summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorjob <job@cvs.openbsd.org>2020-06-30 12:52:45 +0000
committerjob <job@cvs.openbsd.org>2020-06-30 12:52:45 +0000
commit4c713ee6e569300a1f30266a416c816035fb080a (patch)
treeb78671233491551957fa0389ce93a9884243662b /usr.sbin
parent8264b48264e0e2d4b61588bef27ca5419a42d6c6 (diff)
Remove -f (force) option.
The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/rpki-client/extern.h4
-rw-r--r--usr.sbin/rpki-client/main.c27
-rw-r--r--usr.sbin/rpki-client/mft.c18
-rw-r--r--usr.sbin/rpki-client/rpki-client.89
4 files changed, 24 insertions, 34 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 3b0b81ae7c1..491b4d4bcde 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: extern.h,v 1.30 2020/06/24 14:39:21 claudio Exp $ */
+/* $OpenBSD: extern.h,v 1.31 2020/06/30 12:52:44 job Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -289,7 +289,7 @@ struct cert *cert_read(int);
void mft_buffer(char **, size_t *, size_t *, const struct mft *);
void mft_free(struct mft *);
-struct mft *mft_parse(X509 **, const char *, int);
+struct mft *mft_parse(X509 **, const char *);
int mft_check(const char *, struct mft *);
struct mft *mft_read(int);
diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index 31f2cb27c45..2ee43cf0bb3 100644
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.71 2020/06/24 14:39:21 claudio Exp $ */
+/* $OpenBSD: main.c,v 1.72 2020/06/30 12:52:44 job Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -148,7 +148,7 @@ struct filepath_tree fpt = RB_INITIALIZER(&fpt);
/*
* Mark that our subprocesses will never return.
*/
-static void proc_parser(int, int) __attribute__((noreturn));
+static void proc_parser(int) __attribute__((noreturn));
static void proc_rsync(char *, char *, int, int)
__attribute__((noreturn));
static void build_chain(const struct auth *, STACK_OF(X509) **);
@@ -892,8 +892,8 @@ proc_parser_roa(struct entity *entp,
* Return the mft on success or NULL on failure.
*/
static struct mft *
-proc_parser_mft(struct entity *entp, int force, X509_STORE *store,
- X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt)
+proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx,
+ struct auth_tree *auths, struct crl_tree *crlt)
{
struct mft *mft;
X509 *x509;
@@ -902,7 +902,7 @@ proc_parser_mft(struct entity *entp, int force, X509_STORE *store,
STACK_OF(X509) *chain;
assert(!entp->has_dgst);
- if ((mft = mft_parse(&x509, entp->uri, force)) == NULL)
+ if ((mft = mft_parse(&x509, entp->uri)) == NULL)
return NULL;
a = valid_ski_aki(entp->uri, auths, mft->ski, mft->aki);
@@ -1127,7 +1127,7 @@ build_crls(const struct auth *a, struct crl_tree *crlt,
* The process will exit cleanly only when fd is closed.
*/
static void
-proc_parser(int fd, int force)
+proc_parser(int fd)
{
struct tal *tal;
struct cert *cert;
@@ -1249,8 +1249,7 @@ proc_parser(int fd, int force)
*/
break;
case RTYPE_MFT:
- mft = proc_parser_mft(entp, force,
- store, ctx, &auths, &crlt);
+ mft = proc_parser_mft(entp, store, ctx, &auths, &crlt);
c = (mft != NULL);
io_simple_buffer(&b, &bsz, &bmax, &c, sizeof(int));
if (mft != NULL)
@@ -1500,8 +1499,7 @@ int
main(int argc, char *argv[])
{
int rc = 1, c, proc, st, rsync,
- fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0,
- force = 0;
+ fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0;
size_t i, j, eid = 1, outsz = 0, talsz = 0;
pid_t procpid, rsyncpid;
int fd[2];
@@ -1539,7 +1537,7 @@ main(int argc, char *argv[])
if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == -1)
err(1, "pledge");
- while ((c = getopt(argc, argv, "b:Bcd:e:fjnot:T:v")) != -1)
+ while ((c = getopt(argc, argv, "b:Bcd:e:jnot:T:v")) != -1)
switch (c) {
case 'b':
bind_addr = optarg;
@@ -1556,9 +1554,6 @@ main(int argc, char *argv[])
case 'e':
rsync_prog = optarg;
break;
- case 'f':
- force = 1;
- break;
case 'j':
outformats |= FORMAT_JSON;
break;
@@ -1634,7 +1629,7 @@ main(int argc, char *argv[])
err(1, "%s: unveil", cachedir);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
- proc_parser(fd[0], force);
+ proc_parser(fd[0]);
/* NOTREACHED */
}
@@ -1826,7 +1821,7 @@ main(int argc, char *argv[])
usage:
fprintf(stderr,
- "usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]"
+ "usage: rpki-client [-Bcjnov] [-b sourceaddr] [-d cachedir]"
" [-e rsync_prog]\n"
" [-T table] [-t tal] [outputdir]\n");
return 1;
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index ed96de7050f..fb5163dbd25 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mft.c,v 1.14 2020/04/11 15:53:44 deraadt Exp $ */
+/* $OpenBSD: mft.c,v 1.15 2020/06/30 12:52:44 job Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -61,7 +61,7 @@ gentime2str(const ASN1_GENERALIZEDTIME *time)
*/
static time_t
check_validity(const ASN1_GENERALIZEDTIME *from,
- const ASN1_GENERALIZEDTIME *until, const char *fn, int force)
+ const ASN1_GENERALIZEDTIME *until, const char *fn)
{
time_t now = time(NULL);
@@ -82,10 +82,8 @@ check_validity(const ASN1_GENERALIZEDTIME *from,
}
/* check that now is not after until */
if (X509_cmp_time(until, &now) < 0) {
- warnx("%s: mft expired on %s%s", fn, gentime2str(until),
- force ? " (ignoring)" : "");
- if (!force)
- return 0;
+ warnx("%s: mft expired on %s", fn, gentime2str(until));
+ return 0;
}
return 1;
@@ -237,7 +235,7 @@ out:
* Returns <0 on failure, 0 on stale, >0 on success.
*/
static int
-mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int force)
+mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
ASN1_SEQUENCE_ANY *seq;
const ASN1_TYPE *t;
@@ -311,7 +309,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int forc
}
until = t->value.generalizedtime;
- validity = check_validity(from, until, p->fn, force);
+ validity = check_validity(from, until, p->fn);
if (validity != 1)
goto out;
@@ -356,7 +354,7 @@ out:
* The MFT content is otherwise returned.
*/
struct mft *
-mft_parse(X509 **x509, const char *fn, int force)
+mft_parse(X509 **x509, const char *fn)
{
struct parse p;
int c, rc = 0;
@@ -384,7 +382,7 @@ mft_parse(X509 **x509, const char *fn, int force)
* references as well as marking it as stale.
*/
- if ((c = mft_parse_econtent(cms, cmsz, &p, force)) == 0) {
+ if ((c = mft_parse_econtent(cms, cmsz, &p)) == 0) {
/*
* FIXME: it should suffice to just mark this as stale
* and have the logic around mft_read() simply ignore
diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index 01ce8ced75f..221f0919b29 100644
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: rpki-client.8,v 1.27 2020/05/14 07:12:16 claudio Exp $
+.\" $OpenBSD: rpki-client.8,v 1.28 2020/06/30 12:52:44 job Exp $
.\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: May 14 2020 $
+.Dd $Mdocdate: June 30 2020 $
.Dt RPKI-CLIENT 8
.Os
.Sh NAME
@@ -22,7 +22,7 @@
.Nd RPKI validator to support BGP Origin Validation
.Sh SYNOPSIS
.Nm
-.Op Fl Bcfjnov
+.Op Fl Bcjnov
.Op Fl b Ar sourceaddr
.Op Fl d Ar cachedir
.Op Fl e Ar rsync_prog
@@ -81,9 +81,6 @@ It must accept the
and
.Fl -delete
flags and connect with rsync-protocol locations.
-.It Fl f
-Accept out-of-date manifests.
-This will still report if a manifest has expired.
.It Fl j
Create output in the file
.Pa json