Mercurial > trustbridge
annotate common/listutil.h @ 648:e41a2537b84d
Implement root installation
We now iterate over all users that do not obviously have their
login shell disabled and look for NSS directories in their home
directory, dropping our privileges to do so.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 25 Jun 2014 12:44:47 +0200 |
| parents | bf54c9fc0d63 |
| children | 44257ecdae6d |
| rev | line source |
|---|---|
| 404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
| 2 * Software engineering by Intevation GmbH | |
| 3 * | |
| 4 * This file is Free Software under the GNU GPL (v>=2) | |
| 5 * and comes with ABSOLUTELY NO WARRANTY! | |
| 6 * See LICENSE.txt for details. | |
| 7 */ | |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
8 #ifndef LISTUTIL_H |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
9 #define LISTUTIL_H |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
10 |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
11 #ifdef __cplusplus |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
12 extern "C" { |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
13 #endif |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <stddef.h> |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
17 /** |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 * @file listutil.h |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 * @brief Functions to work with the certificate list. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 */ |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
22 /** |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
23 * @brief Status of the List Operations |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
24 */ |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
25 typedef enum { |
|
578
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
26 Valid = 100, /*! Could be read and signature matched */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
27 UnknownError = 1, /*! The expected unexpected */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
28 TooLarge = 2, /*! Failed because the file exeeds the limit */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
29 InvalidFormat = 3, /*! File does not appear to be in list format */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
30 InvalidSignature = 4, /*! Signature was invalid */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
31 SeekFailed = 5, /*! Could not seek in the file */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
32 ReadFailed = 6, /*! File exists but could not read the file */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
33 IncompatibleVersion = 7, /*! The Format Version does not match */ |
|
bf54c9fc0d63
Doxygen comments for list_status_t
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
34 NoList = 8 /*! No list parsed */ |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 } list_status_t; |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
37 /* Definitions based on the format */ |
|
123
571f68c7a38f
Specified line length is 9999 and not 1000!
Andre Heinecke <aheinecke@intevation.de>
parents:
70
diff
changeset
|
38 #define MAX_LINE_LENGTH 9999 |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
39 #define MAX_LINES 1000 |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
40 |
|
4
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
41 /** |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
42 * @brief Obtain the complete and verified Certificate list. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
43 * |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
44 * This checks if the file fileName is a valid certificate |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 * list signed by the key specified in pubkey.h |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 * |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
47 * The caller has to free data. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 * |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 * @param[in] fileName Name of the file (UTF-8 encoded). |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
50 * @param[out] data Newly allocated pointer to the file content. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 * @param[out] size Size in Bytes of the file content. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 * |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
53 * @return status of the operation. |
|
9849250f50f2
Start implementation of certificatelist parser
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
54 */ |
|
28
e783fd99a9eb
Add public key parsing
Andre Heinecke <aheinecke@intevation.de>
parents:
22
diff
changeset
|
55 list_status_t read_and_verify_list(const char *fileName, char **data, size_t *size); |
|
59
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
56 |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
57 /** @brief verify the certificate list |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
58 * |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
59 * The public key to verify against is the static publicKeyPEM data defined |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
60 * in the pubkey header. |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
61 * |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
62 * @param [in] data the list data |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
63 * @param [in] size the size of the data |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
64 * |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
65 * @returns 0 if the list is valid a polarssl error or -1 otherwise |
|
3f6378647371
Start work on cinst. Strhelp new helpers to work with C String
Andre Heinecke <aheinecke@intevation.de>
parents:
31
diff
changeset
|
66 */ |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
67 int verify_list(const char *data, const size_t size); |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
68 |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
123
diff
changeset
|
69 /** @brief get a list of the certificates marked with I: or R: |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
70 * |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
123
diff
changeset
|
71 * Get a list of certificates that are contained in the |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
72 * certificatelist pointed to by data. |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
73 * On Success this function makes a copy of the certificates |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
74 * and the certificates need to be freed by the caller. |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
75 * |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
76 * @param [in] data the certificatelist to parse |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
77 * @param [in] size the size of the certificatelist |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
78 * |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
79 * @returns a newly allocated array of strings containing the encoded |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
80 * certificates or NULL on error. |
|
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
81 * */ |
|
286
881ce5126f07
Add helper function to get all certificates in a list
Andre Heinecke <aheinecke@intevation.de>
parents:
123
diff
changeset
|
82 char **get_certs_from_list (char *data, const size_t size); |
|
68
8ffbb48528ae
Add certificate installation for windows
Andre Heinecke <aheinecke@intevation.de>
parents:
59
diff
changeset
|
83 |
|
7
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
84 #ifdef __cplusplus |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
85 } |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
86 #endif |
|
992c0ec57660
Add unit tests make CertificateList work.
Andre Heinecke <aheinecke@intevation.de>
parents:
4
diff
changeset
|
87 #endif |