auth/box: preserve cwd name, but clear it out
Auth/box previously switched to /, rather than preserving the cwd. This would break relative paths to items that would get pulled into the namespace. This change removes the '-.' flag, and causes auth/box to keep the current working directory, making it more usable for scripting.
This commit is contained in:
parent
520a39efcd
commit
bc64cc50ac
2 changed files with 31 additions and 38 deletions
|
@ -62,7 +62,7 @@ changeuser, convkeys, printnetkey, status, enable, disable, authsrv, guard.srv,
|
||||||
.PP
|
.PP
|
||||||
.B auth/box
|
.B auth/box
|
||||||
[
|
[
|
||||||
.B -d
|
.B -s
|
||||||
] [
|
] [
|
||||||
.B -rc
|
.B -rc
|
||||||
.I file
|
.I file
|
||||||
|
@ -298,9 +298,8 @@ the child namespace; the
|
||||||
flag specifies a string of driver
|
flag specifies a string of driver
|
||||||
characters to keep. The
|
characters to keep. The
|
||||||
.B -s
|
.B -s
|
||||||
flag gives a base set of namespace
|
flag initializes the namespace to what rc expects,
|
||||||
components, ones expected by rc, then passes
|
and passes its arguments unmodified to /bin/rc.
|
||||||
the first argument as a script file to rc.
|
|
||||||
.PP
|
.PP
|
||||||
.I As
|
.I As
|
||||||
executes
|
executes
|
||||||
|
|
|
@ -2,7 +2,11 @@
|
||||||
#include <libc.h>
|
#include <libc.h>
|
||||||
#include <auth.h>
|
#include <auth.h>
|
||||||
|
|
||||||
static int debug;
|
static int debug;
|
||||||
|
static char cwd[8192];
|
||||||
|
static char *parts[256];
|
||||||
|
static int mflags[nelem(parts)];
|
||||||
|
static int nparts;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
binderr(char *new, char *old, int flag)
|
binderr(char *new, char *old, int flag)
|
||||||
|
@ -32,20 +36,14 @@ binderr(char *new, char *old, int flag)
|
||||||
fprint(2, "bind %s %s %s\n", dash, new, old);
|
fprint(2, "bind %s %s %s\n", dash, new, old);
|
||||||
}
|
}
|
||||||
if(bind(new, old, flag) < 0)
|
if(bind(new, old, flag) < 0)
|
||||||
sysfatal("bind: %r");
|
sysfatal("bind %s: %r", new);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
resolvenames(char **names, int nname)
|
resolvenames(char **names, int nname)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char buf[8192];
|
|
||||||
int fd;
|
|
||||||
|
|
||||||
fd = open(".", OREAD|OCEXEC);
|
|
||||||
if(fd < 0)
|
|
||||||
sysfatal("could not open .: %r");
|
|
||||||
fd2path(fd, buf, sizeof buf);
|
|
||||||
for(i = 0; i < nname; i++){
|
for(i = 0; i < nname; i++){
|
||||||
if(names[i] == nil)
|
if(names[i] == nil)
|
||||||
continue;
|
continue;
|
||||||
|
@ -55,10 +53,9 @@ resolvenames(char **names, int nname)
|
||||||
case '/':
|
case '/':
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
names[i] = cleanname(smprint("%s/%s", buf, names[i]));
|
names[i] = cleanname(smprint("%s/%s", cwd, names[i]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
close(fd);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -103,7 +100,8 @@ sandbox(char **names, int *flags, int nname)
|
||||||
free(d);
|
free(d);
|
||||||
binderr(skel, dir, MBEFORE);
|
binderr(skel, dir, MBEFORE);
|
||||||
}
|
}
|
||||||
binderr(names[j], targ, flags[j]);
|
if(flags[j] != -1)
|
||||||
|
binderr(names[j], targ, flags[j]);
|
||||||
}
|
}
|
||||||
binderr(newroot, "/", MREPL);
|
binderr(newroot, "/", MREPL);
|
||||||
}
|
}
|
||||||
|
@ -133,16 +131,11 @@ skelfs(void)
|
||||||
sysfatal("/mnt/d mount setup: %r");
|
sysfatal("/mnt/d mount setup: %r");
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *parts[256];
|
|
||||||
static int mflags[nelem(parts)];
|
|
||||||
static int nparts;
|
|
||||||
static char *rc[] = { "/bin/rc", nil , nil};
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
push(char *path, int flag)
|
push(char *path, int flag)
|
||||||
{
|
{
|
||||||
if(nparts == nelem(parts))
|
if(nparts == nelem(parts))
|
||||||
sysfatal("component overflow");
|
sysfatal("too many bound paths");
|
||||||
parts[nparts] = path;
|
parts[nparts] = path;
|
||||||
mflags[nparts++] = flag;
|
mflags[nparts++] = flag;
|
||||||
}
|
}
|
||||||
|
@ -150,23 +143,23 @@ push(char *path, int flag)
|
||||||
void
|
void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprint(2, "usage %s: [ -d ] [ -r file ] [ -c dir ] [ -e devs ] [ -. path ] cmd args...\n", argv0);
|
fprint(2, "usage %s: [ -r file ] [ -c dir ] [ -e devs ] cmd args...\n", argv0);
|
||||||
exits("usage");
|
exits("usage");
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
char devs[1024];
|
char **argp, devs[128];
|
||||||
int dfd;
|
int i, narg, dfd;
|
||||||
char *path;
|
|
||||||
char *a;
|
char *a;
|
||||||
int sflag;
|
int sflag;
|
||||||
|
|
||||||
nparts = 0;
|
nparts = 0;
|
||||||
path = "/";
|
narg = 0;
|
||||||
memset(devs, 0, sizeof devs);
|
memset(devs, 0, sizeof devs);
|
||||||
sflag = 0;
|
sflag = 0;
|
||||||
|
argp = argv;
|
||||||
ARGBEGIN{
|
ARGBEGIN{
|
||||||
case 'D':
|
case 'D':
|
||||||
debug++;
|
debug++;
|
||||||
|
@ -184,9 +177,6 @@ main(int argc, char **argv)
|
||||||
case 'e':
|
case 'e':
|
||||||
snprint(devs, sizeof devs, "%s%s", devs, EARGF(usage()));
|
snprint(devs, sizeof devs, "%s%s", devs, EARGF(usage()));
|
||||||
break;
|
break;
|
||||||
case '.':
|
|
||||||
path = EARGF(usage());
|
|
||||||
break;
|
|
||||||
case 's':
|
case 's':
|
||||||
sflag = 1;
|
sflag = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -195,18 +185,19 @@ main(int argc, char **argv)
|
||||||
break;
|
break;
|
||||||
}ARGEND
|
}ARGEND
|
||||||
|
|
||||||
if(argc == 0)
|
if(argc == 0 && !sflag)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
|
if(getwd(cwd, sizeof(cwd)) == nil)
|
||||||
|
sysfatal("getwd: %r");
|
||||||
|
push(cwd, -1);
|
||||||
if(sflag){
|
if(sflag){
|
||||||
snprint(devs, sizeof devs, "%s%s", devs, "|d");
|
snprint(devs, sizeof devs, "%s%s", devs, "|d");
|
||||||
push("/srv", MREPL|MCREATE);
|
push("/srv", MREPL|MCREATE);
|
||||||
push("/env", MREPL|MCREATE);
|
push("/env", MREPL|MCREATE);
|
||||||
push("/rc", MREPL);
|
push("/rc", MREPL);
|
||||||
push("/bin", MREPL);
|
push("/bin", MREPL);
|
||||||
push(argv[0], MREPL);
|
argp[narg++] = "/bin/rc";
|
||||||
rc[1] = argv[0];
|
|
||||||
argv = rc;
|
|
||||||
} else {
|
} else {
|
||||||
if(access(argv[0], AEXIST) == -1){
|
if(access(argv[0], AEXIST) == -1){
|
||||||
if((argv[0] = smprint("/bin/%s", argv[0])) == nil)
|
if((argv[0] = smprint("/bin/%s", argv[0])) == nil)
|
||||||
|
@ -216,6 +207,9 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
push(argv[0], MREPL);
|
push(argv[0], MREPL);
|
||||||
}
|
}
|
||||||
|
for(i = 0; i < argc; i++)
|
||||||
|
argp[narg++] = argv[i];
|
||||||
|
argp[narg] = nil;
|
||||||
|
|
||||||
rfork(RFNAMEG|RFFDG);
|
rfork(RFNAMEG|RFFDG);
|
||||||
skelfs();
|
skelfs();
|
||||||
|
@ -238,8 +232,8 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
close(dfd);
|
close(dfd);
|
||||||
|
|
||||||
if(chdir(path) < 0)
|
if(chdir(cwd) < 0)
|
||||||
sysfatal("can not cd to %s", path);
|
sysfatal("chdir %s: %r", cwd);
|
||||||
exec(argv[0], argv);
|
exec(argp[0], argp);
|
||||||
sysfatal("exec: %r");
|
sysfatal("exec: %r");
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue