security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

add coprocess facility

Browse source
This commit is contained in:
Werner Koch 1998-07-31 16:45:58 +00:00
parent 0300d6aefc
commit 6fbee8ab86
10 changed files with 495 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

4
g10/OPTIONS
View file

@ -46,3 +46,7 @@ compress-sigs
# Normally, compressing of signatures does not make sense; so this
# is disabled for detached signatures unless this option is used.
run-as-shm-coprocess [request-locked-shm-size]
# very special :-)
# You will have to use "--status-fd" too

22
g10/g10.c
View file

@ -172,7 +172,7 @@ static ARGPARSE_OPTS opts[] = {
{ 566, "compress-sigs",0, "@"},
{ 559, "always-trust", 0, "@"},
{ 562, "emulate-checksum-bug", 0, "@"},
/*554 is unused */
{ 554, "run-as-shm-coprocess", 4, "@" },
{0} };
@ -404,6 +404,9 @@ main( int argc, char **argv )
const char *trustdb_name = NULL;
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
#ifdef USE_SHM_COPROCESSING
ulong requested_shm_size=0;
#endif
trap_unaligned();
#ifdef IS_G10MAINT
@ -605,6 +608,13 @@ main( int argc, char **argv )
case 565: opt.do_not_export_rsa = 1; break;
case 566: opt.compress_sigs = 1; break;
case 554:
#ifdef USE_SHM_COPROCESSING
opt.shm_coprocess = 1;
requested_shm_size = pargs.r.ret_ulong;
#else
log_error("shared memory coprocessing is not available\n");
#endif
break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
@ -623,6 +633,15 @@ main( int argc, char **argv )
tty_printf("%s\n", strusage(15) );
}
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess ) {
#ifdef IS_G10
init_shm_coprocessing(requested_shm_size, 1 );
#else
init_shm_coprocessing(requested_shm_size, 0 );
#endif
}
#endif
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
@ -630,7 +649,6 @@ main( int argc, char **argv )
/* Okay, we are now working under our real uid */
#endif
/*write_status( STATUS_ENTER );*/
set_debug();

29
g10/keyedit.c
View file

@ -37,6 +37,7 @@
#include "trustdb.h"
#include "filter.h"
#include "ttyio.h"
#include "status.h"
#include "i18n.h"
static void show_key_with_all_names( KBNODE keyblock,
@ -264,8 +265,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
tty_print_string( p, n );
tty_printf("\"\n\n");
m_free(p);
p = tty_get(_("Really sign? "));
tty_kill_prompt();
p = cpr_get("sign_uid.really", _("Really sign? "));
cpr_kill_prompt();
if( !answer_is_yes(p) ) {
m_free(p);
continue; /* No */
@ -398,9 +399,10 @@ delete_key( const char *username, int secret )
m_free(p);
tty_printf("\n\n");
p = tty_get(_("Delete this key from the keyring? "));
tty_kill_prompt();
if( secret && answer_is_yes(p)) {
p = cpr_get( secret? "delete_key.secret.really":"delete_key.really",
_("Delete this key from the keyring? "));
cpr_kill_prompt();
if( !cpr_enabled() && secret && answer_is_yes(p)) {
/* I think it is not required to check a passphrase; if
* the user is so stupid as to let others access his secret keyring
* (and has no backup) - it is up him to read some very
@ -493,8 +495,8 @@ change_passphrase( KBNODE keyblock )
rc = 0;
tty_printf(_( "You don't want a passphrase -"
" this is probably a *bad* idea!\n\n"));
if( tty_get_answer_is_yes(_(
"Do you really want to do this? ")))
if( cpr_get_answer_is_yes("change_passwd.empty",
_("Do you really want to do this? ")))
changed++;
break;
}
@ -628,8 +630,8 @@ keyedit_menu( const char *username, STRLIST locusr )
redisplay = 0;
}
m_free(answer);
answer = tty_get(_("Command> "));
tty_kill_prompt();
answer = cpr_get("keyedit.cmd", _("Command> "));
cpr_kill_prompt();
trim_spaces(answer);
arg_number = 0;
@ -670,12 +672,9 @@ keyedit_menu( const char *username, STRLIST locusr )
case cmdQUIT:
if( !modified )
goto leave;
m_free(answer);
answer = tty_get(_("Save changes? "));
if( !answer_is_yes(answer) ) {
m_free(answer);
answer = tty_get(_("Quit without saving? "));
if( answer_is_yes(answer) )
if( !cpr_get_answer_is_yes("keyedit.save",_("Save changes? ")) ) {
if( cpr_enabled()
|| tty_get_answer_is_yes(_("Quit without saving? ")) )
goto leave;
break;
}

1
g10/options.h
View file

@ -51,6 +51,7 @@ struct {
int always_trust;
int rfc1991;
unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess;
} opt;

85
g10/signal.c
View file

@ -35,40 +35,83 @@
#include "ttyio.h"
#if 0
static RETSIGTYPE
print_and_exit( int sig )
{
const char *p;
static volatile int caught_fatal_sig = 0;
static volatile int caught_sigusr1 = 0;
/* Hmm, use only safe functions (we should do an autoconf test) */
write( 2, "\nCaught ", 8 );
static const char *
signal_name( int signum )
{
#if SYS_SIGLIST_DECLARED
p = sys_siglist[sig];
write( 2, p, strlen(p) );
return sys_siglist[signum];
#else
write( 2, "a signal", 8 );
static char buf[20];
sprintf( "signal %d", signum );
return buf;
#endif
write( 2, "... exiting\n", 12 );
secmem_term();
exit(2); /* not correct but .. */
}
#endif
static RETSIGTYPE
got_fatal_signal( int sig )
{
if( caught_fatal_sig )
raise( sig );
caught_fatal_sig = 1;
fprintf( stderr, "\n%s: %s caught ... exiting\n",
log_get_name(), signal_name(sig) );
secmem_term();
exit( 2 );
}
static RETSIGTYPE
got_usr_signal( int sig )
{
caught_sigusr1 = 1;
}
static void
do_sigaction( int sig, struct sigaction *nact )
{
struct sigaction oact;
sigaction( sig, NULL, &oact );
if( oact.sa_handler != SIG_IGN )
sigaction( sig, nact, NULL);
}
void
init_signals()
{
#if 0
struct sigaction nact;
nact.sa_handler = print_and_exit;
sigemptyset (&nact.sa_mask);
nact.sa_handler = got_fatal_signal;
sigemptyset( &nact.sa_mask );
nact.sa_flags = 0;
sigaction( SIGINT, &nact, NULL );
sigaction( SIGHUP, &nact, NULL );
sigaction( SIGTERM, &nact, NULL );
#endif
do_sigaction( SIGINT, &nact );
do_sigaction( SIGHUP, &nact );
do_sigaction( SIGTERM, &nact );
do_sigaction( SIGQUIT, &nact );
nact.sa_handler = got_usr_signal;
sigaction( SIGUSR1, &nact, NULL );
}
void
pause_on_sigusr( int which )
{
sigset_t mask, oldmask;
assert( which == 1 );
sigemptyset( &mask );
sigaddset( &mask, SIGUSR1 );
sigprocmask( SIG_BLOCK, &mask, &oldmask );
while( !caught_sigusr1 )
sigsuspend( &oldmask );
caught_sigusr1 = 0;
sigprocmask( SIG_UNBLOCK, &mask, NULL );
}

174
g10/status.c
View file

@ -22,26 +22,45 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#ifdef USE_SHM_COPROCESSING
#ifdef HAVE_SYS_IPC_H
#include <sys/ipc.h>
#endif
#ifdef HAVE_SYS_SHM_H
#include <sys/shm.h>
#endif
#endif
#include "util.h"
#include "status.h"
#include "ttyio.h"
#include "options.h"
#include "main.h"
static int fd = -1;
#ifdef USE_SHM_COPROCESSING
static int shm_id = -1;
static volatile char *shm_area;
static size_t shm_size;
static int shm_is_locked;
#endif /*USE_SHM_COPROCESSING*/
void
set_status_fd( int newfd )
set_status_fd ( int newfd )
{
fd = newfd;
}
void
write_status( int no )
write_status ( int no )
{
write_status_text( no, NULL );
}
void
write_status_text( int no, const char *text)
write_status_text ( int no, const char *text)
{
const char *s;
@ -64,6 +83,10 @@ write_status_text( int no, const char *text)
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break;
case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break;
case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break;
case STATUS_SHM_INFO : s = "SHM_INFO\n"; break;
case STATUS_SHM_GET : s = "SHM_GET\n"; break;
case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break;
case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break;
default: s = "?\n"; break;
}
@ -78,3 +101,148 @@ write_status_text( int no, const char *text)
write( fd, s, strlen(s) );
}
#ifdef USE_SHM_COPROCESSING
void
init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
{
char buf[100];
requested_shm_size = (requested_shm_size + 4095) & ~4095;
if ( requested_shm_size > 2 * 4096 )
log_fatal("too much shared memory requested; only 8k are allowed\n");
shm_size = 4096 /* one page for us */ + requested_shm_size;
/* FIXME: Need other permissions ... */
shm_id = shmget( IPC_PRIVATE, shm_size, IPC_CREAT | 0777 );
if ( shm_id == -1 )
log_fatal("can't get %uk of shared memory: %s\n",
(unsigned)shm_size/1024, strerror(errno));
shm_area = shmat( shm_id, 0, 0 );
if ( shm_area == (char*)-1 )
log_fatal("can't attach %uk shared memory: %s\n",
(unsigned)shm_size/1024, strerror(errno));
log_info("mapped %uk shared memory at %p, id=%d\n",
(unsigned)shm_size/1024, shm_area, shm_id );
if( lock_mem ) {
if ( shmctl (shm_id, SHM_LOCK, 0) )
log_info("Locking shared memory %d failed: %s\n",
shm_id, strerror(errno));
else
shm_is_locked = 1;
}
#ifdef IPC_RMID_DEFERRED_RELEASE
if ( shmctl ( shm_id, IPC_RMID, 0) )
log_fatal("shmctl IPC_RMDID of %d failed: %s\n",
shm_id, strerror(errno));
#else
#error Must add a cleanup function
#endif
/* write info; Protocol version, id, size, locked size */
sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(),
shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 );
write_status_text( STATUS_SHM_INFO, buf );
}
/****************
* Request a string from client
* If bool, returns static string on true (do not free) or NULL for false
*/
static char *
do_shm_get( const char *keyword, int hidden, int bool )
{
size_t n;
byte *p;
char *string;
if( !shm_area )
BUG();
shm_area[0] = 0; /* msb of length of control block */
shm_area[1] = 32; /* and lsb */
shm_area[2] = 1; /* indicate that we are waiting on a reply */
shm_area[3] = 0; /* clear data available flag */
write_status_text( bool? STATUS_SHM_GET_BOOL :
hidden? STATUS_SHM_GET_HIDDEN : STATUS_SHM_GET, keyword );
do {
pause_on_sigusr(1);
if( shm_area[0] || shm_area[1] != 32 || shm_area[2] != 1 )
log_fatal("client modified shm control block - abort\n");
} while( !shm_area[3] );
shm_area[2] = 0; /* reset request flag */
p = (byte*)shm_area+32;
n = p[0] << 8 | p[1];
p += 2;
if( n+32+2+1 > 4095 )
log_fatal("client returns too large data (%u bytes)\n", (unsigned)n );
if( bool )
return p[0]? "" : NULL;
string = hidden? m_alloc_secure( n+1 ) : m_alloc( n+1 );
memcpy(string, p, n );
string[n] = 0; /* make sure it is a string */
if( hidden ) /* invalidate the memory */
memset( p, 0, n );
return string;
}
#endif /* USE_SHM_COPROCESSING */
int
cpr_enabled()
{
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return 1;
#endif
return 0;
}
char *
cpr_get( const char *keyword, const char *prompt )
{
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return do_shm_get( keyword, 0, 0 );
#endif
return tty_get( prompt );
}
char *
cpr_get_hidden( const char *keyword, const char *prompt )
{
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return do_shm_get( keyword, 1, 0 );
#endif
return tty_get_hidden( prompt );
}
void
cpr_kill_prompt(void)
{
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return;
#endif
return tty_kill_prompt();
}
int
cpr_get_answer_is_yes( const char *keyword, const char *prompt )
{
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return !!do_shm_get( keyword, 0, 1 );
#endif
return tty_get_answer_is_yes( prompt );
}

20
g10/status.h
View file

@ -42,12 +42,26 @@
#define STATUS_TRUST_FULLY 14
#define STATUS_TRUST_ULTIMATE 15
#define STATUS_SHM_INFO 16
#define STATUS_SHM_GET 17
#define STATUS_SHM_GET_BOOL 18
#define STATUS_SHM_GET_HIDDEN 19
/*-- status.c --*/
void set_status_fd( int fd );
void write_status( int no );
void write_status_text( int no, const char *text);
void set_status_fd ( int fd );
void write_status ( int no );
void write_status_text ( int no, const char *text );
#ifdef USE_SHM_COPROCESSING
void init_shm_coprocessing ( ulong requested_shm_size, int lock_mem );
#endif /*USE_SHM_COPROCESSING*/
int cpr_enabled(void);
char *cpr_get( const char *keyword, const char *prompt );
char *cpr_get_hidden( const char *keyword, const char *prompt );
void cpr_kill_prompt(void);
int cpr_get_answer_is_yes( const char *keyword, const char *prompt );
#endif /*G10_STATUS_H*/