diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 4 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/main.c | 32 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/mkdir.c | 6 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rsync.c | 13 |
4 files changed, 30 insertions, 25 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index f613a5677c4..ef0106fba73 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.45 2021/02/18 16:23:17 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.46 2021/02/19 08:14:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -449,7 +449,7 @@ int output_json(FILE *, struct vrp_tree *, struct stats *); void logx(const char *fmt, ...) __attribute__((format(printf, 1, 2))); -int mkpath(const char *); +int mkpath(int, const char *); #define RPKI_PATH_OUT_DIR "/var/db/rpki-client" #define RPKI_PATH_BASE_DIR "/var/cache/rpki-client" diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index e6b1811a180..a63bc15f245 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.101 2021/02/18 10:10:20 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.102 2021/02/19 08:14:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -27,6 +27,7 @@ #include <err.h> #include <errno.h> #include <dirent.h> +#include <fcntl.h> #include <fnmatch.h> #include <fts.h> #include <poll.h> @@ -91,6 +92,7 @@ RB_PROTOTYPE(filepath_tree, filepath, entry, filepathcmp); static struct filepath_tree fpt = RB_INITIALIZER(&fpt); static struct msgbuf procq, rsyncq; +static int cachefd; const char *bird_tablename = "ROAS"; @@ -289,6 +291,15 @@ repo_fetch(struct repo *rp) return; } + /* + * Create destination location. + * Build up the tree to this point because GPL rsync(1) + * will not build the destination for us. + */ + + if (mkpath(cachefd, rp->local) == -1) + err(1, "%s", rp->local); + logx("%s: pulling from network", rp->local); if ((b = ibuf_dynamic(256, UINT_MAX)) == NULL) err(1, NULL); @@ -684,7 +695,7 @@ add_to_del(char **del, size_t *dsz, char *file) } static size_t -repo_cleanup(const char *cachedir) +repo_cleanup(int dirfd) { size_t i, delsz = 0; char *argv[2], **del = NULL; @@ -692,8 +703,8 @@ repo_cleanup(const char *cachedir) FTSENT *e; /* change working directory to the cache directory */ - if (chdir(cachedir) == -1) - err(1, "%s: chdir", cachedir); + if (fchdir(dirfd) == -1) + err(1, "fchdir"); for (i = 0; i < rt.reposz; i++) { if (asprintf(&argv[0], "%s", rt.repos[i].local) == -1) @@ -866,6 +877,9 @@ main(int argc, char *argv[]) goto usage; } + if ((cachefd = open(cachedir, O_RDONLY, 0)) == -1) + err(1, "cache directory %s", cachedir); + if (outformats == 0) outformats = FORMAT_OPENBGPD; @@ -891,8 +905,8 @@ main(int argc, char *argv[]) close(fd[1]); /* change working directory to the cache directory */ - if (chdir(cachedir) == -1) - err(1, "%s: chdir", cachedir); + if (fchdir(cachefd) == -1) + err(1, "fchdir"); /* Only allow access to the cache directory. */ if (unveil(cachedir, "r") == -1) @@ -924,8 +938,8 @@ main(int argc, char *argv[]) close(fd[1]); /* change working directory to the cache directory */ - if (chdir(cachedir) == -1) - err(1, "%s: chdir", cachedir); + if (fchdir(cachefd) == -1) + err(1, "fchdir"); if (pledge("stdio rpath cpath proc exec unveil", NULL) == -1) @@ -1088,7 +1102,7 @@ main(int argc, char *argv[]) if (outputfiles(&v, &stats)) rc = 1; - stats.del_files = repo_cleanup(cachedir); + stats.del_files = repo_cleanup(cachefd); logx("Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)", stats.roas, stats.roas_fail, stats.roas_invalid); diff --git a/usr.sbin/rpki-client/mkdir.c b/usr.sbin/rpki-client/mkdir.c index d9f466f721a..7369c3de4c5 100644 --- a/usr.sbin/rpki-client/mkdir.c +++ b/usr.sbin/rpki-client/mkdir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mkdir.c,v 1.1 2021/02/02 18:33:11 claudio Exp $ */ +/* $OpenBSD: mkdir.c,v 1.2 2021/02/19 08:14:49 claudio Exp $ */ /* * Copyright (c) 1983, 1992, 1993 @@ -43,7 +43,7 @@ * dir_mode - file mode of intermediate directories */ int -mkpath(const char *dir) +mkpath(int dirfd, const char *dir) { char *path, *slash; int done; @@ -59,7 +59,7 @@ mkpath(const char *dir) done = (*slash == '\0'); *slash = '\0'; - if (mkdir(path, 0700) == -1 && errno != EEXIST) { + if (mkdirat(dirfd, path, 0700) == -1 && errno != EEXIST) { free(path); return (-1); } diff --git a/usr.sbin/rpki-client/rsync.c b/usr.sbin/rpki-client/rsync.c index 0285429d1d8..1f00a6ee596 100644 --- a/usr.sbin/rpki-client/rsync.c +++ b/usr.sbin/rpki-client/rsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsync.c,v 1.17 2021/02/16 08:52:00 claudio Exp $ */ +/* $OpenBSD: rsync.c,v 1.18 2021/02/19 08:14:49 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -167,7 +167,7 @@ proc_rsync(char *prog, char *bind_addr, int fd) if (unveil(NULL, NULL) == -1) err(1, "unveil"); - if (pledge("stdio cpath proc exec", NULL) == -1) + if (pledge("stdio proc exec", NULL) == -1) err(1, "pledge"); /* Initialise retriever for children exiting. */ @@ -261,15 +261,6 @@ proc_rsync(char *prog, char *bind_addr, int fd) assert(dst); assert(uri); - /* - * Create source and destination locations. - * Build up the tree to this point because GPL rsync(1) - * will not build the destination for us. - */ - - if (mkpath(dst) == -1) - err(1, "%s", dst); - /* Run process itself, wait for exit, check error. */ if ((pid = fork()) == -1) |