• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/ucert/usign-exec.c

  1 /*
  2  * wrapper functions around the usign executable
  3  * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License version 3
  7  * as published by the Free Software Foundation
  8  *
  9  * This program is distributed in the hope that it will be useful,
 10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12  * GNU General Public License for more details.
 13  */
 14 
 15 #include <stdbool.h>
 16 #include <stdio.h>
 17 #include <string.h>
 18 #include <unistd.h>
 19 #include <sys/wait.h>
 20 
 21 #include "usign.h"
 22 
 23 #ifdef UCERT_HOST_BUILD
 24 #define USIGN_EXEC "usign"
 25 #else
 26 #define USIGN_EXEC "/usr/bin/usign"
 27 #endif
 28 
 29 /*
 30  * check for revoker deadlink in pubkeydir
 31  * return true if a revoker exists, false otherwise
 32  */
 33 int _usign_key_is_revoked(const char *fingerprint, const char *pubkeydir) {
 34         char tml[64] = {0};
 35         char rfname[256] = {0};
 36 
 37         snprintf(rfname, sizeof(rfname)-1, "%s/%s", pubkeydir, fingerprint);
 38         if (readlink(rfname, tml, sizeof(tml)) > 0 &&
 39             !strcmp(tml, ".revoked.")) {
 40                 return true;
 41         };
 42 
 43         return false;
 44 }
 45 
 46 #ifdef UCERT_FULL
 47 /*
 48  * call usign -S ...
 49  * return WEXITSTATUS or -1 if fork or execv fails
 50  */
 51 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
 52         pid_t pid;
 53         int status;
 54         const char *usign_argv[16] = {0};
 55         unsigned int usign_argc = 0;
 56 
 57         usign_argv[usign_argc++] = USIGN_EXEC;
 58         usign_argv[usign_argc++] = "-S";
 59         usign_argv[usign_argc++] = "-m";
 60         usign_argv[usign_argc++] = msgfile;
 61         usign_argv[usign_argc++] = "-s";
 62         usign_argv[usign_argc++] = seckeyfile;
 63         usign_argv[usign_argc++] = "-x";
 64         usign_argv[usign_argc++] = sigfile;
 65 
 66         if (quiet)
 67                 usign_argv[usign_argc++] = "-q";
 68 
 69         pid = fork();
 70         switch (pid) {
 71         case -1:
 72                 return -1;
 73 
 74         case 0:
 75                 if (
 76 #ifdef UCERT_HOST_BUILD
 77                         execvp(usign_argv[0], (char *const *)usign_argv)
 78 #else
 79                         execv(usign_argv[0], (char *const *)usign_argv)
 80 #endif
 81                    )
 82                         return -1;
 83 
 84                 break;
 85 
 86         default:
 87                 waitpid(pid, &status, 0);
 88                 return WEXITSTATUS(status);
 89         }
 90 
 91         return -1;
 92 }
 93 #else
 94 int usign_s(const char *msgfile, const char *seckeyfile, const char *sigfile, bool quiet) {
 95         return -1;
 96 };
 97 #endif
 98 
 99 /*
100  * call usign -F ... and set fingerprint returned
101  * return WEXITSTATUS or -1 if fork or execv fails
102  */
103 static int usign_f(char *fingerprint, const char *pubkeyfile, const char *seckeyfile, const char *sigfile) {
104         int fds[2];
105         pid_t pid;
106         int status;
107         const char *usign_argv[16] = {0};
108         unsigned int usign_argc = 0;
109 
110         if (pipe(fds))
111                 return -1;
112 
113         usign_argv[usign_argc++] = USIGN_EXEC;
114         usign_argv[usign_argc++] = "-F";
115 
116         if (pubkeyfile) {
117                 usign_argv[usign_argc++] = "-p";
118                 usign_argv[usign_argc++] = pubkeyfile;
119         }
120 
121         if (seckeyfile) {
122                 usign_argv[usign_argc++] = "-s";
123                 usign_argv[usign_argc++] = seckeyfile;
124         }
125 
126         if (sigfile) {
127                 usign_argv[usign_argc++] = "-x";
128                 usign_argv[usign_argc++] = sigfile;
129         }
130 
131         pid = fork();
132         switch (pid) {
133         case -1:
134                 return -1;
135 
136         case 0:
137                 dup2(fds[1], 1);
138 
139                 close(0);
140                 close(2);
141                 close(fds[0]);
142                 close(fds[1]);
143 
144                 if (
145 #ifdef UCERT_HOST_BUILD
146                     execvp(usign_argv[0], (char *const *)usign_argv)
147 #else
148                     execv(usign_argv[0], (char *const *)usign_argv)
149 #endif
150                    )
151                         return -1;
152 
153                 break;
154 
155         default:
156                 waitpid(pid, &status, 0);
157                 status = WEXITSTATUS(status);
158                 if (fingerprint && !WEXITSTATUS(status)) {
159                         ssize_t r;
160                         memset(fingerprint, 0, 17);
161                         r = read(fds[0], fingerprint, 17);
162                         if (r < 16)
163                                 status = -1;
164 
165                         fingerprint[16] = '\0';
166 
167                 }
168                 close(fds[0]);
169                 close(fds[1]);
170                 return status;
171         }
172 
173         return -1;
174 }
175 
176 /*
177  * call usign -F -p ...
178  */
179 int usign_f_pubkey(char *fingerprint, const char *pubkeyfile) {
180         return usign_f(fingerprint, pubkeyfile, NULL, NULL);
181 }
182 
183 /*
184  * call usign -F -s ...
185  */
186 int usign_f_seckey(char *fingerprint, const char *seckeyfile) {
187         return usign_f(fingerprint, NULL, seckeyfile, NULL);
188 }
189 
190 /*
191  * call usign -F -x ...
192  */
193 int usign_f_sig(char *fingerprint, const char *sigfile) {
194         return usign_f(fingerprint, NULL, NULL, sigfile);
195 }
196 
197 
198 /*
199  * call usign -V ...
200  * return WEXITSTATUS or -1 if fork or execv fails
201  */
202 int usign_v(const char *msgfile, const char *pubkeyfile,
203             const char *pubkeydir, const char *sigfile, bool quiet) {
204         pid_t pid;
205         int status;
206         const char *usign_argv[16] = {0};
207         unsigned int usign_argc = 0;
208         char fingerprint[17];
209 
210         if (usign_f_sig(fingerprint, sigfile)) {
211                 if (!quiet)
212                         fprintf(stdout, "cannot get signing key fingerprint\n");
213                 return 1;
214         }
215 
216         if (pubkeydir && _usign_key_is_revoked(fingerprint, pubkeydir)) {
217                 if (!quiet)
218                         fprintf(stdout, "key %s has been revoked!\n", fingerprint);
219                 return 1;
220         }
221         usign_argv[usign_argc++] = USIGN_EXEC;
222         usign_argv[usign_argc++] = "-V";
223         usign_argv[usign_argc++] = "-m";
224         usign_argv[usign_argc++] = msgfile;
225 
226         if (quiet)
227                 usign_argv[usign_argc++] = "-q";
228 
229         if (pubkeyfile) {
230                 usign_argv[usign_argc++] = "-p";
231                 usign_argv[usign_argc++] = pubkeyfile;
232         }
233 
234         if (pubkeydir) {
235                 usign_argv[usign_argc++] = "-P";
236                 usign_argv[usign_argc++] = pubkeydir;
237         }
238 
239         if (sigfile) {
240                 usign_argv[usign_argc++] = "-x";
241                 usign_argv[usign_argc++] = sigfile;
242         }
243 
244         pid = fork();
245         switch (pid) {
246         case -1:
247                 return -1;
248 
249         case 0:
250                 if (
251 #ifdef UCERT_HOST_BUILD
252                     execvp(usign_argv[0], (char *const *)usign_argv)
253 #else
254                     execv(usign_argv[0], (char *const *)usign_argv)
255 #endif
256                    )
257                         return -1;
258 
259                 break;
260 
261         default:
262                 waitpid(pid, &status, 0);
263                 return WEXITSTATUS(status);
264         }
265 
266         return -1;
267 }
268 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt