Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Apropos / Subsearch:
optional field

IPSEC_OPTIONSFROM(3)       Library Functions Manual       IPSEC_OPTIONSFROM(3)

       ipsec optionsfrom - read additional ``command-line'' options from file

       #include <&lt;freeswan.h>&gt;

       const char *optionsfrom(char *filename, int *argcp,
           char ***argvp, int optind, FILE *errsto);

       Optionsfrom  is called from within a getopt_long(3) scan, as the result
       of the appearance of an option  (preferably  --optionsfrom)  to  insert
       additional  ``command-line''  arguments into the scan immediately after
       the option.  Typically this would be done to pick up options which  are
       security-sensitive  and should not be visible to ps(1) and similar com-
       mands, and hence cannot be supplied as part of the actual command  line
       or the environment.

       Optionsfrom reads the additional arguments from the specified filename,
       allocates a new argument vector to hold pointers to the existing  argu-
       ments  plus  the  new  ones, and amends argc and argv (via the pointers
       argcp and argvp, which must point to the argc and argv  being  supplied
       to getopt_long(3)) accordingly.  Optind must be the index, in the orig-
       inal argument vector, of the next argument.

       If errsto is NULL, optionsfrom returns NULL for success and  a  pointer
       to  a  string-literal  error  message for failure; see DIAGNOSTICS.  If
       errsto is non-NULL and an error occurs, optionsfrom prints  a  suitable
       complaint onto the errsto descriptor and invokes exit with an exit sta-
       tus of 2; this is a convenience  for  cases  where  more  sophisticated
       responses are not required.

       The  text  of  existing  arguments  is not disturbed by optionsfrom, so
       pointers to them and into them remain valid.

       The file of additional arguments is an ASCII text file.  Lines consist-
       ing solely of white space, and lines beginning with #, are comments and
       are ignored.  Otherwise, a line which does not begin with - is taken to
       be a single argument; if it both begins and ends with double-quote ("),
       those quotes are stripped off (note, no other processing is done within
       the  line!).  A line beginning with - is considered to contain multiple
       arguments separated by white space.

       Because optionsfrom reads its entire  file  before  the  getopt_long(3)
       scan  is resumed, an optionsfrom file can contain another --optionsfrom
       option.  Obviously, infinite loops are possible  here.   If  errsto  is
       non-NULL,  optionsfrom considers it an error to be called more than 100
       times.  If errsto is NULL, loop detection is up to the caller (and  the
       internal loop counter is zeroed out).

       A reasonable way to invoke optionsfrom would be like so:

       #include <&lt;getopt.h>&gt;

       struct option opts[] = {
            /* ... */
            "optionsfrom", 1,   NULL,     '+',
            /* ... */

       main(argc, argv)
       int argc;
       char *argv[];
            int opt;
            extern char *optarg;
            extern int optind;

            while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
                 switch (opt) {
                 /* ... */
                 case '+': /* optionsfrom */
                      optionsfrom(optarg, &&amp;argc, &&amp;argv, optind, stderr);
                      /* does not return on error */
                 /* ... */
            /* ... */


       Errors  in  optionsfrom  are:  unable to open file; attempt to allocate
       temporary storage for argument or argument vector failed; read error in
       file; line too long.

       Written for the FreeS/WAN project by Henry Spencer.

       The double-quote convention is rather simplistic.

       Line length is currently limited to 1023 bytes, and there is no contin-
       uation convention.

       The restriction of error reports to literal strings  (so  that  callers
       don't  need to worry about freeing them or copying them) does limit the
       precision of error reporting.

       The error-reporting convention lends itself to slightly  obscure  code,
       because many readers will not think of NULL as signifying success.

       There  is  a certain element of unwarranted chumminess with the insides
       of getopt_long(3) here.  No non-public interfaces  are  actually  used,
       but  optionsfrom does rely on getopt_long(3) being well-behaved in cer-
       tain ways that are not actually promised by the specs.

                                  16 Oct 1998             IPSEC_OPTIONSFROM(3)