[PATCH] usr.sbin/rpki-client: remove -f (force) option

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] usr.sbin/rpki-client: remove -f (force) option

Job Snijders-3
Remove rpki-client's -f command line option

I haven't come across a use case that requires tricking the software
into accepting out-of-date manifests. Anyone using -f? I think this is a
leftover from the initial debugging era.

OK?

Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.30
diff -u -p -r1.30 extern.h
--- extern.h 24 Jun 2020 14:39:21 -0000 1.30
+++ extern.h 30 Jun 2020 10:21:04 -0000
@@ -289,7 +289,7 @@ struct cert *cert_read(int);
 
 void mft_buffer(char **, size_t *, size_t *, const struct mft *);
 void mft_free(struct mft *);
-struct mft *mft_parse(X509 **, const char *, int);
+struct mft *mft_parse(X509 **, const char *);
 int mft_check(const char *, struct mft *);
 struct mft *mft_read(int);
 
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.71
diff -u -p -r1.71 main.c
--- main.c 24 Jun 2020 14:39:21 -0000 1.71
+++ main.c 30 Jun 2020 10:21:05 -0000
@@ -148,7 +148,7 @@ struct filepath_tree  fpt = RB_INITIALIZ
 /*
  * Mark that our subprocesses will never return.
  */
-static void proc_parser(int, int) __attribute__((noreturn));
+static void proc_parser(int) __attribute__((noreturn));
 static void proc_rsync(char *, char *, int, int)
     __attribute__((noreturn));
 static void build_chain(const struct auth *, STACK_OF(X509) **);
@@ -892,8 +892,8 @@ proc_parser_roa(struct entity *entp,
  * Return the mft on success or NULL on failure.
  */
 static struct mft *
-proc_parser_mft(struct entity *entp, int force, X509_STORE *store,
-    X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt)
+proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx,
+ struct auth_tree *auths, struct crl_tree *crlt)
 {
  struct mft *mft;
  X509 *x509;
@@ -902,7 +902,7 @@ proc_parser_mft(struct entity *entp, int
  STACK_OF(X509) *chain;
 
  assert(!entp->has_dgst);
- if ((mft = mft_parse(&x509, entp->uri, force)) == NULL)
+ if ((mft = mft_parse(&x509, entp->uri)) == NULL)
  return NULL;
 
  a = valid_ski_aki(entp->uri, auths, mft->ski, mft->aki);
@@ -1127,7 +1127,7 @@ build_crls(const struct auth *a, struct
  * The process will exit cleanly only when fd is closed.
  */
 static void
-proc_parser(int fd, int force)
+proc_parser(int fd)
 {
  struct tal *tal;
  struct cert *cert;
@@ -1249,8 +1249,7 @@ proc_parser(int fd, int force)
  */
  break;
  case RTYPE_MFT:
- mft = proc_parser_mft(entp, force,
-    store, ctx, &auths, &crlt);
+ mft = proc_parser_mft(entp, store, ctx, &auths, &crlt);
  c = (mft != NULL);
  io_simple_buffer(&b, &bsz, &bmax, &c, sizeof(int));
  if (mft != NULL)
@@ -1500,8 +1499,7 @@ int
 main(int argc, char *argv[])
 {
  int rc = 1, c, proc, st, rsync,
- fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0,
- force = 0;
+ fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0;
  size_t i, j, eid = 1, outsz = 0, talsz = 0;
  pid_t procpid, rsyncpid;
  int fd[2];
@@ -1539,7 +1537,7 @@ main(int argc, char *argv[])
  if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == -1)
  err(1, "pledge");
 
- while ((c = getopt(argc, argv, "b:Bcd:e:fjnot:T:v")) != -1)
+ while ((c = getopt(argc, argv, "b:Bcd:e:jnot:T:v")) != -1)
  switch (c) {
  case 'b':
  bind_addr = optarg;
@@ -1556,9 +1554,6 @@ main(int argc, char *argv[])
  case 'e':
  rsync_prog = optarg;
  break;
- case 'f':
- force = 1;
- break;
  case 'j':
  outformats |= FORMAT_JSON;
  break;
@@ -1634,7 +1629,7 @@ main(int argc, char *argv[])
  err(1, "%s: unveil", cachedir);
  if (pledge("stdio rpath", NULL) == -1)
  err(1, "pledge");
- proc_parser(fd[0], force);
+ proc_parser(fd[0]);
  /* NOTREACHED */
  }
 
@@ -1826,7 +1821,7 @@ main(int argc, char *argv[])
 
 usage:
  fprintf(stderr,
-    "usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]"
+    "usage: rpki-client [-Bcjnov] [-b sourceaddr] [-d cachedir]"
     " [-e rsync_prog]\n"
     "                   [-T table] [-t tal] [outputdir]\n");
  return 1;
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.14
diff -u -p -r1.14 mft.c
--- mft.c 11 Apr 2020 15:53:44 -0000 1.14
+++ mft.c 30 Jun 2020 10:21:05 -0000
@@ -61,7 +61,7 @@ gentime2str(const ASN1_GENERALIZEDTIME *
  */
 static time_t
 check_validity(const ASN1_GENERALIZEDTIME *from,
-    const ASN1_GENERALIZEDTIME *until, const char *fn, int force)
+    const ASN1_GENERALIZEDTIME *until, const char *fn)
 {
  time_t now = time(NULL);
 
@@ -82,10 +82,8 @@ check_validity(const ASN1_GENERALIZEDTIM
  }
  /* check that now is not after until */
  if (X509_cmp_time(until, &now) < 0) {
- warnx("%s: mft expired on %s%s", fn, gentime2str(until),
-    force ? " (ignoring)" : "");
- if (!force)
- return 0;
+ warnx("%s: mft expired on %s", fn, gentime2str(until));
+ return 0;
  }
 
  return 1;
@@ -237,7 +235,7 @@ out:
  * Returns <0 on failure, 0 on stale, >0 on success.
  */
 static int
-mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int force)
+mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
 {
  ASN1_SEQUENCE_ANY *seq;
  const ASN1_TYPE *t;
@@ -311,7 +309,7 @@ mft_parse_econtent(const unsigned char *
  }
  until = t->value.generalizedtime;
 
- validity = check_validity(from, until, p->fn, force);
+ validity = check_validity(from, until, p->fn);
  if (validity != 1)
  goto out;
 
@@ -356,7 +354,7 @@ out:
  * The MFT content is otherwise returned.
  */
 struct mft *
-mft_parse(X509 **x509, const char *fn, int force)
+mft_parse(X509 **x509, const char *fn)
 {
  struct parse p;
  int c, rc = 0;
@@ -384,7 +382,7 @@ mft_parse(X509 **x509, const char *fn, i
  * references as well as marking it as stale.
  */
 
- if ((c = mft_parse_econtent(cms, cmsz, &p, force)) == 0) {
+ if ((c = mft_parse_econtent(cms, cmsz, &p)) == 0) {
  /*
  * FIXME: it should suffice to just mark this as stale
  * and have the logic around mft_read() simply ignore
Index: rpki-client.8
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
retrieving revision 1.27
diff -u -p -r1.27 rpki-client.8
--- rpki-client.8 14 May 2020 07:12:16 -0000 1.27
+++ rpki-client.8 30 Jun 2020 10:21:05 -0000
@@ -81,9 +81,6 @@ It must accept the
 and
 .Fl -delete
 flags and connect with rsync-protocol locations.
-.It Fl f
-Accept out-of-date manifests.
-This will still report if a manifest has expired.
 .It Fl j
 Create output in the file
 .Pa json

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] usr.sbin/rpki-client: remove -f (force) option

Claudio Jeker
On Tue, Jun 30, 2020 at 10:33:21AM +0000, Job Snijders wrote:
> Remove rpki-client's -f command line option
>
> I haven't come across a use case that requires tricking the software
> into accepting out-of-date manifests. Anyone using -f? I think this is a
> leftover from the initial debugging era.
>
> OK?

Agreed. I think the last time I used this was in Elk Lakes during
development. I would not encurage anyone to use -f in production.
OK claudio@

 

> Index: extern.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
> retrieving revision 1.30
> diff -u -p -r1.30 extern.h
> --- extern.h 24 Jun 2020 14:39:21 -0000 1.30
> +++ extern.h 30 Jun 2020 10:21:04 -0000
> @@ -289,7 +289,7 @@ struct cert *cert_read(int);
>  
>  void mft_buffer(char **, size_t *, size_t *, const struct mft *);
>  void mft_free(struct mft *);
> -struct mft *mft_parse(X509 **, const char *, int);
> +struct mft *mft_parse(X509 **, const char *);
>  int mft_check(const char *, struct mft *);
>  struct mft *mft_read(int);
>  
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> retrieving revision 1.71
> diff -u -p -r1.71 main.c
> --- main.c 24 Jun 2020 14:39:21 -0000 1.71
> +++ main.c 30 Jun 2020 10:21:05 -0000
> @@ -148,7 +148,7 @@ struct filepath_tree  fpt = RB_INITIALIZ
>  /*
>   * Mark that our subprocesses will never return.
>   */
> -static void proc_parser(int, int) __attribute__((noreturn));
> +static void proc_parser(int) __attribute__((noreturn));
>  static void proc_rsync(char *, char *, int, int)
>      __attribute__((noreturn));
>  static void build_chain(const struct auth *, STACK_OF(X509) **);
> @@ -892,8 +892,8 @@ proc_parser_roa(struct entity *entp,
>   * Return the mft on success or NULL on failure.
>   */
>  static struct mft *
> -proc_parser_mft(struct entity *entp, int force, X509_STORE *store,
> -    X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt)
> +proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx,
> + struct auth_tree *auths, struct crl_tree *crlt)
>  {
>   struct mft *mft;
>   X509 *x509;
> @@ -902,7 +902,7 @@ proc_parser_mft(struct entity *entp, int
>   STACK_OF(X509) *chain;
>  
>   assert(!entp->has_dgst);
> - if ((mft = mft_parse(&x509, entp->uri, force)) == NULL)
> + if ((mft = mft_parse(&x509, entp->uri)) == NULL)
>   return NULL;
>  
>   a = valid_ski_aki(entp->uri, auths, mft->ski, mft->aki);
> @@ -1127,7 +1127,7 @@ build_crls(const struct auth *a, struct
>   * The process will exit cleanly only when fd is closed.
>   */
>  static void
> -proc_parser(int fd, int force)
> +proc_parser(int fd)
>  {
>   struct tal *tal;
>   struct cert *cert;
> @@ -1249,8 +1249,7 @@ proc_parser(int fd, int force)
>   */
>   break;
>   case RTYPE_MFT:
> - mft = proc_parser_mft(entp, force,
> -    store, ctx, &auths, &crlt);
> + mft = proc_parser_mft(entp, store, ctx, &auths, &crlt);
>   c = (mft != NULL);
>   io_simple_buffer(&b, &bsz, &bmax, &c, sizeof(int));
>   if (mft != NULL)
> @@ -1500,8 +1499,7 @@ int
>  main(int argc, char *argv[])
>  {
>   int rc = 1, c, proc, st, rsync,
> - fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0,
> - force = 0;
> + fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0;
>   size_t i, j, eid = 1, outsz = 0, talsz = 0;
>   pid_t procpid, rsyncpid;
>   int fd[2];
> @@ -1539,7 +1537,7 @@ main(int argc, char *argv[])
>   if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == -1)
>   err(1, "pledge");
>  
> - while ((c = getopt(argc, argv, "b:Bcd:e:fjnot:T:v")) != -1)
> + while ((c = getopt(argc, argv, "b:Bcd:e:jnot:T:v")) != -1)
>   switch (c) {
>   case 'b':
>   bind_addr = optarg;
> @@ -1556,9 +1554,6 @@ main(int argc, char *argv[])
>   case 'e':
>   rsync_prog = optarg;
>   break;
> - case 'f':
> - force = 1;
> - break;
>   case 'j':
>   outformats |= FORMAT_JSON;
>   break;
> @@ -1634,7 +1629,7 @@ main(int argc, char *argv[])
>   err(1, "%s: unveil", cachedir);
>   if (pledge("stdio rpath", NULL) == -1)
>   err(1, "pledge");
> - proc_parser(fd[0], force);
> + proc_parser(fd[0]);
>   /* NOTREACHED */
>   }
>  
> @@ -1826,7 +1821,7 @@ main(int argc, char *argv[])
>  
>  usage:
>   fprintf(stderr,
> -    "usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]"
> +    "usage: rpki-client [-Bcjnov] [-b sourceaddr] [-d cachedir]"
>      " [-e rsync_prog]\n"
>      "                   [-T table] [-t tal] [outputdir]\n");
>   return 1;
> Index: mft.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
> retrieving revision 1.14
> diff -u -p -r1.14 mft.c
> --- mft.c 11 Apr 2020 15:53:44 -0000 1.14
> +++ mft.c 30 Jun 2020 10:21:05 -0000
> @@ -61,7 +61,7 @@ gentime2str(const ASN1_GENERALIZEDTIME *
>   */
>  static time_t
>  check_validity(const ASN1_GENERALIZEDTIME *from,
> -    const ASN1_GENERALIZEDTIME *until, const char *fn, int force)
> +    const ASN1_GENERALIZEDTIME *until, const char *fn)
>  {
>   time_t now = time(NULL);
>  
> @@ -82,10 +82,8 @@ check_validity(const ASN1_GENERALIZEDTIM
>   }
>   /* check that now is not after until */
>   if (X509_cmp_time(until, &now) < 0) {
> - warnx("%s: mft expired on %s%s", fn, gentime2str(until),
> -    force ? " (ignoring)" : "");
> - if (!force)
> - return 0;
> + warnx("%s: mft expired on %s", fn, gentime2str(until));
> + return 0;
>   }
>  
>   return 1;
> @@ -237,7 +235,7 @@ out:
>   * Returns <0 on failure, 0 on stale, >0 on success.
>   */
>  static int
> -mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int force)
> +mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
>  {
>   ASN1_SEQUENCE_ANY *seq;
>   const ASN1_TYPE *t;
> @@ -311,7 +309,7 @@ mft_parse_econtent(const unsigned char *
>   }
>   until = t->value.generalizedtime;
>  
> - validity = check_validity(from, until, p->fn, force);
> + validity = check_validity(from, until, p->fn);
>   if (validity != 1)
>   goto out;
>  
> @@ -356,7 +354,7 @@ out:
>   * The MFT content is otherwise returned.
>   */
>  struct mft *
> -mft_parse(X509 **x509, const char *fn, int force)
> +mft_parse(X509 **x509, const char *fn)
>  {
>   struct parse p;
>   int c, rc = 0;
> @@ -384,7 +382,7 @@ mft_parse(X509 **x509, const char *fn, i
>   * references as well as marking it as stale.
>   */
>  
> - if ((c = mft_parse_econtent(cms, cmsz, &p, force)) == 0) {
> + if ((c = mft_parse_econtent(cms, cmsz, &p)) == 0) {
>   /*
>   * FIXME: it should suffice to just mark this as stale
>   * and have the logic around mft_read() simply ignore
> Index: rpki-client.8
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
> retrieving revision 1.27
> diff -u -p -r1.27 rpki-client.8
> --- rpki-client.8 14 May 2020 07:12:16 -0000 1.27
> +++ rpki-client.8 30 Jun 2020 10:21:05 -0000
> @@ -81,9 +81,6 @@ It must accept the
>  and
>  .Fl -delete
>  flags and connect with rsync-protocol locations.
> -.It Fl f
> -Accept out-of-date manifests.
> -This will still report if a manifest has expired.
>  .It Fl j
>  Create output in the file
>  .Pa json
>

--
:wq Claudio

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] usr.sbin/rpki-client: remove -f (force) option

Klemens Nanni-2
In reply to this post by Job Snijders-3
OK kn with the manual's synopsis (`man -h rpki-client') updated as well.