src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2015-10-23 15:03:26 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2015-10-23 15:03:26 +0000
commit	66ed5b21df09e28f7279e862f8c5151a5ab40165 (patch)
tree	872a943423297222181accd2b008729d1e38756a /sbin
parent	8f97754af9e80a71bab3f3374427d04d9b0b6c41 (diff)

route has 3 code paths: monitor (listening on route socket); show

(sysctl and then print), change (getsocket, then read/write on that). Refactor lightly and insert pledge "stdio rpath dns" in each case. ok claudio benno phessler

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/route/route.c

124

-rw-r--r--

sbin/route/show.c

2 files changed, 69 insertions, 65 deletions

diff --git a/sbin/route/route.c b/sbin/route/route.c
index 9e81715fc5c..af718c07d0c 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: route.c,v 1.177 2015/09/11 20:08:40 mpi Exp $ */

+/* $OpenBSD: route.c,v 1.178 2015/10/23 15:03:25 deraadt Exp $ */

/* $NetBSD: route.c,v 1.16 1996/04/15 18:27:05 cgd Exp $ */

@@ -78,7 +78,7 @@ struct rt_metrics rt_metrics;

void flushroutes(int, char **);

int newroute(int, char **);

-void show(int, char *[]);

+int show(int, char *[]);

int keycmp(const void *, const void *);

int keyword(char *);

void monitor(int, char *[]);

@@ -175,30 +175,61 @@ main(int argc, char **argv)

errno = Terr;

err(1, "routing table %d", tableid);

}

- switch (kw) {

- case K_EXEC:

- break;

- case K_MONITOR:

- monitor(argc, argv);

- break;

- default:

- if (tflag)

- s = open(_PATH_DEVNULL, O_WRONLY);

- else

- s = socket(PF_ROUTE, SOCK_RAW, 0);

- if (s == -1)

- err(1, "socket");

- /* force socket onto table user requested */

- if (Tflag == 1 && Terr == 0 &&

- setsockopt(s, AF_ROUTE, ROUTE_TABLEFILTER,

- &tableid, sizeof(tableid)) == -1)

- err(1, "setsockopt(ROUTE_TABLEFILTER)");

- break;

+ if (kw == K_EXEC)

+ exit(rdomain(argc - 1, argv + 1));

+ s = socket(PF_ROUTE, SOCK_RAW, 0);

+ if (s == -1)

+ err(1, "socket");

+ if (kw == K_MONITOR) {

+ unsigned int filter = 0;

+ int af = 0;

+ while (--argc > 0) {

+ if (**(++argv)== '-')

+ switch (keyword(*argv + 1)) {

+ case K_INET:

+ af = AF_INET;

+ break;

+ case K_INET6:

+ af = AF_INET6;

+ break;

+ case K_IFACE:

+ case K_INTERFACE:

+ filter = ROUTE_FILTER(RTM_IFINFO) |

+ ROUTE_FILTER(RTM_IFANNOUNCE);

+ break;

+ default:

+ usage(*argv);

+ /* NOTREACHED */

+ }

+ else

+ usage(*argv);

+ }

+ if (setsockopt(s, AF_ROUTE, ROUTE_MSGFILTER, &filter,

+ sizeof(filter)) == -1)

+ err(1, "setsockopt(ROUTE_MSGFILTER)");

+ }

+ /* force socket onto table user requested */

+ if (Tflag == 1 && Terr == 0 &&

+ setsockopt(s, AF_ROUTE, ROUTE_TABLEFILTER,

+ &tableid, sizeof(tableid)) == -1)

+ err(1, "setsockopt(ROUTE_TABLEFILTER)");

+ if (kw == K_SHOW) {

+ uid = 0;

+ exit(show(argc, argv));

}

+ if (nflag) {

+ if (pledge("stdio rpath dns", NULL) == -1)

+ err(1, "pledge");

+ } else {

+ if (pledge("stdio rpath dns", NULL) == -1)

+ err(1, "pledge");

+ }

switch (kw) {

- case K_EXEC:

- rval = rdomain(argc - 1, argv + 1);

- break;

case K_GET:

uid = 0;

/* FALLTHROUGH */

@@ -207,12 +238,8 @@ main(int argc, char **argv)

case K_DELETE:

rval = newroute(argc, argv);

break;

- case K_SHOW:

- uid = 0;

- show(argc, argv);

- break;

case K_MONITOR:

- /* handled above */

+ monitor(argc, argv);

break;

case K_FLUSH:

flushroutes(argc, argv);

@@ -648,7 +675,7 @@ newroute(int argc, char **argv)

return (ret != 0);

}

-void

+int

show(int argc, char *argv[])

{

int af = 0;

@@ -691,6 +718,7 @@ show(int argc, char *argv[])

}

p_rttables(af, tableid, Tflag, prio);

+ return (0);

}

void

@@ -1046,44 +1074,12 @@ interfaces(void)

void

monitor(int argc, char *argv[])

{

- int af = 0;

- unsigned int filter = 0;

int n;

char msg[2048];

time_t now;

- while (--argc > 0) {

- if (**(++argv)== '-')

- switch (keyword(*argv + 1)) {

- case K_INET:

- af = AF_INET;

- break;

- case K_INET6:

- af = AF_INET6;

- break;

- case K_IFACE:

- case K_INTERFACE:

- filter = ROUTE_FILTER(RTM_IFINFO) |

- ROUTE_FILTER(RTM_IFANNOUNCE);

- break;

- default:

- usage(*argv);

- /* NOTREACHED */

- }

- else

- usage(*argv);

- }

- s = socket(PF_ROUTE, SOCK_RAW, af);

- if (s == -1)

- err(1, "socket");

- if (setsockopt(s, AF_ROUTE, ROUTE_MSGFILTER, &filter,

- sizeof(filter)) == -1)

- err(1, "setsockopt(ROUTE_MSGFILTER)");

- if (Tflag && setsockopt(s, AF_ROUTE, ROUTE_TABLEFILTER, &tableid,

- sizeof(tableid)) == -1)

- err(1, "setsockopt(ROUTE_TABLEFILTER)");

+ if (pledge("stdio rpath dns", NULL) == -1)

+ err(1, "pledge");

verbose = 1;

if (debugonly) {

diff --git a/sbin/route/show.c b/sbin/route/show.c
index 7276a7a5d85..30ff049fae7 100644
--- a/sbin/route/show.c
+++ b/sbin/route/show.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: show.c,v 1.101 2015/09/11 20:08:40 mpi Exp $ */

+/* $OpenBSD: show.c,v 1.102 2015/10/23 15:03:25 deraadt Exp $ */

/* $NetBSD: show.c,v 1.1 1996/11/15 18:01:41 gwr Exp $ */

@@ -145,6 +145,14 @@ p_rttables(int af, u_int tableid, int hastable, char prio)

break;

}

+ if (nflag) {

+ if (pledge("stdio rpath dns", NULL) == -1)

+ err(1, "pledge");

+ } else {

+ if (pledge("stdio rpath dns", NULL) == -1)

+ err(1, "pledge");

+ }

printf("Routing tables\n");

if (buf) {