From: Lennart Poettering Date: Wed, 21 Jan 2015 02:46:01 +0000 (+0100) Subject: import: make verification code generic, in preparation for using it pull-tar X-Git-Tag: v219~406 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=98c3800184cfc961b19d605f69d555d0cea8bb7a import: make verification code generic, in preparation for using it pull-tar --- diff --git a/src/import/import-job.c b/src/import/import-job.c index 0b103f21b..322aa1a18 100644 --- a/src/import/import-job.c +++ b/src/import/import-job.c @@ -38,22 +38,20 @@ ImportJob* import_job_unref(ImportJob *j) { else if (j->compressed == IMPORT_JOB_GZIP) inflateEnd(&j->gzip); - if (j->hash_context) - gcry_md_close(j->hash_context); + if (j->checksum_context) + gcry_md_close(j->checksum_context); free(j->url); free(j->etag); strv_free(j->old_etags); free(j->payload); - free(j->sha256); + free(j->checksum); free(j); return NULL; } -DEFINE_TRIVIAL_CLEANUP_FUNC(ImportJob*, import_job_unref); - static void import_job_finish(ImportJob *j, int ret) { assert(j); @@ -124,23 +122,23 @@ void import_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result) { goto finish; } - if (j->hash_context) { + if (j->checksum_context) { uint8_t *k; - k = gcry_md_read(j->hash_context, GCRY_MD_SHA256); + k = gcry_md_read(j->checksum_context, GCRY_MD_SHA256); if (!k) { log_error("Failed to get checksum."); r = -EIO; goto finish; } - j->sha256 = hexmem(k, gcry_md_get_algo_dlen(GCRY_MD_SHA256)); - if (!j->sha256) { + j->checksum = hexmem(k, gcry_md_get_algo_dlen(GCRY_MD_SHA256)); + if (!j->checksum) { r = log_oom(); goto finish; } - log_debug("SHA256 of %s is %s.", j->url, j->sha256); + log_debug("SHA256 of %s is %s.", j->url, j->checksum); } if (j->disk_fd >= 0 && j->allow_sparse) { @@ -243,8 +241,8 @@ static int import_job_write_compressed(ImportJob *j, void *p, size_t sz) { return -EFBIG; } - if (j->hash_context) - gcry_md_write(j->hash_context, p, sz); + if (j->checksum_context) + gcry_md_write(j->checksum_context, p, sz); switch (j->compressed) { @@ -335,8 +333,8 @@ static int import_job_open_disk(ImportJob *j) { } } - if (j->calc_hash) { - if (gcry_md_open(&j->hash_context, GCRY_MD_SHA256, 0) != 0) { + if (j->calc_checksum) { + if (gcry_md_open(&j->checksum_context, GCRY_MD_SHA256, 0) != 0) { log_error("Failed to initialize hash context."); return -EIO; } diff --git a/src/import/import-job.h b/src/import/import-job.h index 9ccaaf2c0..a9b58e633 100644 --- a/src/import/import-job.h +++ b/src/import/import-job.h @@ -96,10 +96,10 @@ struct ImportJob { bool allow_sparse; - bool calc_hash; - gcry_md_hd_t hash_context; + bool calc_checksum; + gcry_md_hd_t checksum_context; - char *sha256; + char *checksum; }; int import_job_new(ImportJob **job, const char *url, CurlGlue *glue, void *userdata); @@ -108,3 +108,5 @@ ImportJob* import_job_unref(ImportJob *job); int import_job_begin(ImportJob *j); void import_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result); + +DEFINE_TRIVIAL_CLEANUP_FUNC(ImportJob*, import_job_unref); diff --git a/src/import/import-raw.c b/src/import/import-raw.c index 67c805ed4..d2cb053b5 100644 --- a/src/import/import-raw.c +++ b/src/import/import-raw.c @@ -21,9 +21,7 @@ #include #include -#include #include -#include #include "utf8.h" #include "strv.h" @@ -47,7 +45,7 @@ struct RawImport { char *image_root; ImportJob *raw_job; - ImportJob *sha256sums_job; + ImportJob *checksum_job; ImportJob *signature_job; RawImportFinished on_finished; @@ -67,7 +65,7 @@ RawImport* raw_import_unref(RawImport *i) { return NULL; import_job_unref(i->raw_job); - import_job_unref(i->sha256sums_job); + import_job_unref(i->checksum_job); import_job_unref(i->signature_job); curl_glue_unref(i->glue); @@ -251,170 +249,6 @@ static int raw_import_make_local_copy(RawImport *i) { return 0; } -static int raw_import_verify_sha256sum(RawImport *i) { - _cleanup_close_pair_ int gpg_pipe[2] = { -1, -1 }; - _cleanup_free_ char *fn = NULL; - _cleanup_close_ int sig_file = -1; - const char *p, *line; - char sig_file_path[] = "/tmp/sigXXXXXX"; - _cleanup_sigkill_wait_ pid_t pid = 0; - int r; - - assert(i); - - assert(i->raw_job); - - if (!i->sha256sums_job) - return 0; - - assert(i->raw_job->state == IMPORT_JOB_DONE); - assert(i->raw_job->sha256); - - assert(i->sha256sums_job->state == IMPORT_JOB_DONE); - assert(i->sha256sums_job->payload); - assert(i->sha256sums_job->payload_size > 0); - - r = import_url_last_component(i->raw_job->url, &fn); - if (r < 0) - return log_oom(); - - if (!filename_is_valid(fn)) { - log_error("Cannot verify checksum, could not determine valid server-side file name."); - return -EBADMSG; - } - - line = strappenda(i->raw_job->sha256, " *", fn, "\n"); - - p = memmem(i->sha256sums_job->payload, - i->sha256sums_job->payload_size, - line, - strlen(line)); - - if (!p || (p != (char*) i->sha256sums_job->payload && p[-1] != '\n')) { - log_error("Checksum did not check out, payload has been tempered with."); - return -EBADMSG; - } - - log_info("SHA256 checksum of %s is valid.", i->raw_job->url); - - if (!i->signature_job) - return 0; - - assert(i->signature_job->state == IMPORT_JOB_DONE); - assert(i->signature_job->payload); - assert(i->signature_job->payload_size > 0); - - r = pipe2(gpg_pipe, O_CLOEXEC); - if (r < 0) - return log_error_errno(errno, "Failed to create pipe: %m"); - - sig_file = mkostemp(sig_file_path, O_RDWR); - if (sig_file < 0) - return log_error_errno(errno, "Failed to create temporary file: %m"); - - r = loop_write(sig_file, i->signature_job->payload, i->signature_job->payload_size, false); - if (r < 0) { - log_error_errno(r, "Failed to write to temporary file: %m"); - goto finish; - } - - pid = fork(); - if (pid < 0) - return log_error_errno(errno, "Failed to fork off gpg: %m"); - if (pid == 0) { - const char *cmd[] = { - "gpg", - "--no-options", - "--no-default-keyring", - "--no-auto-key-locate", - "--no-auto-check-trustdb", - "--batch", - "--trust-model=always", - "--keyring=" VENDOR_KEYRING_PATH, - NULL, /* maybe user keyring */ - NULL, /* --verify */ - NULL, /* signature file */ - NULL, /* dash */ - NULL /* trailing NULL */ - }; - unsigned k = ELEMENTSOF(cmd) - 5; - int null_fd; - - /* Child */ - - reset_all_signal_handlers(); - reset_signal_mask(); - assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); - - gpg_pipe[1] = safe_close(gpg_pipe[1]); - - if (dup2(gpg_pipe[0], STDIN_FILENO) != STDIN_FILENO) { - log_error_errno(errno, "Failed to dup2() fd: %m"); - _exit(EXIT_FAILURE); - } - - if (gpg_pipe[0] != STDIN_FILENO) - gpg_pipe[0] = safe_close(gpg_pipe[0]); - - null_fd = open("/dev/null", O_WRONLY|O_NOCTTY); - if (null_fd < 0) { - log_error_errno(errno, "Failed to open /dev/null: %m"); - _exit(EXIT_FAILURE); - } - - if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) { - log_error_errno(errno, "Failed to dup2() fd: %m"); - _exit(EXIT_FAILURE); - } - - if (null_fd != STDOUT_FILENO) - null_fd = safe_close(null_fd); - - /* We add the user keyring only to the command line - * arguments, if it's around since gpg fails - * otherwise. */ - if (access(USER_KEYRING_PATH, F_OK) >= 0) - cmd[k++] = "--keyring=" USER_KEYRING_PATH; - - cmd[k++] = "--verify"; - cmd[k++] = sig_file_path; - cmd[k++] = "-"; - cmd[k++] = NULL; - - execvp("gpg", (char * const *) cmd); - log_error_errno(errno, "Failed to execute gpg: %m"); - _exit(EXIT_FAILURE); - } - - gpg_pipe[0] = safe_close(gpg_pipe[0]); - - r = loop_write(gpg_pipe[1], i->sha256sums_job->payload, i->sha256sums_job->payload_size, false); - if (r < 0) { - log_error_errno(r, "Failed to write to pipe: %m"); - goto finish; - } - - gpg_pipe[1] = safe_close(gpg_pipe[1]); - - r = wait_for_terminate_and_warn("gpg", pid, true); - pid = 0; - if (r < 0) - goto finish; - if (r > 0) { - log_error("Signature verification failed."); - r = -EBADMSG; - } else { - log_info("Signature verification succeeded."); - r = 0; - } - -finish: - if (sig_file >= 0) - unlink(sig_file_path); - - return r; -} - static void raw_import_job_on_finished(ImportJob *j) { RawImport *i; int r; @@ -424,7 +258,7 @@ static void raw_import_job_on_finished(ImportJob *j) { i = j->userdata; if (j->error != 0) { - if (j == i->sha256sums_job) + if (j == i->checksum_job) log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)"); else if (j == i->signature_job) log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)"); @@ -442,17 +276,18 @@ static void raw_import_job_on_finished(ImportJob *j) { * * We only do something when we got all three files */ - if (!IMPORT_JOB_STATE_IS_COMPLETE(i->raw_job)) + if (i->raw_job->state != IMPORT_JOB_DONE) return; - if (i->sha256sums_job && !IMPORT_JOB_STATE_IS_COMPLETE(i->sha256sums_job)) + if (i->checksum_job && i->checksum_job->state != IMPORT_JOB_DONE) return; - if (i->signature_job && !IMPORT_JOB_STATE_IS_COMPLETE(i->signature_job)) + if (i->signature_job && i->signature_job->state != IMPORT_JOB_DONE) return; if (!i->raw_job->etag_exists) { + /* This is a new download, verify it, and move it into place */ assert(i->raw_job->disk_fd >= 0); - r = raw_import_verify_sha256sum(i); + r = import_verify(i->raw_job, i->checksum_job, i->signature_job); if (r < 0) goto finish; @@ -546,50 +381,22 @@ int raw_import_pull(RawImport *i, const char *url, const char *local, bool force i->raw_job->on_finished = raw_import_job_on_finished; i->raw_job->on_open_disk = raw_import_job_on_open_disk; - i->raw_job->calc_hash = true; + i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO; r = import_find_old_etags(url, i->image_root, DT_REG, ".raw-", ".raw", &i->raw_job->old_etags); if (r < 0) return r; - if (verify != IMPORT_VERIFY_NO) { - _cleanup_free_ char *sha256sums_url = NULL; - - /* Queue job for the SHA256SUMS file for the image */ - r = import_url_change_last_component(url, "SHA256SUMS", &sha256sums_url); - if (r < 0) - return r; - - r = import_job_new(&i->sha256sums_job, sha256sums_url, i->glue, i); - if (r < 0) - return r; - - i->sha256sums_job->on_finished = raw_import_job_on_finished; - i->sha256sums_job->uncompressed_max = i->sha256sums_job->compressed_max = 1ULL * 1024ULL * 1024ULL; - } - - if (verify == IMPORT_VERIFY_SIGNATURE) { - _cleanup_free_ char *sha256sums_sig_url = NULL; - - /* Queue job for the SHA256SUMS.gpg file for the image. */ - r = import_url_change_last_component(url, "SHA256SUMS.gpg", &sha256sums_sig_url); - if (r < 0) - return r; - - r = import_job_new(&i->signature_job, sha256sums_sig_url, i->glue, i); - if (r < 0) - return r; - - i->signature_job->on_finished = raw_import_job_on_finished; - i->signature_job->uncompressed_max = i->signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL; - } + r = import_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_import_job_on_finished, i); + if (r < 0) + return r; r = import_job_begin(i->raw_job); if (r < 0) return r; - if (i->sha256sums_job) { - r = import_job_begin(i->sha256sums_job); + if (i->checksum_job) { + r = import_job_begin(i->checksum_job); if (r < 0) return r; } diff --git a/src/import/import-util.c b/src/import/import-util.c index 79c60b376..a36e83bdc 100644 --- a/src/import/import-util.c +++ b/src/import/import-util.c @@ -19,10 +19,13 @@ along with systemd; If not, see . ***/ +#include + #include "util.h" #include "strv.h" #include "copy.h" #include "btrfs-util.h" +#include "import-job.h" #include "import-util.h" #define FILENAME_ESCAPE "/.#\"\'" @@ -278,3 +281,234 @@ static const char* const import_verify_table[_IMPORT_VERIFY_MAX] = { }; DEFINE_STRING_TABLE_LOOKUP(import_verify, ImportVerify); + +int import_make_verification_jobs( + ImportJob **ret_checksum_job, + ImportJob **ret_signature_job, + ImportVerify verify, + const char *url, + CurlGlue *glue, + ImportJobFinished on_finished, + void *userdata) { + + _cleanup_(import_job_unrefp) ImportJob *checksum_job = NULL, *signature_job = NULL; + int r; + + assert(ret_checksum_job); + assert(ret_signature_job); + assert(verify >= 0); + assert(verify < _IMPORT_VERIFY_MAX); + assert(url); + assert(glue); + + if (verify != IMPORT_VERIFY_NO) { + _cleanup_free_ char *checksum_url = NULL; + + /* Queue job for the SHA256SUMS file for the image */ + r = import_url_change_last_component(url, "SHA256SUMS", &checksum_url); + if (r < 0) + return r; + + r = import_job_new(&checksum_job, checksum_url, glue, userdata); + if (r < 0) + return r; + + checksum_job->on_finished = on_finished; + checksum_job->uncompressed_max = checksum_job->compressed_max = 1ULL * 1024ULL * 1024ULL; + } + + if (verify == IMPORT_VERIFY_SIGNATURE) { + _cleanup_free_ char *signature_url = NULL; + + /* Queue job for the SHA256SUMS.gpg file for the image. */ + r = import_url_change_last_component(url, "SHA256SUMS.gpg", &signature_url); + if (r < 0) + return r; + + r = import_job_new(&signature_job, signature_url, glue, userdata); + if (r < 0) + return r; + + signature_job->on_finished = on_finished; + signature_job->uncompressed_max = signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL; + } + + *ret_checksum_job = checksum_job; + *ret_signature_job = signature_job; + + checksum_job = signature_job = NULL; + + return 0; +} + +int import_verify( + ImportJob *main_job, + ImportJob *checksum_job, + ImportJob *signature_job) { + + _cleanup_close_pair_ int gpg_pipe[2] = { -1, -1 }; + _cleanup_free_ char *fn = NULL; + _cleanup_close_ int sig_file = -1; + const char *p, *line; + char sig_file_path[] = "/tmp/sigXXXXXX"; + _cleanup_sigkill_wait_ pid_t pid = 0; + int r; + + assert(main_job); + assert(main_job->state == IMPORT_JOB_DONE); + + if (!checksum_job) + return 0; + + assert(main_job->calc_checksum); + assert(main_job->checksum); + assert(checksum_job->state == IMPORT_JOB_DONE); + + if (!checksum_job->payload || checksum_job->payload_size <= 0) { + log_error("Checksum is empty, cannot verify."); + return -EBADMSG; + } + + r = import_url_last_component(main_job->url, &fn); + if (r < 0) + return log_oom(); + + if (!filename_is_valid(fn)) { + log_error("Cannot verify checksum, could not determine valid server-side file name."); + return -EBADMSG; + } + + line = strappenda(main_job->checksum, " *", fn, "\n"); + + p = memmem(checksum_job->payload, + checksum_job->payload_size, + line, + strlen(line)); + + if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) { + log_error("Checksum did not check out, payload has been tempered with."); + return -EBADMSG; + } + + log_info("SHA256 checksum of %s is valid.", main_job->url); + + if (!signature_job) + return 0; + + assert(signature_job->state == IMPORT_JOB_DONE); + + if (!signature_job->payload || signature_job->payload_size <= 0) { + log_error("Signature is empty, cannot verify."); + return -EBADMSG; + } + + r = pipe2(gpg_pipe, O_CLOEXEC); + if (r < 0) + return log_error_errno(errno, "Failed to create pipe: %m"); + + sig_file = mkostemp(sig_file_path, O_RDWR); + if (sig_file < 0) + return log_error_errno(errno, "Failed to create temporary file: %m"); + + r = loop_write(sig_file, signature_job->payload, signature_job->payload_size, false); + if (r < 0) { + log_error_errno(r, "Failed to write to temporary file: %m"); + goto finish; + } + + pid = fork(); + if (pid < 0) + return log_error_errno(errno, "Failed to fork off gpg: %m"); + if (pid == 0) { + const char *cmd[] = { + "gpg", + "--no-options", + "--no-default-keyring", + "--no-auto-key-locate", + "--no-auto-check-trustdb", + "--batch", + "--trust-model=always", + "--keyring=" VENDOR_KEYRING_PATH, + NULL, /* maybe user keyring */ + NULL, /* --verify */ + NULL, /* signature file */ + NULL, /* dash */ + NULL /* trailing NULL */ + }; + unsigned k = ELEMENTSOF(cmd) - 5; + int null_fd; + + /* Child */ + + reset_all_signal_handlers(); + reset_signal_mask(); + assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); + + gpg_pipe[1] = safe_close(gpg_pipe[1]); + + if (dup2(gpg_pipe[0], STDIN_FILENO) != STDIN_FILENO) { + log_error_errno(errno, "Failed to dup2() fd: %m"); + _exit(EXIT_FAILURE); + } + + if (gpg_pipe[0] != STDIN_FILENO) + gpg_pipe[0] = safe_close(gpg_pipe[0]); + + null_fd = open("/dev/null", O_WRONLY|O_NOCTTY); + if (null_fd < 0) { + log_error_errno(errno, "Failed to open /dev/null: %m"); + _exit(EXIT_FAILURE); + } + + if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) { + log_error_errno(errno, "Failed to dup2() fd: %m"); + _exit(EXIT_FAILURE); + } + + if (null_fd != STDOUT_FILENO) + null_fd = safe_close(null_fd); + + /* We add the user keyring only to the command line + * arguments, if it's around since gpg fails + * otherwise. */ + if (access(USER_KEYRING_PATH, F_OK) >= 0) + cmd[k++] = "--keyring=" USER_KEYRING_PATH; + + cmd[k++] = "--verify"; + cmd[k++] = sig_file_path; + cmd[k++] = "-"; + cmd[k++] = NULL; + + execvp("gpg", (char * const *) cmd); + log_error_errno(errno, "Failed to execute gpg: %m"); + _exit(EXIT_FAILURE); + } + + gpg_pipe[0] = safe_close(gpg_pipe[0]); + + r = loop_write(gpg_pipe[1], checksum_job->payload, checksum_job->payload_size, false); + if (r < 0) { + log_error_errno(r, "Failed to write to pipe: %m"); + goto finish; + } + + gpg_pipe[1] = safe_close(gpg_pipe[1]); + + r = wait_for_terminate_and_warn("gpg", pid, true); + pid = 0; + if (r < 0) + goto finish; + if (r > 0) { + log_error("Signature verification failed."); + r = -EBADMSG; + } else { + log_info("Signature verification succeeded."); + r = 0; + } + +finish: + if (sig_file >= 0) + unlink(sig_file_path); + + return r; +} diff --git a/src/import/import-util.h b/src/import/import-util.h index 811f3fa6d..6c63fc32a 100644 --- a/src/import/import-util.h +++ b/src/import/import-util.h @@ -23,6 +23,8 @@ #include +#include "import-job.h" + typedef enum ImportVerify { IMPORT_VERIFY_NO, IMPORT_VERIFY_SUM, @@ -47,3 +49,6 @@ int import_url_change_last_component(const char *url, const char *suffix, char * const char* import_verify_to_string(ImportVerify v) _const_; ImportVerify import_verify_from_string(const char *s) _pure_; + +int import_make_verification_jobs(ImportJob **ret_checksum_job, ImportJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, ImportJobFinished on_finished, void *userdata); +int import_verify(ImportJob *main_job, ImportJob *checksum_job, ImportJob *signature_job);