From f865af2794891e919b416d60233bcc22b703f239 Mon Sep 17 00:00:00 2001
From: joerg <joerg@FreeBSD.org>
Date: Sat, 11 Oct 1997 11:30:30 +0000
Subject: The spppcontrol(8) utility that is required to set or display things
 like PAP and CHAP secrets with sppp(4).  This is the first utility using the
 new SIOC[SG]IFGENERIC ioctls (and the reason for inventing them in the first
 place).

---
 sbin/spppcontrol/Makefile      |   3 +
 sbin/spppcontrol/spppcontrol.1 | 227 ++++++++++++++++++++++++++++++++++++++
 sbin/spppcontrol/spppcontrol.8 | 227 ++++++++++++++++++++++++++++++++++++++
 sbin/spppcontrol/spppcontrol.c | 241 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 698 insertions(+)
 create mode 100644 sbin/spppcontrol/Makefile
 create mode 100644 sbin/spppcontrol/spppcontrol.1
 create mode 100644 sbin/spppcontrol/spppcontrol.8
 create mode 100644 sbin/spppcontrol/spppcontrol.c

(limited to 'sbin/spppcontrol')

diff --git a/sbin/spppcontrol/Makefile b/sbin/spppcontrol/Makefile
new file mode 100644
index 0000000..3909d3d
--- /dev/null
+++ b/sbin/spppcontrol/Makefile
@@ -0,0 +1,3 @@
+PROG=	spppcontrol
+
+.include <bsd.prog.mk>
diff --git a/sbin/spppcontrol/spppcontrol.1 b/sbin/spppcontrol/spppcontrol.1
new file mode 100644
index 0000000..24b2122
--- /dev/null
+++ b/sbin/spppcontrol/spppcontrol.1
@@ -0,0 +1,227 @@
+.\" Copyright (C) 1997 by Joerg Wunsch, Dresden
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
+.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd October 11, 1997
+.Os
+.Dt SPPPCONTROL 8
+.Sh NAME
+.Nm spppcontrol
+.Nd display or set parameters for an sppp interface
+.Sh SYNOPSIS
+.Nm
+.Op Fl v
+.Ar ifname
+.Op Ar parameter Ns Op \&= Ns Ar value
+.Op Ar ...
+.Sh DESCRIPTION
+The
+.Xr sppp 4
+driver might require a number of additional arguments or optional
+parameters besides the settings that can be adjusted with
+.Xr ifconfig 8 .
+These are things like authentication protocol parameters, but also
+other tunable configuration variables.  The
+.Nm
+utility can be used to display the current settings, or adjust these
+parameters as required.
+.Pp
+For whatever intent
+.Nm
+is being called, at least the parameter
+.Ar ifname
+needs to be specified, naming the interface for which the settings
+are to be performed or displayed.  Use
+.Xr ifconfig 8 ,
+or
+.Xr netstat 1
+to see which interfaces are available.
+.Pp
+If no other parameter is given,
+.Nm
+will just list the current settings for
+.Ar ifname
+and exit.  The reported settings include the current PPP phase the
+interface is in, which can be one of the names
+.Em dead ,
+.Em establish ,
+.Em authenticate ,
+.Em network ,
+or
+.Em terminate .
+If an authentication protocol is configured for the interface, the
+name of the protocol to be used, as well as the system name to be used
+or expected will be displayed, plus any possible options to the
+authentication protocol if applicable.  Note that the authentication
+secrets (sometimes also called
+.Em keys )
+are not being returned by the underlying system call, and are thus not
+displayed.
+.Pp
+If any additional parameter is supplied, superuser privileges are
+required, and the command works in
+.Ql set
+mode.  This is normally done quietly, unless the option
+.Fl v
+is also enabled, which will cause a final printout of the settings as
+described above once all other actions have been taken.  Use of this
+mode will be rejected if the interface is currently in any other phase
+than
+.Em dead .
+Note that you can force an interface into
+.Em dead
+phase by calling
+.Xr ifconfig 8
+with the parameter
+.Ql down .
+.Pp
+The currently supported parameters include:
+.Bl -tag -offset indent -width indent
+.It Ar authproto Ns \&= Ns Em protoname
+Set both, his and my authentication protocol to
+.Em protoname .
+The protocol name can be one of
+.Ql chap ,
+.Ql pap ,
+or
+.Ql none .
+In the latter case, the use of an authentication protocol will be
+turned off for the named interface.  This has the side-effect of
+clearing the other authentication-related parameters for this
+interface as well (i. e., system name and authentication secret will
+be forgotten).
+.It Ar myauthproto Ns \&= Ns Em protoname
+Same as above, but only for my end of the link.  I. e., this is the
+protocol when remote is authenticator, and I am the peer required to
+authenticate.
+.It Ar hisauthproto Ns \&= Ns Em protoname
+Same as above, but only for his end of the link.
+.It Ar myauthname Ns \&= Ns Em name
+Set my system name for the authentication protocol.
+.It Ar hisauthname Ns \&= Ns Em name
+Set his system name for the authentication protocol.  For CHAP, this
+will only be used as a hint, causing a warning message if remote did
+supply a different name.  For PAP, it's the name remote must use to
+authenticate himself (in connection with his secret).
+.It Ar myauthsecret Ns \&= Ns Em secret
+Set my secret (key, password) for use in the authentication phase.
+For CHAP, this will be used to compute the response hash value, based
+on remote's challenge.  For PAP, it will be transmitted as plaintext
+together with the system name.  Don't forget to quote the secrets from
+the shell if they contain shell metacharacters (or white space).
+.It Ar myauthkey Ns \&= Ns Em secret
+Same as above.
+.It Ar hisauthsecret Ns \&= Ns Em secret
+Same as above, to be used if we are authenticator and the remote peer
+needs to authenticate.
+.It Ar hisauthkey Ns \&= Ns Em secret
+Same as above.
+.It Ar callin
+Require remote to authenticate himself only when he's calling in, but
+not when we are caller.  This is required for some peers that do not
+implement the authentication protocols symmetrically (like Ascend
+routers, for example).
+.It Ar always
+The opposite of
+.Ar callin .
+Require remote to always authenticate, regardless of which side is
+placing the call.  This is the default, and will not be explicitly
+displayed in
+.Ql list
+mode.
+.It Ar norechallenge
+Only meaningful with CHAP.  Do not re-challenge peer once the initial
+CHAP handshake was successful.  Used to work around broken peer
+implementations that can't grok being re-challenged once the
+connection is up.
+.It Ar rechallenge
+With CHAP, send re-challenges at random intervals while the connection
+is in network phase.  (The intervals are currently in the range of 300
+through approximately 800 seconds.)  This is the default, and will not
+be explicitly displayed in
+.Ql list
+mode.
+.El
+.Sh EXAMPLES
+.Bd -literal
+# spppcontrol bppp0
+bppp0:	phase=dead
+	myauthproto=chap myauthname="uriah"
+	hisauthproto=chap hisauthname="ifb-gw" norechallenge
+.Ed
+.Pp
+Display the settings for bppp0.  The interface is currently in
+.Em dead
+phase, i. e. the LCP layer is down, and no traffic is possible.  Both
+ends of the connection use the CHAP protocol, my end tells remote the
+system name
+.Ql uriah ,
+and remote is expected to authenticate by the name
+.Ql ifb-gw .
+Once the initial CHAP handshake was successful, no further CHAP
+challenges will be transmitted.  There are supposedly some known CHAP
+secrets for both ends of the link which are not being shown.
+.Pp
+.Bd -literal
+# spppcontrol bppp0 \e
+	authproto=chap \e
+	myauthname=uriah myauthsecret='some secret' \e
+	hisauthname=ifb-gw hisauthsecret='another' \e
+	norechallenge
+.Ed
+.Pp
+A possible call to
+.Nm
+that could have been used to bring the interface into the state shown
+by the previous example.
+.Sh SEE ALSO
+.Xr netstat 1 ,
+.Xr sppp 4 ,
+.Xr ifconfig 8
+.Rs
+.%A B. Lloyd,  W. Simpson
+.%T "PPP Authentication Protocols"
+.%O RFC 1334
+.Re
+.Rs
+.%A W. Simpson, Editor
+.%T "The Point-to-Point Protocol (PPP)"
+.%O RFC 1661
+.Re
+.Rs
+.%A W. Simpson
+.%T "PPP Challenge Handshake Authentication Protocol (CHAP)"
+.%O RFC 1994
+.Re
+.Sh HISTORY
+The
+.Nm
+utility appeared in
+.Fx 3.0 .
+.Sh AUTHOR
+The program was written by
+.ie t J\(:org Wunsch,
+.el Joerg Wunsch,
+Dresden.
diff --git a/sbin/spppcontrol/spppcontrol.8 b/sbin/spppcontrol/spppcontrol.8
new file mode 100644
index 0000000..24b2122
--- /dev/null
+++ b/sbin/spppcontrol/spppcontrol.8
@@ -0,0 +1,227 @@
+.\" Copyright (C) 1997 by Joerg Wunsch, Dresden
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
+.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
+.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd October 11, 1997
+.Os
+.Dt SPPPCONTROL 8
+.Sh NAME
+.Nm spppcontrol
+.Nd display or set parameters for an sppp interface
+.Sh SYNOPSIS
+.Nm
+.Op Fl v
+.Ar ifname
+.Op Ar parameter Ns Op \&= Ns Ar value
+.Op Ar ...
+.Sh DESCRIPTION
+The
+.Xr sppp 4
+driver might require a number of additional arguments or optional
+parameters besides the settings that can be adjusted with
+.Xr ifconfig 8 .
+These are things like authentication protocol parameters, but also
+other tunable configuration variables.  The
+.Nm
+utility can be used to display the current settings, or adjust these
+parameters as required.
+.Pp
+For whatever intent
+.Nm
+is being called, at least the parameter
+.Ar ifname
+needs to be specified, naming the interface for which the settings
+are to be performed or displayed.  Use
+.Xr ifconfig 8 ,
+or
+.Xr netstat 1
+to see which interfaces are available.
+.Pp
+If no other parameter is given,
+.Nm
+will just list the current settings for
+.Ar ifname
+and exit.  The reported settings include the current PPP phase the
+interface is in, which can be one of the names
+.Em dead ,
+.Em establish ,
+.Em authenticate ,
+.Em network ,
+or
+.Em terminate .
+If an authentication protocol is configured for the interface, the
+name of the protocol to be used, as well as the system name to be used
+or expected will be displayed, plus any possible options to the
+authentication protocol if applicable.  Note that the authentication
+secrets (sometimes also called
+.Em keys )
+are not being returned by the underlying system call, and are thus not
+displayed.
+.Pp
+If any additional parameter is supplied, superuser privileges are
+required, and the command works in
+.Ql set
+mode.  This is normally done quietly, unless the option
+.Fl v
+is also enabled, which will cause a final printout of the settings as
+described above once all other actions have been taken.  Use of this
+mode will be rejected if the interface is currently in any other phase
+than
+.Em dead .
+Note that you can force an interface into
+.Em dead
+phase by calling
+.Xr ifconfig 8
+with the parameter
+.Ql down .
+.Pp
+The currently supported parameters include:
+.Bl -tag -offset indent -width indent
+.It Ar authproto Ns \&= Ns Em protoname
+Set both, his and my authentication protocol to
+.Em protoname .
+The protocol name can be one of
+.Ql chap ,
+.Ql pap ,
+or
+.Ql none .
+In the latter case, the use of an authentication protocol will be
+turned off for the named interface.  This has the side-effect of
+clearing the other authentication-related parameters for this
+interface as well (i. e., system name and authentication secret will
+be forgotten).
+.It Ar myauthproto Ns \&= Ns Em protoname
+Same as above, but only for my end of the link.  I. e., this is the
+protocol when remote is authenticator, and I am the peer required to
+authenticate.
+.It Ar hisauthproto Ns \&= Ns Em protoname
+Same as above, but only for his end of the link.
+.It Ar myauthname Ns \&= Ns Em name
+Set my system name for the authentication protocol.
+.It Ar hisauthname Ns \&= Ns Em name
+Set his system name for the authentication protocol.  For CHAP, this
+will only be used as a hint, causing a warning message if remote did
+supply a different name.  For PAP, it's the name remote must use to
+authenticate himself (in connection with his secret).
+.It Ar myauthsecret Ns \&= Ns Em secret
+Set my secret (key, password) for use in the authentication phase.
+For CHAP, this will be used to compute the response hash value, based
+on remote's challenge.  For PAP, it will be transmitted as plaintext
+together with the system name.  Don't forget to quote the secrets from
+the shell if they contain shell metacharacters (or white space).
+.It Ar myauthkey Ns \&= Ns Em secret
+Same as above.
+.It Ar hisauthsecret Ns \&= Ns Em secret
+Same as above, to be used if we are authenticator and the remote peer
+needs to authenticate.
+.It Ar hisauthkey Ns \&= Ns Em secret
+Same as above.
+.It Ar callin
+Require remote to authenticate himself only when he's calling in, but
+not when we are caller.  This is required for some peers that do not
+implement the authentication protocols symmetrically (like Ascend
+routers, for example).
+.It Ar always
+The opposite of
+.Ar callin .
+Require remote to always authenticate, regardless of which side is
+placing the call.  This is the default, and will not be explicitly
+displayed in
+.Ql list
+mode.
+.It Ar norechallenge
+Only meaningful with CHAP.  Do not re-challenge peer once the initial
+CHAP handshake was successful.  Used to work around broken peer
+implementations that can't grok being re-challenged once the
+connection is up.
+.It Ar rechallenge
+With CHAP, send re-challenges at random intervals while the connection
+is in network phase.  (The intervals are currently in the range of 300
+through approximately 800 seconds.)  This is the default, and will not
+be explicitly displayed in
+.Ql list
+mode.
+.El
+.Sh EXAMPLES
+.Bd -literal
+# spppcontrol bppp0
+bppp0:	phase=dead
+	myauthproto=chap myauthname="uriah"
+	hisauthproto=chap hisauthname="ifb-gw" norechallenge
+.Ed
+.Pp
+Display the settings for bppp0.  The interface is currently in
+.Em dead
+phase, i. e. the LCP layer is down, and no traffic is possible.  Both
+ends of the connection use the CHAP protocol, my end tells remote the
+system name
+.Ql uriah ,
+and remote is expected to authenticate by the name
+.Ql ifb-gw .
+Once the initial CHAP handshake was successful, no further CHAP
+challenges will be transmitted.  There are supposedly some known CHAP
+secrets for both ends of the link which are not being shown.
+.Pp
+.Bd -literal
+# spppcontrol bppp0 \e
+	authproto=chap \e
+	myauthname=uriah myauthsecret='some secret' \e
+	hisauthname=ifb-gw hisauthsecret='another' \e
+	norechallenge
+.Ed
+.Pp
+A possible call to
+.Nm
+that could have been used to bring the interface into the state shown
+by the previous example.
+.Sh SEE ALSO
+.Xr netstat 1 ,
+.Xr sppp 4 ,
+.Xr ifconfig 8
+.Rs
+.%A B. Lloyd,  W. Simpson
+.%T "PPP Authentication Protocols"
+.%O RFC 1334
+.Re
+.Rs
+.%A W. Simpson, Editor
+.%T "The Point-to-Point Protocol (PPP)"
+.%O RFC 1661
+.Re
+.Rs
+.%A W. Simpson
+.%T "PPP Challenge Handshake Authentication Protocol (CHAP)"
+.%O RFC 1994
+.Re
+.Sh HISTORY
+The
+.Nm
+utility appeared in
+.Fx 3.0 .
+.Sh AUTHOR
+The program was written by
+.ie t J\(:org Wunsch,
+.el Joerg Wunsch,
+Dresden.
diff --git a/sbin/spppcontrol/spppcontrol.c b/sbin/spppcontrol/spppcontrol.c
new file mode 100644
index 0000000..f961ae6
--- /dev/null
+++ b/sbin/spppcontrol/spppcontrol.c
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 1997 Joerg Wunsch
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+#include <sys/callout.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+
+#include <net/if.h>
+#include <net/if_var.h>
+#include <net/if_sppp.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+void	usage(void);
+void	print_vals(const char *ifname, struct spppreq *sp);
+const char *phase_name(enum ppp_phase phase);
+const char *proto_name(u_short proto);
+const char *authflags(u_short flags);
+
+#define PPP_PAP		0xc023
+#define PPP_CHAP	0xc223
+
+int
+main(int argc, char **argv)
+{
+	int s, c;
+	int errs = 0, verbose = 0;
+	size_t off;
+	const char *ifname, *cp;
+	struct ifreq ifr;
+	struct spppreq spr;
+
+	while ((c = getopt(argc, argv, "v")) != -1)
+		switch (c) {
+		case 'v':
+			verbose++;
+			break;
+
+		default:
+			errs++;
+			break;
+		}
+	argv += optind;
+	argc -= optind;
+
+	if (errs || argc < 1)
+		usage();
+
+	ifname = argv[0];
+	strncpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
+
+	/* use a random AF to create the socket */
+	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+		err(EX_UNAVAILABLE, "ifconfig: socket");
+
+	argc--;
+	argv++;
+
+	spr.cmd = (int)SPPPIOGDEFS;
+	ifr.ifr_data = (caddr_t)&spr;
+
+	if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1)
+		err(EX_OSERR, "SIOCGIFGENERIC(SPPPIOGDEFS)");
+
+	if (argc == 0) {
+		/* list only mode */
+		print_vals(ifname, &spr);
+		return 0;
+	}
+
+#define startswith(s) strncmp(argv[0], s, (off = strlen(s))) == 0
+
+	while (argc > 0) {
+		if (startswith("authproto=")) {
+			cp = argv[0] + off;
+			if (strcmp(cp, "pap") == 0)
+				spr.defs.myauth.proto =
+					spr.defs.hisauth.proto = PPP_PAP;
+			else if (strcmp(cp, "chap") == 0)
+				spr.defs.myauth.proto =
+					spr.defs.hisauth.proto = PPP_CHAP;
+			else if (strcmp(cp, "none") == 0)
+				spr.defs.myauth.proto =
+					spr.defs.hisauth.proto = 0;
+			else
+				errx(EX_DATAERR, "bad auth proto: %s", cp);
+		} else if (startswith("myauthproto=")) {
+			cp = argv[0] + off;
+			if (strcmp(cp, "pap") == 0)
+				spr.defs.myauth.proto = PPP_PAP;
+			else if (strcmp(cp, "chap") == 0)
+				spr.defs.myauth.proto = PPP_CHAP;
+			else if (strcmp(cp, "none") == 0)
+				spr.defs.myauth.proto = 0;
+			else
+				errx(EX_DATAERR, "bad auth proto: %s", cp);
+		} else if (startswith("myauthname="))
+			strncpy(spr.defs.myauth.name, argv[0] + off,
+				AUTHNAMELEN);
+		else if (startswith("myauthsecret=") ||
+			 startswith("myauthkey="))
+			strncpy(spr.defs.myauth.secret, argv[0] + off,
+				AUTHKEYLEN);
+		else if (startswith("hisauthproto=")) {
+			cp = argv[0] + off;
+			if (strcmp(cp, "pap") == 0)
+				spr.defs.hisauth.proto = PPP_PAP;
+			else if (strcmp(cp, "chap") == 0)
+				spr.defs.hisauth.proto = PPP_CHAP;
+			else if (strcmp(cp, "none") == 0)
+				spr.defs.hisauth.proto = 0;
+			else
+				errx(EX_DATAERR, "bad auth proto: %s", cp);
+		} else if (startswith("hisauthname="))
+			strncpy(spr.defs.hisauth.name, argv[0] + off,
+				AUTHNAMELEN);
+		else if (startswith("hisauthsecret=") ||
+			 startswith("hisauthkey="))
+			strncpy(spr.defs.hisauth.secret, argv[0] + off,
+				AUTHKEYLEN);
+		else if (strcmp(argv[0], "callin") == 0)
+			spr.defs.hisauth.flags |= AUTHFLAG_NOCALLOUT;
+		else if (strcmp(argv[0], "always") == 0)
+			spr.defs.hisauth.flags &= ~AUTHFLAG_NOCALLOUT;
+		else if (strcmp(argv[0], "norechallenge") == 0)
+			spr.defs.hisauth.flags |= AUTHFLAG_NORECHALLENGE;
+		else if (strcmp(argv[0], "rechallenge") == 0)
+			spr.defs.hisauth.flags &= ~AUTHFLAG_NORECHALLENGE;
+		else
+			errx(EX_DATAERR, "bad parameter: \"%s\"", argv[0]);
+
+		argv++;
+		argc--;
+	}
+
+	spr.cmd = (int)SPPPIOSDEFS;
+
+	if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
+		err(EX_OSERR, "SIOCSIFGENERIC(SPPPIOSDEFS)");
+
+	if (verbose)
+		print_vals(ifname, &spr);
+
+	return 0;
+}
+
+void
+usage(void)
+{
+	errx(EX_USAGE,
+	     "usage: [-v] ifname [{my|his}auth{proto|name|secret}=..."
+	     "|callin|always]");
+}
+
+void
+print_vals(const char *ifname, struct spppreq *sp)
+{
+	printf("%s:\tphase=%s\n", ifname, phase_name(sp->defs.pp_phase));
+	if (sp->defs.myauth.proto) {
+		printf("\tmyauthproto=%s myauthname=\"%.*s\"\n",
+		       proto_name(sp->defs.myauth.proto),
+		       AUTHNAMELEN, sp->defs.myauth.name);
+	}
+	if (sp->defs.hisauth.proto) {
+		printf("\thisauthproto=%s hisauthname=\"%.*s\"%s\n",
+		       proto_name(sp->defs.hisauth.proto),
+		       AUTHNAMELEN, sp->defs.hisauth.name,
+		       authflags(sp->defs.hisauth.flags));
+	}
+}
+
+const char *
+phase_name(enum ppp_phase phase)
+{
+	switch (phase) {
+	case PHASE_DEAD:	return "dead";
+	case PHASE_ESTABLISH:	return "establish";
+	case PHASE_TERMINATE:	return "terminate";
+	case PHASE_AUTHENTICATE: return "authenticate";
+	case PHASE_NETWORK:	return "network";
+	}
+	return "illegal";
+}
+
+const char *
+proto_name(u_short proto)
+{
+	static char buf[12];
+	switch (proto) {
+	case PPP_PAP:	return "pap";
+	case PPP_CHAP:	return "chap";
+	}
+	sprintf(buf, "0x%x", (unsigned)proto);
+	return buf;
+}
+
+const char *
+authflags(u_short flags)
+{
+	static char buf[10];
+	buf[0] = '\0';
+	if (flags & AUTHFLAG_NOCALLOUT)
+		strcat(buf, " callin");
+	if (flags & AUTHFLAG_NORECHALLENGE)
+		strcat(buf, " norechallenge");
+	return buf;
+}
-- 
cgit v1.1