X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Foptions.c;h=a85239abb0c523908e2e51d69d2b296b79754fb2;hp=3779b289419ca491fb8baeedb26d07053ec5a367;hb=3d05bed7431b9c44c4beca0049b5c0e910abf2a1;hpb=c062322f9e8757b85a3c2281a3190d8af14bcd9b diff --git a/pppd/options.c b/pppd/options.c index 3779b28..a85239a 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -1,23 +1,46 @@ /* * options.c - handles option processing for PPP. * - * Copyright (c) 1989 Carnegie Mellon University. - * All rights reserved. + * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by Carnegie Mellon University. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: options.c,v 1.82 2002/03/01 14:39:18 dfs Exp $" +#define RCSID "$Id: options.c,v 1.100 2006/06/18 11:26:00 paulus Exp $" #include #include @@ -31,10 +54,23 @@ #ifdef PLUGIN #include #endif + #ifdef PPP_FILTER #include -#include /* XXX: To get struct pcap */ +/* + * There have been 3 or 4 different names for this in libpcap CVS, but + * this seems to be what they have settled on... + * For older versions of libpcap, use DLT_PPP - but that means + * we lose the inbound and outbound qualifiers. + */ +#ifndef DLT_PPP_PPPD +#ifdef DLT_PPP_WITHDIRECTION +#define DLT_PPP_PPPD DLT_PPP_WITHDIRECTION +#else +#define DLT_PPP_PPPD DLT_PPP #endif +#endif +#endif /* PPP_FILTER */ #include "pppd.h" #include "pathnames.h" @@ -54,9 +90,6 @@ struct option_value { /* * Option variables and default values. */ -#ifdef PPP_FILTER -int dflag = 0; /* Tell libpcap we want debugging */ -#endif int debug = 0; /* Debug flag */ int kdebugflag = 0; /* Tell kernel to print debug messages */ int default_device = 1; /* Using /dev/tty or equivalent */ @@ -85,6 +118,14 @@ char *bundle_name = NULL; /* bundle name for multilink */ bool dump_options; /* print out option values */ bool dryrun; /* print out option values and exit */ char *domain; /* domain name set by domain option */ +int child_wait = 5; /* # seconds to wait for children at exit */ + +#ifdef MAXOCTETS +unsigned int maxoctets = 0; /* default - no limit */ +int maxoctets_dir = 0; /* default - sum of traffic */ +int maxoctets_timeout = 1; /* default 1 second */ +#endif + extern option_t auth_options[]; extern struct stat devstat; @@ -92,7 +133,6 @@ extern struct stat devstat; #ifdef PPP_FILTER struct bpf_program pass_filter;/* Filter program for packets to pass */ struct bpf_program active_filter; /* Filter program for link-active pkts */ -pcap_t pc; /* Fake struct pcap so we can compile expr */ #endif char *current_option; /* the name of the option being parsed */ @@ -123,6 +163,10 @@ static int setpassfilter __P((char **)); static int setactivefilter __P((char **)); #endif +#ifdef MAXOCTETS +static int setmodir __P((char **)); +#endif + static option_t *find_option __P((const char *name)); static int process_option __P((option_t *, char *, char **)); static int n_arguments __P((option_t *)); @@ -160,7 +204,8 @@ option_t general_options[] = { OPT_PRIOSUB | OPT_A2CLR | 1, &nodetach }, { "holdoff", o_int, &holdoff, - "Set time in seconds before retrying connection", OPT_PRIO }, + "Set time in seconds before retrying connection", + OPT_PRIO, &holdoff_specified }, { "idle", o_int, &idle_time_limit, "Set time in seconds before disconnecting idle link", OPT_PRIO }, @@ -232,6 +277,10 @@ option_t general_options[] = { { "dryrun", o_bool, &dryrun, "Stop after parsing, printing, and checking options", 1 }, + { "child-timeout", o_int, &child_wait, + "Number of seconds to wait for child processes at exit", + OPT_PRIO }, + #ifdef HAVE_MULTILINK { "multilink", o_bool, &multilink, "Enable multilink operation", OPT_PRIO | 1 }, @@ -252,16 +301,26 @@ option_t general_options[] = { #endif #ifdef PPP_FILTER - { "pdebug", o_int, &dflag, - "libpcap debugging", OPT_PRIO }, - - { "pass-filter", 1, setpassfilter, + { "pass-filter", o_special, setpassfilter, "set filter for packets to pass", OPT_PRIO }, - { "active-filter", 1, setactivefilter, + { "active-filter", o_special, setactivefilter, "set filter for active pkts", OPT_PRIO }, #endif +#ifdef MAXOCTETS + { "maxoctets", o_int, &maxoctets, + "Set connection traffic limit", + OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, + { "mo", o_int, &maxoctets, + "Set connection traffic limit", + OPT_ALIAS | OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF }, + { "mo-direction", o_special, setmodir, + "Set direction for limit traffic (sum,in,out,max)" }, + { "mo-timeout", o_int, &maxoctets_timeout, + "Check for traffic limit every N seconds", OPT_PRIO | OPT_LLIMIT | 1 }, +#endif + { NULL } }; @@ -340,16 +399,20 @@ options_from_file(filename, must_exist, check_prot, priv) option_t *opt; int oldpriv, n; char *oldsource; + uid_t euid; char *argv[MAXARGS]; char args[MAXARGS][MAXWORDLEN]; char cmd[MAXWORDLEN]; - if (check_prot) - seteuid(getuid()); + euid = geteuid(); + if (check_prot && seteuid(getuid()) == -1) { + option_error("unable to drop privileges to open %s: %m", filename); + return 0; + } f = fopen(filename, "r"); err = errno; - if (check_prot) - seteuid(0); + if (check_prot && seteuid(euid) == -1) + fatal("unable to regain privileges"); if (f == NULL) { errno = err; if (!must_exist) { @@ -440,8 +503,8 @@ options_for_tty() size_t pl; dev = devnam; - if (strncmp(dev, "/dev/", 5) == 0) - dev += 5; + if ((p = strstr(dev, "/dev/")) != NULL) + dev = p + 5; if (dev[0] == 0 || strcmp(dev, "tty") == 0) return 1; /* don't look for /etc/ppp/options.tty */ pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1; @@ -578,6 +641,7 @@ process_option(opt, cmd, argv) int prio = option_priority; option_t *mainopt = opt; + current_option = opt->name; if ((opt->flags & OPT_PRIVFIX) && privileged_option) prio += OPRIO_ROOT; while (mainopt->flags & OPT_PRIOSUB) @@ -627,8 +691,8 @@ process_option(opt, cmd, argv) *(bool *)(opt->addr2) = 0; else if (opt->addr2 && (opt->flags & OPT_A2CLRB)) *(u_char *)(opt->addr2) &= ~v; - if (opt->addr3 && (opt->flags & OPT_A3OR)) - *(u_char *)(opt->addr3) |= v; + else if (opt->addr2 && (opt->flags & OPT_A2OR)) + *(u_char *)(opt->addr2) |= v; break; case o_int: @@ -651,7 +715,7 @@ process_option(opt, cmd, argv) break; case OPT_LIMITS: option_error("%s value must be%s between %d and %d", - opt->name, opt->lower_limit, opt->upper_limit); + opt->name, zok, opt->lower_limit, opt->upper_limit); break; } return 0; @@ -730,7 +794,7 @@ process_option(opt, cmd, argv) } if (opt->addr2 && (opt->flags & (OPT_A2COPY|OPT_ENABLE - |OPT_A2PRINTER|OPT_A2STRVAL|OPT_A2LIST)) == 0) + |OPT_A2PRINTER|OPT_A2STRVAL|OPT_A2LIST|OPT_A2OR)) == 0) *(bool *)(opt->addr2) = !(opt->flags & OPT_A2CLR); mainopt->source = option_source; @@ -876,7 +940,9 @@ print_option(opt, mainopt, printer, arg) void (*oprt) __P((option_t *, void ((*)__P((void *, char *, ...))), void *)); - oprt = opt->addr2; + oprt = (void (*) __P((option_t *, + void ((*)__P((void *, char *, ...))), + void *)))opt->addr2; (*oprt)(opt, printer, arg); } else if (opt->flags & OPT_A2STRVAL) { p = (char *) opt->addr2; @@ -900,7 +966,7 @@ print_option(opt, mainopt, printer, arg) break; default: - printer(arg, "# %s value (type %d??)", opt->name, opt->type); + printer(arg, "# %s value (type %d\?\?)", opt->name, opt->type); break; } printer(arg, "\t\t# (from %s)\n", mainopt->source); @@ -1389,13 +1455,18 @@ static int setpassfilter(argv) char **argv; { - pc.linktype = DLT_PPP; - pc.snapshot = PPP_HDRLEN; - - if (pcap_compile(&pc, &pass_filter, *argv, 1, netmask) == 0) - return 1; - option_error("error in pass-filter expression: %s\n", pcap_geterr(&pc)); - return 0; + pcap_t *pc; + int ret = 1; + + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); + if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { + option_error("error in pass-filter expression: %s\n", + pcap_geterr(pc)); + ret = 0; + } + pcap_close(pc); + + return ret; } /* @@ -1405,13 +1476,18 @@ static int setactivefilter(argv) char **argv; { - pc.linktype = DLT_PPP; - pc.snapshot = PPP_HDRLEN; - - if (pcap_compile(&pc, &active_filter, *argv, 1, netmask) == 0) - return 1; - option_error("error in active-filter expression: %s\n", pcap_geterr(&pc)); - return 0; + pcap_t *pc; + int ret = 1; + + pc = pcap_open_dead(DLT_PPP_PPPD, 65535); + if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { + option_error("error in active-filter expression: %s\n", + pcap_geterr(pc)); + ret = 0; + } + pcap_close(pc); + + return ret; } #endif @@ -1433,21 +1509,24 @@ setdomain(argv) return (1); } - static int setlogfile(argv) char **argv; { int fd, err; + uid_t euid; - if (!privileged_option) - seteuid(getuid()); + euid = geteuid(); + if (!privileged_option && seteuid(getuid()) == -1) { + option_error("unable to drop permissions to open %s: %m", *argv); + return 0; + } fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); if (fd < 0 && errno == EEXIST) fd = open(*argv, O_WRONLY | O_APPEND); err = errno; - if (!privileged_option) - seteuid(0); + if (!privileged_option && seteuid(euid) == -1) + fatal("unable to regain privileges: %m"); if (fd < 0) { errno = err; option_error("Can't open log file %s: %m", *argv); @@ -1462,6 +1541,26 @@ setlogfile(argv) return 1; } +#ifdef MAXOCTETS +static int +setmodir(argv) + char **argv; +{ + if(*argv == NULL) + return 0; + if(!strcmp(*argv,"in")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_IN; + } else if (!strcmp(*argv,"out")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_OUT; + } else if (!strcmp(*argv,"max")) { + maxoctets_dir = PPP_OCTETS_DIRECTION_MAXOVERAL; + } else { + maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; + } + return 1; +} +#endif + #ifdef PLUGIN static int loadplugin(argv)