diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-05-06 11:47:33 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-05-06 11:47:33 +0000 |
| commit | 36cd749078bb7d7107e85f2c427213046faa19f3 (patch) | |
| tree | b235792f917ea35041a98bf4c94c77ce647ef7a3 | |
| parent | 76fee0e46b6d9862100e2f39a68c4b2e91bd5b1b (diff) | |
| download | s6-networking-36cd749078bb7d7107e85f2c427213046faa19f3.tar.xz | |
Add -e option to s6-tlsserver
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | doc/s6-tlsserver.html | 14 | ||||
| -rw-r--r-- | doc/upgrade.html | 3 | ||||
| -rw-r--r-- | src/conn-tools/s6-tlsserver.c | 16 |
4 files changed, 29 insertions, 8 deletions
@@ -3,8 +3,8 @@ Changelog for s6-networking. In 2.3.2.0 ---------- - - s6-tlsserver now accepts options for s6-tcpserver-access and -potentially invokes it. + - New -e option to s6-tlsserver, to invoke s6-tcpserver-access +unconditionally. In 2.3.1.2 diff --git a/doc/s6-tlsserver.html b/doc/s6-tlsserver.html index bb3301f..6c1395d 100644 --- a/doc/s6-tlsserver.html +++ b/doc/s6-tlsserver.html @@ -148,6 +148,19 @@ generally work, but unless you're running a very public server certificates, you probably still want TCP access rules. </p> +<h3> Options handled directly by s6-tlsserver </h3> + +<ul> + <li> <tt>-e</tt>: : indicates that +<a href="s6-tcpserver-access.html">s6-tcpserver-access</a> should +be invoked, even if no other option requires it, even in the absence +of an access control ruleset. This ensures that <em>prog...</em> +will always have access to environment variables such as TCPLOCALPORT. +This option also ensures that the log does not get spammed with +spurious "no ruleset" warnings if the <tt>-v</tt> option has been +given but no <tt>-i</tt> or <tt>-x</tt> option. </li> +</ul> + <h3> Options passed as is to s6-tcpserver </h3> <ul> @@ -192,7 +205,6 @@ certificates, you probably still want TCP access rules. <h2> Example </h2> - <p> As root: <code> KEYFILE=/etc/ssl/private/mykey.der CERTFILE=/etc/ssl/public/mycert.pem \ diff --git a/doc/upgrade.html b/doc/upgrade.html index 6928777..d9c168c 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -28,8 +28,9 @@ dependency bumped to 2.6.0.1. </li> <li> <a href="https://libressl.org">LibreSSL</a> optional dependency bumped to 3.0.2. </li> <li> <a href="s6-tlsserver.html">s6-tlsserver</a> now includes +the <tt>-e</tt> option to invoke <a href="s6-tcpserver-access.html">s6-tcpserver-access</a> -functionality, and accepts corresponding options. </li> +unconditionally. </li> </ul> <h2> in 2.3.1.2 </h2> diff --git a/src/conn-tools/s6-tlsserver.c b/src/conn-tools/s6-tlsserver.c index fa36226..fb899eb 100644 --- a/src/conn-tools/s6-tlsserver.c +++ b/src/conn-tools/s6-tlsserver.c @@ -9,7 +9,7 @@ #include <s6/config.h> #include <s6-networking/config.h> -#define USAGE "s6-tlsserver [ options ] ip port prog...\n" \ +#define USAGE "s6-tlsserver [ -e ] [ options ] ip port prog...\n" \ "s6-tcpserver options: [ -q | -Q | -v ] [ -4 | -6 ] [ -1 ] [ -c maxconn ] [ -C localmaxconn ] [ -b backlog ] [ -G gidlist ] [ -g gid ] [ -u uid ] [ -U ]\n" \ "s6-tcpserver-access options: [ -W | -w ] [ -D | -d ] [ -H | -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ]\n" \ "s6-tlsd options: [ -S | -s ] [ -Y | -y ] [ -K timeout ] [ -Z | -z ]" @@ -44,6 +44,7 @@ struct options_s unsigned int flagS : 1 ; unsigned int flagy : 1 ; unsigned int flagZ : 1 ; + unsigned int onlyvars : 1 ; unsigned int doaccess : 1 ; unsigned int doapply : 1 ; } ; @@ -74,6 +75,7 @@ struct options_s .flagS = 0, \ .flagy = 0, \ .flagZ = 0, \ + .onlyvars = 0, \ .doaccess = 0, \ .doapply = 0 \ } @@ -86,7 +88,7 @@ int main (int argc, char const *const *argv, char const *const *envp) subgetopt_t l = SUBGETOPT_ZERO ; for (;;) { - int opt = subgetopt_r(argc, argv, "qQv461c:C:b:G:g:u:UWwDdHhRrPpl:B:t:i:x:SsYyK:Zz", &l) ; + int opt = subgetopt_r(argc, argv, "qQv461c:C:b:G:g:u:UWwDdHhRrPpleB:t:i:x:SsYyK:Zz", &l) ; if (opt == -1) break ; switch (opt) { @@ -114,6 +116,7 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'P' : o.flagp = 0 ; break ; case 'p' : o.flagp = 1 ; o.doaccess = 1 ; break ; case 'l' : o.localname = l.arg ; o.doaccess = 1 ; break ; + case 'e' : o.onlyvars = 1 ; o.doaccess = 1 ; break ; case 'B' : o.banner = l.arg ; o.doaccess = 1 ; break ; case 't' : if (!uint0_scan(l.arg, &o.timeout)) dieusage() ; break ; case 'i' : o.rules = l.arg ; o.ruleswhat = 1 ; o.doaccess = 1 ; break ; @@ -168,8 +171,13 @@ int main (int argc, char const *const *argv, char const *const *envp) if (o.doaccess) { newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpserver-access" ; - if (o.verbosity != 1) - newargv[m++] = o.verbosity ? "-v2" : "-v0" ; + if (o.verbosity) + { + if (o.verbosity > 1 && (!o.onlyvars || o.ruleswhat)) + newargv[m++] = "-v2" ; + } + else newargv[m++] = "-v0" ; + if (o.flagw) newargv[m++] = "-w" ; if (o.flagD) newargv[m++] = "-D" ; if (o.flagH) newargv[m++] = "-H" ; |