pap_auth_hook requires paddrs to be set - PPP

This is a discussion on pap_auth_hook requires paddrs to be set - PPP ; I was going slightly crazy trying to implement a pap_auth_hook with pppd (2.4.2 and 2.4.4b1). I kept getting "Peer is not authorized to use remote address ...". I finally realized that the documentation says that for late version of pppd, ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: pap_auth_hook requires paddrs to be set

  1. pap_auth_hook requires paddrs to be set

    I was going slightly crazy trying to implement a pap_auth_hook with
    pppd (2.4.2 and 2.4.4b1). I kept getting "Peer is not authorized to
    use remote address ...". I finally realized that the documentation
    says that for late version of pppd, pap-secrets *must* have at least a
    "*" in the fourth column (allowed addresses) and it occurred to me that
    by inserting my pap_auth_hook, I had to play by the same rules and set
    *paddrs to the list of allowable addresses, at least "*".

    My hook now includes:

    char* addr = "*";
    int len = strlen(addr) + 1;

    *paddrs = (struct wordlist *) malloc(sizeof(struct wordlist) + len);
    // FIXME - handle failed malloc
    (*paddrs)->word = (char*)(*paddrs + 1);
    (*paddrs)->next = NULL;
    BCOPY(addr, (*paddrs)->word, len);

    and the same address works just fine.

    Assuming I'm not too far off base, I suggest that the PLUGINS file in
    the pppd distribution should say:

    If the username/password was valid, the hook must set *paddrs to
    point to a wordlist containing the IP address(es) which the peer is
    permitted to use, formatted as in the pap-secrets file. As in the
    pap-secrets file, if no addresses are listed, the user isn't
    permitted to use any address and link negotiation will fail. ...

    That is, change "can" to "must" in the first line quoted and add the
    second sentence. If I get some feedback on wording and accuracy, I'll
    consider submitting a "patch" to the PLUGINS file.

    Chris


  2. Re: pap_auth_hook requires paddrs to be set

    "Chris Nelson" writes:
    > Assuming I'm not too far off base, I suggest that the PLUGINS file in
    > the pppd distribution should say:


    This sounds like stuff that belongs on the ppp-bugs@dp.samba.org list ...

    --
    James Carlson, KISS Network
    Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677

  3. Re: pap_auth_hook requires paddrs to be set

    James Carlson wrote:
    > "Chris Nelson" writes:
    > > Assuming I'm not too far off base, I suggest that the PLUGINS file in
    > > the pppd distribution should say:

    >
    > This sounds like stuff that belongs on the ppp-bugs@dp.samba.org list ...


    I'd agree if I _ever_ saw _any_ traffic on that list.


+ Reply to Thread