Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/mountd PR/15692: Love: specify ipsec policy for mou...
details: https://anonhg.NetBSD.org/src/rev/2438f0d64889
branches: trunk
changeset: 536774:2438f0d64889
user: christos <christos%NetBSD.org@localhost>
date: Sat Sep 21 20:35:00 2002 +0000
description:
PR/15692: Love: specify ipsec policy for mountd.
diffstat:
usr.sbin/mountd/Makefile | 15 +++++++++++--
usr.sbin/mountd/mountd.8 | 14 ++++++++++++-
usr.sbin/mountd/mountd.c | 49 ++++++++++++++++++++++++++++++++++++++++++++---
3 files changed, 70 insertions(+), 8 deletions(-)
diffs (181 lines):
diff -r 87c5497776a2 -r 2438f0d64889 usr.sbin/mountd/Makefile
--- a/usr.sbin/mountd/Makefile Sat Sep 21 20:26:49 2002 +0000
+++ b/usr.sbin/mountd/Makefile Sat Sep 21 20:35:00 2002 +0000
@@ -1,9 +1,18 @@
-# $NetBSD: Makefile,v 1.15 1998/10/29 12:57:02 christos Exp $
+# $NetBSD: Makefile,v 1.16 2002/09/21 20:35:00 christos Exp $
# @(#)Makefile 8.3 (Berkeley) 1/25/94
PROG= mountd
+SRCS= mountd.c ipsec.c
MAN= exports.5 mountd.8
-LDADD+=-lutil
-DPADD+=${LIBUTIL}
+
+INETDDIR= ${.CURDIR}/../inetd
+
+CPPFLAGS+= -I${INETDDIR} -DIPSEC
+LDADD+= -lipsec -lutil
+DPADD+= ${LIBIPSEC} ${LIBUTIL}
+
+
.include <bsd.prog.mk>
+
+.PATH: ${INETDDIR}
diff -r 87c5497776a2 -r 2438f0d64889 usr.sbin/mountd/mountd.8
--- a/usr.sbin/mountd/mountd.8 Sat Sep 21 20:26:49 2002 +0000
+++ b/usr.sbin/mountd/mountd.8 Sat Sep 21 20:35:00 2002 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: mountd.8,v 1.22 2000/07/03 10:06:26 enami Exp $
+.\" $NetBSD: mountd.8,v 1.23 2002/09/21 20:35:00 christos Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -43,6 +43,7 @@
mount requests
.Sh SYNOPSIS
.Nm
+.Op Fl P Ar policy
.Op Fl dn
.Op Ar exportsfile
.Sh DESCRIPTION
@@ -62,6 +63,17 @@
Options and operands available for
.Nm mountd :
.Bl -tag -width Ds
+.It Fl P Ar policy
+IPsec
+.Ar policy
+string,
+as described in
+.Xr ipsec_set_policy 3 .
+Multiple IPsec policy strings may be specified by using a semicolon as
+a separator. If conflicting policy strings are found in a single line,
+the last string will take effect. If an invalid IPsec policy string is used
+.Nm
+logs an error message and terminates itself.
.It Fl d
Enable debugging mode.
.Nm
diff -r 87c5497776a2 -r 2438f0d64889 usr.sbin/mountd/mountd.c
--- a/usr.sbin/mountd/mountd.c Sat Sep 21 20:26:49 2002 +0000
+++ b/usr.sbin/mountd/mountd.c Sat Sep 21 20:35:00 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mountd.c,v 1.79 2001/11/29 21:23:38 christos Exp $ */
+/* $NetBSD: mountd.c,v 1.80 2002/09/21 20:35:00 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -51,7 +51,7 @@
#if 0
static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95";
#else
-__RCSID("$NetBSD: mountd.c,v 1.79 2001/11/29 21:23:38 christos Exp $");
+__RCSID("$NetBSD: mountd.c,v 1.80 2002/09/21 20:35:00 christos Exp $");
#endif
#endif /* not lint */
@@ -95,6 +95,7 @@
#include <string.h>
#include <unistd.h>
#include <netgroup.h>
+#include <err.h>
#include <util.h>
#include "pathnames.h"
#ifdef KERBEROS
@@ -102,6 +103,14 @@
#include "kuid.h"
#endif
+#ifdef IPSEC
+#include <netinet6/ipsec.h>
+#ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */
+#undef IPSEC
+#endif
+#include "ipsec.h"
+#endif
+
#include <stdarg.h>
/*
@@ -287,9 +296,21 @@
int udpsock, tcpsock, udp6sock, tcp6sock;
int xcreated = 0, s;
int c, one = 1;
+#ifdef IPSEC
+ char *policy = NULL;
+#define ADDOPTS "P:"
+#else
+#define ADDOPTS
+#endif
- while ((c = getopt(argc, argv, "dnr")) != -1)
+ while ((c = getopt(argc, argv, "dnr" ADDOPTS)) != -1)
switch (c) {
+#ifdef IPSEC
+ case 'P':
+ if (ipsecsetup_test(policy = optarg))
+ errx(1, "Invalid ipsec policy `%s'", policy);
+ break;
+#endif
case 'd':
debug = 1;
break;
@@ -298,7 +319,11 @@
case 'r':
break;
default:
- fprintf(stderr, "Usage: mountd [-d] [export_file]\n");
+ fprintf(stderr, "Usage: %s [-d]"
+#ifdef IPSEC
+ " [-P ipsec policy]"
+#endif
+ " [export_file]\n", getprogname());
exit(1);
};
argc -= optind;
@@ -366,6 +391,10 @@
if (udpsock != -1 && udpconf != NULL) {
bindresvport(udpsock, NULL);
+#ifdef IPSEC
+ if (policy)
+ ipsecsetup(AF_INET, udpsock, policy);
+#endif
udptransp = svc_dg_create(udpsock, 0, 0);
if (udptransp != NULL) {
if (!svc_reg(udptransp, RPCPROG_MNT, RPCMNT_VER1,
@@ -382,6 +411,10 @@
if (tcpsock != -1 && tcpconf != NULL) {
bindresvport(tcpsock, NULL);
+#ifdef IPSEC
+ if (policy)
+ ipsecsetup(AF_INET, tcpsock, policy);
+#endif
listen(tcpsock, SOMAXCONN);
tcptransp = svc_vc_create(tcpsock, 0, 0);
if (tcptransp != NULL) {
@@ -399,6 +432,10 @@
if (udp6sock != -1 && udp6conf != NULL) {
bindresvport(udp6sock, NULL);
+#ifdef IPSEC
+ if (policy)
+ ipsecsetup(AF_INET6, tcpsock, policy);
+#endif
udp6transp = svc_dg_create(udp6sock, 0, 0);
if (udp6transp != NULL) {
if (!svc_reg(udp6transp, RPCPROG_MNT, RPCMNT_VER1,
@@ -415,6 +452,10 @@
if (tcp6sock != -1 && tcp6conf != NULL) {
bindresvport(tcp6sock, NULL);
+#ifdef IPSEC
+ if (policy)
+ ipsecsetup(AF_INET6, tcpsock, policy);
+#endif
listen(tcp6sock, SOMAXCONN);
tcp6transp = svc_vc_create(tcp6sock, 0, 0);
if (tcp6transp != NULL) {
Home |
Main Index |
Thread Index |
Old Index