The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=7ad8cbab66f4db25be75e7a91c025a50bcab5dc2
commit 7ad8cbab66f4db25be75e7a91c025a50bcab5dc2 Author: Dag-Erling Smørgrav <[email protected]> AuthorDate: 2025-12-10 14:40:28 +0000 Commit: Dag-Erling Smørgrav <[email protected]> CommitDate: 2025-12-10 14:40:28 +0000 certctl: Improve option processing For subcommands that did not take any arguments, we never bothered to check that none were passed. Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D54082 --- usr.sbin/certctl/certctl.sh | 93 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 72 insertions(+), 21 deletions(-) diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index 696bc4d6a176..bdca2d94ca8d 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -46,7 +46,7 @@ VERBOSE=false info() { - echo "${0##*/}: $@" >&2 + echo "${SCRIPTNAME}: $@" >&2 } verbose() @@ -228,6 +228,15 @@ do_list() cmd_rehash() { + local flag + + while getopts "" flag; do + case "$flag" in + *) usage ;; + esac + done + shift $((OPTIND - 1)) + [ $# -eq 0 ] || usage if [ -e "$CERTDESTDIR" ] ; then perform find "$CERTDESTDIR" \( -type f -or -type l \) -delete @@ -246,31 +255,59 @@ cmd_rehash() cmd_list() { + local flag + + while getopts "" flag; do + case "$flag" in + *) usage ;; + esac + done + shift $((OPTIND - 1)) + [ $# -eq 0 ] || usage + info "Listing Trusted Certificates:" do_list "$CERTDESTDIR" } cmd_untrust() { - local UTFILE + local flag filename + + while getopts "" flag; do + case "$flag" in + *) usage ;; + esac + done + shift $((OPTIND - 1)) + [ $# -gt 0 ] || usage - shift # verb perform install -d -m 0755 "$UNTRUSTDESTDIR" - for UTFILE in "$@"; do - info "Adding $UTFILE to untrusted list" - create_untrusted "$UTFILE" + for filename in "$@"; do + if [ -s "$filename" ] ; then + info "Adding $filename to untrusted list" + create_untrusted "$filename" + else + info "Cannot find $filename" + ERRORS=$((ERRORS + 1)) + fi done } cmd_trust() { - local UTFILE untrustedhash certhash hash + local flag filename untrustedhash certhash hash - shift # verb - for UTFILE in "$@"; do - if [ -s "$UTFILE" ] ; then - hash=$(do_hash "$UTFILE") - certhash=$(openssl x509 -sha1 -in "$UTFILE" -noout -fingerprint) + while getopts "" flag; do + case "$flag" in + *) usage ;; + esac + done + shift $((OPTIND - 1)) + [ $# -gt 0 ] || usage + for filename in "$@"; do + if [ -s "$filename" ] ; then + hash=$(do_hash "$filename") + certhash=$(openssl x509 -sha1 -in "$filename" -noout -fingerprint) for UNTRUSTEDFILE in $(find $UNTRUSTDESTDIR -name "$hash.*") ; do untrustedhash=$(openssl x509 -sha1 -in "$UNTRUSTEDFILE" -noout -fingerprint) if [ "$certhash" = "$untrustedhash" ] ; then @@ -278,11 +315,11 @@ cmd_trust() perform rm -f $UNTRUSTEDFILE fi done - elif [ -e "$UNTRUSTDESTDIR/$UTFILE" ] ; then - info "Removing $UTFILE from untrusted list" - perform rm -f "$UNTRUSTDESTDIR/$UTFILE" + elif [ -e "$UNTRUSTDESTDIR/$filename" ] ; then + info "Removing $filename from untrusted list" + perform rm -f "$UNTRUSTDESTDIR/$filename" else - info "Cannot find $UTFILE" + info "Cannot find $filename" ERRORS=$((ERRORS + 1)) fi done @@ -290,6 +327,16 @@ cmd_trust() cmd_untrusted() { + local flag + + while getopts "" flag; do + case "$flag" in + *) usage ;; + esac + done + shift $((OPTIND - 1)) + [ $# -eq 0 ] || usage + info "Listing Untrusted Certificates:" do_list "$UNTRUSTDESTDIR" } @@ -322,6 +369,7 @@ while getopts cD:d:M:nUv flag; do n) NOOP=true ;; U) UNPRIV=true ;; v) VERBOSE=true ;; + *) usage ;; esac done shift $((OPTIND - 1)) @@ -343,15 +391,18 @@ fi : ${UNTRUSTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/untrusted} [ $# -gt 0 ] || usage -case "$1" in -list) cmd_list ;; -rehash) cmd_rehash ;; +CMD=$1 +shift +OPTIND=1 +case "${CMD}" in +list) cmd_list "$@" ;; +rehash) cmd_rehash "$@" ;; blacklist) cmd_untrust "$@" ;; untrust) cmd_untrust "$@" ;; trust) cmd_trust "$@" ;; unblacklist) cmd_trust "$@" ;; -untrusted) cmd_untrusted ;; -blacklisted) cmd_untrusted ;; +untrusted) cmd_untrusted "$@" ;; +blacklisted) cmd_untrusted "$@" ;; *) usage # NOTREACHED esac
