diff options
author | job <job@cvs.openbsd.org> | 2020-06-30 12:52:45 +0000 |
---|---|---|
committer | job <job@cvs.openbsd.org> | 2020-06-30 12:52:45 +0000 |
commit | 4c713ee6e569300a1f30266a416c816035fb080a (patch) | |
tree | b78671233491551957fa0389ce93a9884243662b /usr.sbin | |
parent | 8264b48264e0e2d4b61588bef27ca5419a42d6c6 (diff) |
Remove -f (force) option.
The -f option existed for some initial debugging work.
Thanks Weerd for review
OK claudio@
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rpki-client/extern.h | 4 | ||||
-rw-r--r-- | usr.sbin/rpki-client/main.c | 27 | ||||
-rw-r--r-- | usr.sbin/rpki-client/mft.c | 18 | ||||
-rw-r--r-- | usr.sbin/rpki-client/rpki-client.8 | 9 |
4 files changed, 24 insertions, 34 deletions
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 3b0b81ae7c1..491b4d4bcde 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.30 2020/06/24 14:39:21 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.31 2020/06/30 12:52:44 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -289,7 +289,7 @@ struct cert *cert_read(int); void mft_buffer(char **, size_t *, size_t *, const struct mft *); void mft_free(struct mft *); -struct mft *mft_parse(X509 **, const char *, int); +struct mft *mft_parse(X509 **, const char *); int mft_check(const char *, struct mft *); struct mft *mft_read(int); diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 31f2cb27c45..2ee43cf0bb3 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.71 2020/06/24 14:39:21 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.72 2020/06/30 12:52:44 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -148,7 +148,7 @@ struct filepath_tree fpt = RB_INITIALIZER(&fpt); /* * Mark that our subprocesses will never return. */ -static void proc_parser(int, int) __attribute__((noreturn)); +static void proc_parser(int) __attribute__((noreturn)); static void proc_rsync(char *, char *, int, int) __attribute__((noreturn)); static void build_chain(const struct auth *, STACK_OF(X509) **); @@ -892,8 +892,8 @@ proc_parser_roa(struct entity *entp, * Return the mft on success or NULL on failure. */ static struct mft * -proc_parser_mft(struct entity *entp, int force, X509_STORE *store, - X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt) +proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx, + struct auth_tree *auths, struct crl_tree *crlt) { struct mft *mft; X509 *x509; @@ -902,7 +902,7 @@ proc_parser_mft(struct entity *entp, int force, X509_STORE *store, STACK_OF(X509) *chain; assert(!entp->has_dgst); - if ((mft = mft_parse(&x509, entp->uri, force)) == NULL) + if ((mft = mft_parse(&x509, entp->uri)) == NULL) return NULL; a = valid_ski_aki(entp->uri, auths, mft->ski, mft->aki); @@ -1127,7 +1127,7 @@ build_crls(const struct auth *a, struct crl_tree *crlt, * The process will exit cleanly only when fd is closed. */ static void -proc_parser(int fd, int force) +proc_parser(int fd) { struct tal *tal; struct cert *cert; @@ -1249,8 +1249,7 @@ proc_parser(int fd, int force) */ break; case RTYPE_MFT: - mft = proc_parser_mft(entp, force, - store, ctx, &auths, &crlt); + mft = proc_parser_mft(entp, store, ctx, &auths, &crlt); c = (mft != NULL); io_simple_buffer(&b, &bsz, &bmax, &c, sizeof(int)); if (mft != NULL) @@ -1500,8 +1499,7 @@ int main(int argc, char *argv[]) { int rc = 1, c, proc, st, rsync, - fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0, - force = 0; + fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0; size_t i, j, eid = 1, outsz = 0, talsz = 0; pid_t procpid, rsyncpid; int fd[2]; @@ -1539,7 +1537,7 @@ main(int argc, char *argv[]) if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "b:Bcd:e:fjnot:T:v")) != -1) + while ((c = getopt(argc, argv, "b:Bcd:e:jnot:T:v")) != -1) switch (c) { case 'b': bind_addr = optarg; @@ -1556,9 +1554,6 @@ main(int argc, char *argv[]) case 'e': rsync_prog = optarg; break; - case 'f': - force = 1; - break; case 'j': outformats |= FORMAT_JSON; break; @@ -1634,7 +1629,7 @@ main(int argc, char *argv[]) err(1, "%s: unveil", cachedir); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); - proc_parser(fd[0], force); + proc_parser(fd[0]); /* NOTREACHED */ } @@ -1826,7 +1821,7 @@ main(int argc, char *argv[]) usage: fprintf(stderr, - "usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]" + "usage: rpki-client [-Bcjnov] [-b sourceaddr] [-d cachedir]" " [-e rsync_prog]\n" " [-T table] [-t tal] [outputdir]\n"); return 1; diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index ed96de7050f..fb5163dbd25 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.14 2020/04/11 15:53:44 deraadt Exp $ */ +/* $OpenBSD: mft.c,v 1.15 2020/06/30 12:52:44 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -61,7 +61,7 @@ gentime2str(const ASN1_GENERALIZEDTIME *time) */ static time_t check_validity(const ASN1_GENERALIZEDTIME *from, - const ASN1_GENERALIZEDTIME *until, const char *fn, int force) + const ASN1_GENERALIZEDTIME *until, const char *fn) { time_t now = time(NULL); @@ -82,10 +82,8 @@ check_validity(const ASN1_GENERALIZEDTIME *from, } /* check that now is not after until */ if (X509_cmp_time(until, &now) < 0) { - warnx("%s: mft expired on %s%s", fn, gentime2str(until), - force ? " (ignoring)" : ""); - if (!force) - return 0; + warnx("%s: mft expired on %s", fn, gentime2str(until)); + return 0; } return 1; @@ -237,7 +235,7 @@ out: * Returns <0 on failure, 0 on stale, >0 on success. */ static int -mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int force) +mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { ASN1_SEQUENCE_ANY *seq; const ASN1_TYPE *t; @@ -311,7 +309,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int forc } until = t->value.generalizedtime; - validity = check_validity(from, until, p->fn, force); + validity = check_validity(from, until, p->fn); if (validity != 1) goto out; @@ -356,7 +354,7 @@ out: * The MFT content is otherwise returned. */ struct mft * -mft_parse(X509 **x509, const char *fn, int force) +mft_parse(X509 **x509, const char *fn) { struct parse p; int c, rc = 0; @@ -384,7 +382,7 @@ mft_parse(X509 **x509, const char *fn, int force) * references as well as marking it as stale. */ - if ((c = mft_parse_econtent(cms, cmsz, &p, force)) == 0) { + if ((c = mft_parse_econtent(cms, cmsz, &p)) == 0) { /* * FIXME: it should suffice to just mark this as stale * and have the logic around mft_read() simply ignore diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 01ce8ced75f..221f0919b29 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.27 2020/05/14 07:12:16 claudio Exp $ +.\" $OpenBSD: rpki-client.8,v 1.28 2020/06/30 12:52:44 job Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 14 2020 $ +.Dd $Mdocdate: June 30 2020 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -22,7 +22,7 @@ .Nd RPKI validator to support BGP Origin Validation .Sh SYNOPSIS .Nm -.Op Fl Bcfjnov +.Op Fl Bcjnov .Op Fl b Ar sourceaddr .Op Fl d Ar cachedir .Op Fl e Ar rsync_prog @@ -81,9 +81,6 @@ It must accept the and .Fl -delete flags and connect with rsync-protocol locations. -.It Fl f -Accept out-of-date manifests. -This will still report if a manifest has expired. .It Fl j Create output in the file .Pa json |