summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2022-01-24in the options list, show -f as taking "file ..." arguments;Jason McIntyre
tweak/ok claudio
2022-01-24Redownload existing files with failed checksumsAndrew Fresh
2022-01-23rearrange SYNOPSIS/usage to be a bit clearer;Jason McIntyre
discussed with and ok claudio
2022-01-23Handle EINTR the same way in all poll loops. In all cases restart theClaudio Jeker
poll loop. In the main process move the timeout handling for repositories into a single function that does the timeouts and the calculation of the timeout in one go. OK tb@
2022-01-23On poll() failure we want to skip pollfd related action but the signalClaudio Jeker
delivery checks at the end still need to happen. So that on EINTR bgpd processes reconfigure or mrt files ASAP. Fix for mrt integration tests. Reported by and ok anton@
2022-01-23zap extra blank lineTheo Buehler
2022-01-23Allow rpki-client to display more than one file in -f mode.Claudio Jeker
Change -f to be a mode flag and pass one or multiple files as arguments to rpki-client. Some extra checks need to be done to not load the same certificate or CRL multiple times. Input and OK tb@
2022-01-23Simplify valid_cert() and valid_roa() by passing in struct auth insteadClaudio Jeker
of looking it up again. For this valid_roa() needs to be moved up in proc_parser_roa() also move out the assignment of the TAL id. Not the right thing to alter an object in a validation function. OK tb@
2022-01-22Change valid_filename() ot return an enum rtype and rename it toTheo Buehler
rtype_from_mftfile(). Move both rtype_from functions to mft.c. ok beck claudio
2022-01-22Support multiple -v as promised in the man pageAndrew Fresh
There are now four levels of verbosity: 0. Prints only the summary 1. Prints a line when installing/removing 2. Uses the ftp(1) progress bar 3. Provides more details for debugging With some excellent ksh knowledge provided by kn@
2022-01-21Treat ppoll(2) errors as fatal. OK deraadt@Todd C. Miller
2022-01-21Add function to determine the file type from the file name extensionTheo Buehler
rpki-client uses the same idiom to determine the file type in too many places. Use one function that determines the appropriate RTYPE from the file name. Add that type to struct mftfile and use this new member to simplify queue_add_from_mft*(). input/ok claudio
2022-01-21the wrapped cron line is going to lose peopleTheo de Raadt
2022-01-21"move" part of the OpenBSD::State code into its own (stateless) classMarc Espie
so that it can be reused light-weight by portgen and the likes. (the actual move will happen once the base sets all have the new files)
2022-01-21Avoid out-of-bounds accesses in case the filename is too showrt toTheo Buehler
contain an extension of length four. ok claudio
2022-01-20Make sure that all poll loops properly restart the poll loop on EINTR.Claudio Jeker
Also either fail hard or restart after other errors. In anycase do not look at pollfds after an error. OK benno@
2022-01-20catch poll() returning EINTR.Sebastian Benoit
ok millert@ claudio@
2022-01-20Move the notBefore and notAfter checks from proc_parser_root_cert()Claudio Jeker
to ta_parse(). This fits better there. Also drop extracting and printing the x509 subject of the TAs. The subject is more or less the filename anyway which is already printed. OK tb@
2022-01-20remove unused variable from all copies of _asr_strdname()Christian Weisgerber
... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@
2022-01-20ospf6ctl: fix -Wunused-but-set-variable warningChristian Weisgerber
ok guenther@
2022-01-20eigrpd: fix -Wunused-but-set-variable warningChristian Weisgerber
ok guenther@
2022-01-20dvmrpctl: fix -Wunused-but-set-variable warningChristian Weisgerber
ok guenther@
2022-01-20ospf6d: fix -Wunused-but-set-variable warningsChristian Weisgerber
ospf6d.c: sync a missing bit of (disabled) code with ospfd rde.c: ifdef out some more incomplete code ok denis@ claudio@
2022-01-20Rename mft_check() to proc_parser_mft_check() and make it a static function.Claudio Jeker
2022-01-19Add -f to usage in main routineJob Snijders
OK tb@
2022-01-19Document the -f file inspection functionJob Snijders
2022-01-19Implement a filemode where the passed file from the command line isClaudio Jeker
printed in human readable form and is also verified against the valid cache of rpki-client. To validate the file the chain is explored backwards by looking at the Authority Information Access URI and X509v3 CRL Distribution Point of the cert. Once the trust anchor is found this chain can be verified. Feedback and OK job@ tb@
2022-01-19Hook up the new application layer.Martijn van Duren
OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Add the new application layer. Changes include:Martijn van Duren
- Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output. This commit is stand-alone and gets hooked in with the following commit. "Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Implement snmpe_send to allow to allow the new application layer to sendMartijn van Duren
messages through the current transport mapping code. OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Make sure that we ASN1 verify the varbindlist as soon as we unpack it.Martijn van Duren
OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Add definitions for SNMP-TARGET-MIB. These are needed for the newMartijn van Duren
application layer. OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Move some smi.c functions to their own header.Martijn van Duren
These are needed for a new application layer, where a lot of the snmpd.h stuff just clutter. OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Move some snmpe.c functions to their own header.Martijn van Duren
These functions are needed from the new application layer and don't really belong in snmpd.h. OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19Move log.c functions to their own header.Martijn van Duren
This is needed for a new application layer where, where a lot of the snmpd.h stuff just clutter. Requested by benno@ OK jmatthew@ tested as part of larger diff by sthen@ and Joel Carnat
2022-01-19rpki-client: don't leak nfile if no repo is found.Theo Buehler
ok claudio
2022-01-18Pass the X509_V_FLAG_CRL_CHECK flag as argument to valid_x509().Claudio Jeker
For mfts this flag is cleared since the CRL is referenced by the MFT itself. Also remove some if (crl != NULL) checks since they are not needed. The functions protected by it are all handling NULL as an input. OK job@ tb@
2022-01-18Use X509_get0_pubkey() for opk and remove the EVP_PKEY_free(opk).Claudio Jeker
Suggested by and OK tb@
2022-01-18Change cert_parse() and ta_parse() to no longer take a x509 handle asClaudio Jeker
argument. The x509 cert is also inside struct cert and easy to access. Also switch auth_insert() to a void function since it can't fail. OK tb@
2022-01-18More fixing. Previous revert was incomplete.Claudio Jeker
2022-01-18Revert all the files that should have not been committed in last commit.Claudio Jeker
2022-01-18Kill extra newlineClaudio Jeker
2022-01-18Fix function name in warn message.Theo Buehler
2022-01-18Unify the various X509_verify_cert() calls and the boiler plate code aroundClaudio Jeker
it into its own function valid_x509(). Simplifies the code substantially. This may report a few more errors for .roa and .gbr files but IMO that special case was a left-over from long time ago. OK tb@
2022-01-18Cleanup the scattered OBJ_txt2obj() calls and move them intoClaudio Jeker
x509_init_oid() to initalize all necessary OID objects at start. OK tb@
2022-01-17rad: fix -Wunused-but-set-variable warningChristian Weisgerber
ok florian@
2022-01-16dhcpd: fix -Wunused-but-set-variable warningChristian Weisgerber
ok krw@
2022-01-15vmd: Remove a warning about non-32KHz timebasesMike Larkin
Remove a warning that has outlived its usefulness. From Brian Conway, thanks.
2022-01-14Introduce a validated cache which holds all the files that haveClaudio Jeker
successfully been verified by rpki-client. With this the rsync and rrdp directories are more of a temporary storage location. New files are downloaded there and then moved to the valid directory at the end. In -n mode only the valid directory is looked at with the exception of the ta directory holding the trust anchors. A file can now be in two different locations so adjust all the code paths that open files to check both locations. One nice side-effect of this is that the RRDP handling in the main process got simplified. There is no longer the need for temporary RRDP directories. OK tb@
2022-01-14Fix acme-client build with opaque RSATheo Buehler