Finish the security improvements:

  o Add "allow" command:
      "allow users a b c" gives access to users a, b and c.
      "allow modes auto"  gives those users access to auto mode only.
      "allow users *" and  "allow modes *" are accepted.
      No users and all modes are allowed by default.
    UID 0 can do anything.
  o Set the current label with the "load" and "dial" commands
    so that the call to ppp.linkdown makes sense.
  o Up the verison number.
  o Don't OR MODE_AUTO for -background and -ddial.
  o Don't OR MODE_INTER when we get a diagnostic connection.
  o Allow up to 40 args per line (was 20).
  o "set ifaddr" only changes the interface in AUTO mode (with other
    modes, it happens after IPCP negotiation).
  o Sort command descriptions in the man page.
  o Support -dedicated mode where we just talk ppp forever (no login etc).

15 files changed, 698 insertions, 374 deletions

diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c
index 89e4894..a2f328b 100644
--- a/usr.sbin/ppp/auth.c
+++ b/usr.sbin/ppp/auth.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: auth.c,v 1.20 1997/11/09 18:51:21 brian Exp $
+ * $Id: auth.c,v 1.21 1997/11/09 22:07:27 brian Exp $
  *
  *	TODO:
  *		o Implement check against with registered IP addresses.
@@ -60,8 +60,8 @@ LocalAuthInit()
       *p = '\0';
   }
 
-  if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)))
-    /* We're allowed in interactive and direct */
+  if (!(mode&MODE_DAEMON))
+    /* We're allowed in interactive mode */
     VarLocalAuth = LOCAL_AUTH;
   else if (VarHaveLocalAuthKey)
     VarLocalAuth = *VarLocalAuthKey == '\0' ? LOCAL_AUTH : LOCAL_NO_AUTH;
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index 1c527da..3c10e24 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.c,v 1.96 1997/11/09 22:56:15 brian Exp $
+ * $Id: command.c,v 1.97 1997/11/09 23:40:21 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -77,6 +77,7 @@ static int QuitCommand(struct cmdtab const *, int, char **);
 static int CloseCommand(struct cmdtab const *, int, char **);
 static int DialCommand(struct cmdtab const *, int, char **);
 static int DownCommand(struct cmdtab const *, int, char **);
+static int AllowCommand(struct cmdtab const *, int, char **);
 static int SetCommand(struct cmdtab const *, int, char **);
 static int AddCommand(struct cmdtab const *, int, char **);
 static int DeleteCommand(struct cmdtab const *, int, char **);
@@ -154,13 +155,9 @@ DialCommand(struct cmdtab const * cmdlist, int argc, char **argv)
     return 0;
   }
 
-  if (argc > 0) {
-    if (SelectSystem(*argv, CONFFILE) < 0) {
-      if (VarTerm)
-	fprintf(VarTerm, "%s: not found.\n", *argv);
-      return -1;
-    }
-  }
+  if (argc > 0 && LoadCommand(cmdlist, argc, argv) == -1)
+    return -1;
+
   tries = 0;
   do {
     if (VarTerm)
@@ -227,7 +224,7 @@ ShellCommand(struct cmdtab const * cmdlist, int argc, char **argv, int bg)
    * we want to stop shell commands when we've got a telnet connection to an
    * auto mode ppp
    */
-  if ((mode & (MODE_AUTO | MODE_INTER)) == (MODE_AUTO | MODE_INTER)) {
+  if (VarTerm && !(mode & MODE_INTER)) {
     LogPrintf(LogWARN, "Shell is not allowed interactively in auto mode\n");
     return 1;
   }
@@ -235,17 +232,17 @@ ShellCommand(struct cmdtab const * cmdlist, int argc, char **argv, int bg)
 
   if (argc == 0)
     if (!(mode & MODE_INTER)) {
-      LogPrintf(LogWARN, "Can only start an interactive shell in"
-		" interactive mode\n");
+      if (VarTerm)
+        LogPrintf(LogWARN, "Can't start an interactive shell from"
+		  " a telnet session\n");
+      else
+        LogPrintf(LogWARN, "Can only start an interactive shell in"
+		  " interactive mode\n");
       return 1;
     } else if (bg) {
       LogPrintf(LogWARN, "Can only start an interactive shell in"
 		" the foreground mode\n");
       return 1;
-    } else if (mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)) {
-      LogPrintf(LogWARN, "Can't start an interactive shell from"
-		" a telnet session\n");
-      return 1;
     }
   if ((shell = getenv("SHELL")) == 0)
     shell = _PATH_BSHELL;
@@ -324,6 +321,8 @@ static struct cmdtab const Commands[] = {
   "accept option request", "accept option .."},
   {"add", NULL, AddCommand, LOCAL_AUTH,
   "add route", "add dest mask gateway"},
+  {"allow", "auth", AllowCommand, LOCAL_AUTH,
+  "Allow ppp access", "allow users|modes ...."},
   {"bg", "!bg", BgShellCommand, LOCAL_AUTH,
   "Run a command in the background", "[!]bg command"},
   {"close", NULL, CloseCommand, LOCAL_AUTH,
@@ -668,7 +667,7 @@ Prompt()
 {
   char *pconnect, *pauth;
 
-  if (!(mode & MODE_INTER) || !VarTerm || TermMode)
+  if (!VarTerm || TermMode)
     return;
 
   if (!aft_cmd)
@@ -689,27 +688,41 @@ Prompt()
 }
 
 void
-DecodeCommand(char *buff, int nb, int prompt)
+InterpretCommand(char *buff, int nb, int *argc, char ***argv)
 {
-  char *vector[20];
-  char **argv;
-  int argc;
+  static char *vector[40];
   char *cp;
 
   if (nb > 0) {
     cp = buff + strcspn(buff, "\r\n");
     if (cp)
       *cp = '\0';
-    argc = MakeArgs(buff, vector, VECSIZE(vector));
-    argv = vector;
+    *argc = MakeArgs(buff, vector, VECSIZE(vector));
+    *argv = vector;
+  } else
+    *argc = 0;
+}
+
+void
+RunCommand(int argc, char **argv, int prompt)
+{
+  if (argc > 0)
+    FindExec(Commands, argc, argv);
 
-    if (argc > 0)
-      FindExec(Commands, argc, argv);
-  }
   if (prompt)
     Prompt();
 }
 
+void
+DecodeCommand(char *buff, int nb, int prompt)
+{
+  int argc;
+  char **argv;
+
+  InterpretCommand(buff, nb, &argc, &argv);
+  RunCommand(argc, argv, prompt);
+}
+
 static int
 ShowCommand(struct cmdtab const * list, int argc, char **argv)
 {
@@ -751,26 +764,26 @@ QuitCommand(struct cmdtab const * list, int argc, char **argv)
 {
   FILE *oVarTerm;
 
-  if (mode & (MODE_DIRECT | MODE_DEDICATED | MODE_AUTO)) {
-    if (argc > 0 && !strcasecmp(*argv, "all") && (VarLocalAuth & LOCAL_AUTH)) {
-      mode &= ~MODE_INTER;
-      oVarTerm = VarTerm;
-      VarTerm = 0;
-      if (oVarTerm && oVarTerm != stdout)
-	fclose(oVarTerm);
-      Cleanup(EX_NORMAL);
-    } else if (VarTerm) {
-      LogPrintf(LogPHASE, "Client connection closed.\n");
-      mode &= ~MODE_INTER;
-      oVarTerm = VarTerm;
-      VarTerm = 0;
-      if (oVarTerm && oVarTerm != stdout)
-	fclose(oVarTerm);
-      close(netfd);
-      netfd = -1;
-    }
-  } else
+  if (mode & MODE_INTER)
     Cleanup(EX_NORMAL);
+  else if (argc > 0 && !strcasecmp(*argv, "all") &&
+           (VarLocalAuth & LOCAL_AUTH)) {
+    oVarTerm = VarTerm;
+    VarTerm = 0;
+    if (oVarTerm && oVarTerm != stdout)
+      fclose(oVarTerm);
+    close(netfd);
+    netfd = -1;
+    Cleanup(EX_NORMAL);
+  } else if (VarTerm) {
+    LogPrintf(LogPHASE, "Client connection closed.\n");
+    oVarTerm = VarTerm;
+    VarTerm = 0;
+    if (oVarTerm && oVarTerm != stdout)
+      fclose(oVarTerm);
+    close(netfd);
+    netfd = -1;
+  }
 
   return 0;
 }
@@ -1172,11 +1185,10 @@ SetInterfaceAddr(struct cmdtab const * list, int argc, char **argv)
   IpcpInfo.want_ipaddr.s_addr = DefMyAddress.ipaddr.s_addr;
   IpcpInfo.his_ipaddr.s_addr = DefHisAddress.ipaddr.s_addr;
 
-  if ((mode & MODE_AUTO) ||
-      ((mode & MODE_DEDICATED) && dstsystem)) {
-    if (OsSetIpaddress(DefMyAddress.ipaddr, DefHisAddress.ipaddr, ifnetmask) < 0)
-      return 4;
-  }
+  if ((mode & MODE_AUTO) &&
+      OsSetIpaddress(DefMyAddress.ipaddr, DefHisAddress.ipaddr, ifnetmask) < 0)
+    return 4;
+
   return 0;
 }
 
@@ -1548,3 +1560,27 @@ AliasOption(struct cmdtab const * list, int argc, char **argv, void *param)
     }
   return -1;
 }
+
+static struct cmdtab const AllowCommands[] = {
+  {"users", "user", AllowUsers, LOCAL_AUTH,
+  "Allow users access to ppp", "allow users logname..."},
+  {"modes", "mode", AllowModes, LOCAL_AUTH,
+  "Only allow certain ppp modes", "allow modes mode..."},
+  {"help", "?", HelpCommand, LOCAL_AUTH | LOCAL_NO_AUTH,
+  "Display this message", "allow help|? [command]", (void *)AllowCommands},
+  {NULL, NULL, NULL},
+};
+
+static int
+AllowCommand(struct cmdtab const *list, int argc, char **argv)
+{
+  if (argc > 0)
+    FindExec(AllowCommands, argc, argv);
+  else if (VarTerm)
+    fprintf(VarTerm, "Use `allow ?' to get a list or `allow ? <cmd>' for"
+	    " syntax help.\n");
+  else
+    LogPrintf(LogWARN, "allow command must have arguments\n");
+
+  return 0;
+}
diff --git a/usr.sbin/ppp/command.h b/usr.sbin/ppp/command.h
index f4282d0..37eddc4 100644
--- a/usr.sbin/ppp/command.h
+++ b/usr.sbin/ppp/command.h
@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: command.h,v 1.8 1997/10/26 01:02:28 brian Exp $
+ * $Id: command.h,v 1.9 1997/11/04 01:17:00 brian Exp $
  *
  *	TODO:
  */
@@ -48,4 +48,6 @@ extern int aft_cmd;
 extern int SetVariable(struct cmdtab const *, int, char **, int);
 extern void Prompt(void);
 extern int IsInteractive(int);
+extern void InterpretCommand(char *, int, int *, char ***);
+extern void RunCommand(int, char **, int);
 extern void DecodeCommand(char *, int, int);
diff --git a/usr.sbin/ppp/defs.c b/usr.sbin/ppp/defs.c
index be9134a..3b4142f 100644
--- a/usr.sbin/ppp/defs.c
+++ b/usr.sbin/ppp/defs.c
@@ -1,8 +1,9 @@
 /*
- * $Id: $
+ * $Id: defs.c,v 1.1 1997/10/26 01:02:30 brian Exp $
  */
 
 #include <stdlib.h>
+#include <string.h>
 
 #include "defs.h"
 
@@ -12,7 +13,23 @@ int modem = -1;
 int tun_in = -1;
 int tun_out = -1;
 int netfd = -1;
-char *dstsystem = NULL;
+
+static char dstsystem[50];
+
+void
+SetLabel(const char *label)
+{
+  if (label)
+    strncpy(dstsystem, label, sizeof dstsystem);
+  else
+    *dstsystem = '\0';
+}
+
+const char *
+GetLabel()
+{
+  return *dstsystem ? dstsystem : NULL;
+}
 
 void
 randinit()
diff --git a/usr.sbin/ppp/defs.h b/usr.sbin/ppp/defs.h
index ca20d45..b5eaf47 100644
--- a/usr.sbin/ppp/defs.h
+++ b/usr.sbin/ppp/defs.h
@@ -15,7 +15,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: defs.h,v 1.23 1997/10/26 12:42:10 brian Exp $
+ * $Id: defs.h,v 1.24 1997/11/09 14:18:37 brian Exp $
  *
  *	TODO:
  */
@@ -62,6 +62,9 @@
 #define	MODE_ALIAS	32	/* Packet aliasing (masquerading) */
 #define MODE_BACKGROUND 64	/* Background mode. */
 
+#define MODE_DAEMON (2|4|8|16|64)
+#define MODE_OUTGOING_DAEMON (2|8|16|64)
+
 #define	EX_SIG		-1
 #define	EX_NORMAL	0
 #define	EX_START	1
@@ -83,6 +86,7 @@ extern int modem;
 extern int tun_in;
 extern int tun_out;
 extern int netfd;
-extern char *dstsystem;
 
+extern void SetLabel(const char *);
+extern const char *GetLabel(void);
 extern void randinit(void);
diff --git a/usr.sbin/ppp/ipcp.c b/usr.sbin/ppp/ipcp.c
index c362184..43d60be 100644
--- a/usr.sbin/ppp/ipcp.c
+++ b/usr.sbin/ppp/ipcp.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: ipcp.c,v 1.33 1997/10/29 01:19:40 brian Exp $
+ * $Id: ipcp.c,v 1.34 1997/11/08 00:28:07 brian Exp $
  *
  *	TODO:
  *		o More RFC1772 backwoard compatibility
@@ -193,7 +193,7 @@ IpcpInit()
 
   FsmInit(&IpcpFsm);
   memset(icp, '\0', sizeof(struct ipcpstate));
-  if ((mode & MODE_DEDICATED) && !dstsystem) {
+  if ((mode & MODE_DEDICATED) && !GetLabel()) {
     icp->want_ipaddr.s_addr = icp->his_ipaddr.s_addr = 0;
   } else {
     icp->want_ipaddr.s_addr = DefMyAddress.ipaddr.s_addr;
diff --git a/usr.sbin/ppp/main.c b/usr.sbin/ppp/main.c
index 7224eb0..975171e 100644
--- a/usr.sbin/ppp/main.c
+++ b/usr.sbin/ppp/main.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: main.c,v 1.91 1997/11/09 18:51:23 brian Exp $
+ * $Id: main.c,v 1.92 1997/11/09 22:07:28 brian Exp $
  *
  *	TODO:
  *		o Add commands for traffic summary, version display, etc.
@@ -177,8 +177,7 @@ Cleanup(int excode)
   OsInterfaceDown(1);
   HangupModem(1);
   nointr_sleep(1);
-  if (mode & MODE_AUTO)
-    DeleteIfRoutes(1);
+  DeleteIfRoutes(1);
   ID0unlink(pid_filename);
   if (mode & MODE_BACKGROUND && BGFiledes[1] != -1) {
     char c = EX_ERRDEAD;
@@ -200,11 +199,13 @@ static void
 CloseConnection(int signo)
 {
   /* NOTE, these are manual, we've done a setsid() */
+  pending_signal(SIGINT, SIG_IGN);
   LogPrintf(LogPHASE, "Caught signal %d, abort connection\n", signo);
   reconnectState = RECON_FALSE;
   reconnectCount = 0;
   DownConnection();
   dial_up = 0;
+  pending_signal(SIGINT, CloseConnection);
 }
 
 static void
@@ -286,19 +287,25 @@ ProcessArgs(int argc, char **argv)
   char *cp;
 
   optc = 0;
+  mode = MODE_INTER;
   while (argc > 0 && **argv == '-') {
     cp = *argv + 1;
-    if (strcmp(cp, "auto") == 0)
+    if (strcmp(cp, "auto") == 0) {
       mode |= MODE_AUTO;
-    else if (strcmp(cp, "background") == 0)
-      mode |= MODE_BACKGROUND | MODE_AUTO;
-    else if (strcmp(cp, "direct") == 0)
+      mode &= ~MODE_INTER;
+    } else if (strcmp(cp, "background") == 0) {
+      mode |= MODE_BACKGROUND;
+      mode &= ~MODE_INTER;
+    } else if (strcmp(cp, "direct") == 0) {
       mode |= MODE_DIRECT;
-    else if (strcmp(cp, "dedicated") == 0)
+      mode &= ~MODE_INTER;
+    } else if (strcmp(cp, "dedicated") == 0) {
       mode |= MODE_DEDICATED;
-    else if (strcmp(cp, "ddial") == 0)
-      mode |= MODE_DDIAL | MODE_AUTO;
-    else if (strcmp(cp, "alias") == 0) {
+      mode &= ~MODE_INTER;
+    } else if (strcmp(cp, "ddial") == 0) {
+      mode |= MODE_DDIAL;
+      mode &= ~MODE_INTER;
+    } else if (strcmp(cp, "alias") == 0) {
       if (loadAliasHandlers(&VarAliasHandlers) == 0)
 	mode |= MODE_ALIAS;
       else
@@ -315,7 +322,7 @@ ProcessArgs(int argc, char **argv)
     exit(EX_START);
   }
   if (argc == 1)
-    dstsystem = *argv;
+    SetLabel(*argv);
 
   if (optc > 1) {
     fprintf(stderr, "specify only one mode.\n");
@@ -345,15 +352,15 @@ main(int argc, char **argv)
   argc--;
   argv++;
   ProcessArgs(argc, argv);
-  if (!(mode & MODE_DIRECT)) {
-    if (getuid() != 0) {
-      fprintf(stderr, "You may only run ppp in client mode as user id 0\n");
-      LogClose();
-      return EX_NOPERM;
-    }
+  if (!(mode & MODE_DIRECT))
     VarTerm = stdout;
-  }
+
   ID0init();
+  if (!ValidSystem(GetLabel())) {
+    fprintf(stderr, "You may not use ppp in this mode with this label\n");
+    return 1;
+  }
+
   Greetings();
   IpcpDefAddress();
   LocalAuthInit();
@@ -365,20 +372,17 @@ main(int argc, char **argv)
     LogPrintf(LogWARN, "open_tun: %s\n", strerror(errno));
     return EX_START;
   }
-  if (mode & (MODE_AUTO | MODE_DIRECT | MODE_DEDICATED))
-    mode &= ~MODE_INTER;
   if (mode & MODE_INTER) {
     fprintf(VarTerm, "Interactive mode\n");
     netfd = STDOUT_FILENO;
-  } else if (mode & MODE_AUTO) {
-    fprintf(VarTerm, "Automatic Dialer mode\n");
-    if (dstsystem == NULL) {
+  } else if ((mode & MODE_OUTGOING_DAEMON) && !(mode & MODE_DEDICATED))
+    if (GetLabel() == NULL) {
       if (VarTerm)
 	fprintf(VarTerm, "Destination system must be specified in"
 		" auto, background or ddial mode.\n");
       return EX_START;
     }
-  }
+
   tcgetattr(0, &oldtio);	/* Save original tty mode */
 
   pending_signal(SIGHUP, CloseSession);
@@ -402,28 +406,29 @@ main(int argc, char **argv)
     pending_signal(SIGTTOU, SIG_IGN);
 #endif
   }
+  if (!(mode & MODE_INTER)) {
 #ifdef SIGUSR1
-  if (mode != MODE_INTER)
     pending_signal(SIGUSR1, SetUpServer);
 #endif
 #ifdef SIGUSR2
-  if (mode != MODE_INTER)
     pending_signal(SIGUSR2, BringDownServer);
 #endif
+  }
 
-  if (dstsystem) {
-    if (SelectSystem(dstsystem, CONFFILE) < 0) {
+  if (GetLabel()) {
+    if (SelectSystem(GetLabel(), CONFFILE) < 0) {
       LogPrintf(LogWARN, "Destination system not found in conf file.\n");
       Cleanup(EX_START);
     }
-    if ((mode & MODE_AUTO) && DefHisAddress.ipaddr.s_addr == INADDR_ANY) {
+    if (mode & MODE_OUTGOING_DAEMON &&
+	DefHisAddress.ipaddr.s_addr == INADDR_ANY) {
       LogPrintf(LogWARN, "Must specify dstaddr with"
 		" auto, background or ddial mode.\n");
       Cleanup(EX_START);
     }
   }
 
-  if (!(mode & MODE_INTER)) {
+  if (mode & MODE_DAEMON) {
     if (mode & MODE_BACKGROUND) {
       if (pipe(BGFiledes)) {
 	LogPrintf(LogERROR, "pipe: %s\n", strerror(errno));
@@ -468,13 +473,9 @@ main(int argc, char **argv)
     close(1);
     close(2);
 
-#ifdef DOTTYINIT
-    if (mode & (MODE_DIRECT | MODE_DEDICATED))
-#else
     if (mode & MODE_DIRECT)
-#endif
       TtyInit(1);
-    else {
+    else if (mode & MODE_DAEMON) {
       setsid();
       close(0);
     }
@@ -522,12 +523,11 @@ PacketMode()
   LcpUp();
 
   LcpOpen(VarOpenMode);
-  if ((mode & (MODE_INTER | MODE_AUTO)) == MODE_INTER) {
+  if (mode & MODE_INTER)
     TtyCommandMode(1);
-    if (VarTerm) {
-      fprintf(VarTerm, "Packet mode.\n");
-      aft_cmd = 1;
-    }
+  if (VarTerm) {
+    fprintf(VarTerm, "Packet mode.\n");
+    aft_cmd = 1;
   }
 }
 
@@ -571,7 +571,6 @@ ReadTty()
         Prompt();
     } else {
       LogPrintf(LogPHASE, "client connection closed.\n");
-      mode &= ~MODE_INTER;
       oVarTerm = VarTerm;
       VarTerm = 0;
       if (oVarTerm && oVarTerm != stdout)
@@ -771,7 +770,9 @@ DoLoop()
 	    Cleanup(EX_DEAD);
 	}
 	reconnectState = RECON_ENVOKED;
-      }
+      } else if (mode & MODE_DEDICATED)
+        if (VarOpenMode == OPEN_ACTIVE)
+          PacketMode();
     }
 
     /*
@@ -933,13 +934,12 @@ DoLoop()
 	netfd = wfd;
       VarTerm = fdopen(netfd, "a+");
       LocalAuthInit();
-      mode |= MODE_INTER;
       Greetings();
       IsInteractive(1);
       Prompt();
     }
-    if ((mode & MODE_INTER) && (netfd >= 0 && FD_ISSET(netfd, &rfds)) &&
-	((mode & MODE_AUTO) || pgroup == tcgetpgrp(0))) {
+    if (netfd >= 0 && FD_ISSET(netfd, &rfds) &&
+	((mode & MODE_OUTGOING_DAEMON) || pgroup == tcgetpgrp(0))) {
       /* something to read from tty */
       ReadTty();
     }
diff --git a/usr.sbin/ppp/os.c b/usr.sbin/ppp/os.c
index 91d7435..dfe1831 100644
--- a/usr.sbin/ppp/os.c
+++ b/usr.sbin/ppp/os.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: os.c,v 1.30 1997/11/08 00:28:10 brian Exp $
+ * $Id: os.c,v 1.31 1997/11/09 06:22:44 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -218,8 +218,8 @@ OsLinkup()
       LogPrintf(LogLCP, "OsLinkup: %s\n", s);
 
     if (SelectSystem(inet_ntoa(IpcpInfo.want_ipaddr), LINKUPFILE) < 0) {
-      if (dstsystem) {
-	if (SelectSystem(dstsystem, LINKUPFILE) < 0)
+      if (GetLabel()) {
+	if (SelectSystem(GetLabel(), LINKUPFILE) < 0)
 	  SelectSystem("MYADDR", LINKUPFILE);
       } else
 	SelectSystem("MYADDR", LINKUPFILE);
@@ -248,12 +248,11 @@ OsLinkdown()
     FsmDown(&IpcpFsm);	/* IPCP must come down */
     FsmDown(&CcpFsm);	/* CCP must come down */
 
-    if (!(mode & MODE_AUTO))
-      DeleteIfRoutes(0);
+    DeleteIfRoutes(0);
     linkup = 0;
     if (SelectSystem(s, LINKDOWNFILE) < 0) {
-      if (dstsystem) {
-	if (SelectSystem(dstsystem, LINKDOWNFILE) < 0)
+      if (GetLabel()) {
+	if (SelectSystem(GetLabel(), LINKDOWNFILE) < 0)
 	  SelectSystem("MYADDR", LINKDOWNFILE);
       } else
 	SelectSystem("MYADDR", LINKDOWNFILE);
@@ -268,7 +267,7 @@ OsInterfaceDown(int final)
   int s;
 
   OsLinkdown();
-  if (!final && (mode & MODE_AUTO))	/* We still want interface alive */
+  if (!final && (mode & MODE_DAEMON))	/* We still want interface alive */
     return (0);
   s = socket(AF_INET, SOCK_DGRAM, 0);
   if (s < 0) {
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 6eb42cd..8b0726b 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -1,14 +1,20 @@
-.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $
+.\" $Id: ppp.8,v 1.77 1997/11/09 22:07:28 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
 .Sh NAME
 .Nm ppp
-.Nd
-Point to Point Protocol (a.k.a. iijppp) 
+.Nd Point to Point Protocol (a.k.a. iijppp) 
 .Sh SYNOPSIS
 .Nm
-.Op Fl auto | background | ddial | direct | dedicated 
+.\" SOMEONE FIX ME ! The .Op macro can't handle enough args !
+[
+.Fl auto |
+.Fl background |
+.Fl ddial |
+.Fl direct |
+.Fl dedicated
+]
 .Op Fl alias
 .Op Ar system
 .Sh DESCRIPTION
@@ -46,19 +52,35 @@ can write a chat script to define the necessary dialing and login
 procedure for later convenience.
 
 .It Supports on-demand dialup capability.
-By using auto mode,
+By using
+.Fl auto
+mode,
 .Nm
 will act as a daemon and wait for a packet to be sent over the
 .Em PPP
 link.  When this happens, the daemon automatically dials and establishes the
 connection.
 
-In almost the same manner ddial mode (dedicated or daemon dialing)
-also automatically dials and establishes the connection.  However, it
-differs in that it will dial the remote site any time it detects the
-link is down, even if there are no packets to be sent.  This mode is
-useful for full-time connections who worry less about line charges
-and more about being connected full time.
+In almost the same manner
+.Fl ddial
+mode (direct-dial mode) also automatically dials and establishes the
+connection.  However, it differs in that it will dial the remote site
+any time it detects the link is down, even if there are no packets to be
+sent.  This mode is useful for full-time connections where we worry less
+about line charges and more about being connected full time.
+
+A third
+.Fl dedicated
+mode is also available.  This mode is targeted at a dedicated link
+between two machines.
+.Nm Ppp
+will never voluntarily quit from dedicated mode - you must send it the
+.Dq quit all
+command via its diagnostic socket.  A
+.Dv SIGHUP
+will force an LCP renegotiation, and a
+.Dv SIGTERM
+will force it to exit.
 
 .It Supports packet aliasing.
 Packet aliasing (a.k.a. IP masquerading) allows computers on a
@@ -144,20 +166,24 @@ and group
 .Dv network ,
 with permissions
 .Dv 4550 .
-.Nm Ppp
-will not execute in client mode if the invoking user id is not zero.
-.Nm Ppp
-will run in
-.Fl direct
-mode as a normal user, but due to its execution permissions, this user
-must be a member of group
-.Dv network .
+By default, 
+.Nm
+will not run if the invoking user id is not zero.  This may be overridden
+by using the
+.Dq allow users
+command in
+.Pa /etc/ppp/ppp.conf .
 When running as a normal user,
 .Nm
-switches to user id 0 in order to alter the system routing table.  All
+switches to user id 0 in order to alter the system routing table, set up
+system lock files and read the ppp configuration files.  All
 external commands (executed via the "shell" or "!bg" commands) are executed
 as the user id that invoked
 .Nm ppp .
+Refer to the
+.Sq ID0
+logging facility if you're interested in what exactly is done as user id
+zero.
 
 .Sh GETTING STARTED
 
@@ -1658,6 +1684,136 @@ is the next hop gateway to get to the given
 .Dq dest
 machine/network.
 
+.It allow .....
+This command controls access to
+.Nm
+and its configuration files.  It is possible to allow user-level access,
+depending on the configuration file label and on the mode that
+.Nm
+is being run in.  For example, you may wish to configure
+.Nm
+so that only user
+.Sq fred
+may access label
+.Sq fredlabel
+in
+.Fl background
+mode.
+.Pp
+User id 0 is immune to these commands.
+
+.Bl -tag -width 20
+.It allow user|users logname...
+By default, only user id 0 is allowed access.  If this command is specified,
+all of the listed users are allowed access to the section in which the
+.Dq allow users
+command is found.  The
+.Sq default
+section is always checked first (although it is only ever automatically
+loaded at startup).  Each successive
+.Dq allow users
+command overrides the previous one, so it's possible to allow users access
+to everything except a given label by specifying default users in the
+.Sq default
+section, and then specifying a new user list for that label.
+.Pp
+If user
+.Sq *
+is specified, access is allowed to all users.
+
+.It allow mode|modes modelist...
+By default, access using all
+.Nm
+modes is possible.  If this command is used, it restricts the access
+modes allowed to load the label under which this command is specified.
+Again, as with the
+.Dq allow users
+command, each
+.Dq allow modes
+command overrides the previous, and the
+.Sq default
+section is always checked first.
+.Pp
+Possible modes are:
+.Sq interactive ,
+.Sq auto ,
+.Sq direct ,
+.Sq dedicated ,
+.Sq ddial ,
+.Sq background
+and
+.Sq * .
+.El
+
+.It alias .....
+This command allows the control of the aliasing (or masquerading)
+facilities that are built into
+.Nm ppp .
+Until this code is required, it is not loaded by
+.Nm ppp ,
+and it is quite possible that the alias library is not installed
+on your system (some administrators consider it a security risk).
+
+If aliasing is enabled on your system, the following commands are
+possible:
+
+.Bl -tag -width 20
+.It alias enable [yes|no]
+This command either switches aliasing on or turns it off.
+The
+.Fl alias
+command line flag is synonymous with
+.Dq alias enable yes .
+
+.It alias port [proto targetIP:targetPORT [aliasIP:]aliasPORT]
+This command allows us to redirect connections arriving at
+.Dq aliasPORT
+for machine [aliasIP] to
+.Dq targetPORT
+on
+.Dq targetIP .
+If proto is specified, only connections of the given protocol
+are matched.  This option is useful if you wish to run things like
+Internet phone on the machines behind your gateway.
+
+.It alias addr [addr_local addr_alias]
+This command allows data for
+.Dq addr_alias
+to be redirected to
+.Dq addr_local .
+It is useful if you own a small number of real IP numbers that
+you wish to map to specific machines behind your gateway.
+
+.It alias deny_incoming [yes|no]
+If set to yes, this command will refuse all incoming connections
+by dropping the packets in much the same way as a firewall would.
+
+.It alias log [yes|no]
+This option causes various aliasing statistics and information to
+be logged to the file
+.Pa /var/log/alias.log .
+
+.It alias same_ports [yes|no]
+When enabled, this command will tell the alias library attempt to
+avoid changing the port number on outgoing packets.  This is useful
+if you want to support protocols such as RPC and LPD which require
+connections to come from a well known port.
+
+.It alias use_sockets [yes|no]
+When enabled, this option tells the alias library to create a
+socket so that it can guarantee a correct incoming ftp data or
+IRC connection.
+
+.It alias unregistered_only [yes|no]
+Only alter outgoing packets with an unregistered source ad-
+dress.  According to RFC 1918, unregistered source addresses
+are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
+
+.It alias help|?
+This command gives a summary of available alias commands.
+
+.El
+
 .It [!]bg command
 The given command is executed in the background.
 Any of the pseudo arguments
@@ -1711,10 +1867,14 @@ values as specified under
 .Dq accept|deny|enable|disable option....
 above.
 
-.It passwd pass
-Specify the password required for access to the full
-.Nm
-command set.
+.It down
+Bring the link down ungracefully, as if the physical layer had become
+unavailable.  It's not considered polite to use this command.
+
+.It help|? [command]
+Show a list of available commands.  If
+.Dq command
+is specified, show the usage string for that command.
 
 .It load [remote]
 Load the given
@@ -1725,6 +1885,28 @@ is not given, the
 .Dq default
 label is assumed.
 
+.It passwd pass
+Specify the password required for access to the full
+.Nm
+command set.
+
+.It quit|bye [all]
+Exit
+.Nm ppp .
+If
+.Nm
+is in interactive mode or if the
+.Dq all
+argument is given,
+.Nm
+will exit, closing the connection.  A simple
+.Dq quit
+issued from a
+.Xr pppctl 8
+or
+.Xr telnet 1
+session will not close the current connection.
+
 .It save
 This option is not (yet) implemented.
 
@@ -2140,101 +2322,6 @@ peer is detected on the other side of the modem,
 .Nm
 automatically enables Packet Mode and goes back into command mode.
 
-.It alias .....
-This command allows the control of the aliasing (or masquerading)
-facilities that are built into
-.Nm ppp .
-Until this code is required, it is not loaded by
-.Nm ppp ,
-and it is quite possible that the alias library is not installed
-on your system (some administrators consider it a security risk).
-
-If aliasing is enabled on your system, the following commands are
-possible:
-
-.Bl -tag -width 20
-.It alias enable [yes|no]
-This command either switches aliasing on or turns it off.
-The
-.Fl alias
-command line flag is synonymous with
-.Dq alias enable yes .
-
-.It alias port [proto targetIP:targetPORT [aliasIP:]aliasPORT]
-This command allows us to redirect connections arriving at
-.Dq aliasPORT
-for machine [aliasIP] to
-.Dq targetPORT
-on
-.Dq targetIP .
-If proto is specified, only connections of the given protocol
-are matched.  This option is useful if you wish to run things like
-Internet phone on the machines behind your gateway.
-
-.It alias addr [addr_local addr_alias]
-This command allows data for
-.Dq addr_alias
-to be redirected to
-.Dq addr_local .
-It is useful if you own a small number of real IP numbers that
-you wish to map to specific machines behind your gateway.
-
-.It alias deny_incoming [yes|no]
-If set to yes, this command will refuse all incoming connections
-by dropping the packets in much the same way as a firewall would.
-
-.It alias log [yes|no]
-This option causes various aliasing statistics and information to
-be logged to the file
-.Pa /var/log/alias.log .
-
-.It alias same_ports [yes|no]
-When enabled, this command will tell the alias library attempt to
-avoid changing the port number on outgoing packets.  This is useful
-if you want to support protocols such as RPC and LPD which require
-connections to come from a well known port.
-
-.It alias use_sockets [yes|no]
-When enabled, this option tells the alias library to create a
-socket so that it can guarantee a correct incoming ftp data or
-IRC connection.
-
-.It alias unregistered_only [yes|no]
-Only alter outgoing packets with an unregistered source ad-
-dress.  According to RFC 1918, unregistered source addresses
-are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
-
-.It alias help|?
-This command gives a summary of available alias commands.
-
-.El
-
-.It quit|bye [all]
-Exit
-.Nm ppp .
-If
-.Nm
-is in interactive mode or if the
-.Dq all
-argument is given,
-.Nm
-will exit, closing the connection.  A simple
-.Dq quit
-issued from a
-.Xr pppctl 8
-or
-.Xr telnet 1
-session will not close the current connection.
-
-.It help|? [command]
-Show a list of available commands.  If
-.Dq command
-is specified, show the usage string for that command.
-
-.It down
-Bring the link down ungracefully.  It's not considered polite to
-use this command.
-
 .El
 
 .Sh MORE DETAILS
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 6eb42cd..8b0726b 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -1,14 +1,20 @@
-.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $
+.\" $Id: ppp.8,v 1.77 1997/11/09 22:07:28 brian Exp $
 .Dd 20 September 1995
 .Os FreeBSD
 .Dt PPP 8
 .Sh NAME
 .Nm ppp
-.Nd
-Point to Point Protocol (a.k.a. iijppp) 
+.Nd Point to Point Protocol (a.k.a. iijppp) 
 .Sh SYNOPSIS
 .Nm
-.Op Fl auto | background | ddial | direct | dedicated 
+.\" SOMEONE FIX ME ! The .Op macro can't handle enough args !
+[
+.Fl auto |
+.Fl background |
+.Fl ddial |
+.Fl direct |
+.Fl dedicated
+]
 .Op Fl alias
 .Op Ar system
 .Sh DESCRIPTION
@@ -46,19 +52,35 @@ can write a chat script to define the necessary dialing and login
 procedure for later convenience.
 
 .It Supports on-demand dialup capability.
-By using auto mode,
+By using
+.Fl auto
+mode,
 .Nm
 will act as a daemon and wait for a packet to be sent over the
 .Em PPP
 link.  When this happens, the daemon automatically dials and establishes the
 connection.
 
-In almost the same manner ddial mode (dedicated or daemon dialing)
-also automatically dials and establishes the connection.  However, it
-differs in that it will dial the remote site any time it detects the
-link is down, even if there are no packets to be sent.  This mode is
-useful for full-time connections who worry less about line charges
-and more about being connected full time.
+In almost the same manner
+.Fl ddial
+mode (direct-dial mode) also automatically dials and establishes the
+connection.  However, it differs in that it will dial the remote site
+any time it detects the link is down, even if there are no packets to be
+sent.  This mode is useful for full-time connections where we worry less
+about line charges and more about being connected full time.
+
+A third
+.Fl dedicated
+mode is also available.  This mode is targeted at a dedicated link
+between two machines.
+.Nm Ppp
+will never voluntarily quit from dedicated mode - you must send it the
+.Dq quit all
+command via its diagnostic socket.  A
+.Dv SIGHUP
+will force an LCP renegotiation, and a
+.Dv SIGTERM
+will force it to exit.
 
 .It Supports packet aliasing.
 Packet aliasing (a.k.a. IP masquerading) allows computers on a
@@ -144,20 +166,24 @@ and group
 .Dv network ,
 with permissions
 .Dv 4550 .
-.Nm Ppp
-will not execute in client mode if the invoking user id is not zero.
-.Nm Ppp
-will run in
-.Fl direct
-mode as a normal user, but due to its execution permissions, this user
-must be a member of group
-.Dv network .
+By default, 
+.Nm
+will not run if the invoking user id is not zero.  This may be overridden
+by using the
+.Dq allow users
+command in
+.Pa /etc/ppp/ppp.conf .
 When running as a normal user,
 .Nm
-switches to user id 0 in order to alter the system routing table.  All
+switches to user id 0 in order to alter the system routing table, set up
+system lock files and read the ppp configuration files.  All
 external commands (executed via the "shell" or "!bg" commands) are executed
 as the user id that invoked
 .Nm ppp .
+Refer to the
+.Sq ID0
+logging facility if you're interested in what exactly is done as user id
+zero.
 
 .Sh GETTING STARTED
 
@@ -1658,6 +1684,136 @@ is the next hop gateway to get to the given
 .Dq dest
 machine/network.
 
+.It allow .....
+This command controls access to
+.Nm
+and its configuration files.  It is possible to allow user-level access,
+depending on the configuration file label and on the mode that
+.Nm
+is being run in.  For example, you may wish to configure
+.Nm
+so that only user
+.Sq fred
+may access label
+.Sq fredlabel
+in
+.Fl background
+mode.
+.Pp
+User id 0 is immune to these commands.
+
+.Bl -tag -width 20
+.It allow user|users logname...
+By default, only user id 0 is allowed access.  If this command is specified,
+all of the listed users are allowed access to the section in which the
+.Dq allow users
+command is found.  The
+.Sq default
+section is always checked first (although it is only ever automatically
+loaded at startup).  Each successive
+.Dq allow users
+command overrides the previous one, so it's possible to allow users access
+to everything except a given label by specifying default users in the
+.Sq default
+section, and then specifying a new user list for that label.
+.Pp
+If user
+.Sq *
+is specified, access is allowed to all users.
+
+.It allow mode|modes modelist...
+By default, access using all
+.Nm
+modes is possible.  If this command is used, it restricts the access
+modes allowed to load the label under which this command is specified.
+Again, as with the
+.Dq allow users
+command, each
+.Dq allow modes
+command overrides the previous, and the
+.Sq default
+section is always checked first.
+.Pp
+Possible modes are:
+.Sq interactive ,
+.Sq auto ,
+.Sq direct ,
+.Sq dedicated ,
+.Sq ddial ,
+.Sq background
+and
+.Sq * .
+.El
+
+.It alias .....
+This command allows the control of the aliasing (or masquerading)
+facilities that are built into
+.Nm ppp .
+Until this code is required, it is not loaded by
+.Nm ppp ,
+and it is quite possible that the alias library is not installed
+on your system (some administrators consider it a security risk).
+
+If aliasing is enabled on your system, the following commands are
+possible:
+
+.Bl -tag -width 20
+.It alias enable [yes|no]
+This command either switches aliasing on or turns it off.
+The
+.Fl alias
+command line flag is synonymous with
+.Dq alias enable yes .
+
+.It alias port [proto targetIP:targetPORT [aliasIP:]aliasPORT]
+This command allows us to redirect connections arriving at
+.Dq aliasPORT
+for machine [aliasIP] to
+.Dq targetPORT
+on
+.Dq targetIP .
+If proto is specified, only connections of the given protocol
+are matched.  This option is useful if you wish to run things like
+Internet phone on the machines behind your gateway.
+
+.It alias addr [addr_local addr_alias]
+This command allows data for
+.Dq addr_alias
+to be redirected to
+.Dq addr_local .
+It is useful if you own a small number of real IP numbers that
+you wish to map to specific machines behind your gateway.
+
+.It alias deny_incoming [yes|no]
+If set to yes, this command will refuse all incoming connections
+by dropping the packets in much the same way as a firewall would.
+
+.It alias log [yes|no]
+This option causes various aliasing statistics and information to
+be logged to the file
+.Pa /var/log/alias.log .
+
+.It alias same_ports [yes|no]
+When enabled, this command will tell the alias library attempt to
+avoid changing the port number on outgoing packets.  This is useful
+if you want to support protocols such as RPC and LPD which require
+connections to come from a well known port.
+
+.It alias use_sockets [yes|no]
+When enabled, this option tells the alias library to create a
+socket so that it can guarantee a correct incoming ftp data or
+IRC connection.
+
+.It alias unregistered_only [yes|no]
+Only alter outgoing packets with an unregistered source ad-
+dress.  According to RFC 1918, unregistered source addresses
+are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
+
+.It alias help|?
+This command gives a summary of available alias commands.
+
+.El
+
 .It [!]bg command
 The given command is executed in the background.
 Any of the pseudo arguments
@@ -1711,10 +1867,14 @@ values as specified under
 .Dq accept|deny|enable|disable option....
 above.
 
-.It passwd pass
-Specify the password required for access to the full
-.Nm
-command set.
+.It down
+Bring the link down ungracefully, as if the physical layer had become
+unavailable.  It's not considered polite to use this command.
+
+.It help|? [command]
+Show a list of available commands.  If
+.Dq command
+is specified, show the usage string for that command.
 
 .It load [remote]
 Load the given
@@ -1725,6 +1885,28 @@ is not given, the
 .Dq default
 label is assumed.
 
+.It passwd pass
+Specify the password required for access to the full
+.Nm
+command set.
+
+.It quit|bye [all]
+Exit
+.Nm ppp .
+If
+.Nm
+is in interactive mode or if the
+.Dq all
+argument is given,
+.Nm
+will exit, closing the connection.  A simple
+.Dq quit
+issued from a
+.Xr pppctl 8
+or
+.Xr telnet 1
+session will not close the current connection.
+
 .It save
 This option is not (yet) implemented.
 
@@ -2140,101 +2322,6 @@ peer is detected on the other side of the modem,
 .Nm
 automatically enables Packet Mode and goes back into command mode.
 
-.It alias .....
-This command allows the control of the aliasing (or masquerading)
-facilities that are built into
-.Nm ppp .
-Until this code is required, it is not loaded by
-.Nm ppp ,
-and it is quite possible that the alias library is not installed
-on your system (some administrators consider it a security risk).
-
-If aliasing is enabled on your system, the following commands are
-possible:
-
-.Bl -tag -width 20
-.It alias enable [yes|no]
-This command either switches aliasing on or turns it off.
-The
-.Fl alias
-command line flag is synonymous with
-.Dq alias enable yes .
-
-.It alias port [proto targetIP:targetPORT [aliasIP:]aliasPORT]
-This command allows us to redirect connections arriving at
-.Dq aliasPORT
-for machine [aliasIP] to
-.Dq targetPORT
-on
-.Dq targetIP .
-If proto is specified, only connections of the given protocol
-are matched.  This option is useful if you wish to run things like
-Internet phone on the machines behind your gateway.
-
-.It alias addr [addr_local addr_alias]
-This command allows data for
-.Dq addr_alias
-to be redirected to
-.Dq addr_local .
-It is useful if you own a small number of real IP numbers that
-you wish to map to specific machines behind your gateway.
-
-.It alias deny_incoming [yes|no]
-If set to yes, this command will refuse all incoming connections
-by dropping the packets in much the same way as a firewall would.
-
-.It alias log [yes|no]
-This option causes various aliasing statistics and information to
-be logged to the file
-.Pa /var/log/alias.log .
-
-.It alias same_ports [yes|no]
-When enabled, this command will tell the alias library attempt to
-avoid changing the port number on outgoing packets.  This is useful
-if you want to support protocols such as RPC and LPD which require
-connections to come from a well known port.
-
-.It alias use_sockets [yes|no]
-When enabled, this option tells the alias library to create a
-socket so that it can guarantee a correct incoming ftp data or
-IRC connection.
-
-.It alias unregistered_only [yes|no]
-Only alter outgoing packets with an unregistered source ad-
-dress.  According to RFC 1918, unregistered source addresses
-are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
-
-.It alias help|?
-This command gives a summary of available alias commands.
-
-.El
-
-.It quit|bye [all]
-Exit
-.Nm ppp .
-If
-.Nm
-is in interactive mode or if the
-.Dq all
-argument is given,
-.Nm
-will exit, closing the connection.  A simple
-.Dq quit
-issued from a
-.Xr pppctl 8
-or
-.Xr telnet 1
-session will not close the current connection.
-
-.It help|? [command]
-Show a list of available commands.  If
-.Dq command
-is specified, show the usage string for that command.
-
-.It down
-Bring the link down ungracefully.  It's not considered polite to
-use this command.
-
 .El
 
 .Sh MORE DETAILS
diff --git a/usr.sbin/ppp/route.c b/usr.sbin/ppp/route.c
index 8ecb5c8..8520e95 100644
--- a/usr.sbin/ppp/route.c
+++ b/usr.sbin/ppp/route.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: route.c,v 1.23 1997/11/09 06:22:47 brian Exp $
+ * $Id: route.c,v 1.24 1997/11/09 14:18:50 brian Exp $
  *
  */
 
@@ -268,7 +268,7 @@ ShowRoute()
 	  mask <<= 8;
       }
     }
-    fprintf(VarTerm, "%08lx  ", mask);
+    fprintf(VarTerm, "0x%08lx  ", mask);
     p_flags(rtm->rtm_flags & (RTF_UP | RTF_GATEWAY | RTF_HOST), "%-6.6s ");
     fprintf(VarTerm, "(%d)\n", rtm->rtm_index);
   }
diff --git a/usr.sbin/ppp/server.c b/usr.sbin/ppp/server.c
index b6869b8..d4bb2a1 100644
--- a/usr.sbin/ppp/server.c
+++ b/usr.sbin/ppp/server.c
@@ -1,5 +1,5 @@
 /*
- * $Id: server.c,v 1.8 1997/11/09 14:18:51 brian Exp $
+ * $Id: server.c,v 1.9 1997/11/09 22:07:29 brian Exp $
  */
 
 #include <sys/param.h>
@@ -42,7 +42,7 @@ ServerLocalOpen(const char *name, mode_t mask)
     return 1;
   }
 
-  if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT))) {
+  if (mode & MODE_INTER) {
     LogPrintf(LogERROR, "Local: Can't open socket in interactive mode\n");
     return 1;
   }
@@ -100,7 +100,7 @@ ServerTcpOpen(int port)
     return 6;
   }
 
-  if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT))) {
+  if (mode & MODE_INTER) {
     LogPrintf(LogERROR, "Tcp: Can't open socket in interactive mode\n");
     return 6;
   }
diff --git a/usr.sbin/ppp/systems.c b/usr.sbin/ppp/systems.c
index 715cb11..62cd642 100644
--- a/usr.sbin/ppp/systems.c
+++ b/usr.sbin/ppp/systems.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.c,v 1.21 1997/11/09 14:18:53 brian Exp $
+ * $Id: systems.c,v 1.22 1997/11/09 17:51:27 brian Exp $
  *
  *  TODO:
  */
@@ -43,6 +43,7 @@
 #include "pathnames.h"
 #include "vars.h"
 #include "server.h"
+#include "chat.h"
 #include "systems.h"
 
 #define issep(ch) ((ch) == ' ' || (ch) == '\t')
@@ -165,8 +166,66 @@ DecodeCtrlCommand(char *line, char *arg)
   return CTRL_UNKNOWN;
 }
 
+static int userok;
+
 int
-SelectSystem(char *name, char *file)
+AllowUsers(struct cmdtab const *list, int argc, char **argv)
+{
+  int f;
+  char *user;
+
+  userok = 0;
+  user = getlogin();
+  if (user && *user)
+    for (f = 0; f < argc; f++)
+      if (!strcmp("*", argv[f]) || !strcmp(user, argv[f])) {
+        userok = 1;
+        break;
+      }
+
+  return 0;
+}
+
+static struct {
+  int mode;
+  char *name;
+} modes[] = {
+  { MODE_INTER, "interactive" },
+  { MODE_AUTO, "auto" },
+  { MODE_DIRECT, "direct" },
+  { MODE_DEDICATED, "dedicated" },
+  { MODE_DDIAL, "ddial" },
+  { MODE_BACKGROUND, "background" },
+  { ~0, "*" },
+  { 0, 0 }
+};
+
+static int modeok;
+
+int
+AllowModes(struct cmdtab const *list, int argc, char **argv)
+{
+  int f;
+  int m;
+  int allowed;
+
+  allowed = 0;
+  for (f = 0; f < argc; f++) {
+    for (m = 0; modes[m].mode; m++)
+      if (!strcasecmp(modes[m].name, argv[f])) {
+        allowed |= modes[m].mode;
+        break;
+      }
+    if (modes[m].mode == 0)
+      LogPrintf(LogWARN, "%s: Invalid mode\n", argv[f]);
+  }
+
+  modeok = (mode | allowed) == allowed ? 1 : 0;
+  return 0;
+}
+
+static int
+ReadSystem(const char *name, const char *file, int doexec)
 {
   FILE *fp;
   char *cp, *wp;
@@ -175,6 +234,9 @@ SelectSystem(char *name, char *file)
   char line[LINE_LEN];
   char filename[200];
   int linenum;
+  int argc;
+  char **argv;
+  int allowcmd;
 
   if (*file == '/')
     snprintf(filename, sizeof filename, "%s", file);
@@ -182,10 +244,10 @@ SelectSystem(char *name, char *file)
     snprintf(filename, sizeof filename, "%s/%s", _PATH_PPP, file);
   fp = ID0fopen(filename, "r");
   if (fp == NULL) {
-    LogPrintf(LogDEBUG, "SelectSystem: Can't open %s.\n", filename);
+    LogPrintf(LogDEBUG, "ReadSystem: Can't open %s.\n", filename);
     return (-1);
   }
-  LogPrintf(LogDEBUG, "SelectSystem: Checking %s (%s).\n", name, filename);
+  LogPrintf(LogDEBUG, "ReadSystem: Checking %s (%s).\n", name, filename);
 
   linenum = 0;
   while (fgets(line, sizeof(line), fp)) {
@@ -211,7 +273,7 @@ SelectSystem(char *name, char *file)
         switch (DecodeCtrlCommand(cp+1, arg)) {
         case CTRL_INCLUDE:
           LogPrintf(LogCOMMAND, "%s: Including \"%s\"\n", filename, arg);
-          n = SelectSystem(name, arg);
+          n = ReadSystem(name, arg, doexec);
           LogPrintf(LogCOMMAND, "%s: Done include of \"%s\"\n", filename, arg);
           if (!n)
             return 0;	/* got it */
@@ -233,12 +295,16 @@ SelectSystem(char *name, char *file)
               cp[--len] = '\0';
             if (!len)
               continue;
-	    LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
-	    olauth = VarLocalAuth;
-	    if (VarLocalAuth == LOCAL_NO_AUTH)
-	      VarLocalAuth = LOCAL_AUTH;
-	    DecodeCommand(cp, len, 0);
-	    VarLocalAuth = olauth;
+            InterpretCommand(cp, len, &argc, &argv);
+            allowcmd = argc > 0 && !strcasecmp(*argv, "allow");
+            if ((!doexec && allowcmd) || (doexec && !allowcmd)) {
+	      LogPrintf(LogCOMMAND, "%s: %s\n", name, cp);
+	      olauth = VarLocalAuth;
+	      if (VarLocalAuth == LOCAL_NO_AUTH)
+	        VarLocalAuth = LOCAL_AUTH;
+	      RunCommand(argc, argv, 0);
+	      VarLocalAuth = olauth;
+	    }
 	  } else if (*cp == '#') {
 	    continue;
 	  } else
@@ -255,6 +321,26 @@ SelectSystem(char *name, char *file)
 }
 
 int
+ValidSystem(const char *name)
+{
+  if (ID0realuid() == 0)
+    return userok = modeok = 1;
+  userok = 0;
+  modeok = 1;
+  ReadSystem("default", CONFFILE, 0);
+  if (name != NULL)
+    ReadSystem(name, CONFFILE, 0);
+  return userok && modeok;
+}
+
+int
+SelectSystem(const char *name, const char *file)
+{
+  userok = modeok = 1;
+  return ReadSystem(name, file, 1);
+}
+
+int
 LoadCommand(struct cmdtab const * list, int argc, char **argv)
 {
   char *name;
@@ -264,10 +350,13 @@ LoadCommand(struct cmdtab const * list, int argc, char **argv)
   else
     name = "default";
 
-  if (SelectSystem(name, CONFFILE) < 0) {
+  if (!ValidSystem(name))
+    LogPrintf(LogERROR, "%s: Label not allowed\n");
+  else if (SelectSystem(name, CONFFILE) < 0) {
     LogPrintf(LogWARN, "%s: not found.\n", name);
     return -1;
-  }
+  } else
+    SetLabel(argc ? name : NULL);
   return 0;
 }
 
diff --git a/usr.sbin/ppp/systems.h b/usr.sbin/ppp/systems.h
index 00f1748..a491bd3 100644
--- a/usr.sbin/ppp/systems.h
+++ b/usr.sbin/ppp/systems.h
@@ -17,11 +17,14 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: systems.h,v 1.7 1997/10/26 01:03:49 brian Exp $
+ * $Id: systems.h,v 1.8 1997/11/09 06:22:48 brian Exp $
  *
  */
 
-extern int SelectSystem(char *, char *);
+extern int SelectSystem(const char *, const char *);
+extern int ValidSystem(const char *);
+extern int AllowUsers(struct cmdtab const *, int, char **);
+extern int AllowModes(struct cmdtab const *, int, char **);
 extern FILE *OpenSecret(char *);
 extern void CloseSecret(FILE *);
 extern int LoadCommand(struct cmdtab const *, int, char **);
diff --git a/usr.sbin/ppp/vars.c b/usr.sbin/ppp/vars.c
index 1a47b37..35c5287 100644
--- a/usr.sbin/ppp/vars.c
+++ b/usr.sbin/ppp/vars.c
@@ -17,7 +17,7 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: vars.c,v 1.32 1997/10/29 01:19:51 brian Exp $
+ * $Id: vars.c,v 1.33 1997/11/09 22:07:29 brian Exp $
  *
  */
 #include <sys/param.h>
@@ -39,8 +39,8 @@
 #include "auth.h"
 #include "defs.h"
 
-char VarVersion[] = "PPP Version 1.3";
-char VarLocalVersion[] = "$Date: 1997/10/29 01:19:51 $";
+char VarVersion[] = "PPP Version 1.4";
+char VarLocalVersion[] = "$Date: 1997/11/09 22:07:29 $";
 int Utmp = 0;
 int ipInOctets = 0;
 int ipOutOctets = 0;