Install as group ``network''

Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"

usr.sbin/ppp/Makefile

@@ -1,4 +1,4 @@
-#	$Id: Makefile,v 1.22 1997/06/25 19:29:58 brian Exp $
+#	$Id: Makefile,v 1.23 1997/08/31 20:18:03 brian Exp $
 
 PROG=	ppp
 SRCS=	alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
@@ -11,6 +11,6 @@ DPADD+= ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
 MAN8=	ppp.8
 BINMODE=4550
 BINOWN=	root
-BINGRP=	ppp
+BINGRP=	network
 
 .include <bsd.prog.mk>

usr.sbin/ppp/auth.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: auth.c,v 1.14 1997/06/09 03:27:13 brian Exp $
+ * $Id: auth.c,v 1.15 1997/08/25 00:29:05 brian Exp $
  *
  *	TODO:
  *		o Implement check against with registered IP addresses.
@@ -34,22 +34,22 @@
 extern FILE *OpenSecret();
 extern void CloseSecret();
 
-LOCAL_AUTH_VALID
+void
 LocalAuthInit()
 {
-
   char *p;
 
   if (gethostname(VarShortHost, sizeof(VarShortHost))) {
-    return (NOT_FOUND);
+    VarLocalAuth = LOCAL_DENY;
+    return;
   }
+
   p = strchr(VarShortHost, '.');
   if (p)
     *p = '\0';
 
-  VarLocalAuth = LOCAL_NO_AUTH;
-  return LocalAuthValidate(SECRETFILE, VarShortHost, "");
-
+  VarLocalAuth = LocalAuthValidate(SECRETFILE, VarShortHost, "") == NOT_FOUND ?
+    LOCAL_DENY : LOCAL_NO_AUTH;
 }
 
 LOCAL_AUTH_VALID
@@ -57,8 +57,8 @@ LocalAuthValidate(char *fname, char *system, char *key)
 {
   FILE *fp;
   int n;
-  char *vector[20];		/* XXX */
-  char buff[200];		/* XXX */
+  char *vector[3];
+  char buff[200];
   LOCAL_AUTH_VALID rc;
 
   rc = NOT_FOUND;		/* No system entry */
@@ -74,7 +74,8 @@ LocalAuthValidate(char *fname, char *system, char *key)
     if (n < 1)
       continue;
     if (strcmp(vector[0], system) == 0) {
-      if (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0) {
+      if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
+          (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
 	rc = VALID;		/* Valid   */
       } else {
 	rc = INVALID;		/* Invalid */
@@ -91,7 +92,7 @@ AuthValidate(char *fname, char *system, char *key)
 {
   FILE *fp;
   int n;
-  char *vector[20];
+  char *vector[4];
   char buff[200];
   char passwd[100];
 
@@ -134,7 +135,7 @@ AuthGetSecret(char *fname, char *system, int len, int setaddr)
 {
   FILE *fp;
   int n;
-  char *vector[20];
+  char *vector[4];
   char buff[200];
   static char passwd[100];
 

usr.sbin/ppp/auth.h

@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: auth.h,v 1.6 1997/06/09 03:27:13 brian Exp $
+ * $Id: auth.h,v 1.7 1997/08/25 00:29:05 brian Exp $
  *
  *	TODO:
  */
@@ -41,7 +41,7 @@ extern void SendPapChallenge(int);
 extern void SendChapChallenge(int);
 extern void StopAuthTimer(struct authinfo *);
 extern void StartAuthChallenge(struct authinfo *);
-extern LOCAL_AUTH_VALID LocalAuthInit(void);
+extern void LocalAuthInit(void);
 extern int AuthValidate(char *, char *, char *);
 
 #endif

usr.sbin/ppp/command.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.75 1997/08/25 00:29:08 brian Exp $
+ * $Id: command.c,v 1.76 1997/08/31 22:59:20 brian Exp $
  *
  */
 #include <sys/types.h>
@@ -342,7 +342,7 @@ struct cmdtab const Commands[] = {
   {"enable", NULL, EnableCommand, LOCAL_AUTH,
   "Enable option", "enable option .."},
   {"passwd", NULL, LocalAuthCommand, LOCAL_NO_AUTH,
-  "Password for manipulation", "passwd option .."},
+  "Password for manipulation", "passwd LocalPassword"},
   {"load", NULL, LoadCommand, LOCAL_AUTH,
   "Load settings", "load [remote]"},
   {"save", NULL, SaveCommand, LOCAL_AUTH,
@@ -765,14 +765,14 @@ QuitCommand(struct cmdtab const * list, int argc, char **argv)
   FILE *oVarTerm;
 
   if (mode & (MODE_DIRECT | MODE_DEDICATED | MODE_AUTO)) {
-    if (argc > 0 && (VarLocalAuth & LOCAL_AUTH)) {
-      Cleanup(EX_NORMAL);
+    if (argc > 0 && !strcasecmp(*argv, "all") && (VarLocalAuth & LOCAL_AUTH)) {
       mode &= ~MODE_INTER;
       oVarTerm = VarTerm;
       VarTerm = 0;
       if (oVarTerm && oVarTerm != stdout)
 	fclose(oVarTerm);
-    } else {
+      Cleanup(EX_NORMAL);
+    } else if (VarTerm) {
       LogPrintf(LogPHASE, "Client connection closed.\n");
       VarLocalAuth = LOCAL_NO_AUTH;
       mode &= ~MODE_INTER;

usr.sbin/ppp/main.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: main.c,v 1.75 1997/08/31 20:07:02 brian Exp $
+ * $Id: main.c,v 1.76 1997/08/31 22:59:39 brian Exp $
  *
  *	TODO:
  *		o Add commands for traffic summary, version display, etc.
@@ -37,6 +37,7 @@
 #include <arpa/inet.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <sysexits.h>
 #include "modem.h"
 #include "os.h"
 #include "hdlc.h"
@@ -53,9 +54,6 @@
 #include "server.h"
 #include "lcpproto.h"
 
-#define LAUTH_M1 "Warning: No password entry for this host in ppp.secret\n"
-#define LAUTH_M2 "Warning: Manipulation is allowed by anyone\n"
-
 #ifndef O_NONBLOCK
 #ifdef O_NDELAY
 #define	O_NONBLOCK O_NDELAY
@@ -166,7 +164,6 @@ TtyOldMode()
 void
 Cleanup(int excode)
 {
-
   OsLinkdown();
   OsCloseLink(1);
   sleep(1);
@@ -239,7 +236,8 @@ SetUpServer(int signo)
   int res;
 
   if ((res = ServerTcpOpen(SERVER_PORT + tunno)) != 0)
-    LogPrintf(LogERROR, "Failed %d to open port %d\n", res, SERVER_PORT + tunno);
+    LogPrintf(LogERROR, "SIGUSR1: Failed %d to open port %d\n",
+	      res, SERVER_PORT + tunno);
 }
 
 static char *
@@ -333,11 +331,18 @@ main(int argc, char **argv)
   netfd = modem = tun_in = -1;
   server = -2;
   ProcessArgs(argc, argv);
-  if (!(mode & MODE_DIRECT))
+  if (!(mode & MODE_DIRECT)) {
+    if (getuid() != 0) {
+      fprintf(stderr, "You may only run ppp in client mode as user id 0\n");
+      LogClose();
+      return EX_NOPERM;
+    }
     VarTerm = stdout;
+  }
   Greetings();
   GetUid();
   IpcpDefAddress();
+  LocalAuthInit();
 
   if (SelectSystem("default", CONFFILE) < 0 && VarTerm)
     fprintf(VarTerm, "Warning: No default entry is given in config file.\n");
@@ -399,21 +404,6 @@ main(int argc, char **argv)
       Cleanup(EX_START);
     }
   }
-  if (ServerType() != NO_SERVER)
-    switch (LocalAuthInit()) {
-    case NOT_FOUND:
-      if (VarTerm) {
-	fprintf(VarTerm, LAUTH_M1);
-	fprintf(VarTerm, LAUTH_M2);
-	fflush(VarTerm);
-      }
-      /* Fall down */
-    case VALID:
-      VarLocalAuth = LOCAL_AUTH;
-      break;
-    default:
-      break;
-    }
 
   if (!(mode & MODE_INTER)) {
     if (mode & MODE_BACKGROUND) {
@@ -423,8 +413,8 @@ main(int argc, char **argv)
       }
     }
     /* Create server socket and listen. */
-    if (server == -2 && ServerTcpOpen(SERVER_PORT + tunno) != 0)
-      Cleanup(EX_SOCK);
+    if (server == -2)
+      ServerTcpOpen(SERVER_PORT + tunno);
 
     if (!(mode & MODE_DIRECT)) {
       pid_t bgpid;
@@ -933,20 +923,6 @@ DoLoop()
       VarTerm = fdopen(netfd, "a+");
       mode |= MODE_INTER;
       Greetings();
-      switch (LocalAuthInit()) {
-      case NOT_FOUND:
-	if (VarTerm) {
-	  fprintf(VarTerm, LAUTH_M1);
-	  fprintf(VarTerm, LAUTH_M2);
-	  fflush(VarTerm);
-	}
-	/* Fall down */
-      case VALID:
-	VarLocalAuth = LOCAL_AUTH;
-	break;
-      default:
-	break;
-      }
       (void) IsInteractive();
       Prompt();
     }

usr.sbin/ppp/ppp.8

@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.59 1997/08/27 20:11:16 brian Exp $
+.\" $Id: ppp.8,v 1.60 1997/08/31 20:07:03 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -129,6 +129,29 @@ with clients using the Microsoft
 .Em PPP
 stack (ie. Win95, WinNT)
 
+.Sh PERMISSIONS
+.Nm Ppp
+is installed as user
+.Dv root
+and group
+.Dv network ,
+with permissions
+.Dv 4550 .
+.Nm Ppp
+will not execute in client mode if the invoking user id is not zero.
+.Nm Ppp
+will run in
+.Fl direct
+mode as a normal user, but due to its execution permissions, this user
+must be a member of group
+.Dv network .
+When running as a normal user,
+.Nm
+switches to user id 0 in order to alter the system routing table.  All
+external commands (executed via the "shell" or "!bg" commands) are executed
+as the user id that invoked
+.Nm ppp .
+
 .Sh GETTING STARTED
 
 When you first run

usr.sbin/ppp/ppp.8.m4

@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.59 1997/08/27 20:11:16 brian Exp $
+.\" $Id: ppp.8,v 1.60 1997/08/31 20:07:03 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -129,6 +129,29 @@ with clients using the Microsoft
 .Em PPP
 stack (ie. Win95, WinNT)
 
+.Sh PERMISSIONS
+.Nm Ppp
+is installed as user
+.Dv root
+and group
+.Dv network ,
+with permissions
+.Dv 4550 .
+.Nm Ppp
+will not execute in client mode if the invoking user id is not zero.
+.Nm Ppp
+will run in
+.Fl direct
+mode as a normal user, but due to its execution permissions, this user
+must be a member of group
+.Dv network .
+When running as a normal user,
+.Nm
+switches to user id 0 in order to alter the system routing table.  All
+external commands (executed via the "shell" or "!bg" commands) are executed
+as the user id that invoked
+.Nm ppp .
+
 .Sh GETTING STARTED
 
 When you first run

usr.sbin/ppp/server.c

@@ -25,10 +25,16 @@ ServerLocalOpen(const char *name, mode_t mask)
 {
   int s;
 
+  if (VarLocalAuth == LOCAL_DENY) {
+    LogPrintf(LogERROR, "Local: Can't open socket %s: No password "
+	      "in ppp.secret\n", name);
+    return 1;
+  }
+
   ifsun.sun_len = strlen(name);
   if (ifsun.sun_len > sizeof ifsun.sun_path - 1) {
     LogPrintf(LogERROR, "Local: %s: Path too long\n", name);
-    return 1;
+    return 2;
   }
   ifsun.sun_family = AF_LOCAL;
   strcpy(ifsun.sun_path, name);
@@ -36,7 +42,7 @@ ServerLocalOpen(const char *name, mode_t mask)
   s = socket(PF_LOCAL, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Local: socket: %s\n", strerror(errno));
-    return 2;
+    return 3;
   }
   setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &s, sizeof s);
   mask = umask(mask);
@@ -47,14 +53,14 @@ ServerLocalOpen(const char *name, mode_t mask)
       fprintf(VarTerm, "Wait for a while, then try again.\n");
     close(s);
     unlink(name);
-    return 3;
+    return 4;
   }
   umask(mask);
   if (listen(s, 5) != 0) {
     LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n");
     close(s);
     unlink(name);
-    return 4;
+    return 5;
   }
   ServerClose();
   server = s;
@@ -69,10 +75,15 @@ ServerTcpOpen(int port)
   struct sockaddr_in ifsin;
   int s;
 
+  if (VarLocalAuth == LOCAL_DENY) {
+    LogPrintf(LogERROR, "Tcp: Can't open socket %d: No password "
+	      "in ppp.secret\n", port);
+    return 6;
+  }
   s = socket(PF_INET, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Tcp: socket: %s\n", strerror(errno));
-    return 5;
+    return 7;
   }
   ifsin.sin_family = AF_INET;
   ifsin.sin_addr.s_addr = INADDR_ANY;
@@ -83,12 +94,12 @@ ServerTcpOpen(int port)
     if (errno == EADDRINUSE && VarTerm)
       fprintf(VarTerm, "Wait for a while, then try again.\n");
     close(s);
-    return 6;
+    return 8;
   }
   if (listen(s, 5) != 0) {
     LogPrintf(LogERROR, "Tcp: Unable to listen to socket - OS overload?\n");
     close(s);
-    return 7;
+    return 9;
   }
   ServerClose();
   server = s;

usr.sbin/ppp/systems.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.c,v 1.14 1997/08/25 00:29:29 brian Exp $
+ * $Id: systems.c,v 1.15 1997/08/31 22:59:49 brian Exp $
  *
  *  TODO:
  */
@@ -180,7 +180,8 @@ SelectSystem(char *name, char *file)
 	    LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
 	    SetPppId();
 	    olauth = VarLocalAuth;
-	    VarLocalAuth = LOCAL_AUTH;
+	    if (VarLocalAuth == LOCAL_NO_AUTH)
+	      VarLocalAuth = LOCAL_AUTH;
 	    DecodeCommand(cp, strlen(cp), 0);
 	    VarLocalAuth = olauth;
 	    SetUserId();

usr.sbin/ppp/vars.c

@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.c,v 1.24 1997/08/21 17:20:00 brian Exp $
+ * $Id: vars.c,v 1.25 1997/08/25 00:29:31 brian Exp $
  *
  */
 #include "fsm.h"
@@ -30,7 +30,7 @@
 #include "defs.h"
 
 char VarVersion[] = "PPP Version 1.1";
-char VarLocalVersion[] = "$Date: 1997/08/21 17:20:00 $";
+char VarLocalVersion[] = "$Date: 1997/08/25 00:29:31 $";
 
 /*
  * Order of conf option is important. See vars.h.
@@ -132,10 +132,15 @@ DenyCommand(struct cmdtab * list, int argc, char **argv)
 int
 LocalAuthCommand(struct cmdtab * list, int argc, char **argv)
 {
-  if (argc != 1)
+  char *pass;
+  if (argc == 0)
+    pass = "";
+  else if (argc > 1)
     return -1;
+  else
+    pass = *argv;
 
-  switch (LocalAuthValidate(SECRETFILE, VarShortHost, *argv)) {
+  switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) {
   case INVALID:
     pppVars.lauth = LOCAL_NO_AUTH;
     break;

usr.sbin/ppp/vars.h

@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.h,v 1.24 1997/08/21 16:21:39 brian Exp $
+ * $Id: vars.h,v 1.25 1997/08/25 00:29:31 brian Exp $
  *
  *	TODO:
  */
@@ -74,6 +74,7 @@ struct pppvars {
   int open_mode;		/* LCP open mode */
 #define LOCAL_AUTH	0x01
 #define LOCAL_NO_AUTH	0x02
+#define LOCAL_DENY	0x03
   u_char lauth;			/* Local Authorized status */
   FILE *termfp;			/* The terminal */
 #define DIALUP_REQ	0x01