summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2015-12-11 18:01:18 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2015-12-11 18:01:18 +0100
commit7e1027342a3cff95635ba2107f283321cf0efa08 (patch)
tree50cd50416e25fc1c90c745ff95cd76b9fcb6857b
parent9ab266df6642c6e930e03b3024d7c3d53ef88bbc (diff)
work in progress
Change-Id: I65416563a8dc54e877df03a304fe4cbd42ebb3da
-rw-r--r--src/Makefile.am7
-rw-r--r--src/wgt-info.c18
-rw-r--r--src/wgt-info.h2
-rw-r--r--src/wgtpkg-digsig.c23
-rw-r--r--src/wgtpkg-install.c87
-rw-r--r--src/wgtpkg-xmlsec.c22
6 files changed, 118 insertions, 41 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 9767941..a538a38 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -29,14 +29,19 @@ APPFWK = \
#pkgsysconfdir = $(sysconfdir)
pkgsysconfdir = .
+
AM_CFLAGS = -Wall -Wno-pointer-sign
AM_CFLAGS += -ffunction-sections -fdata-sections
AM_CFLAGS += ${ZIP_CFLAGS} ${XML2_CFLAGS} ${OPENSSL_CFLAGS} ${XMLSEC_CFLAGS}
+
+
AM_CFLAGS += -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\"
AM_CFLAGS += -DPREFIXPERMISSION=\"urn:agl-perm:\"
-AM_CFLAGS += -DAGLWIDGET=\"urn:agl-widget\"
+AM_CFLAGS += -DICONDESTDIR=\"\"
+
+
AM_LDFLAGS = -Wl,--gc-sections
diff --git a/src/wgt-info.c b/src/wgt-info.c
index d5f664b..61779e0 100644
--- a/src/wgt-info.c
+++ b/src/wgt-info.c
@@ -423,3 +423,21 @@ void wgt_info_dump(struct wgt_info *ifo, int fd, const char *prefix)
}
}
+const struct wgt_desc_feature *wgt_info_feature(struct wgt_info *ifo, const char *name)
+{
+ const struct wgt_desc_feature *result = ifo->desc.features;
+ while(result && strcmp(result->name, name))
+ result = result->next;
+ return result;
+}
+
+const char *wgt_info_param(const struct wgt_desc_feature *feature, const char *name)
+{
+ const struct wgt_desc_param *param = feature->params;
+ while(param) {
+ if (0 == strcmp(name, param->name))
+ return param->value;
+ }
+ return NULL;
+}
+
diff --git a/src/wgt-info.h b/src/wgt-info.h
index 4d2007d..50b8ed4 100644
--- a/src/wgt-info.h
+++ b/src/wgt-info.h
@@ -75,4 +75,6 @@ extern struct wgt *wgt_info_wgt(struct wgt_info *ifo);
extern void wgt_info_addref(struct wgt_info *ifo);
extern void wgt_info_unref(struct wgt_info *ifo);
extern void wgt_info_dump(struct wgt_info *ifo, int fd, const char *prefix);
+extern const struct wgt_desc_feature *wgt_info_feature(struct wgt_info *ifo, const char *name);
+extern const char *wgt_info_param(const struct wgt_desc_feature *feature, const char *name);
diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index 3aa4da3..80428fa 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -188,18 +188,37 @@ error:
static int check_references(xmlNodePtr sinfo)
{
+ unsigned int i, n, flags;
+ struct filedesc *f;
+ int result;
xmlNodePtr elem;
+ result = 0;
elem = sinfo->children;
while (elem != NULL) {
if (is_element(elem, "Reference"))
if (check_one_reference(elem))
- return -1;
+ result = -1;
elem = elem->next;
}
- return 0;
+
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ if (f->type == type_file) {
+ flags = f->flags;
+ if (!(flags & (flag_signature | flag_referenced))) {
+ syslog(LOG_ERR, "file not referenced in signature", f->name);
+ result = -1;
+ }
+ }
+ }
+
+ return result;
}
+
static int get_certificates(xmlNodePtr kinfo)
{
xmlNodePtr n1, n2;
diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index ee21d8f..dc746c2 100644
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -19,33 +19,55 @@
#include <errno.h>
#include <syslog.h>
#include <string.h>
+#include <ctype.h>
#include "verbose.h"
#include "wgtpkg.h"
#include "wgt.h"
#include "wgt-info.h"
+#include "secmgr-wrap.h"
-static int check_temporary_constraints(const struct wgt_desc *desc)
+static int check_defined(const void *data, const char *name)
{
- if (!desc->icons) {
- syslog(LOG_ERR, "widget has not icon defined (temporary constraints)");
- errno = EINVAL;
+ if (data)
+ return 0;
+ syslog(LOG_ERR, "widget has no defined '%s' (temporary constraints)", name);
+ errno = EINVAL;
+ return -1;
+}
+
+static int check_valid_string(const char *value, const char *name)
+{
+ int pos;
+ char c;
+
+ if (check_defined(value, name))
return -1;
+ pos = 0;
+ c = value[pos];
+ while(c) {
+ if (!isalnum(c) && !strchr(".-_", c)) {
+ syslog(LOG_ERR, "forbidden char %c in '%s' -> '%s' (temporary constraints)", c, name, value);
+ errno = EINVAL;
+ return -1;
+ }
+ c = value[++pos];
}
+ return 0;
+}
+
+static int check_temporary_constraints(const struct wgt_desc *desc)
+{
+ int result = check_valid_string(desc->id, "id");
+ result |= check_valid_string(desc->version, "version");
+ result |= check_defined(desc->icons, "icon");
+ result |= check_defined(desc->content_src, "content");
+ if (result)
+ return result;
if (desc->icons->next) {
syslog(LOG_ERR, "widget has more than one icon defined (temporary constraints)");
errno = EINVAL;
- return -1;
- }
- if (!desc->content_src) {
- syslog(LOG_ERR, "widget has not content defined (temporary constraints)");
- errno = EINVAL;
- return -1;
- }
- if (!desc->content_type) {
- syslog(LOG_ERR, "widget has not type for its content (temporary constraints)");
- errno = EINVAL;
- return -1;
+ result = -1;
}
return 0;
}
@@ -70,37 +92,37 @@ static int check_widget(const struct wgt_desc *desc)
{
int result;
const struct wgt_desc_feature *feature;
- const char *name;
result = check_temporary_constraints(desc);
feature = desc->features;
while(feature) {
- name = feature->name;
- if (0 == strcmp(name, AGLWIDGET)) {
-
- } else {
- if (!check_permissions(feature->name, feature->required))
- result = -1;
- }
+ if (!check_permissions(feature->name, feature->required))
+ result = -1;
feature = feature->next;
}
return result;
}
-static int place(const char *root, const char *appid, const char *version, int force)
+static int move_widget(const char *root, const struct wgt_desc *desc, int force)
{
char newdir[PATH_MAX];
int rc;
- rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, appid, version);
+ rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version);
if (rc >= sizeof newdir) {
- syslog(LOG_ERR, "path to long: %s/%s/%s", root, appid, version);
+ syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version);
errno = EINVAL;
return -1;
}
- rc = move_workdir(newdir, 1, force);
- return rc;
+ return move_workdir(newdir, 1, force);
+}
+
+static int install_security(struct wgt_info *ifo)
+{
+ int rc;
+
+ rc = secmgr_init(wgt_info_desc(ifo)->
}
/* install the widget of the file */
@@ -131,10 +153,11 @@ void install_widget(const char *wgtfile, const char *root, int force)
if (check_widget(desc))
goto error3;
-/*
- if (check_and_place())
- goto error2;
-*/
+ if (move_widget(root, desc, force))
+ goto error3;
+
+
+
return;
error3:
diff --git a/src/wgtpkg-xmlsec.c b/src/wgtpkg-xmlsec.c
index a403b77..746ccc0 100644
--- a/src/wgtpkg-xmlsec.c
+++ b/src/wgtpkg-xmlsec.c
@@ -95,17 +95,28 @@ static void errors_cb(const char *file, int line, const char *func, const char *
}
/* fills database with trusted keys */
-static int fill_trusted_keys()
+static int fill_trusted_keys_file(const char *file)
+{
+ int err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, file, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);
+ if (err < 0) {
+ syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", file);
+ return -1;
+ }
+ return 0;
+}
+
+/* fills database with trusted keys */
+static int fill_trusted_keys_dir(const char *directory)
{
int err;
DIR *dir;
struct dirent *ent;
char path[PATH_MAX], *e;
- e = stpcpy(path, CA_ROOT_DIRECTORY);
+ e = stpcpy(path, directory);
dir = opendir(path);
if (!dir) {
- syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys", path);
+ syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys_dir", path);
return -1;
}
@@ -114,9 +125,8 @@ static int fill_trusted_keys()
while (ent != NULL) {
if (ent->d_type == DT_REG) {
strcpy(e, ent->d_name);
- err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, path, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);
+ err = fill_trusted_keys_file(path);
if (err < 0) {
- syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", path);
closedir(dir);
return -1;
}
@@ -180,7 +190,7 @@ int xmlsec_init()
syslog(LOG_ERR, "xmlSecCryptoAppDefaultKeysMngrInit failed.");
goto end;
}
- fill_trusted_keys();
+ fill_trusted_keys_dir(CA_ROOT_DIRECTORY);
initstatus = 0;
end: