diff options
| author |   claudio <claudio@openbsd.org> | 2019-08-20 16:01:52 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2019-08-20 16:01:52 +0000 |
| commit | 2d3101137f65e1145f846c60ee1d8c7f6a2f25f1 (patch) | |
| tree | 08879c1e3a048ebb9c7c0799136a9eef0beb8012 | |
| parent | scsi_probe_bus() always returns 0. Nobody but scsi_probe() even (diff) | |
| download | wireguard-openbsd-2d3101137f65e1145f846c60ee1d8c7f6a2f25f1.tar.xz wireguard-openbsd-2d3101137f65e1145f846c60ee1d8c7f6a2f25f1.zip | |
Change the arguments to rpki-client a bit. Instead of listing all TAL files
as arguments rpki-client will now load the TAL installed in /etc/rpki by
default. For debug reasons an option -t tal is added to pass in TAL files
by hand. The argument is now instead the filename of the output file.
Now `rpki-client roa.conf` will do what you need which is a lot nicer.
Agreed by deraadt@ job@ to be a step in the right direction.
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/main.c | 75 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-bgpd.c | 15 |
3 files changed, 69 insertions, 26 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 760f174ab43..b9143c9f4f8 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.6 2019/08/13 13:27:26 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.7 2019/08/20 16:01:52 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -301,6 +301,7 @@ int x509_get_ski_aki(X509 *, const char *, char **, char **); /* Output! */ -void output_bgpd(const struct roa **, size_t, int, size_t *, size_t *); +void output_bgpd(FILE *, const struct roa **, size_t, + size_t *, size_t *); #endif /* ! EXTERN_H */ diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 52704f7bd30..2c6600b9e87 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.15 2019/08/13 13:27:26 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.16 2019/08/20 16:01:52 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -18,11 +18,14 @@ #include <sys/queue.h> #include <sys/socket.h> #include <sys/stat.h> +#include <sys/types.h> #include <sys/wait.h> #include <assert.h> #include <err.h> +#include <dirent.h> #include <fcntl.h> +#include <fnmatch.h> #include <fts.h> #include <inttypes.h> #include <poll.h> @@ -1258,13 +1261,41 @@ entity_process(int proc, int rsync, struct stats *st, } } +#define TALSZ_MAX 8 + +size_t +tal_load_default(const char *tals[], size_t max) +{ + static const char *basedir = "/etc/rpki"; + size_t s = 0; + char *path; + DIR *dirp; + struct dirent *dp; + + dirp = opendir(basedir); + if (dirp == NULL) + err(EXIT_FAILURE, "open %s", basedir); + while ((dp = readdir(dirp)) != NULL) { + if (fnmatch("*.tal", dp->d_name, FNM_PERIOD) == FNM_NOMATCH) + continue; + if (s >= max) + err(EXIT_FAILURE, "too many tal files found in %s", + basedir); + if (asprintf(&path, "%s/%s", basedir, dp->d_name) == -1) + err(EXIT_FAILURE, "asprintf"); + tals[s++] = path; + } + closedir (dirp); + return (s); +} + int main(int argc, char *argv[]) { int rc = 0, c, proc, st, rsync, fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0, - force = 0, norev = 0, quiet = 0; - size_t i, j, eid = 1, outsz = 0, vrps, uniqs; + force = 0, norev = 0; + size_t i, j, eid = 1, outsz = 0, talsz = 0, vrps, uniqs; pid_t procpid, rsyncpid; int fd[2]; struct entityq q; @@ -1275,11 +1306,13 @@ main(int argc, char *argv[]) struct roa **out = NULL; const char *rsync_prog = "openrsync"; const char *bind_addr = NULL; + const char *tals[TALSZ_MAX]; + FILE *output = NULL; - if (pledge("stdio rpath proc exec cpath unveil", NULL) == -1) + if (pledge("stdio rpath wpath cpath proc exec unveil", NULL) == -1) err(EXIT_FAILURE, "pledge"); - while ((c = getopt(argc, argv, "b:e:fnqrv")) != -1) + while ((c = getopt(argc, argv, "b:e:fnrt:v")) != -1) switch (c) { case 'b': bind_addr = optarg; @@ -1293,12 +1326,15 @@ main(int argc, char *argv[]) case 'n': noop = 1; break; - case 'q': - quiet = 1; - break; case 'r': norev = 1; break; + case 't': + if (talsz >= TALSZ_MAX) + err(EXIT_FAILURE, + "too many tal files specified"); + tals[talsz++] = optarg; + break; case 'v': verbose++; break; @@ -1307,8 +1343,17 @@ main(int argc, char *argv[]) } argv += optind; - if ((argc -= optind) == 0) + argc -= optind; + if (argc != 1) goto usage; + output = fopen(argv[0], "we"); + if (output == NULL) + err(EXIT_FAILURE, "failed to open %s", argv[0]); + + if (talsz == 0) + talsz = tal_load_default(tals, TALSZ_MAX); + if (talsz == 0) + err(EXIT_FAILURE, "no TAL files found in %s", "/etc/rpki"); memset(&rt, 0, sizeof(struct repotab)); memset(&stats, 0, sizeof(struct stats)); @@ -1351,7 +1396,7 @@ main(int argc, char *argv[]) if (rsyncpid == 0) { close(proc); close(fd[1]); - if (pledge("stdio proc exec rpath cpath unveil", NULL) == -1) + if (pledge("stdio rpath cpath proc exec unveil", NULL) == -1) err(EXIT_FAILURE, "pledge"); /* If -n, we don't exec or mkdir. */ @@ -1382,8 +1427,8 @@ main(int argc, char *argv[]) * can get the ball rolling. */ - for (i = 0; i < (size_t)argc; i++) - queue_add_tal(proc, &q, argv[i], &eid); + for (i = 0; i < talsz; i++) + queue_add_tal(proc, &q, tals[i], &eid); pfd[0].fd = rsync; pfd[1].fd = proc; @@ -1475,8 +1520,8 @@ main(int argc, char *argv[]) /* Output and statistics. */ - output_bgpd((const struct roa **)out, - outsz, quiet, &vrps, &uniqs); + output_bgpd(output, (const struct roa **)out, + outsz, &vrps, &uniqs); logx("Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)", stats.roas, stats.roas_fail, stats.roas_invalid); logx("Certificates: %zu (%zu failed parse, %zu invalid)", @@ -1505,6 +1550,6 @@ main(int argc, char *argv[]) usage: fprintf(stderr, "usage: rpki-client [-fnqrv] [-b bind_addr] [-e rsync_prog] " - "tal ...\n"); + "[-t tal] output\n"); return EXIT_FAILURE; } diff --git a/usr.sbin/rpki-client/output-bgpd.c b/usr.sbin/rpki-client/output-bgpd.c index 03b98da4b77..7dfe65ae672 100644 --- a/usr.sbin/rpki-client/output-bgpd.c +++ b/usr.sbin/rpki-client/output-bgpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-bgpd.c,v 1.9 2019/08/13 13:53:49 claudio Exp $ */ +/* $OpenBSD: output-bgpd.c,v 1.10 2019/08/20 16:01:52 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -34,8 +34,8 @@ cmp(const void *p1, const void *p2) } void -output_bgpd(const struct roa **roas, size_t roasz, - int quiet, size_t *vrps, size_t *unique) +output_bgpd(FILE *out, const struct roa **roas, size_t roasz, + size_t *vrps, size_t *unique) { char buf1[64], buf2[32]; char **lines = NULL; @@ -67,16 +67,13 @@ output_bgpd(const struct roa **roas, size_t roasz, assert(k == *vrps); qsort(lines, *vrps, sizeof(char *), cmp); - if (!quiet) - puts("roa-set {"); + fprintf(out, "roa-set {\n"); for (i = 0; i < *vrps; i++) if (i == 0 || strcmp(lines[i], lines[i - 1])) { - if (!quiet) - printf(" %s\n", lines[i]); + fprintf(out, "\t%s\n", lines[i]); (*unique)++; } - if (!quiet) - puts("}"); + fprintf(out, "}\n"); for (i = 0; i < *vrps; i++) free(lines[i]); |