<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> <title>lib/signature.c Source File</title> <link href="doxygen.css" rel="stylesheet" type="text/css"> </head><body> <!-- Generated by Doxygen 1.2.17 --> <center> <a class="qindex" href="index.html">Main Page</a> <a class="qindex" href="modules.html">Modules</a> <a class="qindex" href="annotated.html">Data Structures</a> <a class="qindex" href="files.html">File List</a> <a class="qindex" href="functions.html">Data Fields</a> <a class="qindex" href="globals.html">Globals</a> <a class="qindex" href="pages.html">Related Pages</a> </center> <hr><h1>lib/signature.c</h1><a href="signature_8c.html">Go to the documentation of this file.</a><div class="fragment"><pre>00001 00005 <span class="comment">/* signature.c - RPM signature functions */</span> 00006 00007 <span class="comment">/* NOTES</span> 00008 <span class="comment"> *</span> 00009 <span class="comment"> * Things have been cleaned up wrt PGP. We can now handle</span> 00010 <span class="comment"> * signatures of any length (which means you can use any</span> 00011 <span class="comment"> * size key you like). We also honor PGPPATH finally.</span> 00012 <span class="comment"> */</span> 00013 00014 <span class="preprocessor">#include "<a class="code" href="system_8h.html">system.h</a>"</span> 00015 00016 <span class="preprocessor">#include "<a class="code" href="rpmio__internal_8h.html">rpmio_internal.h</a>"</span> 00017 <span class="preprocessor">#include <<a class="code" href="rpmlib_8h.html">rpmlib.h</a>></span> 00018 <span class="preprocessor">#include <<a class="code" href="rpmmacro_8h.html">rpmmacro.h</a>></span> <span class="comment">/* XXX for rpmGetPath() */</span> 00019 00020 <span class="preprocessor">#include "md5.h"</span> 00021 <span class="preprocessor">#include "<a class="code" href="misc_8h.html">misc.h</a>"</span> <span class="comment">/* XXX for dosetenv() and makeTempFile() */</span> 00022 <span class="preprocessor">#include "<a class="code" href="rpmlead_8h.html">rpmlead.h</a>"</span> 00023 <span class="preprocessor">#include "<a class="code" href="signature_8h.html">signature.h</a>"</span> 00024 <span class="preprocessor">#include "<a class="code" href="debug_8h.html">debug.h</a>"</span> 00025 00026 <span class="comment">/*@access Header@*/</span> <span class="comment">/* XXX compared with NULL */</span> 00027 <span class="comment">/*@access FD_t@*/</span> <span class="comment">/* XXX compared with NULL */</span> 00028 00029 <span class="preprocessor">#if !defined(__GLIBC__)</span> <a name="l00030"></a><a class="code" href="signature_8c.html#a1">00030</a> <span class="preprocessor"></span><span class="keywordtype">char</span> ** <a class="code" href="signature_8c.html#a1">environ</a> = NULL; 00031 <span class="preprocessor">#endif</span> 00032 <span class="preprocessor"></span> <a name="l00033"></a><a class="code" href="signature_8c.html#a2">00033</a> <span class="keyword">typedef</span> int (*<a class="code" href="signature_8c.html#a2">md5func</a>)(<span class="keyword">const</span> <span class="keywordtype">char</span> * fn, <span class="comment">/*@out@*/</span> byte * digest); 00034 <a name="l00035"></a><a class="code" href="group__signature.html#a8">00035</a> <span class="keywordtype">int</span> <a class="code" href="group__signature.html#a8">rpmLookupSignatureType</a>(<span class="keywordtype">int</span> action) 00036 { 00037 <span class="keyword">static</span> <span class="keywordtype">int</span> disabled = 0; 00038 <span class="keywordtype">int</span> rc = 0; 00039 00040 <span class="keywordflow">switch</span> (action) { 00041 <span class="keywordflow">case</span> <a class="code" href="signature_8h.html#a1">RPMLOOKUPSIG_DISABLE</a>: 00042 disabled = -2; 00043 <span class="keywordflow">break</span>; 00044 <span class="keywordflow">case</span> <a class="code" href="signature_8h.html#a2">RPMLOOKUPSIG_ENABLE</a>: 00045 disabled = 0; 00046 <span class="comment">/*@fallthrough@*/</span> 00047 <span class="keywordflow">case</span> <a class="code" href="signature_8h.html#a0">RPMLOOKUPSIG_QUERY</a>: 00048 <span class="keywordflow">if</span> (disabled) 00049 <span class="keywordflow">break</span>; <span class="comment">/* Disabled */</span> 00050 { <span class="keyword">const</span> <span class="keywordtype">char</span> *name = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_signature}"</span>, NULL); 00051 <span class="keywordflow">if</span> (!(name && *name != <span class="charliteral">'\0'</span>)) 00052 rc = 0; 00053 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!<a class="code" href="group__rpmio.html#a0">xstrcasecmp</a>(name, <span class="stringliteral">"none"</span>)) 00054 rc = 0; 00055 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!<a class="code" href="group__rpmio.html#a0">xstrcasecmp</a>(name, <span class="stringliteral">"pgp"</span>)) 00056 rc = <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>; 00057 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!<a class="code" href="group__rpmio.html#a0">xstrcasecmp</a>(name, <span class="stringliteral">"pgp5"</span>)) <span class="comment">/* XXX legacy */</span> 00058 rc = <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>; 00059 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!<a class="code" href="group__rpmio.html#a0">xstrcasecmp</a>(name, <span class="stringliteral">"gpg"</span>)) 00060 rc = <a class="code" href="group__signature.html#a11a403">RPMSIGTAG_GPG</a>; 00061 <span class="keywordflow">else</span> 00062 rc = -1; <span class="comment">/* Invalid %_signature spec in macro file */</span> 00063 name = <a class="code" href="poptint_8h.html#a14">_free</a>(name); 00064 } <span class="keywordflow">break</span>; 00065 } 00066 <span class="keywordflow">return</span> rc; 00067 } 00068 00069 <span class="comment">/* rpmDetectPGPVersion() returns the absolute path to the "pgp" */</span> 00070 <span class="comment">/* executable of the requested version, or NULL when none found. */</span> 00071 <a name="l00072"></a><a class="code" href="group__signature.html#a10">00072</a> <span class="keyword">const</span> <span class="keywordtype">char</span> * <a class="code" href="group__signature.html#a10">rpmDetectPGPVersion</a>(<a class="code" href="group__signature.html#a1">pgpVersion</a> * pgpVer) 00073 { 00074 <span class="comment">/* Actually this should support having more then one pgp version. */</span> 00075 <span class="comment">/* At the moment only one version is possible since we only */</span> 00076 <span class="comment">/* have one %_pgpbin and one %_pgp_path. */</span> 00077 00078 <span class="keyword">static</span> <a class="code" href="group__signature.html#a1">pgpVersion</a> saved_pgp_version = <a class="code" href="group__signature.html#a13a14">PGP_UNKNOWN</a>; 00079 <span class="keyword">const</span> <span class="keywordtype">char</span> *pgpbin = <a class="code" href="macro_8c.html#a53">rpmGetPath</a>(<span class="stringliteral">"%{?_pgpbin}"</span>, NULL); 00080 00081 <span class="keywordflow">if</span> (saved_pgp_version == <a class="code" href="group__signature.html#a13a14">PGP_UNKNOWN</a>) { 00082 <span class="keywordtype">char</span> *pgpvbin; 00083 <span class="keyword">struct </span>stat st; 00084 00085 <span class="keywordflow">if</span> (!(pgpbin && pgpbin[0] != <span class="charliteral">'\0'</span>)) { 00086 pgpbin = <a class="code" href="poptint_8h.html#a14">_free</a>(pgpbin); 00087 saved_pgp_version = -1; 00088 <span class="keywordflow">return</span> NULL; 00089 } 00090 pgpvbin = (<span class="keywordtype">char</span> *)<a class="code" href="system_8h.html#a36">alloca</a>(strlen(pgpbin) + <span class="keyword">sizeof</span>(<span class="stringliteral">"v"</span>)); 00091 (void)<a class="code" href="system_8h.html#a32">stpcpy</a>(<a class="code" href="system_8h.html#a32">stpcpy</a>(pgpvbin, pgpbin), <span class="stringliteral">"v"</span>); 00092 00093 <span class="keywordflow">if</span> (stat(pgpvbin, &st) == 0) 00094 saved_pgp_version = <a class="code" href="group__signature.html#a13a16">PGP_5</a>; 00095 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (stat(pgpbin, &st) == 0) 00096 saved_pgp_version = <a class="code" href="group__signature.html#a13a15">PGP_2</a>; 00097 <span class="keywordflow">else</span> 00098 saved_pgp_version = <a class="code" href="group__signature.html#a13a13">PGP_NOTDETECTED</a>; 00099 } 00100 00101 <span class="keywordflow">if</span> (pgpVer && pgpbin) 00102 *pgpVer = saved_pgp_version; 00103 <span class="keywordflow">return</span> pgpbin; 00104 } 00105 <a name="l00115"></a><a class="code" href="signature_8c.html#a6">00115</a> <span class="keyword">static</span> <span class="keyword">inline</span> <a class="code" href="rpmlib_8h.html#a43">rpmRC</a> <a class="code" href="signature_8c.html#a6">checkSize</a>(<a class="code" href="struct__FD__s.html">FD_t</a> fd, <span class="keywordtype">int</span> siglen, <span class="keywordtype">int</span> pad, <span class="keywordtype">int</span> datalen) 00116 <span class="comment">/*@globals fileSystem @*/</span> 00117 <span class="comment">/*@modifies fileSystem @*/</span> 00118 { 00119 <span class="keyword">struct </span>stat st; 00120 <a class="code" href="rpmlib_8h.html#a43">rpmRC</a> rc; 00121 00122 <span class="keywordflow">if</span> (fstat(<a class="code" href="group__rpmio.html#a86">Fileno</a>(fd), &st)) 00123 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a493a91">RPMRC_FAIL</a>; 00124 00125 <span class="keywordflow">if</span> (!S_ISREG(st.st_mode)) { 00126 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, 00127 <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"file is not regular -- skipping size check\n"</span>)); 00128 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a>; 00129 } 00130 00131 rc = (((<span class="keyword">sizeof</span>(<span class="keyword">struct </span><a class="code" href="structrpmlead.html">rpmlead</a>) + siglen + pad + datalen) - st.st_size) 00132 ? RPMRC_BADSIZE : <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a>); 00133 00134 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>((rc == <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a> ? <a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a> : <a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>), 00135 _("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"), 00136 (int)sizeof(struct <a class="code" href="structrpmlead.html">rpmlead</a>)+siglen+pad+datalen, 00137 (int)sizeof(struct <a class="code" href="structrpmlead.html">rpmlead</a>), siglen, pad, datalen); 00138 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>((rc == <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a> ? <a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a> : <a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>), 00139 _(" Actual size: %12d\n"), (int)st.st_size); 00140 00141 return rc; 00142 } 00143 <a name="l00144"></a><a class="code" href="group__signature.html#a5">00144</a> <a class="code" href="rpmlib_8h.html#a43">rpmRC</a> <a class="code" href="group__signature.html#a5">rpmReadSignature</a>(<a class="code" href="struct__FD__s.html">FD_t</a> fd, <a class="code" href="structheaderToken.html">Header</a> * headerp, <a class="code" href="group__signature.html#a0">sigType</a> sig_type) 00145 { 00146 byte buf[2048]; 00147 <span class="keywordtype">int</span> sigSize, pad; 00148 <a class="code" href="header_8h.html#a9">int_32</a> <a class="code" href="structrpmlead.html#m3">type</a>, count; 00149 <a class="code" href="header_8h.html#a9">int_32</a> *archSize; 00150 <a class="code" href="structheaderToken.html">Header</a> h = NULL; 00151 <a class="code" href="rpmlib_8h.html#a43">rpmRC</a> rc = <a class="code" href="rpmlib_8h.html#a493a91">RPMRC_FAIL</a>; <span class="comment">/* assume failure */</span> 00152 00153 <span class="keywordflow">if</span> (headerp) 00154 *headerp = NULL; 00155 00156 buf[0] = 0; 00157 <span class="keywordflow">switch</span> (sig_type) { 00158 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a6">RPMSIGTYPE_NONE</a>: 00159 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"No signature\n"</span>)); 00160 rc = <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a>; 00161 <span class="keywordflow">break</span>; 00162 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a7">RPMSIGTYPE_PGP262_1024</a>: 00163 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Old PGP signature\n"</span>)); 00164 <span class="comment">/* These are always 256 bytes */</span> 00165 <span class="keywordflow">if</span> (<a class="code" href="rpmio_8h.html#a8">timedRead</a>(fd, buf, 256) != 256) 00166 <span class="keywordflow">break</span>; 00167 h = <a class="code" href="group__header.html#a51">headerNew</a>(); 00168 (void) <a class="code" href="group__header.html#a45">headerAddEntry</a>(h, <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>, <a class="code" href="group__header.html#a93a72">RPM_BIN_TYPE</a>, buf, 152); 00169 rc = <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a>; 00170 <span class="keywordflow">break</span>; 00171 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a9">RPMSIGTYPE_MD5</a>: 00172 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a10">RPMSIGTYPE_MD5_PGP</a>: 00173 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a85">RPMERR_BADSIGTYPE</a>, 00174 <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Old (internal-only) signature! How did you get that!?\n"</span>)); 00175 <span class="keywordflow">break</span>; 00176 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a11">RPMSIGTYPE_HEADERSIG</a>: 00177 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a12a12">RPMSIGTYPE_DISABLE</a>: 00178 <span class="comment">/* This is a new style signature */</span> 00179 h = <a class="code" href="group__header.html#a32">headerRead</a>(fd, <a class="code" href="group__header.html#a92a65">HEADER_MAGIC_YES</a>); 00180 <span class="keywordflow">if</span> (h == NULL) 00181 <span class="keywordflow">break</span>; 00182 00183 rc = <a class="code" href="rpmlib_8h.html#a493a89">RPMRC_OK</a>; 00184 sigSize = <a class="code" href="group__header.html#a22">headerSizeof</a>(h, <a class="code" href="group__header.html#a92a65">HEADER_MAGIC_YES</a>); 00185 00186 <span class="comment">/* XXX Legacy headers have a HEADER_IMAGE tag added. */</span> 00187 <span class="keywordflow">if</span> (<a class="code" href="group__header.html#a34">headerIsEntry</a>(h, <a class="code" href="rpmlib_8h.html#a494a94">RPMTAG_HEADERIMAGE</a>)) 00188 sigSize -= (16 + 16); 00189 00190 pad = (8 - (sigSize % 8)) % 8; <span class="comment">/* 8-byte pad */</span> 00191 <span class="keywordflow">if</span> (sig_type == <a class="code" href="group__signature.html#a12a11">RPMSIGTYPE_HEADERSIG</a>) { 00192 <span class="keywordflow">if</span> (! <a class="code" href="group__header.html#a40">headerGetEntry</a>(h, <a class="code" href="group__signature.html#a11a398">RPMSIGTAG_SIZE</a>, &<a class="code" href="structrpmlead.html#m3">type</a>, 00193 (<span class="keywordtype">void</span> **)&archSize, &count)) 00194 <span class="keywordflow">break</span>; 00195 rc = <a class="code" href="signature_8c.html#a6">checkSize</a>(fd, sigSize, pad, *archSize); 00196 } 00197 <span class="keywordflow">if</span> (pad && <a class="code" href="rpmio_8h.html#a8">timedRead</a>(fd, buf, pad) != pad) 00198 rc = <a class="code" href="rpmlib_8h.html#a493a93">RPMRC_SHORTREAD</a>; 00199 <span class="keywordflow">break</span>; 00200 <span class="keywordflow">default</span>: 00201 <span class="keywordflow">break</span>; 00202 } 00203 00204 <span class="keywordflow">if</span> (rc == 0 && headerp) 00205 <span class="comment">/*@-nullderef@*/</span> 00206 *headerp = h; 00207 <span class="comment">/*@=nullderef@*/</span> 00208 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (h) 00209 h = <a class="code" href="group__header.html#a16">headerFree</a>(h); 00210 00211 <span class="keywordflow">return</span> rc; 00212 } 00213 <a name="l00214"></a><a class="code" href="group__signature.html#a6">00214</a> <span class="keywordtype">int</span> <a class="code" href="group__signature.html#a6">rpmWriteSignature</a>(<a class="code" href="struct__FD__s.html">FD_t</a> fd, <a class="code" href="structheaderToken.html">Header</a> h) 00215 { 00216 <span class="keyword">static</span> byte buf[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 00217 <span class="keywordtype">int</span> sigSize, pad; 00218 <span class="keywordtype">int</span> rc; 00219 00220 rc = <a class="code" href="group__header.html#a33">headerWrite</a>(fd, h, <a class="code" href="group__header.html#a92a65">HEADER_MAGIC_YES</a>); 00221 <span class="keywordflow">if</span> (rc) 00222 <span class="keywordflow">return</span> rc; 00223 00224 sigSize = <a class="code" href="group__header.html#a22">headerSizeof</a>(h, <a class="code" href="group__header.html#a92a65">HEADER_MAGIC_YES</a>); 00225 pad = (8 - (sigSize % 8)) % 8; 00226 <span class="keywordflow">if</span> (pad) { 00227 <span class="keywordflow">if</span> (<a class="code" href="group__rpmio.html#a78">Fwrite</a>(buf, <span class="keyword">sizeof</span>(buf[0]), pad, fd) != pad) 00228 rc = 1; 00229 } 00230 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Signature: size(%d)+pad(%d)\n"</span>), sigSize, pad); 00231 <span class="keywordflow">return</span> rc; 00232 } 00233 <a name="l00234"></a><a class="code" href="signature_8c.html#a3">00234</a> <a class="code" href="structheaderToken.html">Header</a> <a class="code" href="group__signature.html#a2">rpmNewSignature</a>(<span class="keywordtype">void</span>) 00235 { 00236 <a class="code" href="structheaderToken.html">Header</a> h = <a class="code" href="group__header.html#a51">headerNew</a>(); 00237 <span class="keywordflow">return</span> h; 00238 } 00239 <a name="l00240"></a><a class="code" href="group__signature.html#a9">00240</a> <a class="code" href="structheaderToken.html">Header</a> <a class="code" href="group__signature.html#a9">rpmFreeSignature</a>(<a class="code" href="structheaderToken.html">Header</a> h) 00241 { 00242 <span class="keywordflow">return</span> <a class="code" href="group__header.html#a16">headerFree</a>(h); 00243 } 00244 <a name="l00245"></a><a class="code" href="signature_8c.html#a10">00245</a> <span class="keyword">static</span> <span class="keywordtype">int</span> <a class="code" href="signature_8c.html#a10">makePGPSignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * file, <span class="comment">/*@out@*/</span> <span class="keywordtype">void</span> ** sig, 00246 <span class="comment">/*@out@*/</span> <a class="code" href="header_8h.html#a9">int_32</a> * size, <span class="comment">/*@null@*/</span> <span class="keyword">const</span> <span class="keywordtype">char</span> * passPhrase) 00247 <span class="comment">/*@globals rpmGlobalMacroContext, fileSystem @*/</span> 00248 <span class="comment">/*@modifies *sig, *size, rpmGlobalMacroContext, fileSystem @*/</span> 00249 { 00250 <span class="keywordtype">char</span> * sigfile = <a class="code" href="system_8h.html#a36">alloca</a>(1024); 00251 <span class="keywordtype">int</span> pid, status; 00252 <span class="keywordtype">int</span> inpipe[2]; 00253 <span class="keyword">struct </span>stat st; 00254 <span class="keyword">const</span> <span class="keywordtype">char</span> * cmd; 00255 <span class="keywordtype">char</span> *<span class="keyword">const</span> *av; 00256 <span class="keywordtype">int</span> rc; 00257 00258 (void) <a class="code" href="system_8h.html#a32">stpcpy</a>( <a class="code" href="system_8h.html#a32">stpcpy</a>(sigfile, file), <span class="stringliteral">".sig"</span>); 00259 00260 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>, NULL, file, -1); 00261 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>, NULL, sigfile, -1); 00262 00263 inpipe[0] = inpipe[1] = 0; 00264 (void) pipe(inpipe); 00265 00266 <span class="keywordflow">if</span> (!(pid = fork())) { 00267 <span class="keyword">const</span> <span class="keywordtype">char</span> *pgp_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_pgp_path}"</span>, NULL); 00268 <span class="keyword">const</span> <span class="keywordtype">char</span> *path; 00269 <a class="code" href="group__signature.html#a1">pgpVersion</a> pgpVer; 00270 00271 (void) close(STDIN_FILENO); 00272 (void) dup2(inpipe[0], 3); 00273 (void) close(inpipe[1]); 00274 00275 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"PGPPASSFD"</span>, <span class="stringliteral">"3"</span>, 1); 00276 <span class="keywordflow">if</span> (pgp_path && *pgp_path != <span class="charliteral">'\0'</span>) 00277 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"PGPPATH"</span>, pgp_path, 1); 00278 00279 <span class="comment">/* dosetenv("PGPPASS", passPhrase, 1); */</span> 00280 00281 <span class="keywordflow">if</span> ((path = <a class="code" href="group__signature.html#a10">rpmDetectPGPVersion</a>(&pgpVer)) != NULL) { 00282 <span class="keywordflow">switch</span>(pgpVer) { 00283 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a15">PGP_2</a>: 00284 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp_sign_cmd}"</span>, NULL); 00285 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00286 <span class="keywordflow">if</span> (!rc) 00287 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00288 <span class="keywordflow">break</span>; 00289 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a16">PGP_5</a>: 00290 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp5_sign_cmd}"</span>, NULL); 00291 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00292 <span class="keywordflow">if</span> (!rc) 00293 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00294 <span class="keywordflow">break</span>; 00295 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a14">PGP_UNKNOWN</a>: 00296 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a13">PGP_NOTDETECTED</a>: 00297 <a class="code" href="system_8h.html#a29">errno</a> = ENOENT; 00298 <span class="keywordflow">break</span>; 00299 } 00300 } 00301 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"pgp"</span>, 00302 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00303 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00304 } 00305 00306 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>); 00307 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>); 00308 00309 (void) close(inpipe[0]); 00310 <span class="keywordflow">if</span> (passPhrase) 00311 (void) write(inpipe[1], passPhrase, strlen(passPhrase)); 00312 (void) write(inpipe[1], <span class="stringliteral">"\n"</span>, 1); 00313 (void) close(inpipe[1]); 00314 00315 (void)waitpid(pid, &status, 0); 00316 <span class="keywordflow">if</span> (!WIFEXITED(status) || WEXITSTATUS(status)) { 00317 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"pgp failed\n"</span>)); 00318 <span class="keywordflow">return</span> 1; 00319 } 00320 00321 <span class="keywordflow">if</span> (stat(sigfile, &st)) { 00322 <span class="comment">/* PGP failed to write signature */</span> 00323 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); <span class="comment">/* Just in case */</span> 00324 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"pgp failed to write signature\n"</span>)); 00325 <span class="keywordflow">return</span> 1; 00326 } 00327 00328 *size = st.st_size; 00329 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"PGP sig size: %d\n"</span>), *size); 00330 *sig = <a class="code" href="rpmmalloc_8c.html#a1">xmalloc</a>(*size); 00331 00332 { <a class="code" href="struct__FD__s.html">FD_t</a> fd; 00333 rc = 0; 00334 fd = <a class="code" href="group__rpmio.html#a83">Fopen</a>(sigfile, <span class="stringliteral">"r.fdio"</span>); 00335 <span class="keywordflow">if</span> (fd != NULL && !<a class="code" href="group__rpmio.html#a85">Ferror</a>(fd)) { 00336 rc = <a class="code" href="rpmio_8h.html#a8">timedRead</a>(fd, *sig, *size); 00337 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); 00338 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(fd); 00339 } 00340 <span class="keywordflow">if</span> (rc != *size) { 00341 *sig = <a class="code" href="poptint_8h.html#a14">_free</a>(*sig); 00342 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"unable to read the signature\n"</span>)); 00343 <span class="keywordflow">return</span> 1; 00344 } 00345 } 00346 00347 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Got %d bytes of PGP sig\n"</span>), *size); 00348 00349 <span class="keywordflow">return</span> 0; 00350 } 00351 00352 <span class="comment">/* This is an adaptation of the makePGPSignature function to use GPG instead</span> 00353 <span class="comment"> * of PGP to create signatures. I think I've made all the changes necessary,</span> 00354 <span class="comment"> * but this could be a good place to start looking if errors in GPG signature</span> 00355 <span class="comment"> * creation crop up.</span> 00356 <span class="comment"> */</span> <a name="l00357"></a><a class="code" href="signature_8c.html#a11">00357</a> <span class="keyword">static</span> <span class="keywordtype">int</span> <a class="code" href="signature_8c.html#a11">makeGPGSignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * file, <span class="comment">/*@out@*/</span> <span class="keywordtype">void</span> ** sig, 00358 <span class="comment">/*@out@*/</span> <a class="code" href="header_8h.html#a9">int_32</a> * size, <span class="comment">/*@null@*/</span> <span class="keyword">const</span> <span class="keywordtype">char</span> * passPhrase) 00359 <span class="comment">/*@globals rpmGlobalMacroContext, fileSystem @*/</span> 00360 <span class="comment">/*@modifies *sig, *size, rpmGlobalMacroContext, fileSystem @*/</span> 00361 { 00362 <span class="keywordtype">char</span> * sigfile = <a class="code" href="system_8h.html#a36">alloca</a>(1024); 00363 <span class="keywordtype">int</span> pid, status; 00364 <span class="keywordtype">int</span> inpipe[2]; 00365 FILE * fpipe; 00366 <span class="keyword">struct </span>stat st; 00367 <span class="keyword">const</span> <span class="keywordtype">char</span> * cmd; 00368 <span class="keywordtype">char</span> *<span class="keyword">const</span> *av; 00369 <span class="keywordtype">int</span> rc; 00370 00371 (void) <a class="code" href="system_8h.html#a32">stpcpy</a>( <a class="code" href="system_8h.html#a32">stpcpy</a>(sigfile, file), <span class="stringliteral">".sig"</span>); 00372 00373 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>, NULL, file, -1); 00374 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>, NULL, sigfile, -1); 00375 00376 inpipe[0] = inpipe[1] = 0; 00377 (void) pipe(inpipe); 00378 00379 <span class="keywordflow">if</span> (!(pid = fork())) { 00380 <span class="keyword">const</span> <span class="keywordtype">char</span> *gpg_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_gpg_path}"</span>, NULL); 00381 00382 (void) close(STDIN_FILENO); 00383 (void) dup2(inpipe[0], 3); 00384 (void) close(inpipe[1]); 00385 00386 <span class="keywordflow">if</span> (gpg_path && *gpg_path != <span class="charliteral">'\0'</span>) 00387 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"GNUPGHOME"</span>, gpg_path, 1); 00388 00389 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__gpg_sign_cmd}"</span>, NULL); 00390 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00391 <span class="keywordflow">if</span> (!rc) 00392 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00393 00394 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"gpg"</span>, 00395 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00396 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00397 } 00398 00399 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>); 00400 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>); 00401 00402 fpipe = fdopen(inpipe[1], <span class="stringliteral">"w"</span>); 00403 (void) close(inpipe[0]); 00404 <span class="keywordflow">if</span> (fpipe) { 00405 fprintf(fpipe, <span class="stringliteral">"%s\n"</span>, (passPhrase ? passPhrase : <span class="stringliteral">""</span>)); 00406 (void) fclose(fpipe); 00407 } 00408 00409 (void)waitpid(pid, &status, 0); 00410 <span class="keywordflow">if</span> (!WIFEXITED(status) || WEXITSTATUS(status)) { 00411 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"gpg failed\n"</span>)); 00412 <span class="keywordflow">return</span> 1; 00413 } 00414 00415 <span class="keywordflow">if</span> (stat(sigfile, &st)) { 00416 <span class="comment">/* GPG failed to write signature */</span> 00417 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); <span class="comment">/* Just in case */</span> 00418 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"gpg failed to write signature\n"</span>)); 00419 <span class="keywordflow">return</span> 1; 00420 } 00421 00422 *size = st.st_size; 00423 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"GPG sig size: %d\n"</span>), *size); 00424 *sig = <a class="code" href="rpmmalloc_8c.html#a1">xmalloc</a>(*size); 00425 00426 { <a class="code" href="struct__FD__s.html">FD_t</a> fd; 00427 <span class="keywordtype">int</span> rc = 0; 00428 fd = <a class="code" href="group__rpmio.html#a83">Fopen</a>(sigfile, <span class="stringliteral">"r.fdio"</span>); 00429 <span class="keywordflow">if</span> (fd != NULL && !<a class="code" href="group__rpmio.html#a85">Ferror</a>(fd)) { 00430 rc = <a class="code" href="rpmio_8h.html#a8">timedRead</a>(fd, *sig, *size); 00431 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); 00432 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(fd); 00433 } 00434 <span class="keywordflow">if</span> (rc != *size) { 00435 *sig = <a class="code" href="poptint_8h.html#a14">_free</a>(*sig); 00436 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"unable to read the signature\n"</span>)); 00437 <span class="keywordflow">return</span> 1; 00438 } 00439 } 00440 00441 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a0">RPMMESS_DEBUG</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Got %d bytes of GPG sig\n"</span>), *size); 00442 00443 <span class="keywordflow">return</span> 0; 00444 } 00445 <a name="l00446"></a><a class="code" href="group__signature.html#a7">00446</a> <span class="keywordtype">int</span> <a class="code" href="group__signature.html#a7">rpmAddSignature</a>(<a class="code" href="structheaderToken.html">Header</a> h, <span class="keyword">const</span> <span class="keywordtype">char</span> * file, <a class="code" href="header_8h.html#a9">int_32</a> sigTag, 00447 <span class="keyword">const</span> <span class="keywordtype">char</span> *passPhrase) 00448 { 00449 <span class="keyword">struct </span>stat st; 00450 <a class="code" href="header_8h.html#a9">int_32</a> size; 00451 byte buf[16]; 00452 <span class="keywordtype">void</span> *sig; 00453 <span class="keywordtype">int</span> ret = -1; 00454 00455 <span class="keywordflow">switch</span> (sigTag) { 00456 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a398">RPMSIGTAG_SIZE</a>: 00457 (void) stat(file, &st); 00458 size = st.st_size; 00459 ret = 0; 00460 (void) <a class="code" href="group__header.html#a45">headerAddEntry</a>(h, <a class="code" href="group__signature.html#a11a398">RPMSIGTAG_SIZE</a>, <a class="code" href="group__header.html#a93a70">RPM_INT32_TYPE</a>, &size, 1); 00461 <span class="keywordflow">break</span>; 00462 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a402">RPMSIGTAG_MD5</a>: 00463 ret = <a class="code" href="misc_8h.html#a15">mdbinfile</a>(file, buf); 00464 <span class="keywordflow">if</span> (ret == 0) 00465 (void) <a class="code" href="group__header.html#a45">headerAddEntry</a>(h, sigTag, <a class="code" href="group__header.html#a93a72">RPM_BIN_TYPE</a>, buf, 16); 00466 <span class="keywordflow">break</span>; 00467 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a404">RPMSIGTAG_PGP5</a>: <span class="comment">/* XXX legacy */</span> 00468 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>: 00469 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a1">RPMMESS_VERBOSE</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Generating signature using PGP.\n"</span>)); 00470 ret = <a class="code" href="signature_8c.html#a10">makePGPSignature</a>(file, &sig, &size, passPhrase); 00471 <span class="keywordflow">if</span> (ret == 0) 00472 (void) <a class="code" href="group__header.html#a45">headerAddEntry</a>(h, sigTag, <a class="code" href="group__header.html#a93a72">RPM_BIN_TYPE</a>, sig, size); 00473 <span class="keywordflow">break</span>; 00474 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a403">RPMSIGTAG_GPG</a>: 00475 <a class="code" href="rpmmessages_8h.html#a7">rpmMessage</a>(<a class="code" href="rpmmessages_8h.html#a1">RPMMESS_VERBOSE</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Generating signature using GPG.\n"</span>)); 00476 ret = <a class="code" href="signature_8c.html#a11">makeGPGSignature</a>(file, &sig, &size, passPhrase); 00477 <span class="keywordflow">if</span> (ret == 0) 00478 (void) <a class="code" href="group__header.html#a45">headerAddEntry</a>(h, sigTag, <a class="code" href="group__header.html#a93a72">RPM_BIN_TYPE</a>, sig, size); 00479 <span class="keywordflow">break</span>; 00480 } 00481 00482 <span class="keywordflow">return</span> ret; 00483 } 00484 00485 <span class="keyword">static</span> <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> <a name="l00486"></a><a class="code" href="signature_8c.html#a13">00486</a> <a class="code" href="signature_8c.html#a13">verifySizeSignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * datafile, <a class="code" href="header_8h.html#a9">int_32</a> size, <span class="comment">/*@out@*/</span> <span class="keywordtype">char</span> * result) 00487 <span class="comment">/*@globals fileSystem @*/</span> 00488 <span class="comment">/*@modifies *result, fileSystem @*/</span> 00489 { 00490 <span class="keyword">struct </span>stat st; 00491 00492 (void) stat(datafile, &st); 00493 <span class="keywordflow">if</span> (size != st.st_size) { 00494 sprintf(result, <span class="stringliteral">"Header+Archive size mismatch.\n"</span> 00495 <span class="stringliteral">"Expected %d, saw %d.\n"</span>, 00496 size, (<span class="keywordtype">int</span>)st.st_size); 00497 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00498 } 00499 00500 sprintf(result, <span class="stringliteral">"Header+Archive size OK: %d bytes\n"</span>, size); 00501 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a411">RPMSIG_OK</a>; 00502 } 00503 <a name="l00504"></a><a class="code" href="signature_8c.html#a0">00504</a> <span class="preprocessor">#define X(_x) (unsigned)((_x) & 0xff)</span> 00505 <span class="preprocessor"></span> 00506 <span class="keyword">static</span> <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> <a name="l00507"></a><a class="code" href="signature_8c.html#a14">00507</a> <a class="code" href="signature_8c.html#a14">verifyMD5Signature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * datafile, <span class="keyword">const</span> byte * sig, 00508 <span class="comment">/*@out@*/</span> <span class="keywordtype">char</span> * result, <a class="code" href="signature_8c.html#a2">md5func</a> fn) 00509 <span class="comment">/*@globals fileSystem @*/</span> 00510 <span class="comment">/*@modifies *result, fileSystem @*/</span> 00511 { 00512 byte md5sum[16]; 00513 00514 memset(md5sum, 0, <span class="keyword">sizeof</span>(md5sum)); 00515 (void) fn(datafile, md5sum); 00516 <span class="keywordflow">if</span> (memcmp(md5sum, sig, 16)) { 00517 sprintf(result, <span class="stringliteral">"MD5 sum mismatch\n"</span> 00518 <span class="stringliteral">"Expected: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"</span> 00519 <span class="stringliteral">"%02x%02x%02x%02x%02x\n"</span> 00520 <span class="stringliteral">"Saw : %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"</span> 00521 <span class="stringliteral">"%02x%02x%02x%02x%02x\n"</span>, 00522 <a class="code" href="signature_8c.html#a0">X</a>(sig[0]), <a class="code" href="signature_8c.html#a0">X</a>(sig[1]), <a class="code" href="signature_8c.html#a0">X</a>(sig[2]), <a class="code" href="signature_8c.html#a0">X</a>(sig[3]), 00523 <a class="code" href="signature_8c.html#a0">X</a>(sig[4]), <a class="code" href="signature_8c.html#a0">X</a>(sig[5]), <a class="code" href="signature_8c.html#a0">X</a>(sig[6]), <a class="code" href="signature_8c.html#a0">X</a>(sig[7]), 00524 <a class="code" href="signature_8c.html#a0">X</a>(sig[8]), <a class="code" href="signature_8c.html#a0">X</a>(sig[9]), <a class="code" href="signature_8c.html#a0">X</a>(sig[10]), <a class="code" href="signature_8c.html#a0">X</a>(sig[11]), 00525 <a class="code" href="signature_8c.html#a0">X</a>(sig[12]), <a class="code" href="signature_8c.html#a0">X</a>(sig[13]), <a class="code" href="signature_8c.html#a0">X</a>(sig[14]), <a class="code" href="signature_8c.html#a0">X</a>(sig[15]), 00526 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[0]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[1]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[2]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[3]), 00527 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[4]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[5]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[6]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[7]), 00528 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[8]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[9]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[10]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[11]), 00529 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[12]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[13]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[14]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[15]) ); 00530 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00531 } 00532 00533 sprintf(result, <span class="stringliteral">"MD5 sum OK: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"</span> 00534 <span class="stringliteral">"%02x%02x%02x%02x%02x\n"</span>, 00535 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[0]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[1]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[2]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[3]), 00536 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[4]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[5]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[6]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[7]), 00537 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[8]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[9]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[10]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[11]), 00538 <a class="code" href="signature_8c.html#a0">X</a>(md5sum[12]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[13]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[14]), <a class="code" href="signature_8c.html#a0">X</a>(md5sum[15]) ); 00539 00540 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a411">RPMSIG_OK</a>; 00541 } 00542 00543 <span class="keyword">static</span> <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> <a name="l00544"></a><a class="code" href="signature_8c.html#a15">00544</a> <a class="code" href="signature_8c.html#a15">verifyPGPSignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * datafile, <span class="keyword">const</span> <span class="keywordtype">void</span> * sig, <span class="keywordtype">int</span> count, 00545 <span class="comment">/*@out@*/</span> <span class="keywordtype">char</span> * result) 00546 <span class="comment">/*@globals rpmGlobalMacroContext, fileSystem @*/</span> 00547 <span class="comment">/*@modifies *result, rpmGlobalMacroContext, fileSystem @*/</span> 00548 { 00549 <span class="keywordtype">int</span> pid, status, outpipe[2]; 00550 <span class="comment">/*@only@*/</span> <span class="comment">/*@null@*/</span> <span class="keyword">const</span> <span class="keywordtype">char</span> * sigfile = NULL; 00551 byte buf[BUFSIZ]; 00552 FILE *file; 00553 <span class="keywordtype">int</span> res = <a class="code" href="rpmlib_8h.html#a510a411">RPMSIG_OK</a>; 00554 <span class="keyword">const</span> <span class="keywordtype">char</span> *path; 00555 <a class="code" href="group__signature.html#a1">pgpVersion</a> pgpVer; 00556 <span class="keyword">const</span> <span class="keywordtype">char</span> * cmd; 00557 <span class="keywordtype">char</span> *<span class="keyword">const</span> *av; 00558 <span class="keywordtype">int</span> rc; 00559 00560 <span class="comment">/* What version do we have? */</span> 00561 <span class="keywordflow">if</span> ((path = <a class="code" href="group__signature.html#a10">rpmDetectPGPVersion</a>(&pgpVer)) == NULL) { 00562 <a class="code" href="system_8h.html#a29">errno</a> = ENOENT; 00563 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, (<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"pgp"</span>, 00564 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00565 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00566 } 00567 00568 <span class="comment">/*</span> 00569 <span class="comment"> * Sad but true: pgp-5.0 returns exit value of 0 on bad signature.</span> 00570 <span class="comment"> * Instead we have to use the text output to detect a bad signature.</span> 00571 <span class="comment"> */</span> 00572 <span class="keywordflow">if</span> (pgpVer == <a class="code" href="group__signature.html#a13a16">PGP_5</a>) 00573 res = <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00574 00575 <span class="comment">/* Write out the signature */</span> 00576 <span class="preprocessor">#ifdef DYING</span> 00577 <span class="preprocessor"></span> { <span class="keyword">const</span> <span class="keywordtype">char</span> *tmppath = <a class="code" href="macro_8c.html#a53">rpmGetPath</a>(<span class="stringliteral">"%{_tmppath}"</span>, NULL); 00578 sigfile = tempnam(tmppath, <span class="stringliteral">"rpmsig"</span>); 00579 tmppath = <a class="code" href="poptint_8h.html#a14">_free</a>(tmppath); 00580 } 00581 sfd = <a class="code" href="group__rpmio.html#a83">Fopen</a>(sigfile, <span class="stringliteral">"w.fdio"</span>); 00582 <span class="keywordflow">if</span> (sfd != NULL && !<a class="code" href="group__rpmio.html#a85">Ferror</a>(sfd)) { 00583 (void) <a class="code" href="group__rpmio.html#a78">Fwrite</a>(sig, <span class="keyword">sizeof</span>(<span class="keywordtype">char</span>), count, sfd); 00584 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(sfd); 00585 } 00586 <span class="preprocessor">#else</span> 00587 <span class="preprocessor"></span> { <a class="code" href="struct__FD__s.html">FD_t</a> sfd; 00588 <span class="keywordflow">if</span> (!<a class="code" href="lib_2misc_8c.html#a8">makeTempFile</a>(NULL, &sigfile, &sfd)) { 00589 (void) <a class="code" href="group__rpmio.html#a78">Fwrite</a>(sig, <span class="keyword">sizeof</span>(<span class="keywordtype">char</span>), count, sfd); 00590 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(sfd); 00591 sfd = NULL; 00592 } 00593 } 00594 <span class="preprocessor">#endif</span> 00595 <span class="preprocessor"></span> <span class="keywordflow">if</span> (sigfile == NULL) 00596 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00597 00598 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>, NULL, datafile, -1); 00599 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>, NULL, sigfile, -1); 00600 00601 <span class="comment">/* Now run PGP */</span> 00602 outpipe[0] = outpipe[1] = 0; 00603 (void) pipe(outpipe); 00604 00605 <span class="keywordflow">if</span> (!(pid = fork())) { 00606 <span class="keyword">const</span> <span class="keywordtype">char</span> *pgp_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_pgp_path}"</span>, NULL); 00607 00608 (void) close(outpipe[0]); 00609 (void) close(STDOUT_FILENO); <span class="comment">/* XXX unnecessary */</span> 00610 (void) dup2(outpipe[1], STDOUT_FILENO); 00611 00612 <span class="keywordflow">if</span> (pgp_path && *pgp_path != <span class="charliteral">'\0'</span>) 00613 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"PGPPATH"</span>, pgp_path, 1); 00614 00615 <span class="keywordflow">switch</span> (pgpVer) { 00616 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a15">PGP_2</a>: 00617 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp_verify_cmd}"</span>, NULL); 00618 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00619 <span class="keywordflow">if</span> (!rc) 00620 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00621 <span class="keywordflow">break</span>; 00622 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a16">PGP_5</a>: 00623 <span class="comment">/* Some output (in particular "This signature applies to */</span> 00624 <span class="comment">/* another message") is _always_ written to stderr; we */</span> 00625 <span class="comment">/* want to catch that output, so dup stdout to stderr: */</span> 00626 { <span class="keywordtype">int</span> save_stderr = dup(2); 00627 (void) dup2(1, 2); 00628 00629 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp5_verify_cmd}"</span>, NULL); 00630 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00631 <span class="keywordflow">if</span> (!rc) 00632 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00633 00634 <span class="comment">/* Restore stderr so we can print the error message below. */</span> 00635 (void) dup2(save_stderr, 2); 00636 (void) close(save_stderr); 00637 } <span class="keywordflow">break</span>; 00638 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a14">PGP_UNKNOWN</a>: 00639 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a13">PGP_NOTDETECTED</a>: 00640 <span class="keywordflow">break</span>; 00641 } 00642 00643 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"pgp"</span>, 00644 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00645 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00646 } 00647 00648 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>); 00649 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>); 00650 00651 (void) close(outpipe[1]); 00652 file = fdopen(outpipe[0], <span class="stringliteral">"r"</span>); 00653 result[0] = <span class="charliteral">'\0'</span>; 00654 <span class="keywordflow">if</span> (file) { 00655 <span class="keywordtype">char</span> *t = result; 00656 <span class="keywordtype">int</span> nb = 8*BUFSIZ - 1; 00657 <span class="keywordflow">while</span> (fgets(buf, 1024, file)) { 00658 <span class="keywordflow">if</span> (strncmp(<span class="stringliteral">"File '"</span>, buf, 6) && 00659 strncmp(<span class="stringliteral">"Text is assu"</span>, buf, 12) && 00660 strncmp(<span class="stringliteral">"This signature applies to another message"</span>, buf, 41) && 00661 buf[0] != <span class="charliteral">'\n'</span>) { 00662 nb -= strlen(buf); 00663 <span class="keywordflow">if</span> (nb > 0) t = <a class="code" href="system_8h.html#a33">stpncpy</a>(t, buf, nb); 00664 } 00665 <span class="keywordflow">if</span> (!strncmp(<span class="stringliteral">"WARNING: Can't find the right public key"</span>, buf, 40)) 00666 res = <a class="code" href="rpmlib_8h.html#a510a414">RPMSIG_NOKEY</a>; 00667 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!strncmp(<span class="stringliteral">"Signature by unknown keyid:"</span>, buf, 27)) 00668 res = <a class="code" href="rpmlib_8h.html#a510a414">RPMSIG_NOKEY</a>; 00669 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!strncmp(<span class="stringliteral">"WARNING: The signing key is not trusted"</span>, buf, 39)) 00670 res = <a class="code" href="rpmlib_8h.html#a510a415">RPMSIG_NOTTRUSTED</a>; 00671 <span class="keywordflow">else</span> <span class="keywordflow">if</span> (!strncmp(<span class="stringliteral">"Good signature"</span>, buf, 14)) 00672 res = <a class="code" href="rpmlib_8h.html#a510a411">RPMSIG_OK</a>; 00673 } 00674 (void) fclose(file); 00675 *t = <span class="charliteral">'\0'</span>; 00676 } 00677 00678 (void) waitpid(pid, &status, 0); 00679 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); 00680 sigfile = <a class="code" href="poptint_8h.html#a14">_free</a>(sigfile); 00681 <span class="keywordflow">if</span> (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) { 00682 res = <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00683 } 00684 00685 <span class="keywordflow">return</span> res; 00686 } 00687 00688 <span class="keyword">static</span> <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> <a name="l00689"></a><a class="code" href="signature_8c.html#a16">00689</a> <a class="code" href="signature_8c.html#a16">verifyGPGSignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * datafile, <span class="keyword">const</span> <span class="keywordtype">void</span> * sig, <span class="keywordtype">int</span> count, 00690 <span class="comment">/*@out@*/</span> <span class="keywordtype">char</span> * result) 00691 <span class="comment">/*@globals rpmGlobalMacroContext, fileSystem @*/</span> 00692 <span class="comment">/*@modifies *result, rpmGlobalMacroContext, fileSystem @*/</span> 00693 { 00694 <span class="keywordtype">int</span> pid, status, outpipe[2]; 00695 <span class="comment">/*@only@*/</span> <span class="comment">/*@null@*/</span> <span class="keyword">const</span> <span class="keywordtype">char</span> * sigfile = NULL; 00696 byte buf[BUFSIZ]; 00697 FILE *file; 00698 <span class="keywordtype">int</span> res = <a class="code" href="rpmlib_8h.html#a510a411">RPMSIG_OK</a>; 00699 <span class="keyword">const</span> <span class="keywordtype">char</span> * cmd; 00700 <span class="keywordtype">char</span> *<span class="keyword">const</span> *av; 00701 <span class="keywordtype">int</span> rc; 00702 00703 <span class="comment">/* Write out the signature */</span> 00704 <span class="preprocessor">#ifdef DYING</span> 00705 <span class="preprocessor"></span> { <span class="keyword">const</span> <span class="keywordtype">char</span> *tmppath = <a class="code" href="macro_8c.html#a53">rpmGetPath</a>(<span class="stringliteral">"%{_tmppath}"</span>, NULL); 00706 sigfile = tempnam(tmppath, <span class="stringliteral">"rpmsig"</span>); 00707 tmppath = <a class="code" href="poptint_8h.html#a14">_free</a>(tmppath); 00708 } 00709 sfd = <a class="code" href="group__rpmio.html#a83">Fopen</a>(sigfile, <span class="stringliteral">"w.fdio"</span>); 00710 <span class="keywordflow">if</span> (sfd != NULL && !<a class="code" href="group__rpmio.html#a85">Ferror</a>(sfd)) { 00711 (void) <a class="code" href="group__rpmio.html#a78">Fwrite</a>(sig, <span class="keyword">sizeof</span>(<span class="keywordtype">char</span>), count, sfd); 00712 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(sfd); 00713 } 00714 <span class="preprocessor">#else</span> 00715 <span class="preprocessor"></span> { <a class="code" href="struct__FD__s.html">FD_t</a> sfd; 00716 <span class="keywordflow">if</span> (!<a class="code" href="lib_2misc_8c.html#a8">makeTempFile</a>(NULL, &sigfile, &sfd)) { 00717 (void) <a class="code" href="group__rpmio.html#a78">Fwrite</a>(sig, <span class="keyword">sizeof</span>(<span class="keywordtype">char</span>), count, sfd); 00718 (void) <a class="code" href="group__rpmio.html#a80">Fclose</a>(sfd); 00719 sfd = NULL; 00720 } 00721 } 00722 <span class="preprocessor">#endif</span> 00723 <span class="preprocessor"></span> <span class="keywordflow">if</span> (sigfile == NULL) 00724 <span class="keywordflow">return</span> <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00725 00726 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>, NULL, datafile, -1); 00727 <a class="code" href="macro_8c.html#a43">addMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>, NULL, sigfile, -1); 00728 00729 <span class="comment">/* Now run GPG */</span> 00730 outpipe[0] = outpipe[1] = 0; 00731 (void) pipe(outpipe); 00732 00733 <span class="keywordflow">if</span> (!(pid = fork())) { 00734 <span class="keyword">const</span> <span class="keywordtype">char</span> *gpg_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_gpg_path}"</span>, NULL); 00735 00736 (void) close(outpipe[0]); 00737 <span class="comment">/* gpg version 0.9 sends its output to stderr. */</span> 00738 (void) dup2(outpipe[1], STDERR_FILENO); 00739 00740 <span class="keywordflow">if</span> (gpg_path && *gpg_path != <span class="charliteral">'\0'</span>) 00741 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"GNUPGHOME"</span>, gpg_path, 1); 00742 00743 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__gpg_verify_cmd}"</span>, NULL); 00744 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00745 <span class="keywordflow">if</span> (!rc) 00746 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00747 00748 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"gpg"</span>, 00749 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00750 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00751 } 00752 00753 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__plaintext_filename"</span>); 00754 <a class="code" href="macro_8c.html#a44">delMacro</a>(NULL, <span class="stringliteral">"__signature_filename"</span>); 00755 00756 (void) close(outpipe[1]); 00757 file = fdopen(outpipe[0], <span class="stringliteral">"r"</span>); 00758 result[0] = <span class="charliteral">'\0'</span>; 00759 <span class="keywordflow">if</span> (file) { 00760 <span class="keywordtype">char</span> * t = result; 00761 <span class="keywordtype">int</span> nb = 8*BUFSIZ - 1; 00762 <span class="keywordflow">while</span> (fgets(buf, 1024, file)) { 00763 nb -= strlen(buf); 00764 <span class="keywordflow">if</span> (nb > 0) t = <a class="code" href="system_8h.html#a33">stpncpy</a>(t, buf, nb); 00765 <span class="keywordflow">if</span> (!<a class="code" href="group__rpmio.html#a1">xstrncasecmp</a>(<span class="stringliteral">"gpg: Can't check signature: Public key not found"</span>, buf, 48)) { 00766 res = <a class="code" href="rpmlib_8h.html#a510a414">RPMSIG_NOKEY</a>; 00767 } 00768 } 00769 (void) fclose(file); 00770 *t = <span class="charliteral">'\0'</span>; 00771 } 00772 00773 (void) waitpid(pid, &status, 0); 00774 <span class="keywordflow">if</span> (sigfile) (void) unlink(sigfile); 00775 sigfile = <a class="code" href="poptint_8h.html#a14">_free</a>(sigfile); 00776 <span class="keywordflow">if</span> (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) { 00777 res = <a class="code" href="rpmlib_8h.html#a510a413">RPMSIG_BAD</a>; 00778 } 00779 00780 <span class="keywordflow">return</span> res; 00781 } 00782 <a name="l00783"></a><a class="code" href="signature_8c.html#a17">00783</a> <span class="keyword">static</span> <span class="keywordtype">int</span> <a class="code" href="signature_8c.html#a17">checkPassPhrase</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * passPhrase, <span class="keyword">const</span> <span class="keywordtype">int</span> sigTag) 00784 <span class="comment">/*@globals rpmGlobalMacroContext, fileSystem @*/</span> 00785 <span class="comment">/*@modifies rpmGlobalMacroContext, fileSystem @*/</span> 00786 { 00787 <span class="keywordtype">int</span> passPhrasePipe[2]; 00788 <span class="keywordtype">int</span> pid, status; 00789 <span class="keywordtype">int</span> fd; 00790 <span class="keyword">const</span> <span class="keywordtype">char</span> * cmd; 00791 <span class="keywordtype">char</span> *<span class="keyword">const</span> *av; 00792 <span class="keywordtype">int</span> rc; 00793 00794 passPhrasePipe[0] = passPhrasePipe[1] = 0; 00795 (void) pipe(passPhrasePipe); 00796 <span class="keywordflow">if</span> (!(pid = fork())) { 00797 (void) close(STDIN_FILENO); 00798 (void) close(STDOUT_FILENO); 00799 (void) close(passPhrasePipe[1]); 00800 <span class="keywordflow">if</span> (! <a class="code" href="rpmmessages_8h.html#a12">rpmIsVerbose</a>()) { 00801 (void) close(STDERR_FILENO); 00802 } 00803 <span class="keywordflow">if</span> ((fd = open(<span class="stringliteral">"/dev/null"</span>, O_RDONLY)) != STDIN_FILENO) { 00804 (void) dup2(fd, STDIN_FILENO); 00805 (void) close(fd); 00806 } 00807 <span class="keywordflow">if</span> ((fd = open(<span class="stringliteral">"/dev/null"</span>, O_WRONLY)) != STDOUT_FILENO) { 00808 (void) dup2(fd, STDOUT_FILENO); 00809 (void) close(fd); 00810 } 00811 (void) dup2(passPhrasePipe[0], 3); 00812 00813 <span class="keywordflow">switch</span> (sigTag) { 00814 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a403">RPMSIGTAG_GPG</a>: 00815 { <span class="keyword">const</span> <span class="keywordtype">char</span> *gpg_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_gpg_path}"</span>, NULL); 00816 00817 <span class="keywordflow">if</span> (gpg_path && *gpg_path != <span class="charliteral">'\0'</span>) 00818 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"GNUPGHOME"</span>, gpg_path, 1); 00819 00820 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__gpg_check_password_cmd}"</span>, NULL); 00821 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00822 <span class="keywordflow">if</span> (!rc) 00823 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00824 00825 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"gpg"</span>, 00826 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00827 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00828 } <span class="comment">/*@notreached@*/</span> <span class="keywordflow">break</span>; 00829 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a404">RPMSIGTAG_PGP5</a>: <span class="comment">/* XXX legacy */</span> 00830 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>: 00831 { <span class="keyword">const</span> <span class="keywordtype">char</span> *pgp_path = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_pgp_path}"</span>, NULL); 00832 <span class="keyword">const</span> <span class="keywordtype">char</span> *path; 00833 <a class="code" href="group__signature.html#a1">pgpVersion</a> pgpVer; 00834 00835 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"PGPPASSFD"</span>, <span class="stringliteral">"3"</span>, 1); 00836 <span class="keywordflow">if</span> (pgp_path && *pgp_path != <span class="charliteral">'\0'</span>) 00837 (void) <a class="code" href="lib_2misc_8c.html#a6">dosetenv</a>(<span class="stringliteral">"PGPPATH"</span>, pgp_path, 1); 00838 00839 <span class="keywordflow">if</span> ((path = <a class="code" href="group__signature.html#a10">rpmDetectPGPVersion</a>(&pgpVer)) != NULL) { 00840 <span class="keywordflow">switch</span>(pgpVer) { 00841 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a15">PGP_2</a>: 00842 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp_check_password_cmd}"</span>, NULL); 00843 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00844 <span class="keywordflow">if</span> (!rc) 00845 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00846 <span class="keywordflow">break</span>; 00847 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a16">PGP_5</a>: <span class="comment">/* XXX legacy */</span> 00848 cmd = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?__pgp5_check_password_cmd}"</span>, NULL); 00849 rc = <a class="code" href="group__popt.html#a2">poptParseArgvString</a>(cmd, NULL, (<span class="keyword">const</span> <span class="keywordtype">char</span> ***)&av); 00850 <span class="keywordflow">if</span> (!rc) 00851 rc = execve(av[0], av+1, <a class="code" href="signature_8c.html#a1">environ</a>); 00852 <span class="keywordflow">break</span>; 00853 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a14">PGP_UNKNOWN</a>: 00854 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a13a13">PGP_NOTDETECTED</a>: 00855 <span class="keywordflow">break</span>; 00856 } 00857 } 00858 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Could not exec %s: %s\n"</span>), <span class="stringliteral">"pgp"</span>, 00859 <a class="code" href="popt_8c.html#a1">strerror</a>(<a class="code" href="system_8h.html#a29">errno</a>)); 00860 _exit(<a class="code" href="rpmerr_8h.html#a91a56">RPMERR_EXEC</a>); 00861 } <span class="comment">/*@notreached@*/</span> <span class="keywordflow">break</span>; 00862 <span class="keywordflow">default</span>: <span class="comment">/* This case should have been screened out long ago. */</span> 00863 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Invalid %%_signature spec in macro file\n"</span>)); 00864 _exit(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>); 00865 <span class="comment">/*@notreached@*/</span> <span class="keywordflow">break</span>; 00866 } 00867 } 00868 00869 (void) close(passPhrasePipe[0]); 00870 (void) write(passPhrasePipe[1], passPhrase, strlen(passPhrase)); 00871 (void) write(passPhrasePipe[1], <span class="stringliteral">"\n"</span>, 1); 00872 (void) close(passPhrasePipe[1]); 00873 00874 (void)waitpid(pid, &status, 0); 00875 <span class="keywordflow">if</span> (!WIFEXITED(status) || WEXITSTATUS(status)) { 00876 <span class="keywordflow">return</span> 1; 00877 } 00878 00879 <span class="comment">/* passPhrase is good */</span> 00880 <span class="keywordflow">return</span> 0; 00881 } 00882 <a name="l00883"></a><a class="code" href="group__signature.html#a9">00883</a> <span class="keywordtype">char</span> * <a class="code" href="group__signature.html#a9">rpmGetPassPhrase</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * prompt, <span class="keyword">const</span> <span class="keywordtype">int</span> sigTag) 00884 { 00885 <span class="keywordtype">char</span> *pass; 00886 <span class="keywordtype">int</span> aok; 00887 00888 <span class="keywordflow">switch</span> (sigTag) { 00889 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a403">RPMSIGTAG_GPG</a>: 00890 { <span class="keyword">const</span> <span class="keywordtype">char</span> *name = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_gpg_name}"</span>, NULL); 00891 aok = (name && *name != <span class="charliteral">'\0'</span>); 00892 name = <a class="code" href="poptint_8h.html#a14">_free</a>(name); 00893 } 00894 <span class="keywordflow">if</span> (!aok) { 00895 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, 00896 <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"You must set \"%%_gpg_name\" in your macro file\n"</span>)); 00897 <span class="keywordflow">return</span> NULL; 00898 } 00899 <span class="keywordflow">break</span>; 00900 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a404">RPMSIGTAG_PGP5</a>: <span class="comment">/* XXX legacy */</span> 00901 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>: 00902 { <span class="keyword">const</span> <span class="keywordtype">char</span> *name = <a class="code" href="macro_8c.html#a50">rpmExpand</a>(<span class="stringliteral">"%{?_pgp_name}"</span>, NULL); 00903 aok = (name && *name != <span class="charliteral">'\0'</span>); 00904 name = <a class="code" href="poptint_8h.html#a14">_free</a>(name); 00905 } 00906 <span class="keywordflow">if</span> (!aok) { 00907 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, 00908 <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"You must set \"%%_pgp_name\" in your macro file\n"</span>)); 00909 <span class="keywordflow">return</span> NULL; 00910 } 00911 <span class="keywordflow">break</span>; 00912 <span class="keywordflow">default</span>: 00913 <span class="comment">/* Currently the calling function (rpm.c:main) is checking this and</span> 00914 <span class="comment"> * doing a better job. This section should never be accessed.</span> 00915 <span class="comment"> */</span> 00916 <a class="code" href="rpmerr_8h.html#a5">rpmError</a>(<a class="code" href="rpmerr_8h.html#a91a86">RPMERR_SIGGEN</a>, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Invalid %%_signature spec in macro file\n"</span>)); 00917 <span class="keywordflow">return</span> NULL; 00918 <span class="comment">/*@notreached@*/</span> <span class="keywordflow">break</span>; 00919 } 00920 00921 pass = <span class="comment">/*@-unrecog@*/</span> getpass( (prompt ? prompt : <span class="stringliteral">""</span>) ) <span class="comment">/*@=unrecog@*/</span> ; 00922 00923 <span class="keywordflow">if</span> (<a class="code" href="signature_8c.html#a17">checkPassPhrase</a>(pass, sigTag)) 00924 <span class="keywordflow">return</span> NULL; 00925 00926 <span class="keywordflow">return</span> pass; 00927 } 00928 00929 <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> <a name="l00930"></a><a class="code" href="group__signature.html#a19">00930</a> <a class="code" href="group__signature.html#a19">rpmVerifySignature</a>(<span class="keyword">const</span> <span class="keywordtype">char</span> * file, <a class="code" href="header_8h.html#a9">int_32</a> sigTag, <span class="keyword">const</span> <span class="keywordtype">void</span> * sig, 00931 <span class="keywordtype">int</span> count, <span class="keywordtype">char</span> * result) 00932 { 00933 <a class="code" href="rpmlib_8h.html#a88">rpmVerifySignatureReturn</a> res; 00934 00935 <span class="keywordflow">switch</span> (sigTag) { 00936 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a398">RPMSIGTAG_SIZE</a>: 00937 res = <a class="code" href="signature_8c.html#a13">verifySizeSignature</a>(file, *(<a class="code" href="header_8h.html#a9">int_32</a> *)sig, result); 00938 <span class="keywordflow">break</span>; 00939 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a402">RPMSIGTAG_MD5</a>: 00940 res = <a class="code" href="signature_8c.html#a14">verifyMD5Signature</a>(file, sig, result, mdbinfile); 00941 <span class="keywordflow">break</span>; 00942 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a404">RPMSIGTAG_PGP5</a>: <span class="comment">/* XXX legacy */</span> 00943 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a400">RPMSIGTAG_PGP</a>: 00944 res = <a class="code" href="signature_8c.html#a15">verifyPGPSignature</a>(file, sig, count, result); 00945 <span class="keywordflow">break</span>; 00946 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a403">RPMSIGTAG_GPG</a>: 00947 res = <a class="code" href="signature_8c.html#a16">verifyGPGSignature</a>(file, sig, count, result); 00948 <span class="keywordflow">break</span>; 00949 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a399">RPMSIGTAG_LEMD5_1</a>: 00950 <span class="keywordflow">case</span> <a class="code" href="group__signature.html#a11a401">RPMSIGTAG_LEMD5_2</a>: 00951 sprintf(result, <a class="code" href="system_8h.html#a18">_</a>(<span class="stringliteral">"Broken MD5 digest: UNSUPPORTED\n"</span>)); 00952 res = <a class="code" href="rpmlib_8h.html#a510a412">RPMSIG_UNKNOWN</a>; 00953 <span class="keywordflow">break</span>; 00954 <span class="keywordflow">default</span>: 00955 sprintf(result, <span class="stringliteral">"Do not know how to verify sig type %d\n"</span>, sigTag); 00956 res = <a class="code" href="rpmlib_8h.html#a510a412">RPMSIG_UNKNOWN</a>; 00957 <span class="keywordflow">break</span>; 00958 } 00959 <span class="keywordflow">return</span> res; 00960 } </pre></div><hr><address style="align: right;"><small>Generated on Thu Sep 12 22:14:59 2002 for rpm by <a href="http://www.doxygen.org/index.html"> <img src="doxygen.png" alt="doxygen" align="middle" border=0 width=110 height=53></a>1.2.17 </small></address> </body> </html>