Revive some things that were lost during the ppp-2.3.1 update.

- (see auth.c rev 1.13) allow the pap/chap secrets file to specify an
override for the otherwise hard coded IP addresses.  This allows specific
users to dial in on a rotary which would otherwise get a dynamic address
forced to authenticate and get their own fixed addresses.
- (see options.c rev 1.9) recognize the old dns1 and dns2 options.  This
is a hack (TM). :-)

usr.sbin/pppd/auth.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.17 1997/08/19 17:52:31 peter Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.18 1997/08/22 12:03:52 peter Exp $";
 #endif
 
 #include <stdio.h>
@@ -103,6 +103,9 @@ static int auth_pending[NUM_PPP];
 /* Set if we have successfully called login() */
 static int logged_in;
 
+/* Set if not wild or blank */
+static int non_wildclient;
+
 /* Set if we have run the /etc/ppp/auth-up script. */
 static int did_authup;
 
@@ -141,6 +144,7 @@ static int  ip_addr_check __P((u_int32_t, struct wordlist *));
 static int  scan_authfile __P((FILE *, char *, char *, u_int32_t, char *,
 			       struct wordlist **, char *));
 static void free_wordlist __P((struct wordlist *));
+static void auth_set_ip_addr __P((int));
 static void auth_script __P((char *));
 static void set_allowed_addrs __P((int, struct wordlist *));
 #ifdef CBCP_SUPPORT
@@ -363,6 +367,12 @@ auth_peer_success(unit, protocol, name, namelen)
     BCOPY(name, peer_authname, namelen);
     peer_authname[namelen] = 0;
 
+    /*
+     * If we have overridden addresses based on auth info
+     * then set that information now before continuing.
+     */
+    auth_set_ip_addr(unit);
+
     /*
      * If there is no more authentication still to be done,
      * proceed to the network (or callback) phase.
@@ -411,6 +421,12 @@ auth_withpeer_success(unit, protocol)
 	bit = 0;
     }
 
+    /*
+     * If we have overridden addresses based on auth info
+     * then set that information now before continuing.
+     */
+    auth_set_ip_addr(unit);
+
     /*
      * If there is no more authentication still being done,
      * proceed to the network (or callback) phase.
@@ -1150,6 +1166,23 @@ set_allowed_addrs(unit, addrs)
     }
 }
 
+static void
+auth_set_ip_addr(unit)
+    int unit;
+{
+    struct wordlist *addrs;
+
+    if (non_wildclient && (addrs = addresses[unit]) != NULL) {
+	for (; addrs != NULL; addrs = addrs->next) {
+	    /* Look for address overrides, and set them if we have any */
+	    if (strchr(addrs->word, ':') != NULL) {
+		if (setipaddr(addrs->word))
+		    break;
+	    }
+	}
+    }
+}
+
 /*
  * auth_ip_addr - check whether the peer is authorized to use
  * a given IP address.  Returns 1 if authorized, 0 otherwise.
@@ -1167,6 +1200,7 @@ ip_addr_check(addr, addrs)
     u_int32_t addr;
     struct wordlist *addrs;
 {
+    int x, y;
     u_int32_t a, mask, ah;
     int accept;
     char *ptr_word, *ptr_mask;
@@ -1180,7 +1214,9 @@ ip_addr_check(addr, addrs)
     if (addrs == NULL)
 	return !auth_required;		/* no addresses authorized */
 
+    x = y = 0;
     for (; addrs != NULL; addrs = addrs->next) {
+	y++;
 	/* "-" means no addresses authorized, "*" means any address allowed */
 	ptr_word = addrs->word;
 	if (strcmp(ptr_word, "-") == 0)
@@ -1188,6 +1224,14 @@ ip_addr_check(addr, addrs)
 	if (strcmp(ptr_word, "*") == 0)
 	    return 1;
 
+	/*
+	 * A colon in the string means that we wish to force a specific
+	 * local:remote address, but we ignore these for now.
+	 */
+	if (strchr(addrs->word, ':') != NULL)
+	    x++;
+	else {
+
 	accept = 1;
 	if (*ptr_word == '!') {
 	    accept = 0;
@@ -1244,8 +1288,9 @@ ip_addr_check(addr, addrs)
 	       and mask is in host order. */
 	    if (((addr ^ a) & htonl(mask)) == 0)
 		return accept;
+    }	/* else */
     }
-    return 0;			/* not in list => can't have it */
+    return x == y;			/* not in list => can't have it */
 }
 
 /*
@@ -1430,6 +1475,7 @@ scan_authfile(f, client, server, ipaddr, secret, addrs, filename)
     else if (addr_list != NULL)
 	free_wordlist(addr_list);
 
+    non_wildclient = (best_flag & NONWILD_CLIENT) && *client != '\0';
     return best_flag;
 }
 

usr.sbin/pppd/options.c

@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id$";
+static char rcsid[] = "$Id: options.c,v 1.14 1997/08/22 15:50:09 peter Exp $";
 #endif
 
 #include <ctype.h>
@@ -133,7 +133,6 @@ pcap_t  pc;			/* Fake struct pcap so we can compile expr */
  * Prototypes
  */
 static int setdevname __P((char *, int));
-static int setipaddr __P((char *));
 static int setspeed __P((char *));
 static int setdebug __P((char **));
 static int setkdebug __P((char **));
@@ -375,6 +374,10 @@ static struct cmd {
     {"papcrypt", 0, setpapcrypt},	/* PAP passwords encrypted */
     {"idle", 1, setidle},		/* idle time limit (seconds) */
     {"holdoff", 1, setholdoff},		/* set holdoff time (seconds) */
+/* backwards compat hack */
+    {"dns1", 1, setdnsaddr},		/* DNS address for the peer's use */
+    {"dns2", 1, setdnsaddr},		/* DNS address for the peer's use */
+/* end compat hack */
     {"ms-dns", 1, setdnsaddr},		/* DNS address for the peer's use */
     {"ms-wins", 1, setwinsaddr},	/* Nameserver for SMB over TCP/IP for peer */
     {"noipx",  0, resetipxproto},	/* Disable IPXCP (and IPX) */
@@ -1684,7 +1687,7 @@ setdevname(cp, quiet)
 /*
  * setipaddr - Set the IP address
  */
-static int
+int
 setipaddr(arg)
     char *arg;
 {

usr.sbin/pppd/pppd.h

@@ -16,7 +16,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id$
+ * $Id: pppd.h,v 1.9 1997/08/19 17:52:46 peter Exp $
  */
 
 /*
@@ -313,6 +313,8 @@ int  getword __P((FILE *f, char *word, int *newlinep, char *filename));
 				/* Read a word from a file */
 void option_error __P((char *fmt, ...));
 				/* Print an error message about an option */
+int setipaddr __P((char *));	/* set IP addresses */
+
 
 /*
  * This structure is used to store information about certain