Provided by: openswan_2.6.38-1_amd64 
NAME
ipsec_optionsfrom - read additional ``command-line'' options from file
SYNOPSIS
#include <freeswan.h>
const char *optionsfrom(char * filename, int * argcp, char *** argvp, int optind,
FILE * errsto);
DESCRIPTION
Optionsfrom is called from within a getopt_long(3) scan, as the result of the appearance
of an option (preferably --optionsfrom) to insert additional “command-line” arguments into
the scan immediately after the option. Typically this would be done to pick up options
which are security-sensitive and should not be visible to ps(1) and similar commands, and
hence cannot be supplied as part of the actual command line or the environment.
Optionsfrom reads the additional arguments from the specified filename, allocates a new
argument vector to hold pointers to the existing arguments plus the new ones, and amends
argc and argv (via the pointers argcp and argvp, which must point to the argc and argv
being supplied to getopt_long(3)) accordingly. Optind must be the index, in the original
argument vector, of the next argument.
If errsto is NULL, optionsfrom returns NULL for success and a pointer to a string-literal
error message for failure; see DIAGNOSTICS. If errsto is non-NULL and an error occurs,
optionsfrom prints a suitable complaint onto the errsto descriptor and invokes exit with
an exit status of 2; this is a convenience for cases where more sophisticated responses
are not required.
The text of existing arguments is not disturbed by optionsfrom, so pointers to them and
into them remain valid.
The file of additional arguments is an ASCII text file. Lines consisting solely of white
space, and lines beginning with #, are comments and are ignored. Otherwise, a line which
does not begin with - is taken to be a single argument; if it both begins and ends with
double-quote ("), those quotes are stripped off (note, no other processing is done within
the line!). A line beginning with - is considered to contain multiple arguments separated
by white space.
Because optionsfrom reads its entire file before the getopt_long(3) scan is resumed, an
optionsfrom file can contain another --optionsfrom option. Obviously, infinite loops are
possible here. If errsto is non-NULL, optionsfrom considers it an error to be called more
than 100 times. If errsto is NULL, loop detection is up to the caller (and the internal
loop counter is zeroed out).
EXAMPLE
A reasonable way to invoke optionsfrom would be like so:
#include <getopt.h>
struct option opts[] = {
/* ... */
"optionsfrom", 1, NULL, ´+´,
/* ... */
};
int
main(argc, argv)
int argc;
char *argv[];
{
int opt;
extern char *optarg;
extern int optind;
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
/* ... */
case ´+´: /* optionsfrom */
optionsfrom(optarg, &argc, &argv, optind, stderr);
/* does not return on error */
break;
/* ... */
}
/* ... */
SEE ALSO
getopt_long(3)
DIAGNOSTICS
Errors in optionsfrom are: unable to open file; attempt to allocate temporary storage for
argument or argument vector failed; read error in file; line too long.
HISTORY
Written for the FreeS/WAN project by Henry Spencer.
BUGS
The double-quote convention is rather simplistic.
Line length is currently limited to 1023 bytes, and there is no continuation convention.
The restriction of error reports to literal strings (so that callers don´t need to worry
about freeing them or copying them) does limit the precision of error reporting.
The error-reporting convention lends itself to slightly obscure code, because many readers
will not think of NULL as signifying success.
There is a certain element of unwarranted chumminess with the insides of getopt_long(3)
here. No non-public interfaces are actually used, but optionsfrom does rely on
getopt_long(3) being well-behaved in certain ways that are not actually promised by the
specs.