Changeset 481 for trunk/src/sh_gpg.c


Ignore:
Timestamp:
Jul 18, 2015, 5:06:52 PM (6 years ago)
Author:
katerina
Message:

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/sh_gpg.c

    r474 r481  
    6060#include "sh_static.h"
    6161#endif
     62#include "sh_gpg.h"
    6263
    6364static struct {
     
    128129  SL_ENTER(_("sh_gpg_checksum"));
    129130
    130 #if defined(WITH_PGP)
    131   test_gpg = sh_tiger_hash_gpg (DEFAULT_PGP_PATH, checkfd, TIGER_NOLIM);
    132 #else
    133131  test_gpg = sh_tiger_hash_gpg (DEFAULT_GPG_PATH, checkfd, TIGER_NOLIM);
    134 #endif
    135132 
    136133  test_ptr1 = strchr(GPG_HASH, ':');
     
    252249  char   cc1[32];
    253250  char   cc2[32];
    254 #if defined(WITH_PGP)
    255   char   cc3[32];
    256   char   cc0[3] = "-f";
    257 #endif
    258 #if defined(WITH_GPG)
     251
    259252  char   cc0[2] = "-";
    260253  char   cc3[32];
    261254  char   cc4[SH_PATHBUF+32];
    262255  char   cc5[32];
    263 #endif
     256
    264257
    265258  char * arg[9];
     
    279272  SL_ENTER(_("sh_gpg_popen"));
    280273
    281 #if defined(WITH_GPG)
    282274  /* -- GnuPG -- */
    283275  sl_strlcpy (path,  DEFAULT_GPG_PATH,  256);
     
    387379  (void) mode;
    388380  (void) id;
    389 #elif defined(WITH_PGP)
    390   /* -- PGP -- */
    391   sl_strlcpy (path,  DEFAULT_PGP_PATH, 256);
    392   if (mode == 0)
    393     {
    394       sl_strlcpy (cc1,   _("+language=en"),  32);
    395       sl_strlcpy (cc2,   _("-o"),     32);
    396       sl_strlcpy (cc3,   _("/dev/null"),     32);
    397      
    398       arg[0] = path;
    399       arg[1] = cc1;
    400       arg[2] = cc2;
    401       arg[3] = cc3;
    402       arg[4] = cc0;
    403       arg[5] = NULL;
    404     }
    405   else
    406     {
    407       sl_strlcpy (cc1,   _("+language=en"),  32);
    408       sl_strlcpy (cc2,   _("-kvc"),     32);       
    409      
    410       arg[0] = path;
    411       arg[1] = cc1;
    412       arg[2] = cc2;
    413       arg[3] = id;
    414       arg[4] = NULL;
    415       arg[5] = NULL;
    416     }
    417 #endif
    418381
    419382  /* use homedir of effective user
     
    467430      sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]);
    468431     
    469 
    470 #if defined(WITH_PGP)
    471       if (mode == 0)
    472         {
    473           if (retry_aud_dup2(FIL__, __LINE__, fd, STDIN_FILENO) < 0)
    474             {
    475               TPT(((0), FIL__, __LINE__, _("msg=<dup2 on fd failed>\n")));
    476               dlog(1, FIL__, __LINE__, _("Internal error: dup2 failed\n"));
    477               aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    478             }
    479         }
    480 #else
    481432      if (retry_aud_dup2(FIL__, __LINE__, fd, STDIN_FILENO) < 0)
    482433        {
     
    485436          aud__exit(FIL__, __LINE__, EXIT_FAILURE);
    486437        }
    487 #endif
    488438 
    489439      /* don't leak file descriptors
    490440       */
    491       sh_unix_closeall (3, -1, SL_TRUE); /* in child process */
    492 
    493       if (flag_err_debug != SL_TRUE)
     441      sh_unix_closeall (3, -1, S_TRUE); /* in child process */
     442
     443      if (flag_err_debug != S_TRUE)
    494444        {
    495445          if (NULL == freopen(_("/dev/null"), "r+", stderr))
     
    530480       * --  emulate an fexecve with checksum testing
    531481       */
    532 #if defined(WITH_PGP)
    533       checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_PGP_PATH, SL_NOPRIV);
    534 #else
    535482      checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_GPG_PATH, SL_NOPRIV);
    536 #endif
    537483
    538484      if (0 != sh_gpg_checksum(checkfd, 0))
     
    580526      for (i = 0; i < myrand; ++i)
    581527        {
    582 #if defined(WITH_PGP)
    583           checkfd = sl_open_fastread(FIL__, __LINE__, DEFAULT_PGP_PATH, SL_NOPRIV);
    584 #else
    585           checkfd = sl_open_fastread(FIL__, __LINE__, DEFAULT_GPG_PATH, SL_NOPRIV);
    586 #endif
     528          checkfd = sl_open_fastread(FIL__, __LINE__,
     529                                     DEFAULT_GPG_PATH, SL_NOPRIV);
     530
    587531          if (0 != sh_gpg_checksum(checkfd, 0)) {
    588532            aud__exit(FIL__, __LINE__, EXIT_FAILURE);
     
    591535        }
    592536#endif
    593                                
    594 
    595 #if defined(WITH_GPG)
     537
    596538      retry_aud_execve (FIL__, __LINE__, DEFAULT_GPG_PATH, arg, envp);
    597539      dlog(1, FIL__, __LINE__, _("Unexpected error: execve %s failed\n"),
    598540           DEFAULT_GPG_PATH);
    599 #elif defined(WITH_PGP)
    600       retry_aud_execve (FIL__, __LINE__, DEFAULT_PGP_PATH, arg, envp);
    601 #endif
    602541     
    603542      /* failed
     
    659598  sh_gpg_popen_t  source;
    660599  int have_id = BAD, have_fp = BAD, status = 0;
    661 #ifdef WITH_PGP
    662   char *ptr;
    663 #endif
    664600
    665601#ifdef HAVE_GPG_CHECKSUM
     
    671607  /* check whether GnuPG exists and has the correct checksum
    672608   */
    673 #if defined(WITH_GPG)
    674 
    675609  TPT(((0), FIL__, __LINE__, _("msg=<Check signature>\n")));
    676610  TPT(((0), FIL__, __LINE__, _("msg=<gpg is %s>\n"), DEFAULT_GPG_PATH));
     
    701635    }
    702636  sl_close(checkfd);
    703 #endif
    704 
    705 #elif defined(WITH_PGP)
    706 
    707   TPT(((0), FIL__, __LINE__, _("msg=<Check signature>\n")));
    708   TPT(((0), FIL__, __LINE__, _("msg=<pgp is %s>\n"), DEFAULT_PGP_PATH));
    709 
    710   if (0 != retry_lstat(FIL__, __LINE__, DEFAULT_PGP_PATH, &buf))
    711     {
    712       char errbuf[SH_ERRBUF_SIZE];
    713 
    714       status = errno;
    715       sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT,
    716                       sh_error_message(status, errbuf, sizeof(errbuf)), DEFAULT_PGP_PATH);
    717       SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign"));
    718     }
    719   if (0 != tf_trust_check (DEFAULT_PGP_PATH, SL_YESPRIV))
    720     SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign"));
    721 
    722 #ifdef HAVE_GPG_CHECKSUM
    723   checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_PGP_PATH, SL_YESPRIV);
    724 
    725   if (0 != sh_gpg_checksum(checkfd, 1))
    726     {
    727       sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
    728                       _("Checksum mismatch"),
    729                       _("gpg_check_file_sign"));
    730       sl_close(checkfd);
    731       SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign"));
    732     }
    733   sl_close(checkfd);
    734 #endif
    735 
    736637#endif
    737638
     
    768669      if (sl_strlen(line) < 18)
    769670        continue;
    770 #if defined(WITH_GPG)
     671
    771672      /* Sun May 27 18:40:05 CEST 2001
    772673       */
     
    821722          have_fp = GOOD;
    822723        }
    823 #elif defined(WITH_PGP)
    824       if (0 == sl_strncmp(_("Bad signature"), line, 13) ||
    825           0 == sl_strncmp(_("Error"), line, 5) ||
    826           0 == sl_strncmp(_("Malformed"), line, 9) ||
    827           0 == sl_strncmp(_("WARNING"), line, 7) ||
    828           0 == sl_strncmp(_("ERROR"), line, 5)
    829           )
    830         {
    831           have_fp = BAD; have_id = BAD;
    832           break;
    833         }
    834       if (0 == sl_strncmp(_("Good signature"), line, 14))
    835         {
    836           ptr = strchr ( line, '"');
    837           ++ptr;
    838           if (ptr)
    839             {
    840               sl_strlcpy (sign_id, ptr, SH_MINIBUF+1);
    841               sign_id[sl_strlen(sign_id)-1] = '\0'; /* remove trailing dot */
    842               sign_id[sl_strlen(sign_id)-2] = '\0'; /* remove trailing '"' */
    843             }
    844           else
    845             {
    846               sl_strlcpy (sign_id, _("(null)"), SH_MINIBUF+1);
    847             }
    848           have_id = GOOD;
    849         }
    850 #endif
    851724    }
    852725
    853726  if (ferror(source.pipe) && errno == EAGAIN)
    854727    {
    855       retry_msleep(0,10); /* sleep 10 ms to avoid starving the gpg child writing to the pipe */
     728      /* sleep 10 ms to avoid starving the gpg child writing to the pipe */
     729      retry_msleep(0,10);
    856730      clearerr(source.pipe);
    857731      goto xagain;
     
    862736  TPT(((0), FIL__, __LINE__, _("msg=<Close pipe>\n")));
    863737
    864 #ifdef WITH_PGP
    865   /* get the fingerprint */
    866 
    867   source.pipe   = sh_gpg_popen  ( &source, fd, 1,  sign_id, homedir);
    868   if (NULL == source.pipe)
    869     {
    870       sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
    871                       _("Could not open pipe for fp"),
    872                       _("gpg_check_file_sign"));
    873       SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign"));
    874     }
    875 
    876   TPT(((0), FIL__, __LINE__, _("msg=<Open pipe success>\n")));
    877 
    878  yagain:
    879 
    880   errno = 0;
    881 
    882   while (NULL != fgets(line, sizeof(line), source.pipe))
    883     {
    884 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
    885       char * saveptr = NULL;
    886 #endif
    887       if (line[strlen(line)-1] == '\n')
    888         line[strlen(line)-1] = ' ';
    889       sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
    890                       line,
    891                       _("gpg_check_file_sign"));
    892 
    893       if (sl_strlen(line) < 18)
    894         continue;
    895 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
    896       ptr = strtok_r (line, " ", &saveptr);
    897 #else
    898       ptr = strtok (line, " ");
    899 #endif
    900       while (ptr)
    901         {
    902 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
    903           ptr = strtok_r (NULL, " ", &saveptr);
    904 #else
    905           ptr = strtok (NULL, " ");
    906 #endif
    907           if (ptr && 0 == sl_strncmp (ptr, _("fingerprint"), 11))
    908             {
    909 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
    910               ptr = strtok_r (NULL, " ", &saveptr); /* to '=' */
    911 #else
    912               ptr = strtok (NULL, " "); /* to '=' */
    913 #endif
    914               sign_fp[0] = '\0';
    915               while (ptr)
    916                 {
    917 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R)
    918                   ptr = strtok_r (NULL, " ", &saveptr); /* part of fingerprint */
    919 #else
    920                   ptr = strtok (NULL, " "); /* part of fingerprint */
    921 #endif
    922                   sl_strlcat (sign_fp, ptr, SH_MINIBUF+1);
    923                 }
    924               /* sign_fp[sl_strlen(sign_fp)-1] = '\0'; remove trailing '\n' */
    925               if (sl_strlen(sign_fp) > 0)
    926                 have_fp = GOOD;
    927               break;
    928             }
    929         }
    930     }
    931 
    932   if (ferror(source.pipe) && errno == EAGAIN)
    933     {
    934       retry_msleep(0,10); /* sleep 10 ms to avoid starving the gpg child writing to the pipe */
    935       clearerr(source.pipe);
    936       goto yagain;
    937     }
    938  
    939   sh_gpg_pclose (&source);
    940 #endif
    941 
    942738  if (have_id == GOOD)
    943739    {
    944740      TPT(((0), FIL__, __LINE__, _("msg=<Got signator ID>\n")));
    945       ;
    946741    }
    947742  if (have_fp == GOOD)
    948743    {
    949744      TPT(((0), FIL__, __LINE__, _("msg=<Got fingerprint>\n")));
    950       ;
    951745    }
    952746
     
    969763int get_the_fd(SL_TICKET file_1);
    970764
    971 int sh_gpg_check_sign (long file_1, long file_2, int what)
     765#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && \
     766  defined(HAVE_GETPWNAM_R)
     767#define USE_GETPWNAM_R 1
     768#endif
     769
     770int sh_gpg_check_sign (long file, int what)
    972771{
    973772  int status = SH_GPG_BAD;
    974   int fd1 = 0;
    975   int fd2 = 0;
     773  int fd = 0;
     774
    976775  static int smsg = S_FALSE;
    977776  char  * tmp;
    978   char  * tmp2;
     777
     778  char  * sig_id;
     779  char  * sig_fp;
    979780
    980781  char  * homedir = sh.effective.home;
    981782#if defined(SH_WITH_SERVER)
    982783  struct passwd * tempres;
    983 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     784#if defined(USE_GETPWNAM_R)
    984785  struct passwd    pwd;
    985786  char           * buffer = SH_ALLOC(SH_PWBUF_SIZE);
     
    994795
    995796
    996   if (what == 0 || what == 1)
    997     fd1 = get_the_fd(file_1);
    998   if (what == 0 || what == 2)
    999     fd2 = get_the_fd(file_2);
    1000 
    1001 
    1002   if (fd1 < 0 || fd2 < 0)
    1003     {
    1004       TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD1 = %d>\n"), fd1));
    1005       TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD2 = %d>\n"), fd2));
     797  if (what == SIG_CONF)
     798    fd = get_the_fd(file);
     799  if (what == SIG_DATA)
     800    fd = get_the_fd(file);
     801
     802
     803  if (fd < 0)
     804    {
     805      TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd));
    1006806      dlog(1, FIL__, __LINE__,
    1007807           _("This looks like an unexpected internal error.\n"));
    1008       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name);
    1009       aud_exit (FIL__, __LINE__, EXIT_FAILURE);
     808#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R)
     809      SH_FREE(buffer);
     810#endif
     811      SL_RETURN( (-1), _("sh_gpg_check_sign"));
     812    }
     813 
    1010814#if defined(SH_WITH_SERVER)
    1011 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
    1012       SH_FREE(buffer);
    1013 #endif
    1014 #endif
    1015       SL_RETURN( (-1), _("sh_gpg_check_sign"));
    1016     }
    1017  
    1018   if (what == 0 || what == 1)
    1019     {
    1020       TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD1 = %d>\n"), fd1));
    1021 #if defined(SH_WITH_SERVER)
    1022 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     815#if defined(USE_GETPWNAM_R)
    1023816      sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
    1024817#else
    1025818      tempres = sh_getpwnam(DEFAULT_IDENT);
    1026819#endif
    1027 
    1028820      if ((tempres != NULL) && (0 == sl_ret_euid()))
    1029821        {
     
    1032824        }
    1033825#endif
    1034       status = sh_gpg_check_file_sign(fd1, gp.conf_id, gp.conf_fp, homedir, 1);
     826
     827  if (what == SIG_CONF)
     828    {
     829      TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd));
     830      status = sh_gpg_check_file_sign(fd, gp.conf_id, gp.conf_fp, homedir, 1);
    1035831      TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGUSR: |%s|>\n"), gp.conf_id));
    1036832      TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGFP:  |%s|>\n"), gp.conf_fp));
    1037     }
    1038 
    1039   if ((what == 0 && SH_GPG_OK == status) || what == 2)
    1040     {
    1041       TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD2 = %d>\n"), fd2));
    1042 #if defined(SH_WITH_SERVER)
    1043 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
    1044       sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
    1045 #else
    1046       tempres = sh_getpwnam(DEFAULT_IDENT);
    1047 #endif
    1048 
    1049       if ((tempres != NULL) && (0 == sl_ret_euid()))
    1050         {
    1051           /* privileges not dropped yet*/
    1052           homedir = tempres->pw_dir;
    1053         }
    1054 #endif
    1055       status = sh_gpg_check_file_sign(fd2, gp.data_id, gp.data_fp, homedir, 2);
     833      sig_id =  gp.conf_id; sig_fp = gp.conf_fp;
     834    }
     835
     836  if (what == SIG_DATA)
     837    {
     838      TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd));
     839      status = sh_gpg_check_file_sign(fd, gp.data_id, gp.data_fp, homedir, 2);
    1056840      TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGUSR: |%s|>\n"), gp.data_id));
    1057841      TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGFP:  |%s|>\n"), gp.data_fp));
     842      sig_id =  gp.data_id; sig_fp = gp.data_fp;
    1058843    }
    1059844 
    1060   if (SH_GPG_OK == status && what == 1)
     845  if (SH_GPG_OK == status)
    1061846    {
    1062847#ifdef USE_FINGERPRINT
    1063       if ((sl_strcmp(SH_GPG_FP, gp.conf_fp) == 0))
     848      if ((sl_strcmp(SH_GPG_FP, sig_fp) == 0))
    1064849        {
    1065850          int i;
    1066851
    1067           for(i = 0; i < (int) sl_strlen(gp.conf_fp); ++i)
    1068             {
    1069               if (gpgfp[i] != gp.conf_fp[i])
    1070                 {
    1071                   sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0,
    1072                                   MSG_E_GPG_FP,
    1073                                   gpgfp, gp.conf_fp);
    1074                   break;
    1075                 }
    1076             }
    1077 
    1078           if (smsg == S_FALSE)
    1079             {
    1080               tmp  = sh_util_safe_name(gp.conf_id);
    1081               sh_gpg_fill_startup (__LINE__,
    1082                                    /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */
     852          for(i = 0; i < (int) sl_strlen(sig_fp); ++i) {
     853              if (gpgfp[i] != sig_fp[i]) {
     854                sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0,
     855                                MSG_E_GPG_FP, gpgfp, sig_fp);
     856                break; }
     857          }
     858
     859          if (smsg == S_FALSE) {
     860            tmp  = sh_util_safe_name(sig_id);
     861            sh_gpg_fill_startup (__LINE__, sh.prg_name, sh.real.uid,
     862                                 (sh.flag.hidefile == S_TRUE) ?
     863                                 _("(hidden)") : file_path('C', 'R'),
     864                                 tmp,
     865                                 sig_fp);
     866            SH_FREE(tmp); }
     867          smsg = S_TRUE;
     868
     869#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R)
     870          SH_FREE(buffer);
     871#endif
     872          SL_RETURN(0, _("sh_gpg_check_sign"));
     873        }
     874      else
     875        {
     876          /* fp mismatch */
     877          dlog(1, FIL__, __LINE__,
     878               _("The fingerprint of the signing key: %s\ndoes not match the compiled-in fingerprint: %s.\nTherefore the signature could not be verified.\n"),
     879               sig_fp, SH_GPG_FP);
     880          sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
     881                      _("Fingerprint mismatch"), _("gpg_check_sign"));
     882          status = SH_GPG_BADSIGN;
     883        }
     884#else /* ifdef USE_FINGERPRINT */
     885      if (smsg == S_FALSE)
     886        {
     887          tmp = sh_util_safe_name(sig_id);
     888          sh_gpg_fill_startup (__LINE__,
    1083889                               sh.prg_name, sh.real.uid,
    1084890                               (sh.flag.hidefile == S_TRUE) ?
    1085891                               _("(hidden)") : file_path('C', 'R'),
    1086                                tmp,
    1087                                gp.conf_fp);
    1088               SH_FREE(tmp);
    1089             }
    1090           smsg = S_TRUE;
    1091 #if defined(SH_WITH_SERVER)
    1092 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
    1093           SH_FREE(buffer);
    1094 #endif
    1095 #endif
    1096           SL_RETURN(0, _("sh_gpg_check_sign"));
    1097         }
    1098       else
    1099         {
    1100           /* fp mismatch
    1101            */
    1102           dlog(1, FIL__, __LINE__,
    1103                _("The fingerprint of the signing key: %s\ndoes not match the compiled-in fingerprint: %s.\nTherefore the signature could not be verified.\n"),
    1104                gp.conf_fp, SH_GPG_FP);
    1105           sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
    1106                       _("Fingerprint mismatch"),
    1107                       _("gpg_check_sign"));
    1108           status = SH_GPG_BADSIGN;
    1109         }
    1110 #else
    1111       if (smsg == S_FALSE)
    1112         {
    1113           tmp = sh_util_safe_name(gp.conf_id);
    1114           sh_gpg_fill_startup (__LINE__,
    1115           /* sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH, */
    1116                            sh.prg_name, sh.real.uid,
    1117                            (sh.flag.hidefile == S_TRUE) ?
    1118                            _("(hidden)") : file_path('C', 'R'),
    1119                            tmp,
    1120                            gp.conf_fp);
     892                               tmp,  sig_fp);
    1121893          SH_FREE(tmp);
    1122894        }
    1123895      smsg = S_TRUE;
    1124 #if defined(SH_WITH_SERVER)
    1125 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     896
     897#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R)
    1126898      SH_FREE(buffer);
    1127899#endif
    1128 #endif
     900
    1129901      SL_RETURN(0, _("sh_gpg_check_sign"));
    1130 #endif
    1131     }
    1132  
    1133   else if (SH_GPG_OK == status && (what == 2 || what == 0))
    1134     {
    1135       if ((sl_strcmp(gp.data_id, gp.conf_id) == 0) &&
    1136           (sl_strcmp(gp.data_fp, gp.conf_fp) == 0))
    1137         {
    1138 #if defined(SH_WITH_SERVER)
    1139 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
    1140           SH_FREE(buffer);
    1141 #endif
    1142 #endif
    1143           SL_RETURN(0, _("sh_gpg_check_sign"));
    1144         }
    1145       else
    1146         {
    1147           /* ID or fp not equal
    1148            */
    1149           dlog(1, FIL__, __LINE__,
    1150                _("The fingerprint or ID of the signing key is not the same for the\nconfiguration file and the file signature database.\nTherefore the signature could not be verified.\n"));
    1151           tmp  = sh_util_safe_name (gp.conf_id);
    1152           tmp2 = sh_util_safe_name (gp.data_id);
    1153           sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_GH2,
    1154                            sh.prg_name, sh.real.uid,
    1155                            (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('C', 'R'),
    1156                            tmp,  gp.conf_fp,
    1157                            (sh.flag.hidefile == S_TRUE) ? _("(hidden)") : file_path('D', 'R'),
    1158                            tmp2, gp.data_fp);
    1159           SH_FREE(tmp);
    1160           SH_FREE(tmp2);
    1161         }
     902#endif /* !ifdef USE_FINGERPRINT */
    1162903    }
    1163904
     
    1168909
    1169910#if defined(SH_WITH_SERVER)
    1170 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     911#if defined(USE_GETPWNAM_R)
    1171912      struct passwd    e_pwd;
    1172913      char          *  e_buffer = SH_ALLOC(SH_PWBUF_SIZE);
     
    1186927      dlog(1, FIL__, __LINE__,
    1187928           _("The signature of the configuration file or the file signature database\ncould not be verified. Possible reasons are:\n - gpg binary (%s) not found\n - invalid signature\n - the signature key is not in the private keyring of UID %d,\n - there is no keyring in %s/.gnupg, or\n - the file is not signed - did you move /filename.asc to /filename ?\nTo create a signed file, use (remove old signatures before):\n   gpg -a --clearsign --not-dash-escaped FILE\n   mv FILE.asc FILE\n"),
    1188 #if defined(WITH_GPG)
    1189929           DEFAULT_GPG_PATH,
    1190 #else
    1191            DEFAULT_PGP_PATH,
    1192 #endif
    1193930           (int) e_uid, e_home);
    1194931
    1195 #if defined(SH_WITH_SERVER)
    1196 #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
     932#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R)
    1197933      SH_FREE(e_buffer);
    1198934#endif
    1199 #endif
    1200935    }
    1201936
    1202937  TPT(((0), FIL__, __LINE__, _("msg=<Status = %d>\n"), status));
    1203 
    1204   sh_error_handle((-1), FIL__, __LINE__, status, MSG_EXIT_ABORT1, sh.prg_name);
    1205   aud_exit (FIL__, __LINE__, EXIT_FAILURE);
    1206938
    1207939  return (-1); /* make compiler happy */
     
    1223955   */
    1224956  fdTmp = open_tmp();
     957  if (SL_ISERROR(fdTmp))
     958    {
     959      dlog(1, FIL__, __LINE__, _("Error opening temporary file.\n"));
     960      sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
     961                      _("Error opening temporary file."),
     962                      _("sh_gpg_extract_signed"));
     963      return -1;
     964    }
    1225965
    1226966  fin_cp = fdopen(dup(get_the_fd(fd)), "rb");
Note: See TracChangeset for help on using the changeset viewer.