From 207d717b1ed1cccbbeac9d65531dcae19293ccd8 Mon Sep 17 00:00:00 2001 From: Zdenek Prikryl Date: Wed, 18 Feb 2009 11:32:06 +0100 Subject: added fingerprint and hash check --- lib/Utils/Packages.cpp | 225 ++++++++++++++++++++++++++++++++++++++++++++----- lib/Utils/Packages.h | 10 +++ 2 files changed, 216 insertions(+), 19 deletions(-) (limited to 'lib') diff --git a/lib/Utils/Packages.cpp b/lib/Utils/Packages.cpp index 4c94ef6f..2c7dfd8a 100644 --- a/lib/Utils/Packages.cpp +++ b/lib/Utils/Packages.cpp @@ -20,10 +20,8 @@ */ #include "Packages.h" -#include -#include #include -#include +#include CPackages::CPackages() : @@ -32,7 +30,26 @@ CPackages::CPackages() : { g_type_init(); m_pPkClient = pk_client_new(); -// pk_client_set_synchronous (m_pPkClient, TRUE, NULL); + + uint8_t* pkt; + size_t pklen; + pgpKeyID_t keyID; + char *argv[] = {(char*)""}; + poptContext context = rpmcliInit(0, argv, NULL); + + // TODO: make this configurable + + pgpReadPkts("/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora", &pkt, &pklen); + if (pgpPubkeyFingerprint(pkt, pklen, keyID) == 0) + { + char* fedoraFingerprint = pgpHexStr(keyID, sizeof(keyID)); + if (fedoraFingerprint != NULL) + { + m_setFingerprints.insert(fedoraFingerprint); + } + free(pkt); + } + rpmcliFini(context); } CPackages::~CPackages() @@ -40,33 +57,88 @@ CPackages::~CPackages() g_object_unref(m_pPkClient); } +bool CPackages::CheckFingerprint(const Header& pHeader) +{ + if (!headerIsEntry(pHeader, RPMTAG_SIGGPG)) + { + return false; + } + std::cout << "aaa" << std::endl; + char* headerFingerprint; + rpmtd td = rpmtdNew(); + headerGet(pHeader, RPMTAG_SIGGPG, td, HEADERGET_DEFAULT); + headerFingerprint = pgpHexStr((const uint8_t*)td->data + 9, sizeof(pgpKeyID_t)); + rpmtdFree(td); + if (headerFingerprint != NULL) + { + if (m_setFingerprints.find(headerFingerprint) == m_setFingerprints.end()) + { + free(headerFingerprint); + return false; + } + free(headerFingerprint); + return true; + } + return false; +} + +bool CPackages::CheckHash(const Header& pHeader, const rpmts& pTs, const std::string&pPath) +{ + rpmfi fi = rpmfiNew(pTs, pHeader, RPMTAG_BASENAMES, 0); + pgpHashAlgo hashAlgo; + std::string headerHash; + char computedHash[1024] = ""; + + while(rpmfiNext(fi) != -1) + { + if (pPath == rpmfiFN(fi)) + { + headerHash = rpmfiFDigestHex(fi, &hashAlgo); + } + } + rpmfiFree(fi); + + rpmDoDigest(hashAlgo, pPath.c_str(), 1, (unsigned char*) computedHash, NULL); + + if (headerHash == "" || std::string(computedHash) == "") + { + return false; + } + else if (headerHash == computedHash) + { + return true; + } + return false; +} + std::string CPackages::SearchFile(const std::string& pPath) { - std::stringstream ss; + std::string ret = ""; char *argv[] = {(char*)""}; poptContext context = rpmcliInit(0, argv, NULL); rpmts ts = rpmtsCreate(); rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pPath.c_str(), 0); Header header; - char* nerv = NULL; - if ((header = rpmdbNextIterator(iter)) != NULL) { - nerv = headerGetNEVR(header, NULL); + if (CheckFingerprint(header)) + { + char* nerv = headerGetNEVR(header, NULL); + if (nerv != NULL) + { + if (CheckHash(header, ts, pPath)) + { + ret = nerv; + free(nerv); + } + } + } } - headerFree(header); - rpmcliFini(context); + rpmdbFreeIterator(iter); rpmtsFree(ts); - - if (nerv != NULL) - { - std::string ret = nerv; - free(nerv); - return ret; - } - - return ""; + rpmcliFini(context); + return ret; } bool CPackages::Install(const std::string& pPackage) @@ -93,3 +165,118 @@ bool CPackages::GetInstallationStatus() } return true; } + + + + +/* + * + * + * + * std::string CPackages::SearchFile(const std::string& pPath) +{ + std::stringstream ss; + char *argv[] = {(char*)""}; + poptContext context = rpmcliInit(0, argv, NULL); + if (context == NULL) + { + return ""; + } + rpmts ts = rpmtsCreate(); + if (ts == NULL) + { + rpmcliFini(context); + return ""; + } + rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_BASENAMES, pPath.c_str(), 0); + if (iter == NULL) + { + rpmtsFree(ts); + rpmcliFini(context); + return ""; + } + Header header; + char* nerv = NULL; + + if ((header = rpmdbNextIterator(iter)) != NULL) + { + if (!headerIsEntry(header, RPMTAG_SIGGPG)) + { + headerFree(header); + rpmdbFreeIterator(iter); + rpmtsFree(ts); + rpmcliFini(context); + return ""; + } + char* headerFingerprint; + rpmtd td = rpmtdNew(); + headerGet(header, RPMTAG_SIGGPG, td, HEADERGET_DEFAULT); + headerFingerprint = pgpHexStr((const uint8_t*)td->data + 9, sizeof(pgpKeyId_t)); + rpmtdFree(td); + + if (m_setFingerprints.find(headerFingerprint) == m_setFingerprints.end()) + { + free(headerFingerprint); + headerFree(header); + rpmdbFreeIterator(iter); + rpmtsFree(ts); + rpmcliFini(context); + return ""; + } + free(headerFingerprint); + nerv = headerGetNEVR(header, NULL); + if (nerv == NULL) + { + headerFree(header); + rpmdbFreeIterator(iter); + rpmcliFini(context); + rpmtsFree(ts); + return ""; + } + + td = rpmtdNew(); + rpmfi fi = rpmfiNew(ts, header, RPMTAG_BASENAMES, 0); + pgpHashAlgo hashAlgo; + std::string headerHash; + char computedHash[1024] = ""; + + while(rpmfiNext(fi) != -1) + { + if (pPath == rpmfiFN(fi)) + { + headerHash = rpmfiFDigestHex(fi, &hashAlgo); + } + } + + rpmDoDigest(hashAlgo, pPath.c_str(), 1, (unsigned char*) computedHash, NULL); + + if (headerHash == "" || std::string(computedHash) == "") + { + free(nerv); + rpmtdFree(td); + rpmfiFree(fi); + headerFree(header); + rpmdbFreeIterator(iter); + rpmcliFini(context); + rpmtsFree(ts); + return ""; + } + + std::string ret = nerv; + free(nerv); + rpmtdFree(td); + rpmfiFree(fi); + headerFree(header); + rpmdbFreeIterator(iter); + rpmcliFini(context); + rpmtsFree(ts); + return ret; + } + + rpmdbFreeIterator(iter); + rpmcliFini(context); + rpmtsFree(ts); + return ""; +} + */ + diff --git a/lib/Utils/Packages.h b/lib/Utils/Packages.h index 9874dd7f..67e5f247 100644 --- a/lib/Utils/Packages.h +++ b/lib/Utils/Packages.h @@ -25,14 +25,24 @@ #include #include #include +#include +#include +#include class CPackages { private: + typedef std::set set_fingerprints_t; PkClient *m_pPkClient; bool m_bBusy; + set_fingerprints_t m_setFingerprints; + + + bool CheckFingerprint(const Header& pHeader); + bool CheckHash(const Header& pHeader, const rpmts& pTs, const std::string&pPath); + public: CPackages(); ~CPackages(); -- cgit