Date: Sun, 30 Nov 1997 11:05:44 +0200 (EET) From: Tuomo Pyhala To: pam-list@redhat.com Subject: PPP patches Hi, Here are the patches to get pam support working in ppp-2.3.1, or at least i believe that it works :) Patch is agains clean ppp-2.3.1 tree. I also created a compile time option OVERRIDE_PAPFILE, which makes pppd to forget /etc/ppp/pap-secrets and use only PAM. To compile with this and PAM support use: make USE_PAM=1 OVERRIDE_PAPFILE=1 The patch has also included some pathc to get ppp-2.3.1 working with 2.0.30 kernel, i haven't changed the ppp.c a bit, so you can remove this patch by copying clean ppp.c to the tree i think. diff -uNr ppp-2.3.1-orig/linux/ppp.c ppp-2.3.1/linux/ppp.c --- ppp-2.3.1-orig/linux/ppp.c Mon Jul 14 06:50:50 1997 +++ ppp-2.3.1/linux/ppp.c Fri Aug 8 10:20:45 1997 @@ -6,7 +6,7 @@ * Dynamic PPP devices by Jim Freeman . * ppp_tty_receive ``noisy-raise-bug'' fixed by Ove Ewerlid * - * ==FILEVERSION 970626== + * ==FILEVERSION 970714== * * NOTE TO MAINTAINERS: * If you modify this file at all, please set the number above to the @@ -455,7 +455,7 @@ dev->rebuild_header = ppp_dev_rebuild; #endif - dev->hard_header_len = PPP_HARD_HDR_LEN; + dev->hard_header_len = PPP_HDRLEN; /* device INFO */ dev->mtu = PPP_MTU; @@ -2195,7 +2195,7 @@ { struct ppp *ppp = tty2ppp (tty); __u8 *new_data; - int proto; + int error; /* * Verify the pointers. @@ -2231,9 +2231,10 @@ /* * Retrieve the user's buffer */ - if (copy_from_user (new_data, data, count)) { + COPY_FROM_USER (error, new_data, data, count); + if (error) { kfree (new_data); - return -EFAULT; + return error; } /* * lock this PPP unit so we will be the only writer; @@ -2266,7 +2267,7 @@ /* * Send the data */ - if (proto == PPP_IP) { + if (PPP_PROTOCOL(new_data) == PPP_IP) { /* * IP frames can be sent by pppd when we're doing * demand-dialling. We send them via ppp_dev_xmit_ip @@ -3257,7 +3258,7 @@ /* try to find an free device */ if_num = 0; for (ppp = ppp_list; ppp != 0; ppp = ppp->next) { - if (!set_bit(0, &ppp->inuse)) + if (!test_and_set_bit(0, &ppp->inuse)) return ppp; ++if_num; } diff -uNr ppp-2.3.1-orig/pppd/Makefile.linux ppp-2.3.1/pppd/Makefile.linux --- ppp-2.3.1-orig/pppd/Makefile.linux Mon Jul 14 06:52:08 1997 +++ ppp-2.3.1/pppd/Makefile.linux Wed Nov 26 22:05:18 1997 @@ -68,6 +68,10 @@ LIBS := -lpam -ldl $(LIBS) endif +ifdef OVERRIDE_PAPFILE +CFLAGS += -DOVERRIDE_PAPFILE +endif + # Lock library binary for Linux is included in 'linux' subdirectory. ifdef LOCKLIB LIBS := -llock $(LIBS) diff -uNr ppp-2.3.1-orig/pppd/auth.c ppp-2.3.1/pppd/auth.c --- ppp-2.3.1-orig/pppd/auth.c Mon Jul 14 06:52:33 1997 +++ ppp-2.3.1/pppd/auth.c Sat Nov 29 23:51:44 1997 @@ -80,7 +80,7 @@ /* Used for storing a sequence of words. Usually malloced. */ struct wordlist { struct wordlist *next; - char word[1]; + char word[2]; }; /* Bits in scan_authfile return value */ @@ -145,6 +145,10 @@ static void callback_phase __P((int)); #endif +#ifdef USE_PAM +static char *PAM_password; +#endif + /* * An Open on LCP has requested a change from Dead to Establish phase. * Do what's necessary to bring the physical layer up. @@ -632,8 +636,13 @@ * for authenticating this user. */ filename = _PATH_UPAPFILE; - addrs = NULL; ret = UPAP_AUTHACK; +#ifdef OVERRIDE_PAPFILE + addrs = malloc(sizeof(*addrs)); + strcpy(addrs->word, "*"); + addrs->next=NULL; +#else + addrs = NULL; f = fopen(filename, "r"); if (f == NULL) { syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); @@ -651,11 +660,12 @@ } fclose(f); } - +#endif + if (uselogin && ret == UPAP_AUTHACK) { ret = login(user, passwd, msg, msglen); if (ret == UPAP_AUTHNAK) { - syslog(LOG_WARNING, "PAP login failure for %s", user); + syslog(LOG_WARNING, "PAP login failure for %s [%s]", user, *msg); } } @@ -698,11 +708,45 @@ */ #ifdef USE_PAM -static int pam_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ - return PAM_CONV_ERR; +static int pam_conv (int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) { + int replies = 0; + struct pam_response *reply = NULL; + +# define COPY_STRING(s) (s) ? strdup(s) : NULL + + reply = malloc(sizeof(struct pam_response) * num_msg); + if (!reply) return PAM_CONV_ERR; + + for (replies = 0; replies < num_msg; replies++) { + switch (msg[replies]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(PAM_password); + /* PAM frees resp */ + break; + case PAM_TEXT_INFO: + /* fall through */ + case PAM_ERROR_MSG: + /* ignore it, but pam still wants a NULL response... */ + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = NULL; + break; + case PAM_PROMPT_ECHO_ON: + /* fall through */ + default: + /* Must be an error of some sort... */ + free (reply); + /* PAM_error = 1; */ + return PAM_CONV_ERR; + } + } + *resp = reply; + return PAM_SUCCESS; } + #endif /* @@ -744,16 +788,17 @@ /* * Define the fields for the credintial validation */ - (void) pam_set_item (pamh, PAM_AUTHTOK, passwd); (void) pam_set_item (pamh, PAM_TTY, devnam); /* * Validate the user */ + PAM_password = passwd; pam_error = pam_authenticate (pamh, PAM_SILENT); if (pam_error == PAM_SUCCESS) pam_error = pam_acct_mgmt (pamh, PAM_SILENT); *msg = (char *) pam_strerror (pam_error); + /* * Clean up the mess */ diff -uNr ppp-2.3.1-orig/pppd/test.c ppp-2.3.1/pppd/test.c --- ppp-2.3.1-orig/pppd/test.c Thu Jan 1 02:00:00 1970 +++ ppp-2.3.1/pppd/test.c Sun Nov 23 14:55:22 1997 @@ -0,0 +1,7 @@ + + +main(){ + char *msg; + int msglen; + login("tome", "d", &msg, &msglen); +}