Install as group ``network''

Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"

11 files changed, 116 insertions, 75 deletions

diff --git a/usr.sbin/ppp/Makefile b/usr.sbin/ppp/Makefile
index 5f4e931..b2885c3 100644
--- a/usr.sbin/ppp/Makefile
+++ b/usr.sbin/ppp/Makefile
@@ -1,4 +1,4 @@
-#	$Id: Makefile,v 1.22 1997/06/25 19:29:58 brian Exp $
+#	$Id: Makefile,v 1.23 1997/08/31 20:18:03 brian Exp $
 
 PROG=	ppp
 SRCS=	alias_cmd.c arp.c async.c auth.c ccp.c chap.c chat.c command.c \
@@ -11,6 +11,6 @@ DPADD+= ${LIBMD} ${LIBCRYPT} ${LIBUTIL}
 MAN8=	ppp.8
 BINMODE=4550
 BINOWN=	root
-BINGRP=	ppp
+BINGRP=	network
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c
index 38e29cc..1ea18c9 100644
--- a/usr.sbin/ppp/auth.c
+++ b/usr.sbin/ppp/auth.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: auth.c,v 1.14 1997/06/09 03:27:13 brian Exp $
+ * $Id: auth.c,v 1.15 1997/08/25 00:29:05 brian Exp $
  *
  *	TODO:
  *		o Implement check against with registered IP addresses.
@@ -34,22 +34,22 @@
 extern FILE *OpenSecret();
 extern void CloseSecret();
 
-LOCAL_AUTH_VALID
+void
 LocalAuthInit()
 {
-
   char *p;
 
   if (gethostname(VarShortHost, sizeof(VarShortHost))) {
-    return (NOT_FOUND);
+    VarLocalAuth = LOCAL_DENY;
+    return;
   }
+
   p = strchr(VarShortHost, '.');
   if (p)
     *p = '\0';
 
-  VarLocalAuth = LOCAL_NO_AUTH;
-  return LocalAuthValidate(SECRETFILE, VarShortHost, "");
-
+  VarLocalAuth = LocalAuthValidate(SECRETFILE, VarShortHost, "") == NOT_FOUND ?
+    LOCAL_DENY : LOCAL_NO_AUTH;
 }
 
 LOCAL_AUTH_VALID
@@ -57,8 +57,8 @@ LocalAuthValidate(char *fname, char *system, char *key)
 {
   FILE *fp;
   int n;
-  char *vector[20];		/* XXX */
-  char buff[200];		/* XXX */
+  char *vector[3];
+  char buff[200];
   LOCAL_AUTH_VALID rc;
 
   rc = NOT_FOUND;		/* No system entry */
@@ -74,7 +74,8 @@ LocalAuthValidate(char *fname, char *system, char *key)
     if (n < 1)
       continue;
     if (strcmp(vector[0], system) == 0) {
-      if (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0) {
+      if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
+          (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
 	rc = VALID;		/* Valid   */
       } else {
 	rc = INVALID;		/* Invalid */
@@ -91,7 +92,7 @@ AuthValidate(char *fname, char *system, char *key)
 {
   FILE *fp;
   int n;
-  char *vector[20];
+  char *vector[4];
   char buff[200];
   char passwd[100];
 
@@ -134,7 +135,7 @@ AuthGetSecret(char *fname, char *system, int len, int setaddr)
 {
   FILE *fp;
   int n;
-  char *vector[20];
+  char *vector[4];
   char buff[200];
   static char passwd[100];
 
diff --git a/usr.sbin/ppp/auth.h b/usr.sbin/ppp/auth.h
index 635ff54..651f17e 100644
--- a/usr.sbin/ppp/auth.h
+++ b/usr.sbin/ppp/auth.h
@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: auth.h,v 1.6 1997/06/09 03:27:13 brian Exp $
+ * $Id: auth.h,v 1.7 1997/08/25 00:29:05 brian Exp $
  *
  *	TODO:
  */
@@ -41,7 +41,7 @@ extern void SendPapChallenge(int);
 extern void SendChapChallenge(int);
 extern void StopAuthTimer(struct authinfo *);
 extern void StartAuthChallenge(struct authinfo *);
-extern LOCAL_AUTH_VALID LocalAuthInit(void);
+extern void LocalAuthInit(void);
 extern int AuthValidate(char *, char *, char *);
 
 #endif
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 78aee53..9974993 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.75 1997/08/25 00:29:08 brian Exp $
+ * $Id: command.c,v 1.76 1997/08/31 22:59:20 brian Exp $
  *
  */
 #include <sys/types.h>
@@ -342,7 +342,7 @@ struct cmdtab const Commands[] = {
   {"enable", NULL, EnableCommand, LOCAL_AUTH,
   "Enable option", "enable option .."},
   {"passwd", NULL, LocalAuthCommand, LOCAL_NO_AUTH,
-  "Password for manipulation", "passwd option .."},
+  "Password for manipulation", "passwd LocalPassword"},
   {"load", NULL, LoadCommand, LOCAL_AUTH,
   "Load settings", "load [remote]"},
   {"save", NULL, SaveCommand, LOCAL_AUTH,
@@ -765,14 +765,14 @@ QuitCommand(struct cmdtab const * list, int argc, char **argv)
   FILE *oVarTerm;
 
   if (mode & (MODE_DIRECT | MODE_DEDICATED | MODE_AUTO)) {
-    if (argc > 0 && (VarLocalAuth & LOCAL_AUTH)) {
-      Cleanup(EX_NORMAL);
+    if (argc > 0 && !strcasecmp(*argv, "all") && (VarLocalAuth & LOCAL_AUTH)) {
       mode &= ~MODE_INTER;
       oVarTerm = VarTerm;
       VarTerm = 0;
       if (oVarTerm && oVarTerm != stdout)
 	fclose(oVarTerm);
-    } else {
+      Cleanup(EX_NORMAL);
+    } else if (VarTerm) {
       LogPrintf(LogPHASE, "Client connection closed.\n");
       VarLocalAuth = LOCAL_NO_AUTH;
       mode &= ~MODE_INTER;
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c
index dfcf5f6..8ee2978 100644
--- a/usr.sbin/ppp/main.c
+++ b/usr.sbin/ppp/main.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: main.c,v 1.75 1997/08/31 20:07:02 brian Exp $
+ * $Id: main.c,v 1.76 1997/08/31 22:59:39 brian Exp $
  *
  *	TODO:
  *		o Add commands for traffic summary, version display, etc.
@@ -37,6 +37,7 @@
 #include <arpa/inet.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
+#include <sysexits.h>
 #include "modem.h"
 #include "os.h"
 #include "hdlc.h"
@@ -53,9 +54,6 @@
 #include "server.h"
 #include "lcpproto.h"
 
-#define LAUTH_M1 "Warning: No password entry for this host in ppp.secret\n"
-#define LAUTH_M2 "Warning: Manipulation is allowed by anyone\n"
-
 #ifndef O_NONBLOCK
 #ifdef O_NDELAY
 #define	O_NONBLOCK O_NDELAY
@@ -166,7 +164,6 @@ TtyOldMode()
 void
 Cleanup(int excode)
 {
-
   OsLinkdown();
   OsCloseLink(1);
   sleep(1);
@@ -239,7 +236,8 @@ SetUpServer(int signo)
   int res;
 
   if ((res = ServerTcpOpen(SERVER_PORT + tunno)) != 0)
-    LogPrintf(LogERROR, "Failed %d to open port %d\n", res, SERVER_PORT + tunno);
+    LogPrintf(LogERROR, "SIGUSR1: Failed %d to open port %d\n",
+	      res, SERVER_PORT + tunno);
 }
 
 static char *
@@ -333,11 +331,18 @@ main(int argc, char **argv)
   netfd = modem = tun_in = -1;
   server = -2;
   ProcessArgs(argc, argv);
-  if (!(mode & MODE_DIRECT))
+  if (!(mode & MODE_DIRECT)) {
+    if (getuid() != 0) {
+      fprintf(stderr, "You may only run ppp in client mode as user id 0\n");
+      LogClose();
+      return EX_NOPERM;
+    }
     VarTerm = stdout;
+  }
   Greetings();
   GetUid();
   IpcpDefAddress();
+  LocalAuthInit();
 
   if (SelectSystem("default", CONFFILE) < 0 && VarTerm)
     fprintf(VarTerm, "Warning: No default entry is given in config file.\n");
@@ -399,21 +404,6 @@ main(int argc, char **argv)
       Cleanup(EX_START);
     }
   }
-  if (ServerType() != NO_SERVER)
-    switch (LocalAuthInit()) {
-    case NOT_FOUND:
-      if (VarTerm) {
-	fprintf(VarTerm, LAUTH_M1);
-	fprintf(VarTerm, LAUTH_M2);
-	fflush(VarTerm);
-      }
-      /* Fall down */
-    case VALID:
-      VarLocalAuth = LOCAL_AUTH;
-      break;
-    default:
-      break;
-    }
 
   if (!(mode & MODE_INTER)) {
     if (mode & MODE_BACKGROUND) {
@@ -423,8 +413,8 @@ main(int argc, char **argv)
       }
     }
     /* Create server socket and listen. */
-    if (server == -2 && ServerTcpOpen(SERVER_PORT + tunno) != 0)
-      Cleanup(EX_SOCK);
+    if (server == -2)
+      ServerTcpOpen(SERVER_PORT + tunno);
 
     if (!(mode & MODE_DIRECT)) {
       pid_t bgpid;
@@ -933,20 +923,6 @@ DoLoop()
       VarTerm = fdopen(netfd, "a+");
       mode |= MODE_INTER;
       Greetings();
-      switch (LocalAuthInit()) {
-      case NOT_FOUND:
-	if (VarTerm) {
-	  fprintf(VarTerm, LAUTH_M1);
-	  fprintf(VarTerm, LAUTH_M2);
-	  fflush(VarTerm);
-	}
-	/* Fall down */
-      case VALID:
-	VarLocalAuth = LOCAL_AUTH;
-	break;
-      default:
-	break;
-      }
       (void) IsInteractive();
       Prompt();
     }
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 3e72278..d4b9810 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.59 1997/08/27 20:11:16 brian Exp $
+.\" $Id: ppp.8,v 1.60 1997/08/31 20:07:03 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -129,6 +129,29 @@ with clients using the Microsoft
 .Em PPP
 stack (ie. Win95, WinNT)
 
+.Sh PERMISSIONS
+.Nm Ppp
+is installed as user
+.Dv root
+and group
+.Dv network ,
+with permissions
+.Dv 4550 .
+.Nm Ppp
+will not execute in client mode if the invoking user id is not zero.
+.Nm Ppp
+will run in
+.Fl direct
+mode as a normal user, but due to its execution permissions, this user
+must be a member of group
+.Dv network .
+When running as a normal user,
+.Nm
+switches to user id 0 in order to alter the system routing table.  All
+external commands (executed via the "shell" or "!bg" commands) are executed
+as the user id that invoked
+.Nm ppp .
+
 .Sh GETTING STARTED
 
 When you first run
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 3e72278..d4b9810 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -1,4 +1,4 @@
-.\" $Id: ppp.8,v 1.59 1997/08/27 20:11:16 brian Exp $
+.\" $Id: ppp.8,v 1.60 1997/08/31 20:07:03 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
@@ -129,6 +129,29 @@ with clients using the Microsoft
 .Em PPP
 stack (ie. Win95, WinNT)
 
+.Sh PERMISSIONS
+.Nm Ppp
+is installed as user
+.Dv root
+and group
+.Dv network ,
+with permissions
+.Dv 4550 .
+.Nm Ppp
+will not execute in client mode if the invoking user id is not zero.
+.Nm Ppp
+will run in
+.Fl direct
+mode as a normal user, but due to its execution permissions, this user
+must be a member of group
+.Dv network .
+When running as a normal user,
+.Nm
+switches to user id 0 in order to alter the system routing table.  All
+external commands (executed via the "shell" or "!bg" commands) are executed
+as the user id that invoked
+.Nm ppp .
+
 .Sh GETTING STARTED
 
 When you first run
diff --git a/usr.sbin/ppp/server.c b/usr.sbin/ppp/server.c
index db9635e..7aab041 100644
--- a/usr.sbin/ppp/server.c
+++ b/usr.sbin/ppp/server.c
@@ -25,10 +25,16 @@ ServerLocalOpen(const char *name, mode_t mask)
 {
   int s;
 
+  if (VarLocalAuth == LOCAL_DENY) {
+    LogPrintf(LogERROR, "Local: Can't open socket %s: No password "
+	      "in ppp.secret\n", name);
+    return 1;
+  }
+
   ifsun.sun_len = strlen(name);
   if (ifsun.sun_len > sizeof ifsun.sun_path - 1) {
     LogPrintf(LogERROR, "Local: %s: Path too long\n", name);
-    return 1;
+    return 2;
   }
   ifsun.sun_family = AF_LOCAL;
   strcpy(ifsun.sun_path, name);
@@ -36,7 +42,7 @@ ServerLocalOpen(const char *name, mode_t mask)
   s = socket(PF_LOCAL, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Local: socket: %s\n", strerror(errno));
-    return 2;
+    return 3;
   }
   setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &s, sizeof s);
   mask = umask(mask);
@@ -47,14 +53,14 @@ ServerLocalOpen(const char *name, mode_t mask)
       fprintf(VarTerm, "Wait for a while, then try again.\n");
     close(s);
     unlink(name);
-    return 3;
+    return 4;
   }
   umask(mask);
   if (listen(s, 5) != 0) {
     LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n");
     close(s);
     unlink(name);
-    return 4;
+    return 5;
   }
   ServerClose();
   server = s;
@@ -69,10 +75,15 @@ ServerTcpOpen(int port)
   struct sockaddr_in ifsin;
   int s;
 
+  if (VarLocalAuth == LOCAL_DENY) {
+    LogPrintf(LogERROR, "Tcp: Can't open socket %d: No password "
+	      "in ppp.secret\n", port);
+    return 6;
+  }
   s = socket(PF_INET, SOCK_STREAM, 0);
   if (s < 0) {
     LogPrintf(LogERROR, "Tcp: socket: %s\n", strerror(errno));
-    return 5;
+    return 7;
   }
   ifsin.sin_family = AF_INET;
   ifsin.sin_addr.s_addr = INADDR_ANY;
@@ -83,12 +94,12 @@ ServerTcpOpen(int port)
     if (errno == EADDRINUSE && VarTerm)
       fprintf(VarTerm, "Wait for a while, then try again.\n");
     close(s);
-    return 6;
+    return 8;
   }
   if (listen(s, 5) != 0) {
     LogPrintf(LogERROR, "Tcp: Unable to listen to socket - OS overload?\n");
     close(s);
-    return 7;
+    return 9;
   }
   ServerClose();
   server = s;
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index e5e8046..b1e0d26 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.c,v 1.14 1997/08/25 00:29:29 brian Exp $
+ * $Id: systems.c,v 1.15 1997/08/31 22:59:49 brian Exp $
  *
  *  TODO:
  */
@@ -180,7 +180,8 @@ SelectSystem(char *name, char *file)
 	    LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
 	    SetPppId();
 	    olauth = VarLocalAuth;
-	    VarLocalAuth = LOCAL_AUTH;
+	    if (VarLocalAuth == LOCAL_NO_AUTH)
+	      VarLocalAuth = LOCAL_AUTH;
 	    DecodeCommand(cp, strlen(cp), 0);
 	    VarLocalAuth = olauth;
 	    SetUserId();
diff --git a/usr.sbin/ppp/vars.c b/usr.sbin/ppp/vars.c
index ed288094..cda8fb442 100644
--- a/usr.sbin/ppp/vars.c
+++ b/usr.sbin/ppp/vars.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.c,v 1.24 1997/08/21 17:20:00 brian Exp $
+ * $Id: vars.c,v 1.25 1997/08/25 00:29:31 brian Exp $
  *
  */
 #include "fsm.h"
@@ -30,7 +30,7 @@
 #include "defs.h"
 
 char VarVersion[] = "PPP Version 1.1";
-char VarLocalVersion[] = "$Date: 1997/08/21 17:20:00 $";
+char VarLocalVersion[] = "$Date: 1997/08/25 00:29:31 $";
 
 /*
  * Order of conf option is important. See vars.h.
@@ -132,10 +132,15 @@ DenyCommand(struct cmdtab * list, int argc, char **argv)
 int
 LocalAuthCommand(struct cmdtab * list, int argc, char **argv)
 {
-  if (argc != 1)
+  char *pass;
+  if (argc == 0)
+    pass = "";
+  else if (argc > 1)
     return -1;
+  else
+    pass = *argv;
 
-  switch (LocalAuthValidate(SECRETFILE, VarShortHost, *argv)) {
+  switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) {
   case INVALID:
     pppVars.lauth = LOCAL_NO_AUTH;
     break;
diff --git a/usr.sbin/ppp/vars.h b/usr.sbin/ppp/vars.h
index 687e92a..9ee7870 100644
--- a/usr.sbin/ppp/vars.h
+++ b/usr.sbin/ppp/vars.h
@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.h,v 1.24 1997/08/21 16:21:39 brian Exp $
+ * $Id: vars.h,v 1.25 1997/08/25 00:29:31 brian Exp $
  *
  *	TODO:
  */
@@ -74,6 +74,7 @@ struct pppvars {
   int open_mode;		/* LCP open mode */
 #define LOCAL_AUTH	0x01
 #define LOCAL_NO_AUTH	0x02
+#define LOCAL_DENY	0x03
   u_char lauth;			/* Local Authorized status */
   FILE *termfp;			/* The terminal */
 #define DIALUP_REQ	0x01