1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
/*
* passprompt.c - pppd plugin to invoke an external PAP password prompter
*
* Copyright 1999 Paul Mackerras, Alan Curry.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
/*
* Copyright (c) 2018, Joyent, Inc.
*/
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <syslog.h>
#include "pppd.h"
static char promptprog[PATH_MAX+1];
static option_t options[] = {
{ "promptprog", o_string, promptprog,
"External PAP password prompting program",
OPT_STATIC, NULL, PATH_MAX },
{ NULL }
};
static int promptpass(char *user, char *passwd)
{
int p[2];
pid_t kid;
int readgood, wstat;
int red;
if (promptprog[0] == 0 || access(promptprog, X_OK) < 0)
return -1; /* sorry, can't help */
/* This occurs when we're probed for the ability to supply a password */
if (user != NULL && passwd == NULL)
return 1;
if (pipe(p)) {
warn("Can't make a pipe for %s", promptprog);
return 0;
}
if ((kid = fork()) == (pid_t) -1) {
warn("Can't fork to run %s", promptprog);
(void) close(p[0]);
(void) close(p[1]);
return 0;
}
if (kid == (pid_t)0) {
/* we are the child, exec the program */
char *argv[5], fdstr[32];
sys_close();
closelog();
if (detached && p[1] <= 2) {
(void) dup2(p[1], 3);
p[1] = 3;
}
(void) close(p[0]);
if (detached) {
red = open("/etc/ppp/prompt-errors", O_WRONLY | O_APPEND | O_CREAT,
0600);
(void) dup2(red, 1);
(void) dup2(red, 2);
}
(void) seteuid(getuid());
(void) setegid(getgid());
argv[0] = promptprog;
argv[1] = user == NULL ? "" : user;
argv[2] = remote_name;
(void) slprintf(fdstr, sizeof (fdstr), "%d", p[1]);
argv[3] = fdstr;
argv[4] = NULL;
(void) execv(*argv, argv);
_exit(127);
}
/* we are the parent, read the password from the pipe */
(void) close(p[1]);
readgood = 0;
do {
red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood);
if (red == 0)
break;
if (red < 0) {
if (errno == EINTR)
continue;
error("Can't read secret from %s: %m", promptprog);
readgood = -1;
break;
}
readgood += red;
} while (readgood < MAXSECRETLEN - 1);
passwd[readgood] = 0;
(void) close(p[0]);
/* now wait for child to exit */
while (waitpid(kid, &wstat, 0) < 0) {
if (errno != EINTR) {
warn("error waiting for %s: %m", promptprog);
break;
}
}
if (readgood < 0)
return 0;
if (readgood > 0 && passwd[--readgood] == '\n')
passwd[readgood] = '\0';
if (!WIFEXITED(wstat))
warn("%s terminated abnormally", promptprog);
if (WEXITSTATUS(wstat) != 0)
warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat));
return 1;
}
void plugin_init(void)
{
add_options(options);
pap_passwd_hook = promptpass;
}
|
