From nobody@FreeBSD.org  Sun Jan 21 13:43:50 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id C793237B401
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 21 Jan 2001 13:43:46 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f0LLhkV10828;
	Sun, 21 Jan 2001 13:43:46 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200101212143.f0LLhkV10828@freefall.freebsd.org>
Date: Sun, 21 Jan 2001 13:43:46 -0800 (PST)
From: cyberwin@mail.ru
To: freebsd-gnats-submit@FreeBSD.org
Subject: new options for pppd
X-Send-Pr-Version: www-1.0

>Number:         24513
>Category:       bin
>Synopsis:       new options for pppd(8)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 21 13:50:01 PST 2001
>Closed-Date:    Fri Jul 29 10:54:43 UTC 2011
>Last-Modified:  Fri Jul 29 10:54:43 UTC 2011
>Originator:     Kovirshin Alexey
>Release:        4.1-RELEASE
>Organization:
>Environment:
FreeBSD orb.ru 4.1-RELEASE FreeBSD 4.1-RELEASE
#2: Thu Jan 18 22:36:37 MSK 2001
root@orb.ru:/usr/src/sys/compile/PENTIUM  i386

>Description:
I've modifyed pppd sources and added 3 new options:
usepeerdns, update-resolv, hide-password
usepeerdns
    Ask the peer for up to 2 DNS server addresses.  The
    addresses supplied by the peer (if any) are  passed
    to  the  /etc/ppp/ip-up  script  in the environment
    variables DNS1 and DNS2.

update-resolv
    The /etc/resolv.conf will be updated with  the  DNS
    addresses  supplied by the peer (if any). But envi-
    ronment variables DNS1 and DNS2  are  still  avail-
    able.  This  option is work in conjunction with the
    usepeerdns option only.
hide-password
    When logging the  contents  of  PAP  packets,  this
    option  causes  pppd to exclude the password string
    from the log.

Options usepeerdns and hide-password i've taken from pppd-2.3.9,
but usepeerdns doesn't update resolve.conf automatically(like in 2.3.9)
so DNS addresses are available from DNS1, DNS2, USEPEERDNS
environment variables(usefull for /etc/ppp/ip-up(down) scripts).
Option update-resolv update resolv.conf automatically, but DNS1, DNS2,
USEPEERDNS environment variables are still available.

I hope it will be usefull when pppd acts as client.

>How-To-Repeat:

>Fix:
I've maked a patch which can be applied 
to /usr/src/usr.sbin/pppd sources by this way:

cd /usr/src/usr.sbin/pppd
patch < pppd-DNSask.patch




>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: mikeh 
State-Changed-When: Fri Jun 29 16:07:53 PDT 2001 
State-Changed-Why:  
Is this patch available? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24513 

From: Mike Heffner <mheffner@novacoxmail.com>
To: freebsd-gnats-submit@freebsd.org
Cc: CyberWin UnixOiD <cyberwin@mail.ru>
Subject: Re: misc/24513: new options for pppd
Date: Thu, 16 Aug 2001 01:39:24 -0400 (EDT)

 Forwarding this to the audit trail, this was the original patch that was to go
 with the PR. I've untarred the original version sent to me by the author, for
 easier viewing.
 
 -----FW: <E15SBCg-000Cg3-00@f10.mail.ru>-----
 
 Date: Thu, 02 Aug 2001 09:39:26 +0400
 From: CyberWin UnixOiD <cyberwin@mail.ru>
 To: "mikeh@FreeBSD.org" <mikeh@FreeBSD.org>
 Subject: PPPD DNS PATCH
 
 Hi!
 
 I'm sending this patch for you, as you asked.
 Sorry for me late, i was in my vocation.
 
 
 
 --- ../pppd.orig/ipcp.c Sat Aug 28 05:19:03 1999
 +++ ipcp.c      Sun Jan 21 04:29:10 2001
 @@ -42,7 +42,7 @@
  /* global vars */
  ipcp_options ipcp_wantoptions[NUM_PPP];        /* Options that we want to
 request */
  ipcp_options ipcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
 -ipcp_options ipcp_allowoptions[NUM_PPP];       /* Options we allow peer to
 request */
 +ipcp_options ipcp_allowoptions[NUM_PPP];/* Options we allow peer to request */
  ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
  
  /* local vars */
 @@ -100,6 +100,7 @@
  static void ip_check_options __P((void));
  static int  ip_demand_conf __P((int));
  static int  ip_active_pkt __P((u_char *, int));
 +static void create_resolv __P((u_int32_t, u_int32_t));
  
  struct protent ipcp_protent = {
      PPP_IPCP,
 @@ -301,7 +302,7 @@
  
  #define LENCIVJ(neg, old)      (neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0)
  #define LENCIADDR(neg, old)    (neg ? (old? CILEN_ADDRS : CILEN_ADDR) : 0)
 -
 +#define LENCIDNS(neg)          (neg ? (CILEN_ADDR) : 0)
      /*
       * First see if we want to change our options to the old
       * forms because we have received old forms from the peer.
 @@ -327,7 +328,9 @@
      }
  
      return (LENCIADDR(go->neg_addr, go->old_addrs) +
 -           LENCIVJ(go->neg_vj, go->old_vj));
 +           LENCIVJ(go->neg_vj, go->old_vj) +
 +           LENCIDNS(go->req_dns1) +
 +           LENCIDNS(go->req_dns2)) ;
  }
  
  
 @@ -377,11 +380,28 @@
             neg = 0; \
      }
  
 +#define ADDCIDNS(opt, neg, addr) \
 +    if (neg) { \
 +       if (len >= CILEN_ADDR) { \
 +           u_int32_t l; \
 +           PUTCHAR(opt, ucp); \
 +           PUTCHAR(CILEN_ADDR, ucp); \
 +           l = ntohl(addr);\
 +           PUTLONG(l, ucp); \
 +           len -= CILEN_ADDR; \
 +       } else \
 +           neg = 0; \
 +    }
 +
      ADDCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
               go->old_addrs, go->ouraddr, go->hisaddr);
  
      ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
             go->maxslotindex, go->cflag);
 +           
 +    ADDCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
 +    
 +    ADDCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);
  
      *lenp -= len;
  }
 @@ -457,11 +477,30 @@
         } \
      }
  
 +#define ACKCIDNS(opt, neg, addr) \
 +    if (neg) { \
 +       u_int32_t l; \
 +       if ((len -= CILEN_ADDR) < 0) \
 +           goto bad; \
 +       GETCHAR(citype, p); \
 +       GETCHAR(cilen, p); \
 +       if (cilen != CILEN_ADDR || citype != opt) \
 +           goto bad; \
 +       GETLONG(l, p); \
 +       cilong = htonl(l);\
 +       if (addr != cilong) \
 +           goto bad; \
 +    }
 +
      ACKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
               go->old_addrs, go->ouraddr, go->hisaddr);
  
      ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
             go->maxslotindex, go->cflag);
 +           
 +    ACKCIDNS(CI_MS_DNS1,go->req_dns1,go->dnsaddr[0]);
 +    
 +    ACKCIDNS(CI_MS_DNS2,go->req_dns2,go->dnsaddr[1]);
  
      /*
       * If there are any remaining CIs, then this packet is bad.
 @@ -494,7 +533,7 @@
      u_char cimaxslotindex, cicflag;
      u_char citype, cilen, *next;
      u_short cishort;
 -    u_int32_t ciaddr1, ciaddr2, l;
 +    u_int32_t ciaddr1, ciaddr2, l, cidnsaddr;
      ipcp_options no;           /* options we've seen Naks for */
      ipcp_options try;          /* options to request next time */
  
 @@ -537,6 +576,19 @@
          code \
      }
  
 +#define NAKCIDNS(opt, neg, code) \
 +    if (go->neg && \
 +       ((cilen = p[1]) == CILEN_ADDR) && \
 +       len >= cilen && \
 +       p[0] == opt) { \
 +       len -= cilen; \
 +       INCPTR(2, p); \
 +       GETLONG(l, p); \
 +       cidnsaddr = htonl(l); \
 +       no.neg = 1; \
 +       code \
 +    }
 +
      /*
       * Accept the peer's idea of {our,his} address, if different
       * from our idea, only if the accept_{local,remote} flag is set.
 @@ -583,6 +635,14 @@
             }
             );
  
 +    NAKCIDNS(CI_MS_DNS1, req_dns1,
 +           try.dnsaddr[0] = cidnsaddr;
 +           );
 +
 +    NAKCIDNS(CI_MS_DNS2, req_dns2,
 +           try.dnsaddr[1] = cidnsaddr;
 +           );
 +
      /*
       * There may be remaining CIs, if the peer is requesting negotiation
       * on an option that we didn't include in our request packet.
 @@ -719,12 +779,32 @@
         try.neg = 0; \
       }
  
 +#define REJCIDNS(opt, neg, dnsaddr) \
 +    if(go->neg && \
 +       ((cilen = p[1]) == CILEN_ADDR) && \
 +       len >= cilen && \
 +       p[0] == opt) { \
 +       u_int32_t l; \
 +       len -= cilen; \
 +       INCPTR(2, p); \
 +       GETLONG(l, p); \
 +       cilong = htonl(l); \
 +       /* Check rejected value. */ \
 +       if (cilong != dnsaddr) \
 +           goto bad; \
 +       try.neg = 0; \
 +    }
 +
      REJCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr,
               go->old_addrs, go->ouraddr, go->hisaddr);
  
      REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj,
             go->maxslotindex, go->cflag);
  
 +    REJCIDNS(CI_MS_DNS1, req_dns1, go->dnsaddr[0]);
 +
 +    REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]);
 +
      /*
       * If there are any remaining CIs, then this packet is bad.
       */
 @@ -1159,6 +1239,17 @@
      }
      script_setenv("IPLOCAL", ip_ntoa(go->ouraddr));
      script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr));
 +    
 +    if (go->dnsaddr[0] || go->dnsaddr[1]) {
 +       script_setenv("USEPEERDNS","1");
 +       if (go->dnsaddr[0])
 +           script_setenv("DNS1",ip_ntoa(go->dnsaddr[0]));
 +       if (go->dnsaddr[1])
 +           if (go->dnsaddr[1] != go->dnsaddr[0]) /* if addresses are not same
 */
 +               script_setenv("DNS2",ip_ntoa(go->dnsaddr[1]));
 +       if (update_resolv)
 +           create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
 +    }
  
      /*
       * Check that the peer is allowed to use the IP address it wants.
 @@ -1252,6 +1343,11 @@
  
         syslog(LOG_NOTICE, "local  IP address %s", ip_ntoa(go->ouraddr));
         syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));
 +       if (go->dnsaddr[0])
 +           syslog(LOG_NOTICE, "primary DNS address
 %s",ip_ntoa(go->dnsaddr[0]));
 +       if (go->dnsaddr[1])
 +           if (go->dnsaddr[1] != go->dnsaddr[0])
 +               syslog(LOG_NOTICE, "secondary DNS address
 %s",ip_ntoa(go->dnsaddr[1]));
      }
  
      /*
 @@ -1353,6 +1449,33 @@
      argv[6] = ipparam;
      argv[7] = NULL;
      run_program(script, argv, 0);
 +}
 +
 +/*
 + * create_resolve - create the replacement resolv.conf file
 + */
 +static void
 +create_resolv(peerdns1, peerdns2)
 +    u_int32_t peerdns1, peerdns2;
 +{
 +    FILE *f;
 +    f = fopen(_PATH_RESOLV, "w");
 +    if (f == NULL) {
 +       syslog(LOG_ERR, "Failed to create %s: %m", _PATH_RESOLV);
 +       return;
 +    }
 +    
 +    if (peerdns1)
 +       fprintf(f, "\nnameserver %s\n", ip_ntoa(peerdns1));
 +
 +    if (peerdns2)
 +       if (peerdns2 != peerdns1) /* if addresses are not same */
 +           fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
 +
 +    if (ferror(f))
 +       syslog(LOG_ERR, "Write failed to %s: %m", _PATH_RESOLV);
 +
 +    fclose(f);
  }
  
  /*
 --- ../pppd.orig/ipcp.h Sat Aug 28 05:19:03 1999
 +++ ipcp.h      Sun Jan 21 04:28:26 2001
 @@ -46,6 +46,8 @@
      int neg_addr : 1;          /* Negotiate IP Address? */
      int old_addrs : 1;         /* Use old (IP-Addresses) option? */
      int req_addr : 1;          /* Ask peer to send IP address? */
 +    int req_dns1 : 1;          /* Ask peer to send DNS1 address? */
 +    int req_dns2 : 1;          /* Ask peer to send DNS2 address? */
      int default_route : 1;     /* Assign default route through interface? */
      int proxy_arp : 1;         /* Make proxy ARP entry for peer? */
      int neg_vj : 1;            /* Van Jacobson Compression? */
 --- ../pppd.orig/options.c      Sat Aug 28 05:19:07 1999
 +++ options.c   Sun Jan 21 04:28:26 2001
 @@ -113,6 +113,8 @@
  int    holdoff = 30;           /* # seconds to pause before reconnecting */
  int    refuse_pap = 0;         /* Set to say we won't do PAP */
  int    refuse_chap = 0;        /* Set to say we won't do CHAP */
 +int    hide_password = 0;      /* Hide password in log */
 +int    update_resolv = 0;      /* Update resolv.conf */
  
  #ifdef MSLANMAN
  int    ms_lanman = 0;          /* Nonzero if use LanMan password instead of NT
 */
 @@ -230,6 +232,9 @@
  static int setwinsaddr __P((char **));
  static int showversion __P((char **));
  static int showhelp __P((char **));
 +static int usepeerdns __P((char **));
 +static int hide_pass __P((char **));
 +static int resolv_update __P((char **));
  
  #ifdef PPP_FILTER
  static int setpdebug __P((char **));
 @@ -387,6 +392,9 @@
  /* end compat hack */
      {"ms-dns", 1, setdnsaddr},         /* DNS address for the peer's use */
      {"ms-wins", 1, setwinsaddr},       /* Nameserver for SMB over TCP/IP for
 peer */
 +    {"usepeerdns",0, usepeerdns},      /* Ask peer for DNS addrs */
 +    {"hide-password",0, hide_pass},    /* Hide password in log */
 +    {"update-resolv",0,resolv_update}, /* Update resolv.conf */
      {"noipx",  0, resetipxproto},      /* Disable IPXCP (and IPX) */
      {"-ipx",   0, resetipxproto},      /* Disable IPXCP (and IPX) */
      {"--version", 0, showversion},     /* Show version number */
 @@ -1978,6 +1986,31 @@
  {
      ipcp_allowoptions[0].default_route = 0;
      ipcp_wantoptions[0].default_route = 0;
 +    return 1;
 +}
 +
 +static int
 +usepeerdns(argv)
 +    char **argv;
 +{
 +    ipcp_wantoptions[0].req_dns1 = 1;
 +    ipcp_wantoptions[0].req_dns2 = 1;
 +    return 1;
 +}
 +
 +static int
 +hide_pass(argv)
 +    char **argv;
 +{
 +    hide_password = 1;
 +    return 1;
 +}
 +
 +static int
 +resolv_update(argv)
 +    char **argv;
 +{
 +    update_resolv = 1;
      return 1;
  }
  
 --- ../pppd.orig/pathnames.h    Sat Aug 28 05:19:07 1999
 +++ pathnames.h Sun Jan 21 04:28:26 2001
 @@ -25,6 +25,7 @@
  #define _PATH_PEERFILES        "/etc/ppp/peers/"
  #define _PATH_PPPDENY  "/etc/ppp/ppp.deny"
  #define _PATH_PPPSHELLS        "/etc/ppp/ppp.shells"
 +#define _PATH_RESOLV   "/etc/resolv.conf"
  
  #ifdef IPX_CHANGE
  #define _PATH_IPXUP    "/etc/ppp/ipx-up"
 --- ../pppd.orig/pppd.8 Fri Mar  3 12:11:26 2000
 +++ pppd.8      Sun Jan 21 04:28:26 2001
 @@ -49,7 +49,7 @@
  .B active-filter \fIfilter-expression
  Specifies a packet filter to be applied to data packets to determine
  which packets are to be regarded as link activity, and therefore reset
 -the idle timer, or cause the link to be brought up in demand-dialling
 +the idle timer, or cause the link to be brought up in demand-dialing
  mode.  This option is useful in conjunction with the
  \fBidle\fR option if there are packets being sent or received
  regularly over the link (for example, routing information packets)
 @@ -459,6 +459,17 @@
  instance of this option specifies the primary WINS address; the second
  instance (if given) specifies the secondary WINS address.
  .TP
 +.B usepeerdns
 +Ask the peer for up to 2 DNS server addresses.  The addresses supplied
 +by the peer (if any) are passed to the /etc/ppp/ip-up script in the
 +environment variables DNS1 and DNS2.
 +.TP
 +.B update-resolv
 +The /etc/resolv.conf will be updated with the DNS addresses supplied
 +by the peer (if any). But environment variables DNS1 and DNS2 are
 +still available. This option is work in conjunction with the
 +\fBusepeerdns\fR option only.
 +.TP
  .B name \fIname
  Set the name of the local system for authentication purposes to
  \fIname\fR.  This is a privileged option.  With this option, pppd will
 @@ -649,6 +660,10 @@
  .B user \fIname
  Sets the name used for authenticating the local system to the peer to
  \fIname\fR.
 +.TP
 +.B hide-password
 +When logging the contents of PAP packets, this option causes pppd to
 +exclude the password string from the log.
  .TP
  .B vj-max-slots \fIn
  Sets the number of connection slots to be used by the Van Jacobson
 --- ../pppd.orig/pppd.h Sat Aug 28 05:19:08 1999
 +++ pppd.h      Sun Jan 21 04:28:26 2001
 @@ -110,6 +110,8 @@
  extern int     holdoff;        /* Dead time before restarting */
  extern int     refuse_pap;     /* Don't wanna auth. ourselves with PAP */
  extern int     refuse_chap;    /* Don't wanna auth. ourselves with CHAP */
 +extern int     hide_password;  /* Hide password in log */
 +extern int     update_resolv;  /* Update resolv.conf */
  #ifdef PPP_FILTER
  extern struct  bpf_program pass_filter;   /* Filter for pkts to pass */
  extern struct  bpf_program active_filter; /* Filter for link-active pkts */
 --- ../pppd.orig/upap.c Sat Aug 28 05:19:08 1999
 +++ upap.c      Sun Jan 21 04:28:26 2001
 @@ -591,7 +591,10 @@
         printer(arg, " user=");
         print_string(user, ulen, printer, arg);
         printer(arg, " password=");
 -       print_string(pwd, wlen, printer, arg);
 +       if (!hide_password)
 +           print_string(pwd, wlen, printer, arg);
 +       else
 +           printer(arg, "\"********\"");
         break;
      case UPAP_AUTHACK:
      case UPAP_AUTHNAK:
 
 
 
 --------------End of forwarded message-------------------------
 
 
 Mike
 
 -- 
   Mike Heffner         <mheffner@[acm.]vt.edu>
   Fredericksburg, VA       <mikeh@FreeBSD.org>
 
State-Changed-From-To: feedback->closed 
State-Changed-By: sheldonh 
State-Changed-When: Fri Jan 18 08:14:39 PST 2002 
State-Changed-Why:  
Automatic feedback timeout.  If additional feedback that warrants 
the re-opening of this PR is available but not included in the 
audit trail, please include the feedback in a reply to this message 
(preserving the Subject line) and ask that the PR be re-opened. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24513 
State-Changed-From-To: closed->open 
State-Changed-By: sheldonh 
State-Changed-When: Sat Jan 19 03:51:12 PST 2002 
State-Changed-Why:  
The originator drew my attention to this PR after it timed out in 
feedback state. 

Looking at it, I'm not sure why it was never handed over to the 
userland PPP maintainer. 


Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Sat Jan 19 03:51:12 PST 2002 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24513 
Responsible-Changed-From-To: brian->peter 
Responsible-Changed-By: cjc 
Responsible-Changed-When: Sat Jan 19 16:05:39 PST 2002 
Responsible-Changed-Why:  
To the MAINTAINER actually listed in pppd(8). 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24513 

From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: sheldonh@FreeBSD.ORG
Cc: cyberwin@mail.ru, bug-followup@FreeBSD.ORG, brian@FreeBSD.ORG
Subject: Re: misc/24513: new options for pppd
Date: Sat, 19 Jan 2002 16:04:49 -0800

 On Sat, Jan 19, 2002 at 03:53:00AM -0800, sheldonh@FreeBSD.ORG wrote:
 > Synopsis: new options for pppd
 > 
 > State-Changed-From-To: closed->open
 > State-Changed-By: sheldonh
 > State-Changed-When: Sat Jan 19 03:51:12 PST 2002
 > State-Changed-Why: 
 > The originator drew my attention to this PR after it timed out in
 > feedback state.
 > 
 > Looking at it, I'm not sure why it was never handed over to the
 > userland PPP maintainer.
 
 'Cause ppp(8) and pppd(8) are completely separate beasts?
 
   $ fgrep -r MAINTAINER /usr/src/usr.sbin/pppd
   /usr/src/usr.sbin/pppd/Makefile:MAINTAINER=  peter@freebsd.org
 
 And it has a different maintainer? (Not that there has been much
 maintaining for a long time since it is mostly depricated in favor of
 ppp(8)).
 -- 
 Crist J. Clark                     |     cjclark@alum.mit.edu
                                    |     cjclark@jhu.edu
 http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Fri Jul 29 10:54:20 UTC 2011 
State-Changed-Why:  
No pppd(8) in the base system. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24513 
>Unformatted:
