devuan
/
apt
10
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 27 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9213 Commits
3 Branches
65 MiB
 
 
 
 
 
 
Tree: e2965b0b6b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e2965b0b6b'
${ noResults }
apt/apt-pkg/contrib/gpgv.cc

505 lines
16 KiB
Raw Blame History 

  1. // -*- mode: cpp; mode: fold -*-

  2. // Include Files							/*{{{*/

  3. #include <config.h>

  4. 

  5. #include <apt-pkg/configuration.h>

  6. #include <apt-pkg/error.h>

  7. #include <apt-pkg/fileutl.h>

  8. #include <apt-pkg/gpgv.h>

  9. #include <apt-pkg/strutl.h>

  10. 

  11. #include <errno.h>

  12. #include <fcntl.h>

  13. #include <stddef.h>

  14. #include <stdio.h>

  15. #include <stdlib.h>

  16. #include <string.h>

  17. #include <sys/wait.h>

  18. #include <unistd.h>

  19. 

  20. #include <algorithm>

  21. #include <fstream>

  22. #include <iostream>

  23. #include <memory>

  24. #include <sstream>

  25. #include <string>

  26. #include <vector>

  27. 

  28. #include <apti18n.h>

  29. 									/*}}}*/

  30. 

  31. static bool GetLineErrno(std::unique_ptr<char, decltype(&free)> &buffer, size_t *n, FILE *stream, std::string const &InFile, bool acceptEoF = false)/*{{{*/

  32. {

  33.    errno = 0;

  34.    auto lineptr = buffer.release();

  35.    auto const result = getline(&lineptr, n, stream);

  36.    buffer.reset(lineptr);

  37.    if (errno != 0)

  38.       return _error->Errno("getline", "Could not read from %s", InFile.c_str());

  39.    if (result == -1)

  40.    {

  41.       if (acceptEoF)

  42. 	 return false;

  43.       return _error->Error("Splitting of clearsigned file %s failed as it doesn't contain all expected parts", InFile.c_str());

  44.    }

  45.    // We remove all whitespaces including newline here as

  46.    // a) gpgv ignores them for signature

  47.    // b) we can write out a \n in code later instead of dealing with \r\n or not

  48.    _strrstrip(buffer.get());

  49.    return true;

  50. }

  51. 									/*}}}*/

  52. static char * GenerateTemporaryFileTemplate(const char *basename)	/*{{{*/

  53. {

  54.    std::string out;

  55.    std::string tmpdir = GetTempDir();

  56.    strprintf(out,  "%s/%s.XXXXXX", tmpdir.c_str(), basename);

  57.    return strdup(out.c_str());

  58. }

  59. 									/*}}}*/

  60. // ExecGPGV - returns the command needed for verify			/*{{{*/

  61. // ---------------------------------------------------------------------

  62. /* Generating the commandline for calling gpg is somehow complicated as

  63.    we need to add multiple keyrings and user supplied options.

  64.    Also, as gpg has no options to enforce a certain reduced style of

  65.    clear-signed files (=the complete content of the file is signed and

  66.    the content isn't encoded) we do a divide and conquer approach here

  67.    and split up the clear-signed file in message and signature for gpg.

  68.    And as a cherry on the cake, we use our apt-key wrapper to do part

  69.    of the lifting in regards to merging keyrings. Fun for the whole family.

  70. */

  71. static bool iovprintf(std::ostream &out, const char *format,

  72. 		      va_list &args, ssize_t &size) {

  73.    char *S = (char*)malloc(size);

  74.    ssize_t const n = vsnprintf(S, size, format, args);

  75.    if (n > -1 && n < size) {

  76.       out << S;

  77.       free(S);

  78.       return true;

  79.    } else {

  80.       if (n > -1)

  81. 	 size = n + 1;

  82.       else

  83. 	 size *= 2;

  84.    }

  85.    free(S);

  86.    return false;

  87. }

  88. static void APT_PRINTF(4) apt_error(std::ostream &outterm, int const statusfd, int fd[2], const char *format, ...)

  89. {

  90.    std::ostringstream outstr;

  91.    std::ostream &out = (statusfd == -1) ? outterm : outstr;

  92.    va_list args;

  93.    ssize_t size = 400;

  94.    while (true) {

  95.       bool ret;

  96.       va_start(args,format);

  97.       ret = iovprintf(out, format, args, size);

  98.       va_end(args);

  99.       if (ret == true)

  100. 	 break;

  101.    }

  102.    if (statusfd != -1)

  103.    {

  104.       auto const errtag = "[APTKEY:] ERROR ";

  105.       outstr << '\n';

  106.       auto const errtext = outstr.str();

  107.       if (FileFd::Write(fd[1], errtag, strlen(errtag)) == false ||

  108. 	    FileFd::Write(fd[1], errtext.data(), errtext.size()) == false)

  109. 	 outterm << errtext << std::flush;

  110.    }

  111. }

  112. void ExecGPGV(std::string const &File, std::string const &FileGPG,

  113.              int const &statusfd, int fd[2], std::string const &key)

  114. {

  115.    #define EINTERNAL 111

  116.    std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key");

  117. 

  118.    bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);

  119.    struct exiter {

  120.       std::vector<const char *> files;

  121.       void operator ()(int code) APT_NORETURN {

  122. 	 std::for_each(files.begin(), files.end(), unlink);

  123. 	 exit(code);

  124.       }

  125.    } local_exit;

  126. 

  127. 

  128.    std::vector<const char *> Args;

  129.    Args.reserve(10);

  130. 

  131.    Args.push_back(aptkey.c_str());

  132.    Args.push_back("--quiet");

  133.    Args.push_back("--readonly");

  134.    auto const keysFileFpr = VectorizeString(key, ',');

  135.    for (auto const &k: keysFileFpr)

  136.    {

  137.       if (unlikely(k.empty()))

  138. 	 continue;

  139.       if (k[0] == '/')

  140.       {

  141. 	 Args.push_back("--keyring");

  142. 	 Args.push_back(k.c_str());

  143.       }

  144.       else

  145.       {

  146. 	 Args.push_back("--keyid");

  147. 	 Args.push_back(k.c_str());

  148.       }

  149.    }

  150.    Args.push_back("verify");

  151. 

  152.    char statusfdstr[10];

  153.    if (statusfd != -1)

  154.    {

  155.       Args.push_back("--status-fd");

  156.       snprintf(statusfdstr, sizeof(statusfdstr), "%i", statusfd);

  157.       Args.push_back(statusfdstr);

  158.    }

  159. 

  160.    Configuration::Item const *Opts;

  161.    Opts = _config->Tree("Acquire::gpgv::Options");

  162.    if (Opts != 0)

  163.    {

  164.       Opts = Opts->Child;

  165.       for (; Opts != 0; Opts = Opts->Next)

  166.       {

  167. 	 if (Opts->Value.empty() == true)

  168. 	    continue;

  169. 	 Args.push_back(Opts->Value.c_str());

  170.       }

  171.    }

  172. 

  173.    enum  { DETACHED, CLEARSIGNED } releaseSignature = (FileGPG != File) ? DETACHED : CLEARSIGNED;

  174.    char * sig = NULL;

  175.    char * data = NULL;

  176.    char * conf = nullptr;

  177. 

  178.    // Dump the configuration so apt-key picks up the correct Dir values

  179.    {

  180.       conf = GenerateTemporaryFileTemplate("apt.conf");

  181.       if (conf == nullptr) {

  182. 	 apt_error(std::cerr, statusfd, fd, "Couldn't create tempfile names for passing config to apt-key");

  183. 	 local_exit(EINTERNAL);

  184.       }

  185.       int confFd = mkstemp(conf);

  186.       if (confFd == -1) {

  187. 	 apt_error(std::cerr, statusfd, fd, "Couldn't create temporary file %s for passing config to apt-key", conf);

  188. 	 local_exit(EINTERNAL);

  189.       }

  190.       local_exit.files.push_back(conf);

  191. 

  192.       std::ofstream confStream(conf);

  193.       close(confFd);

  194.       _config->Dump(confStream);

  195.       confStream.close();

  196.       setenv("APT_CONFIG", conf, 1);

  197.    }

  198. 

  199.    if (releaseSignature == DETACHED)

  200.    {

  201.       std::unique_ptr<FILE, decltype(&fclose)> detached{fopen(FileGPG.c_str(), "r"), &fclose};

  202.       if (detached.get() == nullptr)

  203.       {

  204. 	 apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' could not be opened", FileGPG.c_str());

  205. 	 local_exit(EINTERNAL);

  206.       }

  207.       std::unique_ptr<char, decltype(&free)> buf{nullptr, &free};

  208.       size_t buf_size = 0;

  209.       bool open_signature = false;

  210.       bool found_badcontent = false;

  211.       size_t found_signatures = 0;

  212.       while (GetLineErrno(buf, &buf_size, detached.get(), FileGPG, true))

  213.       {

  214. 	 if (open_signature && strcmp(buf.get(), "-----END PGP SIGNATURE-----") == 0)

  215. 	    open_signature = false;

  216. 	 else if (open_signature == false && strcmp(buf.get(), "-----BEGIN PGP SIGNATURE-----") == 0)

  217. 	 {

  218. 	    open_signature = true;

  219. 	    ++found_signatures;

  220. 	 }

  221. 	 else if (open_signature == false)

  222. 	    found_badcontent = true;

  223.       }

  224.       if (found_signatures == 0 && statusfd != -1)

  225.       {

  226. 	 // This is not an attack attempt but a file even gpgv would complain about

  227. 	 // likely the result of a paywall which is covered by the gpgv method

  228. 	 auto const errtag = "[GNUPG:] NODATA\n";

  229. 	 FileFd::Write(fd[1], errtag, strlen(errtag));

  230. 	 local_exit(113);

  231.       }

  232.       else if (found_badcontent)

  233.       {

  234. 	 apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' contains lines not belonging to a signature", FileGPG.c_str());

  235. 	 local_exit(112);

  236.       }

  237.       if (open_signature == true)

  238.       {

  239. 	 apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' contains unclosed signatures", FileGPG.c_str());

  240. 	 local_exit(112);

  241.       }

  242. 

  243.       Args.push_back(FileGPG.c_str());

  244.       Args.push_back(File.c_str());

  245.    }

  246.    else // clear-signed file

  247.    {

  248.       sig = GenerateTemporaryFileTemplate("apt.sig");

  249.       data = GenerateTemporaryFileTemplate("apt.data");

  250.       if (sig == NULL || data == NULL)

  251.       {

  252. 	 apt_error(std::cerr, statusfd, fd, "Couldn't create tempfile names for splitting up %s", File.c_str());

  253. 	 local_exit(EINTERNAL);

  254.       }

  255. 

  256.       int const sigFd = mkstemp(sig);

  257.       int const dataFd = mkstemp(data);

  258.       if (dataFd != -1)

  259. 	 local_exit.files.push_back(data);

  260.       if (sigFd != -1)

  261. 	 local_exit.files.push_back(sig);

  262.       if (sigFd == -1 || dataFd == -1)

  263.       {

  264. 	 apt_error(std::cerr, statusfd, fd, "Couldn't create tempfiles for splitting up %s", File.c_str());

  265. 	 local_exit(EINTERNAL);

  266.       }

  267. 

  268.       FileFd signature;

  269.       signature.OpenDescriptor(sigFd, FileFd::WriteOnly, true);

  270.       FileFd message;

  271.       message.OpenDescriptor(dataFd, FileFd::WriteOnly, true);

  272. 

  273.       if (signature.Failed() == true || message.Failed() == true ||

  274. 	    SplitClearSignedFile(File, &message, nullptr, &signature) == false)

  275.       {

  276. 	 apt_error(std::cerr, statusfd, fd, "Splitting up %s into data and signature failed", File.c_str());

  277. 	 local_exit(112);

  278.       }

  279.       Args.push_back(sig);

  280.       Args.push_back(data);

  281.    }

  282. 

  283.    Args.push_back(NULL);

  284. 

  285.    if (Debug == true)

  286.    {

  287.       std::clog << "Preparing to exec: ";

  288.       for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)

  289. 	 std::clog << " " << *a;

  290.       std::clog << std::endl;

  291.    }

  292. 

  293.    if (statusfd != -1)

  294.    {

  295.       int const nullfd = open("/dev/null", O_WRONLY);

  296.       close(fd[0]);

  297.       // Redirect output to /dev/null; we read from the status fd

  298.       if (statusfd != STDOUT_FILENO)

  299. 	 dup2(nullfd, STDOUT_FILENO);

  300.       if (statusfd != STDERR_FILENO)

  301. 	 dup2(nullfd, STDERR_FILENO);

  302.       // Redirect the pipe to the status fd (3)

  303.       dup2(fd[1], statusfd);

  304. 

  305.       putenv((char *)"LANG=");

  306.       putenv((char *)"LC_ALL=");

  307.       putenv((char *)"LC_MESSAGES=");

  308.    }

  309. 

  310. 

  311.    // We have created tempfiles we have to clean up

  312.    // and we do an additional check, so fork yet another time …

  313.    pid_t pid = ExecFork();

  314.    if(pid < 0) {

  315.       apt_error(std::cerr, statusfd, fd, "Fork failed for %s to check %s", Args[0], File.c_str());

  316.       local_exit(EINTERNAL);

  317.    }

  318.    if(pid == 0)

  319.    {

  320.       if (statusfd != -1)

  321. 	 dup2(fd[1], statusfd);

  322.       execvp(Args[0], (char **) &Args[0]);

  323.       apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str());

  324.       local_exit(EINTERNAL);

  325.    }

  326. 

  327.    // Wait and collect the error code - taken from WaitPid as we need the exact Status

  328.    int Status;

  329.    while (waitpid(pid,&Status,0) != pid)

  330.    {

  331.       if (errno == EINTR)

  332. 	 continue;

  333.       apt_error(std::cerr, statusfd, fd, _("Waited for %s but it wasn't there"), "apt-key");

  334.       local_exit(EINTERNAL);

  335.    }

  336. 

  337.    // check if it exit'ed normally …

  338.    if (WIFEXITED(Status) == false)

  339.    {

  340.       apt_error(std::cerr, statusfd, fd, _("Sub-process %s exited unexpectedly"), "apt-key");

  341.       local_exit(EINTERNAL);

  342.    }

  343. 

  344.    // … and with a good exit code

  345.    if (WEXITSTATUS(Status) != 0)

  346.    {

  347.       // we forward the statuscode, so don't generate a message on the fd in this case

  348.       apt_error(std::cerr, -1, fd, _("Sub-process %s returned an error code (%u)"), "apt-key", WEXITSTATUS(Status));

  349.       local_exit(WEXITSTATUS(Status));

  350.    }

  351. 

  352.    // everything fine

  353.    local_exit(0);

  354. }

  355. 									/*}}}*/

  356. // SplitClearSignedFile - split message into data/signature		/*{{{*/

  357. bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,

  358.       std::vector<std::string> * const ContentHeader, FileFd * const SignatureFile)

  359. {

  360.    std::unique_ptr<FILE, decltype(&fclose)> in{fopen(InFile.c_str(), "r"), &fclose};

  361.    if (in.get() == nullptr)

  362.       return _error->Errno("fopen", "can not open %s", InFile.c_str());

  363. 

  364.    struct ScopedErrors

  365.    {

  366.       ScopedErrors() { _error->PushToStack(); }

  367.       ~ScopedErrors() { _error->MergeWithStack(); }

  368.    } scoped;

  369.    std::unique_ptr<char, decltype(&free)> buf{nullptr, &free};

  370.    size_t buf_size = 0;

  371. 

  372.    // start of the message

  373.    if (GetLineErrno(buf, &buf_size, in.get(), InFile) == false)

  374.       return false; // empty or read error

  375.    if (strcmp(buf.get(), "-----BEGIN PGP SIGNED MESSAGE-----") != 0)

  376.    {

  377.       // this might be an unsigned file we don't want to report errors for,

  378.       // but still finish unsuccessful none the less.

  379.       while (GetLineErrno(buf, &buf_size, in.get(), InFile, true))

  380. 	 if (strcmp(buf.get(), "-----BEGIN PGP SIGNED MESSAGE-----") == 0)

  381. 	    return _error->Error("Clearsigned file '%s' does not start with a signed message block.", InFile.c_str());

  382. 

  383.       return false;

  384.    }

  385. 

  386.    // save "Hash" Armor Headers

  387.    while (true)

  388.    {

  389.       if (GetLineErrno(buf, &buf_size, in.get(), InFile) == false)

  390. 	 return false;

  391.       if (*buf == '\0')

  392. 	 break; // empty line ends the Armor Headers

  393.       if (ContentHeader != NULL && strncmp(buf.get(), "Hash: ", strlen("Hash: ")) == 0)

  394. 	 ContentHeader->push_back(buf.get());

  395.    }

  396. 

  397.    // the message itself

  398.    bool first_line = true;

  399.    bool good_write = true;

  400.    while (true)

  401.    {

  402.       if (good_write == false || GetLineErrno(buf, &buf_size, in.get(), InFile) == false)

  403. 	 return false;

  404. 

  405.       if (strcmp(buf.get(), "-----BEGIN PGP SIGNATURE-----") == 0)

  406.       {

  407. 	 if (SignatureFile != nullptr)

  408. 	 {

  409. 	    good_write &= SignatureFile->Write(buf.get(), strlen(buf.get()));

  410. 	    good_write &= SignatureFile->Write("\n", 1);

  411. 	 }

  412. 	 break;

  413.       }

  414. 

  415.       // we don't have any fields which need dash-escaped,

  416.       // but implementations are free to encode all lines …

  417.       char const *dashfree = buf.get();

  418.       if (strncmp(dashfree, "- ", 2) == 0)

  419. 	 dashfree += 2;

  420.       if (first_line == true) // first line does not need a newline

  421. 	 first_line = false;

  422.       else if (ContentFile != nullptr)

  423. 	 good_write &= ContentFile->Write("\n", 1);

  424.       if (ContentFile != nullptr)

  425. 	 good_write &= ContentFile->Write(dashfree, strlen(dashfree));

  426.    }

  427. 

  428.    // collect all signatures

  429.    bool open_signature = true;

  430.    while (true)

  431.    {

  432.       if (good_write == false)

  433. 	 return false;

  434.       if (GetLineErrno(buf, &buf_size, in.get(), InFile, true) == false)

  435. 	 break;

  436. 

  437.       if (open_signature && strcmp(buf.get(), "-----END PGP SIGNATURE-----") == 0)

  438. 	 open_signature = false;

  439.       else if (open_signature == false && strcmp(buf.get(), "-----BEGIN PGP SIGNATURE-----") == 0)

  440. 	 open_signature = true;

  441.       else if (open_signature == false)

  442. 	 return _error->Error("Clearsigned file '%s' contains unsigned lines.", InFile.c_str());

  443. 

  444.       if (SignatureFile != nullptr)

  445.       {

  446. 	 good_write &= SignatureFile->Write(buf.get(), strlen(buf.get()));

  447. 	 good_write &= SignatureFile->Write("\n", 1);

  448.       }

  449.    }

  450.    if (open_signature == true)

  451.       return _error->Error("Signature in file %s wasn't closed", InFile.c_str());

  452. 

  453.    // Flush the files

  454.    if (SignatureFile != nullptr)

  455.       SignatureFile->Flush();

  456.    if (ContentFile != nullptr)

  457.       ContentFile->Flush();

  458. 

  459.    // Catch-all for "unhandled" read/sync errors

  460.    if (_error->PendingError())

  461.       return false;

  462.    return true;

  463. }

  464. 									/*}}}*/

  465. bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &MessageFile) /*{{{*/

  466. {

  467.    char * const message = GenerateTemporaryFileTemplate("fileutl.message");

  468.    int const messageFd = mkstemp(message);

  469.    if (messageFd == -1)

  470.    {

  471.       free(message);

  472.       return _error->Errno("mkstemp", "Couldn't create temporary file to work with %s", ClearSignedFileName.c_str());

  473.    }

  474.    // we have the fd, that's enough for us

  475.    unlink(message);

  476.    free(message);

  477. 

  478.    MessageFile.OpenDescriptor(messageFd, FileFd::ReadWrite | FileFd::BufferedWrite, true);

  479.    if (MessageFile.Failed() == true)

  480.       return _error->Error("Couldn't open temporary file to work with %s", ClearSignedFileName.c_str());

  481. 

  482.    _error->PushToStack();

  483.    bool const splitDone = SplitClearSignedFile(ClearSignedFileName, &MessageFile, NULL, NULL);

  484.    bool const errorDone = _error->PendingError();

  485.    _error->MergeWithStack();

  486.    if (splitDone == false)

  487.    {

  488.       MessageFile.Close();

  489. 

  490.       if (errorDone == true)

  491. 	 return false;

  492. 

  493.       // we deal with an unsigned file

  494.       MessageFile.Open(ClearSignedFileName, FileFd::ReadOnly);

  495.    }

  496.    else // clear-signed

  497.    {

  498.       if (MessageFile.Seek(0) == false)

  499. 	 return _error->Errno("lseek", "Unable to seek back in message for file %s", ClearSignedFileName.c_str());

  500.    }

  501. 

  502.    return MessageFile.Failed() == false;

  503. }

  504. 									/*}}}*/