Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/inetd sync with latest libipsec.
details: https://anonhg.NetBSD.org/src/rev/98b778052487
branches: trunk
changeset: 481449:98b778052487
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Jan 31 14:28:17 2000 +0000
description:
sync with latest libipsec.
since outgoing and incoming policy is separated, inetd can take multiple
policy specification, separated by ";".
diffstat:
usr.sbin/inetd/Makefile | 6 +-
usr.sbin/inetd/inetd.8 | 6 +-
usr.sbin/inetd/inetd.c | 109 ++++++++++++------------------
usr.sbin/inetd/ipsec.c | 165 ++++++++++++++++++++++++++++++++++++++++++++++++
usr.sbin/inetd/ipsec.h | 34 +++++++++
5 files changed, 252 insertions(+), 68 deletions(-)
diffs (truncated from 519 to 300 lines):
diff -r 1713a1b3afa3 -r 98b778052487 usr.sbin/inetd/Makefile
--- a/usr.sbin/inetd/Makefile Mon Jan 31 14:25:42 2000 +0000
+++ b/usr.sbin/inetd/Makefile Mon Jan 31 14:28:17 2000 +0000
@@ -1,11 +1,12 @@
# from: @(#)Makefile 8.1 (Berkeley) 6/6/93
-# $NetBSD: Makefile,v 1.16 1999/07/02 04:48:19 itojun Exp $
+# $NetBSD: Makefile,v 1.17 2000/01/31 14:28:17 itojun Exp $
PROG= inetd
+SRCS= inetd.c
MAN= inetd.8
MLINKS= inetd.8 inetd.conf.5
-CPPFLAGS+=-DLIBWRAP
+CPPFLAGS+=-DLIBWRAP -DINET6
# Use LIBWRAP_INTERNAL for libwrap checking of inetd's `internal' services.
#CPPFLAGS+=-DLIBWRAP_INTERNAL
LDADD+= -lwrap -lutil
@@ -15,6 +16,7 @@
CPPFLAGS+=-Dss_family=__ss_family -Dss_len=__ss_len
CFLAGS+=-DIPSEC
+SRCS+= ipsec.c
LDADD+= -lipsec
DPADD+= ${LIBIPSEC}
diff -r 1713a1b3afa3 -r 98b778052487 usr.sbin/inetd/inetd.8
--- a/usr.sbin/inetd/inetd.8 Mon Jan 31 14:25:42 2000 +0000
+++ b/usr.sbin/inetd/inetd.8 Mon Jan 31 14:28:17 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: inetd.8,v 1.26 1999/11/21 17:28:23 itojun Exp $
+.\" $NetBSD: inetd.8,v 1.27 2000/01/31 14:28:17 itojun Exp $
.\"
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -381,6 +381,10 @@
The content of the above comment line will be treated as IPsec policy string,
as described in
.Xr ipsec_set_policy 3 .
+You can specify multiple IPsec policy string by using semicolon
+as separator.
+If conflicting strings are found in a single line,
+the last string will take effect.
A
.Li "#@"
line will affect all the following lines in
diff -r 1713a1b3afa3 -r 98b778052487 usr.sbin/inetd/inetd.c
--- a/usr.sbin/inetd/inetd.c Mon Jan 31 14:25:42 2000 +0000
+++ b/usr.sbin/inetd/inetd.c Mon Jan 31 14:28:17 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: inetd.c,v 1.57 2000/01/27 19:52:43 itojun Exp $ */
+/* $NetBSD: inetd.c,v 1.58 2000/01/31 14:28:18 itojun Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -77,7 +77,7 @@
#if 0
static char sccsid[] = "@(#)inetd.c 8.4 (Berkeley) 4/13/94";
#else
-__RCSID("$NetBSD: inetd.c,v 1.57 2000/01/27 19:52:43 itojun Exp $");
+__RCSID("$NetBSD: inetd.c,v 1.58 2000/01/31 14:28:18 itojun Exp $");
#endif
#endif /* not lint */
@@ -239,6 +239,7 @@
#ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */
#undef IPSEC
#endif
+#include "ipsec.h"
#endif
#ifdef LIBWRAP
@@ -371,9 +372,6 @@
void run_service __P((int, struct servtab *));
int setconfig __P((void));
void setup __P((struct servtab *));
-#ifdef IPSEC
-int ipsecsetup __P((struct servtab *));
-#endif
char *sskip __P((char **));
char *skip __P((char **));
void tcpmux __P((int, struct servtab *));
@@ -835,10 +833,11 @@
#ifdef IPSEC
SWAP(char *, sep->se_policy, cp->se_policy);
if (sep->se_fd != -1) {
- if (ipsecsetup(sep) < 0 && sep->se_policy) {
- syslog(LOG_ERR,
- "%s: ipsec initialization failed",
- sep->se_service);
+ if (ipsecsetup(sep->se_family, sep->se_fd,
+ sep->se_policy) < 0 && sep->se_policy) {
+ syslog(LOG_ERR, "%s/%s: "
+ "ipsec initialization failed",
+ sep->se_service, sep->se_proto);
sep->se_checked = 0;
sigsetmask(omask);
continue;
@@ -885,7 +884,9 @@
setup(sep);
break;
case AF_INET:
+#ifdef INET6
case AF_INET6:
+#endif
{
struct addrinfo hints, *res;
char *host, *port;
@@ -999,7 +1000,9 @@
switch (sep->se_family) {
case AF_LOCAL:
case AF_INET:
+#ifdef INET6
case AF_INET6:
+#endif
setup(sep);
if (sep->se_fd != -1 && isrpcservice(sep))
register_rpc(sep);
@@ -1024,7 +1027,9 @@
(void)unlink(sep->se_service);
break;
case AF_INET:
+#ifdef INET6
case AF_INET6:
+#endif
if (sep->se_wait == 1 && isrpcservice(sep))
unregister_rpc(sep);
break;
@@ -1071,10 +1076,12 @@
syslog(LOG_ERR, "setsockopt (SO_RCVBUF %d): %m",
sep->se_rcvbuf);
#ifdef IPSEC
- if (ipsecsetup(sep) < 0 && sep->se_policy) {
+ if (ipsecsetup(sep->se_family, sep->se_fd, sep->se_policy) < 0
+ && sep->se_policy) {
syslog(LOG_ERR, "%s/%s: ipsec setup failed",
sep->se_service, sep->se_proto);
- close(sep->se_fd);
+ (void)close(sep->se_fd);
+ sep->se_fd = -1;
return;
}
#endif
@@ -1108,52 +1115,6 @@
sep->se_server, sep->se_fd);
}
-#ifdef IPSEC
-int
-ipsecsetup(sep)
- struct servtab *sep;
-{
- int len;
- char *buf;
- char *policy;
- int level, opt;
- int ret;
-
- switch (sep->se_family) {
- case AF_INET:
- level = IPPROTO_IP;
- opt = IP_IPSEC_POLICY;
- break;
- case AF_INET6:
- level = IPPROTO_IPV6;
- opt = IPV6_IPSEC_POLICY;
- break;
- default:
- return -1;
- }
-
- if (!sep->se_policy || sep->se_policy[0] == '\0')
- policy = "entrust";
- else
- policy = sep->se_policy;
-
- len = ipsec_get_policylen(policy);
- if (len < 0) {
- syslog(LOG_ERR, "invalid security policy \"%s\"", policy);
- return -1;
- }
- buf = (char *)malloc(len);
- if (buf != NULL) {
- ipsec_set_policy(buf, len, policy);
- ret = setsockopt(sep->se_fd, level, opt, buf, len);
- free(buf);
- } else
- ret = -1;
-
- return ret;
-}
-#endif
-
/*
* Finish with a service and its socket.
*/
@@ -1314,15 +1275,17 @@
if (policy)
free(policy);
policy = NULL;
- } else if (ipsec_get_policylen(p) >= 0) {
- if (policy)
- free(policy);
- policy = newstr(p);
} else {
- syslog(LOG_ERR,
- "%s: invalid ipsec policy \"%s\"",
- CONFIG, p);
- exit(-1);
+ if (ipsecsetup_test(p) < 0) {
+ syslog(LOG_ERR,
+ "%s: invalid ipsec policy \"%s\"",
+ CONFIG, p);
+ exit(-1);
+ } else {
+ if (policy)
+ free(policy);
+ policy = newstr(p);
+ }
}
}
#endif
@@ -1526,9 +1489,11 @@
case '4': /*tcp4 or udp4*/
sep->se_family = AF_INET;
break;
+#ifdef INET6
case '6': /*tcp6 or udp6*/
sep->se_family = AF_INET6;
break;
+#endif
default:
sep->se_family = AF_INET; /*will become AF_INET6*/
break;
@@ -2225,7 +2190,9 @@
switch (sep->se_family) {
case AF_INET:
+#ifdef INET6
case AF_INET6:
+#endif
break;
default;
return;
@@ -2244,7 +2211,9 @@
}
switch (sa->sa_family) {
case AF_INET:
+#ifdef INET6
case AF_INET6:
+#endif
break;
default;
syslog(LOG_ERR, "unexpected address family %u", sa->sa_family);
@@ -2340,17 +2309,21 @@
case AF_INET:
myport = ((struct sockaddr_in *)&here)->sin_port;
break;
+#ifdef INET6
case AF_INET6:
myport = ((struct sockaddr_in6 *)&here)->sin6_port;
break;
+#endif
}
switch (there->sa_family) {
case AF_INET:
hisport = ((struct sockaddr_in *)sa)->sin_port;
break;
+#ifdef INET6
case AF_INET6:
hisport = ((struct sockaddr_in6 *)sa)->sin6_port;
break;
+#endif
}
/* Set up timer so we won't get stuck. */
@@ -2364,9 +2337,11 @@
case AF_INET:
((struct sockaddr_in *)&sin)->sin_port = htons(0);
break;
+#ifdef INET6
case AF_INET6:
((struct sockaddr_in6 *)&sin)->sin6_port = htons(0);
break;
+#endif
}
if (bind(s, (struct sockaddr *) &sin, sin.ss_len) == -1) {
syslog(LOG_ERR, "bind: %m");
@@ -2387,9 +2362,11 @@
case AF_INET:
((struct sockaddr_in *)&sin)->sin_port = htons(RFC931_PORT);
break;
+#ifdef INET6
case AF_INET6:
((struct sockaddr_in6 *)&sin)->sin6_port = htons(RFC931_PORT);
break;
+#endif
}
if (connect(s, (struct sockaddr *) &sin, sin.ss_len) == -1) {
close(s);
Home |
Main Index |
Thread Index |
Old Index