NetBSD/usr.sbin/pkg_install/add/verify.c

180 lines
5.2 KiB
C

/* $NetBSD: verify.c,v 1.7 2005/11/05 13:11:02 wiz Exp $ */
/*
* Copyright (c) 2001 Alistair G. Crooks. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Alistair G. Crooks.
* 4. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <nbcompat.h>
#if HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 1999 \
The NetBSD Foundation, Inc. All rights reserved.");
__RCSID("$NetBSD: verify.c,v 1.7 2005/11/05 13:11:02 wiz Exp $");
#endif
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#if HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STDLIB_H
#include <stdlib.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "verify.h"
#include "lib.h"
enum {
MaxExtensions = 10
};
/* this struct defines a verification type */
typedef struct ver_t {
const char *name; /* name of type */
const char *command1; /* command to execute to verify */
const char *command2; /* command to execute to verify */
const char *extensions[MaxExtensions]; /* signature file extensions */
} ver_t;
static char *verification_type; /* the verification type which has been selected */
/* called when gpg verification type is selected */
static int
do_verify(const char *pkgname, const char *cmd1, const char *cmd2, const char *const *extensions)
{
struct stat st;
const char *const *ep;
char buf[BUFSIZ];
char f[MaxPathSize];
int ret;
int i;
if (cmd1 == NULL) {
return 1;
}
for (i = 0, ep = extensions ; i < MaxExtensions && *ep ; ep++, i++) {
(void) snprintf(f, sizeof(f), "%s%s", pkgname, *ep);
if (stat(f, &st) == 0) {
(void) fprintf(stderr, "pkg_add: Using signature file: %s\n", f);
ret = (cmd2 == NULL) ? fexec(cmd1, f, NULL) : fexec(cmd1, cmd2, f, NULL);
if (ret != 0) {
(void) fprintf(stderr, "*** WARNING ***: `%s' has a bad signature\n", f);
return 0;
}
(void) fprintf(stderr, "Proceed with addition of %s: [y/n]? ", pkgname);
if (fgets(buf, sizeof(buf), stdin) == NULL) {
(void) fprintf(stderr, "Exiting now...");
exit(EXIT_FAILURE);
}
switch(buf[0]) {
case 'Y':
case 'y':
case '1':
return 1;
}
(void) fprintf(stderr, "Package `%s' will not be added\n", pkgname);
return 0;
}
}
(void) fprintf(stderr, "No valid signature file found for `%s'\n", pkgname);
return 0;
}
/* table holding possible verifications which can be made */
static const ver_t vertab[] = {
{ "none", NULL, NULL, { NULL } },
{ "gpg", "gpg", "--verify", { ".sig", ".asc", NULL } },
{ "pgp5", "pgpv", NULL, { ".sig", ".asc", ".pgp", NULL } },
{ NULL }
};
/* set the verification type - usually called during command line processing */
void
set_verification(const char *type)
{
if (verification_type) {
(void) free(verification_type);
}
verification_type = strdup(type);
}
/* return the type of verification that is being used */
char *
get_verification(void)
{
const ver_t *vp;
if (verification_type != NULL) {
for (vp = vertab ; vp->name ; vp++) {
if (strcasecmp(verification_type, vp->name) == 0) {
return verification_type;
}
}
}
return "none";
}
/* verify the digital signature (if any) on a package */
int
verify(const char *pkg)
{
const ver_t *vp;
if (verification_type == NULL) {
return do_verify(pkg, NULL, NULL, NULL);
}
for (vp = vertab ; vp->name ; vp++) {
if (strcasecmp(verification_type, vp->name) == 0) {
return do_verify(pkg, vp->command1, vp->command2, vp->extensions);
}
}
(void) fprintf(stderr, "Can't find `%s' verification details\n", verification_type);
return 0;
}