diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c index 6b01669e5cd6..89e4894f319e 100644 --- a/usr.sbin/ppp/auth.c +++ b/usr.sbin/ppp/auth.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: auth.c,v 1.19 1997/11/09 14:18:32 brian Exp $ + * $Id: auth.c,v 1.20 1997/11/09 18:51:21 brian Exp $ * * TODO: * o Implement check against with registered IP addresses. @@ -47,20 +47,24 @@ void LocalAuthInit() { - char *p; + if (*VarShortHost == '\0') { + char *p; - if (gethostname(VarShortHost, sizeof(VarShortHost))) { - VarLocalAuth = LOCAL_DENY; - return; + if (gethostname(VarShortHost, sizeof(VarShortHost))) { + VarLocalAuth = LOCAL_DENY; + return; + } + + p = strchr(VarShortHost, '.'); + if (p) + *p = '\0'; } - p = strchr(VarShortHost, '.'); - if (p) - *p = '\0'; - if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT))) /* We're allowed in interactive and direct */ VarLocalAuth = LOCAL_AUTH; + else if (VarHaveLocalAuthKey) + VarLocalAuth = *VarLocalAuthKey == '\0' ? LOCAL_AUTH : LOCAL_NO_AUTH; else switch (LocalAuthValidate(SECRETFILE, VarShortHost, "")) { case NOT_FOUND: diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index c4fbb260d4f0..b0d49c4dbc99 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.93 1997/11/09 17:51:24 brian Exp $ + * $Id: command.c,v 1.94 1997/11/09 18:51:22 brian Exp $ * */ #include @@ -761,7 +761,6 @@ QuitCommand(struct cmdtab const * list, int argc, char **argv) Cleanup(EX_NORMAL); } else if (VarTerm) { LogPrintf(LogPHASE, "Client connection closed.\n"); - LocalAuthInit(); mode &= ~MODE_INTER; oVarTerm = VarTerm; VarTerm = 0; @@ -899,43 +898,86 @@ SetStoppedTimeout(struct cmdtab const * list, int argc, char **argv) return -1; } +#define ismask(x) \ + (*x == '0' && strlen(x) == 4 && strspn(x+1, "0123456789.") == 3) + static int SetServer(struct cmdtab const * list, int argc, char **argv) { int res = -1; - if (argc > 0 && argc < 3) - if (strcasecmp(argv[0], "none") == 0) { - ServerClose(); - LogPrintf(LogPHASE, "Disabling server port.\n"); - res = 0; - } else if (*argv[0] == '/') { - mode_t mask; + if (argc > 0 && argc < 4) { + const char *port, *passwd, *mask; - umask(mask = umask(0)); - if (argc == 2) { + /* What's what ? */ + port = argv[0]; + if (argc == 2) + if (ismask(argv[1])) { + passwd = NULL; + mask = argv[1]; + } else { + passwd = argv[1]; + mask = NULL; + } + else if (argc == 3) { + passwd = argv[1]; + mask = argv[2]; + if (!ismask(mask)) + return -1; + } else + passwd = mask = NULL; + + if (passwd == NULL) + VarHaveLocalAuthKey = 0; + else { + strncpy(VarLocalAuthKey, passwd, sizeof VarLocalAuthKey); + VarLocalAuthKey[sizeof VarLocalAuthKey - 1] = '\0'; + VarHaveLocalAuthKey = 1; + } + LocalAuthInit(); + + if (strcasecmp(port, "none") == 0) { + int oserver; + + if (mask != NULL || passwd != NULL) + return -1; + oserver = server; + ServerClose(); + if (oserver != -1) + LogPrintf(LogPHASE, "Disabling server port.\n"); + res = 0; + } else if (*port == '/') { + mode_t imask; + + if (mask != NULL) { unsigned m; - if (sscanf(argv[1], "%o", &m) == 1) - mask = m; - } - res = ServerLocalOpen(argv[0], mask); - } else { - int port; - - if (strspn(argv[0], "0123456789") != strlen(argv[0])) { - struct servent *s; - - if ((s = getservbyname(argv[0], "tcp")) == NULL) { - port = 0; - LogPrintf(LogWARN, "%s: Invalid port or service\n", argv[0]); - } else - port = ntohs(s->s_port); + if (sscanf(mask, "%o", &m) == 1) + imask = m; + else + return -1; } else - port = atoi(argv[0]); - if (port) - res = ServerTcpOpen(port); + imask = (mode_t)-1; + res = ServerLocalOpen(port, imask); + } else { + int iport; + + if (mask != NULL) + return -1; + + if (strspn(port, "0123456789") != strlen(port)) { + struct servent *s; + + if ((s = getservbyname(port, "tcp")) == NULL) { + iport = 0; + LogPrintf(LogWARN, "%s: Invalid port or service\n", port); + } else + iport = ntohs(s->s_port); + } else + iport = atoi(port); + res = iport ? ServerTcpOpen(iport) : -1; } + } return res; } diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c index 3e80471640f3..7224eb046ba8 100644 --- a/usr.sbin/ppp/main.c +++ b/usr.sbin/ppp/main.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: main.c,v 1.90 1997/11/09 14:18:45 brian Exp $ + * $Id: main.c,v 1.91 1997/11/09 18:51:23 brian Exp $ * * TODO: * o Add commands for traffic summary, version display, etc. @@ -173,6 +173,7 @@ TtyOldMode() void Cleanup(int excode) { + ServerClose(); OsInterfaceDown(1); HangupModem(1); nointr_sleep(1); @@ -189,7 +190,6 @@ Cleanup(int excode) close(BGFiledes[1]); } LogPrintf(LogPHASE, "PPP Terminated (%s).\n", ex_desc(excode)); - ServerClose(); TtyOldMode(); LogClose(); @@ -242,11 +242,21 @@ SetUpServer(int signo) { int res; + VarHaveLocalAuthKey = 0; + LocalAuthInit(); if ((res = ServerTcpOpen(SERVER_PORT + tunno)) != 0) LogPrintf(LogERROR, "SIGUSR1: Failed %d to open port %d\n", res, SERVER_PORT + tunno); } +static void +BringDownServer(int signo) +{ + VarHaveLocalAuthKey = 0; + LocalAuthInit(); + ServerClose(); +} + static char * ex_desc(int ex) { @@ -396,6 +406,10 @@ main(int argc, char **argv) if (mode != MODE_INTER) pending_signal(SIGUSR1, SetUpServer); #endif +#ifdef SIGUSR2 + if (mode != MODE_INTER) + pending_signal(SIGUSR2, BringDownServer); +#endif if (dstsystem) { if (SelectSystem(dstsystem, CONFFILE) < 0) { @@ -416,9 +430,6 @@ main(int argc, char **argv) Cleanup(EX_SOCK); } } - /* Create server socket and listen (initial value is -2) */ - if (server == -2) - ServerTcpOpen(SERVER_PORT + tunno); if (!(mode & MODE_DIRECT)) { pid_t bgpid; @@ -560,7 +571,6 @@ ReadTty() Prompt(); } else { LogPrintf(LogPHASE, "client connection closed.\n"); - LocalAuthInit(); mode &= ~MODE_INTER; oVarTerm = VarTerm; VarTerm = 0; @@ -922,6 +932,7 @@ DoLoop() } else netfd = wfd; VarTerm = fdopen(netfd, "a+"); + LocalAuthInit(); mode |= MODE_INTER; Greetings(); IsInteractive(1); diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index c3eafe21a042..6eb42cd270b9 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.75 1997/11/09 13:18:51 brian Exp $ +.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -525,10 +525,15 @@ Currently, may also be used to talk interactively. .Pp -Each +In order to achieve this, you must use the +.Dq set server +command as described below. It is possible to retrospectively make a running .Nm -daemon has an associated port number which is computed as "3000 + -tunnel_device_number". +program listen on a diagnostic port by configuring +.Pa /etc/ppp/ppp.secret , +and sending it a +.Dv USR1 +signal. In .Fl auto @@ -637,10 +642,18 @@ To terminate the program, type .Pp A simple .Dq quit -command will terminate the telnet connection but not the program itself. +command will terminate the +.Xr pppctl 8 +or +.Xr telnet 1 +connection but not the +.Nm +program itself. You must use .Dq quit all -to terminate the program as well. +to terminate +.Nm +as well. .Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1) @@ -698,17 +711,17 @@ exec /usr/sbin/ppp -direct (You can specify a label name for further control.) .Pp -Direct mode ( -.Fl direct -) lets +Direct mode +.Pq Fl direct +lets .Nm work with stdin and stdout. You can also use .Xr pppctl 8 or .Xr telnet 1 -to connect to port 3000 plus the current tunnel device number to get -command mode control in the same manner as client-side -.Nm. +to connect to a configured diagnostic port, in the same manner as with +client-side +.Nm ppp . .It Optional support for Microsoft's IPCP Name Server and NetBIOS @@ -1467,8 +1480,14 @@ to exit. This signal, when not in interactive mode, tells .Nm to close any existing server socket and open an Internet socket using -the default rules for choosing a port number - that is, using port -3000 plus the current tunnel device number. +port 3000 plus the current tunnel device number. This can only be +achieved if a suitable local password is specified in +.Pa /etc/ppp/ppp.secret . + +.It USR2 +This signal, tells +.Nm +to close any existing server socket. .El @@ -1477,7 +1496,11 @@ the default rules for choosing a port number - that is, using port This section lists the available commands and their effect. They are usable either from an interactive .Nm -session, from a configuration file or from a telnet session. +session, from a configuration file or from a +.Xr pppctl 8 +or +.Xr telnet 1 +session. .Bl -tag -width 20 .It accept|deny|enable|disable option.... @@ -1949,27 +1972,40 @@ The default value is zero, where .Nm doesn't time out in the stopped state. -.It set server|socket TcpPort|LocalName|none [mask] -Normally, when not in interactive mode, +.It set server|socket TcpPort|LocalName|none [password] [mask] +This command tells .Nm -listens to a TCP socket for incoming command connections. The -default socket number is calculated as 3000 plus the number of the -tunnel device that +to listen on the given socket or +.Sq diagnostic port +for incoming command connections. This is not possible if .Nm -opened. So, for example, if +is in interactive mode. The word +.Ar none +instructs .Nm -opened tun2, socket 3002 would be used. +to close any existing socket. If you wish to specify a unix domain +socket, +.Ar LocalName +must be specified as an absolute file name, otherwise it is assumed +to be the name or number of a TCP port. You may specify the octal umask that +should be used with unix domain sockets as a four character octal number +beginning with +.Sq 0 . +Refer to +.Xr umask 2 +for umask details. Refer to +.Xr services 5 +for details of how to translate TCP port names. + .Pp -Using this command, you can specify your own port number, a -local domain socket (specified as an absolute file name), or -you can tell -.Nm -not to accept any command connections. If a local domain socket -is specified, you may also specify an octal mask that should be -set before creating the socket. See also the use of -the -.Dv USR1 -signal. +You may also specify the password that must be used by the client when +connecting to this socket. If the password is not specified here, +.Pa /etc/ppp/ppp.secret +is searched for a machine name that's the same as your local host name +without any domain suffix. Refer to +.Xr hostname 1 +for further details. If a password is specified as the empty string, +no password is required. .Pp When using @@ -1979,7 +2015,7 @@ with a server socket, the command is the preferred mechanism of communications. Currently, .Xr telnet 1 can also be used, but link encryption may be implemented in the future, so -.Xr telnet 8 +.Xr telnet 1 should not be relied upon. .It set speed value @@ -2184,7 +2220,11 @@ argument is given, .Nm will exit, closing the connection. A simple .Dq quit -issued from a telnet session will not close the current connection. +issued from a +.Xr pppctl 8 +or +.Xr telnet 1 +session will not close the current connection. .It help|? [command] Show a list of available commands. If @@ -2287,6 +2327,7 @@ Get port number if port number is using service name. .Xr crontab 5 , .Xr ftp 1 , .Xr getty 8 , +.Xr hostname 1 , .Xr inetd 8 , .Xr init 8 , .Xr login 1 , @@ -2299,7 +2340,6 @@ Get port number if port number is using service name. .Xr syslogd 8 , .Xr tcpdump 1 , .Xr telnet 1 , -.Xr telnet 8 , .Xr traceroute 8 , .Xr uucplock 3 , .Xr uucplock 8 diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index c3eafe21a042..6eb42cd270b9 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -1,4 +1,4 @@ -.\" $Id: ppp.8,v 1.75 1997/11/09 13:18:51 brian Exp $ +.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $ .Dd 20 September 1995 .Os FreeBSD .Dt PPP 8 @@ -525,10 +525,15 @@ Currently, may also be used to talk interactively. .Pp -Each +In order to achieve this, you must use the +.Dq set server +command as described below. It is possible to retrospectively make a running .Nm -daemon has an associated port number which is computed as "3000 + -tunnel_device_number". +program listen on a diagnostic port by configuring +.Pa /etc/ppp/ppp.secret , +and sending it a +.Dv USR1 +signal. In .Fl auto @@ -637,10 +642,18 @@ To terminate the program, type .Pp A simple .Dq quit -command will terminate the telnet connection but not the program itself. +command will terminate the +.Xr pppctl 8 +or +.Xr telnet 1 +connection but not the +.Nm +program itself. You must use .Dq quit all -to terminate the program as well. +to terminate +.Nm +as well. .Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1) @@ -698,17 +711,17 @@ exec /usr/sbin/ppp -direct (You can specify a label name for further control.) .Pp -Direct mode ( -.Fl direct -) lets +Direct mode +.Pq Fl direct +lets .Nm work with stdin and stdout. You can also use .Xr pppctl 8 or .Xr telnet 1 -to connect to port 3000 plus the current tunnel device number to get -command mode control in the same manner as client-side -.Nm. +to connect to a configured diagnostic port, in the same manner as with +client-side +.Nm ppp . .It Optional support for Microsoft's IPCP Name Server and NetBIOS @@ -1467,8 +1480,14 @@ to exit. This signal, when not in interactive mode, tells .Nm to close any existing server socket and open an Internet socket using -the default rules for choosing a port number - that is, using port -3000 plus the current tunnel device number. +port 3000 plus the current tunnel device number. This can only be +achieved if a suitable local password is specified in +.Pa /etc/ppp/ppp.secret . + +.It USR2 +This signal, tells +.Nm +to close any existing server socket. .El @@ -1477,7 +1496,11 @@ the default rules for choosing a port number - that is, using port This section lists the available commands and their effect. They are usable either from an interactive .Nm -session, from a configuration file or from a telnet session. +session, from a configuration file or from a +.Xr pppctl 8 +or +.Xr telnet 1 +session. .Bl -tag -width 20 .It accept|deny|enable|disable option.... @@ -1949,27 +1972,40 @@ The default value is zero, where .Nm doesn't time out in the stopped state. -.It set server|socket TcpPort|LocalName|none [mask] -Normally, when not in interactive mode, +.It set server|socket TcpPort|LocalName|none [password] [mask] +This command tells .Nm -listens to a TCP socket for incoming command connections. The -default socket number is calculated as 3000 plus the number of the -tunnel device that +to listen on the given socket or +.Sq diagnostic port +for incoming command connections. This is not possible if .Nm -opened. So, for example, if +is in interactive mode. The word +.Ar none +instructs .Nm -opened tun2, socket 3002 would be used. +to close any existing socket. If you wish to specify a unix domain +socket, +.Ar LocalName +must be specified as an absolute file name, otherwise it is assumed +to be the name or number of a TCP port. You may specify the octal umask that +should be used with unix domain sockets as a four character octal number +beginning with +.Sq 0 . +Refer to +.Xr umask 2 +for umask details. Refer to +.Xr services 5 +for details of how to translate TCP port names. + .Pp -Using this command, you can specify your own port number, a -local domain socket (specified as an absolute file name), or -you can tell -.Nm -not to accept any command connections. If a local domain socket -is specified, you may also specify an octal mask that should be -set before creating the socket. See also the use of -the -.Dv USR1 -signal. +You may also specify the password that must be used by the client when +connecting to this socket. If the password is not specified here, +.Pa /etc/ppp/ppp.secret +is searched for a machine name that's the same as your local host name +without any domain suffix. Refer to +.Xr hostname 1 +for further details. If a password is specified as the empty string, +no password is required. .Pp When using @@ -1979,7 +2015,7 @@ with a server socket, the command is the preferred mechanism of communications. Currently, .Xr telnet 1 can also be used, but link encryption may be implemented in the future, so -.Xr telnet 8 +.Xr telnet 1 should not be relied upon. .It set speed value @@ -2184,7 +2220,11 @@ argument is given, .Nm will exit, closing the connection. A simple .Dq quit -issued from a telnet session will not close the current connection. +issued from a +.Xr pppctl 8 +or +.Xr telnet 1 +session will not close the current connection. .It help|? [command] Show a list of available commands. If @@ -2287,6 +2327,7 @@ Get port number if port number is using service name. .Xr crontab 5 , .Xr ftp 1 , .Xr getty 8 , +.Xr hostname 1 , .Xr inetd 8 , .Xr init 8 , .Xr login 1 , @@ -2299,7 +2340,6 @@ Get port number if port number is using service name. .Xr syslogd 8 , .Xr tcpdump 1 , .Xr telnet 1 , -.Xr telnet 8 , .Xr traceroute 8 , .Xr uucplock 3 , .Xr uucplock 8 diff --git a/usr.sbin/ppp/server.c b/usr.sbin/ppp/server.c index abd8ba9d2e7e..b6869b8a102d 100644 --- a/usr.sbin/ppp/server.c +++ b/usr.sbin/ppp/server.c @@ -1,5 +1,5 @@ /* - * $Id: server.c,v 1.7 1997/11/09 06:22:47 brian Exp $ + * $Id: server.c,v 1.8 1997/11/09 14:18:51 brian Exp $ */ #include @@ -26,7 +26,7 @@ #include "log.h" #include "id.h" -int server = -2; +int server = -1; static struct sockaddr_un ifsun; static char *rm; @@ -61,9 +61,11 @@ ServerLocalOpen(const char *name, mode_t mask) return 3; } setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &s, sizeof s); - mask = umask(mask); + if (mask != (mode_t)-1) + mask = umask(mask); if (bind(s, (struct sockaddr *) & ifsun, sizeof(ifsun)) < 0) { - umask(mask); + if (mask != (mode_t)-1) + umask(mask); LogPrintf(LogERROR, "Local: bind: %s\n", strerror(errno)); if (errno == EADDRINUSE && VarTerm) fprintf(VarTerm, "Wait for a while, then try again.\n"); @@ -71,7 +73,8 @@ ServerLocalOpen(const char *name, mode_t mask) ID0unlink(name); return 4; } - umask(mask); + if (mask != (mode_t)-1) + umask(mask); if (listen(s, 5) != 0) { LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n"); close(s); diff --git a/usr.sbin/ppp/vars.c b/usr.sbin/ppp/vars.c index 904113293c4e..1a47b3765ff6 100644 --- a/usr.sbin/ppp/vars.c +++ b/usr.sbin/ppp/vars.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: vars.c,v 1.31 1997/10/26 01:03:58 brian Exp $ + * $Id: vars.c,v 1.32 1997/10/29 01:19:51 brian Exp $ * */ #include @@ -40,7 +40,7 @@ #include "defs.h" char VarVersion[] = "PPP Version 1.3"; -char VarLocalVersion[] = "$Date: 1997/10/26 01:03:58 $"; +char VarLocalVersion[] = "$Date: 1997/10/29 01:19:51 $"; int Utmp = 0; int ipInOctets = 0; int ipOutOctets = 0; @@ -172,21 +172,24 @@ LocalAuthCommand(struct cmdtab * list, int argc, char **argv) else pass = *argv; - switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) { - case INVALID: - pppVars.lauth = LOCAL_NO_AUTH; - break; - case VALID: - pppVars.lauth = LOCAL_AUTH; - break; - case NOT_FOUND: - pppVars.lauth = LOCAL_AUTH; - LogPrintf(LogWARN, "WARNING: No Entry for this system\n"); - break; - default: - pppVars.lauth = LOCAL_NO_AUTH; - LogPrintf(LogERROR, "LocalAuthCommand: Ooops?\n"); - return 1; - } + if (VarHaveLocalAuthKey) + VarLocalAuth = strcmp(VarLocalAuthKey, pass) ? LOCAL_NO_AUTH : LOCAL_AUTH; + else + switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) { + case INVALID: + VarLocalAuth = LOCAL_NO_AUTH; + break; + case VALID: + VarLocalAuth = LOCAL_AUTH; + break; + case NOT_FOUND: + VarLocalAuth = LOCAL_AUTH; + LogPrintf(LogWARN, "WARNING: No Entry for this system\n"); + break; + default: + VarLocalAuth = LOCAL_NO_AUTH; + LogPrintf(LogERROR, "LocalAuthCommand: Ooops?\n"); + return 1; + } return 0; } diff --git a/usr.sbin/ppp/vars.h b/usr.sbin/ppp/vars.h index 864f3bdddc4a..3e205dabc830 100644 --- a/usr.sbin/ppp/vars.h +++ b/usr.sbin/ppp/vars.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: vars.h,v 1.31 1997/10/26 01:03:59 brian Exp $ + * $Id: vars.h,v 1.32 1997/11/09 14:18:55 brian Exp $ * * TODO: */ @@ -80,6 +80,8 @@ struct pppvars { char login_script[SCRIPT_LEN]; /* Login script */ char auth_key[50]; /* PAP/CHAP key */ char auth_name[50]; /* PAP/CHAP system name */ + char local_auth_key[50]; /* Local auth passwd */ + int have_local_auth_key; /* Local auth passwd specified ? */ #ifdef HAVE_DES int use_MSChap; /* Use MSCHAP encryption */ #endif @@ -110,6 +112,8 @@ struct pppvars { #define VarRetryTimeout pppVars.retry_timeout #define VarAuthKey pppVars.auth_key #define VarAuthName pppVars.auth_name +#define VarLocalAuthKey pppVars.local_auth_key +#define VarHaveLocalAuthKey pppVars.have_local_auth_key #ifdef HAVE_DES #define VarMSChap pppVars.use_MSChap #endif