pppd: Add pap-secrets and chap-secrets options (#513)

These options allow a user to specify paths to pap-secrets and chap-secrets files,
which is useful when running multiple instances of pppd that may use the same
username but with different passwords (e.g. running multiple PPTP tunnels).

Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>

diff --git a/pppd/auth.c b/pppd/auth.c
index fec815e6ca2d0500135a3751aaf25eae2c50ab5a..aabab17715fec756ff7cb6d51ec32b3178fffdb9 100644 (file)
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -83,6 +83,7 @@
 #include <grp.h>
 #include <string.h>
 #include <strings.h>
+#include <sys/param.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -253,6 +254,8 @@ bool explicit_remote = 0;   /* User specified explicit remote name */
 bool explicit_user = 0;                /* Set if "user" option supplied */
 bool explicit_passwd = 0;      /* Set if "password" option supplied */
 char remote_name[MAXNAMELEN];  /* Peer's name for authentication */
+char path_upapfile[MAXPATHLEN];        /* Pathname of pap-secrets file */
+char path_chapfile[MAXPATHLEN];        /* Pathname of chap-secrets file */
 
 #if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
 char *cacert_file  = NULL;  /* CA certificate file (pem format) */
@@ -417,6 +420,14 @@ struct option auth_options[] = {
       "Set remote name for authentication", OPT_PRIO | OPT_STATIC,
       &explicit_remote, MAXNAMELEN },
 
+    { "pap-secrets", o_string, path_upapfile,
+      "Set pathname of pap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+      NULL, MAXPATHLEN },
+
+    { "chap-secrets", o_string, path_chapfile,
+      "Set pathname of chap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+      NULL, MAXPATHLEN },
+
     { "login", o_bool, &uselogin,
       "Use system password database for PAP", OPT_A2COPY | 1 ,
       &session_mgmt },
@@ -1538,7 +1549,7 @@ check_passwd(int unit,
      * Open the file of pap secrets and scan for a suitable secret
      * for authenticating this user.
      */
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
     f = fopen(filename, "r");
@@ -1639,7 +1650,7 @@ null_login(int unit)
      * Open the file of pap secrets and scan for a suitable secret.
      */
     if (ret <= 0) {
-       filename = PPP_PATH_UPAPFILE;
+       filename = path_upapfile;
        addrs = NULL;
        f = fopen(filename, "r");
        if (f == NULL)
@@ -1686,7 +1697,7 @@ get_pap_passwd(char *passwd)
            return ret;
     }
 
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     f = fopen(filename, "r");
     if (f == NULL)
        return 0;
@@ -1723,7 +1734,7 @@ have_pap_secret(int *lacks_ipp)
            return ret;
     }
 
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     f = fopen(filename, "r");
     if (f == NULL)
        return 0;
@@ -1765,7 +1776,7 @@ have_chap_secret(char *client, char *server,
        }
     }
 
-    filename = PPP_PATH_CHAPFILE;
+    filename = path_chapfile;
     f = fopen(filename, "r");
     if (f == NULL)
        return 0;
@@ -1851,7 +1862,7 @@ get_secret(int unit, char *client, char *server,
            return 0;
        }
     } else {
-       filename = PPP_PATH_CHAPFILE;
+       filename = path_chapfile;
        addrs = NULL;
        secbuf[0] = 0;
 

diff --git a/pppd/main.c b/pppd/main.c
index d8d62fe5fd33304db9c25d77bfafbde6e6d94878..cdd8a7f362c0a30e8b07fdea1c841edd3ceacc85 100644 (file)
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -363,6 +363,9 @@ main(int argc, char *argv[])
     struct protent *protp;
     char numbuf[16];
 
+    strlcpy(path_upapfile, PPP_PATH_UPAPFILE, MAXPATHLEN);
+    strlcpy(path_chapfile, PPP_PATH_CHAPFILE, MAXPATHLEN);
+
     strlcpy(path_ipup, PPP_PATH_IPUP, MAXPATHLEN);
     strlcpy(path_ipdown, PPP_PATH_IPDOWN, MAXPATHLEN);
     strlcpy(path_ippreup, PPP_PATH_IPPREUP, MAXPATHLEN);

diff --git a/pppd/pppd-private.h b/pppd/pppd-private.h
index a38f58a097ffda2158f7ca015e02e2d5bbd6401a..e0762007c1276156efb70c4385cf74632184a00b 100644 (file)
--- a/pppd/pppd-private.h
+++ b/pppd/pppd-private.h
@@ -177,6 +177,8 @@ extern bool uselogin;       /* Use /etc/passwd for checking PAP */
 extern bool    session_mgmt;   /* Do session management (login records) */
 extern char    our_name[MAXNAMELEN];/* Our name for authentication purposes */
 extern char    remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern char    path_upapfile[];/* Pathname of pap-secrets file */
+extern char    path_chapfile[];/* Pathname of chap-secrets file */
 extern bool    explicit_remote;/* remote_name specified with remotename opt */
 extern bool    demand;         /* Do dial-on-demand */
 extern char    *ipparam;       /* Extra parameter for ip up/down scripts */