[src/netbsd-1-5]: src/etc/rc.d pull up revs 1.4-1.5

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/etc/rc.d pull up revs 1.4-1.5
From: lukem <lukem%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:19:17 +0000

details:   https://anonhg.NetBSD.org/src/rev/adf0263cb463
branches:  netbsd-1-5
changeset: 489004:adf0263cb463
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Aug 09 18:47:13 2000 +0000

description:
pull up revs 1.4-1.5
approved by: thorpej

- if ipsec.conf isn't readable and the system is booting directly to multiuser,
  send SIGTERM to the parent (/etc/rc) so that init(8) aborts the boot.
- fix typo; the first ipsec_start() should be ipsec_prestart()

diffstat:

 etc/rc.d/ipsec |  32 +++++++++++++++++++++-----------
 1 files changed, 21 insertions(+), 11 deletions(-)

diffs (59 lines):

diff -r 22a74902aa0b -r adf0263cb463 etc/rc.d/ipsec
--- a/etc/rc.d/ipsec    Wed Aug 09 18:45:22 2000 +0000
+++ b/etc/rc.d/ipsec    Wed Aug 09 18:47:13 2000 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: ipsec,v 1.3 2000/06/14 03:24:16 itojun Exp $
+# $NetBSD: ipsec,v 1.3.2.1 2000/08/09 18:47:13 lukem Exp $
 #
 
 # PROVIDE: ipsec
@@ -11,6 +11,7 @@
 . /etc/rc.subr
 
 name="ipsec"
+start_precmd="ipsec_prestart"
 start_cmd="ipsec_start"
 stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]"
 stop_cmd="ipsec_stop"
@@ -18,20 +19,29 @@
 reload_cmd="ipsec_reload"
 extra_commands="reload"
 
-ipsec_start()
+ipsec_prestart()
 {
        if ! checkyesno ipsec; then
-               return 0
+               return 1
        fi
+       if [ ! -f /etc/ipsec.conf ]; then
+               warn "/etc/ipsec.conf not readable; ipsec start aborted."
+                       #
+                       # If booting directly to multiuser, send SIGTERM to
+                       # the parent (/etc/rc) to abort the boot
+                       #
+               if [ "$autoboot" = yes ]; then
+                       echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
+                       kill -TERM $$
+                       exit 1
+               fi
+               return 1
+       fi
+       return 0
+}
 
-       # if /etc/ipsec.conf isn't readable, abort the boot rather
-       # than risk a security problem
-       #
-       if [ ! -f /etc/ipsec.conf ]; then
-               err 1 "/etc/ipsec.conf not readable; ipsec start aborted."
-       fi
-       # XXX should check if ipsec.conf is secure enough
-       #
+ipsec_start()
+{
        echo "Installing ipsec manual keys/policies."
        /sbin/setkey -f /etc/ipsec.conf
 }

Prev by Date: [src/netbsd-1-5]: src/etc pull up rev 1.21
Next by Date: [src/netbsd-1-5]: src/etc/rc.d pull up revs 1.8-1.9
Previous by Thread: [src/netbsd-1-5]: src/etc pull up rev 1.21
Next by Thread: [src/netbsd-1-5]: src/etc/rc.d pull up revs 1.8-1.9
Indexes:

Home | Main Index | Thread Index | Old Index