From 7e1027342a3cff95635ba2107f283321cf0efa08 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jos=C3=A9=20Bollo?= Date: Fri, 11 Dec 2015 18:01:18 +0100 Subject: [PATCH] work in progress Change-Id: I65416563a8dc54e877df03a304fe4cbd42ebb3da --- src/Makefile.am | 7 ++++- src/wgt-info.c | 18 +++++++++++ src/wgt-info.h | 2 ++ src/wgtpkg-digsig.c | 23 ++++++++++++-- src/wgtpkg-install.c | 87 +++++++++++++++++++++++++++++++++------------------- src/wgtpkg-xmlsec.c | 22 +++++++++---- 6 files changed, 118 insertions(+), 41 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 9767941..a538a38 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -29,14 +29,19 @@ APPFWK = \ #pkgsysconfdir = $(sysconfdir) pkgsysconfdir = . + AM_CFLAGS = -Wall -Wno-pointer-sign AM_CFLAGS += -ffunction-sections -fdata-sections AM_CFLAGS += ${ZIP_CFLAGS} ${XML2_CFLAGS} ${OPENSSL_CFLAGS} ${XMLSEC_CFLAGS} + + AM_CFLAGS += -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\" AM_CFLAGS += -DPREFIXPERMISSION=\"urn:agl-perm:\" -AM_CFLAGS += -DAGLWIDGET=\"urn:agl-widget\" +AM_CFLAGS += -DICONDESTDIR=\"\" + + AM_LDFLAGS = -Wl,--gc-sections diff --git a/src/wgt-info.c b/src/wgt-info.c index d5f664b..61779e0 100644 --- a/src/wgt-info.c +++ b/src/wgt-info.c @@ -423,3 +423,21 @@ void wgt_info_dump(struct wgt_info *ifo, int fd, const char *prefix) } } +const struct wgt_desc_feature *wgt_info_feature(struct wgt_info *ifo, const char *name) +{ + const struct wgt_desc_feature *result = ifo->desc.features; + while(result && strcmp(result->name, name)) + result = result->next; + return result; +} + +const char *wgt_info_param(const struct wgt_desc_feature *feature, const char *name) +{ + const struct wgt_desc_param *param = feature->params; + while(param) { + if (0 == strcmp(name, param->name)) + return param->value; + } + return NULL; +} + diff --git a/src/wgt-info.h b/src/wgt-info.h index 4d2007d..50b8ed4 100644 --- a/src/wgt-info.h +++ b/src/wgt-info.h @@ -75,4 +75,6 @@ extern struct wgt *wgt_info_wgt(struct wgt_info *ifo); extern void wgt_info_addref(struct wgt_info *ifo); extern void wgt_info_unref(struct wgt_info *ifo); extern void wgt_info_dump(struct wgt_info *ifo, int fd, const char *prefix); +extern const struct wgt_desc_feature *wgt_info_feature(struct wgt_info *ifo, const char *name); +extern const char *wgt_info_param(const struct wgt_desc_feature *feature, const char *name); diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c index 3aa4da3..80428fa 100644 --- a/src/wgtpkg-digsig.c +++ b/src/wgtpkg-digsig.c @@ -188,18 +188,37 @@ error: static int check_references(xmlNodePtr sinfo) { + unsigned int i, n, flags; + struct filedesc *f; + int result; xmlNodePtr elem; + result = 0; elem = sinfo->children; while (elem != NULL) { if (is_element(elem, "Reference")) if (check_one_reference(elem)) - return -1; + result = -1; elem = elem->next; } - return 0; + + n = file_count(); + i = 0; + while(i < n) { + f = file_of_index(i++); + if (f->type == type_file) { + flags = f->flags; + if (!(flags & (flag_signature | flag_referenced))) { + syslog(LOG_ERR, "file not referenced in signature", f->name); + result = -1; + } + } + } + + return result; } + static int get_certificates(xmlNodePtr kinfo) { xmlNodePtr n1, n2; diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index ee21d8f..dc746c2 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -19,33 +19,55 @@ #include #include #include +#include #include "verbose.h" #include "wgtpkg.h" #include "wgt.h" #include "wgt-info.h" +#include "secmgr-wrap.h" -static int check_temporary_constraints(const struct wgt_desc *desc) +static int check_defined(const void *data, const char *name) { - if (!desc->icons) { - syslog(LOG_ERR, "widget has not icon defined (temporary constraints)"); - errno = EINVAL; + if (data) + return 0; + syslog(LOG_ERR, "widget has no defined '%s' (temporary constraints)", name); + errno = EINVAL; + return -1; +} + +static int check_valid_string(const char *value, const char *name) +{ + int pos; + char c; + + if (check_defined(value, name)) return -1; + pos = 0; + c = value[pos]; + while(c) { + if (!isalnum(c) && !strchr(".-_", c)) { + syslog(LOG_ERR, "forbidden char %c in '%s' -> '%s' (temporary constraints)", c, name, value); + errno = EINVAL; + return -1; + } + c = value[++pos]; } + return 0; +} + +static int check_temporary_constraints(const struct wgt_desc *desc) +{ + int result = check_valid_string(desc->id, "id"); + result |= check_valid_string(desc->version, "version"); + result |= check_defined(desc->icons, "icon"); + result |= check_defined(desc->content_src, "content"); + if (result) + return result; if (desc->icons->next) { syslog(LOG_ERR, "widget has more than one icon defined (temporary constraints)"); errno = EINVAL; - return -1; - } - if (!desc->content_src) { - syslog(LOG_ERR, "widget has not content defined (temporary constraints)"); - errno = EINVAL; - return -1; - } - if (!desc->content_type) { - syslog(LOG_ERR, "widget has not type for its content (temporary constraints)"); - errno = EINVAL; - return -1; + result = -1; } return 0; } @@ -70,37 +92,37 @@ static int check_widget(const struct wgt_desc *desc) { int result; const struct wgt_desc_feature *feature; - const char *name; result = check_temporary_constraints(desc); feature = desc->features; while(feature) { - name = feature->name; - if (0 == strcmp(name, AGLWIDGET)) { - - } else { - if (!check_permissions(feature->name, feature->required)) - result = -1; - } + if (!check_permissions(feature->name, feature->required)) + result = -1; feature = feature->next; } return result; } -static int place(const char *root, const char *appid, const char *version, int force) +static int move_widget(const char *root, const struct wgt_desc *desc, int force) { char newdir[PATH_MAX]; int rc; - rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, appid, version); + rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version); if (rc >= sizeof newdir) { - syslog(LOG_ERR, "path to long: %s/%s/%s", root, appid, version); + syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version); errno = EINVAL; return -1; } - rc = move_workdir(newdir, 1, force); - return rc; + return move_workdir(newdir, 1, force); +} + +static int install_security(struct wgt_info *ifo) +{ + int rc; + + rc = secmgr_init(wgt_info_desc(ifo)-> } /* install the widget of the file */ @@ -131,10 +153,11 @@ void install_widget(const char *wgtfile, const char *root, int force) if (check_widget(desc)) goto error3; -/* - if (check_and_place()) - goto error2; -*/ + if (move_widget(root, desc, force)) + goto error3; + + + return; error3: diff --git a/src/wgtpkg-xmlsec.c b/src/wgtpkg-xmlsec.c index a403b77..746ccc0 100644 --- a/src/wgtpkg-xmlsec.c +++ b/src/wgtpkg-xmlsec.c @@ -95,17 +95,28 @@ static void errors_cb(const char *file, int line, const char *func, const char * } /* fills database with trusted keys */ -static int fill_trusted_keys() +static int fill_trusted_keys_file(const char *file) +{ + int err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, file, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted); + if (err < 0) { + syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", file); + return -1; + } + return 0; +} + +/* fills database with trusted keys */ +static int fill_trusted_keys_dir(const char *directory) { int err; DIR *dir; struct dirent *ent; char path[PATH_MAX], *e; - e = stpcpy(path, CA_ROOT_DIRECTORY); + e = stpcpy(path, directory); dir = opendir(path); if (!dir) { - syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys", path); + syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys_dir", path); return -1; } @@ -114,9 +125,8 @@ static int fill_trusted_keys() while (ent != NULL) { if (ent->d_type == DT_REG) { strcpy(e, ent->d_name); - err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, path, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted); + err = fill_trusted_keys_file(path); if (err < 0) { - syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", path); closedir(dir); return -1; } @@ -180,7 +190,7 @@ int xmlsec_init() syslog(LOG_ERR, "xmlSecCryptoAppDefaultKeysMngrInit failed."); goto end; } - fill_trusted_keys(); + fill_trusted_keys_dir(CA_ROOT_DIRECTORY); initstatus = 0; end: -- 2.16.6