diff options
Diffstat (limited to 'usr.sbin/pkg_install/sign/check.c')
-rw-r--r-- | usr.sbin/pkg_install/sign/check.c | 198 |
1 files changed, 49 insertions, 149 deletions
diff --git a/usr.sbin/pkg_install/sign/check.c b/usr.sbin/pkg_install/sign/check.c index 1799b438ff3..435a03026d7 100644 --- a/usr.sbin/pkg_install/sign/check.c +++ b/usr.sbin/pkg_install/sign/check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check.c,v 1.1 1999/09/27 21:40:03 espie Exp $ */ +/* $OpenBSD: check.c,v 1.2 1999/10/04 21:46:27 espie Exp $ */ /*- * Copyright (c) 1999 Marc Espie. * @@ -32,77 +32,20 @@ #include <sys/types.h> #include <sys/wait.h> #include <stdlib.h> -#include <unistd.h> #include <stdio.h> -#include <fcntl.h> -#include <paths.h> -#include <errno.h> #include "stand.h" #include "pgp.h" #include "gzip.h" #include "extern.h" -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" -#endif - -typedef /*@observer@*/char *pchar; - -static void -gzcat(fdin, fdout, envp) - int fdin, fdout; - char *envp[]; -{ - pchar argv[2]; - - argv[0] = GZCAT; - argv[1] = NULL; - if (dup2(fdin, fileno(stdin)) == -1 || - dup2(fdout, fileno(stdout)) == -1 || - execve(GZCAT, argv, envp) == -1) - exit(errno); -} - -static void -pgpcheck(fd, userid, envp) - int fd; - const char *userid; - char *envp[]; -{ - int fdnull; - pchar argv[6]; - - argv[0] = PGP; - argv[1] = "+batchmode"; - argv[2] = "-f"; - - if (userid) { - argv[3] = "-u"; - argv[4] = (char *)userid; - argv[5] = NULL; - } else - argv[3] = NULL; - - fdnull = open(_PATH_DEVNULL, O_RDWR); - if (fdnull == -1 || - dup2(fd, fileno(stdin)) == -1 || - dup2(fdnull, fileno(stdout)) == -1 || - execve(PGP, argv, envp) == -1) - exit(errno); -} - -static int -reap(pid) - pid_t pid; -{ - pid_t result; - int pstat; +struct checker { + void *context; + void (*add)(void *, const char *, size_t); + int (*get)(void *); + int status; +}; - do { - result = waitpid(pid, &pstat, 0); - } while (result == -1 && errno == EINTR); - return result == -1 ? -1 : pstat; -} +#define MAX_CHECKERS 20 int check_signature(file, userid, envp, filename) @@ -111,96 +54,53 @@ check_signature(file, userid, envp, filename) char *envp[]; /*@observer@*/const char *filename; { - FILE *file2; - int c; - char sign[SIGNSIZE]; + struct signature *sign; struct mygzip_header h; int status; - int togzcat[2], topgpcheck[2]; - pid_t pgpid, gzcatid; + char buffer[1024]; + size_t length; + struct checker checker[MAX_CHECKERS]; + struct signature *sweep; + int i, j; - status = read_header_and_diagnose(file, &h, sign, filename); + status = read_header_and_diagnose(file, &h, &sign, filename); if (status != 1) return PKG_UNSIGNED; - if (pipe(topgpcheck) == -1) { - fprintf(stderr, "Error creating pipe\n"); - return PKG_SIGERROR; - } - switch(pgpid = fork()) { - case -1: - fprintf(stderr, "Error creating pgp process\n"); - return PKG_SIGERROR; - case 0: - if (close(topgpcheck[1]) == -1) - exit(errno); - pgpcheck(topgpcheck[0], userid, envp); - /*@notreached@*/ - break; - default: - (void)close(topgpcheck[0]); - break; - } - if (write(topgpcheck[1], sign, sizeof(sign)) != sizeof(sign)) { - fprintf(stderr, "Error writing to pgp pipe\n"); - (void)close(topgpcheck[1]); - (void)reap(pgpid); - return PKG_SIGERROR; - } - if (pipe(togzcat) == -1) { - fprintf(stderr, "Error creating pipe\n"); - (void)close(topgpcheck[1]); - (void)reap(pgpid); - return PKG_SIGERROR; - } - switch (gzcatid=fork()) { - case -1: - fprintf(stderr, "Error creating gzcat process\n"); - (void)reap(pgpid); - return PKG_SIGERROR; - case 0: - if (close(togzcat[1]) == -1) - exit(errno); - gzcat(togzcat[0], topgpcheck[1], envp); - /*@notreached@*/ - break; - default: - (void)close(topgpcheck[1]); - (void)close(togzcat[0]); - } - - file2 = fdopen(togzcat[1], "w"); - if (file2 == NULL) { - (void)close(togzcat[1]); - (void)reap(gzcatid); - (void)reap(pgpid); - fprintf(stderr, "Error turning fd into FILE *\n"); - return PKG_SIGERROR; - } - - if (gzip_write_header(file2, &h, NULL) != 1) { - (void)fclose(file2); - (void)reap(pgpid); - (void)reap(gzcatid); - fprintf(stderr, "Error writing gzip header\n"); - return PKG_SIGERROR; - } - while((c = fgetc(file)) != EOF) { - if (fputc(c, file2) == EOF) { - fprintf(stderr, "Problem writing to zcat\n"); - (void)fclose(file2); - (void)reap(pgpid); - (void)reap(gzcatid); - return PKG_SIGERROR; + for (sweep = sign, i = 0; + sweep != NULL && i < MAX_CHECKERS; + sweep=sweep->next, i++) { + switch(sweep->type) { + case TAG_OLD: + fprintf(stderr, "File %s uses old signatures, no longer supported\n", + filename); + checker[i].context = NULL; + break; + case TAG_SHA1: + checker[i].context = new_sha1_checker(&h, sweep, userid, envp, filename); + checker[i].add = sha1_add; + checker[i].get = sha1_sign_ok; + break; + case TAG_PGP: + checker[i].context = new_pgp_checker(&h, sweep, userid, envp, filename); + checker[i].add = pgp_add; + checker[i].get = pgp_sign_ok; + break; + default: + abort(); } - } - status = PKG_GOODSIG; - if (fclose(file2) != 0) - status = PKG_SIGERROR; - if (reap(gzcatid) != 0) - status = PKG_SIGERROR; - if (reap(pgpid) != 0) - status = PKG_BADSIG; - return status; + while ((length = fread(buffer, 1, sizeof buffer, file)) > 0) + for (j = 0; j < i; j++) + if (checker[j].context) + (*checker[j].add)(checker[j].context, buffer, length); +// for (j = i-1; j >= 0; j--) + for (j = 0; j < i; j++) + if (checker[j].context) + checker[j].status = (*checker[j].get)(checker[j].context); + else + checker[j].status = PKG_SIGERROR; + free_signature(sign); + return checker[0].status; } + |