$NetBSD: patch-bb,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $

--- pppd/auth.c.orig2	Sat Sep 25 12:36:32 1999
+++ pppd/auth.c	Sat Sep 25 12:48:02 1999
@@ -74,8 +74,16 @@
 #ifdef CBCP_SUPPORT
 #include "cbcp.h"
 #endif
+#ifdef CHAPMS
+#include "chap_ms.h"
+#endif
 #include "pathnames.h"
 
+#ifdef DYNAMIC
+#define _PATH_DYNAMIC "/etc/ppp/getaddr"
+#endif
+static char xuser[MAXNAMELEN];
+
 static const char rcsid[] = RCSID;
 
 /* Bits in scan_authfile return value */
@@ -108,6 +116,11 @@
 /* Set if we got the contents of passwd[] from the pap-secrets file. */
 static int passwd_from_file;
 
+#ifdef CBCP_SUPPORT
+/* Set if we have done call-back sequences. */
+static int did_callback;
+#endif
+
 /*
  * This is used to ensure that we don't start an auth-up/down
  * script while one is already running.
@@ -144,7 +157,7 @@
 
 /* Prototypes for procedures local to this file. */
 
-static void network_phase __P((int));
+void network_phase __P((int));
 static void check_idle __P((void *));
 static void connect_time_expired __P((void *));
 static int  plogin __P((char *, char *, char **, int *));
@@ -177,14 +190,36 @@
       "Don't agree to auth to peer with PAP", 1 },
     { "-pap", o_bool, &refuse_pap,
       "Don't allow PAP authentication with peer", 1 },
-    { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
-      "Require CHAP authentication from peer", 1, &auth_required },
-    { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
-      "Require CHAP authentication from peer", 1, &auth_required },
+    { "require-chap", o_special_noarg, reqchap,
+      "Require CHAP authentication from peer" },
+    { "+chap", o_special_noarg, reqchap,
+      "Require CHAP authentication from peer" },
     { "refuse-chap", o_bool, &refuse_chap,
       "Don't agree to auth to peer with CHAP", 1 },
     { "-chap", o_bool, &refuse_chap,
       "Don't allow CHAP authentication with peer", 1 },
+    { "refuse-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
+      "Don't allow md5-digest style CHAP", 0 },
+    { "-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
+      "Don't allow md5-digest style CHAP", 0 },
+#ifdef CHAPMS
+    { "require-chapms", o_special_noarg, reqchapms,
+      "Require MSCHAP (v1) authentication" },
+    { "+chapms", o_special_noarg, reqchapms,
+      "Require MSCHAP (v1) authentication" },
+    { "refuse-chapms", o_special_noarg, nochapms,
+      "Refuse MSCHAP (v1) authentication" },
+    { "-chapms", o_special_noarg, nochapms,
+      "Refuse MSCHAP (v1) authentication" },
+    { "require-chapms-v2", o_special_noarg, reqchapms_v2,
+      "Require MSCHAP-v2 authentication" },
+    { "+chapms-v2", o_special_noarg, reqchapms_v2,
+      "Require MSCHAP-v2 authentication" },
+    { "refuse-chapms-v2", o_special_noarg, nochapms_v2,
+      "Refuse MSCHAP-v2 authentication" },
+    { "-chapms-v2", o_special_noarg, nochapms_v2,
+      "Refuse MSCHAP-v2 authentication" },
+#endif
     { "name", o_string, our_name,
       "Set local name for authentication",
       OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
@@ -402,11 +437,14 @@
 /*
  * Proceed to the network phase.
  */
-static void
+void
 network_phase(unit)
     int unit;
 {
     lcp_options *go = &lcp_gotoptions[unit];
+#ifdef CBCP_SUPPORT
+    lcp_options *ho = &lcp_hisoptions[unit];
+#endif
 
     /*
      * If the peer had to authenticate, run the auth-up script now.
@@ -423,8 +461,9 @@
     /*
      * If we negotiated callback, do it now.
      */
-    if (go->neg_cbcp) {
+    if ((go->neg_cbcp || ho->neg_cbcp) && !did_callback) {
 	phase = PHASE_CALLBACK;
+	did_callback = 1;
 	(*cbcp_protent.open)(unit);
 	return;
     }
@@ -510,6 +549,8 @@
 	namelen = sizeof(peer_authname) - 1;
     BCOPY(name, peer_authname, namelen);
     peer_authname[namelen] = 0;
+    BCOPY(name, xuser, namelen);
+    xuser[namelen] = 0;
     script_setenv("PEERNAME", peer_authname);
 
     /*
@@ -1291,6 +1332,61 @@
 
     return 1;
 }
+
+#ifdef DYNAMIC
+/*
+ * get_ip_addr_dynamic - scans dynamic-givable address space for
+ * most recently used address for given user.
+ */
+int
+get_ip_addr_dynamic(unit, addr)
+    int unit;
+    u_int32_t *addr;
+{
+    u_int32_t a;
+    struct wordlist *addrs;
+    FILE *fd;
+    int dfd;
+    char command[256];
+    char mypid[40], *s;
+    char address[50];
+    u_int32_t mask;
+    
+    if ((addrs = addresses[unit]) == NULL)
+	return 0;		/* no restriction */
+
+    fd = (FILE *)NULL;
+    for(; addrs != NULL; addrs = addrs->next) {
+	if(strcmp(addrs->word, "*") != 0)
+	    continue;
+	sprintf(mypid, "/var/tmp/ppp_dynamic.%d", getpid());
+	sprintf(command, "%s %s %s %s", _PATH_DYNAMIC, xuser, devnam, mypid);
+	dfd = open("/dev/null", O_RDWR);
+	device_script(command, dfd, dfd);
+	close(dfd);
+	fd = fopen(mypid, "r");
+	if(fd == (FILE *)NULL)
+	  break;
+	if(fgets(address, sizeof(address), fd) == (char *)NULL)
+	  break;
+	if((s = strchr(address, '\n')) != (char *)NULL)
+	  *s = '\0';
+	a = inet_addr(address);
+	if(a == -1L)
+	  break;
+	fclose(fd);
+	unlink(mypid);
+	*addr = a;
+	return 1;
+    }
+    if(fd != (FILE *)NULL)
+    {
+      fclose(fd);
+      unlink(mypid);
+    }
+    return 0;
+}
+#endif
 
 /*
  * set_allowed_addrs() - set the list of allowed addresses.
