X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=ipif%2Fservice-wrap;h=2bca709e9501619ee0db409df87a5c2527d4690c;hb=395a5bb98cfc2cb709586ac062cf353514daf280;hp=412c2dc9510bf5d498584461f50188ee95ed92f0;hpb=4e5552a4239587e8bcc6a7fae5c6b276b6b8e873;p=userv-utils.git diff --git a/ipif/service-wrap b/ipif/service-wrap index 412c2dc..2bca709 100755 --- a/ipif/service-wrap +++ b/ipif/service-wrap @@ -13,7 +13,7 @@ # # Usage: # -# .../ipif1 -- ... +# .../ipif1 -- ... # # Config file is a series of lines, or a directory. If a directory, # all files with names matching ^[-A-Za-z0-9_]+$ are processed. @@ -50,10 +50,11 @@ # # include # -# v0config +# # -# If none of the `permit' lines match, will read -# in old format. Must come after all `permit' lines. +# If none of the `permit' lines match, will process in +# old format. See service.c head comment. may be +# `' or `#' or `/dev/null' to process new-style config only. # # -- @@ -61,6 +62,7 @@ use strict; use POSIX; use Carp; use NetAddr::IP::Lite qw(:nofqdn :lower); +use File::Basename; our $default_ifname = 'userv%d'; @@ -79,8 +81,8 @@ sub oneaddr ($) { $$ar = $x; } -@ARGV == 5 or badusage "wrong number of arguments"; -our ($v1config, $realservice, $sep, $addrsarg, $rnets) = @ARGV; +@ARGV == 6 or badusage "wrong number of arguments"; +our ($v1config, $realservice, $v0config, $sep, $addrsarg, $rnets) = @ARGV; $sep eq '--' or badusage "separator should be \`--'"; my ($local_addr, $peer_addr, $mtu, $protocol, $ifname) = @@ -110,8 +112,6 @@ sub execreal ($) { or die "exec $realservice: $!\n"; } -our $v0config; - our $cfgpath; sub badcfg ($) { @@ -203,7 +203,6 @@ sub readconfig ($) { next if m/^\#/; next unless m/\S/; if (s{^permit\s+}{}) { - badcfg "v0config before permit" if defined $v0config; %need_allow = (); need_allow_singleton 'Caller', allowent 'caller'; need_allow_singleton 'Local', @@ -230,7 +229,7 @@ sub readconfig ($) { my $net = $hn->network() or die; maybe_allow_addrs 'Local', $host; maybe_allow_addrs 'Remote', $net; - } elsif (s{^(local|remote|addrs)\s+(\S+)\ s+}{}) { + } elsif (s{^(local|remote|addrs)\s+(\S+)\s+}{}) { my $h = $1; my $s = new NetAddr::IP::Lite $2 or badcfg "invalid ip address or mask in $h"; @@ -266,24 +265,33 @@ sub readconfig ($) { print "config $cfgpath:$.: mismatch: $_\n" foreach @wrong; } - } elsif (m{^v0config\s+(\S+)$}) { - badcfg "repeated v0config" if defined $v0config; - $v0config = $1; } elsif (m{^include\s+(\S+)$}) { - readconfig $1; + my $include = $1; + $include =~ s{^(?!/)}{ dirname($cfgpath)."/" }e; + readconfig $include; } else { badcfg "unknown config directive or bad syntax"; } } $cfgfh->error and die $!; close $cfgfh; +} - if (defined $v0config) { - $v0config =~ s{^}{./} unless $v0config =~ m{^/}; - print "trying v0 config $v0config...\n" if $protocol eq 'debug'; - execreal $v0config; +sub try_v0config() { + return unless $v0config; + return unless $v0config =~ m{^[^#]}; + return if $v0config eq '/dev/null'; + if ($v0config =~ m{^/}) { + if (!stat $v0config) { + die "v0 config $v0config: $!\n" unless $!==ENOENT; + return; + } } - die "permission denied\n"; + print "trying v0 config $v0config...\n" if $protocol eq 'debug'; + execreal $v0config; } readconfig $v1config; +try_v0config(); + +die "permission denied\n";