6 +69,11 @@ CHANGELOG:
|
|||
21.Jun.99:
|
||||
- I got two different DNS patches. Applied one of them.
|
||||
- added changes from A. Beck to ccp.c
|
||||
07.Nov.99:
|
||||
- Added auth-fail script call if authentication fails
|
||||
- documented in man page.
|
||||
- Done by Werner Cornelius (werner@isdn4linux.de or werner@titro.de)
|
||||
|
||||
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
|
26
ipppd/auth.c
26
ipppd/auth.c
|
@ -36,7 +36,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.14 1998/11/05 09:42:36 hipp Exp $";
|
||||
char auth_rcsid[] = "$Id: auth.c,v 1.15 1999/11/10 08:01:32 werner Exp $";
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stddef.h>
|
||||
|
@ -117,7 +117,7 @@ static int have_chap_secret __P((char *, char *));
|
|||
static int scan_authfile __P((FILE *, char *, char *, char *,
|
||||
struct wordlist **, char *));
|
||||
static void free_wordlist __P((struct wordlist *));
|
||||
static void auth_script __P((int,char *));
|
||||
static void auth_script __P((int,char *,int));
|
||||
|
||||
/*
|
||||
* An Open on LCP has requested a change from Dead to Establish phase.
|
||||
|
@ -143,7 +143,7 @@ void link_terminated(int linkunit)
|
|||
#endif
|
||||
|
||||
if(lns[linkunit].auth_up_script)
|
||||
auth_script(linkunit,_PATH_AUTHDOWN);
|
||||
auth_script(linkunit,_PATH_AUTHDOWN,0);
|
||||
if (lns[linkunit].phase == PHASE_DEAD)
|
||||
return;
|
||||
if (lns[linkunit].logged_in) {
|
||||
|
@ -461,13 +461,14 @@ static void callback_phase(int linkunit)
|
|||
/*
|
||||
* The peer has failed to authenticate himself using `protocol'.
|
||||
*/
|
||||
void auth_peer_fail(int unit,int protocol)
|
||||
void auth_peer_fail(int unit,int protocol, int reason)
|
||||
{
|
||||
/*
|
||||
* Authentication failure: take the link down
|
||||
*/
|
||||
lcp_close(lns[unit].lcp_unit,"auth failure");
|
||||
lns[unit].phase = PHASE_TERMINATE;
|
||||
auth_script(unit, _PATH_AUTHFAIL, reason);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -502,13 +503,14 @@ void auth_peer_success(int linkunit,int protocol)
|
|||
/*
|
||||
* We have failed to authenticate ourselves to the peer using `protocol'.
|
||||
*/
|
||||
void auth_withpeer_fail(int unit,int protocol)
|
||||
void auth_withpeer_fail(int unit,int protocol,int reason)
|
||||
{
|
||||
/*
|
||||
* We've failed to authenticate ourselves to our peer.
|
||||
* He'll probably take the link down, and there's not much
|
||||
* we can do except wait for that.
|
||||
*/
|
||||
auth_script(unit, _PATH_AUTHFAIL, reason);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -709,7 +711,7 @@ int check_passwd(int linkunit,char *auser,int userlen,char *apasswd,
|
|||
if (lns[linkunit].addresses != NULL)
|
||||
free_wordlist(lns[linkunit].addresses);
|
||||
lns[linkunit].addresses = addrs;
|
||||
auth_script(linkunit,_PATH_AUTHUP);
|
||||
auth_script(linkunit,_PATH_AUTHUP,0);
|
||||
lns[linkunit].auth_up_script = 1;
|
||||
}
|
||||
return ret;
|
||||
|
@ -1297,15 +1299,15 @@ static void free_wordlist(struct wordlist *wp)
|
|||
|
||||
/*
|
||||
* auth_script - execute a script with arguments
|
||||
* interface-name peer-name real-user tty speed
|
||||
* interface-name peer-name real-user tty speed remote-number [fail-reason]
|
||||
*/
|
||||
static void auth_script(int linkunit,char *script)
|
||||
static void auth_script(int linkunit,char *script,int error_reason)
|
||||
{
|
||||
char strspeed[32];
|
||||
struct passwd *pw;
|
||||
char struid[32];
|
||||
char *user_name;
|
||||
char *argv[8];
|
||||
char *argv[9];
|
||||
|
||||
if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
|
||||
user_name = pw->pw_name;
|
||||
|
@ -1323,7 +1325,11 @@ static void auth_script(int linkunit,char *script)
|
|||
argv[5] = strspeed;
|
||||
argv[6] = lns[linkunit].pci.remote_num;
|
||||
argv[7] = NULL;
|
||||
|
||||
if (error_reason) {
|
||||
sprintf(struid,"%d",error_reason);
|
||||
argv[7] = struid;
|
||||
argv[8] = NULL;
|
||||
}
|
||||
run_program(script, argv, debug,linkunit);
|
||||
}
|
||||
|
||||
|
|
12
ipppd/chap.c
12
ipppd/chap.c
|
@ -18,7 +18,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char chap_rcsid[] = "$Id: chap.c,v 1.5 1998/05/05 08:51:19 hipp Exp $";
|
||||
char chap_rcsid[] = "$Id: chap.c,v 1.6 1999/11/10 08:01:32 werner Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -185,7 +185,7 @@ ChapChallengeTimeout(arg)
|
|||
/* give up on peer */
|
||||
syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
|
||||
cstate->serverstate = CHAPSS_BADAUTH;
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP);
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP, AUTH_ERR_TIME | AUTH_ERR_CHAP);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -291,10 +291,10 @@ void ChapProtocolReject(int linkunit)
|
|||
|
||||
if (cstate->serverstate != CHAPSS_INITIAL &&
|
||||
cstate->serverstate != CHAPSS_CLOSED)
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP);
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP, AUTH_ERR_PROT | AUTH_ERR_CHAP);
|
||||
if (cstate->clientstate != CHAPCS_INITIAL &&
|
||||
cstate->clientstate != CHAPCS_CLOSED)
|
||||
auth_withpeer_fail(cstate->unit, PPP_CHAP);
|
||||
auth_withpeer_fail(cstate->unit, PPP_CHAP, AUTH_ERR_PROT | AUTH_ERR_CHAP);
|
||||
ChapLowerDown(unit); /* shutdown chap */
|
||||
}
|
||||
|
||||
|
@ -571,7 +571,7 @@ static void ChapReceiveResponse(chap_state *cstate,u_char *inp,int
|
|||
} else {
|
||||
syslog(LOG_ERR, "CHAP peer authentication failed");
|
||||
cstate->serverstate = CHAPSS_BADAUTH;
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP);
|
||||
auth_peer_fail(cstate->unit, PPP_CHAP, AUTH_ERR_USER | AUTH_ERR_CHAP);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -641,7 +641,7 @@ ChapReceiveFailure(cstate, inp, id, len)
|
|||
PRINTMSG(inp, len);
|
||||
|
||||
syslog(LOG_ERR, "CHAP authentication failed");
|
||||
auth_withpeer_fail(cstate->unit, PPP_CHAP);
|
||||
auth_withpeer_fail(cstate->unit, PPP_CHAP, AUTH_ERR_USER | AUTH_ERR_CHAP);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* $Id: ipppd.h,v 1.17 1998/10/29 17:28:46 hipp Exp $
|
||||
* $Id: ipppd.h,v 1.18 1999/11/10 08:01:32 werner Exp $
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -272,8 +272,8 @@ int bad_ip_adrs(u_int32_t);
|
|||
int getword(FILE *,char *,int *,char *);
|
||||
void print_string(char *p,int len,void (*printer)(void *,char *,...),void *arg);
|
||||
int auth_ip_addr(int unit,u_int32_t addr);
|
||||
void auth_peer_fail(int,int);
|
||||
void auth_withpeer_fail(int unit,int protocol);
|
||||
void auth_peer_fail(int,int,int);
|
||||
void auth_withpeer_fail(int unit,int protocol,int reason);
|
||||
void auth_peer_success(int unit,int protocol);
|
||||
void auth_withpeer_success(int unit,int protocol);
|
||||
|
||||
|
@ -499,5 +499,13 @@ extern struct option_info devnam_info;
|
|||
#define MAX(a, b) ((a) > (b)? (a): (b))
|
||||
#endif
|
||||
|
||||
/* error values for auth-fail script */
|
||||
#define AUTH_ERR_TIME 1 /* timeout sending auth requests */
|
||||
#define AUTH_ERR_PROT 2 /* auth protocol rejected */
|
||||
#define AUTH_ERR_USER 3 /* user or password illegal */
|
||||
#define AUTH_ERR_PAP 0 /* error in PAP-handling ored with reason */
|
||||
#define AUTH_ERR_CHAP 8 /* error in CHAP-handling ored with reason */
|
||||
|
||||
|
||||
#endif /* __IPPP_H__ */
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
.\" manual page [] for ipppd 2.0
|
||||
.\" $Id: ipppd.man.in,v 1.5 1999/06/21 13:28:47 hipp Exp $
|
||||
.\" CHECKIN $Date: 1999/06/21 13:28:47 $
|
||||
.\" $Id: ipppd.man.in,v 1.6 1999/11/10 08:01:32 werner Exp $
|
||||
.\" CHECKIN $Date: 1999/11/10 08:01:32 $
|
||||
.\" SH section heading
|
||||
.\" SS subsection heading
|
||||
.\" LP paragraph
|
||||
|
@ -900,7 +900,8 @@ the following parameters:
|
|||
.I authentication user name,
|
||||
.I username of ipppd,
|
||||
.I devicename,
|
||||
.I speed
|
||||
.I speed,
|
||||
.I remote number
|
||||
.TP
|
||||
.B /etc/ppp/auth-down
|
||||
This program or script is executed after a disconnection with
|
||||
|
@ -909,7 +910,26 @@ the following parameters:
|
|||
.I authentication user name,
|
||||
.I username of ipppd,
|
||||
.I devicename,
|
||||
.I speed
|
||||
.I speed,
|
||||
.I remote number
|
||||
.TP
|
||||
.B /etc/ppp/auth-fail
|
||||
This program or script is executed after a authentication failure with
|
||||
the following parameters:
|
||||
.I interface name,
|
||||
.I authentication user name,
|
||||
.I username of ipppd,
|
||||
.I devicename,
|
||||
.I speed,
|
||||
.I remote number,
|
||||
.I failure reason
|
||||
Valid reasons are:
|
||||
1 = Timeout during pap auth
|
||||
2 = pap protocol rejected
|
||||
3 = pap secrets invalid
|
||||
9 = Timeout during chap auth
|
||||
10 = chap protocol rejected
|
||||
11 = chap secrets invalid
|
||||
.TP
|
||||
.B /etc/ppp/pap-secrets
|
||||
Usernames, passwords and IP addresses for PAP authentication.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* define path names
|
||||
*
|
||||
* $Id: pathnames.h.in,v 1.1 1997/10/26 23:06:25 fritz Exp $
|
||||
* $Id: pathnames.h.in,v 1.2 1999/11/10 08:01:32 werner Exp $
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
@ -20,7 +20,7 @@
|
|||
#define _PATH_UPAPFILE "/etc/ppp/pap-secrets"
|
||||
#define _PATH_CHAPFILE "/etc/ppp/chap-secrets"
|
||||
#define _PATH_SYSOPTIONS "/etc/ppp/ioptions"
|
||||
#define _PATH_IPUP "/etc/ppp/ip-up"
|
||||
#define _PATH_IPUP "/etc/ppp/ip-up"
|
||||
#define _PATH_IPDOWN "/etc/ppp/ip-down"
|
||||
#define _PATH_TTYOPT "/etc/ppp/ioptions."
|
||||
#define _PATH_CONNERRS "/etc/ppp/connect-errors"
|
||||
|
@ -30,6 +30,7 @@
|
|||
/* Programs for processing authenticated logins */
|
||||
#define _PATH_AUTHUP "/etc/ppp/auth-up"
|
||||
#define _PATH_AUTHDOWN "/etc/ppp/auth-down"
|
||||
#define _PATH_AUTHFAIL "/etc/ppp/auth-fail"
|
||||
|
||||
# define _PATH_IPXUP "/etc/ppp/ipx-up"
|
||||
# define _PATH_IPXDOWN "/etc/ppp/ipx-down"
|
||||
|
|
14
ipppd/upap.c
14
ipppd/upap.c
|
@ -17,7 +17,7 @@
|
|||
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
char upap_rcsid[] = "$Id: upap.c,v 1.5 1998/04/29 14:29:50 hipp Exp $";
|
||||
char upap_rcsid[] = "$Id: upap.c,v 1.6 1999/11/10 08:01:33 werner Exp $";
|
||||
|
||||
/*
|
||||
* TODO:
|
||||
|
@ -213,7 +213,7 @@ static void upap_timeout(caddr_t arg)
|
|||
/* give up in disgust */
|
||||
syslog(LOG_ERR, "No response to PAP authenticate-requests");
|
||||
u->us_clientstate = UPAPCS_BADAUTH;
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP);
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP, AUTH_ERR_TIME | AUTH_ERR_PAP);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -233,7 +233,7 @@ upap_reqtimeout(arg)
|
|||
if (u->us_serverstate != UPAPSS_LISTEN)
|
||||
return; /* huh?? */
|
||||
|
||||
auth_peer_fail(u->us_unit, PPP_PAP);
|
||||
auth_peer_fail(u->us_unit, PPP_PAP, AUTH_ERR_TIME | AUTH_ERR_PAP);
|
||||
u->us_serverstate = UPAPSS_BADAUTH;
|
||||
}
|
||||
|
||||
|
@ -294,11 +294,11 @@ void upap_protrej(int linkunit)
|
|||
|
||||
if (u->us_clientstate == UPAPCS_AUTHREQ) {
|
||||
syslog(LOG_ERR, "PAP authentication failed due to protocol-reject");
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP);
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP, AUTH_ERR_PROT | AUTH_ERR_PAP);
|
||||
}
|
||||
if (u->us_serverstate == UPAPSS_LISTEN) {
|
||||
syslog(LOG_ERR, "PAP authentication of peer failed (protocol-reject)");
|
||||
auth_peer_fail(u->us_unit, PPP_PAP);
|
||||
auth_peer_fail(u->us_unit, PPP_PAP, AUTH_ERR_PROT | AUTH_ERR_PAP);
|
||||
}
|
||||
upap_lowerdown(unit);
|
||||
}
|
||||
|
@ -436,7 +436,7 @@ static void upap_rauthreq(upap_state *u,u_char *inp,int id,int len)
|
|||
auth_peer_success(u->us_unit, PPP_PAP);
|
||||
} else {
|
||||
u->us_serverstate = UPAPSS_BADAUTH;
|
||||
auth_peer_fail(u->us_unit, PPP_PAP);
|
||||
auth_peer_fail(u->us_unit, PPP_PAP, AUTH_ERR_USER | AUTH_ERR_PAP);
|
||||
}
|
||||
|
||||
if (u->us_reqtimeout > 0)
|
||||
|
@ -519,7 +519,7 @@ upap_rauthnak(u, inp, id, len)
|
|||
u->us_clientstate = UPAPCS_BADAUTH;
|
||||
|
||||
syslog(LOG_ERR, "PAP authentication failed");
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP);
|
||||
auth_withpeer_fail(u->us_unit, PPP_PAP, AUTH_ERR_USER | AUTH_ERR_PAP);
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue