ppp/patches/ppp-2.4.4-auth-fail.patch

diff -Nru ppp-2.4.4.orig/pppd/auth.c ppp-2.4.4/pppd/auth.c
--- ppp-2.4.4.orig/pppd/auth.c	2007-06-14 10:48:44.000000000 +0300
+++ ppp-2.4.4/pppd/auth.c	2007-06-14 10:49:12.000000000 +0300
@@ -260,7 +260,7 @@
 			       struct wordlist **, struct wordlist **,
 			       char *, int));
 static void free_wordlist __P((struct wordlist *));
-static void auth_script __P((char *));
+static void auth_script __P((char *, int));
 static void auth_script_done __P((void *));
 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
 static int  some_ip_ok __P((struct wordlist *));
@@ -683,7 +683,7 @@
 	if (auth_script_state == s_up && auth_script_pid == 0) {
 	    update_link_stats(unit);
 	    auth_script_state = s_down;
-	    auth_script(_PATH_AUTHDOWN);
+	    auth_script(_PATH_AUTHDOWN, 0);
 	}
     }
     if (!doing_multilink) {
@@ -814,7 +814,7 @@
 	auth_state = s_up;
 	if (auth_script_state == s_down && auth_script_pid == 0) {
 	    auth_script_state = s_up;
-	    auth_script(_PATH_AUTHUP);
+	    auth_script(_PATH_AUTHUP, 0);
 	}
     }
 
@@ -913,6 +913,7 @@
      * Authentication failure: take the link down
      */
     status = EXIT_PEER_AUTH_FAILED;
+    auth_script(_PATH_AUTHFAIL, 1);
     lcp_close(unit, "Authentication failed");
 }
 
@@ -991,6 +992,7 @@
      * authentication secrets.
      */
     status = EXIT_AUTH_TOPEER_FAILED;
+    auth_script(_PATH_AUTHFAIL, 1);
     lcp_close(unit, "Failed to authenticate ourselves to peer");
 }
 
@@ -1221,6 +1223,8 @@
     if (user[0] == 0)
 	strlcpy(user, our_name, sizeof(user));
 
+    script_setenv("LOCALNAME", user, 0);
+
     /*
      * If we have a default route, require the peer to authenticate
      * unless the noauth option was given or the real user is root.
@@ -2522,13 +2526,13 @@
     case s_up:
 	if (auth_state == s_down) {
 	    auth_script_state = s_down;
-	    auth_script(_PATH_AUTHDOWN);
+	    auth_script(_PATH_AUTHDOWN, 0);
 	}
 	break;
     case s_down:
 	if (auth_state == s_up) {
 	    auth_script_state = s_up;
-	    auth_script(_PATH_AUTHUP);
+	    auth_script(_PATH_AUTHUP, 0);
 	}
 	break;
     }
@@ -2539,8 +2543,9 @@
  * interface-name peer-name real-user tty speed
  */
 static void
-auth_script(script)
+auth_script(script, wait)
     char *script;
+    int wait;
 {
     char strspeed[32];
     struct passwd *pw;
@@ -2564,5 +2569,8 @@
     argv[5] = strspeed;
     argv[6] = NULL;
 
-    auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
+    if (wait)
+	run_program(script, argv, 0, NULL, NULL, 1);
+    else
+	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
 }
diff -Nru ppp-2.4.4.orig/pppd/pathnames.h ppp-2.4.4/pppd/pathnames.h
--- ppp-2.4.4.orig/pppd/pathnames.h	2005-08-26 02:59:34.000000000 +0300
+++ ppp-2.4.4/pppd/pathnames.h	2007-06-14 10:49:12.000000000 +0300
@@ -27,6 +27,7 @@
 #define _PATH_IPPREUP	 _ROOT_PATH "/etc/ppp/ip-pre-up"
 #define _PATH_AUTHUP	 _ROOT_PATH "/etc/ppp/auth-up"
 #define _PATH_AUTHDOWN	 _ROOT_PATH "/etc/ppp/auth-down"
+#define _PATH_AUTHFAIL	 _ROOT_PATH "/etc/ppp/auth-fail"
 #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
 #define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
 #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
diff -Nru ppp-2.4.4.orig/pppd/pppd.8 ppp-2.4.4/pppd/pppd.8
--- ppp-2.4.4.orig/pppd/pppd.8	2006-06-16 03:01:23.000000000 +0300
+++ ppp-2.4.4/pppd/pppd.8	2007-06-14 10:49:12.000000000 +0300
@@ -1531,8 +1531,8 @@
 Pppd invokes scripts at various stages in its processing which can be
 used to perform site-specific ancillary processing.  These scripts are
 usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script).  The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up,
+and auth-fail scripts).  The scripts are
 executed as root (with the real and effective user-id set to 0), so
 that they can do things such as update routing tables or run
 privileged daemons.  Be careful that the contents of these scripts do
@@ -1560,6 +1560,11 @@
 The authenticated name of the peer.  This is only set if the peer
 authenticates itself.
 .TP
+.B LOCALNAME
+The username passed to the user option of the pppd daemon.  This is
+handy to identify which account was used for authentication purposes
+when multiple accounts are available.
+.TP
 .B SPEED
 The baud rate of the tty device.
 .TP
@@ -1612,6 +1617,11 @@
 /etc/ppp/auth\-up was previously executed.  It is executed in the same
 manner with the same parameters as /etc/ppp/auth\-up.
 .TP
+.B /etc/ppp/auth\-fail
+A program or script which is executed should authentication fail.  pppd
+waits for this script to finish.  It is executed in the same manner, with
+the same parameters as /etc/ppp/auth\-up.
+.TP
 .B /etc/ppp/ip\-pre\-up
 A program or script which is executed just before the ppp network
 interface is brought up.  It is executed with the same parameters as
1	niro	797	diff -Nru ppp-2.4.4.orig/pppd/auth.c ppp-2.4.4/pppd/auth.c
2			--- ppp-2.4.4.orig/pppd/auth.c 2007-06-14 10:48:44.000000000 +0300
3			+++ ppp-2.4.4/pppd/auth.c 2007-06-14 10:49:12.000000000 +0300
4			@@ -260,7 +260,7 @@
5			struct wordlist , struct wordlist ,
6			char *, int));
7			static void free_wordlist __P((struct wordlist *));
8			-static void auth_script __P((char *));
9			+static void auth_script __P((char *, int));
10			static void auth_script_done __P((void *));
11			static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));
12			static int some_ip_ok __P((struct wordlist *));
13			@@ -683,7 +683,7 @@
14			if (auth_script_state == s_up && auth_script_pid == 0) {
15			update_link_stats(unit);
16			auth_script_state = s_down;
17			- auth_script(_PATH_AUTHDOWN);
18			+ auth_script(_PATH_AUTHDOWN, 0);
19			}
20			}
21			if (!doing_multilink) {
22			@@ -814,7 +814,7 @@
23			auth_state = s_up;
24			if (auth_script_state == s_down && auth_script_pid == 0) {
25			auth_script_state = s_up;
26			- auth_script(_PATH_AUTHUP);
27			+ auth_script(_PATH_AUTHUP, 0);
28			}
29			}
30
31			@@ -913,6 +913,7 @@
32			* Authentication failure: take the link down
33			*/
34			status = EXIT_PEER_AUTH_FAILED;
35			+ auth_script(_PATH_AUTHFAIL, 1);
36			lcp_close(unit, "Authentication failed");
37			}
38
39			@@ -991,6 +992,7 @@
40			* authentication secrets.
41			*/
42			status = EXIT_AUTH_TOPEER_FAILED;
43			+ auth_script(_PATH_AUTHFAIL, 1);
44			lcp_close(unit, "Failed to authenticate ourselves to peer");
45			}
46
47			@@ -1221,6 +1223,8 @@
48			if (user[0] == 0)
49			strlcpy(user, our_name, sizeof(user));
50
51			+ script_setenv("LOCALNAME", user, 0);
52			+
53			/*
54			* If we have a default route, require the peer to authenticate
55			* unless the noauth option was given or the real user is root.
56			@@ -2522,13 +2526,13 @@
57			case s_up:
58			if (auth_state == s_down) {
59			auth_script_state = s_down;
60			- auth_script(_PATH_AUTHDOWN);
61			+ auth_script(_PATH_AUTHDOWN, 0);
62			}
63			break;
64			case s_down:
65			if (auth_state == s_up) {
66			auth_script_state = s_up;
67			- auth_script(_PATH_AUTHUP);
68			+ auth_script(_PATH_AUTHUP, 0);
69			}
70			break;
71			}
72			@@ -2539,8 +2543,9 @@
73			* interface-name peer-name real-user tty speed
74			*/
75			static void
76			-auth_script(script)
77			+auth_script(script, wait)
78			char *script;
79			+ int wait;
80			{
81			char strspeed[32];
82			struct passwd *pw;
83			@@ -2564,5 +2569,8 @@
84			argv[5] = strspeed;
85			argv[6] = NULL;
86
87			- auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
88			+ if (wait)
89			+ run_program(script, argv, 0, NULL, NULL, 1);
90			+ else
91			+ auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
92			}
93			diff -Nru ppp-2.4.4.orig/pppd/pathnames.h ppp-2.4.4/pppd/pathnames.h
94			--- ppp-2.4.4.orig/pppd/pathnames.h 2005-08-26 02:59:34.000000000 +0300
95			+++ ppp-2.4.4/pppd/pathnames.h 2007-06-14 10:49:12.000000000 +0300
96			@@ -27,6 +27,7 @@
97			#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
98			#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
99			#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
100			+#define _PATH_AUTHFAIL _ROOT_PATH "/etc/ppp/auth-fail"
101			#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
102			#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
103			#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
104			diff -Nru ppp-2.4.4.orig/pppd/pppd.8 ppp-2.4.4/pppd/pppd.8
105			--- ppp-2.4.4.orig/pppd/pppd.8 2006-06-16 03:01:23.000000000 +0300
106			+++ ppp-2.4.4/pppd/pppd.8 2007-06-14 10:49:12.000000000 +0300
107			@@ -1531,8 +1531,8 @@
108			Pppd invokes scripts at various stages in its processing which can be
109			used to perform site-specific ancillary processing. These scripts are
110			usually shell scripts, but could be executable code files instead.
111			-Pppd does not wait for the scripts to finish (except for the ip-pre-up
112			-script). The scripts are
113			+Pppd does not wait for the scripts to finish (except for the ip-pre-up,
114			+and auth-fail scripts). The scripts are
115			executed as root (with the real and effective user-id set to 0), so
116			that they can do things such as update routing tables or run
117			privileged daemons. Be careful that the contents of these scripts do
118			@@ -1560,6 +1560,11 @@
119			The authenticated name of the peer. This is only set if the peer
120			authenticates itself.
121			.TP
122			+.B LOCALNAME
123			+The username passed to the user option of the pppd daemon. This is
124			+handy to identify which account was used for authentication purposes
125			+when multiple accounts are available.
126			+.TP
127			.B SPEED
128			The baud rate of the tty device.
129			.TP
130			@@ -1612,6 +1617,11 @@
131			/etc/ppp/auth\-up was previously executed. It is executed in the same
132			manner with the same parameters as /etc/ppp/auth\-up.
133			.TP
134			+.B /etc/ppp/auth\-fail
135			+A program or script which is executed should authentication fail. pppd
136			+waits for this script to finish. It is executed in the same manner, with
137			+the same parameters as /etc/ppp/auth\-up.
138			+.TP
139			.B /etc/ppp/ip\-pre\-up
140			A program or script which is executed just before the ppp network
141			interface is brought up. It is executed with the same parameters as