$NetBSD: patch-bb,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $ --- pppd/auth.c.orig2 Sat Sep 25 12:36:32 1999 +++ pppd/auth.c Sat Sep 25 12:48:02 1999 @@ -74,8 +74,16 @@ #ifdef CBCP_SUPPORT #include "cbcp.h" #endif +#ifdef CHAPMS +#include "chap_ms.h" +#endif #include "pathnames.h" +#ifdef DYNAMIC +#define _PATH_DYNAMIC "/etc/ppp/getaddr" +#endif +static char xuser[MAXNAMELEN]; + static const char rcsid[] = RCSID; /* Bits in scan_authfile return value */ @@ -108,6 +116,11 @@ /* Set if we got the contents of passwd[] from the pap-secrets file. */ static int passwd_from_file; +#ifdef CBCP_SUPPORT +/* Set if we have done call-back sequences. */ +static int did_callback; +#endif + /* * This is used to ensure that we don't start an auth-up/down * script while one is already running. @@ -144,7 +157,7 @@ /* Prototypes for procedures local to this file. */ -static void network_phase __P((int)); +void network_phase __P((int)); static void check_idle __P((void *)); static void connect_time_expired __P((void *)); static int plogin __P((char *, char *, char **, int *)); @@ -177,14 +190,36 @@ "Don't agree to auth to peer with PAP", 1 }, { "-pap", o_bool, &refuse_pap, "Don't allow PAP authentication with peer", 1 }, - { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, - "Require CHAP authentication from peer", 1, &auth_required }, - { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, - "Require CHAP authentication from peer", 1, &auth_required }, + { "require-chap", o_special_noarg, reqchap, + "Require CHAP authentication from peer" }, + { "+chap", o_special_noarg, reqchap, + "Require CHAP authentication from peer" }, { "refuse-chap", o_bool, &refuse_chap, "Don't agree to auth to peer with CHAP", 1 }, { "-chap", o_bool, &refuse_chap, "Don't allow CHAP authentication with peer", 1 }, + { "refuse-chap-md5", o_bool, &lcp_wantoptions[0].use_digest, + "Don't allow md5-digest style CHAP", 0 }, + { "-chap-md5", o_bool, &lcp_wantoptions[0].use_digest, + "Don't allow md5-digest style CHAP", 0 }, +#ifdef CHAPMS + { "require-chapms", o_special_noarg, reqchapms, + "Require MSCHAP (v1) authentication" }, + { "+chapms", o_special_noarg, reqchapms, + "Require MSCHAP (v1) authentication" }, + { "refuse-chapms", o_special_noarg, nochapms, + "Refuse MSCHAP (v1) authentication" }, + { "-chapms", o_special_noarg, nochapms, + "Refuse MSCHAP (v1) authentication" }, + { "require-chapms-v2", o_special_noarg, reqchapms_v2, + "Require MSCHAP-v2 authentication" }, + { "+chapms-v2", o_special_noarg, reqchapms_v2, + "Require MSCHAP-v2 authentication" }, + { "refuse-chapms-v2", o_special_noarg, nochapms_v2, + "Refuse MSCHAP-v2 authentication" }, + { "-chapms-v2", o_special_noarg, nochapms_v2, + "Refuse MSCHAP-v2 authentication" }, +#endif { "name", o_string, our_name, "Set local name for authentication", OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, @@ -402,11 +437,14 @@ /* * Proceed to the network phase. */ -static void +void network_phase(unit) int unit; { lcp_options *go = &lcp_gotoptions[unit]; +#ifdef CBCP_SUPPORT + lcp_options *ho = &lcp_hisoptions[unit]; +#endif /* * If the peer had to authenticate, run the auth-up script now. @@ -423,8 +461,9 @@ /* * If we negotiated callback, do it now. */ - if (go->neg_cbcp) { + if ((go->neg_cbcp || ho->neg_cbcp) && !did_callback) { phase = PHASE_CALLBACK; + did_callback = 1; (*cbcp_protent.open)(unit); return; } @@ -510,6 +549,8 @@ namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; + BCOPY(name, xuser, namelen); + xuser[namelen] = 0; script_setenv("PEERNAME", peer_authname); /* @@ -1291,6 +1332,61 @@ return 1; } + +#ifdef DYNAMIC +/* + * get_ip_addr_dynamic - scans dynamic-givable address space for + * most recently used address for given user. + */ +int +get_ip_addr_dynamic(unit, addr) + int unit; + u_int32_t *addr; +{ + u_int32_t a; + struct wordlist *addrs; + FILE *fd; + int dfd; + char command[256]; + char mypid[40], *s; + char address[50]; + u_int32_t mask; + + if ((addrs = addresses[unit]) == NULL) + return 0; /* no restriction */ + + fd = (FILE *)NULL; + for(; addrs != NULL; addrs = addrs->next) { + if(strcmp(addrs->word, "*") != 0) + continue; + sprintf(mypid, "/var/tmp/ppp_dynamic.%d", getpid()); + sprintf(command, "%s %s %s %s", _PATH_DYNAMIC, xuser, devnam, mypid); + dfd = open("/dev/null", O_RDWR); + device_script(command, dfd, dfd); + close(dfd); + fd = fopen(mypid, "r"); + if(fd == (FILE *)NULL) + break; + if(fgets(address, sizeof(address), fd) == (char *)NULL) + break; + if((s = strchr(address, '\n')) != (char *)NULL) + *s = '\0'; + a = inet_addr(address); + if(a == -1L) + break; + fclose(fd); + unlink(mypid); + *addr = a; + return 1; + } + if(fd != (FILE *)NULL) + { + fclose(fd); + unlink(mypid); + } + return 0; +} +#endif /* * set_allowed_addrs() - set the list of allowed addresses.