[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cvs-cvs] ccvs/src ChangeLog client.c sanity.sh verify.c ... [signed-com
From: |
Derek Robert Price |
Subject: |
[Cvs-cvs] ccvs/src ChangeLog client.c sanity.sh verify.c ... [signed-commits3] |
Date: |
Fri, 13 Jan 2006 16:14:04 +0000 |
CVSROOT: /cvsroot/cvs
Module name: ccvs
Branch: signed-commits3
Changes by: Derek Robert Price <address@hidden> 06/01/13 16:14:03
Modified files:
src : ChangeLog client.c sanity.sh verify.c verify.h
Log message:
* client.c (update_entries): Warn/exit when unsigned file contents are
received from the server.
* verify.c (get_verify_checkouts_fatal): New function.
* verify.h (get_verify_checkouts_fatal): New proto.
* sanity.sh (client): Skip tests incompatible with OpenPGP signatures.
(openpgp2): New tests.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/ChangeLog.diff?only_with_tag=signed-commits3&tr1=1.3328.2.30&tr2=1.3328.2.31&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/client.c.diff?only_with_tag=signed-commits3&tr1=1.438.2.9&tr2=1.438.2.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sanity.sh.diff?only_with_tag=signed-commits3&tr1=1.1105.2.11&tr2=1.1105.2.12&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.c.diff?only_with_tag=signed-commits3&tr1=1.1.2.10&tr2=1.1.2.11&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.h.diff?only_with_tag=signed-commits3&tr1=1.1.2.5&tr2=1.1.2.6&r1=text&r2=text
Patches:
Index: ccvs/src/ChangeLog
diff -u ccvs/src/ChangeLog:1.3328.2.30 ccvs/src/ChangeLog:1.3328.2.31
--- ccvs/src/ChangeLog:1.3328.2.30 Fri Jan 13 14:23:43 2006
+++ ccvs/src/ChangeLog Fri Jan 13 16:14:03 2006
@@ -1,5 +1,12 @@
2006-01-13 Derek Price <address@hidden>
+ * client.c (update_entries): Warn/exit when unsigned file contents are
+ received from the server.
+ * verify.c (get_verify_checkouts_fatal): New function.
+ * verify.h (get_verify_checkouts_fatal): New proto.
+ * sanity.sh (client): Skip tests incompatible with OpenPGP signatures.
+ (openpgp2): New tests.
+
* parseinfo.c (parse_config): Avoid a core dump.
* sanity.sh (openpgp): Add a few tests for commit signature
verification.
Index: ccvs/src/client.c
diff -u ccvs/src/client.c:1.438.2.9 ccvs/src/client.c:1.438.2.10
--- ccvs/src/client.c:1.438.2.9 Thu Jan 12 18:20:31 2006
+++ ccvs/src/client.c Fri Jan 13 16:14:03 2006
@@ -1590,6 +1590,10 @@
char *buf;
bool patch_failed;
+ if (get_verify_checkouts (true))
+ error (get_verify_checkouts_fatal (), 0,
+ "The server sent unsigned file content.");
+
if (!validate_change (data->existp, filename, short_pathname))
{
/* The Mode, Mod-time, and Checksum responses should not carry
@@ -1897,7 +1901,9 @@
updated_fname = NULL;
}
}
- else if (!noexec && data->contents == UPDATE_ENTRIES_CHECKIN
+ else if (data->contents == UPDATE_ENTRIES_CHECKIN
+ && !noexec
+ /* This isn't add or remove. */
&& strcmp (vn, "0") && *vn != '-')
{
/* On checkin, create the base file. */
@@ -1941,6 +1947,16 @@
free (basefile);
}
}
+ else if (data->contents != UPDATE_ENTRIES_CHECKIN)
+ /* This error is important. It makes sure that all three cases which
+ * write files are caught by the openpgp2 set of tests when the user
+ * has requested that failed checkout verification is fatal and the
+ * server attempts to bypass signatures by sending old-style responses
+ * which do not support signatures. (The `Checkin' response does not
+ * count since it does not accept any file data from the server and is
+ * used in both modes.)
+ */
+ error (1, 0, "internal error: unhandled update_entries cases.");
if (stored_mode)
{
Index: ccvs/src/sanity.sh
diff -u ccvs/src/sanity.sh:1.1105.2.11 ccvs/src/sanity.sh:1.1105.2.12
--- ccvs/src/sanity.sh:1.1105.2.11 Fri Jan 13 14:23:43 2006
+++ ccvs/src/sanity.sh Fri Jan 13 16:14:03 2006
@@ -31326,6 +31326,13 @@
continue
fi
+ if $gpg; then
+ # The openpgp2 tests test client responses to these old Responses.
+ skip client \
+"Tested functionality incompatible with checkout signature verification."
+ continue
+ fi
+
if $proxy; then
# Skip these tests in proxy mode since they assume we are not
# writing through a proxy server. There is no writeproxy-client
@@ -32776,6 +32783,127 @@
modify_repo rm -rf $CVSROOT_DIRNAME/openpgp
;;
+ openpgp2)
+ # Some tests of the client (independent of the server).
+ if $remote; then :; else
+ remoteonly openpgp2
+ continue
+ fi
+
+ if $proxy; then
+ # Skip these tests in proxy mode since they assume we are not
+ # writing through a proxy server. There is no writeproxy-openpgp
+ # test currently. The writeproxy & writeproxy-noredirect tests
+ # test the writeproxy server.
+ notproxy openpgp2
+ continue
+ fi
+
+ cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Created first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+ # Cygwin. Pthffffffffft!
+ if test -n "$remotehost"; then
+ $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+ else
+ chmod +x $TESTDIR/serveme
+ fi
+ save_CVS_SERVER=$CVS_SERVER
+ CVS_SERVER=$TESTDIR/serveme; export CVS_SERVER
+ mkdir openpgp2; cd openpgp2
+ dotest_fail openpgp2-1 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+ cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Patched first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+ # Cygwin. Pthffffffffft!
+ if test -n "$remotehost"; then
+ $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+ else
+ chmod +x $TESTDIR/serveme
+ fi
+ dotest_fail openpgp2-2 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+ cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Rcs-diff first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+ # Cygwin. Pthffffffffft!
+ if test -n "$remotehost"; then
+ $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+ else
+ chmod +x $TESTDIR/serveme
+ fi
+ dotest_fail openpgp2-3 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+ dokeep
+ cd ..
+ rm -r openpgp2
+ CVS_SERVER=$save_CVS_SERVER; export CVS_SERVER
+ ;;
+
trace)
Index: ccvs/src/verify.c
diff -u ccvs/src/verify.c:1.1.2.10 ccvs/src/verify.c:1.1.2.11
--- ccvs/src/verify.c:1.1.2.10 Fri Jan 13 05:08:12 2006
+++ ccvs/src/verify.c Fri Jan 13 16:14:03 2006
@@ -161,6 +161,24 @@
+/* Return true if a client failure to verify a checkout should be fatal.
+ *
+ * GLOBALS
+ * server_active Whether the server is active (via
+ * iget_verify_checkouts).
+ *
+ * INPUTS
+ * server_support Whether the server supports signed files.
+ */
+bool
+get_verify_checkouts_fatal (void)
+{
+ verify_state tmp = iget_verify_checkouts (true);
+ return tmp == VERIFY_FATAL;
+}
+
+
+
static const char *
verify_state_to_string (verify_state state)
{
Index: ccvs/src/verify.h
diff -u ccvs/src/verify.h:1.1.2.5 ccvs/src/verify.h:1.1.2.6
--- ccvs/src/verify.h:1.1.2.5 Fri Jan 13 05:08:12 2006
+++ ccvs/src/verify.h Fri Jan 13 16:14:03 2006
@@ -45,6 +45,7 @@
/* Get values. */
bool get_verify_checkouts (bool server_support);
+bool get_verify_checkouts_fatal (void);
bool get_verify_commits (void);
bool verify_signature (const char *srepos, const char *sig, size_t siglen,
const char *filename, bool bin);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Cvs-cvs] ccvs/src ChangeLog client.c sanity.sh verify.c ... [signed-commits3],
Derek Robert Price <=