Changeset 550 for trunk/src

Timestamp:

Oct 31, 2019, 9:13:12 PM (5 years ago)

Author:

katerina

Message:

Fix for ticket #442 (support for OpenBSD signify).

Location:

trunk/src

Files:

• depend-gen.c (modified) (1 diff)
• samhain.c (modified) (4 diffs)
• sh_calls.c (modified) (1 diff)
• sh_dbIO.c (modified) (4 diffs)
• sh_getopt.c (modified) (1 diff)
• sh_gpg.c (deleted)
• sh_hash.c (modified) (1 diff)
• sh_readconf.c (modified) (7 diffs)
• sh_sig.c (added)
• sh_tools.c (modified) (1 diff)
• sh_unix.c (modified) (5 diffs)

trunk/src/depend-gen.c

@@ -245 +245 @@
            *
            **************************************************/
-          if (0 == strcmp(p, "sh_gpg_chksum.h") ||
+          if (0 == strcmp(p, "sh_sig_chksum.h") ||
               0 == strcmp(p, "sh_gpg_fp.h"))
             {

trunk/src/samhain.c

@@ -77 +77 @@
 
 #include "sh_tiger.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_mem.h"
 #include "sh_xfer.h"
@@ -1907 +1907 @@
 #if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT)
 
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
   /* log startup */
-  sh_gpg_log_startup ();
+  sh_sig_log_startup ();
 #else
   sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,
@@ -1930 +1930 @@
   if (sh.flag.checkSum == SH_CHECK_CHECK) 
     {
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
       /* log startup */
-      sh_gpg_log_startup ();
+      sh_sig_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H,
@@ -1942 +1942 @@
   else
     {
-#if (defined(WITH_GPG) || defined(WITH_PGP))
+#if defined(WITH_GPG)
       /* log startup */
-      sh_gpg_log_startup ();
+      sh_sig_log_startup ();
 #else
       sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H,

trunk/src/sh_calls.c

@@ -533 +533 @@
 
 long int retry_aud_execve  (const char * file, int line, 
-                            const  char *dateiname, char * argv[],
-                            char * envp[])
+                            const  char *dateiname, char *const argv[],
+                            char *const envp[])
 {
   uid_t a = geteuid();

trunk/src/sh_dbIO.c

@@ -31 +31 @@
 #include "sh_hash.h"
 #include "sh_dbIO.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_tiger.h"
 #include "sh_xfer.h"
@@ -852 +852 @@
 static SL_TICKET verify_data (SL_TICKET fd)
 {
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
   SL_TICKET fdTmp;
 
   /* extract the data and copy to temporary file
    */
-  fdTmp = sh_gpg_extract_signed(fd);
+  fdTmp = sh_sig_extract_signed(fd);
 
   if (sig_termfast == 1)  /* SIGTERM */
@@ -871 +871 @@
   /* Validate signature of open file.
    */
-  if (0 != sh_gpg_check_sign (fd, SIG_DATA))
+  if (0 != sh_sig_check_signature (fd, SIG_DATA))
     {
       sl_close(fd);
@@ -877 +877 @@
     }
   sl_rewind (fd);
+
+  fdTmp = sh_sig_extract_signed_data(fd);
+  sl_close(fd);
+  fd = fdTmp;  
 #endif
 

trunk/src/sh_getopt.c

@@ -481 +481 @@
 #ifdef WITH_GPG
   if (num > 0) fputc ('\n', stdout);
-  printf (_(" GnuPG signatures (%s)"), DEFAULT_GPG_PATH); ++num;
-#ifdef HAVE_GPG_CHECKSUM
-  if (num > 0) fputc ('\n', stdout);
-  printf (_("   -- GnuPG checksum:  %s"), GPG_HASH); ++num;
+  printf (_(" GnuPG signatures (%s)"), DEFAULT_SIG_PATH); ++num;
+#ifdef HAVE_SIG_CHECKSUM
+  if (num > 0) fputc ('\n', stdout);
+  printf (_("   -- GnuPG checksum:  %s"), SIG_HASH); ++num;
 #endif
 #ifdef USE_FINGERPRINT

trunk/src/sh_hash.c

@@ -54 +54 @@
 #include "sh_error.h"
 #include "sh_tiger.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_unix.h"
 #include "sh_files.h"

trunk/src/sh_readconf.c

@@ -34 +34 @@
 #include "sh_files.h"
 #include "sh_xfer.h"
-#include "sh_gpg.h"
+#include "sh_sig.h"
 #include "sh_hash.h"
 #include "sh_dbIO.h"
@@ -352 +352 @@
   SL_TICKET    fdTmp = -1;
 #endif
-#if defined(WITH_GPG) || defined(WITH_PGP)
-  SL_TICKET    fdGpg = -1;
+#if defined(WITH_SIG) 
+  SL_TICKET    fdSIG = -1;
 #endif
   char * tmp;
@@ -369 +369 @@
   char   local_flag = 'R';
 
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
   int    signed_content = S_FALSE;
   int    true_content   = S_FALSE;
@@ -470 +470 @@
         sl_write_line(fdTmp, line_in, sl_strlen(line_in));
       }
-#if defined(WITH_GPG) || defined(WITH_PGP)
-    if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25))
+#if defined(WITH_SIG)
+    if (S_TRUE == sh_sig_data_end(line_in))
       break;
 #else
@@ -485 +485 @@
 #endif
 
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
 
   /* extract the data and copy to temporary file
    */
-  fdGpg = sh_gpg_extract_signed(fd);
+  fdSIG = sh_sig_extract_signed(fd);
 
   sl_close(fd);
-  fd = fdGpg;
+  fd = fdSIG;
 
   /* Validate signature of open file.
    */
-  if (0 != sh_gpg_check_sign (fd, SIG_CONF))
+  if (0 != sh_sig_check_signature (fd, SIG_CONF))
     {
       SH_FREE(line_in);
@@ -520 +520 @@
     /* Sun May 27 18:40:05 CEST 2001
      */
-#if defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(WITH_SIG)
     if (signed_content == S_FALSE)
       { 
-        if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
+        if (S_TRUE == sh_sig_msg_start(line))
           signed_content = S_TRUE;
         else 
           continue;
       }
-    else if (true_content == S_FALSE)
-      {
-        if (line[0] == '\n')
-          true_content = S_TRUE;
-        else
-          continue;
-      }
-    else if (signed_content == S_TRUE)
+    else /* if (signed_content == S_TRUE) */
       { 
-        if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----")))
+        if (S_TRUE == sh_sig_msg_end(line))
           break;
-        else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
+        else if (S_TRUE == sh_sig_msg_start(line))
           {
             sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
@@ -551 +544 @@
             aud_exit (FIL__, __LINE__,EXIT_FAILURE);
           }
+      }
+
+    if (true_content == S_FALSE) /* continue if in header */
+      {
+        if (S_TRUE == sh_sig_msg_startdata(line))
+          true_content = S_TRUE;
+        else
+          continue;
       }
 #endif

trunk/src/sh_tools.c

@@ -2075 +2075 @@
 #endif
 
-#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP)
+#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_SIG)
 
 /* --------- secure temporary file ------------ */

trunk/src/sh_unix.c

@@ -5407 +5407 @@
 {
   int                  add_off = 0, llen;
+  unsigned long        bread;
   static unsigned long off_data   = 0;
   static unsigned long max_data   = 0;
@@ -5454 +5455 @@
   /* --- Read one line. ---
    */
-  add_off   = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read);
-  off_data += add_off;
+  add_off   = hideout_hex_block(fd, (unsigned char *) str, len, &bread);
+  if (add_off > 0)
+    off_data += add_off;
+  bytes_read += bread;
+
+  if (bread == 0 || add_off <= 0) /* EOF */
+    str[0] = '\0';
 
   llen = sl_strlen(str);
@@ -5477 +5483 @@
   ASSERT_RET((len > 1), _("len > 1"), (0));
 
+  str[0] = '\0';
+  *bytes_read = 0;
   --len;
 
@@ -5494 +5502 @@
               do {
                 do {
+                  errno = 0;
                   num = sl_read (fd, &c, 1);
                 } while (num == 0 && errno == EINTR);
                 if (num > 0)
                   ++here;
-                else if (num == 0)
-                  SL_RETURN((0), _("hideout_hex_block"));
-                else 
+                else if (num == 0) {
                   SL_RETURN((-1), _("hideout_hex_block"));
+                }
+                else {
+                  SL_RETURN((-1), _("hideout_hex_block"));
+                }
               } while (c == '\n' || c == '\t' || c == '\r' || 
                        c == ' ');
@@ -5523 +5534 @@
   if (i != 0)
     str[i] = '\0';
+  else if (str[0] == '\n')
+    str[i+1] = '\0'; /* keep newline and terminate */
   else
-    str[i+1] = '\0'; /* keep newline and terminate */
+    str[0] = '\0';
   retval += here;
   *bytes_read += (bread/8);