2 * options.c - handles option processing for PPP.
4 * Copyright (c) 1989 Carnegie Mellon University.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by Carnegie Mellon University. The name of the
13 * University may not be used to endorse or promote products derived
14 * from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 static char rcsid[] = "$Id: options.c,v 1.37 1997/03/04 03:41:58 paulus Exp $";
35 #include <sys/types.h>
37 #include <netinet/in.h>
38 #include <arpa/inet.h>
41 #include "pathnames.h"
42 #include "patchlevel.h"
55 #endif /* IPX_CHANGE */
57 #include <net/ppp-comp.h>
62 #if defined(ultrix) || defined(NeXT)
63 char *strdup __P((char *));
67 #define GIDSET_TYPE gid_t
71 * Option variables and default values.
73 int debug = 0; /* Debug flag */
74 int kdebugflag = 0; /* Tell kernel to print debug messages */
75 int default_device = 1; /* Using /dev/tty or equivalent */
76 char devnam[MAXPATHLEN] = "/dev/tty"; /* Device name */
77 int crtscts = 0; /* Use hardware flow control */
78 int modem = 1; /* Use modem control lines */
79 int inspeed = 0; /* Input/Output speed requested */
80 u_int32_t netmask = 0; /* IP netmask to set on interface */
81 int lockflag = 0; /* Create lock file to lock the serial dev */
82 int nodetach = 0; /* Don't detach from controlling tty */
83 char *connector = NULL; /* Script to establish physical link */
84 char *disconnector = NULL; /* Script to disestablish physical link */
85 char *welcomer = NULL; /* Script to run after phys link estab. */
86 int maxconnect = 0; /* Maximum connect time */
87 char user[MAXNAMELEN]; /* Username for PAP */
88 char passwd[MAXSECRETLEN]; /* Password for PAP */
89 int auth_required = 0; /* Peer is required to authenticate */
90 int defaultroute = 0; /* assign default route through interface */
91 int proxyarp = 0; /* Set up proxy ARP entry for peer */
92 int persist = 0; /* Reopen link after it goes down */
93 int uselogin = 0; /* Use /etc/passwd for checking PAP */
94 int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
95 int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
96 char our_name[MAXNAMELEN]; /* Our name for authentication purposes */
97 char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
98 int usehostname = 0; /* Use hostname for our_name */
99 int disable_defaultip = 0; /* Don't use hostname for default IP adrs */
100 int demand = 0; /* do dial-on-demand */
101 char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
102 int cryptpap; /* Passwords in pap-secrets are encrypted */
103 int idle_time_limit = 0; /* Disconnect if idle for this many seconds */
104 int holdoff = 30; /* # seconds to pause before reconnecting */
105 int refuse_pap = 0; /* Set to say we won't do PAP */
106 int refuse_chap = 0; /* Set to say we won't do CHAP */
108 struct option_info auth_req_info;
109 struct option_info connector_info;
110 struct option_info disconnector_info;
111 struct option_info welcomer_info;
112 struct option_info devnam_info;
117 static int setdevname __P((char *, int));
118 static int setipaddr __P((char *));
119 static int setdebug __P((void));
120 static int setkdebug __P((char **));
121 static int setpassive __P((void));
122 static int setsilent __P((void));
123 static int noopt __P((void));
124 static int setnovj __P((void));
125 static int setnovjccomp __P((void));
126 static int setvjslots __P((char **));
127 static int reqpap __P((void));
128 static int nopap __P((void));
130 static int setupapfile __P((char **));
132 static int nochap __P((void));
133 static int reqchap __P((void));
134 static int setspeed __P((char *));
135 static int noaccomp __P((void));
136 static int noasyncmap __P((void));
137 static int noip __P((void));
138 static int nomagicnumber __P((void));
139 static int setasyncmap __P((char **));
140 static int setescape __P((char **));
141 static int setmru __P((char **));
142 static int setmtu __P((char **));
144 static int setcbcp __P((char **));
146 static int nomru __P((void));
147 static int nopcomp __P((void));
148 static int setconnector __P((char **));
149 static int setdisconnector __P((char **));
150 static int setwelcomer __P((char **));
151 static int setmaxconnect __P((char **));
152 static int setdomain __P((char **));
153 static int setnetmask __P((char **));
154 static int setcrtscts __P((void));
155 static int setnocrtscts __P((void));
156 static int setxonxoff __P((void));
157 static int setnodetach __P((void));
158 static int setmodem __P((void));
159 static int setlocal __P((void));
160 static int setlock __P((void));
161 static int setname __P((char **));
162 static int setuser __P((char **));
163 static int setremote __P((char **));
164 static int setauth __P((void));
165 static int setnoauth __P((void));
166 static int readfile __P((char **));
167 static int callfile __P((char **));
168 static int setdefaultroute __P((void));
169 static int setnodefaultroute __P((void));
170 static int setproxyarp __P((void));
171 static int setnoproxyarp __P((void));
172 static int setpersist __P((void));
173 static int setnopersist __P((void));
174 static int setdologin __P((void));
175 static int setusehostname __P((void));
176 static int setnoipdflt __P((void));
177 static int setlcptimeout __P((char **));
178 static int setlcpterm __P((char **));
179 static int setlcpconf __P((char **));
180 static int setlcpfails __P((char **));
181 static int setipcptimeout __P((char **));
182 static int setipcpterm __P((char **));
183 static int setipcpconf __P((char **));
184 static int setipcpfails __P((char **));
185 static int setpaptimeout __P((char **));
186 static int setpapreqs __P((char **));
187 static int setpapreqtime __P((char **));
188 static int setchaptimeout __P((char **));
189 static int setchapchal __P((char **));
190 static int setchapintv __P((char **));
191 static int setipcpaccl __P((void));
192 static int setipcpaccr __P((void));
193 static int setlcpechointv __P((char **));
194 static int setlcpechofails __P((char **));
195 static int noccp __P((void));
196 static int setbsdcomp __P((char **));
197 static int setnobsdcomp __P((void));
198 static int setdeflate __P((char **));
199 static int setnodeflate __P((void));
200 static int setdemand __P((void));
201 static int setpred1comp __P((void));
202 static int setnopred1comp __P((void));
203 static int setipparam __P((char **));
204 static int setpapcrypt __P((void));
205 static int setidle __P((char **));
206 static int setholdoff __P((char **));
207 static int setdnsaddr __P((char **));
208 static int resetipxproto __P((void));
209 static int setwinsaddr __P((char **));
210 static int showversion __P((void));
211 static int showhelp __P((void));
214 static int setipxproto __P((void));
215 static int setipxanet __P((void));
216 static int setipxalcl __P((void));
217 static int setipxarmt __P((void));
218 static int setipxnetwork __P((char **));
219 static int setipxnode __P((char **));
220 static int setipxrouter __P((char **));
221 static int setipxname __P((char **));
222 static int setipxcptimeout __P((char **));
223 static int setipxcpterm __P((char **));
224 static int setipxcpconf __P((char **));
225 static int setipxcpfails __P((char **));
226 #endif /* IPX_CHANGE */
228 static int number_option __P((char *, u_int32_t *, int));
229 static int int_option __P((char *, int *));
230 static int readable __P((int fd));
240 {"-all", 0, noopt}, /* Don't request/allow any options (useless) */
241 {"noaccomp", 0, noaccomp}, /* Disable Address/Control compression */
242 {"-ac", 0, noaccomp}, /* Disable Address/Control compress */
243 {"default-asyncmap", 0, noasyncmap}, /* Disable asyncmap negoatiation */
244 {"-am", 0, noasyncmap}, /* Disable asyncmap negotiation */
245 {"-as", 1, setasyncmap}, /* set the desired async map */
246 {"-d", 0, setdebug}, /* Increase debugging level */
247 {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */
248 {"-detach", 0, setnodetach}, /* don't fork */
249 {"noip", 0, noip}, /* Disable IP and IPCP */
250 {"-ip", 0, noip}, /* Disable IP and IPCP */
251 {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */
252 {"-mn", 0, nomagicnumber}, /* Disable magic number negotiation */
253 {"default-mru", 0, nomru}, /* Disable MRU negotiation */
254 {"-mru", 0, nomru}, /* Disable mru negotiation */
255 {"-p", 0, setpassive}, /* Set passive mode */
256 {"nopcomp", 0, nopcomp}, /* Disable protocol field compression */
257 {"-pc", 0, nopcomp}, /* Disable protocol field compress */
259 {"+ua", 1, setupapfile}, /* Get PAP user and password from file */
261 {"require-pap", 0, reqpap}, /* Require PAP authentication from peer */
262 {"+pap", 0, reqpap}, /* Require PAP auth from peer */
263 {"refuse-pap", 0, nopap}, /* Don't agree to auth to peer with PAP */
264 {"-pap", 0, nopap}, /* Don't allow UPAP authentication with peer */
265 {"require-chap", 0, reqchap}, /* Require CHAP authentication from peer */
266 {"+chap", 0, reqchap}, /* Require CHAP authentication from peer */
267 {"refuse-chap", 0, nochap}, /* Don't agree to auth to peer with CHAP */
268 {"-chap", 0, nochap}, /* Don't allow CHAP authentication with peer */
269 {"novj", 0, setnovj}, /* Disable VJ compression */
270 {"-vj", 0, setnovj}, /* disable VJ compression */
271 {"novjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */
272 {"-vjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */
273 {"vj-max-slots", 1, setvjslots}, /* Set maximum VJ header slots */
274 {"asyncmap", 1, setasyncmap}, /* set the desired async map */
275 {"escape", 1, setescape}, /* set chars to escape on transmission */
276 {"connect", 1, setconnector}, /* A program to set up a connection */
277 {"disconnect", 1, setdisconnector}, /* program to disconnect serial dev. */
278 {"welcome", 1, setwelcomer},/* Script to welcome client */
279 {"maxconnect", 1, setmaxconnect}, /* specify a maximum connect time */
280 {"crtscts", 0, setcrtscts}, /* set h/w flow control */
281 {"nocrtscts", 0, setnocrtscts}, /* clear h/w flow control */
282 {"-crtscts", 0, setnocrtscts}, /* clear h/w flow control */
283 {"xonxoff", 0, setxonxoff}, /* set s/w flow control */
284 {"debug", 0, setdebug}, /* Increase debugging level */
285 {"kdebug", 1, setkdebug}, /* Enable kernel-level debugging */
286 {"domain", 1, setdomain}, /* Add given domain name to hostname*/
287 {"mru", 1, setmru}, /* Set MRU value for negotiation */
288 {"mtu", 1, setmtu}, /* Set our MTU */
290 {"callback", 1, setcbcp}, /* Ask for callback */
292 {"netmask", 1, setnetmask}, /* set netmask */
293 {"passive", 0, setpassive}, /* Set passive mode */
294 {"silent", 0, setsilent}, /* Set silent mode */
295 {"modem", 0, setmodem}, /* Use modem control lines */
296 {"local", 0, setlocal}, /* Don't use modem control lines */
297 {"lock", 0, setlock}, /* Lock serial device (with lock file) */
298 {"name", 1, setname}, /* Set local name for authentication */
299 {"user", 1, setuser}, /* Set name for auth with peer */
300 {"usehostname", 0, setusehostname}, /* Must use hostname for auth. */
301 {"remotename", 1, setremote}, /* Set remote name for authentication */
302 {"auth", 0, setauth}, /* Require authentication from peer */
303 {"noauth", 0, setnoauth}, /* Don't require peer to authenticate */
304 {"file", 1, readfile}, /* Take options from a file */
305 {"call", 1, callfile}, /* Take options from a privileged file */
306 {"defaultroute", 0, setdefaultroute}, /* Add default route */
307 {"nodefaultroute", 0, setnodefaultroute}, /* disable defaultroute option */
308 {"-defaultroute", 0, setnodefaultroute}, /* disable defaultroute option */
309 {"proxyarp", 0, setproxyarp}, /* Add proxy ARP entry */
310 {"noproxyarp", 0, setnoproxyarp}, /* disable proxyarp option */
311 {"-proxyarp", 0, setnoproxyarp}, /* disable proxyarp option */
312 {"persist", 0, setpersist}, /* Keep on reopening connection after close */
313 {"nopersist", 0, setnopersist}, /* Turn off persist option */
314 {"demand", 0, setdemand}, /* Dial on demand */
315 {"login", 0, setdologin}, /* Use system password database for UPAP */
316 {"noipdefault", 0, setnoipdflt}, /* Don't use name for default IP adrs */
317 {"lcp-echo-failure", 1, setlcpechofails}, /* consecutive echo failures */
318 {"lcp-echo-interval", 1, setlcpechointv}, /* time for lcp echo events */
319 {"lcp-restart", 1, setlcptimeout}, /* Set timeout for LCP */
320 {"lcp-max-terminate", 1, setlcpterm}, /* Set max #xmits for term-reqs */
321 {"lcp-max-configure", 1, setlcpconf}, /* Set max #xmits for conf-reqs */
322 {"lcp-max-failure", 1, setlcpfails}, /* Set max #conf-naks for LCP */
323 {"ipcp-restart", 1, setipcptimeout}, /* Set timeout for IPCP */
324 {"ipcp-max-terminate", 1, setipcpterm}, /* Set max #xmits for term-reqs */
325 {"ipcp-max-configure", 1, setipcpconf}, /* Set max #xmits for conf-reqs */
326 {"ipcp-max-failure", 1, setipcpfails}, /* Set max #conf-naks for IPCP */
327 {"pap-restart", 1, setpaptimeout}, /* Set retransmit timeout for PAP */
328 {"pap-max-authreq", 1, setpapreqs}, /* Set max #xmits for auth-reqs */
329 {"pap-timeout", 1, setpapreqtime}, /* Set time limit for peer PAP auth. */
330 {"chap-restart", 1, setchaptimeout}, /* Set timeout for CHAP */
331 {"chap-max-challenge", 1, setchapchal}, /* Set max #xmits for challenge */
332 {"chap-interval", 1, setchapintv}, /* Set interval for rechallenge */
333 {"ipcp-accept-local", 0, setipcpaccl}, /* Accept peer's address for us */
334 {"ipcp-accept-remote", 0, setipcpaccr}, /* Accept peer's address for it */
335 {"noccp", 0, noccp}, /* Disable CCP negotiation */
336 {"-ccp", 0, noccp}, /* Disable CCP negotiation */
337 {"bsdcomp", 1, setbsdcomp}, /* request BSD-Compress */
338 {"nobsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */
339 {"-bsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */
340 {"deflate", 1, setdeflate}, /* request Deflate compression */
341 {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */
342 {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */
343 {"predictor1", 0, setpred1comp}, /* request Predictor-1 */
344 {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */
345 {"-predictor1", 0, setnopred1comp}, /* don't allow Predictor-1 */
346 {"ipparam", 1, setipparam}, /* set ip script parameter */
347 {"papcrypt", 0, setpapcrypt}, /* PAP passwords encrypted */
348 {"idle", 1, setidle}, /* idle time limit (seconds) */
349 {"holdoff", 1, setholdoff}, /* set holdoff time (seconds) */
350 {"ms-dns", 1, setdnsaddr}, /* DNS address for the peer's use */
351 {"ms-wins", 1, setwinsaddr}, /* Nameserver for SMB over TCP/IP for peer */
352 {"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */
353 {"-ipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */
354 {"--version", 0, showversion}, /* Show version number */
355 {"--help", 0, showhelp}, /* Show brief listing of options */
356 {"-h", 0, showhelp}, /* ditto */
359 {"ipx-network", 1, setipxnetwork}, /* IPX network number */
360 {"ipxcp-accept-network", 0, setipxanet}, /* Accept peer netowrk */
361 {"ipx-node", 1, setipxnode}, /* IPX node number */
362 {"ipxcp-accept-local", 0, setipxalcl}, /* Accept our address */
363 {"ipxcp-accept-remote", 0, setipxarmt}, /* Accept peer's address */
364 {"ipx-routing", 1, setipxrouter}, /* IPX routing proto number */
365 {"ipx-router-name", 1, setipxname}, /* IPX router name */
366 {"ipxcp-restart", 1, setipxcptimeout}, /* Set timeout for IPXCP */
367 {"ipxcp-max-terminate", 1, setipxcpterm}, /* max #xmits for term-reqs */
368 {"ipxcp-max-configure", 1, setipxcpconf}, /* max #xmits for conf-reqs */
369 {"ipxcp-max-failure", 1, setipxcpfails}, /* max #conf-naks for IPXCP */
371 {"ipx-compression", 1, setipxcompression}, /* IPX compression number */
373 {"ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */
374 {"+ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */
375 #endif /* IPX_CHANGE */
381 #ifndef IMPLEMENTATION
382 #define IMPLEMENTATION ""
385 static char *usage_string = "\
386 pppd version %s patch level %d%s\n\
387 Usage: %s [ options ], where options are:\n\
388 <device> Communicate over the named device\n\
389 <speed> Set the baud rate to <speed>\n\
390 <loc>:<rem> Set the local and/or remote interface IP\n\
391 addresses. Either one may be omitted.\n\
392 asyncmap <n> Set the desired async map to hex <n>\n\
393 auth Require authentication from peer\n\
394 connect <p> Invoke shell command <p> to set up the serial line\n\
395 crtscts Use hardware RTS/CTS flow control\n\
396 defaultroute Add default route through interface\n\
397 file <f> Take options from file <f>\n\
398 modem Use modem control lines\n\
399 mru <n> Set MRU value to <n> for negotiation\n\
400 netmask <n> Set interface netmask to <n>\n\
401 See pppd(8) for more options.\n\
404 static char *current_option; /* the name of the option being parsed */
405 static int privileged_option; /* set iff the current option came from root */
406 static char *option_source; /* string saying where the option came from */
409 * parse_args - parse a string of arguments from the command line.
412 parse_args(argc, argv)
420 privileged_option = privileged;
421 option_source = "command line";
427 * First see if it's a command.
429 for (cmdp = cmds; cmdp->cmd_name; cmdp++)
430 if (!strcmp(arg, cmdp->cmd_name))
433 if (cmdp->cmd_name != NULL) {
434 if (argc < cmdp->num_args) {
435 option_error("too few parameters for option %s", arg);
438 current_option = arg;
439 if (!(*cmdp->cmd_func)(argv))
441 argc -= cmdp->num_args;
442 argv += cmdp->num_args;
446 * Maybe a tty name, speed or IP address?
448 if ((ret = setdevname(arg, 0)) == 0
449 && (ret = setspeed(arg)) == 0
450 && (ret = setipaddr(arg)) == 0) {
451 option_error("unrecognized option '%s'", arg);
455 if (ret < 0) /* error */
463 * scan_args - scan the command line arguments to get the tty name,
467 scan_args(argc, argv)
478 /* Skip options and their arguments */
479 for (cmdp = cmds; cmdp->cmd_name; cmdp++)
480 if (!strcmp(arg, cmdp->cmd_name))
483 if (cmdp->cmd_name != NULL) {
484 argc -= cmdp->num_args;
485 argv += cmdp->num_args;
489 /* Check if it's a tty name and copy it if so */
490 (void) setdevname(arg, 1);
495 * usage - print out a message telling how to use the program.
500 if (phase == PHASE_INITIALIZE)
501 fprintf(stderr, usage_string, VERSION, PATCHLEVEL, IMPLEMENTATION,
506 * showhelp - print out usage message and exit.
511 if (phase == PHASE_INITIALIZE) {
519 * showversion - print out the version number and exit.
524 if (phase == PHASE_INITIALIZE) {
525 fprintf(stderr, "pppd version %s patch level %d%s\n",
526 VERSION, PATCHLEVEL, IMPLEMENTATION);
533 * options_from_file - Read a string of options from a file,
534 * and interpret them.
537 options_from_file(filename, must_exist, check_prot, priv)
548 char args[MAXARGS][MAXWORDLEN];
549 char cmd[MAXWORDLEN];
551 if ((f = fopen(filename, "r")) == NULL) {
552 if (!must_exist && errno == ENOENT)
554 option_error("Can't open options file %s: %m", filename);
557 if (check_prot && !readable(fileno(f))) {
558 option_error("Can't open options file %s: access denied", filename);
563 oldpriv = privileged_option;
564 privileged_option = priv;
566 while (getword(f, cmd, &newline, filename)) {
568 * First see if it's a command.
570 for (cmdp = cmds; cmdp->cmd_name; cmdp++)
571 if (!strcmp(cmd, cmdp->cmd_name))
574 if (cmdp->cmd_name != NULL) {
575 for (i = 0; i < cmdp->num_args; ++i) {
576 if (!getword(f, args[i], &newline, filename)) {
578 "In file %s: too few parameters for option '%s'",
584 current_option = cmd;
585 if (!(*cmdp->cmd_func)(argv))
590 * Maybe a tty name, speed or IP address?
592 if ((i = setdevname(cmd, 0)) == 0
593 && (i = setspeed(cmd)) == 0
594 && (i = setipaddr(cmd)) == 0) {
595 option_error("In file %s: unrecognized option '%s'",
599 if (i < 0) /* error */
607 privileged_option = oldpriv;
612 * options_from_user - See if the use has a ~/.ppprc file,
613 * and if so, interpret options from it.
618 char *user, *path, *file;
622 pw = getpwuid(getuid());
623 if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
625 file = _PATH_USEROPT;
626 path = malloc(strlen(user) + strlen(file) + 2);
628 novm("init file name");
632 ret = options_from_file(path, 0, 1, privileged);
638 * options_for_tty - See if an options file exists for the serial
639 * device, and if so, interpret options from it.
644 char *dev, *path, *p;
648 if (strncmp(dev, "/dev/", 5) == 0)
650 if (strcmp(dev, "tty") == 0)
651 return 1; /* don't look for /etc/ppp/options.tty */
652 path = malloc(strlen(_PATH_TTYOPT) + strlen(dev) + 1);
654 novm("tty init file name");
655 strcpy(path, _PATH_TTYOPT);
656 /* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */
657 for (p = path + strlen(path); *dev != 0; ++dev)
658 *p++ = (*dev == '/'? '.': *dev);
660 ret = options_from_file(path, 0, 0, 1);
666 * option_error - print a message about an error in an option.
667 * The message is logged, and also sent to
668 * stderr if phase == PHASE_INITIALIZE.
671 option_error __V((char *fmt, ...))
682 fmt = va_arg(args, char *);
684 vfmtmsg(buf, sizeof(buf), fmt, args);
686 if (phase == PHASE_INITIALIZE)
687 fprintf(stderr, "%s: %s\n", progname, buf);
688 syslog(LOG_ERR, "%s", buf);
692 * readable - check if a file is readable by the real user.
701 GIDSET_TYPE groups[NGROUPS_MAX];
706 if (fstat(fd, &sbuf) != 0)
708 if (sbuf.st_uid == uid)
709 return sbuf.st_mode & S_IRUSR;
710 if (sbuf.st_gid == getgid())
711 return sbuf.st_mode & S_IRGRP;
712 ngroups = getgroups(NGROUPS_MAX, groups);
713 for (i = 0; i < ngroups; ++i)
714 if (sbuf.st_gid == groups[i])
715 return sbuf.st_mode & S_IRGRP;
716 return sbuf.st_mode & S_IROTH;
720 * Read a word from a file.
721 * Words are delimited by white-space or by quotes (" or ').
722 * Quotes, white-space and \ may be escaped with \.
723 * \<newline> is ignored.
726 getword(f, word, newlinep, filename)
734 int value, digit, got, n;
736 #define isoctal(c) ((c) >= '0' && (c) < '8')
744 * First skip white-space and comments.
752 * A newline means the end of a comment; backslash-newline
753 * is ignored. Note that we cannot have escape && comment.
765 * Ignore characters other than newline in a comment.
771 * If this character is escaped, we have a word start.
777 * If this is the escape character, look at the next character.
785 * If this is the start of a comment, ignore the rest of the line.
793 * A non-whitespace character is the start of a word.
800 * Save the delimiter for quoted strings.
802 if (!escape && (c == '"' || c == '\'')) {
809 * Process characters until the end of the word.
814 * This character is escaped: backslash-newline is ignored,
815 * various other characters indicate particular values
816 * as for C backslash-escapes.
851 * \ddd octal sequence
854 for (n = 0; n < 3 && isoctal(c); ++n) {
855 value = (value << 3) + (c & 07);
864 * \x<hex_string> sequence
868 for (n = 0; n < 2 && isxdigit(c); ++n) {
869 digit = toupper(c) - '0';
871 digit += '0' + 10 - 'A';
872 value = (value << 4) + digit;
880 * Otherwise the character stands for itself.
887 * Store the resulting character for the escape sequence.
889 if (len < MAXWORDLEN-1)
900 * Not escaped: see if we've reached the end of the word.
906 if (isspace(c) || c == '#') {
913 * Backslash starts an escape sequence.
922 * An ordinary character: store it in the word and get another.
924 if (len < MAXWORDLEN-1)
932 * End of the word: check for errors.
938 option_error("Error reading %s: %m", filename);
942 * If len is zero, then we didn't find a word before the
950 * Warn if the word was too long, and append a terminating null.
952 if (len >= MAXWORDLEN) {
953 option_error("warning: word in file %s too long (%.20s...)",
955 len = MAXWORDLEN - 1;
966 * number_option - parse an unsigned numeric parameter for an option.
969 number_option(str, valp, base)
976 *valp = strtoul(str, &ptr, base);
978 option_error("invalid numeric parameter '%s' for %s option",
979 str, current_option);
987 * int_option - like number_option, but valp is int *,
988 * the base is assumed to be 0, and *valp is not changed
989 * if there is an error.
992 int_option(str, valp)
998 if (!number_option(str, &v, 0))
1006 * The following procedures parse options.
1010 * readfile - take commands from a file.
1016 return options_from_file(*argv, 1, 1, privileged_option);
1020 * callfile - take commands from /etc/ppp/peers/<name>.
1021 * Name may not contain /../, start with / or ../, or end in /..
1027 char *fname, *arg, *p;
1032 if (arg[0] == '/' || arg[0] == 0)
1035 for (p = arg; *p != 0; ) {
1036 if (p[0] == '.' && p[1] == '.' && (p[2] == '/' || p[2] == 0)) {
1040 while (*p != '/' && *p != 0)
1047 option_error("call option value may not contain .. or start with /");
1051 l = strlen(arg) + strlen(_PATH_PEERFILES) + 1;
1052 if ((fname = (char *) malloc(l)) == NULL)
1053 novm("call file name");
1054 strcpy(fname, _PATH_PEERFILES);
1057 ok = options_from_file(fname, 1, 1, 1);
1065 * setdebug - Set debug (command line argument).
1075 * setkdebug - Set kernel debugging level.
1081 return int_option(*argv, &kdebugflag);
1085 * noopt - Disable all options.
1090 BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options));
1091 BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options));
1092 BZERO((char *) &ipcp_wantoptions[0], sizeof (struct ipcp_options));
1093 BZERO((char *) &ipcp_allowoptions[0], sizeof (struct ipcp_options));
1096 BZERO((char *) &ipxcp_wantoptions[0], sizeof (struct ipxcp_options));
1097 BZERO((char *) &ipxcp_allowoptions[0], sizeof (struct ipxcp_options));
1098 #endif /* IPX_CHANGE */
1104 * noaccomp - Disable Address/Control field compression negotiation.
1109 lcp_wantoptions[0].neg_accompression = 0;
1110 lcp_allowoptions[0].neg_accompression = 0;
1116 * noasyncmap - Disable async map negotiation.
1121 lcp_wantoptions[0].neg_asyncmap = 0;
1122 lcp_allowoptions[0].neg_asyncmap = 0;
1128 * noip - Disable IP and IPCP.
1133 ipcp_protent.enabled_flag = 0;
1139 * nomagicnumber - Disable magic number negotiation.
1144 lcp_wantoptions[0].neg_magicnumber = 0;
1145 lcp_allowoptions[0].neg_magicnumber = 0;
1151 * nomru - Disable mru negotiation.
1156 lcp_wantoptions[0].neg_mru = 0;
1157 lcp_allowoptions[0].neg_mru = 0;
1163 * setmru - Set MRU for negotiation.
1171 if (!number_option(*argv, &mru, 0))
1173 lcp_wantoptions[0].mru = mru;
1174 lcp_wantoptions[0].neg_mru = 1;
1180 * setmru - Set the largest MTU we'll use.
1188 if (!number_option(*argv, &mtu, 0))
1190 if (mtu < MINMRU || mtu > MAXMRU) {
1191 option_error("mtu option value of %u is too %s", mtu,
1192 (mtu < MINMRU? "small": "large"));
1195 lcp_allowoptions[0].mru = mtu;
1204 lcp_wantoptions[0].neg_cbcp = 1;
1205 cbcp_protent.enabled_flag = 1;
1206 cbcp[0].us_number = strdup(*argv);
1207 if (cbcp[0].us_number == 0)
1208 novm("callback number");
1209 cbcp[0].us_type |= (1 << CB_CONF_USER);
1210 cbcp[0].us_type |= (1 << CB_CONF_ADMIN);
1216 * nopcomp - Disable Protocol field compression negotiation.
1221 lcp_wantoptions[0].neg_pcompression = 0;
1222 lcp_allowoptions[0].neg_pcompression = 0;
1228 * setpassive - Set passive mode (don't give up if we time out sending
1229 * LCP configure-requests).
1234 lcp_wantoptions[0].passive = 1;
1240 * setsilent - Set silent mode (don't start sending LCP configure-requests
1241 * until we get one from the peer).
1246 lcp_wantoptions[0].silent = 1;
1252 * nopap - Disable PAP authentication with peer.
1263 * reqpap - Require PAP authentication from peer.
1268 lcp_wantoptions[0].neg_upap = 1;
1275 * setupapfile - specifies UPAP info for authenticating with peer.
1284 lcp_allowoptions[0].neg_upap = 1;
1286 /* open user info file */
1287 if ((ufile = fopen(*argv, "r")) == NULL) {
1288 option_error("unable to open user login data file %s", *argv);
1291 if (!readable(fileno(ufile))) {
1292 option_error("%s: access denied", *argv);
1295 check_access(ufile, *argv);
1298 if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
1299 || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
1300 option_error("unable to read user login data file %s", *argv);
1305 /* get rid of newlines */
1307 if (l > 0 && user[l-1] == '\n')
1310 if (l > 0 && passwd[l-1] == '\n')
1318 * nochap - Disable CHAP authentication with peer.
1329 * reqchap - Require CHAP authentication from peer.
1334 lcp_wantoptions[0].neg_chap = 1;
1341 * setnovj - disable vj compression
1346 ipcp_wantoptions[0].neg_vj = 0;
1347 ipcp_allowoptions[0].neg_vj = 0;
1353 * setnovjccomp - disable VJ connection-ID compression
1358 ipcp_wantoptions[0].cflag = 0;
1359 ipcp_allowoptions[0].cflag = 0;
1365 * setvjslots - set maximum number of connection slots for VJ compression
1373 if (!int_option(*argv, &value))
1375 if (value < 2 || value > 16) {
1376 option_error("vj-max-slots value must be between 2 and 16");
1379 ipcp_wantoptions [0].maxslotindex =
1380 ipcp_allowoptions[0].maxslotindex = value - 1;
1386 * setconnector - Set a program to connect to a serial line
1392 connector = strdup(*argv);
1393 if (connector == NULL)
1394 novm("connect script");
1395 connector_info.priv = privileged_option;
1396 connector_info.source = option_source;
1402 * setdisconnector - Set a program to disconnect from the serial line
1405 setdisconnector(argv)
1408 disconnector = strdup(*argv);
1409 if (disconnector == NULL)
1410 novm("disconnect script");
1411 disconnector_info.priv = privileged_option;
1412 disconnector_info.source = option_source;
1418 * setwelcomer - Set a program to welcome a client after connection
1424 welcomer = strdup(*argv);
1425 if (welcomer == NULL)
1426 novm("welcome script");
1427 welcomer_info.priv = privileged_option;
1428 welcomer_info.source = option_source;
1434 * setmaxconnect - Set the maximum connect time
1442 if (!int_option(*argv, &value))
1445 option_error("maxconnect time must be positive");
1448 if (maxconnect > 0 && (value == 0 || value > maxconnect)) {
1449 option_error("maxconnect time cannot be increased");
1457 * setdomain - Set domain name to append to hostname
1463 if (!privileged_option) {
1464 option_error("using the domain option requires root privilege");
1467 gethostname(hostname, MAXNAMELEN);
1470 strncat(hostname, ".", MAXNAMELEN - strlen(hostname));
1471 strncat(hostname, *argv, MAXNAMELEN - strlen(hostname));
1473 hostname[MAXNAMELEN-1] = 0;
1479 * setasyncmap - add bits to asyncmap (what we request peer to escape).
1487 if (!number_option(*argv, &asyncmap, 16))
1489 lcp_wantoptions[0].asyncmap |= asyncmap;
1490 lcp_wantoptions[0].neg_asyncmap = 1;
1496 * setescape - add chars to the set we escape on transmission.
1508 n = strtol(p, &endp, 16);
1510 option_error("escape parameter contains invalid hex number '%s'",
1515 if (n < 0 || 0x20 <= n && n <= 0x3F || n == 0x5E || n > 0xFF) {
1516 option_error("can't escape character 0x%x", n);
1519 xmit_accm[0][n >> 5] |= 1 << (n & 0x1F);
1520 while (*p == ',' || *p == ' ')
1528 * setspeed - Set the speed.
1537 spd = strtol(arg, &ptr, 0);
1538 if (ptr == arg || *ptr != 0 || spd == 0)
1546 * setdevname - Set the device name.
1549 setdevname(cp, quiet)
1553 struct stat statbuf;
1554 char dev[MAXPATHLEN];
1559 if (strncmp("/dev/", cp, 5) != 0) {
1560 strcpy(dev, "/dev/");
1561 strncat(dev, cp, MAXPATHLEN - 5);
1562 dev[MAXPATHLEN-1] = 0;
1567 * Check if there is a device by this name.
1569 if (stat(cp, &statbuf) < 0) {
1570 if (errno == ENOENT || quiet)
1572 option_error("Couldn't stat %s: %m", cp);
1576 (void) strncpy(devnam, cp, MAXPATHLEN);
1577 devnam[MAXPATHLEN-1] = 0;
1578 default_device = FALSE;
1579 devnam_info.priv = privileged_option;
1580 devnam_info.source = option_source;
1587 * setipaddr - Set the IP address
1595 u_int32_t local, remote;
1596 ipcp_options *wo = &ipcp_wantoptions[0];
1599 * IP address pair separated by ":".
1601 if ((colon = strchr(arg, ':')) == NULL)
1605 * If colon first character, then no local addr.
1609 if ((local = inet_addr(arg)) == -1) {
1610 if ((hp = gethostbyname(arg)) == NULL) {
1611 option_error("unknown host: %s", arg);
1614 local = *(u_int32_t *)hp->h_addr;
1617 if (bad_ip_adrs(local)) {
1618 option_error("bad local IP address %s", ip_ntoa(local));
1622 wo->ouraddr = local;
1627 * If colon last character, then no remote addr.
1629 if (*++colon != '\0') {
1630 if ((remote = inet_addr(colon)) == -1) {
1631 if ((hp = gethostbyname(colon)) == NULL) {
1632 option_error("unknown host: %s", colon);
1635 remote = *(u_int32_t *)hp->h_addr;
1636 if (remote_name[0] == 0) {
1637 strncpy(remote_name, colon, MAXNAMELEN);
1638 remote_name[MAXNAMELEN-1] = 0;
1642 if (bad_ip_adrs(remote)) {
1643 option_error("bad remote IP address %s", ip_ntoa(remote));
1647 wo->hisaddr = remote;
1655 * setnoipdflt - disable setipdefault()
1660 disable_defaultip = 1;
1666 * setipcpaccl - accept peer's idea of our address
1671 ipcp_wantoptions[0].accept_local = 1;
1677 * setipcpaccr - accept peer's idea of its address
1682 ipcp_wantoptions[0].accept_remote = 1;
1688 * setnetmask - set the netmask to be used on the interface.
1699 * Unfortunately, if we use inet_addr, we can't tell whether
1700 * a result of all 1s is an error or a valid 255.255.255.255.
1706 b = strtoul(p, &endp, 0);
1709 if (b < 0 || b > 255) {
1711 /* accept e.g. 0xffffff00 */
1717 mask |= b << (n * 8);
1719 if (*p != '.' || n == 0)
1724 if (*p != 0 || (netmask & ~mask) != 0) {
1725 option_error("invalid netmask value '%s'", *argv);
1750 lcp_wantoptions[0].asyncmap |= 0x000A0000; /* escape ^S and ^Q */
1751 lcp_wantoptions[0].neg_asyncmap = 1;
1804 if (!privileged_option) {
1805 option_error("using the name option requires root privilege");
1808 strncpy(our_name, argv[0], MAXNAMELEN);
1809 our_name[MAXNAMELEN-1] = 0;
1817 strncpy(user, argv[0], MAXNAMELEN);
1818 user[MAXNAMELEN-1] = 0;
1826 strncpy(remote_name, argv[0], MAXNAMELEN);
1827 remote_name[MAXNAMELEN-1] = 0;
1835 if (privileged_option > auth_req_info.priv) {
1836 auth_req_info.priv = privileged_option;
1837 auth_req_info.source = option_source;
1845 if (auth_required && privileged_option < auth_req_info.priv) {
1846 option_error("cannot override auth option set by %s",
1847 auth_req_info.source);
1857 if (!ipcp_allowoptions[0].default_route) {
1858 option_error("defaultroute option is disabled");
1861 ipcp_wantoptions[0].default_route = 1;
1868 ipcp_allowoptions[0].default_route = 0;
1869 ipcp_wantoptions[0].default_route = 0;
1876 if (!ipcp_allowoptions[0].proxy_arp) {
1877 option_error("proxyarp option is disabled");
1880 ipcp_wantoptions[0].proxy_arp = 1;
1887 ipcp_wantoptions[0].proxy_arp = 0;
1888 ipcp_allowoptions[0].proxy_arp = 0;
1914 * Functions to set the echo interval for modem-less monitors
1918 setlcpechointv(argv)
1921 return int_option(*argv, &lcp_echo_interval);
1925 setlcpechofails(argv)
1928 return int_option(*argv, &lcp_echo_fails);
1932 * Functions to set timeouts, max transmits, etc.
1938 return int_option(*argv, &lcp_fsm[0].timeouttime);
1945 return int_option(*argv, &lcp_fsm[0].maxtermtransmits);
1952 return int_option(*argv, &lcp_fsm[0].maxconfreqtransmits);
1959 return int_option(*argv, &lcp_fsm[0].maxnakloops);
1963 setipcptimeout(argv)
1966 return int_option(*argv, &ipcp_fsm[0].timeouttime);
1973 return int_option(*argv, &ipcp_fsm[0].maxtermtransmits);
1980 return int_option(*argv, &ipcp_fsm[0].maxconfreqtransmits);
1987 return int_option(*argv, &lcp_fsm[0].maxnakloops);
1994 return int_option(*argv, &upap[0].us_timeouttime);
2001 return int_option(*argv, &upap[0].us_reqtimeout);
2008 return int_option(*argv, &upap[0].us_maxtransmits);
2012 setchaptimeout(argv)
2015 return int_option(*argv, &chap[0].timeouttime);
2022 return int_option(*argv, &chap[0].max_transmits);
2029 return int_option(*argv, &chap[0].chal_interval);
2035 ccp_protent.enabled_flag = 0;
2047 abits = rbits = strtol(str, &endp, 0);
2048 if (endp != str && *endp == ',') {
2050 abits = strtol(str, &endp, 0);
2052 if (*endp != 0 || endp == str) {
2053 option_error("invalid parameter '%s' for bsdcomp option", *argv);
2056 if (rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS)
2057 || abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS)) {
2058 option_error("bsdcomp option values must be 0 or %d .. %d",
2059 BSD_MIN_BITS, BSD_MAX_BITS);
2063 ccp_wantoptions[0].bsd_compress = 1;
2064 ccp_wantoptions[0].bsd_bits = rbits;
2066 ccp_wantoptions[0].bsd_compress = 0;
2068 ccp_allowoptions[0].bsd_compress = 1;
2069 ccp_allowoptions[0].bsd_bits = abits;
2071 ccp_allowoptions[0].bsd_compress = 0;
2078 ccp_wantoptions[0].bsd_compress = 0;
2079 ccp_allowoptions[0].bsd_compress = 0;
2091 abits = rbits = strtol(str, &endp, 0);
2092 if (endp != str && *endp == ',') {
2094 abits = strtol(str, &endp, 0);
2096 if (*endp != 0 || endp == str) {
2097 option_error("invalid parameter '%s' for deflate option", *argv);
2100 if (rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE)
2101 || abits != 0 && (abits < DEFLATE_MIN_SIZE
2102 || abits > DEFLATE_MAX_SIZE)) {
2103 option_error("deflate option values must be 0 or %d .. %d",
2104 DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
2108 ccp_wantoptions[0].deflate = 1;
2109 ccp_wantoptions[0].deflate_size = rbits;
2111 ccp_wantoptions[0].deflate = 0;
2113 ccp_allowoptions[0].deflate = 1;
2114 ccp_allowoptions[0].deflate_size = abits;
2116 ccp_allowoptions[0].deflate = 0;
2123 ccp_wantoptions[0].deflate = 0;
2124 ccp_allowoptions[0].deflate = 0;
2131 ccp_wantoptions[0].predictor_1 = 1;
2132 ccp_allowoptions[0].predictor_1 = 1;
2139 ccp_wantoptions[0].predictor_1 = 0;
2140 ccp_allowoptions[0].predictor_1 = 0;
2148 ipparam = strdup(*argv);
2149 if (ipparam == NULL)
2150 novm("ipparam string");
2166 return int_option(*argv, &idle_time_limit);
2173 return int_option(*argv, &holdoff);
2177 * setdnsaddr - set the dns address(es)
2186 dns = inet_addr(*argv);
2188 if ((hp = gethostbyname(*argv)) == NULL) {
2189 option_error("invalid address parameter '%s' for ms-dns option",
2193 dns = *(u_int32_t *)hp->h_addr;
2196 if (ipcp_allowoptions[0].dnsaddr[0] == 0) {
2197 ipcp_allowoptions[0].dnsaddr[0] = dns;
2199 ipcp_allowoptions[0].dnsaddr[1] = dns;
2206 * setwinsaddr - set the wins address(es)
2207 * This is primrarly used with the Samba package under UNIX or for pointing
2208 * the caller to the existing WINS server on a Windows NT platform.
2217 wins = inet_addr(*argv);
2219 if ((hp = gethostbyname(*argv)) == NULL) {
2220 option_error("invalid address parameter '%s' for ms-wins option",
2224 wins = *(u_int32_t *)hp->h_addr;
2227 if (ipcp_allowoptions[0].winsaddr[0] == 0) {
2228 ipcp_allowoptions[0].winsaddr[0] = wins;
2230 ipcp_allowoptions[0].winsaddr[1] = wins;
2241 ipxcp_wantoptions[0].neg_router = 1;
2242 ipxcp_allowoptions[0].neg_router = 1;
2243 return int_option(*argv, &ipxcp_wantoptions[0].router);
2250 char *dest = ipxcp_wantoptions[0].name;
2255 ipxcp_wantoptions[0].neg_name = 1;
2256 ipxcp_allowoptions[0].neg_name = 1;
2257 memset (dest, '\0', sizeof (ipxcp_wantoptions[0].name));
2262 if (! isalnum (ch) && ch != '_') {
2263 option_error("IPX router name must be alphanumeric or _");
2267 if (count >= sizeof (ipxcp_wantoptions[0].name)) {
2268 option_error("IPX router name is limited to %d characters",
2269 sizeof (ipxcp_wantoptions[0].name) - 1);
2273 dest[count++] = toupper (ch);
2280 setipxcptimeout (argv)
2283 return int_option(*argv, &ipxcp_fsm[0].timeouttime);
2290 return int_option(*argv, &ipxcp_fsm[0].maxtermtransmits);
2297 return int_option(*argv, &ipxcp_fsm[0].maxconfreqtransmits);
2301 setipxcpfails (argv)
2304 return int_option(*argv, &ipxcp_fsm[0].maxnakloops);
2313 if (!number_option(*argv, &v, 16))
2316 ipxcp_wantoptions[0].our_network = (int) v;
2317 ipxcp_wantoptions[0].neg_nn = 1;
2324 ipxcp_wantoptions[0].accept_network = 1;
2325 ipxcp_allowoptions[0].accept_network = 1;
2331 ipxcp_wantoptions[0].accept_local = 1;
2332 ipxcp_allowoptions[0].accept_local = 1;
2338 ipxcp_wantoptions[0].accept_remote = 1;
2339 ipxcp_allowoptions[0].accept_remote = 1;
2343 setipxnodevalue(src,dst)
2350 if (!isxdigit (*src))
2353 for (indx = 0; indx < 5; ++indx) {
2355 dst[indx] |= (dst[indx + 1] >> 4) & 0x0F;
2358 item = toupper (*src) - '0';
2362 dst[5] = (dst[5] << 4) | item;
2374 memset (&ipxcp_wantoptions[0].our_node[0], 0, 6);
2375 memset (&ipxcp_wantoptions[0].his_node[0], 0, 6);
2377 end = setipxnodevalue (*argv, &ipxcp_wantoptions[0].our_node[0]);
2379 end = setipxnodevalue (++end, &ipxcp_wantoptions[0].his_node[0]);
2382 ipxcp_wantoptions[0].neg_node = 1;
2386 option_error("invalid parameter '%s' for ipx-node option", *argv);
2393 ipxcp_protent.enabled_flag = 1;
2400 ipxcp_protent.enabled_flag = 0;
2410 #endif /* IPX_CHANGE */