From: Alberto Leiva Popper Date: Mon, 20 May 2019 15:46:44 +0000 (-0500) Subject: Miscellaneous patches X-Git-Tag: v0.0.2~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=940a81e93605e3633a95cfdc71d831d58c5b590b;p=thirdparty%2FFORT-validator.git Miscellaneous patches - include most TALs for convenience - patch local repository's `mkdir -p` (just wasn't working at all) - print status messages on client `accept(2)` failures --- diff --git a/.gitignore b/.gitignore index b902dc8a..de57b6e0 100644 --- a/.gitignore +++ b/.gitignore @@ -95,6 +95,11 @@ test-driver tmp docs/_site +# Files we're sorta contractually obligated to exclude. +# Can't include ARIN's TAL because of their Relying Party Agreement +# (https://www.arin.net/resources/manage/rpki/tal/) +tal/arin.tal + # Unwanted manure shat by imbecile OSs .DS_Store* ehthumbs.db diff --git a/src/object/tal.c b/src/object/tal.c index 70abe80b..9fde1634 100644 --- a/src/object/tal.c +++ b/src/object/tal.c @@ -377,10 +377,8 @@ perform_standalone_validation(struct validation_handler *handler) config_tal = config_get_tal(); error = stat(config_tal, &attr); - if (error) { - pr_errno(errno, "Error reading path '%s'", config_tal); - return -errno; - } + if (error) + return pr_errno(errno, "Error reading path '%s'", config_tal); fnstack_init(); if (S_ISDIR(attr.st_mode) == 0) diff --git a/src/rsync/rsync.c b/src/rsync/rsync.c index 3a3325d4..da6e5108 100644 --- a/src/rsync/rsync.c +++ b/src/rsync/rsync.c @@ -204,7 +204,6 @@ create_dir(char *path) static int create_dir_recursive(char *localuri) { - size_t repository_len; int i, error; bool exist = false; @@ -215,8 +214,7 @@ create_dir_recursive(char *localuri) if (exist) return 0; - repository_len = strlen(config_get_local_repository()); - for (i = 1 + repository_len; localuri[i] != '\0'; i++) { + for (i = 1; localuri[i] != '\0'; i++) { if (localuri[i] == '/') { localuri[i] = '\0'; error = create_dir(localuri); diff --git a/src/rtr/rtr.c b/src/rtr/rtr.c index 155f2662..f184070c 100644 --- a/src/rtr/rtr.c +++ b/src/rtr/rtr.c @@ -145,18 +145,23 @@ handle_accept_result(int client_fd, int err) if (err == ENETDOWN || err == EPROTO || err == ENOPROTOOPT || err == EHOSTDOWN || err == ENONET || err == EHOSTUNREACH || err == EOPNOTSUPP || err == ENETUNREACH) - return VERDICT_RETRY; + goto retry; #endif #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wlogical-op" if (err == EAGAIN || err == EWOULDBLOCK) - return VERDICT_RETRY; + goto retry; #pragma GCC diagnostic pop - errno = err; - pr_warn("Connection acceptor thread interrupted"); + pr_info("Client connection attempt not accepted: %s. Quitting...", + strerror(err)); return VERDICT_EXIT; + +retry: + pr_info("Client connection attempt not accepted: %s. Retrying...", + strerror(err)); + return VERDICT_RETRY; } static void @@ -246,7 +251,7 @@ handle_client_connections(int server_fd) sizeof_client_addr = sizeof(client_addr); do { - client_fd = accept(server_fd, (struct sockaddr *)&client_addr, + client_fd = accept(server_fd, (struct sockaddr *) &client_addr, &sizeof_client_addr); switch (handle_accept_result(client_fd, errno)) { case VERDICT_SUCCESS: @@ -254,7 +259,7 @@ handle_client_connections(int server_fd) case VERDICT_RETRY: continue; case VERDICT_EXIT: - return 0; + return -EINVAL; } /* diff --git a/tal/README.md b/tal/README.md new file mode 100644 index 00000000..0a138a58 --- /dev/null +++ b/tal/README.md @@ -0,0 +1,5 @@ +# TALs + +Most of the Trust Anchor Locators of the RIRs are included here for convenience. (But maybe you should get your own, for security.) + +The only one that's not included is ARIN's, because you need to agree to their [RPA](https://www.arin.net/resources/manage/rpki/tal/). diff --git a/tal/afrinic.tal b/tal/afrinic.tal new file mode 100644 index 00000000..fc7639f3 --- /dev/null +++ b/tal/afrinic.tal @@ -0,0 +1,9 @@ +rsync://rpki.afrinic.net/repository/AfriNIC.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM +pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH +vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH +k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL +6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl +L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ +UQIDAQAB diff --git a/tal/apnic.tal b/tal/apnic.tal new file mode 100644 index 00000000..fc781ee2 --- /dev/null +++ b/tal/apnic.tal @@ -0,0 +1,9 @@ +rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8 +qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI +7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr +LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf +i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H +cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou +0wIDAQAB diff --git a/tal/lacnic.tal b/tal/lacnic.tal new file mode 100644 index 00000000..55bbf319 --- /dev/null +++ b/tal/lacnic.tal @@ -0,0 +1,9 @@ +rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR +c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9 +gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+ +5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1 +M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd +fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj +DQIDAQAB diff --git a/tal/ripe.tal b/tal/ripe.tal new file mode 100644 index 00000000..acdb1731 --- /dev/null +++ b/tal/ripe.tal @@ -0,0 +1,9 @@ +rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j +Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw +A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G +Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM +kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs +6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2 +VwIDAQAB