aboutsummaryrefslogtreecommitdiff
path: root/src/verify.c
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2007-08-23 16:17:47 +0000
committerSergey Poznyakoff <gray@gnu.org.ua>2007-08-23 16:17:47 +0000
commit766d41f8bf91a6d209c66e8fd12dbd6688ce2739 (patch)
tree12552a0788d42ac73e7260b883aa84a8045e957a /src/verify.c
parentc7e791e9563b7805fc7a375bc7e616b4252a9c57 (diff)
downloadwydawca-766d41f8bf91a6d209c66e8fd12dbd6688ce2739.tar.gz
wydawca-766d41f8bf91a6d209c66e8fd12dbd6688ce2739.tar.bz2
Improve safety checks; implement symlink/rmsymlink/archive directives; Fix directive signature verification.
git-svn-id: file:///svnroot/wydawca/trunk@286 6bb4bd81-ecc2-4fd4-a2d4-9571d19c0d33
Diffstat (limited to 'src/verify.c')
-rw-r--r--src/verify.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/src/verify.c b/src/verify.c
index f64183a..7869618 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -1,4 +1,4 @@
-/* wydawca - FTP release synchronisation daemon
+/* wydawca - FTP release synchronization daemon
Copyright (C) 2007 Sergey Poznyakoff
This program is free software; you can redistribute it and/or modify it
@@ -38,6 +38,8 @@ trim (char *str)
return len;
}
+/* Quote non-printable characters in INPUT. Point *OUTPUT to the malloc'ed
+ quoted string. Return its length. */
static size_t
quote_string (struct access_method *method, const char *input, char **poutput)
{
@@ -73,6 +75,10 @@ quote_string (struct access_method *method, const char *input, char **poutput)
return size;
}
+/* Expand PARAM by replacing %u with the quoted value of USER, %p with that
+ of PROJECT and %% with a single %. Return the malloc'ed result.
+ FIXME: Should we quote PARAM itself?
+*/
char *
expand_param (const char *param, const char *user, const char *project,
struct access_method *method)
@@ -157,7 +163,9 @@ expand_param (const char *param, const char *user, const char *project,
}
-
+
+/* Verify if USER has upload rights on the directory (project) requested
+ by TRP */
int
check_access_rights (struct file_triplet *trp, struct directory_pair *dpair,
const char *user)
@@ -216,15 +224,19 @@ check_access_rights (struct file_triplet *trp, struct directory_pair *dpair,
}
int
-verify_triplet (struct file_triplet *trp, struct directory_pair *dpair)
+verify_directive_file (struct file_triplet *trp, struct directory_pair *dpair)
{
- struct passwd *pw = getpwuid (TRIPLET_UID (trp));
+ struct passwd *pw;
char *user_name;
char *command;
struct access_method *method = &dpair->gpg_key_method;
const char *pubkey;
int rc;
+
+ if (!trp->file[file_directive].name)
+ return 1;
+ pw = getpwuid (TRIPLET_UID (trp));
if (!pw)
{
logmsg (LOG_ERR, "%s: getpwuid failed: %s",
@@ -258,6 +270,8 @@ verify_triplet (struct file_triplet *trp, struct directory_pair *dpair)
logmsg (LOG_ERR, "invalid signature for %s", trp->name);
return 1;
}
+ else if (debug_level)
+ logmsg (LOG_DEBUG, "%s: directive file signature OK", trp->name);
if (debug_level > 1)
{
@@ -269,16 +283,6 @@ verify_triplet (struct file_triplet *trp, struct directory_pair *dpair)
if (verify_directive_format (trp))
return 1;
- if (check_access_rights (trp, dpair, user_name))
- return 1;
-
- if (verify_detached_signature (trp, dpair))
- {
- logmsg (LOG_ERR, "invalid detached signature for %s", trp->name);
- return 1;
- }
-
- if (debug_level)
- logmsg (LOG_DEBUG, "%s: triplet verified successfully", trp->name);
return 0;
}
+

Return to:

Send suggestions and report system problems to the System administrator.