about summary refs log tree commit diff
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-10 01:32:10 +0000
committerJune McEnroe <june@causal.agency>2021-06-10 14:44:35 -0400
commit71a84aa5023795b86a41e73617166dd1391204f6 (patch)
treea2682cfd25738661fb02004667d1d5faa9229011
parentHoist loading default root certificates into ircConfig() (diff)
downloadcatgirl-71a84aa5023795b86a41e73617166dd1391204f6.tar.gz
catgirl-71a84aa5023795b86a41e73617166dd1391204f6.zip
OpenBSD: Remove now obsolete unveil code
Previous tls_default_ca_cert_file(3) hoisting makes this possible: all
TLS related files are fully loaded into memory by ircConfig() such that
ircConnect() will not do any file I/O.

Call ircConfig() before pledge(2) in the `-o' "print cert" case so this
works out -- that order should have been preserved in the previous
a989e15 "OpenBSD: hoist -o/printCert code to simplify" but fixing it now
nicely demonstrates the achivement even more so.
-rw-r--r--chat.c28
1 files changed, 3 insertions, 25 deletions
diff --git a/chat.c b/chat.c
index 653a6ab..18174ae 100644
--- a/chat.c
+++ b/chat.c
@@ -128,14 +128,6 @@ static void parseHash(char *str) {
 
 #ifdef __OpenBSD__
 
-static void unveilConfig(const char *name) {
-	const char *dirs = NULL;
-	for (const char *path; NULL != (path = configPath(&dirs, name));) {
-		int error = unveil(path, "r");
-		if (error && errno != ENOENT) err(EX_NOINPUT, "%s", path);
-	}
-}
-
 static void unveilData(const char *name) {
 	const char *dirs = NULL;
 	for (const char *path; NULL != (path = dataPath(&dirs, name));) {
@@ -144,25 +136,12 @@ static void unveilData(const char *name) {
 	}
 }
 
-static void unveilAll(const char *trust, const char *cert, const char *priv) {
+static void unveilAll(void) {
 	if (save || logEnable) {
 		dataMkdir("");
 		unveilData("");
 	}
-	if (trust) unveilConfig(trust);
-	if (cert) unveilConfig(cert);
-	if (priv) unveilConfig(priv);
 	if (save) unveilData(save);
-	struct {
-		const char *path;
-		const char *perm;
-	} paths[] = {
-		{ tls_default_ca_cert_file(), "r" },
-	};
-	for (size_t i = 0; i < ARRAY_LEN(paths); ++i) {
-		int error = unveil(paths[i].path, paths[i].perm);
-		if (error) err(EX_OSFILE, "%s", paths[i].path);
-	}
 }
 
 #endif /* __OpenBSD__ */
@@ -266,12 +245,11 @@ int main(int argc, char *argv[]) {
 	if (!host) errx(EX_USAGE, "host required");
 
 	if (printCert) {
+		ircConfig(insecure, trust, cert, priv);
 #ifdef __OpenBSD__
-		unveilAll(trust, cert, priv);
 		int error = pledge("stdio rpath inet dns", NULL);
 		if (error) err(EX_OSERR, "pledge");
 #endif
-		ircConfig(insecure, trust, cert, priv);
 		ircConnect(bind, host, port);
 		ircPrintCert();
 		ircClose();
@@ -310,7 +288,7 @@ int main(int argc, char *argv[]) {
 	uiInitEarly();
 
 #ifdef __OpenBSD__
-	if (self.restricted) unveilAll(trust, cert, priv);
+	if (self.restricted) unveilAll();
 
 	char promises[64] = "stdio tty";
 	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];