/*
- Copyright (C) 2015-2018 IoT.bzh
+ Copyright (C) 2015-2019 IoT.bzh
author: José Bollo <jose.bollo@iot.bzh>
#include "wgtpkg-permissions.h"
#include "wgtpkg-digsig.h"
#include "wgtpkg-install.h"
+#include "wgtpkg-uninstall.h"
#include "secmgr-wrap.h"
#include "utils-dir.h"
#include "wgtpkg-unit.h"
static const char key_afm_prefix[] = "X-AFM-";
static const char key_http_port[] = "http-port";
+#define HTTP_PORT_MIN 31000
+#define HTTP_PORT_MAX 32759
+#define HTTP_PORT_IS_VALID(port) (HTTP_PORT_MIN <= (port) && (port) <= HTTP_PORT_MAX)
+#define HTTP_PORT_COUNT (HTTP_PORT_MAX - HTTP_PORT_MIN + 1)
+#define HTTP_PORT_ACNT ((HTTP_PORT_COUNT + 31) >> 5)
+#define HTTP_PORT_ASFT(port) (((port) - HTTP_PORT_MIN) & 31)
+#define HTTP_PORT_AIDX(port) (((port) - HTTP_PORT_MIN) >> 5)
+#define HTTP_PORT_TEST(array,port) ((((array)[HTTP_PORT_AIDX(port)]) >> HTTP_PORT_ASFT(port)) & 1)
+#define HTTP_PORT_SET(array,port) (((array)[HTTP_PORT_AIDX(port)]) |= (((uint32_t)1) << HTTP_PORT_ASFT(port)))
+
+static uint32_t *port_bits = NULL;
+
+static const char *default_permissions[] = {
+ "urn:AGL:token:valid"
+};
+
/*
* normalize unit files: remove comments, remove heading blanks,
* make single lines
if (*iter == '=') {
while(*++iter == ' ');
p = atoi(iter);
- if (p >= 0 && p < 32768)
- ((uint32_t*)closure)[p >> 5] |= (uint32_t)1 << (p & 31);
+ if (HTTP_PORT_IS_VALID(p))
+ HTTP_PORT_SET((uint32_t*)closure, p);
}
}
iter = strstr(iter, key_afm_prefix);
return 0;
}
-static int get_port()
+static int update_portbits(uint32_t *portbits)
{
int rc;
- uint32_t ports[1024]; /* 1024 * 32 = 32768 */
-
- memset(ports, 0, sizeof ports);
- rc = systemd_unit_list(0, get_port_cb, &ports);
- if (rc >= 0) {
- rc = systemd_unit_list(1, get_port_cb, ports);
- if (rc >= 0) {
- for (rc = 1024 ; rc < 32768 && !~ports[rc >> 5] ; rc += 32);
- if (rc == 32768) {
- ERROR("Can't compute a valid port");
- errno = EADDRNOTAVAIL;
- rc = -1;
- } else {
- while (1 & (ports[rc >> 5] >> (rc & 31))) rc++;
- }
- }
- }
+
+ memset(portbits, 0, HTTP_PORT_ACNT * sizeof(uint32_t));
+ rc = systemd_unit_list(0, get_port_cb, portbits);
+ if (rc >= 0)
+ rc = systemd_unit_list(1, get_port_cb, portbits);
+ if (rc < 0)
+ ERROR("troubles while updating ports");
return rc;
}
+static int first_free_port(uint32_t *portbits)
+{
+ int port;
+
+ port = HTTP_PORT_MIN;
+ while (port <= HTTP_PORT_MAX && !~portbits[HTTP_PORT_AIDX(port)])
+ port += 32;
+ while (port <= HTTP_PORT_MAX && HTTP_PORT_TEST(portbits, port))
+ port++;
+ if (port > HTTP_PORT_MAX) {
+ ERROR("Can't compute a valid port");
+ errno = EADDRNOTAVAIL;
+ port = -1;
+ }
+ return port;
+}
+
+static int get_port()
+{
+ int port;
+
+ /* ensure existing port bitmap */
+ if (port_bits == NULL) {
+ port_bits = malloc(HTTP_PORT_ACNT * sizeof(uint32_t));
+ if (port_bits == NULL || update_portbits(port_bits) < 0)
+ return -1;
+ }
+
+ /* allocates the port */
+ port = first_free_port(port_bits);
+ if (port >= 0)
+ HTTP_PORT_SET(port_bits, port);
+
+ return port;
+}
+
static int check_defined(const void *data, const char *name)
{
if (data)
if (c == 0) {
ERROR("empty string forbidden in '%s' (temporary constraints)", name);
errno = EINVAL;
- return -1;
+ return -1;
}
do {
if (!isalnum(c) && !strchr(".-_", c)) {
ERROR("forbidden char %c in '%s' -> '%s' (temporary constraints)", c, name, value);
errno = EINVAL;
- return -1;
+ return -1;
}
c = value[++pos];
} while(c);
rc = action(desc->content_src, desc->content_type);
feat = desc->features;
while (feat) {
- if (!strcmp(feat->name, "urn:AGL:widget:provided-unit")) {
+ if (!strcmp(feat->name, FWK_PREFIX"widget:provided-unit")) {
src = wgt_info_param(feat, "content.src");
type = wgt_info_param(feat, "content.type");
rc2 = action(src, type);
rc = 0;
feat = desc->features;
while (feat) {
- if (!strcmp(feat->name, "urn:AGL:widget:file-properties")) {
+ if (!strcmp(feat->name, FWK_PREFIX"widget:file-properties")) {
param = feat->params;
while (param) {
if (!strcmp(param->value, "executable")) {
len--;
*head++ = '/';
icon = desc->icons ? desc->icons->src : NULL;
- lic = (unsigned)strlen(icon);
+ lic = (unsigned)(icon ? strlen(icon) : 0);
n = file_count();
i = 0;
while(i < n) {
perm = next_usable_permission();
}
+ /* install default permissions */
+ n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+ for (i = 0 ; i < n ; i++) {
+ perm = default_permissions[i];
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ }
+
rc = secmgr_install();
return rc;
error2:
struct wgt_info *ifo;
const struct wgt_desc *desc;
char installdir[PATH_MAX];
- int port;
+ int err;
struct unitconf uconf;
NOTICE("-- INSTALLING widget %s to %s --", wgtfile, root);
if (zread(wgtfile, 0))
goto error2;
- if (check_all_signatures())
+ if (check_all_signatures(DEFAULT_ALLOW_NO_SIGNATURE))
goto error2;
ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1);
if (get_target_directory(installdir, root, desc))
goto error3;
+ if (access(installdir, F_OK) == 0) {
+ if (!force) {
+ ERROR("widget already installed");
+ errno = EEXIST;
+ goto error3;
+ }
+ if (uninstall_widget(desc->idaver, root))
+ goto error3;
+ }
+
if (move_widget_to(installdir, force))
goto error3;
if (install_file_properties(desc))
goto error4;
- port = get_port();
- if (port < 0)
- goto error4;
-
uconf.installdir = installdir;
uconf.icondir = FWK_ICON_DIR;
- uconf.port = port;
+ uconf.port = get_port;
if (unit_install(ifo, &uconf))
goto error4;
wgt_info_unref(ifo);
error2:
+ err = errno;
remove_workdir();
+ errno = err;
error1:
file_reset();
Code Review / src / app-framework-main.git / blobdiff