Allow rsync:// URI as file in -f mode. This makes it easier to explore

rpki repositories by following AIA and manifest URIs.
Also stop checking the the loaded file is not part of the auth tree,
it is possible that this file was loaded before as a dependency.
OK tb@

diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index 7259662..90cb3ab 100644 (file)
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.185 2022/01/24 17:29:37 claudio Exp $ */
+/*     $OpenBSD: main.c,v 1.186 2022/01/26 14:42:39 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -387,13 +387,15 @@ queue_add_from_mft_set(const struct mft *mft, const char *name, struct repo *rp)
 static void
 queue_add_file(const char *file, enum rtype type, int talid)
 {
-       unsigned char   *buf;
+       unsigned char   *buf = NULL;
        char            *nfile;
-       size_t           len;
+       size_t           len = 0;
 
-       buf = load_file(file, &len);
-       if (buf == NULL)
-               err(1, "%s", file);
+       if (!filemode || strncmp(file, "rsync://", strlen("rsync://")) != 0) {
+               buf = load_file(file, &len);
+               if (buf == NULL)
+                       err(1, "%s", file);
+       }
 
        if ((nfile = strdup(file)) == NULL)
                err(1, NULL);

diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 25d71ba..fe3ffa2 100644 (file)
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parser.c,v 1.55 2022/01/26 13:57:56 claudio Exp $ */
+/*     $OpenBSD: parser.c,v 1.56 2022/01/26 14:42:39 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -901,11 +901,21 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
        struct gbr *gbr = NULL;
        struct tal *tal = NULL;
        enum rtype type;
-       char *aia = NULL, *aki = NULL, *ski = NULL;
+       char *aia = NULL, *aki = NULL;
        unsigned long verify_flags = X509_V_FLAG_CRL_CHECK;
 
        if (num++ > 0)
                printf("--\n");
+
+       if (strncmp(file, "rsync://", strlen("rsync://")) == 0) {
+               file += strlen("rsync://");
+               buf = load_file(file, &len);
+               if (buf == NULL) {
+                       warn("parse file %s", file);
+                       return;
+               }
+       }
+
        printf("File: %s\n", file);
 
        type = rtype_from_file_extension(file);
@@ -918,7 +928,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                cert_print(cert);
                aia = cert->aia;
                aki = cert->aki;
-               ski = cert->ski;
                x509 = cert->x509;
                if (X509_up_ref(x509) == 0)
                        errx(1, "%s: X509_up_ref failed", __func__);
@@ -930,7 +939,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                mft_print(mft);
                aia = mft->aia;
                aki = mft->aki;
-               ski = mft->ski;
                verify_flags = 0;
                break;
        case RTYPE_ROA:
@@ -940,7 +948,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                roa_print(roa);
                aia = roa->aia;
                aki = roa->aki;
-               ski = roa->ski;
                break;
        case RTYPE_GBR:
                gbr = gbr_parse(&x509, file, buf, len);
@@ -949,7 +956,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                gbr_print(gbr);
                aia = gbr->aia;
                aki = gbr->aki;
-               ski = gbr->ski;
                break;
        case RTYPE_TAL:
                tal = tal_parse(file, buf, len);
@@ -972,7 +978,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                parse_load_crl(c);
                free(c);
                parse_load_certchain(aia);
-               a = valid_ski_aki(file, &auths, ski, aki);
+               a = auth_find(&auths, aki);
                crl = get_crl(a);
 
                if (valid_x509(file, x509, a, crl, verify_flags))

diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index d836368..88cb5fe 100644 (file)
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: rpki-client.8,v 1.55 2022/01/24 06:54:15 jmc Exp $
+.\"    $OpenBSD: rpki-client.8,v 1.56 2022/01/26 14:42:39 claudio Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 24 2022 $
+.Dd $Mdocdate: January 26 2022 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -106,6 +106,9 @@ in
 against the RPKI cache stored in
 .Ar cachedir
 and print human-readable information about the object.
+If
+.Ar file
+is an rsync:// URI the corresponding file from the cache will be used.
 This option implies
 .Fl n .
 .It Fl j