2005-04-15 Marcus Brinkmann <marcus@g10code.de>

* configure.ac: Check for /usr/bin/shred and define SHRED. tools/ 2005-04-15 Marcus Brinkmann <marcus@g10code.de> * symcryptrun.c (remove_file): New function. (confucius_copy_file): Accept new argument PLAIN and shred the file if it is set on error.
2025-01-03 12:11:33 +01:00 · 2005-04-15 02:24:44 +00:00 · 2005-04-15 02:24:44 +00:00 · e0d6d1c476
commit e0d6d1c476
parent f527f721d4
4 changed files with 90 additions and 19 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 2005-04-15  Marcus Brinkmann  <marcus@g10code.de>

+	* configure.ac: Check for /usr/bin/shred and define SHRED.
+	
 	* configure.ac: Add --enable-symcryptrun, disabled by default.
 	Define automake variable BUILD_SYMCRYPTRUN.
 	Check for openpty -lutil, define LIBUTIL_LIBS.
--- a/configure.ac
+++ b/configure.ac
@ -470,8 +470,18 @@ AC_SUBST(LIBUSB_LIBS)
 AC_CHECK_FUNCS(usb_create_match)

 #
-# libutil has openpty() and login_tty().
+# Check wether it is necessary to link against libdl.
 #
+LIBS=""
+AC_SEARCH_LIBS(dlopen, c dl,,,)
+DL_LIBS=$LIBS
+AC_SUBST(DL_LIBS)
+
+#
+# Checks for symcryptrun:
+#
+
+# libutil has openpty() and login_tty().
 AC_CHECK_LIB(util, openpty,
              [ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
                AC_DEFINE(HAVE_LIBUTIL,1,
@ -479,13 +489,10 @@ AC_CHECK_LIB(util, openpty,
             ])
 AC_SUBST(LIBUTIL_LIBS)

-#
-# Check wether it is necessary to link against libdl.
-#
-LIBS=""
-AC_SEARCH_LIBS(dlopen, c dl,,,)
-DL_LIBS=$LIBS
-AC_SUBST(DL_LIBS)
+# shred is used to clean temporary plain text files.
+AC_PATH_PROG(SHRED, shred, /usr/bin/shred)
+AC_DEFINE_UNQUOTED(SHRED,
+	"${SHRED}", [defines the filename of the shred program])

 #
 # OpenSC is needed by the SCdaemon - if it is not availbale we can only
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@ -1,5 +1,9 @@
 2005-04-15  Marcus Brinkmann  <marcus@g10code.de>

+	* symcryptrun.c (remove_file): New function.
+	(confucius_copy_file): Accept new argument PLAIN and shred the
+	file if it is set on error.
+
 	* Makefile.am: Define symcryptrun make variable depending on
 	BUILD_SYMCRYPTUN.
 	(bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun.
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@ -216,6 +216,61 @@ i18n_init(void)
 #endif
 }

+
+/* Unlink a file, and shred it if SHRED is true.  */
+int
+remove_file (char *name, int shred)
+{
+  if (!shred)
+    return unlink (name);
+  else
+    {
+      int status;
+      pid_t pid;
+
+      pid = fork ();
+      if (pid == 0)
+	{
+	  /* Child.  */
+	  
+	  /* -f forces file to be writable, and -u unlinks it afterwards.  */
+	  char *args[] = { SHRED, "-uf", name, NULL };
+	  
+	  execv (SHRED, args);
+	  _exit (127);
+	}
+      else if (pid < 0)
+	{
+	  /* Fork failed.  */
+	  status = -1;
+	}
+      else
+	{
+	  /* Parent.  */
+	  
+	  if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
+	    status = -1;
+	}
+      
+      if (!WIFEXITED (status))
+	{
+	  log_error (_("%s on %s aborted with status %i\n"),
+		     SHRED, name, status);
+	  unlink (name);
+	  return 1;
+	}
+      else if (WEXITSTATUS (status))
+	{
+	  log_error (_("%s on %s failed with status %i\n"), SHRED, name,
+		     WEXITSTATUS (status));
+	  unlink (name);
+	  return 1;
+	}
+
+      return 0;
+    }
+}
+

 /* Class Confucius.

@ -248,9 +303,11 @@ confucius_mktmpdir (void)
 #define CONFUCIUS_LINESIZE 4096


-/* Copy the file IN to OUT, either of which may be "-".  */
+/* Copy the file IN to OUT, either of which may be "-".  If PLAIN is
+   true, and the copying fails, and OUT is not STDOUT, then shred the
+   file instead unlinking it.  */
 static int
-confucius_copy_file (const char *infile, const char *outfile)
+confucius_copy_file (char *infile, char *outfile, int plain)
 {
  FILE *in;
  int in_is_stdin = 0;
@ -327,7 +384,8 @@ confucius_copy_file (const char *infile, const char *outfile)

 copy_err:
  if (!out_is_stdout)
-    unlink (outfile);
+    remove_file (outfile, plain);
+
  return 1;
 }

@ -712,7 +770,7 @@ confucius_main (int mode)
  strcat (outfile, "/out");

  /* Create INFILE and fill it with content.  */
-  res = confucius_copy_file ("-", infile);
+  res = confucius_copy_file ("-", infile, mode == oEncrypt);
  if (res)
    {
      free (outfile);
@ -726,8 +784,8 @@ confucius_main (int mode)
  res = confucius_process (mode, infile, outfile);
  if (res)
    {
-      unlink (outfile);
-      unlink (infile);
+      remove_file (outfile, mode == oDecrypt);
+      remove_file (infile, mode == oEncrypt);
      free (outfile);
      free (infile);
      rmdir (tmpdir);
@ -735,19 +793,19 @@ confucius_main (int mode)
    }

  /* Dump the output file to stdout.  */
-  res = confucius_copy_file (outfile, "-");
+  res = confucius_copy_file (outfile, "-", mode == oDecrypt);
  if (res)
    {
-      unlink (outfile);
-      unlink (infile);
+      remove_file (outfile, mode == oDecrypt);
+      remove_file (infile, mode == oEncrypt);
      free (outfile);
      free (infile);
      rmdir (tmpdir);
      return res;
    }
  
-  unlink (outfile);
-  unlink (infile);
+  remove_file (outfile, mode == oDecrypt);
+  remove_file (infile, mode == oEncrypt);
  free (outfile);
  free (infile);
  rmdir (tmpdir);