X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Foptions.c;h=6e38d43ee900b20a4d5069d4ff8c877dfb930c3f;hp=c288e53fc6d152b6ba3aa76a821ec2859752c5a7;hb=d34159f417620eb7c481bf53f29fe04c86ccd223;hpb=90f1062610c1a883e9da918daa3b9e2f162d69c2 diff --git a/pppd/options.c b/pppd/options.c index c288e53..6e38d43 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -1,68 +1,91 @@ /* * options.c - handles option processing for PPP. * - * Copyright (c) 1989 Carnegie Mellon University. - * All rights reserved. + * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by Carnegie Mellon University. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef lint -static char rcsid[] = "$Id: options.c,v 1.34 1996/09/14 05:16:56 paulus Exp $"; -#endif +#define RCSID "$Id: options.c,v 1.102 2008/06/15 06:53:06 paulus Exp $" #include #include #include #include -#include +#include #include -#include #include #include -#include #include -#include -#include -#include -#include +#ifdef PLUGIN +#include +#endif + +#ifdef PPP_FILTER +#include +/* + * There have been 3 or 4 different names for this in libpcap CVS, but + * this seems to be what they have settled on... + * For older versions of libpcap, use DLT_PPP - but that means + * we lose the inbound and outbound qualifiers. + */ +#ifndef DLT_PPP_PPPD +#ifdef DLT_PPP_WITHDIRECTION +#define DLT_PPP_PPPD DLT_PPP_WITHDIRECTION +#else +#define DLT_PPP_PPPD DLT_PPP +#endif +#endif +#endif /* PPP_FILTER */ #include "pppd.h" #include "pathnames.h" -#include "patchlevel.h" -#include "fsm.h" -#include "lcp.h" -#include "ipcp.h" -#include "upap.h" -#include "chap.h" -#include "ccp.h" - -#ifdef IPX_CHANGE -#include "ipxcp.h" -#endif /* IPX_CHANGE */ - -#include - -#define FALSE 0 -#define TRUE 1 #if defined(ultrix) || defined(NeXT) char *strdup __P((char *)); #endif -#ifndef GIDSET_TYPE -#define GIDSET_TYPE gid_t -#endif +static const char rcsid[] = RCSID; + +struct option_value { + struct option_value *next; + const char *source; + char value[1]; +}; /* * Option variables and default values. @@ -70,310 +93,279 @@ char *strdup __P((char *)); int debug = 0; /* Debug flag */ int kdebugflag = 0; /* Tell kernel to print debug messages */ int default_device = 1; /* Using /dev/tty or equivalent */ -char devnam[MAXPATHLEN] = "/dev/tty"; /* Device name */ -int crtscts = 0; /* Use hardware flow control */ -int modem = 1; /* Use modem control lines */ -int inspeed = 0; /* Input/Output speed requested */ -u_int32_t netmask = 0; /* IP netmask to set on interface */ -int lockflag = 0; /* Create lock file to lock the serial dev */ -int nodetach = 0; /* Don't detach from controlling tty */ -char *connector = NULL; /* Script to establish physical link */ -char *disconnector = NULL; /* Script to disestablish physical link */ -char *welcomer = NULL; /* Script to run after phys link estab. */ +char devnam[MAXPATHLEN]; /* Device name */ +bool nodetach = 0; /* Don't detach from controlling tty */ +bool updetach = 0; /* Detach once link is up */ +bool master_detach; /* Detach when we're (only) multilink master */ +#ifdef SYSTEMD +bool up_sdnotify = 0; /* Notify systemd once link is up */ +#endif int maxconnect = 0; /* Maximum connect time */ char user[MAXNAMELEN]; /* Username for PAP */ char passwd[MAXSECRETLEN]; /* Password for PAP */ -int auth_required = 0; /* Peer is required to authenticate */ -int defaultroute = 0; /* assign default route through interface */ -int proxyarp = 0; /* Set up proxy ARP entry for peer */ -int persist = 0; /* Reopen link after it goes down */ -int uselogin = 0; /* Use /etc/passwd for checking PAP */ -int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ -int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ +bool persist = 0; /* Reopen link after it goes down */ char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ -char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ -int usehostname = 0; /* Use hostname for our_name */ -int disable_defaultip = 0; /* Don't use hostname for default IP adrs */ -int demand = 0; /* do dial-on-demand */ +bool demand = 0; /* do dial-on-demand */ char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ -int cryptpap; /* Passwords in pap-secrets are encrypted */ int idle_time_limit = 0; /* Disconnect if idle for this many seconds */ int holdoff = 30; /* # seconds to pause before reconnecting */ -int refuse_pap = 0; /* Set to say we won't do PAP */ -int refuse_chap = 0; /* Set to say we won't do CHAP */ +bool holdoff_specified; /* true if a holdoff value has been given */ +int log_to_fd = 1; /* send log messages to this fd too */ +bool log_default = 1; /* log_to_fd is default (stdout) */ +int maxfail = 10; /* max # of unsuccessful connection attempts */ +char linkname[MAXPATHLEN]; /* logical name for link */ +bool tune_kernel; /* may alter kernel settings */ +int connect_delay = 1000; /* wait this many ms after connect script */ +int req_unit = -1; /* requested interface unit */ +char req_ifname[MAXIFNAMELEN]; /* requested interface name */ +bool multilink = 0; /* Enable multilink operation */ +char *bundle_name = NULL; /* bundle name for multilink */ +bool dump_options; /* print out option values */ +bool dryrun; /* print out option values and exit */ +char *domain; /* domain name set by domain option */ +int child_wait = 5; /* # seconds to wait for children at exit */ +struct userenv *userenv_list; /* user environment variables */ +int dfl_route_metric = -1; /* metric of the default route to set over the PPP link */ + +#ifdef MAXOCTETS +unsigned int maxoctets = 0; /* default - no limit */ +int maxoctets_dir = 0; /* default - sum of traffic */ +int maxoctets_timeout = 1; /* default 1 second */ +#endif + + +extern option_t auth_options[]; +extern struct stat devstat; + +#ifdef PPP_FILTER +struct bpf_program pass_filter;/* Filter program for packets to pass */ +struct bpf_program active_filter; /* Filter program for link-active pkts */ +#endif + +static option_t *curopt; /* pointer to option being processed */ +char *current_option; /* the name of the option being parsed */ +int privileged_option; /* set iff the current option came from root */ +char *option_source; /* string saying where the option came from */ +int option_priority = OPRIO_CFGFILE; /* priority of the current options */ +bool devnam_fixed; /* can no longer change device name */ -struct option_info auth_req_info; -struct option_info connector_info; -struct option_info disconnector_info; -struct option_info welcomer_info; -struct option_info devnam_info; +static int logfile_fd = -1; /* fd opened for log file */ +static char logfile_name[MAXPATHLEN]; /* name of log file */ /* * Prototypes */ -static int setdevname __P((char *, int)); -static int setipaddr __P((char *)); -static int setdebug __P((void)); -static int setkdebug __P((char **)); -static int setpassive __P((void)); -static int setsilent __P((void)); -static int noopt __P((void)); -static int setnovj __P((void)); -static int setnovjccomp __P((void)); -static int setvjslots __P((char **)); -static int reqpap __P((void)); -static int nopap __P((void)); -#ifdef OLD_OPTIONS -static int setupapfile __P((char **)); -#endif -static int nochap __P((void)); -static int reqchap __P((void)); -static int setspeed __P((char *)); -static int noaccomp __P((void)); -static int noasyncmap __P((void)); -static int noip __P((void)); -static int nomagicnumber __P((void)); -static int setasyncmap __P((char **)); -static int setescape __P((char **)); -static int setmru __P((char **)); -static int setmtu __P((char **)); -static int nomru __P((void)); -static int nopcomp __P((void)); -static int setconnector __P((char **)); -static int setdisconnector __P((char **)); -static int setwelcomer __P((char **)); -static int setmaxconnect __P((char **)); static int setdomain __P((char **)); -static int setnetmask __P((char **)); -static int setcrtscts __P((void)); -static int setnocrtscts __P((void)); -static int setxonxoff __P((void)); -static int setnodetach __P((void)); -static int setmodem __P((void)); -static int setlocal __P((void)); -static int setlock __P((void)); -static int setname __P((char **)); -static int setuser __P((char **)); -static int setremote __P((char **)); -static int setauth __P((void)); -static int setnoauth __P((void)); static int readfile __P((char **)); static int callfile __P((char **)); -static int setdefaultroute __P((void)); -static int setnodefaultroute __P((void)); -static int setproxyarp __P((void)); -static int setnoproxyarp __P((void)); -static int setpersist __P((void)); -static int setnopersist __P((void)); -static int setdologin __P((void)); -static int setusehostname __P((void)); -static int setnoipdflt __P((void)); -static int setlcptimeout __P((char **)); -static int setlcpterm __P((char **)); -static int setlcpconf __P((char **)); -static int setlcpfails __P((char **)); -static int setipcptimeout __P((char **)); -static int setipcpterm __P((char **)); -static int setipcpconf __P((char **)); -static int setipcpfails __P((char **)); -static int setpaptimeout __P((char **)); -static int setpapreqs __P((char **)); -static int setpapreqtime __P((char **)); -static int setchaptimeout __P((char **)); -static int setchapchal __P((char **)); -static int setchapintv __P((char **)); -static int setipcpaccl __P((void)); -static int setipcpaccr __P((void)); -static int setlcpechointv __P((char **)); -static int setlcpechofails __P((char **)); -static int noccp __P((void)); -static int setbsdcomp __P((char **)); -static int setnobsdcomp __P((void)); -static int setdeflate __P((char **)); -static int setnodeflate __P((void)); -static int setdemand __P((void)); -static int setpred1comp __P((void)); -static int setnopred1comp __P((void)); -static int setipparam __P((char **)); -static int setpapcrypt __P((void)); -static int setidle __P((char **)); -static int setholdoff __P((char **)); - -#ifdef IPX_CHANGE -static int setipxproto __P((void)); -static int resetipxproto __P((void)); -static int setipxanet __P((void)); -static int setipxalcl __P((void)); -static int setipxarmt __P((void)); -static int setipxnetwork __P((char **)); -static int setipxnode __P((char **)); -static int setipxrouter __P((char **)); -static int setipxname __P((char **)); -static int setipxcptimeout __P((char **)); -static int setipxcpterm __P((char **)); -static int setipxcpconf __P((char **)); -static int setipxcpfails __P((char **)); -#endif /* IPX_CHANGE */ - -#ifdef USE_MS_DNS -static int setdnsaddr __P((char **)); +static int showversion __P((char **)); +static int showhelp __P((char **)); +static void usage __P((void)); +static int setlogfile __P((char **)); +#ifdef PLUGIN +static int loadplugin __P((char **)); +#endif + +#ifdef PPP_FILTER +static int setpassfilter __P((char **)); +static int setactivefilter __P((char **)); +#endif + +#ifdef MAXOCTETS +static int setmodir __P((char **)); #endif +static int user_setenv __P((char **)); +static void user_setprint __P((option_t *, printer_func, void *)); +static int user_unsetenv __P((char **)); +static void user_unsetprint __P((option_t *, printer_func, void *)); + +static option_t *find_option __P((const char *name)); +static int process_option __P((option_t *, char *, char **)); +static int n_arguments __P((option_t *)); static int number_option __P((char *, u_int32_t *, int)); -static int int_option __P((char *, int *)); -static int readable __P((int fd)); + +/* + * Structure to store extra lists of options. + */ +struct option_list { + option_t *options; + struct option_list *next; +}; + +static struct option_list *extra_options = NULL; /* * Valid arguments. */ -static struct cmd { - char *cmd_name; - int num_args; - int (*cmd_func)(); -} cmds[] = { - {"-all", 0, noopt}, /* Don't request/allow any options (useless) */ - {"noaccomp", 0, noaccomp}, /* Disable Address/Control compression */ - {"-ac", 0, noaccomp}, /* Disable Address/Control compress */ - {"default-asyncmap", 0, noasyncmap}, /* Disable asyncmap negoatiation */ - {"-am", 0, noasyncmap}, /* Disable asyncmap negotiation */ - {"-as", 1, setasyncmap}, /* set the desired async map */ - {"-d", 0, setdebug}, /* Increase debugging level */ - {"nodetach", 0, setnodetach}, /* Don't detach from controlling tty */ - {"-detach", 0, setnodetach}, /* don't fork */ - {"noip", 0, noip}, /* Disable IP and IPCP */ - {"-ip", 0, noip}, /* Disable IP and IPCP */ - {"nomagic", 0, nomagicnumber}, /* Disable magic number negotiation */ - {"-mn", 0, nomagicnumber}, /* Disable magic number negotiation */ - {"default-mru", 0, nomru}, /* Disable MRU negotiation */ - {"-mru", 0, nomru}, /* Disable mru negotiation */ - {"-p", 0, setpassive}, /* Set passive mode */ - {"nopcomp", 0, nopcomp}, /* Disable protocol field compression */ - {"-pc", 0, nopcomp}, /* Disable protocol field compress */ -#if OLD_OPTIONS - {"+ua", 1, setupapfile}, /* Get PAP user and password from file */ +option_t general_options[] = { + { "debug", o_int, &debug, + "Increase debugging level", OPT_INC | OPT_NOARG | 1 }, + { "-d", o_int, &debug, + "Increase debugging level", + OPT_ALIAS | OPT_INC | OPT_NOARG | 1 }, + + { "kdebug", o_int, &kdebugflag, + "Set kernel driver debug level", OPT_PRIO }, + + { "nodetach", o_bool, &nodetach, + "Don't detach from controlling tty", OPT_PRIO | 1 }, + { "-detach", o_bool, &nodetach, + "Don't detach from controlling tty", OPT_ALIAS | OPT_PRIOSUB | 1 }, +#ifdef SYSTEMD + { "up_sdnotify", o_bool, &up_sdnotify, + "Notify systemd once link is up (implies nodetach)", + OPT_PRIOSUB | OPT_A2COPY | 1, &nodetach }, #endif - {"require-pap", 0, reqpap}, /* Require PAP authentication from peer */ - {"+pap", 0, reqpap}, /* Require PAP auth from peer */ - {"refuse-pap", 0, nopap}, /* Don't agree to auth to peer with PAP */ - {"-pap", 0, nopap}, /* Don't allow UPAP authentication with peer */ - {"require-chap", 0, reqchap}, /* Require CHAP authentication from peer */ - {"+chap", 0, reqchap}, /* Require CHAP authentication from peer */ - {"refuse-chap", 0, nochap}, /* Don't agree to auth to peer with CHAP */ - {"-chap", 0, nochap}, /* Don't allow CHAP authentication with peer */ - {"novj", 0, setnovj}, /* Disable VJ compression */ - {"-vj", 0, setnovj}, /* disable VJ compression */ - {"novjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */ - {"-vjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */ - {"vj-max-slots", 1, setvjslots}, /* Set maximum VJ header slots */ - {"asyncmap", 1, setasyncmap}, /* set the desired async map */ - {"escape", 1, setescape}, /* set chars to escape on transmission */ - {"connect", 1, setconnector}, /* A program to set up a connection */ - {"disconnect", 1, setdisconnector}, /* program to disconnect serial dev. */ - {"welcome", 1, setwelcomer},/* Script to welcome client */ - {"maxconnect", 1, setmaxconnect}, /* specify a maximum connect time */ - {"crtscts", 0, setcrtscts}, /* set h/w flow control */ - {"nocrtscts", 0, setnocrtscts}, /* clear h/w flow control */ - {"-crtscts", 0, setnocrtscts}, /* clear h/w flow control */ - {"xonxoff", 0, setxonxoff}, /* set s/w flow control */ - {"debug", 0, setdebug}, /* Increase debugging level */ - {"kdebug", 1, setkdebug}, /* Enable kernel-level debugging */ - {"domain", 1, setdomain}, /* Add given domain name to hostname*/ - {"mru", 1, setmru}, /* Set MRU value for negotiation */ - {"mtu", 1, setmtu}, /* Set our MTU */ - {"netmask", 1, setnetmask}, /* set netmask */ - {"passive", 0, setpassive}, /* Set passive mode */ - {"silent", 0, setsilent}, /* Set silent mode */ - {"modem", 0, setmodem}, /* Use modem control lines */ - {"local", 0, setlocal}, /* Don't use modem control lines */ - {"lock", 0, setlock}, /* Lock serial device (with lock file) */ - {"name", 1, setname}, /* Set local name for authentication */ - {"user", 1, setuser}, /* Set name for auth with peer */ - {"usehostname", 0, setusehostname}, /* Must use hostname for auth. */ - {"remotename", 1, setremote}, /* Set remote name for authentication */ - {"auth", 0, setauth}, /* Require authentication from peer */ - {"noauth", 0, setnoauth}, /* Don't require peer to authenticate */ - {"file", 1, readfile}, /* Take options from a file */ - {"call", 1, callfile}, /* Take options from a privileged file */ - {"defaultroute", 0, setdefaultroute}, /* Add default route */ - {"nodefaultroute", 0, setnodefaultroute}, /* disable defaultroute option */ - {"-defaultroute", 0, setnodefaultroute}, /* disable defaultroute option */ - {"proxyarp", 0, setproxyarp}, /* Add proxy ARP entry */ - {"noproxyarp", 0, setnoproxyarp}, /* disable proxyarp option */ - {"-proxyarp", 0, setnoproxyarp}, /* disable proxyarp option */ - {"persist", 0, setpersist}, /* Keep on reopening connection after close */ - {"nopersist", 0, setnopersist}, /* Turn off persist option */ - {"demand", 0, setdemand}, /* Dial on demand */ - {"login", 0, setdologin}, /* Use system password database for UPAP */ - {"noipdefault", 0, setnoipdflt}, /* Don't use name for default IP adrs */ - {"lcp-echo-failure", 1, setlcpechofails}, /* consecutive echo failures */ - {"lcp-echo-interval", 1, setlcpechointv}, /* time for lcp echo events */ - {"lcp-restart", 1, setlcptimeout}, /* Set timeout for LCP */ - {"lcp-max-terminate", 1, setlcpterm}, /* Set max #xmits for term-reqs */ - {"lcp-max-configure", 1, setlcpconf}, /* Set max #xmits for conf-reqs */ - {"lcp-max-failure", 1, setlcpfails}, /* Set max #conf-naks for LCP */ - {"ipcp-restart", 1, setipcptimeout}, /* Set timeout for IPCP */ - {"ipcp-max-terminate", 1, setipcpterm}, /* Set max #xmits for term-reqs */ - {"ipcp-max-configure", 1, setipcpconf}, /* Set max #xmits for conf-reqs */ - {"ipcp-max-failure", 1, setipcpfails}, /* Set max #conf-naks for IPCP */ - {"pap-restart", 1, setpaptimeout}, /* Set retransmit timeout for PAP */ - {"pap-max-authreq", 1, setpapreqs}, /* Set max #xmits for auth-reqs */ - {"pap-timeout", 1, setpapreqtime}, /* Set time limit for peer PAP auth. */ - {"chap-restart", 1, setchaptimeout}, /* Set timeout for CHAP */ - {"chap-max-challenge", 1, setchapchal}, /* Set max #xmits for challenge */ - {"chap-interval", 1, setchapintv}, /* Set interval for rechallenge */ - {"ipcp-accept-local", 0, setipcpaccl}, /* Accept peer's address for us */ - {"ipcp-accept-remote", 0, setipcpaccr}, /* Accept peer's address for it */ - {"noccp", 0, noccp}, /* Disable CCP negotiation */ - {"-ccp", 0, noccp}, /* Disable CCP negotiation */ - {"bsdcomp", 1, setbsdcomp}, /* request BSD-Compress */ - {"nobsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */ - {"-bsdcomp", 0, setnobsdcomp}, /* don't allow BSD-Compress */ - {"deflate", 1, setdeflate}, /* request Deflate compression */ - {"nodeflate", 0, setnodeflate}, /* don't allow Deflate compression */ - {"-deflate", 0, setnodeflate}, /* don't allow Deflate compression */ - {"predictor1", 0, setpred1comp}, /* request Predictor-1 */ - {"nopredictor1", 0, setnopred1comp},/* don't allow Predictor-1 */ - {"-predictor1", 0, setnopred1comp}, /* don't allow Predictor-1 */ - {"ipparam", 1, setipparam}, /* set ip script parameter */ - {"papcrypt", 0, setpapcrypt}, /* PAP passwords encrypted */ - {"idle", 1, setidle}, /* idle time limit (seconds) */ - {"holdoff", 1, setholdoff}, /* set holdoff time (seconds) */ - -#ifdef IPX_CHANGE - {"ipx-network", 1, setipxnetwork}, /* IPX network number */ - {"ipxcp-accept-network", 0, setipxanet}, /* Accept peer netowrk */ - {"ipx-node", 1, setipxnode}, /* IPX node number */ - {"ipxcp-accept-local", 0, setipxalcl}, /* Accept our address */ - {"ipxcp-accept-remote", 0, setipxarmt}, /* Accept peer's address */ - {"ipx-routing", 1, setipxrouter}, /* IPX routing proto number */ - {"ipx-router-name", 1, setipxname}, /* IPX router name */ - {"ipxcp-restart", 1, setipxcptimeout}, /* Set timeout for IPXCP */ - {"ipxcp-max-terminate", 1, setipxcpterm}, /* max #xmits for term-reqs */ - {"ipxcp-max-configure", 1, setipxcpconf}, /* max #xmits for conf-reqs */ - {"ipxcp-max-failure", 1, setipxcpfails}, /* max #conf-naks for IPXCP */ -#if 0 - {"ipx-compression", 1, setipxcompression}, /* IPX compression number */ + { "updetach", o_bool, &updetach, + "Detach from controlling tty once link is up", + OPT_PRIOSUB | OPT_A2CLR | 1, &nodetach }, + + { "master_detach", o_bool, &master_detach, + "Detach when we're multilink master but have no link", 1 }, + + { "holdoff", o_int, &holdoff, + "Set time in seconds before retrying connection", + OPT_PRIO, &holdoff_specified }, + + { "idle", o_int, &idle_time_limit, + "Set time in seconds before disconnecting idle link", OPT_PRIO }, + + { "maxconnect", o_int, &maxconnect, + "Set connection time limit", + OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, + + { "domain", o_special, (void *)setdomain, + "Add given domain name to hostname", + OPT_PRIO | OPT_PRIV | OPT_A2STRVAL, &domain }, + + { "file", o_special, (void *)readfile, + "Take options from a file", OPT_NOPRINT }, + { "call", o_special, (void *)callfile, + "Take options from a privileged file", OPT_NOPRINT }, + + { "persist", o_bool, &persist, + "Keep on reopening connection after close", OPT_PRIO | 1 }, + { "nopersist", o_bool, &persist, + "Turn off persist option", OPT_PRIOSUB }, + + { "demand", o_bool, &demand, + "Dial on demand", OPT_INITONLY | 1, &persist }, + + { "--version", o_special_noarg, (void *)showversion, + "Show version number" }, + { "--help", o_special_noarg, (void *)showhelp, + "Show brief listing of options" }, + { "-h", o_special_noarg, (void *)showhelp, + "Show brief listing of options", OPT_ALIAS }, + + { "logfile", o_special, (void *)setlogfile, + "Append log messages to this file", + OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, &logfile_name }, + { "logfd", o_int, &log_to_fd, + "Send log messages to this file descriptor", + OPT_PRIOSUB | OPT_A2CLR, &log_default }, + { "nolog", o_int, &log_to_fd, + "Don't send log messages to any file", + OPT_PRIOSUB | OPT_NOARG | OPT_VAL(-1) }, + { "nologfd", o_int, &log_to_fd, + "Don't send log messages to any file descriptor", + OPT_PRIOSUB | OPT_ALIAS | OPT_NOARG | OPT_VAL(-1) }, + + { "linkname", o_string, linkname, + "Set logical name for link", + OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXPATHLEN }, + + { "maxfail", o_int, &maxfail, + "Maximum number of unsuccessful connection attempts to allow", + OPT_PRIO }, + + { "ktune", o_bool, &tune_kernel, + "Alter kernel settings as necessary", OPT_PRIO | 1 }, + { "noktune", o_bool, &tune_kernel, + "Don't alter kernel settings", OPT_PRIOSUB }, + + { "connect-delay", o_int, &connect_delay, + "Maximum time (in ms) to wait after connect script finishes", + OPT_PRIO }, + + { "unit", o_int, &req_unit, + "PPP interface unit number to use if possible", + OPT_PRIO | OPT_LLIMIT, 0, 0 }, + + { "ifname", o_string, req_ifname, + "Set PPP interface name", + OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXIFNAMELEN }, + + { "dump", o_bool, &dump_options, + "Print out option values after parsing all options", 1 }, + { "dryrun", o_bool, &dryrun, + "Stop after parsing, printing, and checking options", 1 }, + + { "child-timeout", o_int, &child_wait, + "Number of seconds to wait for child processes at exit", + OPT_PRIO }, + + { "set", o_special, (void *)user_setenv, + "Set user environment variable", + OPT_A2PRINTER | OPT_NOPRINT, (void *)user_setprint }, + { "unset", o_special, (void *)user_unsetenv, + "Unset user environment variable", + OPT_A2PRINTER | OPT_NOPRINT, (void *)user_unsetprint }, + + { "defaultroute-metric", o_int, &dfl_route_metric, + "Metric to use for the default route (Linux only; -1 for default behavior)", + OPT_PRIV|OPT_LLIMIT|OPT_INITONLY, NULL, 0, -1 }, + +#ifdef HAVE_MULTILINK + { "multilink", o_bool, &multilink, + "Enable multilink operation", OPT_PRIO | 1 }, + { "mp", o_bool, &multilink, + "Enable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 1 }, + { "nomultilink", o_bool, &multilink, + "Disable multilink operation", OPT_PRIOSUB | 0 }, + { "nomp", o_bool, &multilink, + "Disable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 0 }, + + { "bundle", o_string, &bundle_name, + "Bundle name for multilink", OPT_PRIO }, +#endif /* HAVE_MULTILINK */ + +#ifdef PLUGIN + { "plugin", o_special, (void *)loadplugin, + "Load a plug-in module into pppd", OPT_PRIV | OPT_A2LIST }, +#endif + +#ifdef PPP_FILTER + { "pass-filter", o_special, setpassfilter, + "set filter for packets to pass", OPT_PRIO }, + + { "active-filter", o_special, setactivefilter, + "set filter for active pkts", OPT_PRIO }, #endif - {"ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */ - {"noipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */ - {"+ipx", 0, setipxproto}, /* Enable IPXCP (and IPX) */ - {"-ipx", 0, resetipxproto}, /* Disable IPXCP (and IPX) */ -#endif /* IPX_CHANGE */ - -#ifdef USE_MS_DNS - {"ms-dns", 1, setdnsaddr}, /* DNS address(es) for the peer's use */ + +#ifdef MAXOCTETS + { "maxoctets", o_int, &maxoctets, + "Set connection traffic limit", + OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, + { "mo", o_int, &maxoctets, + "Set connection traffic limit", + OPT_ALIAS | OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, + { "mo-direction", o_special, setmodir, + "Set direction for limit traffic (sum,in,out,max)" }, + { "mo-timeout", o_int, &maxoctets_timeout, + "Check for traffic limit every N seconds", OPT_PRIO | OPT_LLIMIT | 1 }, #endif - {NULL, 0, NULL} + { NULL } }; - #ifndef IMPLEMENTATION #define IMPLEMENTATION "" #endif static char *usage_string = "\ -pppd version %s patch level %d%s\n\ +pppd version %s\n\ Usage: %s [ options ], where options are:\n\ Communicate over the named device\n\ Set the baud rate to \n\ @@ -387,14 +379,9 @@ Usage: %s [ options ], where options are:\n\ file Take options from file \n\ modem Use modem control lines\n\ mru Set MRU value to for negotiation\n\ - netmask Set interface netmask to \n\ See pppd(8) for more options.\n\ "; -static char *current_option; /* the name of the option being parsed */ -static int privileged_option; /* set iff the current option came from root */ -static char *option_source; /* string saying where the option came from */ - /* * parse_args - parse a string of arguments from the command line. */ @@ -404,92 +391,32 @@ parse_args(argc, argv) char **argv; { char *arg; - struct cmd *cmdp; - int ret; + option_t *opt; + int n; privileged_option = privileged; option_source = "command line"; + option_priority = OPRIO_CMDLINE; while (argc > 0) { arg = *argv++; --argc; - - /* - * First see if it's a command. - */ - for (cmdp = cmds; cmdp->cmd_name; cmdp++) - if (!strcmp(arg, cmdp->cmd_name)) - break; - - if (cmdp->cmd_name != NULL) { - if (argc < cmdp->num_args) { - option_error("too few parameters for option %s", arg); - return 0; - } - current_option = arg; - if (!(*cmdp->cmd_func)(argv)) - return 0; - argc -= cmdp->num_args; - argv += cmdp->num_args; - - } else { - /* - * Maybe a tty name, speed or IP address? - */ - if ((ret = setdevname(arg, 0)) == 0 - && (ret = setspeed(arg)) == 0 - && (ret = setipaddr(arg)) == 0) { - option_error("unrecognized option '%s'", arg); - usage(); - return 0; - } - if (ret < 0) /* error */ - return 0; + opt = find_option(arg); + if (opt == NULL) { + option_error("unrecognized option '%s'", arg); + usage(); + return 0; } - } - return 1; -} - -/* - * scan_args - scan the command line arguments to get the tty name, - * if specified. - */ -void -scan_args(argc, argv) - int argc; - char **argv; -{ - char *arg; - struct cmd *cmdp; - - while (argc > 0) { - arg = *argv++; - --argc; - - /* Skip options and their arguments */ - for (cmdp = cmds; cmdp->cmd_name; cmdp++) - if (!strcmp(arg, cmdp->cmd_name)) - break; - - if (cmdp->cmd_name != NULL) { - argc -= cmdp->num_args; - argv += cmdp->num_args; - continue; + n = n_arguments(opt); + if (argc < n) { + option_error("too few parameters for option %s", arg); + return 0; } - - /* Check if it's a tty name and copy it if so */ - (void) setdevname(arg, 1); + if (!process_option(opt, arg, argv)) + return 0; + argc -= n; + argv += n; } -} - -/* - * usage - print out a message telling how to use the program. - */ -void -usage() -{ - if (phase == PHASE_INITIALIZE) - fprintf(stderr, usage_string, VERSION, PATCHLEVEL, IMPLEMENTATION, - progname); + return 1; } /* @@ -504,70 +431,68 @@ options_from_file(filename, must_exist, check_prot, priv) int priv; { FILE *f; - int i, newline, ret; - struct cmd *cmdp; - int oldpriv; + int i, newline, ret, err; + option_t *opt; + int oldpriv, n; + char *oldsource; + uid_t euid; char *argv[MAXARGS]; char args[MAXARGS][MAXWORDLEN]; char cmd[MAXWORDLEN]; - if ((f = fopen(filename, "r")) == NULL) { - if (!must_exist && errno == ENOENT) - return 1; - option_error("Can't open options file %s: %m", filename); + euid = geteuid(); + if (check_prot && seteuid(getuid()) == -1) { + option_error("unable to drop privileges to open %s: %m", filename); return 0; } - if (check_prot && !readable(fileno(f))) { - option_error("Can't open options file %s: access denied", filename); - fclose(f); + f = fopen(filename, "r"); + err = errno; + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); + if (f == NULL) { + errno = err; + if (!must_exist) { + if (err != ENOENT && err != ENOTDIR) + warn("Warning: can't open options file %s: %m", filename); + return 1; + } + option_error("Can't open options file %s: %m", filename); return 0; } oldpriv = privileged_option; privileged_option = priv; + oldsource = option_source; + option_source = strdup(filename); + if (option_source == NULL) + option_source = "file"; ret = 0; while (getword(f, cmd, &newline, filename)) { - /* - * First see if it's a command. - */ - for (cmdp = cmds; cmdp->cmd_name; cmdp++) - if (!strcmp(cmd, cmdp->cmd_name)) - break; - - if (cmdp->cmd_name != NULL) { - for (i = 0; i < cmdp->num_args; ++i) { - if (!getword(f, args[i], &newline, filename)) { - option_error( + opt = find_option(cmd); + if (opt == NULL) { + option_error("In file %s: unrecognized option '%s'", + filename, cmd); + goto err; + } + n = n_arguments(opt); + for (i = 0; i < n; ++i) { + if (!getword(f, args[i], &newline, filename)) { + option_error( "In file %s: too few parameters for option '%s'", filename, cmd); - goto err; - } - argv[i] = args[i]; - } - current_option = cmd; - if (!(*cmdp->cmd_func)(argv)) - goto err; - - } else { - /* - * Maybe a tty name, speed or IP address? - */ - if ((i = setdevname(cmd, 0)) == 0 - && (i = setspeed(cmd)) == 0 - && (i = setipaddr(cmd)) == 0) { - option_error("In file %s: unrecognized option '%s'", - filename, cmd); goto err; } - if (i < 0) /* error */ - goto err; + argv[i] = args[i]; } + if (!process_option(opt, cmd, argv)) + goto err; } ret = 1; err: fclose(f); privileged_option = oldpriv; + option_source = oldsource; return ret; } @@ -581,17 +506,18 @@ options_from_user() char *user, *path, *file; int ret; struct passwd *pw; + size_t pl; pw = getpwuid(getuid()); if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) return 1; file = _PATH_USEROPT; - path = malloc(strlen(user) + strlen(file) + 2); + pl = strlen(user) + strlen(file) + 2; + path = malloc(pl); if (path == NULL) novm("init file name"); - strcpy(path, user); - strcat(path, "/"); - strcat(path, file); + slprintf(path, pl, "%s/%s", user, file); + option_priority = OPRIO_CFGFILE; ret = options_from_file(path, 0, 1, privileged); free(path); return ret; @@ -600,143 +526,687 @@ options_from_user() /* * options_for_tty - See if an options file exists for the serial * device, and if so, interpret options from it. + * We only allow the per-tty options file to override anything from + * the command line if it is something that the user can't override + * once it has been set by root; this is done by giving configuration + * files a lower priority than the command line. */ int options_for_tty() { char *dev, *path, *p; int ret; + size_t pl; dev = devnam; - if (strncmp(dev, "/dev/", 5) == 0) - dev += 5; - if (strcmp(dev, "tty") == 0) + if ((p = strstr(dev, "/dev/")) != NULL) + dev = p + 5; + if (dev[0] == 0 || strcmp(dev, "tty") == 0) return 1; /* don't look for /etc/ppp/options.tty */ - path = malloc(strlen(_PATH_TTYOPT) + strlen(dev) + 1); + pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1; + path = malloc(pl); if (path == NULL) novm("tty init file name"); - strcpy(path, _PATH_TTYOPT); + slprintf(path, pl, "%s%s", _PATH_TTYOPT, dev); /* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */ - for (p = path + strlen(path); *dev != 0; ++dev) - *p++ = (*dev == '/'? '.': *dev); - *p = 0; + for (p = path + strlen(_PATH_TTYOPT); *p != 0; ++p) + if (*p == '/') + *p = '.'; + option_priority = OPRIO_CFGFILE; ret = options_from_file(path, 0, 0, 1); free(path); return ret; } /* - * option_error - print a message about an error in an option. - * The message is logged, and also sent to - * stderr if phase == PHASE_INITIALIZE. + * options_from_list - process a string of options in a wordlist. */ -void -option_error __V((char *fmt, ...)) +int +options_from_list(w, priv) + struct wordlist *w; + int priv; { - va_list args; - int n; - char buf[256]; + char *argv[MAXARGS]; + option_t *opt; + int i, n, ret = 0; + struct wordlist *w0; -#if __STDC__ - va_start(args, fmt); -#else - char *fmt; - va_start(args); - fmt = va_arg(args, char *); -#endif - vfmtmsg(buf, sizeof(buf), fmt, args); - va_end(args); - if (phase == PHASE_INITIALIZE) - fprintf(stderr, "%s: %s\n", progname, buf); - syslog(LOG_ERR, "%s", buf); + privileged_option = priv; + option_source = "secrets file"; + option_priority = OPRIO_SECFILE; + + while (w != NULL) { + opt = find_option(w->word); + if (opt == NULL) { + option_error("In secrets file: unrecognized option '%s'", + w->word); + goto err; + } + n = n_arguments(opt); + w0 = w; + for (i = 0; i < n; ++i) { + w = w->next; + if (w == NULL) { + option_error( + "In secrets file: too few parameters for option '%s'", + w0->word); + goto err; + } + argv[i] = w->word; + } + if (!process_option(opt, w0->word, argv)) + goto err; + w = w->next; + } + ret = 1; + +err: + return ret; } /* - * readable - check if a file is readable by the real user. + * match_option - see if this option matches an option_t structure. */ static int -readable(fd) - int fd; +match_option(name, opt, dowild) + char *name; + option_t *opt; + int dowild; { - uid_t uid; - int ngroups, i; - struct stat sbuf; - GIDSET_TYPE groups[NGROUPS_MAX]; + int (*match) __P((char *, char **, int)); - uid = getuid(); - if (uid == 0) - return 1; - if (fstat(fd, &sbuf) != 0) - return 0; - if (sbuf.st_uid == uid) - return sbuf.st_mode & S_IRUSR; - if (sbuf.st_gid == getgid()) - return sbuf.st_mode & S_IRGRP; - ngroups = getgroups(NGROUPS_MAX, groups); - for (i = 0; i < ngroups; ++i) - if (sbuf.st_gid == groups[i]) - return sbuf.st_mode & S_IRGRP; - return sbuf.st_mode & S_IROTH; + if (dowild != (opt->type == o_wild)) + return 0; + if (!dowild) + return strcmp(name, opt->name) == 0; + match = (int (*) __P((char *, char **, int))) opt->addr; + return (*match)(name, NULL, 0); } /* - * Read a word from a file. - * Words are delimited by white-space or by quotes (" or '). - * Quotes, white-space and \ may be escaped with \. - * \ is ignored. + * find_option - scan the option lists for the various protocols + * looking for an entry with the given name. + * This could be optimized by using a hash table. */ -int -getword(f, word, newlinep, filename) - FILE *f; - char *word; - int *newlinep; - char *filename; +static option_t * +find_option(name) + const char *name; +{ + option_t *opt; + struct option_list *list; + int i, dowild; + + for (dowild = 0; dowild <= 1; ++dowild) { + for (opt = general_options; opt->name != NULL; ++opt) + if (match_option(name, opt, dowild)) + return opt; + for (opt = auth_options; opt->name != NULL; ++opt) + if (match_option(name, opt, dowild)) + return opt; + for (list = extra_options; list != NULL; list = list->next) + for (opt = list->options; opt->name != NULL; ++opt) + if (match_option(name, opt, dowild)) + return opt; + for (opt = the_channel->options; opt->name != NULL; ++opt) + if (match_option(name, opt, dowild)) + return opt; + for (i = 0; protocols[i] != NULL; ++i) + if ((opt = protocols[i]->options) != NULL) + for (; opt->name != NULL; ++opt) + if (match_option(name, opt, dowild)) + return opt; + } + return NULL; +} + +/* + * process_option - process one new-style option. + */ +static int +process_option(opt, cmd, argv) + option_t *opt; + char *cmd; + char **argv; { - int c, len, escape; - int quoted, comment; - int value, digit, got, n; + u_int32_t v; + int iv, a; + char *sv; + int (*parser) __P((char **)); + int (*wildp) __P((char *, char **, int)); + char *optopt = (opt->type == o_wild)? "": " option"; + int prio = option_priority; + option_t *mainopt = opt; + + current_option = opt->name; + if ((opt->flags & OPT_PRIVFIX) && privileged_option) + prio += OPRIO_ROOT; + while (mainopt->flags & OPT_PRIOSUB) + --mainopt; + if (mainopt->flags & OPT_PRIO) { + if (prio < mainopt->priority) { + /* new value doesn't override old */ + if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) { + option_error("%s%s set in %s cannot be overridden\n", + opt->name, optopt, mainopt->source); + return 0; + } + return 1; + } + if (prio > OPRIO_ROOT && mainopt->priority == OPRIO_CMDLINE) + warn("%s%s from %s overrides command line", + opt->name, optopt, option_source); + } -#define isoctal(c) ((c) >= '0' && (c) < '8') + if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) { + option_error("%s%s cannot be changed after initialization", + opt->name, optopt); + return 0; + } + if ((opt->flags & OPT_PRIV) && !privileged_option) { + option_error("using the %s%s requires root privilege", + opt->name, optopt); + return 0; + } + if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) { + option_error("%s%s is disabled", opt->name, optopt); + return 0; + } + if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) { + option_error("the %s%s may not be changed in %s", + opt->name, optopt, option_source); + return 0; + } - *newlinep = 0; - len = 0; - escape = 0; - comment = 0; + switch (opt->type) { + case o_bool: + v = opt->flags & OPT_VALUE; + *(bool *)(opt->addr) = v; + if (opt->addr2 && (opt->flags & OPT_A2COPY)) + *(bool *)(opt->addr2) = v; + else if (opt->addr2 && (opt->flags & OPT_A2CLR)) + *(bool *)(opt->addr2) = 0; + else if (opt->addr2 && (opt->flags & OPT_A2CLRB)) + *(u_char *)(opt->addr2) &= ~v; + else if (opt->addr2 && (opt->flags & OPT_A2OR)) + *(u_char *)(opt->addr2) |= v; + break; + + case o_int: + iv = 0; + if ((opt->flags & OPT_NOARG) == 0) { + if (!int_option(*argv, &iv)) + return 0; + if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit) + || ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit)) + && !((opt->flags & OPT_ZEROOK && iv == 0))) { + char *zok = (opt->flags & OPT_ZEROOK)? " zero or": ""; + switch (opt->flags & OPT_LIMITS) { + case OPT_LLIMIT: + option_error("%s value must be%s >= %d", + opt->name, zok, opt->lower_limit); + break; + case OPT_ULIMIT: + option_error("%s value must be%s <= %d", + opt->name, zok, opt->upper_limit); + break; + case OPT_LIMITS: + option_error("%s value must be%s between %d and %d", + opt->name, zok, opt->lower_limit, opt->upper_limit); + break; + } + return 0; + } + } + a = opt->flags & OPT_VALUE; + if (a >= 128) + a -= 256; /* sign extend */ + iv += a; + if (opt->flags & OPT_INC) + iv += *(int *)(opt->addr); + if ((opt->flags & OPT_NOINCR) && !privileged_option) { + int oldv = *(int *)(opt->addr); + if ((opt->flags & OPT_ZEROINF) ? + (oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) { + option_error("%s value cannot be increased", opt->name); + return 0; + } + } + *(int *)(opt->addr) = iv; + if (opt->addr2 && (opt->flags & OPT_A2COPY)) + *(int *)(opt->addr2) = iv; + break; + + case o_uint32: + if (opt->flags & OPT_NOARG) { + v = opt->flags & OPT_VALUE; + if (v & 0x80) + v |= 0xffffff00U; + } else if (!number_option(*argv, &v, 16)) + return 0; + if (opt->flags & OPT_OR) + v |= *(u_int32_t *)(opt->addr); + *(u_int32_t *)(opt->addr) = v; + if (opt->addr2 && (opt->flags & OPT_A2COPY)) + *(u_int32_t *)(opt->addr2) = v; + break; + + case o_string: + if (opt->flags & OPT_STATIC) { + strlcpy((char *)(opt->addr), *argv, opt->upper_limit); + } else { + char **optptr = (char **)(opt->addr); + sv = strdup(*argv); + if (sv == NULL) + novm("option argument"); + if (*optptr) + free(*optptr); + *optptr = sv; + } + break; + + case o_special_noarg: + case o_special: + parser = (int (*) __P((char **))) opt->addr; + curopt = opt; + if (!(*parser)(argv)) + return 0; + if (opt->flags & OPT_A2LIST) { + struct option_value *ovp, *pp; + + ovp = malloc(sizeof(*ovp) + strlen(*argv)); + if (ovp != 0) { + strcpy(ovp->value, *argv); + ovp->source = option_source; + ovp->next = NULL; + if (opt->addr2 == NULL) { + opt->addr2 = ovp; + } else { + for (pp = opt->addr2; pp->next != NULL; pp = pp->next) + ; + pp->next = ovp; + } + } + } + break; + + case o_wild: + wildp = (int (*) __P((char *, char **, int))) opt->addr; + if (!(*wildp)(cmd, argv, 1)) + return 0; + break; + } /* - * First skip white-space and comments. + * If addr2 wasn't used by any flag (OPT_A2COPY, etc.) but is set, + * treat it as a bool and set/clear it based on the OPT_A2CLR bit. */ - for (;;) { - c = getc(f); - if (c == EOF) - break; + if (opt->addr2 && (opt->flags & (OPT_A2COPY|OPT_ENABLE + |OPT_A2PRINTER|OPT_A2STRVAL|OPT_A2LIST|OPT_A2OR)) == 0) + *(bool *)(opt->addr2) = !(opt->flags & OPT_A2CLR); - /* - * A newline means the end of a comment; backslash-newline - * is ignored. Note that we cannot have escape && comment. - */ - if (c == '\n') { - if (!escape) { - *newlinep = 1; - comment = 0; - } else - escape = 0; - continue; - } + mainopt->source = option_source; + mainopt->priority = prio; + mainopt->winner = opt - mainopt; - /* - * Ignore characters other than newline in a comment. - */ - if (comment) - continue; + return 1; +} - /* - * If this character is escaped, we have a word start. - */ - if (escape) - break; +/* + * override_value - if the option priorities would permit us to + * override the value of option, return 1 and update the priority + * and source of the option value. Otherwise returns 0. + */ +int +override_value(option, priority, source) + const char *option; + int priority; + const char *source; +{ + option_t *opt; - /* + opt = find_option(option); + if (opt == NULL) + return 0; + while (opt->flags & OPT_PRIOSUB) + --opt; + if ((opt->flags & OPT_PRIO) && priority < opt->priority) + return 0; + opt->priority = priority; + opt->source = source; + opt->winner = -1; + return 1; +} + +/* + * n_arguments - tell how many arguments an option takes + */ +static int +n_arguments(opt) + option_t *opt; +{ + return (opt->type == o_bool || opt->type == o_special_noarg + || (opt->flags & OPT_NOARG))? 0: 1; +} + +/* + * add_options - add a list of options to the set we grok. + */ +void +add_options(opt) + option_t *opt; +{ + struct option_list *list; + + list = malloc(sizeof(*list)); + if (list == 0) + novm("option list entry"); + list->options = opt; + list->next = extra_options; + extra_options = list; +} + +/* + * check_options - check that options are valid and consistent. + */ +void +check_options() +{ + if (logfile_fd >= 0 && logfile_fd != log_to_fd) + close(logfile_fd); +} + +/* + * print_option - print out an option and its value + */ +static void +print_option(opt, mainopt, printer, arg) + option_t *opt, *mainopt; + printer_func printer; + void *arg; +{ + int i, v; + char *p; + + if (opt->flags & OPT_NOPRINT) + return; + switch (opt->type) { + case o_bool: + v = opt->flags & OPT_VALUE; + if (*(bool *)opt->addr != v) + /* this can happen legitimately, e.g. lock + option turned off for default device */ + break; + printer(arg, "%s", opt->name); + break; + case o_int: + v = opt->flags & OPT_VALUE; + if (v >= 128) + v -= 256; + i = *(int *)opt->addr; + if (opt->flags & OPT_NOARG) { + printer(arg, "%s", opt->name); + if (i != v) { + if (opt->flags & OPT_INC) { + for (; i > v; i -= v) + printer(arg, " %s", opt->name); + } else + printer(arg, " # oops: %d not %d\n", + i, v); + } + } else { + printer(arg, "%s %d", opt->name, i); + } + break; + case o_uint32: + printer(arg, "%s", opt->name); + if ((opt->flags & OPT_NOARG) == 0) + printer(arg, " %x", *(u_int32_t *)opt->addr); + break; + + case o_string: + if (opt->flags & OPT_HIDE) { + p = "??????"; + } else { + p = (char *) opt->addr; + if ((opt->flags & OPT_STATIC) == 0) + p = *(char **)p; + } + printer(arg, "%s %q", opt->name, p); + break; + + case o_special: + case o_special_noarg: + case o_wild: + if (opt->type != o_wild) { + printer(arg, "%s", opt->name); + if (n_arguments(opt) == 0) + break; + printer(arg, " "); + } + if (opt->flags & OPT_A2PRINTER) { + void (*oprt) __P((option_t *, printer_func, void *)); + oprt = (void (*) __P((option_t *, printer_func, + void *)))opt->addr2; + (*oprt)(opt, printer, arg); + } else if (opt->flags & OPT_A2STRVAL) { + p = (char *) opt->addr2; + if ((opt->flags & OPT_STATIC) == 0) + p = *(char **)p; + printer("%q", p); + } else if (opt->flags & OPT_A2LIST) { + struct option_value *ovp; + + ovp = (struct option_value *) opt->addr2; + for (;;) { + printer(arg, "%q", ovp->value); + if ((ovp = ovp->next) == NULL) + break; + printer(arg, "\t\t# (from %s)\n%s ", + ovp->source, opt->name); + } + } else { + printer(arg, "xxx # [don't know how to print value]"); + } + break; + + default: + printer(arg, "# %s value (type %d\?\?)", opt->name, opt->type); + break; + } + printer(arg, "\t\t# (from %s)\n", mainopt->source); +} + +/* + * print_option_list - print out options in effect from an + * array of options. + */ +static void +print_option_list(opt, printer, arg) + option_t *opt; + printer_func printer; + void *arg; +{ + while (opt->name != NULL) { + if (opt->priority != OPRIO_DEFAULT + && opt->winner != (short int) -1) + print_option(opt + opt->winner, opt, printer, arg); + do { + ++opt; + } while (opt->flags & OPT_PRIOSUB); + } +} + +/* + * print_options - print out what options are in effect. + */ +void +print_options(printer, arg) + printer_func printer; + void *arg; +{ + struct option_list *list; + int i; + + printer(arg, "pppd options in effect:\n"); + print_option_list(general_options, printer, arg); + print_option_list(auth_options, printer, arg); + for (list = extra_options; list != NULL; list = list->next) + print_option_list(list->options, printer, arg); + print_option_list(the_channel->options, printer, arg); + for (i = 0; protocols[i] != NULL; ++i) + print_option_list(protocols[i]->options, printer, arg); +} + +/* + * usage - print out a message telling how to use the program. + */ +static void +usage() +{ + if (phase == PHASE_INITIALIZE) + fprintf(stderr, usage_string, VERSION, progname); +} + +/* + * showhelp - print out usage message and exit. + */ +static int +showhelp(argv) + char **argv; +{ + if (phase == PHASE_INITIALIZE) { + usage(); + exit(0); + } + return 0; +} + +/* + * showversion - print out the version number and exit. + */ +static int +showversion(argv) + char **argv; +{ + if (phase == PHASE_INITIALIZE) { + fprintf(stderr, "pppd version %s\n", VERSION); + exit(0); + } + return 0; +} + +/* + * option_error - print a message about an error in an option. + * The message is logged, and also sent to + * stderr if phase == PHASE_INITIALIZE. + */ +void +option_error __V((char *fmt, ...)) +{ + va_list args; + char buf[1024]; + +#if defined(__STDC__) + va_start(args, fmt); +#else + char *fmt; + va_start(args); + fmt = va_arg(args, char *); +#endif + vslprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (phase == PHASE_INITIALIZE) + fprintf(stderr, "%s: %s\n", progname, buf); + syslog(LOG_ERR, "%s", buf); +} + +#if 0 +/* + * readable - check if a file is readable by the real user. + */ +int +readable(fd) + int fd; +{ + uid_t uid; + int i; + struct stat sbuf; + + uid = getuid(); + if (uid == 0) + return 1; + if (fstat(fd, &sbuf) != 0) + return 0; + if (sbuf.st_uid == uid) + return sbuf.st_mode & S_IRUSR; + if (sbuf.st_gid == getgid()) + return sbuf.st_mode & S_IRGRP; + for (i = 0; i < ngroups; ++i) + if (sbuf.st_gid == groups[i]) + return sbuf.st_mode & S_IRGRP; + return sbuf.st_mode & S_IROTH; +} +#endif + +/* + * Read a word from a file. + * Words are delimited by white-space or by quotes (" or '). + * Quotes, white-space and \ may be escaped with \. + * \ is ignored. + */ +int +getword(f, word, newlinep, filename) + FILE *f; + char *word; + int *newlinep; + char *filename; +{ + int c, len, escape; + int quoted, comment; + int value, digit, got, n; + +#define isoctal(c) ((c) >= '0' && (c) < '8') + + *newlinep = 0; + len = 0; + escape = 0; + comment = 0; + quoted = 0; + + /* + * First skip white-space and comments. + */ + for (;;) { + c = getc(f); + if (c == EOF) + break; + + /* + * A newline means the end of a comment; backslash-newline + * is ignored. Note that we cannot have escape && comment. + */ + if (c == '\n') { + if (!escape) { + *newlinep = 1; + comment = 0; + } else + escape = 0; + continue; + } + + /* + * Ignore characters other than newline in a comment. + */ + if (comment) + continue; + + /* + * If this character is escaped, we have a word start. + */ + if (escape) + break; + + /* * If this is the escape character, look at the next character. */ if (c == '\\') { @@ -759,15 +1229,6 @@ getword(f, word, newlinep, filename) break; } - /* - * Save the delimiter for quoted strings. - */ - if (!escape && (c == '"' || c == '\'')) { - quoted = c; - c = getc(f); - } else - quoted = 0; - /* * Process characters until the end of the word. */ @@ -849,44 +1310,51 @@ getword(f, word, newlinep, filename) /* * Store the resulting character for the escape sequence. */ - if (len < MAXWORDLEN-1) + if (len < MAXWORDLEN) { word[len] = value; - ++len; + ++len; + } if (!got) c = getc(f); continue; - } /* - * Not escaped: see if we've reached the end of the word. + * Backslash starts a new escape sequence. */ - if (quoted) { - if (c == quoted) - break; - } else { - if (isspace(c) || c == '#') { - ungetc (c, f); - break; - } + if (c == '\\') { + escape = 1; + c = getc(f); + continue; } /* - * Backslash starts an escape sequence. + * Not escaped: check for the start or end of a quoted + * section and see if we've reached the end of the word. */ - if (c == '\\') { - escape = 1; + if (quoted) { + if (c == quoted) { + quoted = 0; + c = getc(f); + continue; + } + } else if (c == '"' || c == '\'') { + quoted = c; c = getc(f); continue; + } else if (isspace(c) || c == '#') { + ungetc (c, f); + break; } /* * An ordinary character: store it in the word and get another. */ - if (len < MAXWORDLEN-1) + if (len < MAXWORDLEN) { word[len] = c; - ++len; + ++len; + } c = getc(f); } @@ -907,6 +1375,9 @@ getword(f, word, newlinep, filename) */ if (len == 0) return 0; + if (quoted) + option_error("warning: quoted word runs to end of file (%.20s...)", + filename, word); } /* @@ -951,7 +1422,7 @@ number_option(str, valp, base) * the base is assumed to be 0, and *valp is not changed * if there is an error. */ -static int +int int_option(str, valp) char *str; int *valp; @@ -1014,8 +1485,7 @@ callfile(argv) l = strlen(arg) + strlen(_PATH_PEERFILES) + 1; if ((fname = (char *) malloc(l)) == NULL) novm("call file name"); - strcpy(fname, _PATH_PEERFILES); - strcat(fname, arg); + slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg); ok = options_from_file(fname, 1, 1, 1); @@ -1023,1269 +1493,323 @@ callfile(argv) return ok; } - -/* - * setdebug - Set debug (command line argument). - */ -static int -setdebug() -{ - debug++; - return (1); -} - +#ifdef PPP_FILTER /* - * setkdebug - Set kernel debugging level. + * setpassfilter - Set the pass filter for packets */ static int -setkdebug(argv) +setpassfilter(argv) char **argv; { - return int_option(*argv, &kdebugflag); + pcap_t *pc; + int ret = 1; + + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); + if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { + option_error("error in pass-filter expression: %s\n", + pcap_geterr(pc)); + ret = 0; + } + pcap_close(pc); + + return ret; } /* - * noopt - Disable all options. + * setactivefilter - Set the active filter for packets */ static int -noopt() +setactivefilter(argv) + char **argv; { - BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options)); - BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options)); - BZERO((char *) &ipcp_wantoptions[0], sizeof (struct ipcp_options)); - BZERO((char *) &ipcp_allowoptions[0], sizeof (struct ipcp_options)); + pcap_t *pc; + int ret = 1; -#ifdef IPX_CHANGE - BZERO((char *) &ipxcp_wantoptions[0], sizeof (struct ipxcp_options)); - BZERO((char *) &ipxcp_allowoptions[0], sizeof (struct ipxcp_options)); -#endif /* IPX_CHANGE */ + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); + if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { + option_error("error in active-filter expression: %s\n", + pcap_geterr(pc)); + ret = 0; + } + pcap_close(pc); - return (1); + return ret; } +#endif /* - * noaccomp - Disable Address/Control field compression negotiation. + * setdomain - Set domain name to append to hostname */ static int -noaccomp() +setdomain(argv) + char **argv; { - lcp_wantoptions[0].neg_accompression = 0; - lcp_allowoptions[0].neg_accompression = 0; + gethostname(hostname, MAXNAMELEN); + if (**argv != 0) { + if (**argv != '.') + strncat(hostname, ".", MAXNAMELEN - strlen(hostname)); + domain = hostname + strlen(hostname); + strncat(hostname, *argv, MAXNAMELEN - strlen(hostname)); + } + hostname[MAXNAMELEN-1] = 0; return (1); } - -/* - * noasyncmap - Disable async map negotiation. - */ static int -noasyncmap() +setlogfile(argv) + char **argv; { - lcp_wantoptions[0].neg_asyncmap = 0; - lcp_allowoptions[0].neg_asyncmap = 0; - return (1); -} + int fd, err; + uid_t euid; + euid = geteuid(); + if (!privileged_option && seteuid(getuid()) == -1) { + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } + fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); + if (fd < 0 && errno == EEXIST) + fd = open(*argv, O_WRONLY | O_APPEND); + err = errno; + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); + if (fd < 0) { + errno = err; + option_error("Can't open log file %s: %m", *argv); + return 0; + } + strlcpy(logfile_name, *argv, sizeof(logfile_name)); + if (logfile_fd >= 0) + close(logfile_fd); + logfile_fd = fd; + log_to_fd = fd; + log_default = 0; + return 1; +} -/* - * noip - Disable IP and IPCP. - */ +#ifdef MAXOCTETS static int -noip() +setmodir(argv) + char **argv; { - ipcp_protent.enabled_flag = 0; - return (1); -} - - -/* - * nomagicnumber - Disable magic number negotiation. - */ -static int -nomagicnumber() -{ - lcp_wantoptions[0].neg_magicnumber = 0; - lcp_allowoptions[0].neg_magicnumber = 0; - return (1); -} - - -/* - * nomru - Disable mru negotiation. - */ -static int -nomru() -{ - lcp_wantoptions[0].neg_mru = 0; - lcp_allowoptions[0].neg_mru = 0; - return (1); -} - - -/* - * setmru - Set MRU for negotiation. - */ -static int -setmru(argv) - char **argv; -{ - u_int32_t mru; - - if (!number_option(*argv, &mru, 0)) - return 0; - lcp_wantoptions[0].mru = mru; - lcp_wantoptions[0].neg_mru = 1; - return (1); -} - - -/* - * setmru - Set the largest MTU we'll use. - */ -static int -setmtu(argv) - char **argv; -{ - u_int32_t mtu; - - if (!number_option(*argv, &mtu, 0)) - return 0; - if (mtu < MINMRU || mtu > MAXMRU) { - option_error("mtu option value of %u is too %s", mtu, - (mtu < MINMRU? "small": "large")); + if(*argv == NULL) return 0; + if(!strcmp(*argv,"in")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_IN; + } else if (!strcmp(*argv,"out")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_OUT; + } else if (!strcmp(*argv,"max")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_MAXOVERAL; + } else { + maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; } - lcp_allowoptions[0].mru = mtu; - return (1); -} - - -/* - * nopcomp - Disable Protocol field compression negotiation. - */ -static int -nopcomp() -{ - lcp_wantoptions[0].neg_pcompression = 0; - lcp_allowoptions[0].neg_pcompression = 0; - return (1); -} - - -/* - * setpassive - Set passive mode (don't give up if we time out sending - * LCP configure-requests). - */ -static int -setpassive() -{ - lcp_wantoptions[0].passive = 1; - return (1); -} - - -/* - * setsilent - Set silent mode (don't start sending LCP configure-requests - * until we get one from the peer). - */ -static int -setsilent() -{ - lcp_wantoptions[0].silent = 1; - return 1; -} - - -/* - * nopap - Disable PAP authentication with peer. - */ -static int -nopap() -{ - refuse_pap = 1; - return (1); -} - - -/* - * reqpap - Require PAP authentication from peer. - */ -static int -reqpap() -{ - lcp_wantoptions[0].neg_upap = 1; - setauth(); return 1; } +#endif -#if OLD_OPTIONS -/* - * setupapfile - specifies UPAP info for authenticating with peer. - */ +#ifdef PLUGIN static int -setupapfile(argv) +loadplugin(argv) char **argv; { - FILE * ufile; - int l; - - lcp_allowoptions[0].neg_upap = 1; - - /* open user info file */ - if ((ufile = fopen(*argv, "r")) == NULL) { - option_error("unable to open user login data file %s", *argv); - return 0; + char *arg = *argv; + void *handle; + const char *err; + void (*init) __P((void)); + char *path = arg; + const char *vers; + + if (strchr(arg, '/') == 0) { + const char *base = _PATH_PLUGIN; + int l = strlen(base) + strlen(arg) + 2; + path = malloc(l); + if (path == 0) + novm("plugin file path"); + strlcpy(path, base, l); + strlcat(path, "/", l); + strlcat(path, arg, l); } - if (!readable(fileno(ufile))) { - option_error("%s: access denied", *argv); - return 0; + handle = dlopen(path, RTLD_GLOBAL | RTLD_NOW); + if (handle == 0) { + err = dlerror(); + if (err != 0) + option_error("%s", err); + option_error("Couldn't load plugin %s", arg); + goto err; } - check_access(ufile, *argv); - - /* get username */ - if (fgets(user, MAXNAMELEN - 1, ufile) == NULL - || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){ - option_error("unable to read user login data file %s", *argv); - return 0; + init = (void (*)(void))dlsym(handle, "plugin_init"); + if (init == 0) { + option_error("%s has no initialization entry point", arg); + goto errclose; } - fclose(ufile); - - /* get rid of newlines */ - l = strlen(user); - if (l > 0 && user[l-1] == '\n') - user[l-1] = 0; - l = strlen(passwd); - if (l > 0 && passwd[l-1] == '\n') - passwd[l-1] = 0; - - return (1); -} -#endif - -/* - * nochap - Disable CHAP authentication with peer. - */ -static int -nochap() -{ - refuse_chap = 1; - return (1); -} - - -/* - * reqchap - Require CHAP authentication from peer. - */ -static int -reqchap() -{ - lcp_wantoptions[0].neg_chap = 1; - setauth(); - return (1); -} - - -/* - * setnovj - disable vj compression - */ -static int -setnovj() -{ - ipcp_wantoptions[0].neg_vj = 0; - ipcp_allowoptions[0].neg_vj = 0; - return (1); -} - - -/* - * setnovjccomp - disable VJ connection-ID compression - */ -static int -setnovjccomp() -{ - ipcp_wantoptions[0].cflag = 0; - ipcp_allowoptions[0].cflag = 0; - return 1; -} - - -/* - * setvjslots - set maximum number of connection slots for VJ compression - */ -static int -setvjslots(argv) - char **argv; -{ - int value; - - if (!int_option(*argv, &value)) - return 0; - if (value < 2 || value > 16) { - option_error("vj-max-slots value must be between 2 and 16"); - return 0; + vers = (const char *) dlsym(handle, "pppd_version"); + if (vers == 0) { + warn("Warning: plugin %s has no version information", arg); + } else if (strcmp(vers, VERSION) != 0) { + option_error("Plugin %s is for pppd version %s, this is %s", + arg, vers, VERSION); + goto errclose; } - ipcp_wantoptions [0].maxslotindex = - ipcp_allowoptions[0].maxslotindex = value - 1; + info("Plugin %s loaded.", arg); + (*init)(); return 1; -} - - -/* - * setconnector - Set a program to connect to a serial line - */ -static int -setconnector(argv) - char **argv; -{ - connector = strdup(*argv); - if (connector == NULL) - novm("connect script"); - connector_info.priv = privileged_option; - connector_info.source = option_source; - - return (1); -} - -/* - * setdisconnector - Set a program to disconnect from the serial line - */ -static int -setdisconnector(argv) - char **argv; -{ - disconnector = strdup(*argv); - if (disconnector == NULL) - novm("disconnect script"); - disconnector_info.priv = privileged_option; - disconnector_info.source = option_source; - - return (1); -} - -/* - * setwelcomer - Set a program to welcome a client after connection - */ -static int -setwelcomer(argv) - char **argv; -{ - welcomer = strdup(*argv); - if (welcomer == NULL) - novm("welcome script"); - welcomer_info.priv = privileged_option; - welcomer_info.source = option_source; - return (1); + errclose: + dlclose(handle); + err: + if (path != arg) + free(path); + return 0; } +#endif /* PLUGIN */ /* - * setmaxconnect - Set the maximum connect time + * Set an environment variable specified by the user. */ static int -setmaxconnect(argv) +user_setenv(argv) char **argv; { - int value; + char *arg = argv[0]; + char *eqp; + struct userenv *uep, **insp; - if (!int_option(*argv, &value)) - return 0; - if (value < 0) { - option_error("maxconnect time must be positive"); + if ((eqp = strchr(arg, '=')) == NULL) { + option_error("missing = in name=value: %s", arg); return 0; } - if (maxconnect > 0 && (value == 0 || value > maxconnect)) { - option_error("maxconnect time cannot be increased"); + if (eqp == arg) { + option_error("missing variable name: %s", arg); return 0; } - maxconnect = value; + for (uep = userenv_list; uep != NULL; uep = uep->ue_next) { + int nlen = strlen(uep->ue_name); + if (nlen == (eqp - arg) && + strncmp(arg, uep->ue_name, nlen) == 0) + break; + } + /* Ignore attempts by unprivileged users to override privileged sources */ + if (uep != NULL && !privileged_option && uep->ue_priv) + return 1; + /* The name never changes, so allocate it with the structure */ + if (uep == NULL) { + uep = malloc(sizeof (*uep) + (eqp-arg)); + strncpy(uep->ue_name, arg, eqp-arg); + uep->ue_name[eqp-arg] = '\0'; + uep->ue_next = NULL; + insp = &userenv_list; + while (*insp != NULL) + insp = &(*insp)->ue_next; + *insp = uep; + } else { + struct userenv *uep2; + for (uep2 = userenv_list; uep2 != NULL; uep2 = uep2->ue_next) { + if (uep2 != uep && !uep2->ue_isset) + break; + } + if (uep2 == NULL && !uep->ue_isset) + find_option("unset")->flags |= OPT_NOPRINT; + free(uep->ue_value); + } + uep->ue_isset = 1; + uep->ue_priv = privileged_option; + uep->ue_source = option_source; + uep->ue_value = strdup(eqp + 1); + curopt->flags &= ~OPT_NOPRINT; return 1; } -/* - * setdomain - Set domain name to append to hostname - */ -static int -setdomain(argv) - char **argv; -{ - if (!privileged_option) { - option_error("using the domain option requires root privilege"); - return 0; - } - gethostname(hostname, MAXNAMELEN); - if (**argv != 0) { - if (**argv != '.') - strncat(hostname, ".", MAXNAMELEN - strlen(hostname)); - strncat(hostname, *argv, MAXNAMELEN - strlen(hostname)); +static void +user_setprint(opt, printer, arg) + option_t *opt; + printer_func printer; + void *arg; +{ + struct userenv *uep, *uepnext; + + uepnext = userenv_list; + while (uepnext != NULL && !uepnext->ue_isset) + uepnext = uepnext->ue_next; + while ((uep = uepnext) != NULL) { + uepnext = uep->ue_next; + while (uepnext != NULL && !uepnext->ue_isset) + uepnext = uepnext->ue_next; + (*printer)(arg, "%s=%s", uep->ue_name, uep->ue_value); + if (uepnext != NULL) + (*printer)(arg, "\t\t# (from %s)\n%s ", uep->ue_source, opt->name); + else + opt->source = uep->ue_source; } - hostname[MAXNAMELEN-1] = 0; - return (1); } - -/* - * setasyncmap - add bits to asyncmap (what we request peer to escape). - */ static int -setasyncmap(argv) +user_unsetenv(argv) char **argv; { - u_int32_t asyncmap; + struct userenv *uep, **insp; + char *arg = argv[0]; - if (!number_option(*argv, &asyncmap, 16)) + if (strchr(arg, '=') != NULL) { + option_error("unexpected = in name: %s", arg); return 0; - lcp_wantoptions[0].asyncmap |= asyncmap; - lcp_wantoptions[0].neg_asyncmap = 1; - return(1); -} - - -/* - * setescape - add chars to the set we escape on transmission. - */ -static int -setescape(argv) - char **argv; -{ - int n, ret; - char *p, *endp; - - p = *argv; - ret = 1; - while (*p) { - n = strtol(p, &endp, 16); - if (p == endp) { - option_error("escape parameter contains invalid hex number '%s'", - p); - return 0; - } - p = endp; - if (n < 0 || 0x20 <= n && n <= 0x3F || n == 0x5E || n > 0xFF) { - option_error("can't escape character 0x%x", n); - ret = 0; - } else - xmit_accm[0][n >> 5] |= 1 << (n & 0x1F); - while (*p == ',' || *p == ' ') - ++p; } - return ret; -} - - -/* - * setspeed - Set the speed. - */ -static int -setspeed(arg) - char *arg; -{ - char *ptr; - int spd; - - spd = strtol(arg, &ptr, 0); - if (ptr == arg || *ptr != 0 || spd == 0) - return 0; - inspeed = spd; - return 1; -} - - -/* - * setdevname - Set the device name. - */ -static int -setdevname(cp, quiet) - char *cp; - int quiet; -{ - struct stat statbuf; - char dev[MAXPATHLEN]; - - if (*cp == 0) + if (arg == '\0') { + option_error("missing variable name for unset"); return 0; - - if (strncmp("/dev/", cp, 5) != 0) { - strcpy(dev, "/dev/"); - strncat(dev, cp, MAXPATHLEN - 5); - dev[MAXPATHLEN-1] = 0; - cp = dev; - } - - /* - * Check if there is a device by this name. - */ - if (stat(cp, &statbuf) < 0) { - if (errno == ENOENT || quiet) - return 0; - option_error("Couldn't stat %s: %m", cp); - return -1; } - - (void) strncpy(devnam, cp, MAXPATHLEN); - devnam[MAXPATHLEN-1] = 0; - default_device = FALSE; - devnam_info.priv = privileged_option; - devnam_info.source = option_source; - - return 1; -} - - -/* - * setipaddr - Set the IP address - */ -static int -setipaddr(arg) - char *arg; -{ - struct hostent *hp; - char *colon; - u_int32_t local, remote; - ipcp_options *wo = &ipcp_wantoptions[0]; - - /* - * IP address pair separated by ":". - */ - if ((colon = strchr(arg, ':')) == NULL) - return 0; - - /* - * If colon first character, then no local addr. - */ - if (colon != arg) { - *colon = '\0'; - if ((local = inet_addr(arg)) == -1) { - if ((hp = gethostbyname(arg)) == NULL) { - option_error("unknown host: %s", arg); - return -1; - } else { - local = *(u_int32_t *)hp->h_addr; - } - } - if (bad_ip_adrs(local)) { - option_error("bad local IP address %s", ip_ntoa(local)); - return -1; - } - if (local != 0) - wo->ouraddr = local; - *colon = ':'; + for (uep = userenv_list; uep != NULL; uep = uep->ue_next) { + if (strcmp(arg, uep->ue_name) == 0) + break; } - - /* - * If colon last character, then no remote addr. - */ - if (*++colon != '\0') { - if ((remote = inet_addr(colon)) == -1) { - if ((hp = gethostbyname(colon)) == NULL) { - option_error("unknown host: %s", colon); - return -1; - } else { - remote = *(u_int32_t *)hp->h_addr; - if (remote_name[0] == 0) { - strncpy(remote_name, colon, MAXNAMELEN); - remote_name[MAXNAMELEN-1] = 0; - } - } - } - if (bad_ip_adrs(remote)) { - option_error("bad remote IP address %s", ip_ntoa(remote)); - return -1; + /* Ignore attempts by unprivileged users to override privileged sources */ + if (uep != NULL && !privileged_option && uep->ue_priv) + return 1; + /* The name never changes, so allocate it with the structure */ + if (uep == NULL) { + uep = malloc(sizeof (*uep) + strlen(arg)); + strcpy(uep->ue_name, arg); + uep->ue_next = NULL; + insp = &userenv_list; + while (*insp != NULL) + insp = &(*insp)->ue_next; + *insp = uep; + } else { + struct userenv *uep2; + for (uep2 = userenv_list; uep2 != NULL; uep2 = uep2->ue_next) { + if (uep2 != uep && uep2->ue_isset) + break; } - if (remote != 0) - wo->hisaddr = remote; + if (uep2 == NULL && uep->ue_isset) + find_option("set")->flags |= OPT_NOPRINT; + free(uep->ue_value); } - + uep->ue_isset = 0; + uep->ue_priv = privileged_option; + uep->ue_source = option_source; + uep->ue_value = NULL; + curopt->flags &= ~OPT_NOPRINT; return 1; } - -/* - * setnoipdflt - disable setipdefault() - */ -static int -setnoipdflt() -{ - disable_defaultip = 1; - return 1; -} - - -/* - * setipcpaccl - accept peer's idea of our address - */ -static int -setipcpaccl() -{ - ipcp_wantoptions[0].accept_local = 1; - return 1; -} - - -/* - * setipcpaccr - accept peer's idea of its address - */ -static int -setipcpaccr() -{ - ipcp_wantoptions[0].accept_remote = 1; - return 1; -} - - -/* - * setnetmask - set the netmask to be used on the interface. - */ -static int -setnetmask(argv) - char **argv; -{ - u_int32_t mask; - - if ((mask = inet_addr(*argv)) == -1 || (netmask & ~mask) != 0) { - option_error("invalid netmask value '%s'", *argv); - return 0; +static void +user_unsetprint(opt, printer, arg) + option_t *opt; + printer_func printer; + void *arg; +{ + struct userenv *uep, *uepnext; + + uepnext = userenv_list; + while (uepnext != NULL && uepnext->ue_isset) + uepnext = uepnext->ue_next; + while ((uep = uepnext) != NULL) { + uepnext = uep->ue_next; + while (uepnext != NULL && uepnext->ue_isset) + uepnext = uepnext->ue_next; + (*printer)(arg, "%s", uep->ue_name); + if (uepnext != NULL) + (*printer)(arg, "\t\t# (from %s)\n%s ", uep->ue_source, opt->name); + else + opt->source = uep->ue_source; } - - netmask = mask; - return (1); -} - -static int -setcrtscts() -{ - crtscts = 1; - return (1); -} - -static int -setnocrtscts() -{ - crtscts = -1; - return (1); -} - -static int -setxonxoff() -{ - lcp_wantoptions[0].asyncmap |= 0x000A0000; /* escape ^S and ^Q */ - lcp_wantoptions[0].neg_asyncmap = 1; - - crtscts = -2; - return (1); -} - -static int -setnodetach() -{ - nodetach = 1; - return (1); -} - -static int -setdemand() -{ - demand = 1; - persist = 1; - return 1; -} - -static int -setmodem() -{ - modem = 1; - return 1; -} - -static int -setlocal() -{ - modem = 0; - return 1; -} - -static int -setlock() -{ - lockflag = 1; - return 1; -} - -static int -setusehostname() -{ - usehostname = 1; - return 1; -} - -static int -setname(argv) - char **argv; -{ - if (!privileged_option) { - option_error("using the name option requires root privilege"); - return 0; - } - if (our_name[0] == 0) { - strncpy(our_name, argv[0], MAXNAMELEN); - our_name[MAXNAMELEN-1] = 0; - } - return 1; -} - -static int -setuser(argv) - char **argv; -{ - strncpy(user, argv[0], MAXNAMELEN); - user[MAXNAMELEN-1] = 0; - return 1; -} - -static int -setremote(argv) - char **argv; -{ - strncpy(remote_name, argv[0], MAXNAMELEN); - remote_name[MAXNAMELEN-1] = 0; - return 1; -} - -static int -setauth() -{ - auth_required = 1; - if (privileged_option > auth_req_info.priv) { - auth_req_info.priv = privileged_option; - auth_req_info.source = option_source; - } - return 1; -} - -static int -setnoauth() -{ - if (auth_required && privileged_option < auth_req_info.priv) { - option_error("cannot override auth option set by %s", - auth_req_info.source); - return 0; - } - auth_required = 0; - return 1; -} - -static int -setdefaultroute() -{ - if (!ipcp_allowoptions[0].default_route) { - option_error("defaultroute option is disabled"); - return 0; - } - ipcp_wantoptions[0].default_route = 1; - return 1; -} - -static int -setnodefaultroute() -{ - ipcp_allowoptions[0].default_route = 0; - ipcp_wantoptions[0].default_route = 0; - return 1; -} - -static int -setproxyarp() -{ - if (!ipcp_allowoptions[0].proxy_arp) { - option_error("proxyarp option is disabled"); - return 0; - } - ipcp_wantoptions[0].proxy_arp = 1; - return 1; -} - -static int -setnoproxyarp() -{ - ipcp_wantoptions[0].proxy_arp = 0; - ipcp_allowoptions[0].proxy_arp = 0; - return 1; -} - -static int -setpersist() -{ - persist = 1; - return 1; -} - -static int -setnopersist() -{ - persist = 0; - return 1; -} - -static int -setdologin() -{ - uselogin = 1; - return 1; -} - -/* - * Functions to set the echo interval for modem-less monitors - */ - -static int -setlcpechointv(argv) - char **argv; -{ - return int_option(*argv, &lcp_echo_interval); -} - -static int -setlcpechofails(argv) - char **argv; -{ - return int_option(*argv, &lcp_echo_fails); -} - -/* - * Functions to set timeouts, max transmits, etc. - */ -static int -setlcptimeout(argv) - char **argv; -{ - return int_option(*argv, &lcp_fsm[0].timeouttime); -} - -static int -setlcpterm(argv) - char **argv; -{ - return int_option(*argv, &lcp_fsm[0].maxtermtransmits); -} - -static int -setlcpconf(argv) - char **argv; -{ - return int_option(*argv, &lcp_fsm[0].maxconfreqtransmits); -} - -static int -setlcpfails(argv) - char **argv; -{ - return int_option(*argv, &lcp_fsm[0].maxnakloops); -} - -static int -setipcptimeout(argv) - char **argv; -{ - return int_option(*argv, &ipcp_fsm[0].timeouttime); -} - -static int -setipcpterm(argv) - char **argv; -{ - return int_option(*argv, &ipcp_fsm[0].maxtermtransmits); -} - -static int -setipcpconf(argv) - char **argv; -{ - return int_option(*argv, &ipcp_fsm[0].maxconfreqtransmits); -} - -static int -setipcpfails(argv) - char **argv; -{ - return int_option(*argv, &lcp_fsm[0].maxnakloops); -} - -static int -setpaptimeout(argv) - char **argv; -{ - return int_option(*argv, &upap[0].us_timeouttime); -} - -static int -setpapreqtime(argv) - char **argv; -{ - return int_option(*argv, &upap[0].us_reqtimeout); -} - -static int -setpapreqs(argv) - char **argv; -{ - return int_option(*argv, &upap[0].us_maxtransmits); -} - -static int -setchaptimeout(argv) - char **argv; -{ - return int_option(*argv, &chap[0].timeouttime); -} - -static int -setchapchal(argv) - char **argv; -{ - return int_option(*argv, &chap[0].max_transmits); -} - -static int -setchapintv(argv) - char **argv; -{ - return int_option(*argv, &chap[0].chal_interval); -} - -static int -noccp() -{ - ccp_protent.enabled_flag = 0; - return 1; -} - -static int -setbsdcomp(argv) - char **argv; -{ - int rbits, abits; - char *str, *endp; - - str = *argv; - abits = rbits = strtol(str, &endp, 0); - if (endp != str && *endp == ',') { - str = endp + 1; - abits = strtol(str, &endp, 0); - } - if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for bsdcomp option", *argv); - return 0; - } - if (rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS) - || abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS)) { - option_error("bsdcomp option values must be 0 or %d .. %d", - BSD_MIN_BITS, BSD_MAX_BITS); - return 0; - } - if (rbits > 0) { - ccp_wantoptions[0].bsd_compress = 1; - ccp_wantoptions[0].bsd_bits = rbits; - } else - ccp_wantoptions[0].bsd_compress = 0; - if (abits > 0) { - ccp_allowoptions[0].bsd_compress = 1; - ccp_allowoptions[0].bsd_bits = abits; - } else - ccp_allowoptions[0].bsd_compress = 0; - return 1; -} - -static int -setnobsdcomp() -{ - ccp_wantoptions[0].bsd_compress = 0; - ccp_allowoptions[0].bsd_compress = 0; - return 1; -} - -static int -setdeflate(argv) - char **argv; -{ - int rbits, abits; - char *str, *endp; - - str = *argv; - abits = rbits = strtol(str, &endp, 0); - if (endp != str && *endp == ',') { - str = endp + 1; - abits = strtol(str, &endp, 0); - } - if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for deflate option", *argv); - return 0; - } - if (rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE) - || abits != 0 && (abits < DEFLATE_MIN_SIZE - || abits > DEFLATE_MAX_SIZE)) { - option_error("deflate option values must be 0 or %d .. %d", - DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE); - return 0; - } - if (rbits > 0) { - ccp_wantoptions[0].deflate = 1; - ccp_wantoptions[0].deflate_size = rbits; - } else - ccp_wantoptions[0].deflate = 0; - if (abits > 0) { - ccp_allowoptions[0].deflate = 1; - ccp_allowoptions[0].deflate_size = abits; - } else - ccp_allowoptions[0].deflate = 0; - return 1; -} - -static int -setnodeflate() -{ - ccp_wantoptions[0].deflate = 0; - ccp_allowoptions[0].deflate = 0; - return 1; -} - -static int -setpred1comp() -{ - ccp_wantoptions[0].predictor_1 = 1; - ccp_allowoptions[0].predictor_1 = 1; - return 1; -} - -static int -setnopred1comp() -{ - ccp_wantoptions[0].predictor_1 = 0; - ccp_allowoptions[0].predictor_1 = 0; - return 1; -} - -static int -setipparam(argv) - char **argv; -{ - ipparam = strdup(*argv); - if (ipparam == NULL) - novm("ipparam string"); - - return 1; -} - -static int -setpapcrypt() -{ - cryptpap = 1; - return 1; -} - -static int -setidle(argv) - char **argv; -{ - return int_option(*argv, &idle_time_limit); -} - -static int -setholdoff(argv) - char **argv; -{ - return int_option(*argv, &holdoff); -} - -#ifdef IPX_CHANGE -static int -setipxrouter (argv) - char **argv; -{ - ipxcp_wantoptions[0].neg_router = 1; - ipxcp_allowoptions[0].neg_router = 1; - return int_option(*argv, &ipxcp_wantoptions[0].router); -} - -static int -setipxname (argv) - char **argv; -{ - char *dest = ipxcp_wantoptions[0].name; - char *src = *argv; - int count; - char ch; - - ipxcp_wantoptions[0].neg_name = 1; - ipxcp_allowoptions[0].neg_name = 1; - memset (dest, '\0', sizeof (ipxcp_wantoptions[0].name)); - - count = 0; - while (*src) { - ch = *src++; - if (! isalnum (ch) && ch != '_') { - option_error("IPX router name must be alphanumeric or _"); - return 0; - } - - if (count >= sizeof (ipxcp_wantoptions[0].name)) { - option_error("IPX router name is limited to %d characters", - sizeof (ipxcp_wantoptions[0].name) - 1); - return 0; - } - - dest[count++] = toupper (ch); - } - - return 1; -} - -static int -setipxcptimeout (argv) - char **argv; -{ - return int_option(*argv, &ipxcp_fsm[0].timeouttime); -} - -static int -setipxcpterm (argv) - char **argv; -{ - return int_option(*argv, &ipxcp_fsm[0].maxtermtransmits); -} - -static int -setipxcpconf (argv) - char **argv; -{ - return int_option(*argv, &ipxcp_fsm[0].maxconfreqtransmits); -} - -static int -setipxcpfails (argv) - char **argv; -{ - return int_option(*argv, &ipxcp_fsm[0].maxnakloops); -} - -static int -setipxnetwork(argv) - char **argv; -{ - ipxcp_wantoptions[0].neg_nn = 1; - return int_option(*argv, &ipxcp_wantoptions[0].our_network); -} - -static int -setipxanet() -{ - ipxcp_wantoptions[0].accept_network = 1; - ipxcp_allowoptions[0].accept_network = 1; -} - -static int -setipxalcl() -{ - ipxcp_wantoptions[0].accept_local = 1; - ipxcp_allowoptions[0].accept_local = 1; -} - -static int -setipxarmt() -{ - ipxcp_wantoptions[0].accept_remote = 1; - ipxcp_allowoptions[0].accept_remote = 1; -} - -static u_char * -setipxnodevalue(src,dst) -u_char *src, *dst; -{ - int indx; - int item; - - for (;;) { - if (!isxdigit (*src)) - break; - - for (indx = 0; indx < 5; ++indx) { - dst[indx] <<= 4; - dst[indx] |= (dst[indx + 1] >> 4) & 0x0F; - } - - item = toupper (*src) - '0'; - if (item > 9) - item -= 7; - - dst[5] = (dst[5] << 4) | item; - ++src; - } - return src; -} - -static int -setipxnode(argv) - char **argv; -{ - char *end; - - memset (&ipxcp_wantoptions[0].our_node[0], 0, 6); - memset (&ipxcp_wantoptions[0].his_node[0], 0, 6); - - end = setipxnodevalue (*argv, &ipxcp_wantoptions[0].our_node[0]); - if (*end == ':') - end = setipxnodevalue (++end, &ipxcp_wantoptions[0].his_node[0]); - - if (*end == '\0') { - ipxcp_wantoptions[0].neg_node = 1; - return 1; - } - - option_error("invalid parameter '%s' for ipx-node option", *argv); - return 0; -} - -static int -setipxproto() -{ - ipxcp_protent.enabled_flag = 1; - return 1; -} - -static int -resetipxproto() -{ - ipxcp_protent.enabled_flag = 0; - return 1; -} -#endif /* IPX_CHANGE */ - -#ifdef USE_MS_DNS -/* - * setdnsaddr - set the dns address(es) - */ - -static int -setdnsaddr(argv) - char **argv; -{ - u_int32_t dns; - struct hostent *hp; - - dns = inet_addr(*argv); - if (dns == -1) { - if ((hp = gethostbyname(*argv)) == NULL) { - option_error("invalid address parameter '%s' for ms-dns option", - *argv); - return 0; - } - dns = *(u_int32_t *)hp->h_addr; - } - - if (ipcp_allowoptions[0].dnsaddr[0] == 0) { - ipcp_allowoptions[0].dnsaddr[0] = dns; - } else { - ipcp_allowoptions[0].dnsaddr[1] = dns; - } - - return (1); } -#endif /* USE_MS_DNS */