Mercurial > trustbridge > trustbridge
changeset 166:199878f09bf1
Merged
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Tue, 25 Mar 2014 12:29:51 +0100 |
parents | d47de01d6ad7 (current diff) 8cfcd38a9bb3 (diff) |
children | 92d7e0b40808 |
files | common/portpath.c |
diffstat | 9 files changed, 296 insertions(+), 189 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/HACKING Tue Mar 25 12:29:51 2014 +0100 @@ -0,0 +1,10 @@ +Please keep C code according to GNU coding standards. + +With regards to the style: + astyle --style=gnu --indent=spaces=2 --pad-paren-out + +For the C++ Ui code please use the kdelibs coding style + astyle --indent=spaces=4 --brackets=linux \ + --indent-labels --pad-oper --unpad-paren --pad-header \ + --keep-one-line-statements --convert-tabs \ + --indent-preprocessor
--- a/cinst/CMakeLists.txt Tue Mar 25 12:25:39 2014 +0100 +++ b/cinst/CMakeLists.txt Tue Mar 25 12:29:51 2014 +0100 @@ -29,6 +29,7 @@ target_link_libraries(mozilla m13_common + ${POLARSSL_LIBRARIES} ${PROFILING_LIBS}) install(TARGETS mozilla DESTINATION bin)
--- a/cinst/main.c Tue Mar 25 12:25:39 2014 +0100 +++ b/cinst/main.c Tue Mar 25 12:29:51 2014 +0100 @@ -59,71 +59,84 @@ * * @returns: 0 on success. An error code otherwise. */ -int readInput(char **certificate_list, char ***to_install, - char ***to_remove, char ***all_certs) +int +readInput (char **certificate_list, char ***to_install, + char ***to_remove, char ***all_certs) { - int lines_read = 0; - int readingList = 0; - size_t list_size = 0; - char buf[MAX_LINE_LENGTH + 2]; + int lines_read = 0; + int readingList = 0; + size_t list_size = 0; + char buf[MAX_LINE_LENGTH + 2]; - if (*certificate_list || *to_install || *to_remove) { - printf("Error invalid parameters\n"); - return -1; + if (*certificate_list || *to_install || *to_remove) + { + printf ("Error invalid parameters\n"); + return -1; } - while (fgets(buf, MAX_LINE_LENGTH + 1, stdin)) { - size_t len = strlen(buf); /* fgets ensures buf is terminated */ - if (len <= 3) { - printf("Line too short.\n"); - return ERR_INVALID_INPUT; + while (fgets (buf, MAX_LINE_LENGTH + 1, stdin) ) + { + size_t len = strlen (buf); /* fgets ensures buf is terminated */ + if (len <= 3) + { + printf ("Line too short.\n"); + return ERR_INVALID_INPUT; } - if (lines_read ++ > MAX_LINES) { - printf("Too many lines\n"); - return ERR_TOO_MUCH_INPUT; + if (lines_read++ > MAX_LINES) + { + printf ("Too many lines\n"); + return ERR_TOO_MUCH_INPUT; } - if (buf[len-2] != '\r') { - if (buf[len-1] != '\n') { - printf("Line too long.\n"); - return ERR_INVALID_INPUT; + if (buf[len - 2] != '\r') + { + if (buf[len - 1] != '\n') + { + printf ("Line too long.\n"); + return ERR_INVALID_INPUT; } - buf[len-1] = '\r'; - buf[len] = '\n'; - buf[len+1] = '\0'; - len++; + buf[len - 1] = '\r'; + buf[len] = '\n'; + buf[len + 1] = '\0'; + len++; } - if (strcmp("-----BEGIN CERTIFICATE LIST-----\r\n", buf) == 0){ - readingList = 1; - continue; - } - if (strcmp("-----END CERTIFICATE LIST-----\r\n", buf) == 0){ - readingList = 0; - continue; + if (strcmp ("-----BEGIN CERTIFICATE LIST-----\r\n", buf) == 0) + { + readingList = 1; + continue; } - if (readingList) { - str_append_str(certificate_list, &list_size, buf, len); - } else if (strcmp("UNINSTALL\r\n", buf) == 0) { - /* Remove trailing \r\n */ - strv_append(to_remove, buf, len - 2); - continue; + if (strcmp ("-----END CERTIFICATE LIST-----\r\n", buf) == 0) + { + readingList = 0; + continue; } - if (*buf == 'I') { - /* Remove leading I: and trailing \r\n */ - strv_append(readingList ? all_certs : to_install, - buf+2, len - 4); - continue; + if (readingList) + { + str_append_str (certificate_list, &list_size, buf, len); } - if (*buf == 'R') { - /* Remove leading R: and trailing \r\n */ - strv_append(readingList ? all_certs : to_remove, - buf+2, len - 4); - continue; + else if (strcmp ("UNINSTALL\r\n", buf) == 0) + { + /* Remove trailing \r\n */ + strv_append (to_remove, buf, len - 2); + continue; + } + if (*buf == 'I') + { + /* Remove leading I: and trailing \r\n */ + strv_append (readingList ? all_certs : to_install, + buf + 2, len - 4); + continue; + } + if (*buf == 'R') + { + /* Remove leading R: and trailing \r\n */ + strv_append (readingList ? all_certs : to_remove, buf + 2, len - 4); + continue; } } - return 0; + return 0; } /** @brief Check that the insturctions match to the list @@ -136,111 +149,133 @@ * * @returns 0 on success, an error otherwise */ -int validate_instructions(char **all_certs, - char **to_validate) +int +validate_instructions (char **all_certs, char **to_validate) { - int i = 0, - j = 0; + int i = 0, j = 0; - if (!all_certs || strv_length(all_certs) < 1) { - /* Invalid parameters */ - return -1; + if (!all_certs || strv_length (all_certs) < 1) + { + /* Invalid parameters */ + return -1; } - if (to_validate == NULL) { - /* Nothing is valid */ - return 0; + if (to_validate == NULL) + { + /* Nothing is valid */ + return 0; } - for (i=0; to_validate[i]; i++) { - bool found = false; - for (j=0; all_certs[j]; j++) { - if (strncmp(to_validate[i], all_certs[j], MAX_LINE_LENGTH - 2) == 0) { - found = true; - break; + for (i = 0; to_validate[i]; i++) + { + bool found = false; + for (j = 0; all_certs[j]; j++) + { + if (strncmp (to_validate[i], all_certs[j], MAX_LINE_LENGTH - 2) == + 0) + { + found = true; + break; } } - if (!found) { - printf("Install instruction with invalid certificate\n."); - return ERR_INVALID_INSTRUCTIONS; + if (!found) + { + printf ("Install instruction with invalid certificate\n."); + return ERR_INVALID_INSTRUCTIONS; } } - return 0; + return 0; } -int main() { - char **to_install = NULL; - char **to_remove = NULL; - char **all_certs = NULL; - char *certificate_list = NULL; - size_t list_len = 0; - int ret = -1; - bool uninstall = false; +int +main () +{ + char **to_install = NULL; + char **to_remove = NULL; + char **all_certs = NULL; + char *certificate_list = NULL; + size_t list_len = 0; + int ret = -1; + bool uninstall = false; - ret = readInput(&certificate_list, &to_install, &to_remove, &all_certs); + ret = readInput (&certificate_list, &to_install, &to_remove, &all_certs); - if (ret) { - return ret; + if (ret) + { + return ret; } - if (!certificate_list) { - return ERR_INVALID_INPUT_NO_LIST; + if (!certificate_list) + { + return ERR_INVALID_INPUT_NO_LIST; } - list_len = strnlen(certificate_list, MAX_INPUT_SIZE); + list_len = strnlen (certificate_list, MAX_INPUT_SIZE); - ret = verify_list(certificate_list, list_len); + ret = verify_list (certificate_list, list_len); - if (ret) { - return ERR_INVALID_SIGNATURE; + if (ret) + { + return ERR_INVALID_SIGNATURE; } - if (!strv_length(to_install) && !strv_length(to_remove)) { - return ERR_NO_INSTRUCTIONS; + if (!strv_length (to_install) && !strv_length (to_remove) ) + { + return ERR_NO_INSTRUCTIONS; } - /* Check that the instructions are ok to execute */ - if (to_install) { - ret = validate_instructions(all_certs, to_install); - if (ret) { - return ret; + /* Check that the instructions are ok to execute */ + if (to_install) + { + ret = validate_instructions (all_certs, to_install); + if (ret) + { + return ret; } } - if (to_remove) { - if (to_remove[0] && strncmp("UNINSTALL", to_remove[0], MAX_LINE_LENGTH) == 0) { - uninstall = true; - strv_free(to_remove); - to_remove = NULL; - } else { - ret = validate_instructions(all_certs, to_remove); - if (ret) { - return ret; + if (to_remove) + { + if (to_remove[0] + && strncmp ("UNINSTALL", to_remove[0], MAX_LINE_LENGTH) == 0) + { + uninstall = true; + strv_free (to_remove); + to_remove = NULL; + } + else + { + ret = validate_instructions (all_certs, to_remove); + if (ret) + { + return ret; } } } - if (uninstall) { - /* To uninstall does not have to be verified as it part of the - * signed list.*/ - to_remove = all_certs; - } else { - strv_free(all_certs); - all_certs = NULL; + if (uninstall) + { + /* To uninstall does not have to be verified as it part of the + * signed list.*/ + to_remove = all_certs; + } + else + { + strv_free (all_certs); + all_certs = NULL; } #ifdef WIN32 - return install_certificates_win((const char**) to_install, true); - //remove_certificates_win((const char**) to_remove, 1); + return write_stores_win (to_install, to_remove, true); #endif - /* Make valgrind happy */ - strv_free(to_install); - strv_free(to_remove); - free(certificate_list); + /* Make valgrind happy */ + strv_free (to_install); + strv_free (to_remove); + free (certificate_list); - return 0; + return 0; }
--- a/cinst/windowsstore.c Tue Mar 25 12:25:39 2014 +0100 +++ b/cinst/windowsstore.c Tue Mar 25 12:29:51 2014 +0100 @@ -1,92 +1,101 @@ #ifdef WIN32 -#include <polarssl/base64.h> -#include "windowsstore.h" +#include <stdio.h> -static LPWSTR getLastErrorMsg() { - LPWSTR bufPtr = NULL; - DWORD err = GetLastError(); - FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | - FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, err, 0, (LPWSTR)&bufPtr, 0, NULL); - if (!bufPtr) { - HMODULE hWinhttp = GetModuleHandleW(L"winhttp"); - if (hWinhttp) { - FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | - FORMAT_MESSAGE_FROM_HMODULE | - FORMAT_MESSAGE_IGNORE_INSERTS, - hWinhttp, HRESULT_CODE(err), 0, - (LPWSTR)&bufPtr, 0, NULL); +#include "windowsstore.h" +#include "errorcodes.h" +#include "listutil.h" +#include "strhelp.h" + +static LPWSTR getLastErrorMsg() +{ + LPWSTR bufPtr = NULL; + DWORD err = GetLastError(); + FormatMessageW (FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, err, 0, (LPWSTR) &bufPtr, 0, NULL); + if (!bufPtr) + { + HMODULE hWinhttp = GetModuleHandleW (L"winhttp"); + if (hWinhttp) + { + FormatMessageW (FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_FROM_HMODULE | + FORMAT_MESSAGE_IGNORE_INSERTS, + hWinhttp, HRESULT_CODE (err), 0, + (LPWSTR) &bufPtr, 0, NULL); } } - if (!bufPtr) - printf("Error getting last error\n"); - return bufPtr; + if (!bufPtr) + printf ("Error getting last error\n"); + return bufPtr; } -int install_certificates_win(const char **to_install, bool user_store) +int write_stores_win (char **to_install, char **to_remove, bool user_store) { - int i = 0; - HCERTSTORE hStore = NULL; + int i = 0; + int ret = -1; + HCERTSTORE hStore = NULL; - if (user_store) { - hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, - 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); - } else { - hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, - 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); + if (user_store) + { + hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, + 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root"); } - - if (!hStore) { - return ERR_STORE_ACCESS_DENIED; + else + { + hStore = CertOpenStore (CERT_STORE_PROV_SYSTEM, 0, + 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root"); } - while (to_install[i]) { - size_t needed_len = 0; - size_t cert_len = strnlen(to_install[i], MAX_LINE_LENGTH); - int ret = -1; - unsigned char *buf; - - /* Check the needed size for the buffer */ - ret = base64_decode(NULL, &needed_len, - (unsigned char *)to_install[i], cert_len); + if (!hStore) + { + return ERR_STORE_ACCESS_DENIED; + } - if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) { - return ERR_INVALID_INSTRUCTIONS; - } + for (i=0; to_install[i]; i++) + { + size_t cert_len = strnlen (to_install[i], MAX_LINE_LENGTH), + buf_size = 0; + char *buf = NULL; - buf = xmalloc(needed_len); - memset (buf, 0, needed_len); + ret = str_base64_decode (&buf, &buf_size, to_install[i], cert_len); - ret = base64_decode(buf, &needed_len, - (unsigned char *)to_install[i], cert_len); - - if (ret != 0) { - return ERR_INVALID_INSTRUCTIONS; + if (ret != 0) + { + return ERR_INVALID_INSTRUCTIONS; } - ret = CertAddEncodedCertificateToStore (hStore, - X509_ASN_ENCODING, - (PBYTE)buf, - needed_len, - CERT_STORE_ADD_ALWAYS, - NULL); + ret = CertAddEncodedCertificateToStore (hStore, + X509_ASN_ENCODING, + (PBYTE) buf, + buf_size, + CERT_STORE_ADD_ALWAYS, + NULL); - if (ret == 0) { - LPWSTR error = getLastErrorMsg(); - if (error) { - printf("Failed to add certificate: %S \n", error); - LocalFree(error); + if (ret == 0) + { + LPWSTR error = getLastErrorMsg(); + if (error) + { + printf ("Failed to add certificate: %S \n", error); + LocalFree (error); } } - i++; - free(buf); + i++; + free (buf); } - if(hStore) { - CertCloseStore(hStore, 0); + for (i=0; to_remove[i]; i++) + { + // TODO } - return 0; + + if (hStore) + { + CertCloseStore (hStore, 0); + } + return 0; } #endif // WIN32
--- a/cinst/windowsstore.h Tue Mar 25 12:25:39 2014 +0100 +++ b/cinst/windowsstore.h Tue Mar 25 12:29:51 2014 +0100 @@ -4,14 +4,19 @@ #include <windows.h> #include <wincrypt.h> -/** @brief Install certificates into Windows store + +#include <stdbool.h> + +/** @brief Access the Windows certificate store * - * @param [in] to_install NULL terminated array of base64 encoded certificates. + * @param [in] to_install strv of DER encoded certificates to be added. + * @param [in] to_remove strv of DER encoded certificates to be remvoed. * @param [in] user_store set to True if the certificates should be installed * only for the current user. O for system wide installation. * @returns 0 on success an errorcode otherwise. */ -int install_certificates_win(const char **to_install, int user_store) +int write_stores_win (char **to_install, char **to_remove, + bool user_store); #endif // WINDOWSSTORE_H #endif // WIN32
--- a/common/errorcodes.h Tue Mar 25 12:25:39 2014 +0100 +++ b/common/errorcodes.h Tue Mar 25 12:29:51 2014 +0100 @@ -2,7 +2,7 @@ #define ERRORCODES_H /* No error */ -#define NO_ERROR 0 +#define ERR_NO_ERROR 0 /* No begin certificate / end certificate could be found */ #define ERR_INVALID_INPUT_NO_LIST 2 /* Too much input for the installer process */
--- a/common/strhelp.c Tue Mar 25 12:25:39 2014 +0100 +++ b/common/strhelp.c Tue Mar 25 12:29:51 2014 +0100 @@ -5,6 +5,8 @@ #include <string.h> #include <assert.h> +#include <polarssl/base64.h> + /* Remarks regarding the "Flawfinder: ignore" comments in this file: * * - strlen: @@ -150,3 +152,33 @@ (*s)[i] = '\0'; } } + +int str_base64_decode(char **dst, size_t *dst_size, char *src, + size_t src_size) +{ + int ret = -1; + + if (!dst || *dst) { + return -1; + } + + /* Check the needed size for the buffer */ + ret = base64_decode(NULL, dst_size, + (unsigned char *)src, src_size); + + if (ret != 0 && ret != POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL) { + return ret; + } + + *dst = xmalloc(*dst_size); + memset (*dst, 0, *dst_size); + + ret = base64_decode((unsigned char *)*dst, dst_size, + (unsigned char *)src, src_size); + if (!ret) { + free (*dst); + *dst = NULL; + dst_size = 0; + } + return ret; +}
--- a/common/strhelp.h Tue Mar 25 12:25:39 2014 +0100 +++ b/common/strhelp.h Tue Mar 25 12:29:51 2014 +0100 @@ -75,4 +75,19 @@ */ bool str_trim (char **s); +/** @brief decode base64 encoded data + * + * The memory allocated for dest needs to be free'd by the + * caller. + * + * @param [out] dst Pointer to the destination. Needs to be NULL + * @param [out] dst_size Size allocated for the destination. + * @param [in] src Pointer to the base64 encoded data. + * @param [in] src_size Size of the encoded data. + * + * @returns 0 on success a polarssl error or -1 otherwise + */ +int str_base64_decode(char **dst, size_t *dst_size, char *src, + size_t src_size); + #endif
--- a/ui/tests/cinstprocesstest.cpp Tue Mar 25 12:25:39 2014 +0100 +++ b/ui/tests/cinstprocesstest.cpp Tue Mar 25 12:29:51 2014 +0100 @@ -46,7 +46,7 @@ installerProcess->write("\r\n"); } - finishVerify(installerProcess, NO_ERROR); + finishVerify(installerProcess, ERR_NO_ERROR); } void CinstProcessTest::initTestCase() { @@ -133,7 +133,7 @@ installerProcess->write("UNINSTALL\r\n"); - finishVerify(installerProcess, NO_ERROR); + finishVerify(installerProcess, ERR_NO_ERROR); } QTEST_GUILESS_MAIN (CinstProcessTest);