From 272f35378bb5e1abaf91ce93316ca11f0cdf70fc Mon Sep 17 00:00:00 2001 From: peter Date: Fri, 10 Oct 1997 06:02:57 +0000 Subject: Revive some things that were lost during the ppp-2.3.1 update. - (see auth.c rev 1.13) allow the pap/chap secrets file to specify an override for the otherwise hard coded IP addresses. This allows specific users to dial in on a rotary which would otherwise get a dynamic address forced to authenticate and get their own fixed addresses. - (see options.c rev 1.9) recognize the old dns1 and dns2 options. This is a hack (TM). :-) --- usr.sbin/pppd/auth.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++-- usr.sbin/pppd/options.c | 9 ++++++--- usr.sbin/pppd/pppd.h | 4 +++- 3 files changed, 57 insertions(+), 6 deletions(-) (limited to 'usr.sbin/pppd') diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c index a564448..e368619 100644 --- a/usr.sbin/pppd/auth.c +++ b/usr.sbin/pppd/auth.c @@ -33,7 +33,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: auth.c,v 1.17 1997/08/19 17:52:31 peter Exp $"; +static char rcsid[] = "$Id: auth.c,v 1.18 1997/08/22 12:03:52 peter Exp $"; #endif #include @@ -103,6 +103,9 @@ static int auth_pending[NUM_PPP]; /* Set if we have successfully called login() */ static int logged_in; +/* Set if not wild or blank */ +static int non_wildclient; + /* Set if we have run the /etc/ppp/auth-up script. */ static int did_authup; @@ -141,6 +144,7 @@ static int ip_addr_check __P((u_int32_t, struct wordlist *)); static int scan_authfile __P((FILE *, char *, char *, u_int32_t, char *, struct wordlist **, char *)); static void free_wordlist __P((struct wordlist *)); +static void auth_set_ip_addr __P((int)); static void auth_script __P((char *)); static void set_allowed_addrs __P((int, struct wordlist *)); #ifdef CBCP_SUPPORT @@ -364,6 +368,12 @@ auth_peer_success(unit, protocol, name, namelen) peer_authname[namelen] = 0; /* + * If we have overridden addresses based on auth info + * then set that information now before continuing. + */ + auth_set_ip_addr(unit); + + /* * If there is no more authentication still to be done, * proceed to the network (or callback) phase. */ @@ -412,6 +422,12 @@ auth_withpeer_success(unit, protocol) } /* + * If we have overridden addresses based on auth info + * then set that information now before continuing. + */ + auth_set_ip_addr(unit); + + /* * If there is no more authentication still being done, * proceed to the network (or callback) phase. */ @@ -1150,6 +1166,23 @@ set_allowed_addrs(unit, addrs) } } +static void +auth_set_ip_addr(unit) + int unit; +{ + struct wordlist *addrs; + + if (non_wildclient && (addrs = addresses[unit]) != NULL) { + for (; addrs != NULL; addrs = addrs->next) { + /* Look for address overrides, and set them if we have any */ + if (strchr(addrs->word, ':') != NULL) { + if (setipaddr(addrs->word)) + break; + } + } + } +} + /* * auth_ip_addr - check whether the peer is authorized to use * a given IP address. Returns 1 if authorized, 0 otherwise. @@ -1167,6 +1200,7 @@ ip_addr_check(addr, addrs) u_int32_t addr; struct wordlist *addrs; { + int x, y; u_int32_t a, mask, ah; int accept; char *ptr_word, *ptr_mask; @@ -1180,7 +1214,9 @@ ip_addr_check(addr, addrs) if (addrs == NULL) return !auth_required; /* no addresses authorized */ + x = y = 0; for (; addrs != NULL; addrs = addrs->next) { + y++; /* "-" means no addresses authorized, "*" means any address allowed */ ptr_word = addrs->word; if (strcmp(ptr_word, "-") == 0) @@ -1188,6 +1224,14 @@ ip_addr_check(addr, addrs) if (strcmp(ptr_word, "*") == 0) return 1; + /* + * A colon in the string means that we wish to force a specific + * local:remote address, but we ignore these for now. + */ + if (strchr(addrs->word, ':') != NULL) + x++; + else { + accept = 1; if (*ptr_word == '!') { accept = 0; @@ -1244,8 +1288,9 @@ ip_addr_check(addr, addrs) and mask is in host order. */ if (((addr ^ a) & htonl(mask)) == 0) return accept; + } /* else */ } - return 0; /* not in list => can't have it */ + return x == y; /* not in list => can't have it */ } /* @@ -1430,6 +1475,7 @@ scan_authfile(f, client, server, ipaddr, secret, addrs, filename) else if (addr_list != NULL) free_wordlist(addr_list); + non_wildclient = (best_flag & NONWILD_CLIENT) && *client != '\0'; return best_flag; } diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c index ee5bac2..0b34449 100644 --- a/usr.sbin/pppd/options.c +++ b/usr.sbin/pppd/options.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id$"; +static char rcsid[] = "$Id: options.c,v 1.14 1997/08/22 15:50:09 peter Exp $"; #endif #include @@ -133,7 +133,6 @@ pcap_t pc; /* Fake struct pcap so we can compile expr */ * Prototypes */ static int setdevname __P((char *, int)); -static int setipaddr __P((char *)); static int setspeed __P((char *)); static int setdebug __P((char **)); static int setkdebug __P((char **)); @@ -375,6 +374,10 @@ static struct cmd { {"papcrypt", 0, setpapcrypt}, /* PAP passwords encrypted */ {"idle", 1, setidle}, /* idle time limit (seconds) */ {"holdoff", 1, setholdoff}, /* set holdoff time (seconds) */ +/* backwards compat hack */ + {"dns1", 1, setdnsaddr}, /* DNS address for the peer's use */ + {"dns2", 1, setdnsaddr}, /* DNS address for the peer's use */ +/* end compat hack */ {"ms-dns", 1, setdnsaddr}, /* DNS address for the peer's use */ {"ms-wins", 1, setwinsaddr}, /* Nameserver for SMB over TCP/IP for peer */ {"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */ @@ -1684,7 +1687,7 @@ setdevname(cp, quiet) /* * setipaddr - Set the IP address */ -static int +int setipaddr(arg) char *arg; { diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h index 236b400..88d1617 100644 --- a/usr.sbin/pppd/pppd.h +++ b/usr.sbin/pppd/pppd.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id$ + * $Id: pppd.h,v 1.9 1997/08/19 17:52:46 peter Exp $ */ /* @@ -313,6 +313,8 @@ int getword __P((FILE *f, char *word, int *newlinep, char *filename)); /* Read a word from a file */ void option_error __P((char *fmt, ...)); /* Print an error message about an option */ +int setipaddr __P((char *)); /* set IP addresses */ + /* * This structure is used to store information about certain -- cgit v1.1