xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.bin/pppd/auth.c (revision 51396a8ee7fb52fe0ab33bfe7b4f495ad431904a)
1 /*
2  * auth.c - PPP authentication and phase control.
3  *
4  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
5  * Use is subject to license terms.
6  *
7  * Copyright (c) 1993 The Australian National University.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms are permitted
11  * provided that the above copyright notice and this paragraph are
12  * duplicated in all such forms and that any documentation,
13  * advertising materials, and other materials related to such
14  * distribution and use acknowledge that the software was developed
15  * by the Australian National University.  The name of the University
16  * may not be used to endorse or promote products derived from this
17  * software without specific prior written permission.
18  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21  *
22  * Copyright (c) 1989 Carnegie Mellon University.
23  * All rights reserved.
24  *
25  * Redistribution and use in source and binary forms are permitted
26  * provided that the above copyright notice and this paragraph are
27  * duplicated in all such forms and that any documentation,
28  * advertising materials, and other materials related to such
29  * distribution and use acknowledge that the software was developed
30  * by Carnegie Mellon University.  The name of the
31  * University may not be used to endorse or promote products derived
32  * from this software without specific prior written permission.
33  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
34  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
35  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
36  */
37 
38 /* Pull in crypt() definition. */
39 #define __EXTENSIONS__
40 
41 #include <stdio.h>
42 #include <stddef.h>
43 #include <stdlib.h>
44 #include <unistd.h>
45 #include <pwd.h>
46 #include <grp.h>
47 #include <string.h>
48 #include <sys/types.h>
49 #include <sys/stat.h>
50 #include <sys/socket.h>
51 #include <utmp.h>
52 #include <fcntl.h>
53 #if defined(_PATH_LASTLOG) && (defined(_linux_) || defined(__linux__))
54 #include <lastlog.h>
55 #endif
56 
57 #if defined(_linux_) || defined(__linux__)
58 #include <crypt.h>
59 #endif
60 
61 #include <netdb.h>
62 #include <netinet/in.h>
63 #include <arpa/inet.h>
64 
65 /* Backward compatibility with old Makefiles */
66 #if defined(USE_PAM) && !defined(ALLOW_PAM)
67 #define ALLOW_PAM
68 #endif
69 
70 #ifdef ALLOW_PAM
71 #include <security/pam_appl.h>
72 #endif
73 
74 #ifdef HAS_SHADOW
75 #include <shadow.h>
76 #ifndef PW_PPP
77 #define PW_PPP PW_LOGIN
78 #endif
79 #endif
80 
81 #include "pppd.h"
82 #include "fsm.h"
83 #include "lcp.h"
84 #include "ipcp.h"
85 #include "upap.h"
86 #include "chap.h"
87 #ifdef CBCP_SUPPORT
88 #include "cbcp.h"
89 #endif
90 #include "pathnames.h"
91 
92 /* Bits in scan_authfile return value */
93 #define NONWILD_SERVER	1
94 #define NONWILD_CLIENT	2
95 
96 #define ISWILD(word)	(word[0] == '*' && word[1] == '\0')
97 
98 /* The name by which the peer authenticated itself to us. */
99 char peer_authname[MAXNAMELEN];
100 
101 /* Records which authentication operations haven't completed yet. */
102 static int auth_pending[NUM_PPP];
103 
104 /* Set if we have successfully called plogin() */
105 static int logged_in;
106 
107 /* List of addresses which the peer may use. */
108 static struct permitted_ip *addresses[NUM_PPP];
109 
110 /* Wordlist giving addresses which the peer may use
111    without authenticating itself. */
112 static struct wordlist *noauth_addrs;
113 
114 /* Extra options to apply, from the secrets file entry for the peer. */
115 static struct wordlist *extra_options;
116 
117 /* Source of those extra options. */
118 static const char *extra_opt_filename;
119 static int extra_opt_line;
120 
121 /* Number of network protocols which we have opened. */
122 static int num_np_open;
123 
124 /* Number of network protocols which have come up. */
125 static int num_np_up;
126 
127 /* Set if we got the contents of passwd[] from the pap-secrets file. */
128 static int passwd_from_file;
129 
130 /* Set if we require authentication only because we have a default route. */
131 static bool default_auth;
132 
133 /* Hook to enable a plugin to control the idle time limit */
134 int (*idle_time_hook) __P((struct ppp_idle *)) = NULL;
135 
136 /* Hook for a plugin to say whether we can possibly authenticate any peer */
137 int (*pap_check_hook) __P((void)) = NULL;
138 
139 /* Hook for a plugin to check the PAP user and password */
140 int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
141 			  struct wordlist **paddrs,
142 			  struct wordlist **popts)) = NULL;
143 
144 /* Hook for a plugin to know about the PAP user logout */
145 void (*pap_logout_hook) __P((void)) = NULL;
146 
147 /* Hook for a plugin to get the PAP password for authenticating us */
148 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
149 
150 /*
151  * This is used to ensure that we don't start an auth-up/down
152  * script while one is already running.
153  */
154 enum script_state {
155     s_down,
156     s_up
157 };
158 
159 static enum script_state auth_state = s_down;
160 static enum script_state auth_script_state = s_down;
161 static pid_t auth_script_pid = 0;
162 
163 /*
164  * This is set by scan_authfile if a client matches, but server doesn't
165  * (possible configuration error).
166  */
167 static char scan_server_match_failed[MAXWORDLEN];
168 
169 /*
170  * Option variables.
171  */
172 bool uselogin = 0;		/* Use /etc/passwd for checking PAP */
173 bool cryptpap = 0;		/* Passwords in pap-secrets are encrypted */
174 bool refuse_pap = 0;		/* Don't wanna auth. ourselves with PAP */
175 bool refuse_chap = 0;		/* Don't wanna auth. ourselves with CHAP */
176 bool usehostname = 0;		/* Use hostname for our_name */
177 bool auth_required = 0;		/* Always require authentication from peer */
178 bool allow_any_ip = 0;		/* Allow peer to use any IP address */
179 bool explicit_remote = 0;	/* User specified explicit remote name */
180 char remote_name[MAXNAMELEN];	/* Peer's name for authentication */
181 
182 #ifdef CHAPMS
183 bool refuse_mschap = 0;		/* Don't wanna auth. ourself with MS-CHAPv1 */
184 #else
185 bool refuse_mschap = 1;		/* Never auth. ourself with MS-CHAPv1 */
186 #endif
187 #ifdef CHAPMSV2
188 bool refuse_mschapv2 = 0;	/* Don't wanna auth. ourself with MS-CHAPv2 */
189 #else
190 bool refuse_mschapv2 = 1;	/* Never auth. ourself with MS-CHAPv2 */
191 #endif
192 
193 #ifdef USE_PAM
194 bool use_pam = 1;		/* Enable use of PAM by default */
195 #else
196 bool use_pam = 0;		/* Disable use of PAM by default */
197 #endif
198 
199 /* Bits in auth_pending[] */
200 #define PAP_WITHPEER	1
201 #define PAP_PEER	2
202 #define CHAP_WITHPEER	4
203 #define CHAP_PEER	8
204 
205 /* Prototypes for procedures local to this file. */
206 
207 static void network_phase __P((int));
208 static void check_idle __P((void *));
209 static void connect_time_expired __P((void *));
210 static int  plogin __P((char *, char *, char **));
211 static void plogout __P((void));
212 static int  null_login __P((int));
213 static int  get_pap_passwd __P((char *));
214 static int  have_pap_secret __P((int *));
215 static int  have_chap_secret __P((char *, char *, int, int *));
216 static int  ip_addr_check __P((u_int32_t, struct permitted_ip *));
217 static int  scan_authfile __P((FILE *, char *, char *, char *,
218 			       struct wordlist **, struct wordlist **,
219 			       char *));
220 static void free_wordlist __P((struct wordlist *));
221 static void auth_script __P((char *));
222 static void auth_script_done __P((void *, int));
223 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
224 static int  some_ip_ok __P((struct wordlist *));
225 static int  setupapfile __P((char **, option_t *));
226 static int  privgroup __P((char **, option_t *));
227 static int  set_noauth_addr __P((char **, option_t *));
228 static void check_access __P((FILE *, char *));
229 
230 /*
231  * Authentication-related options.
232  */
233 option_t auth_options[] = {
234     { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
235       "Require PAP authentication from peer", 1, &auth_required },
236     { "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
237       "Require PAP authentication from peer", 1, &auth_required },
238     { "refuse-pap", o_bool, &refuse_pap,
239       "Don't agree to auth to peer with PAP", 1 },
240     { "-pap", o_bool, &refuse_pap,
241       "Don't allow PAP authentication with peer", 1 },
242     { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
243       "Require CHAP authentication from peer", 1, &auth_required },
244     { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
245       "Require CHAP authentication from peer", 1, &auth_required },
246     { "refuse-chap", o_bool, &refuse_chap,
247       "Don't agree to auth to peer with CHAP", 1 },
248     { "-chap", o_bool, &refuse_chap,
249       "Don't allow CHAP authentication with peer", 1 },
250     { "name", o_string, our_name,
251       "Set local name for authentication",
252       OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
253     { "user", o_string, user,
254       "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
255     { "usehostname", o_bool, &usehostname,
256       "Must use hostname for authentication", 1 },
257     { "remotename", o_string, remote_name,
258       "Set remote name for authentication", OPT_STATIC,
259       &explicit_remote, MAXNAMELEN },
260     { "auth", o_bool, &auth_required,
261       "Require authentication from peer", 1 },
262     { "noauth", o_bool, &auth_required,
263       "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
264     {  "login", o_bool, &uselogin,
265       "Use system password database for PAP", 1 },
266     { "papcrypt", o_bool, &cryptpap,
267       "PAP passwords are encrypted", 1 },
268     { "+ua", o_special, (void *)setupapfile,
269       "Get PAP user and password from file" },
270     { "password", o_string, passwd,
271       "Password for authenticating us to the peer", OPT_STATIC,
272       NULL, MAXSECRETLEN },
273     { "privgroup", o_special, (void *)privgroup,
274       "Allow group members to use privileged options", OPT_PRIV },
275     { "allow-ip", o_special, (void *)set_noauth_addr,
276       "Set peer IP address(es) usable without authentication",
277       OPT_PRIV },
278 #ifdef CHAPMS
279     { "require-mschap", o_bool, &lcp_wantoptions[0].neg_mschap,
280       "Require MS-CHAPv1 authentication from peer", 1, &auth_required },
281     { "refuse-mschap", o_bool, &refuse_mschap,
282       "Don't agree to authenticate to peer with MS-CHAPv1", 1 },
283 #endif
284 #ifdef CHAPMSV2
285     { "require-mschapv2", o_bool, &lcp_wantoptions[0].neg_mschapv2,
286       "Require MS-CHAPv2 authentication from peer", 1, &auth_required },
287     { "refuse-mschapv2", o_bool, &refuse_mschapv2,
288       "Don't agree to authenticate to peer with MS-CHAPv2", 1 },
289 #endif
290 #ifdef ALLOW_PAM
291     { "pam", o_bool, &use_pam,
292       "Enable use of Pluggable Authentication Modules", OPT_PRIV|1 },
293     { "nopam", o_bool, &use_pam,
294       "Disable use of Pluggable Authentication Modules", OPT_PRIV|0 },
295 #endif
296     { NULL }
297 };
298 
299 /*
300  * setupapfile - specifies UPAP info for authenticating with peer.
301  */
302 /*ARGSUSED*/
303 static int
304 setupapfile(argv, opt)
305     char **argv;
306     option_t *opt;
307 {
308     FILE * ufile;
309     int l;
310 
311     lcp_allowoptions[0].neg_upap = 1;
312 
313     /* open user info file */
314     (void) seteuid(getuid());
315     ufile = fopen(*argv, "r");
316     (void) seteuid(0);
317     if (ufile == NULL) {
318 	option_error("unable to open user login data file %s", *argv);
319 	return 0;
320     }
321     check_access(ufile, *argv);
322 
323     /* get username */
324     if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
325 	|| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
326 	option_error("unable to read user login data file %s", *argv);
327 	return 0;
328     }
329     (void) fclose(ufile);
330 
331     /* get rid of newlines */
332     l = strlen(user);
333     if (l > 0 && user[l-1] == '\n')
334 	user[l-1] = '\0';
335     l = strlen(passwd);
336     if (l > 0 && passwd[l-1] == '\n')
337 	passwd[l-1] = '\0';
338 
339     return (1);
340 }
341 
342 
343 /*
344  * privgroup - allow members of the group to have privileged access.
345  */
346 /*ARGSUSED*/
347 static int
348 privgroup(argv, opt)
349     char **argv;
350     option_t *opt;
351 {
352     struct group *g;
353     int i;
354 
355     g = getgrnam(*argv);
356     if (g == NULL) {
357 	option_error("group %s is unknown", *argv);
358 	return 0;
359     }
360     for (i = 0; i < ngroups; ++i) {
361 	if (groups[i] == g->gr_gid) {
362 	    privileged = 1;
363 	    break;
364 	}
365     }
366     return 1;
367 }
368 
369 
370 /*
371  * set_noauth_addr - set address(es) that can be used without authentication.
372  * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
373  */
374 /*ARGSUSED*/
375 static int
376 set_noauth_addr(argv, opt)
377     char **argv;
378     option_t *opt;
379 {
380     char *addr = *argv;
381     int l = strlen(addr);
382     struct wordlist *wp;
383 
384     wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
385     if (wp == NULL)
386 	novm("allow-ip argument");
387     wp->word = (char *) (wp + 1);
388     wp->next = noauth_addrs;
389     (void) strcpy(wp->word, addr);
390     noauth_addrs = wp;
391     return 1;
392 }
393 
394 /*
395  * An Open on LCP has requested a change from Dead to Establish phase.
396  * Do what's necessary to bring the physical layer up.
397  */
398 /*ARGSUSED*/
399 void
400 link_required(unit)
401     int unit;
402 {
403 }
404 
405 /*
406  * LCP has terminated the link; go to the Dead phase and take the
407  * physical layer down.
408  */
409 /*ARGSUSED*/
410 void
411 link_terminated(unit)
412     int unit;
413 {
414     const char *pn1, *pn2;
415 
416     if (phase == PHASE_DEAD)
417 	return;
418     if (pap_logout_hook != NULL) {
419 	(*pap_logout_hook)();
420     } else {
421 	if (logged_in)
422 	    plogout();
423     }
424     new_phase(PHASE_DEAD);
425     if (peer_nak_auth) {
426 	if ((pn1 = protocol_name(nak_auth_orig)) == NULL)
427 	    pn1 = "?";
428 	if ((pn2 = protocol_name(nak_auth_proto)) == NULL)
429 	    pn2 = "?";
430 	warn("Peer sent Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)",
431 	    nak_auth_orig, pn1, nak_auth_proto, pn2);
432     }
433     if (unsolicited_nak_auth) {
434 	if ((pn1 = protocol_name(unsolicit_auth_proto)) == NULL)
435 	    pn1 = "?";
436 	warn("Peer unexpectedly asked us to authenticate with 0x%x (%s)",
437 	    unsolicit_auth_proto, pn1);
438     }
439     if (peer_reject_auth) {
440 	if ((pn1 = protocol_name(reject_auth_proto)) == NULL)
441 	    pn1 = "?";
442 	warn("Peer rejected our demand for 0x%x (%s)",
443 	    reject_auth_proto, pn1);
444     }
445     if (naked_peers_auth) {
446 	if ((pn1 = protocol_name(naked_auth_orig)) == NULL)
447 	    pn1 = "?";
448 	if ((pn2 = protocol_name(naked_auth_proto)) == NULL)
449 	    pn2 = "?";
450 	warn("We set Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)",
451 	    naked_auth_orig, pn1, naked_auth_proto, pn2);
452     }
453     if (rejected_peers_auth) {
454 	if ((pn1 = protocol_name(rejected_auth_proto)) == NULL)
455 	    pn1 = "?";
456 	warn("We rejected the peer's demand for 0x%x (%s)",
457 	    rejected_auth_proto, pn1);
458     }
459 
460     peer_nak_auth = unsolicited_nak_auth = peer_reject_auth =
461 	rejected_peers_auth = naked_peers_auth = 0;
462     nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = reject_auth_proto =
463 	rejected_auth_proto = naked_auth_orig = naked_auth_proto = 0;
464     notice("Connection terminated.");
465 }
466 
467 /*
468  * LCP has gone down; it will either die or try to re-establish.
469  */
470 void
471 link_down(unit)
472     int unit;
473 {
474     int i;
475     struct protent *protp;
476 
477     auth_state = s_down;
478     if (auth_script_state == s_up && auth_script_pid == 0) {
479 	update_link_stats(unit);
480 	auth_script_state = s_down;
481 	auth_script(_PATH_AUTHDOWN);
482     }
483     for (i = 0; (protp = protocols[i]) != NULL; ++i) {
484 	if (!protp->enabled_flag)
485 	    continue;
486         if (protp->protocol != PPP_LCP && protp->lowerdown != NULL)
487 	    (*protp->lowerdown)(unit);
488         if (protp->protocol < 0xC000 && protp->close != NULL)
489 	    (*protp->close)(unit, "LCP down");
490     }
491     num_np_open = 0;
492     num_np_up = 0;
493     if (phase != PHASE_DEAD)
494 	new_phase(PHASE_TERMINATE);
495 }
496 
497 /*
498  * The link is established.
499  * Proceed to the Dead, Authenticate or Network phase as appropriate.
500  */
501 void
502 link_established(unit)
503     int unit;
504 {
505     int auth;
506     lcp_options *wo = &lcp_wantoptions[unit];
507     lcp_options *go = &lcp_gotoptions[unit];
508     lcp_options *ho = &lcp_hisoptions[unit];
509     int i;
510     struct protent *protp;
511 
512     /*
513      * Tell higher-level protocols that LCP is up.
514      */
515     for (i = 0; (protp = protocols[i]) != NULL; ++i)
516         if (protp->protocol != PPP_LCP && protp->enabled_flag
517 	    && protp->lowerup != NULL)
518 	    (*protp->lowerup)(unit);
519 
520     if (auth_required && !(go->neg_chap || go->neg_mschap ||
521 	go->neg_mschapv2 || go->neg_upap)) {
522 	/*
523 	 * We wanted the peer to authenticate itself, and it refused:
524 	 * if we have some address(es) it can use without auth, fine,
525 	 * otherwise treat it as though it authenticated with PAP using
526 	 * a username * of "" and a password of "".  If that's not OK,
527 	 * boot it out.
528 	 */
529 	if (noauth_addrs != NULL) {
530 	    set_allowed_addrs(unit, noauth_addrs, NULL);
531 	} else if (!wo->neg_upap || !null_login(unit)) {
532 	    warn("peer refused to authenticate: terminating link");
533 	    lcp_close(unit, "peer refused to authenticate");
534 	    status = EXIT_PEER_AUTH_FAILED;
535 	    return;
536 	}
537     }
538 
539     new_phase(PHASE_AUTHENTICATE);
540     auth = 0;
541     if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) {
542 	if (go->neg_chap) {
543 	    if (debug)
544 		dbglog("Authenticating peer with standard CHAP");
545 	    go->chap_mdtype = CHAP_DIGEST_MD5;
546 	} else if (go->neg_mschap) {
547 	    if (debug)
548 		dbglog("Authenticating peer with MS-CHAPv1");
549 	    go->chap_mdtype = CHAP_MICROSOFT;
550 	} else {
551 	    if (debug)
552 		dbglog("Authenticating peer with MS-CHAPv2");
553 	    go->chap_mdtype = CHAP_MICROSOFT_V2;
554 	}
555 	ChapAuthPeer(unit, our_name, go->chap_mdtype);
556 	auth |= CHAP_PEER;
557     } else if (go->neg_upap) {
558 	if (debug)
559 	    dbglog("Authenticating peer with PAP");
560 	upap_authpeer(unit);
561 	auth |= PAP_PEER;
562     }
563     if (ho->neg_chap || ho->neg_mschap || ho->neg_mschapv2) {
564 	switch (ho->chap_mdtype) {
565 	case CHAP_DIGEST_MD5:
566 	    if (debug)
567 		dbglog("Authenticating to peer with standard CHAP");
568 	    break;
569 	case CHAP_MICROSOFT:
570 	    if (debug)
571 		dbglog("Authenticating to peer with MS-CHAPv1");
572 	    break;
573 	case CHAP_MICROSOFT_V2:
574 	    if (debug)
575 		dbglog("Authenticating to peer with MS-CHAPv2");
576 	    break;
577 	default:
578 	    if (debug)
579 		dbglog("Authenticating to peer with CHAP 0x%x", ho->chap_mdtype);
580 	    break;
581 	}
582 	ChapAuthWithPeer(unit, user, ho->chap_mdtype);
583 	auth |= CHAP_WITHPEER;
584     } else if (ho->neg_upap) {
585 	if (passwd[0] == '\0') {
586 	    passwd_from_file = 1;
587 	    if (!get_pap_passwd(passwd))
588 		error("No secret found for PAP login");
589 	}
590 	if (debug)
591 	    dbglog("Authenticating to peer with PAP");
592 	upap_authwithpeer(unit, user, passwd);
593 	auth |= PAP_WITHPEER;
594     }
595     auth_pending[unit] = auth;
596 
597     if (!auth)
598 	network_phase(unit);
599 }
600 
601 /*
602  * Proceed to the network phase.
603  */
604 static void
605 network_phase(unit)
606     int unit;
607 {
608     lcp_options *go = &lcp_gotoptions[unit];
609 
610     /*
611      * If the peer had to authenticate, run the auth-up script now.
612      */
613     if (go->neg_chap || go->neg_mschap || go->neg_mschapv2 || go->neg_upap) {
614 	auth_state = s_up;
615 	if (auth_script_state == s_down && auth_script_pid == 0) {
616 	    auth_script_state = s_up;
617 	    auth_script(_PATH_AUTHUP);
618 	}
619     }
620 
621     /*
622      * Process extra options from the secrets file
623      */
624     if (extra_options != NULL) {
625 	option_source = (char *)extra_opt_filename;
626 	option_line = extra_opt_line;
627 	(void) options_from_list(extra_options, 1);
628 	free_wordlist(extra_options);
629 	extra_options = NULL;
630     }
631 
632 #ifdef CBCP_SUPPORT
633     /*
634      * If we negotiated callback, do it now.
635      */
636     if (go->neg_cbcp) {
637 	new_phase(PHASE_CALLBACK);
638 	(*cbcp_protent.open)(unit);
639 	return;
640     }
641 #endif
642 
643     start_networks();
644 }
645 
646 void
647 start_networks()
648 {
649     int i;
650     struct protent *protp;
651 
652     new_phase(PHASE_NETWORK);
653 
654 #ifdef HAVE_MULTILINK
655     if (multilink) {
656 	if (mp_join_bundle()) {
657 	    if (updetach && !nodetach)
658 		detach();
659 	    return;
660 	}
661     }
662 #endif /* HAVE_MULTILINK */
663 
664 #if 0
665     if (!demand)
666 	set_filters(&pass_filter, &active_filter);
667 #endif
668     for (i = 0; (protp = protocols[i]) != NULL; ++i)
669         if (protp->protocol < 0xC000 && protp->enabled_flag
670 	    && protp->open != NULL) {
671 	    (*protp->open)(0);
672 	    if (protp->protocol != PPP_CCP)
673 		++num_np_open;
674 	}
675 
676     if (num_np_open == 0)
677 	/* nothing to do */
678 	lcp_close(0, "No network protocols running");
679 }
680 
681 /*
682  * The peer has failed to authenticate himself using `protocol'.
683  */
684 /*ARGSUSED*/
685 void
686 auth_peer_fail(unit, protocol)
687     int unit, protocol;
688 {
689     /*
690      * Authentication failure: take the link down
691      */
692     lcp_close(unit, "Authentication failed");
693     status = EXIT_PEER_AUTH_FAILED;
694 }
695 
696 /*
697  * The peer has been successfully authenticated using `protocol'.
698  */
699 void
700 auth_peer_success(unit, protocol, name, namelen)
701     int unit, protocol;
702     char *name;
703     int namelen;
704 {
705     int bit;
706 
707     switch (protocol) {
708     case PPP_CHAP:
709 	bit = CHAP_PEER;
710 	break;
711     case PPP_PAP:
712 	bit = PAP_PEER;
713 	break;
714     default:
715 	warn("auth_peer_success: unknown protocol %x", protocol);
716 	return;
717     }
718 
719     /*
720      * Save the authenticated name of the peer for later.
721      */
722     if (namelen > sizeof(peer_authname) - 1)
723 	namelen = sizeof(peer_authname) - 1;
724     BCOPY(name, peer_authname, namelen);
725     peer_authname[namelen] = '\0';
726     script_setenv("PEERNAME", peer_authname, 0);
727 
728     /*
729      * If there is no more authentication still to be done,
730      * proceed to the network (or callback) phase.
731      */
732     if ((auth_pending[unit] &= ~bit) == 0)
733         network_phase(unit);
734 }
735 
736 /*
737  * We have failed to authenticate ourselves to the peer using `protocol'.
738  */
739 /*ARGSUSED*/
740 void
741 auth_withpeer_fail(unit, protocol)
742     int unit, protocol;
743 {
744     if (passwd_from_file)
745 	BZERO(passwd, MAXSECRETLEN);
746     /*
747      * We've failed to authenticate ourselves to our peer.
748      * Some servers keep sending CHAP challenges, but there
749      * is no point in persisting without any way to get updated
750      * authentication secrets.
751      */
752     lcp_close(unit, "Failed to authenticate ourselves to peer");
753     status = EXIT_AUTH_TOPEER_FAILED;
754 }
755 
756 /*
757  * We have successfully authenticated ourselves with the peer using `protocol'.
758  */
759 void
760 auth_withpeer_success(unit, protocol)
761     int unit, protocol;
762 {
763     int bit;
764 
765     switch (protocol) {
766     case PPP_CHAP:
767 	bit = CHAP_WITHPEER;
768 	break;
769     case PPP_PAP:
770 	if (passwd_from_file)
771 	    BZERO(passwd, MAXSECRETLEN);
772 	bit = PAP_WITHPEER;
773 	break;
774     default:
775 	warn("auth_withpeer_success: unknown protocol %x", protocol);
776 	bit = 0;
777     }
778 
779     /*
780      * If there is no more authentication still being done,
781      * proceed to the network (or callback) phase.
782      */
783     if ((auth_pending[unit] &= ~bit) == 0)
784 	network_phase(unit);
785 }
786 
787 
788 /*
789  * np_up - a network protocol has come up.
790  */
791 /*ARGSUSED*/
792 void
793 np_up(unit, proto)
794     int unit, proto;
795 {
796     int tlim;
797 
798     if (num_np_up == 0) {
799 	/*
800 	 * At this point we consider that the link has come up successfully.
801 	 */
802 	status = EXIT_OK;
803 	unsuccess = 0;
804 
805 	peer_nak_auth = unsolicited_nak_auth = peer_reject_auth =
806 	    rejected_peers_auth = naked_peers_auth = 0;
807 	nak_auth_proto = nak_auth_orig = unsolicit_auth_proto =
808 	    reject_auth_proto = rejected_auth_proto = naked_auth_orig =
809 	    naked_auth_proto = 0;
810 
811 	new_phase(PHASE_RUNNING);
812 
813 	if (idle_time_hook != NULL)
814 	    tlim = (*idle_time_hook)(NULL);
815 	else
816 	    tlim = idle_time_limit;
817 	if (tlim > 0)
818 	    TIMEOUT(check_idle, NULL, tlim);
819 
820 	/*
821 	 * Set a timeout to close the connection once the maximum
822 	 * connect time has expired.
823 	 */
824 	if (maxconnect > 0) {
825 	    TIMEOUT(connect_time_expired, &lcp_fsm[unit], maxconnect);
826 
827 	    /*
828 	     * Tell LCP to send Time-Remaining packets.  One should be
829 	     * sent out now, at maxconnect-300, at maxconnect-120, and
830 	     * again at maxconnect-30.
831 	     */
832 	    lcp_settimeremaining(unit, maxconnect, maxconnect);
833 	    if (maxconnect > 300)
834 		lcp_settimeremaining(unit, maxconnect, 300);
835 	    if (maxconnect > 120)
836 		lcp_settimeremaining(unit, maxconnect, 120);
837 	    if (maxconnect > 30)
838 		lcp_settimeremaining(unit, maxconnect, 30);
839 	}
840 
841 	/*
842 	 * Detach now, if the updetach option was given.
843 	 */
844 	if (updetach && !nodetach)
845 	    detach();
846     }
847     ++num_np_up;
848 }
849 
850 /*
851  * np_down - a network protocol has gone down.
852  */
853 /*ARGSUSED*/
854 void
855 np_down(unit, proto)
856     int unit, proto;
857 {
858     if (--num_np_up == 0) {
859 	UNTIMEOUT(check_idle, NULL);
860 	new_phase(PHASE_NETWORK);
861     }
862 }
863 
864 /*
865  * np_finished - a network protocol has finished using the link.
866  */
867 /*ARGSUSED*/
868 void
869 np_finished(unit, proto)
870     int unit, proto;
871 {
872     if (--num_np_open <= 0) {
873 	/* no further use for the link: shut up shop. */
874 	lcp_close(0, "No network protocols running");
875     }
876 }
877 
878 /*
879  * check_idle - check whether the link has been idle for long
880  * enough that we can shut it down.
881  */
882 /*ARGSUSED*/
883 static void
884 check_idle(arg)
885     void *arg;
886 {
887     struct ppp_idle idle;
888     time_t itime;
889     int tlim;
890 
891     if (!get_idle_time(0, &idle))
892 	return;
893     if (idle_time_hook != NULL) {
894 	tlim = (*idle_time_hook)(&idle);
895     } else {
896 	itime = MIN(idle.xmit_idle, idle.recv_idle);
897 	tlim = idle_time_limit - itime;
898     }
899     if (tlim <= 0) {
900 	/* link is idle: shut it down. */
901 	notice("Terminating connection due to lack of activity.");
902 	lcp_close(0, "Link inactive");
903 	need_holdoff = 0;
904 	status = EXIT_IDLE_TIMEOUT;
905     } else {
906 	TIMEOUT(check_idle, NULL, tlim);
907     }
908 }
909 
910 /*
911  * connect_time_expired - log a message and close the connection.
912  */
913 /*ARGSUSED*/
914 static void
915 connect_time_expired(arg)
916     void *arg;
917 {
918     fsm *f = (fsm *)arg;
919 
920     info("Connect time expired");
921     lcp_close(f->unit, "Connect time expired");	/* Close connection */
922     status = EXIT_CONNECT_TIME;
923 }
924 
925 /*
926  * auth_check_options - called to check authentication options.
927  */
928 void
929 auth_check_options()
930 {
931     lcp_options *wo = &lcp_wantoptions[0];
932     int can_auth;
933     int lacks_ip;
934 
935     /* Default our_name to hostname, and user to our_name */
936     if (our_name[0] == '\0' || usehostname)
937 	(void) strlcpy(our_name, hostname, sizeof(our_name));
938     if (user[0] == '\0')
939 	(void) strlcpy(user, our_name, sizeof(user));
940 
941     /*
942      * If we have a default route, require the peer to authenticate
943      * unless the noauth option was given or the real user is root.
944      */
945     if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) {
946 	auth_required = 1;
947 	default_auth = 1;
948     }
949 
950     /* If authentication is required, ask peer for CHAP or PAP. */
951     if (auth_required) {
952 	if (!wo->neg_chap && !wo->neg_mschap && !wo->neg_mschapv2 &&
953 	    !wo->neg_upap) {
954 	    wo->neg_chap = 1;
955 #ifdef CHAPMS
956 	    wo->neg_mschap = 1;
957 #endif
958 #ifdef CHAPMSV2
959 	    wo->neg_mschapv2 = 1;
960 #endif
961 	    wo->chap_mdtype = CHAP_DIGEST_MD5;
962 	    wo->neg_upap = 1;
963 	}
964     } else {
965 	wo->neg_chap = 0;
966 	wo->neg_mschap = 0;
967 	wo->neg_mschapv2 = 0;
968 	wo->neg_upap = 0;
969     }
970 
971     /*
972      * Check whether we have appropriate secrets to use
973      * to authenticate the peer.
974      */
975     lacks_ip = 0;
976     can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip));
977     if (!can_auth && (wo->neg_chap || wo->neg_mschap || wo->neg_mschapv2)) {
978 	can_auth = have_chap_secret((explicit_remote? remote_name: NULL),
979 				    our_name, 1, &lacks_ip);
980     }
981 
982     if (auth_required && !can_auth && noauth_addrs == NULL) {
983 	if (default_auth) {
984 	    option_error(
985 "By default the remote system is required to authenticate itself");
986 	    option_error(
987 "(because this system has a default route to the Internet)");
988 	} else if (explicit_remote)
989 	    option_error(
990 "The remote system (%s) is required to authenticate itself",
991 			 remote_name);
992 	else
993 	    option_error(
994 "The remote system is required to authenticate itself");
995 	option_error(
996 "but I couldn't find any suitable secret (password) for it to use to do so.");
997 	if (lacks_ip)
998 	    option_error(
999 "(None of the available passwords would let it use an IP address.)");
1000 
1001 	exit(1);
1002     }
1003 }
1004 
1005 /*
1006  * auth_reset - called when LCP is starting negotiations to recheck
1007  * authentication options, i.e. whether we have appropriate secrets
1008  * to use for authenticating ourselves and/or the peer.
1009  */
1010 void
1011 auth_reset(unit)
1012     int unit;
1013 {
1014     lcp_options *go = &lcp_gotoptions[unit];
1015     lcp_options *ao = &lcp_allowoptions[unit];
1016     int havesecret;
1017 
1018     ao->neg_upap = !refuse_pap && (passwd[0] != '\0' || get_pap_passwd(NULL));
1019 
1020     havesecret = passwd[0] != '\0' ||
1021 	have_chap_secret(user, (explicit_remote? remote_name: NULL), 0, NULL);
1022     ao->neg_chap = !refuse_chap && havesecret;
1023     ao->neg_mschap = !refuse_mschap && havesecret;
1024     ao->neg_mschapv2 = !refuse_mschapv2 && havesecret;
1025     if (ao->neg_chap)
1026 	ao->chap_mdtype = CHAP_DIGEST_MD5;
1027     else if (ao->neg_mschap)
1028 	ao->chap_mdtype = CHAP_MICROSOFT;
1029     else
1030 	ao->chap_mdtype = CHAP_MICROSOFT_V2;
1031 
1032     if (go->neg_upap && !uselogin && !have_pap_secret(NULL))
1033 	go->neg_upap = 0;
1034     if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) {
1035 	havesecret = have_chap_secret((explicit_remote? remote_name: NULL),
1036 		our_name, 1, NULL);
1037 	if (!havesecret)
1038 	    go->neg_chap = go->neg_mschap = go->neg_mschapv2 = 0;
1039 	else if (go->neg_chap)
1040 	    go->chap_mdtype = CHAP_DIGEST_MD5;
1041 	else if (go->neg_mschap)
1042 	    go->chap_mdtype = CHAP_MICROSOFT;
1043 	else
1044 	    go->chap_mdtype = CHAP_MICROSOFT_V2;
1045     }
1046 }
1047 
1048 
1049 /*
1050  * check_passwd - Check the user name and passwd against the PAP secrets
1051  * file.  If requested, also check against the system password database,
1052  * and login the user if OK.
1053  *
1054  * returns:
1055  *	UPAP_AUTHNAK: Authentication failed.
1056  *	UPAP_AUTHACK: Authentication succeeded.
1057  * In either case, msg points to an appropriate message.
1058  */
1059 int
1060 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
1061     int unit;
1062     char *auser;
1063     int userlen;
1064     char *apasswd;
1065     int passwdlen;
1066     char **msg;
1067 {
1068     int ret;
1069     char *filename;
1070     FILE *f;
1071     struct wordlist *addrs = NULL, *opts = NULL;
1072     char passwd[256], user[256];
1073     char secret[MAXWORDLEN];
1074     static int attempts = 0;
1075 
1076     /*
1077      * Make copies of apasswd and auser, then null-terminate them.
1078      * If there are unprintable characters in the password, make
1079      * them visible.
1080      */
1081     (void) slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd);
1082     (void) slprintf(user, sizeof(user), "%.*v", userlen, auser);
1083     *msg = "";
1084 
1085     /*
1086      * Check if a plugin wants to handle this.
1087      */
1088     if (pap_auth_hook != NULL) {
1089 	/* Set a default and allow the plug-in to change it. */
1090 	extra_opt_filename = "plugin";
1091 	extra_opt_line = 0;
1092 	ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts);
1093 	if (ret >= 0) {
1094 	    if (ret > 0)
1095 		set_allowed_addrs(unit, addrs, opts);
1096 	    BZERO(passwd, sizeof(passwd));
1097 	    if (addrs != NULL)
1098 		free_wordlist(addrs);
1099 	    return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
1100 	}
1101     }
1102 
1103     /*
1104      * Open the file of pap secrets and scan for a suitable secret
1105      * for authenticating this user.
1106      */
1107     filename = _PATH_UPAPFILE;
1108     addrs = opts = NULL;
1109     ret = UPAP_AUTHNAK;
1110     f = fopen(filename, "r");
1111     if (f == NULL) {
1112 	error("Can't open PAP password file %s: %m", filename);
1113 
1114     } else {
1115 	check_access(f, filename);
1116 	if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) {
1117 	    warn("no PAP secret found for %s", user);
1118 	    if (scan_server_match_failed[0] != '\0')
1119 		warn("possible configuration error: local name is %q, but "
1120 		    "found %q instead", our_name, scan_server_match_failed);
1121 	} else if (secret[0] != '\0') {
1122 	    /* password given in pap-secrets - must match */
1123 	    if ((!cryptpap && strcmp(passwd, secret) == 0)
1124 		|| strcmp(crypt(passwd, secret), secret) == 0)
1125 		ret = UPAP_AUTHACK;
1126 	    else
1127 		warn("PAP authentication failure for %s", user);
1128 	} else if (uselogin) {
1129 	    /* empty password in pap-secrets and login option */
1130 	    ret = plogin(user, passwd, msg);
1131 	    if (ret == UPAP_AUTHNAK)
1132 		warn("PAP login failure for %s", user);
1133 	} else {
1134 	    /* empty password in pap-secrets and login option not used */
1135 	    ret = UPAP_AUTHACK;
1136 	}
1137 	(void) fclose(f);
1138     }
1139 
1140     if (ret == UPAP_AUTHNAK) {
1141         if (**msg == '\0')
1142 	    *msg = "Login incorrect";
1143 	/*
1144 	 * Frustrate passwd stealer programs.
1145 	 * Allow 10 tries, but start backing off after 3 (stolen from login).
1146 	 * On 10'th, drop the connection.
1147 	 */
1148 	if (attempts++ >= 10) {
1149 	    warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user);
1150 	    lcp_close(unit, "login failed");
1151 	}
1152 	if (attempts > 3)
1153 	    (void) sleep((u_int) (attempts - 3) * 5);
1154 	if (opts != NULL)
1155 	    free_wordlist(opts);
1156 
1157     } else {
1158 	attempts = 0;			/* Reset count */
1159 	if (**msg == '\0')
1160 	    *msg = "Login ok";
1161 	set_allowed_addrs(unit, addrs, opts);
1162     }
1163 
1164     if (addrs != NULL)
1165 	free_wordlist(addrs);
1166     BZERO(passwd, sizeof(passwd));
1167     BZERO(secret, sizeof(secret));
1168 
1169     return ret;
1170 }
1171 
1172 /*
1173  * This function is needed for PAM.
1174  */
1175 
1176 #ifdef ALLOW_PAM
1177 /* Static variables used to communicate between the conversation function
1178  * and the server_login function
1179  */
1180 static char *PAM_username;
1181 static char *PAM_password;
1182 static int PAM_error = 0;
1183 static pam_handle_t *pamh = NULL;
1184 
1185 /* PAM conversation function
1186  * Here we assume (for now, at least) that echo on means login name, and
1187  * echo off means password.
1188  */
1189 
1190 /*ARGSUSED*/
1191 static int PAM_conv (int num_msg,
1192 #ifndef SOL2
1193     const
1194 #endif
1195     struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
1196 {
1197     int replies = 0;
1198     struct pam_response *reply = NULL;
1199 
1200 #define COPY_STRING(s) (s) ? strdup(s) : NULL
1201 
1202     reply = malloc(sizeof(struct pam_response) * num_msg);
1203     if (reply == NULL)
1204 	return PAM_CONV_ERR;
1205 
1206     for (replies = 0; replies < num_msg; replies++) {
1207         switch (msg[replies]->msg_style) {
1208             case PAM_PROMPT_ECHO_ON:
1209                 reply[replies].resp_retcode = PAM_SUCCESS;
1210                 reply[replies].resp = COPY_STRING(PAM_username);
1211                 /* PAM frees resp */
1212                 break;
1213             case PAM_PROMPT_ECHO_OFF:
1214                 reply[replies].resp_retcode = PAM_SUCCESS;
1215                 reply[replies].resp = COPY_STRING(PAM_password);
1216                 /* PAM frees resp */
1217                 break;
1218             case PAM_TEXT_INFO:
1219                 /* fall through */
1220             case PAM_ERROR_MSG:
1221                 /* ignore it, but pam still wants a NULL response... */
1222                 reply[replies].resp_retcode = PAM_SUCCESS;
1223                 reply[replies].resp = NULL;
1224                 break;
1225             default:
1226                 /* Must be an error of some sort... */
1227                 free (reply);
1228                 PAM_error = 1;
1229                 return PAM_CONV_ERR;
1230         }
1231     }
1232     *resp = reply;
1233     return PAM_SUCCESS;
1234 }
1235 
1236 static struct pam_conv PAM_conversation = {
1237 	PAM_conv, NULL
1238 };
1239 #endif  /* ALLOW_PAM */
1240 
1241 /*
1242  * plogin - Check the user name and password against the system
1243  * password database, and login the user if OK.
1244  *
1245  * returns:
1246  *	UPAP_AUTHNAK: Login failed.
1247  *	UPAP_AUTHACK: Login succeeded.
1248  * In either case, msg points to an appropriate message.
1249  */
1250 
1251 static int
1252 plogin(user, passwd, msg)
1253     char *user;
1254     char *passwd;
1255     char **msg;
1256 {
1257     char *tty;
1258 #ifdef HAS_SHADOW
1259     struct spwd *spwd;
1260 #endif
1261     struct passwd *pw = NULL;
1262 
1263 #ifdef ALLOW_PAM
1264     int pam_error;
1265 
1266     if (use_pam) {
1267 	if (debug)
1268 	    dbglog("using PAM for user authentication");
1269 	pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh);
1270 	if (pam_error != PAM_SUCCESS) {
1271 	    *msg = (char *) pam_strerror (pamh, pam_error);
1272 	    reopen_log();
1273 	    return UPAP_AUTHNAK;
1274 	}
1275 	/*
1276 	 * Define the fields for the credential validation
1277 	 */
1278 
1279 	PAM_username = user;
1280 	PAM_password = passwd;
1281 	PAM_error = 0;
1282 	/* this might be useful to some modules; required for Solaris */
1283 	tty = devnam;
1284 	if (*tty == '\0')
1285 	    tty = ppp_devnam;
1286 	(void) pam_set_item(pamh, PAM_TTY, tty);
1287 #ifdef PAM_RHOST
1288 	(void) pam_set_item(pamh, PAM_RHOST, "");
1289 #endif
1290 
1291 	/*
1292 	 * Validate the user
1293 	 */
1294 	pam_error = pam_authenticate (pamh, PAM_SILENT);
1295 	if (pam_error == PAM_SUCCESS && !PAM_error) {
1296 	    pam_error = pam_acct_mgmt (pamh, PAM_SILENT);
1297 	    if (pam_error == PAM_SUCCESS)
1298 		(void) pam_open_session (pamh, PAM_SILENT);
1299 	}
1300 
1301 	*msg = (char *) pam_strerror (pamh, pam_error);
1302 
1303 	/*
1304 	 * Clean up the mess
1305 	 */
1306 	reopen_log();	/* apparently the PAM stuff does closelog() */
1307 	PAM_username = NULL;
1308 	PAM_password = NULL;
1309 	if (pam_error != PAM_SUCCESS)
1310 	    return UPAP_AUTHNAK;
1311     } else
1312 #endif /* ALLOW_PAM */
1313 
1314     {
1315 	if (debug) {
1316 #ifdef HAS_SHADOW
1317 	    dbglog("using passwd/shadow for user authentication");
1318 #else
1319 	    dbglog("using passwd for user authentication");
1320 #endif
1321 	}
1322 /*
1323  * Use the non-PAM methods directly
1324  */
1325 
1326 	pw = getpwnam(user);
1327 
1328 	endpwent();
1329 	if (pw == NULL)
1330 	    return (UPAP_AUTHNAK);
1331 
1332 #ifdef HAS_SHADOW
1333 	spwd = getspnam(user);
1334 	endspent();
1335 	if (spwd != NULL) {
1336 	    /* check the age of the password entry */
1337 	    long now = time(NULL) / 86400L;
1338 
1339 	    if ((spwd->sp_expire > 0 && now >= spwd->sp_expire)
1340 		|| ((spwd->sp_max >= 0 && spwd->sp_max < 10000)
1341 		&& spwd->sp_lstchg >= 0
1342 		&& now >= spwd->sp_lstchg + spwd->sp_max)) {
1343 		warn("Password for %s has expired", user);
1344 		return (UPAP_AUTHNAK);
1345 	    }
1346 	    pw->pw_passwd = spwd->sp_pwdp;
1347 	}
1348 #endif
1349 
1350     /*
1351      * If no passwd, don't let them login.
1352      */
1353 	if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 ||
1354 	    strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
1355 	    return (UPAP_AUTHNAK);
1356     }
1357 
1358     /*
1359      * Write a wtmp entry for this user.
1360      */
1361 
1362     tty = devnam;
1363     if (strncmp(tty, "/dev/", 5) == 0)
1364 	tty += 5;
1365     logwtmp(tty, user, remote_name);		/* Add wtmp login entry */
1366 
1367 #ifdef _PATH_LASTLOG
1368     if (!use_pam && pw != (struct passwd *)NULL) {
1369 	struct lastlog ll;
1370 	int fd;
1371 
1372 	if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
1373 	   (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET);
1374 	    BZERO((void *)&ll, sizeof(ll));
1375 	    (void)time(&ll.ll_time);
1376 	    (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
1377 	    (void)write(fd, (char *)&ll, sizeof(ll));
1378 	    (void)close(fd);
1379 	}
1380     }
1381 #endif /* _PATH_LASTLOG */
1382 
1383     info("user %s logged in", user);
1384     logged_in = 1;
1385 
1386     return (UPAP_AUTHACK);
1387 }
1388 
1389 /*
1390  * plogout - Logout the user.
1391  */
1392 static void
1393 plogout()
1394 {
1395     char *tty;
1396 
1397 #ifdef ALLOW_PAM
1398     int pam_error;
1399 
1400     if (use_pam) {
1401 	if (pamh != NULL) {
1402 	    pam_error = pam_close_session (pamh, PAM_SILENT);
1403 	    (void) pam_end (pamh, pam_error);
1404 	    pamh = NULL;
1405 	}
1406 	/* Apparently the pam stuff does closelog(). */
1407 	reopen_log();
1408     } else
1409 #endif /* ALLOW_PAM */
1410 
1411     {
1412 	tty = devnam;
1413 	if (strncmp(tty, "/dev/", 5) == 0)
1414 	    tty += 5;
1415 	/* Wipe out utmp logout entry */
1416 	logwtmp(tty, "", "");
1417     }
1418     logged_in = 0;
1419 }
1420 
1421 
1422 /*
1423  * null_login - Check if a username of "" and a password of "" are
1424  * acceptable, and iff so, set the list of acceptable IP addresses
1425  * and return 1.
1426  */
1427 static int
1428 null_login(unit)
1429     int unit;
1430 {
1431     char *filename;
1432     FILE *f;
1433     int i, ret;
1434     struct wordlist *addrs, *opts;
1435     char secret[MAXWORDLEN];
1436 
1437     /*
1438      * Open the file of pap secrets and scan for a suitable secret.
1439      */
1440     filename = _PATH_UPAPFILE;
1441     addrs = NULL;
1442     f = fopen(filename, "r");
1443     if (f == NULL)
1444 	return 0;
1445     check_access(f, filename);
1446 
1447     i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename);
1448     ret = i >= 0 && secret[0] == '\0';
1449     BZERO(secret, sizeof(secret));
1450 
1451     if (ret)
1452 	set_allowed_addrs(unit, addrs, opts);
1453     else if (opts != NULL)
1454 	free_wordlist(opts);
1455     if (addrs != NULL)
1456 	free_wordlist(addrs);
1457 
1458     (void) fclose(f);
1459     return ret;
1460 }
1461 
1462 
1463 /*
1464  * get_pap_passwd - get a password for authenticating ourselves with
1465  * our peer using PAP.  Returns 1 on success, 0 if no suitable password
1466  * could be found.
1467  * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null).
1468  */
1469 static int
1470 get_pap_passwd(passwd)
1471     char *passwd;
1472 {
1473     char *filename;
1474     FILE *f;
1475     int ret;
1476     char secret[MAXWORDLEN];
1477 
1478     /*
1479      * Check whether a plugin wants to supply this.
1480      */
1481     if (pap_passwd_hook != NULL) {
1482 	ret = (*pap_passwd_hook)(user, passwd);
1483 	if (ret >= 0)
1484 	    return ret;
1485     }
1486 
1487     filename = _PATH_UPAPFILE;
1488     f = fopen(filename, "r");
1489     if (f == NULL)
1490 	return 0;
1491     check_access(f, filename);
1492     ret = scan_authfile(f, user,
1493 			(remote_name[0] != '\0' ? remote_name: NULL),
1494 			secret, NULL, NULL, filename);
1495     (void) fclose(f);
1496     if (ret < 0)
1497 	return 0;
1498     if (passwd != NULL)
1499 	(void) strlcpy(passwd, secret, MAXSECRETLEN);
1500     BZERO(secret, sizeof(secret));
1501     return 1;
1502 }
1503 
1504 
1505 /*
1506  * have_pap_secret - check whether we have a PAP file with any
1507  * secrets that we could possibly use for authenticating the peer.
1508  */
1509 static int
1510 have_pap_secret(lacks_ipp)
1511     int *lacks_ipp;
1512 {
1513     FILE *f;
1514     int ret;
1515     char *filename;
1516     struct wordlist *addrs;
1517 
1518     /* let the plugin decide, if there is one */
1519     if (pap_check_hook != NULL) {
1520 	ret = (*pap_check_hook)();
1521 	if (ret >= 0)
1522 	    return ret;
1523     }
1524 
1525     filename = _PATH_UPAPFILE;
1526     f = fopen(filename, "r");
1527     if (f == NULL)
1528 	return 0;
1529 
1530     ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name,
1531 			NULL, &addrs, NULL, filename);
1532     (void) fclose(f);
1533     if (ret >= 0 && !some_ip_ok(addrs)) {
1534 	if (lacks_ipp != NULL)
1535 	    *lacks_ipp = 1;
1536 	ret = -1;
1537     }
1538     if (addrs != NULL)
1539 	free_wordlist(addrs);
1540 
1541     return ret >= 0;
1542 }
1543 
1544 
1545 /*
1546  * have_chap_secret - check whether we have a CHAP file with a secret
1547  * that we could possibly use for authenticating `client' on `server'.
1548  * Either or both can be the null string, meaning we don't know the
1549  * identity yet.
1550  */
1551 static int
1552 have_chap_secret(client, server, need_ip, lacks_ipp)
1553     char *client;
1554     char *server;
1555     int need_ip;
1556     int *lacks_ipp;
1557 {
1558     FILE *f;
1559     int ret;
1560     char *filename;
1561     struct wordlist *addrs;
1562 
1563     filename = _PATH_CHAPFILE;
1564     f = fopen(filename, "r");
1565     if (f == NULL)
1566 	return 0;
1567 
1568     if (client != NULL && client[0] == '\0')
1569 	client = NULL;
1570     if (server != NULL && server[0] == '\0')
1571 	server = NULL;
1572 
1573     ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename);
1574     (void) fclose(f);
1575     if (ret >= 0 && need_ip && !some_ip_ok(addrs)) {
1576 	if (lacks_ipp != NULL)
1577 	    *lacks_ipp = 1;
1578 	ret = -1;
1579     }
1580     if (addrs != NULL)
1581 	free_wordlist(addrs);
1582 
1583     return ret >= 0;
1584 }
1585 
1586 
1587 /*
1588  * get_secret - open the CHAP secret file and return the secret
1589  * for authenticating the given client on the given server.
1590  *
1591  *	"am_server" means that we're the authenticator (demanding
1592  *	identity from the peer).
1593  *
1594  *	"!am_server" means that we're the authenticatee (supplying
1595  *	identity to the peer).
1596  */
1597 int
1598 get_secret(unit, client, server, secret, secret_len, am_server)
1599     int unit;
1600     char *client;
1601     char *server;
1602     char *secret;
1603     int *secret_len;
1604     int am_server;
1605 {
1606     FILE *f;
1607     int ret, len;
1608     char *filename;
1609     struct wordlist *addrs, *opts;
1610     char secbuf[MAXWORDLEN];
1611 
1612     /*
1613      * Support the 'password' option on authenticatee only in order to
1614      * avoid obvious security problem (authenticator and authenticatee
1615      * within a given implementation must never share secrets).
1616      */
1617     if (!am_server && passwd[0] != '\0') {
1618 	(void) strlcpy(secbuf, passwd, sizeof(secbuf));
1619     } else {
1620 	filename = _PATH_CHAPFILE;
1621 	addrs = NULL;
1622 	secbuf[0] = '\0';
1623 
1624 	f = fopen(filename, "r");
1625 	if (f == NULL) {
1626 	    error("Can't open chap secret file %s: %m", filename);
1627 	    return 0;
1628 	}
1629 	check_access(f, filename);
1630 
1631 	ret = scan_authfile(f, client, server, secbuf, &addrs, &opts,
1632 	    filename);
1633 	(void) fclose(f);
1634 	if (ret < 0) {
1635 	    if (scan_server_match_failed[0] != '\0')
1636 		warn("possible configuration error: local name is %q, but "
1637 		    "found %q instead", our_name, scan_server_match_failed);
1638 	    return 0;
1639 	}
1640 
1641 	/* Only the authenticator cares about limiting peer addresses. */
1642 	if (am_server)
1643 	    set_allowed_addrs(unit, addrs, opts);
1644 	else if (opts != NULL)
1645 	    free_wordlist(opts);
1646 	if (addrs != NULL)
1647 	    free_wordlist(addrs);
1648     }
1649 
1650     len = strlen(secbuf);
1651     if (len > MAXSECRETLEN) {
1652 	error("Secret for %s on %s is too long", client, server);
1653 	len = MAXSECRETLEN;
1654     }
1655     /* Do not leave a temporary copy of the secret on the stack. */
1656     BCOPY(secbuf, secret, len);
1657     BZERO(secbuf, sizeof(secbuf));
1658     *secret_len = len;
1659 
1660     return 1;
1661 }
1662 
1663 /*
1664  * set_allowed_addrs() - set the list of allowed addresses.
1665  * The caller must also look for `--' indicating options to apply for
1666  * this peer and leaves the following words in extra_options.
1667  */
1668 static void
1669 set_allowed_addrs(unit, addrs, opts)
1670     int unit;
1671     struct wordlist *addrs;
1672     struct wordlist *opts;
1673 {
1674     int n;
1675     struct wordlist *ap, **pap;
1676     struct permitted_ip *ip;
1677     char *ptr_word, *ptr_mask;
1678     struct hostent *hp;
1679     struct netent *np;
1680     u_int32_t a, mask, newmask, ah, offset;
1681     struct ipcp_options *wo = &ipcp_wantoptions[unit];
1682     u_int32_t suggested_ip = 0;
1683     int err_num;
1684 
1685     if (addresses[unit] != NULL)
1686 	free(addresses[unit]);
1687     addresses[unit] = NULL;
1688     if (extra_options != NULL)
1689 	free_wordlist(extra_options);
1690     extra_options = opts;
1691 
1692     /*
1693      * Count the number of IP addresses given.
1694      */
1695     for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next)
1696 	++n;
1697     if (n == 0)
1698 	return;
1699     ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip));
1700     if (ip == NULL)
1701 	return;
1702 
1703     n = 0;
1704     for (ap = addrs; ap != NULL; ap = ap->next) {
1705 	/* "-" means no addresses authorized, "*" means any address allowed */
1706 	ptr_word = ap->word;
1707 	if (strcmp(ptr_word, "-") == 0)
1708 	    break;
1709 	if (strcmp(ptr_word, "*") == 0) {
1710 	    ip[n].permit = 1;
1711 	    ip[n].base = ip[n].mask = 0;
1712 	    ++n;
1713 	    break;
1714 	}
1715 
1716 	ip[n].permit = 1;
1717 	if (*ptr_word == '!') {
1718 	    ip[n].permit = 0;
1719 	    ++ptr_word;
1720 	}
1721 
1722 	mask = ~ (u_int32_t) 0;
1723 	offset = 0;
1724 	ptr_mask = strchr (ptr_word, '/');
1725 	if (ptr_mask != NULL) {
1726 	    int bit_count;
1727 	    char *endp;
1728 
1729 	    bit_count = (int) strtol (ptr_mask+1, &endp, 10);
1730 	    if (bit_count <= 0 || bit_count > 32) {
1731 		warn("invalid address length %v in authorized address list",
1732 		     ptr_mask+1);
1733 		continue;
1734 	    }
1735 	    bit_count = 32 - bit_count;	/* # bits in host part */
1736 	    if (*endp == '+') {
1737 		offset = ifunit + 1;
1738 		++endp;
1739 	    }
1740 	    if (*endp != '\0') {
1741 		warn("invalid address length syntax: %v", ptr_mask+1);
1742 		continue;
1743 	    }
1744 	    *ptr_mask = '\0';
1745 	    mask <<= bit_count;
1746 	}
1747 
1748 	/* Try to interpret value as host name or numeric address first */
1749 	hp = getipnodebyname(ptr_word, AF_INET, 0, &err_num);
1750 	if (hp != NULL) {
1751 	    (void) memcpy(&a, hp->h_addr, sizeof(a));
1752 	    freehostent(hp);
1753 	} else {
1754 	    char *cp = ptr_word + strlen(ptr_word);
1755 	    if (cp > ptr_word)
1756 		cp--;
1757 	    if (*cp == '+') {
1758 		offset = ifunit + 1;
1759 		*cp = '\0';
1760 	    }
1761 	    np = getnetbyname (ptr_word);
1762 	    if (np != NULL && np->n_addrtype == AF_INET) {
1763 		ah = np->n_net;
1764 		newmask = (u_int32_t)~0;
1765 		if ((ah & 0xff000000ul) == 0)
1766 		    ah <<= 8, newmask <<= 8;
1767 		if ((ah & 0xff000000ul) == 0)
1768 		    ah <<= 8, newmask <<= 8;
1769 		if ((ah & 0xff000000ul) == 0)
1770 		    ah <<= 8, newmask <<= 8;
1771 		if (ptr_mask == NULL)
1772 		    mask = newmask;
1773 		a = htonl(ah);
1774 	    }
1775 	}
1776 
1777 	if (ptr_mask != NULL)
1778 	    *ptr_mask = '/';
1779 
1780 	if (a == (u_int32_t)-1L) {
1781 	    warn("unknown host %s in auth. address list", ap->word);
1782 	    continue;
1783 	}
1784 	if (offset != 0) {
1785 	    if (offset >= ~mask) {
1786 		warn("interface unit %d too large for subnet %v",
1787 		     ifunit, ptr_word);
1788 		continue;
1789 	    }
1790 	    a = htonl((ntohl(a) & mask) + offset);
1791 	    mask = ~(u_int32_t)0;
1792 	}
1793 	ip[n].mask = htonl(mask);
1794 	ip[n].base = a & ip[n].mask;
1795 	++n;
1796 	if (~mask == 0 && suggested_ip == 0)
1797 	    suggested_ip = a;
1798     }
1799 
1800     /* Sentinel value at end of list */
1801     ip[n].permit = 0;		/* make the last entry forbid all addresses */
1802     ip[n].base = 0;		/* to terminate the list */
1803     ip[n].mask = 0;
1804 
1805     addresses[unit] = ip;
1806 
1807     /*
1808      * If the address given for the peer isn't authorized, or if
1809      * the user hasn't given one, AND there is an authorized address
1810      * which is a single host, then use that if we find one.
1811      */
1812     if (suggested_ip != 0
1813 	&& (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr)))
1814 	wo->hisaddr = suggested_ip;
1815 }
1816 
1817 /*
1818  * auth_ip_addr - check whether the peer is authorized to use
1819  * a given IP address.  Returns 1 if authorized, 0 otherwise.
1820  */
1821 int
1822 auth_ip_addr(unit, addr)
1823     int unit;
1824     u_int32_t addr;
1825 {
1826     int ok;
1827 
1828     /* don't allow loopback or multicast address */
1829     if (bad_ip_adrs(addr))
1830 	return 0;
1831 
1832     if (addresses[unit] != NULL) {
1833 	ok = ip_addr_check(addr, addresses[unit]);
1834 	if (ok >= 0)
1835 	    return ok;
1836     }
1837     if (auth_required)
1838 	return 0;		/* no addresses authorized */
1839     return allow_any_ip || privileged || !have_route_to(addr);
1840 }
1841 
1842 static int
1843 ip_addr_check(addr, addrs)
1844     u_int32_t addr;
1845     struct permitted_ip *addrs;
1846 {
1847     /* This loop is safe because of the sentinel value in set_allowed_addrs */
1848     for (; ; ++addrs)
1849 	if ((addr & addrs->mask) == addrs->base)
1850 	    return addrs->permit;
1851 }
1852 
1853 /*
1854  * bad_ip_adrs - return 1 if the IP address is one we don't want
1855  * to use, such as an address in the loopback net or a multicast address.
1856  * addr is in network byte order.
1857  */
1858 int
1859 bad_ip_adrs(addr)
1860     u_int32_t addr;
1861 {
1862     addr = ntohl(addr);
1863     return
1864 #ifndef ALLOW_127_NET
1865 	(addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
1866 #endif
1867 #ifndef ALLOW_0_NET
1868 	((addr >> IN_CLASSA_NSHIFT) == 0 && addr != 0) ||
1869 #endif
1870 	IN_MULTICAST(addr);
1871 }
1872 
1873 /*
1874  * some_ip_ok - check a wordlist to see if it authorizes any
1875  * IP address(es).
1876  */
1877 static int
1878 some_ip_ok(addrs)
1879     struct wordlist *addrs;
1880 {
1881     for (; addrs != NULL; addrs = addrs->next) {
1882 	if (addrs->word[0] == '-')
1883 	    break;
1884 	if (addrs->word[0] != '!')
1885 	    return 1;		/* some IP address is allowed */
1886     }
1887     return 0;
1888 }
1889 
1890 /*
1891  * check_access - complain if a secret file has too-liberal permissions.
1892  */
1893 static void
1894 check_access(f, filename)
1895     FILE *f;
1896     char *filename;
1897 {
1898     struct stat sbuf;
1899 
1900     if (fstat(fileno(f), &sbuf) < 0) {
1901 	warn("cannot stat secret file %s: %m", filename);
1902     } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
1903 	warn("Warning - secret file %s has world and/or group access",
1904 	     filename);
1905     }
1906 }
1907 
1908 
1909 /*
1910  * scan_authfile - Scan an authorization file for a secret suitable
1911  * for authenticating `client' on `server'.  The return value is -1 if
1912  * no secret is found, otherwise >= 0.  The return value has
1913  * NONWILD_CLIENT set if the secret didn't have "*" for the client,
1914  * and NONWILD_SERVER set if the secret didn't have "*" for the
1915  * server.
1916 
1917  * Any following words on the line up to a "--" (i.e. address
1918  * authorization info) are placed in a wordlist and returned in
1919  * *addrs.  Any following words (extra options) are placed in a
1920  * wordlist and returned in *opts.  If opts is NULL, these are just
1921  * discarded.  Otherwise, the extra_opt_* variables are set to
1922  * indicate the source of the options.
1923  *
1924  * We assume secret is NULL or points to MAXWORDLEN bytes of space.
1925  */
1926 static int
1927 scan_authfile(f, client, server, secret, addrs, opts, filename)
1928     FILE *f;
1929     char *client;
1930     char *server;
1931     char *secret;
1932     struct wordlist **addrs;
1933     struct wordlist **opts;
1934     char *filename;
1935 {
1936     int newline, xxx, sline;
1937     int got_flag, best_flag;
1938     FILE *sf;
1939     struct wordlist *ap, *addr_list, *alist, **app;
1940     char word[MAXWORDLEN];
1941     char atfile[MAXWORDLEN];
1942     char lsecret[MAXWORDLEN];
1943 
1944     scan_server_match_failed[0] = '\0';
1945 
1946     if (addrs != NULL)
1947 	*addrs = NULL;
1948     if (opts != NULL)
1949 	*opts = NULL;
1950     addr_list = NULL;
1951     option_line = 0;
1952     if (!getword(f, word, &newline, filename)) {
1953 	if (debug)
1954 	    dbglog("%s is apparently empty", filename);
1955 	return -1;		/* file is empty??? */
1956     }
1957     newline = 1;
1958     best_flag = -1;
1959     for (;;) {
1960 	/*
1961 	 * Skip until we find a word at the start of a line.
1962 	 */
1963 	while (!newline && getword(f, word, &newline, filename))
1964 	    ;
1965 	if (!newline)
1966 	    break;		/* got to end of file */
1967 
1968 	sline = option_line;
1969 	/*
1970 	 * Got a client - check if it's a match or a wildcard.
1971 	 */
1972 	got_flag = 0;
1973 	if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) {
1974 	    newline = 0;
1975 	    continue;
1976 	}
1977 	if (!ISWILD(word))
1978 	    got_flag = NONWILD_CLIENT;
1979 
1980 	/*
1981 	 * Now get a server and check if it matches.
1982 	 */
1983 	if (!getword(f, word, &newline, filename))
1984 	    break;
1985 	if (newline)
1986 	    continue;
1987 	if (!ISWILD(word)) {
1988 	    if (server != NULL && strcmp(word, server) != 0) {
1989 		(void) strcpy(scan_server_match_failed, word);
1990 		continue;
1991 	    }
1992 	    got_flag |= NONWILD_SERVER;
1993 	}
1994 
1995 	/*
1996 	 * Got some sort of a match - see if it's better than what
1997 	 * we have already.
1998 	 */
1999 	if (got_flag <= best_flag)
2000 	    continue;
2001 
2002 	/*
2003 	 * Get the secret.
2004 	 */
2005 	if (!getword(f, word, &newline, filename))
2006 	    break;
2007 	if (newline)
2008 	    continue;
2009 
2010 	/*
2011 	 * Special syntax: @filename means read secret from file.
2012 	 * Because the secrets files are modifiable only by root,
2013 	 * it's safe to open this file as root.  One small addition --
2014 	 * if open fails, we try as the regular user; just in case
2015 	 * it's over NFS and not root-equivalent.
2016 	 */
2017 	if (word[0] == '@') {
2018 	    (void) strlcpy(atfile, word+1, sizeof(atfile));
2019 	    if ((sf = fopen(atfile, "r")) == NULL) {
2020 		(void) seteuid(getuid());
2021 		sf = fopen(atfile, "r");
2022 		(void) seteuid(0);
2023 	    }
2024 	    if (sf == NULL) {
2025 		warn("can't open indirect secret file %s: %m", atfile);
2026 		continue;
2027 	    }
2028 	    check_access(sf, atfile);
2029 	    if (!getword(sf, word, &xxx, atfile)) {
2030 		warn("no secret in indirect secret file %s", atfile);
2031 		(void) fclose(sf);
2032 		continue;
2033 	    }
2034 	    (void) fclose(sf);
2035 	}
2036 	if (secret != NULL)
2037 	    (void) strlcpy(lsecret, word, sizeof(lsecret));
2038 
2039 	/*
2040 	 * Now read address authorization info and make a wordlist.
2041 	 */
2042 	app = &alist;
2043 	for (;;) {
2044 	    if (!getword(f, word, &newline, filename) || newline)
2045 		break;
2046 	    ap = (struct wordlist *) malloc(sizeof(struct wordlist));
2047 	    if (ap == NULL)
2048 		novm("authorized addresses");
2049 	    ap->word = strdup(word);
2050 	    if (ap->word == NULL)
2051 		novm("authorized addresses");
2052 	    *app = ap;
2053 	    app = &ap->next;
2054 	}
2055 	*app = NULL;
2056 
2057 	/*
2058 	 * This is the best so far; remember it.
2059 	 */
2060 	best_flag = got_flag;
2061 	if (addr_list != NULL)
2062 	    free_wordlist(addr_list);
2063 	addr_list = alist;
2064 	if (secret != NULL)
2065 	    (void) strlcpy(secret, lsecret, MAXWORDLEN);
2066 
2067 	if (opts != NULL) {
2068 	    extra_opt_filename = filename;
2069 	    extra_opt_line = sline;
2070 	}
2071 
2072 	if (!newline)
2073 	    break;
2074     }
2075 
2076     /* scan for a -- word indicating the start of options */
2077     for (app = &addr_list; (ap = *app) != NULL; app = &ap->next)
2078 	if (strcmp(ap->word, "--") == 0)
2079 	    break;
2080     /* ap = start of options */
2081     if (ap != NULL) {
2082 	ap = ap->next;		/* first option */
2083 	free(*app);			/* free the "--" word */
2084 	*app = NULL;		/* terminate addr list */
2085     }
2086     if (opts != NULL)
2087 	*opts = ap;
2088     else if (ap != NULL)
2089 	free_wordlist(ap);
2090     if (addrs != NULL)
2091 	*addrs = addr_list;
2092     else if (addr_list != NULL)
2093 	free_wordlist(addr_list);
2094 
2095     return best_flag;
2096 }
2097 
2098 /*
2099  * free_wordlist - release memory allocated for a wordlist.
2100  */
2101 static void
2102 free_wordlist(wp)
2103     struct wordlist *wp;
2104 {
2105     struct wordlist *next;
2106 
2107     while (wp != NULL) {
2108 	next = wp->next;
2109 	free(wp);
2110 	wp = next;
2111     }
2112 }
2113 
2114 /*
2115  * auth_script_done - called when the auth-up or auth-down script
2116  * has finished.
2117  */
2118 /*ARGSUSED*/
2119 static void
2120 auth_script_done(arg, status)
2121     void *arg;
2122     int status;
2123 {
2124     auth_script_pid = 0;
2125     switch (auth_script_state) {
2126     case s_up:
2127 	if (auth_state == s_down) {
2128 	    auth_script_state = s_down;
2129 	    auth_script(_PATH_AUTHDOWN);
2130 	}
2131 	break;
2132     case s_down:
2133 	if (auth_state == s_up) {
2134 	    auth_script_state = s_up;
2135 	    auth_script(_PATH_AUTHUP);
2136 	}
2137 	break;
2138     }
2139 }
2140 
2141 /*
2142  * auth_script - execute a script with arguments
2143  * interface-name peer-name real-user tty speed
2144  */
2145 static void
2146 auth_script(script)
2147     char *script;
2148 {
2149     char strspeed[32];
2150     struct passwd *pw;
2151     char struid[32];
2152     char *user_name;
2153     char *argv[8];
2154 
2155     if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
2156 	user_name = pw->pw_name;
2157     else {
2158 	(void) slprintf(struid, sizeof(struid), "%d", getuid());
2159 	user_name = struid;
2160     }
2161     (void) slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
2162 
2163     argv[0] = script;
2164     argv[1] = ifname;
2165     argv[2] = peer_authname;
2166     argv[3] = user_name;
2167     argv[4] = devnam;
2168     argv[5] = strspeed;
2169     argv[6] = NULL;
2170 
2171     auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
2172 }
2173