1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
--- ppp-2.4.5/pppd/auth.c
+++ ppp-2.4.5/pppd/auth.c
@@ -259,7 +259,7 @@
struct wordlist **, struct wordlist **,
char *, int));
static void free_wordlist __P((struct wordlist *));
-static void auth_script __P((char *));
+static void auth_script __P((char *, int));
static void auth_script_done __P((void *));
static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
static int some_ip_ok __P((struct wordlist *));
@@ -690,7 +690,7 @@
if (auth_script_state == s_up && auth_script_pid == 0) {
update_link_stats(unit);
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(_PATH_AUTHDOWN, 0);
}
}
if (!doing_multilink) {
@@ -822,7 +822,7 @@
auth_state = s_up;
if (auth_script_state == s_down && auth_script_pid == 0) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(_PATH_AUTHUP, 0);
}
}
@@ -923,6 +923,7 @@
* Authentication failure: take the link down
*/
status = EXIT_PEER_AUTH_FAILED;
+ auth_script(_PATH_AUTHFAIL, 1);
lcp_close(unit, "Authentication failed");
}
@@ -1001,6 +1002,7 @@
* authentication secrets.
*/
status = EXIT_AUTH_TOPEER_FAILED;
+ auth_script(_PATH_AUTHFAIL, 1);
lcp_close(unit, "Failed to authenticate ourselves to peer");
}
@@ -1233,6 +1235,8 @@
if (user[0] == 0 && !explicit_user)
strlcpy(user, our_name, sizeof(user));
+ script_setenv("LOCALNAME", user, 0);
+
/*
* If we have a default route, require the peer to authenticate
* unless the noauth option was given or the real user is root.
@@ -2314,13 +2318,13 @@
case s_up:
if (auth_state == s_down) {
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(_PATH_AUTHDOWN, 0);
}
break;
case s_down:
if (auth_state == s_up) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(_PATH_AUTHUP, 0);
}
break;
}
@@ -2331,8 +2335,9 @@
* interface-name peer-name real-user tty speed
*/
static void
-auth_script(script)
+auth_script(script, wait)
char *script;
+ int wait;
{
char strspeed[32];
struct passwd *pw;
@@ -2356,5 +2361,8 @@
argv[5] = strspeed;
argv[6] = NULL;
- auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
+ if (wait)
+ run_program(script, argv, 0, NULL, NULL, 1);
+ else
+ auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}
--- ppp-2.4.5/pppd/pathnames.h
+++ ppp-2.4.5/pppd/pathnames.h
@@ -27,6 +27,7 @@
#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
+#define _PATH_AUTHFAIL _ROOT_PATH "/etc/ppp/auth-fail"
#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
--- ppp-2.4.5/pppd/pppd.8
+++ ppp-2.4.5/pppd/pppd.8
@@ -1553,8 +1553,8 @@
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script). The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up,
+and auth-fail scripts). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
@@ -1582,6 +1582,11 @@
The authenticated name of the peer. This is only set if the peer
authenticates itself.
.TP
+.B LOCALNAME
+The username passed to the user option of the pppd daemon. This is
+handy to identify which account was used for authentication purposes
+when multiple accounts are available.
+.TP
.B SPEED
The baud rate of the tty device.
.TP
@@ -1634,6 +1639,11 @@
/etc/ppp/auth\-up was previously executed. It is executed in the same
manner with the same parameters as /etc/ppp/auth\-up.
.TP
+.B /etc/ppp/auth\-fail
+A program or script which is executed should authentication fail. pppd
+waits for this script to finish. It is executed in the same manner, with
+the same parameters as /etc/ppp/auth\-up.
+.TP
.B /etc/ppp/ip\-pre\-up
A program or script which is executed just before the ppp network
interface is brought up. It is executed with the same parameters as
|
