X-Git-Url: https://git.distorted.org.uk/~mdw/userv-utils/blobdiff_plain/8ca56de88c924569a38c8bdff10f145fe8ae7fce..2449f13fad5be5ca9d1ce16955fe0afec7cfc050:/ipif/service-wrap?ds=sidebyside

diff --git a/ipif/service-wrap b/ipif/service-wrap
index 2916750..678a867 100755
--- a/ipif/service-wrap
+++ b/ipif/service-wrap
@@ -13,9 +13,10 @@
 #
 # Usage:
 #
-#   .../ipif1 <v1config> <real-service-program> -- <service-args>...
+#   .../ipif1 <v1config> <real-service-program> <v0config> -- <service-args>...
 #
-# Config file is a series of lines.
+# Config file is a series of lines, or a directory.  If a directory,
+# all files with names matching ^[-A-Za-z0-9_]+$ are processed.
 #
 #   permit <keyword>....
 #
@@ -47,12 +48,13 @@
 #              if a permit has no ifname at all, it is as if
 #              `ifname userv%d' was specified
 #
-#   include <other-config-file>
+#   include <other-config-file-or-directory>
 #
-#   v0config <v0configfile>
+# <v0config>
 #
-#     If none of the `permit' lines match, will read <v0configfile>
-#     in old format.  Must come after all `permit' lines.
+#     If none of the `permit' lines match, will process <v0config> in
+#     old format.  See service.c head comment.  <v0config> may be
+#     `' or `#' or `/dev/null' to process new-style config only.
 #
 #   <config> --
 
@@ -78,8 +80,8 @@ sub oneaddr ($) {
     $$ar = $x;
 }
 
-@ARGV == 5 or badusage "wrong number of arguments";
-our ($v1config, $realservice, $sep, $addrsarg, $rnets) = @ARGV;
+@ARGV == 6 or badusage "wrong number of arguments";
+our ($v1config, $realservice, $v0config, $sep, $addrsarg, $rnets) = @ARGV;
 
 $sep eq '--' or badusage "separator should be \`--'";
 my ($local_addr, $peer_addr, $mtu, $protocol, $ifname) =
@@ -103,13 +105,12 @@ our @rnets = ($rnets eq '-' ? () : split /\,/, $rnets);
 sub execreal ($) {
     my ($use_v0config) = @_;
     exec $realservice, $use_v0config, '--',
-	"$local_addr,$peer_addr,$mtu,$protocol",
+	(join ',', $local_addr->addr, $peer_addr->addr,
+	           $mtu, $protocol, $ifname),
 	@rnets ? (join ",", map { "$_" } @rnets) : "-"
 	or die "exec $realservice: $!\n";
 }
 
-our $v0config;
-
 our $cfgpath;
 
 sub badcfg ($) {
@@ -175,8 +176,21 @@ sub maybe_allow_addrs ($$) {
     }
 }
 
+sub readconfig ($);
 sub readconfig ($) {
     local ($cfgpath) = @_;
+
+    my $dirfh;
+    if (opendir $dirfh, $cfgpath) {
+	while ($!=0, my $ent = readdir $dirfh) {
+	    next if $ent =~ m/[^-A-Za-z0-9_]/;
+	    readconfig "$cfgpath/$ent";
+	}
+	die "$0: $cfgpath: $!\n" if $!;
+	return;
+    }
+    die "$0: $cfgpath: $!\n" unless $!==ENOENT || $!==ENOTDIR;
+
     my $cfgfh = new IO::File $cfgpath, "<";
     if (!$cfgfh) {
 	die "$0: $cfgpath: $!\n" unless $!==ENOENT;
@@ -188,7 +202,6 @@ sub readconfig ($) {
 	next if m/^\#/;
 	next unless m/\S/;
 	if (s{^permit\s+}{}) {
-	    badcfg "v0config before permit" if defined $v0config;
 	    %need_allow = ();
 	    need_allow_singleton 'Caller', allowent 'caller';
 	    need_allow_singleton 'Local',
@@ -251,9 +264,6 @@ sub readconfig ($) {
 		print "config $cfgpath:$.: mismatch: $_\n"
 		    foreach @wrong;
 	    }
-	} elsif (m{^v0config\s+(\S+)$}) {
-	    badcfg "repeated v0config" if defined $v0config;
-	    $v0config = $1;
 	} elsif (m{^include\s+(\S+)$}) {
 	    readconfig $1;
 	} else {
@@ -262,13 +272,12 @@ sub readconfig ($) {
     }
     $cfgfh->error and die $!;
     close $cfgfh;
-
-    if (defined $v0config) {
-	$v0config =~ s{^}{./} unless $v0config =~ m{^/};
-	print "trying v0 config $v0config...\n" if $protocol eq 'debug';
-	execreal $v0config;
-    }
-    die "permission denied\n";
 }
 
 readconfig $v1config;
+
+if ($v0config && $v0config =~ m{^[^#]} && $v0config ne '/dev/null') {
+    print "trying v0 config $v0config...\n" if $protocol eq 'debug';
+    execreal $v0config;
+}
+die "permission denied\n";