ppp/patches/ppp-2.4.4-auth-fail.patch

diff -Nru ppp-2.4.4.orig/pppd/auth.c ppp-2.4.4/pppd/auth.c
--- ppp-2.4.4.orig/pppd/auth.c	2007-06-14 10:48:44.000000000 +0300
+++ ppp-2.4.4/pppd/auth.c	2007-06-14 10:49:12.000000000 +0300
@@ -260,7 +260,7 @@
 			       struct wordlist **, struct wordlist **,
 			       char *, int));
 static void free_wordlist __P((struct wordlist *));
-static void auth_script __P((char *));
+static void auth_script __P((char *, int));
 static void auth_script_done __P((void *));
 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
 static int  some_ip_ok __P((struct wordlist *));
@@ -683,7 +683,7 @@
 	if (auth_script_state == s_up && auth_script_pid == 0) {
 	    update_link_stats(unit);
 	    auth_script_state = s_down;
-	    auth_script(_PATH_AUTHDOWN);
+	    auth_script(_PATH_AUTHDOWN, 0);
 	}
     }
     if (!doing_multilink) {
@@ -814,7 +814,7 @@
 	auth_state = s_up;
 	if (auth_script_state == s_down && auth_script_pid == 0) {
 	    auth_script_state = s_up;
-	    auth_script(_PATH_AUTHUP);
+	    auth_script(_PATH_AUTHUP, 0);
 	}
     }
 
@@ -913,6 +913,7 @@
      * Authentication failure: take the link down
      */
     status = EXIT_PEER_AUTH_FAILED;
+    auth_script(_PATH_AUTHFAIL, 1);
     lcp_close(unit, "Authentication failed");
 }
 
@@ -991,6 +992,7 @@
      * authentication secrets.
      */
     status = EXIT_AUTH_TOPEER_FAILED;
+    auth_script(_PATH_AUTHFAIL, 1);
     lcp_close(unit, "Failed to authenticate ourselves to peer");
 }
 
@@ -1221,6 +1223,8 @@
     if (user[0] == 0)
 	strlcpy(user, our_name, sizeof(user));
 
+    script_setenv("LOCALNAME", user, 0);
+
     /*
      * If we have a default route, require the peer to authenticate
      * unless the noauth option was given or the real user is root.
@@ -2522,13 +2526,13 @@
     case s_up:
 	if (auth_state == s_down) {
 	    auth_script_state = s_down;
-	    auth_script(_PATH_AUTHDOWN);
+	    auth_script(_PATH_AUTHDOWN, 0);
 	}
 	break;
     case s_down:
 	if (auth_state == s_up) {
 	    auth_script_state = s_up;
-	    auth_script(_PATH_AUTHUP);
+	    auth_script(_PATH_AUTHUP, 0);
 	}
 	break;
     }
@@ -2539,8 +2543,9 @@
  * interface-name peer-name real-user tty speed
  */
 static void
-auth_script(script)
+auth_script(script, wait)
     char *script;
+    int wait;
 {
     char strspeed[32];
     struct passwd *pw;
@@ -2564,5 +2569,8 @@
     argv[5] = strspeed;
     argv[6] = NULL;
 
-    auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
+    if (wait)
+	run_program(script, argv, 0, NULL, NULL, 1);
+    else
+	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
 }
diff -Nru ppp-2.4.4.orig/pppd/pathnames.h ppp-2.4.4/pppd/pathnames.h
--- ppp-2.4.4.orig/pppd/pathnames.h	2005-08-26 02:59:34.000000000 +0300
+++ ppp-2.4.4/pppd/pathnames.h	2007-06-14 10:49:12.000000000 +0300
@@ -27,6 +27,7 @@
 #define _PATH_IPPREUP	 _ROOT_PATH "/etc/ppp/ip-pre-up"
 #define _PATH_AUTHUP	 _ROOT_PATH "/etc/ppp/auth-up"
 #define _PATH_AUTHDOWN	 _ROOT_PATH "/etc/ppp/auth-down"
+#define _PATH_AUTHFAIL	 _ROOT_PATH "/etc/ppp/auth-fail"
 #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
 #define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
 #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
diff -Nru ppp-2.4.4.orig/pppd/pppd.8 ppp-2.4.4/pppd/pppd.8
--- ppp-2.4.4.orig/pppd/pppd.8	2006-06-16 03:01:23.000000000 +0300
+++ ppp-2.4.4/pppd/pppd.8	2007-06-14 10:49:12.000000000 +0300
@@ -1531,8 +1531,8 @@
 Pppd invokes scripts at various stages in its processing which can be
 used to perform site-specific ancillary processing.  These scripts are
 usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script).  The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up,
+and auth-fail scripts).  The scripts are
 executed as root (with the real and effective user-id set to 0), so
 that they can do things such as update routing tables or run
 privileged daemons.  Be careful that the contents of these scripts do
@@ -1560,6 +1560,11 @@
 The authenticated name of the peer.  This is only set if the peer
 authenticates itself.
 .TP
+.B LOCALNAME
+The username passed to the user option of the pppd daemon.  This is
+handy to identify which account was used for authentication purposes
+when multiple accounts are available.
+.TP
 .B SPEED
 The baud rate of the tty device.
 .TP
@@ -1612,6 +1617,11 @@
 /etc/ppp/auth\-up was previously executed.  It is executed in the same
 manner with the same parameters as /etc/ppp/auth\-up.
 .TP
+.B /etc/ppp/auth\-fail
+A program or script which is executed should authentication fail.  pppd
+waits for this script to finish.  It is executed in the same manner, with
+the same parameters as /etc/ppp/auth\-up.
+.TP
 .B /etc/ppp/ip\-pre\-up
 A program or script which is executed just before the ppp network
 interface is brought up.  It is executed with the same parameters as
1	diff -Nru ppp-2.4.4.orig/pppd/auth.c ppp-2.4.4/pppd/auth.c
2	--- ppp-2.4.4.orig/pppd/auth.c 2007-06-14 10:48:44.000000000 +0300
3	+++ ppp-2.4.4/pppd/auth.c 2007-06-14 10:49:12.000000000 +0300
4	@@ -260,7 +260,7 @@
5	struct wordlist , struct wordlist ,
6	char *, int));
7	static void free_wordlist __P((struct wordlist *));
8	-static void auth_script __P((char *));
9	+static void auth_script __P((char *, int));
10	static void auth_script_done __P((void *));
11	static void set_allowed_addrs __P((int, struct wordlist , struct wordlist ));
12	static int some_ip_ok __P((struct wordlist *));
13	@@ -683,7 +683,7 @@
14	if (auth_script_state == s_up && auth_script_pid == 0) {
15	update_link_stats(unit);
16	auth_script_state = s_down;
17	- auth_script(_PATH_AUTHDOWN);
18	+ auth_script(_PATH_AUTHDOWN, 0);
19	}
20	}
21	if (!doing_multilink) {
22	@@ -814,7 +814,7 @@
23	auth_state = s_up;
24	if (auth_script_state == s_down && auth_script_pid == 0) {
25	auth_script_state = s_up;
26	- auth_script(_PATH_AUTHUP);
27	+ auth_script(_PATH_AUTHUP, 0);
28	}
29	}
30
31	@@ -913,6 +913,7 @@
32	* Authentication failure: take the link down
33	*/
34	status = EXIT_PEER_AUTH_FAILED;
35	+ auth_script(_PATH_AUTHFAIL, 1);
36	lcp_close(unit, "Authentication failed");
37	}
38
39	@@ -991,6 +992,7 @@
40	* authentication secrets.
41	*/
42	status = EXIT_AUTH_TOPEER_FAILED;
43	+ auth_script(_PATH_AUTHFAIL, 1);
44	lcp_close(unit, "Failed to authenticate ourselves to peer");
45	}
46
47	@@ -1221,6 +1223,8 @@
48	if (user[0] == 0)
49	strlcpy(user, our_name, sizeof(user));
50
51	+ script_setenv("LOCALNAME", user, 0);
52	+
53	/*
54	* If we have a default route, require the peer to authenticate
55	* unless the noauth option was given or the real user is root.
56	@@ -2522,13 +2526,13 @@
57	case s_up:
58	if (auth_state == s_down) {
59	auth_script_state = s_down;
60	- auth_script(_PATH_AUTHDOWN);
61	+ auth_script(_PATH_AUTHDOWN, 0);
62	}
63	break;
64	case s_down:
65	if (auth_state == s_up) {
66	auth_script_state = s_up;
67	- auth_script(_PATH_AUTHUP);
68	+ auth_script(_PATH_AUTHUP, 0);
69	}
70	break;
71	}
72	@@ -2539,8 +2543,9 @@
73	* interface-name peer-name real-user tty speed
74	*/
75	static void
76	-auth_script(script)
77	+auth_script(script, wait)
78	char *script;
79	+ int wait;
80	{
81	char strspeed[32];
82	struct passwd *pw;
83	@@ -2564,5 +2569,8 @@
84	argv[5] = strspeed;
85	argv[6] = NULL;
86
87	- auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
88	+ if (wait)
89	+ run_program(script, argv, 0, NULL, NULL, 1);
90	+ else
91	+ auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
92	}
93	diff -Nru ppp-2.4.4.orig/pppd/pathnames.h ppp-2.4.4/pppd/pathnames.h
94	--- ppp-2.4.4.orig/pppd/pathnames.h 2005-08-26 02:59:34.000000000 +0300
95	+++ ppp-2.4.4/pppd/pathnames.h 2007-06-14 10:49:12.000000000 +0300
96	@@ -27,6 +27,7 @@
97	#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
98	#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
99	#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
100	+#define _PATH_AUTHFAIL _ROOT_PATH "/etc/ppp/auth-fail"
101	#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
102	#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
103	#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
104	diff -Nru ppp-2.4.4.orig/pppd/pppd.8 ppp-2.4.4/pppd/pppd.8
105	--- ppp-2.4.4.orig/pppd/pppd.8 2006-06-16 03:01:23.000000000 +0300
106	+++ ppp-2.4.4/pppd/pppd.8 2007-06-14 10:49:12.000000000 +0300
107	@@ -1531,8 +1531,8 @@
108	Pppd invokes scripts at various stages in its processing which can be
109	used to perform site-specific ancillary processing. These scripts are
110	usually shell scripts, but could be executable code files instead.
111	-Pppd does not wait for the scripts to finish (except for the ip-pre-up
112	-script). The scripts are
113	+Pppd does not wait for the scripts to finish (except for the ip-pre-up,
114	+and auth-fail scripts). The scripts are
115	executed as root (with the real and effective user-id set to 0), so
116	that they can do things such as update routing tables or run
117	privileged daemons. Be careful that the contents of these scripts do
118	@@ -1560,6 +1560,11 @@
119	The authenticated name of the peer. This is only set if the peer
120	authenticates itself.
121	.TP
122	+.B LOCALNAME
123	+The username passed to the user option of the pppd daemon. This is
124	+handy to identify which account was used for authentication purposes
125	+when multiple accounts are available.
126	+.TP
127	.B SPEED
128	The baud rate of the tty device.
129	.TP
130	@@ -1612,6 +1617,11 @@
131	/etc/ppp/auth\-up was previously executed. It is executed in the same
132	manner with the same parameters as /etc/ppp/auth\-up.
133	.TP
134	+.B /etc/ppp/auth\-fail
135	+A program or script which is executed should authentication fail. pppd
136	+waits for this script to finish. It is executed in the same manner, with
137	+the same parameters as /etc/ppp/auth\-up.
138	+.TP
139	.B /etc/ppp/ip\-pre\-up
140	A program or script which is executed just before the ppp network
141	interface is brought up. It is executed with the same parameters as