From: claudio <claudio@openbsd.org>
Date: Wed, 26 Jan 2022 14:42:39 +0000 (+0000)
Subject: Allow rsync:// URI as file in -f mode. This makes it easier to explore
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ff683e69af4af55d97f164c0f9f173e6c39b6da6;p=openbsd

Allow  URI as file in -f mode. This makes it easier to explore
rpki repositories by following AIA and manifest URIs.
Also stop checking the the loaded file is not part of the auth tree,
it is possible that this file was loaded before as a dependency.
OK tb@
---

diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index 7259662da27..90cb3abeef0 100644
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.185 2022/01/24 17:29:37 claudio Exp $ */
+/*	$OpenBSD: main.c,v 1.186 2022/01/26 14:42:39 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -387,13 +387,15 @@ queue_add_from_mft_set(const struct mft *mft, const char *name, struct repo *rp)
 static void
 queue_add_file(const char *file, enum rtype type, int talid)
 {
-	unsigned char	*buf;
+	unsigned char	*buf = NULL;
 	char		*nfile;
-	size_t		 len;
+	size_t		 len = 0;
 
-	buf = load_file(file, &len);
-	if (buf == NULL)
-		err(1, "%s", file);
+	if (!filemode || strncmp(file, "rsync://", strlen("rsync://")) != 0) {
+		buf = load_file(file, &len);
+		if (buf == NULL)
+			err(1, "%s", file);
+	}
 
 	if ((nfile = strdup(file)) == NULL)
 		err(1, NULL);
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 25d71bad862..fe3ffa275cf 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.55 2022/01/26 13:57:56 claudio Exp $ */
+/*	$OpenBSD: parser.c,v 1.56 2022/01/26 14:42:39 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -901,11 +901,21 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 	struct gbr *gbr = NULL;
 	struct tal *tal = NULL;
 	enum rtype type;
-	char *aia = NULL, *aki = NULL, *ski = NULL;
+	char *aia = NULL, *aki = NULL;
 	unsigned long verify_flags = X509_V_FLAG_CRL_CHECK;
 
 	if (num++ > 0)
 		printf("--\n");
+
+	if (strncmp(file, "rsync://", strlen("rsync://")) == 0) {
+		file += strlen("rsync://");
+		buf = load_file(file, &len);
+		if (buf == NULL) {
+			warn("parse file %s", file);
+			return;
+		}
+	}
+
 	printf("File: %s\n", file);
 
 	type = rtype_from_file_extension(file);
@@ -918,7 +928,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		cert_print(cert);
 		aia = cert->aia;
 		aki = cert->aki;
-		ski = cert->ski;
 		x509 = cert->x509;
 		if (X509_up_ref(x509) == 0)
 			errx(1, "%s: X509_up_ref failed", __func__);
@@ -930,7 +939,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		mft_print(mft);
 		aia = mft->aia;
 		aki = mft->aki;
-		ski = mft->ski;
 		verify_flags = 0;
 		break;
 	case RTYPE_ROA:
@@ -940,7 +948,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		roa_print(roa);
 		aia = roa->aia;
 		aki = roa->aki;
-		ski = roa->ski;
 		break;
 	case RTYPE_GBR:
 		gbr = gbr_parse(&x509, file, buf, len);
@@ -949,7 +956,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		gbr_print(gbr);
 		aia = gbr->aia;
 		aki = gbr->aki;
-		ski = gbr->ski;
 		break;
 	case RTYPE_TAL:
 		tal = tal_parse(file, buf, len);
@@ -972,7 +978,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
 		parse_load_crl(c);
 		free(c);
 		parse_load_certchain(aia);
-		a = valid_ski_aki(file, &auths, ski, aki);
+		a = auth_find(&auths, aki);
 		crl = get_crl(a);
 
 		if (valid_x509(file, x509, a, crl, verify_flags))
diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index d8363686d10..88cb5fe9b43 100644
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rpki-client.8,v 1.55 2022/01/24 06:54:15 jmc Exp $
+.\"	$OpenBSD: rpki-client.8,v 1.56 2022/01/26 14:42:39 claudio Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 24 2022 $
+.Dd $Mdocdate: January 26 2022 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -106,6 +106,9 @@ in
 against the RPKI cache stored in
 .Ar cachedir
 and print human-readable information about the object.
+If
+.Ar file
+is an rsync:// URI the corresponding file from the cache will be used.
 This option implies
 .Fl n .
 .It Fl j