From dd8d9f6ab1fea789af92e1b7e406f061599739eb Mon Sep 17 00:00:00 2001
From: Tomas Paukrt <tomaspaukrt@email.cz>
Date: Tue, 3 Sep 2024 08:08:08 +0200
Subject: [PATCH] pppd: Add pap-secrets and chap-secrets options

These options allow a user to specify paths to pap-secrets and chap-secrets files,
which is necessary when running multiple instances of pppd that may use the same
username but with different passwords (e.g. running multiple PPTP tunnels).

Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
---
 pppd/auth.c         | 23 +++++++++++++++++------
 pppd/main.c         |  3 +++
 pppd/pppd-private.h |  2 ++
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/pppd/auth.c b/pppd/auth.c
index fec815e6c..aabab1771 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -83,6 +83,7 @@
 #include <grp.h>
 #include <string.h>
 #include <strings.h>
+#include <sys/param.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -253,6 +254,8 @@ bool explicit_remote = 0;	/* User specified explicit remote name */
 bool explicit_user = 0;		/* Set if "user" option supplied */
 bool explicit_passwd = 0;	/* Set if "password" option supplied */
 char remote_name[MAXNAMELEN];	/* Peer's name for authentication */
+char path_upapfile[MAXPATHLEN];	/* Pathname of pap-secrets file */
+char path_chapfile[MAXPATHLEN];	/* Pathname of chap-secrets file */
 
 #if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
 char *cacert_file  = NULL;  /* CA certificate file (pem format) */
@@ -417,6 +420,14 @@ struct option auth_options[] = {
       "Set remote name for authentication", OPT_PRIO | OPT_STATIC,
       &explicit_remote, MAXNAMELEN },
 
+    { "pap-secrets", o_string, path_upapfile,
+      "Set pathname of pap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+      NULL, MAXPATHLEN },
+
+    { "chap-secrets", o_string, path_chapfile,
+      "Set pathname of chap-secrets", OPT_PRIO | OPT_PRIV | OPT_STATIC,
+      NULL, MAXPATHLEN },
+
     { "login", o_bool, &uselogin,
       "Use system password database for PAP", OPT_A2COPY | 1 ,
       &session_mgmt },
@@ -1538,7 +1549,7 @@ check_passwd(int unit,
      * Open the file of pap secrets and scan for a suitable secret
      * for authenticating this user.
      */
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     addrs = opts = NULL;
     ret = UPAP_AUTHNAK;
     f = fopen(filename, "r");
@@ -1639,7 +1650,7 @@ null_login(int unit)
      * Open the file of pap secrets and scan for a suitable secret.
      */
     if (ret <= 0) {
-	filename = PPP_PATH_UPAPFILE;
+	filename = path_upapfile;
 	addrs = NULL;
 	f = fopen(filename, "r");
 	if (f == NULL)
@@ -1686,7 +1697,7 @@ get_pap_passwd(char *passwd)
 	    return ret;
     }
 
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     f = fopen(filename, "r");
     if (f == NULL)
 	return 0;
@@ -1723,7 +1734,7 @@ have_pap_secret(int *lacks_ipp)
 	    return ret;
     }
 
-    filename = PPP_PATH_UPAPFILE;
+    filename = path_upapfile;
     f = fopen(filename, "r");
     if (f == NULL)
 	return 0;
@@ -1765,7 +1776,7 @@ have_chap_secret(char *client, char *server,
 	}
     }
 
-    filename = PPP_PATH_CHAPFILE;
+    filename = path_chapfile;
     f = fopen(filename, "r");
     if (f == NULL)
 	return 0;
@@ -1851,7 +1862,7 @@ get_secret(int unit, char *client, char *server,
 	    return 0;
 	}
     } else {
-	filename = PPP_PATH_CHAPFILE;
+	filename = path_chapfile;
 	addrs = NULL;
 	secbuf[0] = 0;
 
diff --git a/pppd/main.c b/pppd/main.c
index d62e60301..1b57e6603 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -363,6 +363,9 @@ main(int argc, char *argv[])
     struct protent *protp;
     char numbuf[16];
 
+    strlcpy(path_upapfile, PPP_PATH_UPAPFILE, MAXPATHLEN);
+    strlcpy(path_chapfile, PPP_PATH_CHAPFILE, MAXPATHLEN);
+
     strlcpy(path_ipup, PPP_PATH_IPUP, MAXPATHLEN);
     strlcpy(path_ipdown, PPP_PATH_IPDOWN, MAXPATHLEN);
 
diff --git a/pppd/pppd-private.h b/pppd/pppd-private.h
index 46ce0c8bd..52b8e9d3c 100644
--- a/pppd/pppd-private.h
+++ b/pppd/pppd-private.h
@@ -177,6 +177,8 @@ extern bool	uselogin;	/* Use /etc/passwd for checking PAP */
 extern bool	session_mgmt;	/* Do session management (login records) */
 extern char	our_name[MAXNAMELEN];/* Our name for authentication purposes */
 extern char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern char	path_upapfile[];/* Pathname of pap-secrets file */
+extern char	path_chapfile[];/* Pathname of chap-secrets file */
 extern bool	explicit_remote;/* remote_name specified with remotename opt */
 extern bool	demand;		/* Do dial-on-demand */
 extern char	*ipparam;	/* Extra parameter for ip up/down scripts */