From dd49e719c180b3586267d3eae455da974238d57b Mon Sep 17 00:00:00 2001
From: Brian Somers <brian@FreeBSD.org>
Date: Wed, 12 Jul 2000 23:13:52 +0000
Subject: [PATCH] Permit multiple ``allow user'' lines in any given section
 This avoids line length limits when large numbers of users are allowed access
 to ppp.

---
 usr.sbin/ppp/ppp.8     |  7 ++++---
 usr.sbin/ppp/ppp.8.m4  |  7 ++++---
 usr.sbin/ppp/systems.c | 13 +++++++++++--
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 40c57ee6837b..5050bca34d76 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -3065,10 +3065,11 @@ The
 .Sq default
 section is always checked first (even though it is only ever automatically
 loaded at startup).
-Each successive
 .Dq allow users
-command overrides the previous one, so it's possible to allow users access
-to everything except a given label by specifying default users in the
+commands are cumulative in a given section, but users allowed in any given
+section override users allowed in the default section, so it's possible to
+allow users access to everything except a given label by specifying default
+users in the
 .Sq default
 section, and then specifying a new user list for that label.
 .Pp
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 40c57ee6837b..5050bca34d76 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -3065,10 +3065,11 @@ The
 .Sq default
 section is always checked first (even though it is only ever automatically
 loaded at startup).
-Each successive
 .Dq allow users
-command overrides the previous one, so it's possible to allow users access
-to everything except a given label by specifying default users in the
+commands are cumulative in a given section, but users allowed in any given
+section override users allowed in the default section, so it's possible to
+allow users access to everything except a given label by specifying default
+users in the
 .Sq default
 section, and then specifying a new user list for that label.
 .Pp
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index a51491cbf1bf..90e1183e343b 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -201,7 +201,9 @@ AllowUsers(struct cmdargs const *arg)
   int f;
   struct passwd *pwd;
 
-  userok = 0;
+  if (userok == -1)
+    userok = 0;
+
   pwd = getpwuid(ID0realuid());
   if (pwd != NULL)
     for (f = arg->argn; f < arg->argc; f++)
@@ -422,15 +424,19 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
    * functions.  arg->bundle will be set to NULL for these commands !
    */
   int def, how, rs;
+  int defuserok;
 
   def = !strcmp(name, "default");
   how = ID0realuid() == 0 ? SYSTEM_EXISTS : SYSTEM_VALIDATE;
-  userok = 0;
+  userok = -1;
   modeok = 1;
   modereq = mode;
 
   rs = ReadSystem(NULL, "default", CONFFILE, prompt, NULL, how);
 
+  defuserok = userok;
+  userok = -1;
+
   if (!def) {
     if (rs == -1)
       rs = 0;		/* we don't care that ``default'' doesn't exist */
@@ -445,6 +451,9 @@ system_IsValid(const char *name, struct prompt *prompt, int mode)
       return _PATH_PPP "/" CONFFILE ": File not found";
   }
 
+  if (userok == -1)
+    userok = defuserok;
+
   if (how == SYSTEM_EXISTS)
     userok = modeok = 1;