diff -U4 -r ppp-2.4.4/pppd/auth.c ppp-2.4.4+altname/pppd/auth.c --- ppp-2.4.4/pppd/auth.c 2006-06-18 12:26:00.000000000 +0100 +++ ppp-2.4.4+altname/pppd/auth.c 2009-10-31 19:40:10.000000000 +0000 @@ -357,15 +357,22 @@ { "name", o_string, our_name, "Set local name for authentication", OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, + { "altname", o_string, our_name2, + "Set alternative local name for authentication", + OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, + { "+ua", o_special, (void *)setupapfile, "Get PAP user and password from file", OPT_PRIO | OPT_A2STRVAL, &uafname }, { "user", o_string, user, "Set name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN }, + { "altuser", o_string, user2, + "Set alternative name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN }, + { "password", o_string, passwd, "Password for authenticating us to the peer", OPT_PRIO | OPT_STATIC | OPT_HIDE, NULL, MAXSECRETLEN }, @@ -450,9 +457,9 @@ l = strlen(p); if (l > 0 && p[l-1] == '\n') p[l-1] = 0; - if (override_value("user", option_priority, fname)) + if (override_value("user", option_priority, fname)) strlcpy(user, u, sizeof(user)); if (override_value("passwd", option_priority, fname)) strlcpy(passwd, p, sizeof(passwd)); @@ -758,33 +765,34 @@ } } new_phase(PHASE_AUTHENTICATE); + script_setenv("AUTHNAME", use_altname ? our_name2 : our_name, 0); used_login = 0; auth = 0; if (go->neg_eap) { - eap_authpeer(unit, our_name); + eap_authpeer(unit, use_altname ? our_name2 : our_name); auth |= EAP_PEER; } else if (go->neg_chap) { - chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); + chap_auth_peer(unit, use_altname ? our_name2 : our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; } else if (go->neg_upap) { upap_authpeer(unit); auth |= PAP_PEER; } if (ho->neg_eap) { - eap_authwithpeer(unit, user); + eap_authwithpeer(unit, use_altname ? user2 : user); auth |= EAP_WITHPEER; } else if (ho->neg_chap) { - chap_auth_with_peer(unit, user, CHAP_DIGEST(ho->chap_mdtype)); + chap_auth_with_peer(unit, use_altname ? user2 : user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { if (passwd[0] == 0) { passwd_from_file = 1; if (!get_pap_passwd(passwd)) error("No secret found for PAP login"); } - upap_authwithpeer(unit, user, passwd); + upap_authwithpeer(unit, use_altname ? user2 : user, passwd); auth |= PAP_WITHPEER; } auth_pending[unit] = auth; auth_done[unit] = 0; @@ -1231,8 +1239,11 @@ auth_required = 1; default_auth = 1; } + if (user2[0] == 0) + strlcpy(user2, our_name2, sizeof(user2)); + /* If we selected any CHAP flavors, we should probably negotiate it. :-) */ if (wo->chap_mdtype) wo->neg_chap = 1; @@ -1261,12 +1272,18 @@ can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); if (!can_auth && (wo->neg_chap || wo->neg_eap)) { can_auth = have_chap_secret((explicit_remote? remote_name: NULL), our_name, 1, &lacks_ip); + if (our_name2[0] != 0) + can_auth = can_auth && have_chap_secret((explicit_remote? remote_name: NULL), + our_name2, 1, &lacks_ip); } if (!can_auth && wo->neg_eap) { can_auth = have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, &lacks_ip); + if (our_name2[0] != 0) + can_auth = can_auth && have_srp_secret((explicit_remote? remote_name: NULL), + our_name2, 1, &lacks_ip); } if (auth_required && !can_auth && noauth_addrs == NULL) { if (default_auth) { @@ -1315,29 +1332,29 @@ hadchap = -1; ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); ao->neg_chap = (!refuse_chap || !refuse_mschap || !refuse_mschap_v2) && (passwd[0] != 0 || - (hadchap = have_chap_secret(user, (explicit_remote? remote_name: + (hadchap = have_chap_secret(use_altname ? user2 : user, (explicit_remote? remote_name: NULL), 0, NULL))); ao->neg_eap = !refuse_eap && ( passwd[0] != 0 || - (hadchap == 1 || (hadchap == -1 && have_chap_secret(user, + (hadchap == 1 || (hadchap == -1 && have_chap_secret(use_altname ? user2 : user, (explicit_remote? remote_name: NULL), 0, NULL))) || - have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)); + have_srp_secret(use_altname ? user2 : user, (explicit_remote? remote_name: NULL), 0, NULL)); hadchap = -1; if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) go->neg_upap = 0; if (go->neg_chap) { if (!(hadchap = have_chap_secret((explicit_remote? remote_name: NULL), - our_name, 1, NULL))) + use_altname ? our_name2 : our_name, 1, NULL))) go->neg_chap = 0; } if (go->neg_eap && (hadchap == 0 || (hadchap == -1 && - !have_chap_secret((explicit_remote? remote_name: NULL), our_name, + !have_chap_secret((explicit_remote? remote_name: NULL), use_altname ? our_name2 : our_name, 1, NULL))) && - !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, + !have_srp_secret((explicit_remote? remote_name: NULL), use_altname ? our_name2 : our_name, 1, NULL)) go->neg_eap = 0; } @@ -1409,9 +1426,9 @@ error("Can't open PAP password file %s: %m", filename); } else { check_access(f, filename); - if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename, 0) < 0) { + if (scan_authfile(f, user, use_altname ? our_name2 : our_name, secret, &addrs, &opts, filename, 0) < 0) { warn("no PAP secret found for %s", user); } else { /* * If the secret is "@login", it means to check @@ -1725,9 +1742,9 @@ if (f == NULL) return 0; check_access(f, filename); - i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename, 0); + i = scan_authfile(f, "", use_altname ? our_name2 : our_name, secret, &addrs, &opts, filename, 0); ret = i >= 0 && secret[0] == 0; BZERO(secret, sizeof(secret)); fclose(f); } @@ -1761,9 +1778,9 @@ /* * Check whether a plugin wants to supply this. */ if (pap_passwd_hook) { - ret = (*pap_passwd_hook)(user, passwd); + ret = (*pap_passwd_hook)(use_altname ? user2 : user, passwd); if (ret >= 0) return ret; } @@ -1771,9 +1788,9 @@ f = fopen(filename, "r"); if (f == NULL) return 0; check_access(f, filename); - ret = scan_authfile(f, user, + ret = scan_authfile(f, use_altname ? user2 : user, (remote_name[0]? remote_name: NULL), secret, NULL, NULL, filename, 0); fclose(f); if (ret < 0) @@ -1809,9 +1826,9 @@ f = fopen(filename, "r"); if (f == NULL) return 0; - ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, + ret = scan_authfile(f, (explicit_remote? remote_name: NULL), use_altname ? our_name2 : our_name, NULL, &addrs, NULL, filename, 0); fclose(f); if (ret >= 0 && !some_ip_ok(addrs)) { if (lacks_ipp != 0) diff -U4 -r ppp-2.4.4/pppd/main.c ppp-2.4.4+altname/pppd/main.c --- ppp-2.4.4/pppd/main.c 2006-06-04 04:52:50.000000000 +0100 +++ ppp-2.4.4+altname/pppd/main.c 2009-06-29 18:42:52.000000000 +0100 @@ -177,8 +177,9 @@ int listen_time; int got_sigusr2; int got_sigterm; int got_sighup; +int got_sigrtmin; static sigset_t signals_handled; static int waiting; static sigjmp_buf sigjmp; @@ -259,8 +260,10 @@ extern char *ttyname __P((int)); extern char *getlogin __P((void)); int main __P((int, char *[])); +static void toggle_user __P((int)); + #ifdef ultrix #undef O_NONBLOCK #define O_NONBLOCK O_NDELAY #endif @@ -609,9 +612,9 @@ kill_link = open_ccp_flag = 0; if (sigsetjmp(sigjmp, 1) == 0) { sigprocmask(SIG_BLOCK, &signals_handled, NULL); - if (got_sighup || got_sigterm || got_sigusr2 || got_sigchld) { + if (got_sighup || got_sigterm || got_sigusr2 || got_sigchld || got_sigrtmin) { sigprocmask(SIG_UNBLOCK, &signals_handled, NULL); } else { waiting = 1; sigprocmask(SIG_UNBLOCK, &signals_handled, NULL); @@ -642,8 +645,15 @@ if (got_sigusr2) { open_ccp_flag = 1; got_sigusr2 = 0; } + if (got_sigrtmin) { + got_sigrtmin = 0; + if (use_altname) + info("Using alternative name"); + else + info("Using primary name"); + } } /* * setup_signals - initialize signal handling. @@ -663,8 +673,9 @@ sigaddset(&signals_handled, SIGINT); sigaddset(&signals_handled, SIGTERM); sigaddset(&signals_handled, SIGCHLD); sigaddset(&signals_handled, SIGUSR2); + sigaddset(&signals_handled, SIGRTMIN); #define SIGNAL(s, handler) do { \ sa.sa_handler = handler; \ if (sigaction(s, &sa, NULL) < 0) \ @@ -679,8 +690,9 @@ SIGNAL(SIGCHLD, chld); SIGNAL(SIGUSR1, toggle_debug); /* Toggle debug flag */ SIGNAL(SIGUSR2, open_ccp); /* Reopen CCP */ + SIGNAL(SIGRTMIN, toggle_user); /* Username toggling */ /* * Install a handler for other signals which would otherwise * cause pppd to exit without cleaning up. @@ -1495,8 +1507,18 @@ siglongjmp(sigjmp, 1); } +static void +toggle_user(sig) + int sig; +{ + got_sigrtmin = 1; + use_altname = !use_altname; +} + + + /* * bad_signal - We've caught a fatal signal. Clean up state and exit. */ static void diff -U4 -r ppp-2.4.4/pppd/options.c ppp-2.4.4+altname/pppd/options.c --- ppp-2.4.4/pppd/options.c 2006-06-18 12:26:00.000000000 +0100 +++ ppp-2.4.4+altname/pppd/options.c 2009-10-31 19:38:13.000000000 +0000 @@ -125,8 +125,11 @@ int maxoctets_dir = 0; /* default - sum of traffic */ int maxoctets_timeout = 1; /* default 1 second */ #endif +char our_name2[MAXNAMELEN]; +char user2[MAXNAMELEN]; +int use_altname = 0; extern option_t auth_options[]; extern struct stat devstat; diff -U4 -r ppp-2.4.4/pppd/pppd.h ppp-2.4.4+altname/pppd/pppd.h --- ppp-2.4.4/pppd/pppd.h 2005-08-26 00:59:34.000000000 +0100 +++ ppp-2.4.4+altname/pppd/pppd.h 2009-10-31 19:38:35.000000000 +0000 @@ -288,13 +288,16 @@ extern char *welcomer; /* Script to welcome client after connection */ extern char *ptycommand; /* Command to run on other side of pty */ extern int maxconnect; /* Maximum connect time (seconds) */ extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */ +extern char user2[MAXNAMELEN];/* Our name for authenticating ourselves */ extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */ extern bool auth_required; /* Peer is required to authenticate */ extern bool persist; /* Reopen link after it goes down */ extern bool uselogin; /* Use /etc/passwd for checking PAP */ extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */ +extern char our_name2[MAXNAMELEN];/* Our name for authentication purposes */ +extern int use_altname; extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ extern bool explicit_remote;/* remote_name specified with remotename opt */ extern bool demand; /* Do dial-on-demand */ extern char *ipparam; /* Extra parameter for ip up/down scripts */