mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
a9e0905342
* agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
504 lines
12 KiB
C
504 lines
12 KiB
C
/* gpg-check-pattern.c - A tool to check passphrases against pattern.
|
||
* Copyright (C) 2007 Free Software Foundation, Inc.
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 3 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||
*/
|
||
|
||
#include <config.h>
|
||
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
#include <stddef.h>
|
||
#include <stdarg.h>
|
||
#include <string.h>
|
||
#include <errno.h>
|
||
#include <assert.h>
|
||
#ifdef HAVE_LOCALE_H
|
||
# include <locale.h>
|
||
#endif
|
||
#ifdef HAVE_LANGINFO_CODESET
|
||
# include <langinfo.h>
|
||
#endif
|
||
#ifdef HAVE_DOSISH_SYSTEM
|
||
# include <fcntl.h> /* for setmode() */
|
||
#endif
|
||
#include <sys/stat.h>
|
||
#include <sys/types.h>
|
||
#include <regex.h>
|
||
#include <ctype.h>
|
||
|
||
#include "util.h"
|
||
#include "i18n.h"
|
||
#include "sysutils.h"
|
||
#include "../common/init.h"
|
||
|
||
|
||
enum cmd_and_opt_values
|
||
{ aNull = 0,
|
||
oVerbose = 'v',
|
||
oArmor = 'a',
|
||
oPassphrase = 'P',
|
||
|
||
oProtect = 'p',
|
||
oUnprotect = 'u',
|
||
oNull = '0',
|
||
|
||
oNoVerbose = 500,
|
||
oCheck,
|
||
|
||
oHomedir
|
||
};
|
||
|
||
|
||
/* The list of commands and options. */
|
||
static ARGPARSE_OPTS opts[] = {
|
||
|
||
{ 301, NULL, 0, N_("@Options:\n ") },
|
||
|
||
{ oVerbose, "verbose", 0, "verbose" },
|
||
|
||
{ oHomedir, "homedir", 2, "@" },
|
||
{ oCheck, "check", 0, "run only a syntax check on the patternfile" },
|
||
{ oNull, "null", 0, "input is expected to be null delimited" },
|
||
|
||
{0}
|
||
};
|
||
|
||
|
||
/* Global options are accessed through the usual OPT structure. */
|
||
static struct
|
||
{
|
||
int verbose;
|
||
const char *homedir;
|
||
int checkonly;
|
||
int null;
|
||
} opt;
|
||
|
||
|
||
enum {
|
||
PAT_NULL, /* Indicates end of the array. */
|
||
PAT_STRING, /* The pattern is a simple string. */
|
||
PAT_REGEX /* The pattern is an extended regualr expression. */
|
||
};
|
||
|
||
|
||
/* An object to decibe an item of our pattern table. */
|
||
struct pattern_s
|
||
{
|
||
int type;
|
||
unsigned int lineno; /* Line number of the pattern file. */
|
||
union {
|
||
struct {
|
||
const char *string; /* Pointer to the actual string (nul termnated). */
|
||
size_t length; /* The length of this string (strlen). */
|
||
} s; /*PAT_STRING*/
|
||
struct {
|
||
/* We allocate the regex_t because this type is larger than what
|
||
we need for PAT_STRING and we expect only a few regex in a
|
||
patternfile. It would be a waste of core to have so many
|
||
unused stuff in the table. */
|
||
regex_t *regex;
|
||
} r; /*PAT_REGEX*/
|
||
} u;
|
||
};
|
||
typedef struct pattern_s pattern_t;
|
||
|
||
|
||
|
||
/*** Local prototypes ***/
|
||
static char *read_file (const char *fname, size_t *r_length);
|
||
static pattern_t *parse_pattern_file (char *data, size_t datalen);
|
||
static void process (FILE *fp, pattern_t *patarray);
|
||
|
||
|
||
|
||
|
||
/* Info function for usage(). */
|
||
static const char *
|
||
my_strusage (int level)
|
||
{
|
||
const char *p;
|
||
switch (level)
|
||
{
|
||
case 11: p = "gpg-check-pattern (@GnuPG@)";
|
||
break;
|
||
case 13: p = VERSION; break;
|
||
case 17: p = PRINTABLE_OS_NAME; break;
|
||
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
|
||
|
||
case 1:
|
||
case 40:
|
||
p = _("Usage: gpg-check-pattern [options] patternfile (-h for help)\n");
|
||
break;
|
||
case 41:
|
||
p = _("Syntax: gpg-check-pattern [options] patternfile\n"
|
||
"Check a passphrase given on stdin against the patternfile\n");
|
||
break;
|
||
|
||
default: p = NULL;
|
||
}
|
||
return p;
|
||
}
|
||
|
||
|
||
int
|
||
main (int argc, char **argv )
|
||
{
|
||
ARGPARSE_ARGS pargs;
|
||
char *raw_pattern;
|
||
size_t raw_pattern_length;
|
||
pattern_t *patternarray;
|
||
|
||
early_system_init ();
|
||
set_strusage (my_strusage);
|
||
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
|
||
log_set_prefix ("gpg-check-pattern", 1);
|
||
|
||
/* Make sure that our subsystems are ready. */
|
||
i18n_init ();
|
||
init_common_subsystems (&argc, &argv);
|
||
|
||
/* We need Libgcrypt for hashing. */
|
||
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
|
||
{
|
||
log_fatal ( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
|
||
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
|
||
}
|
||
|
||
setup_libgcrypt_logging ();
|
||
gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);
|
||
|
||
opt.homedir = default_homedir ();
|
||
|
||
pargs.argc = &argc;
|
||
pargs.argv = &argv;
|
||
pargs.flags= 1; /* (do not remove the args) */
|
||
while (arg_parse (&pargs, opts) )
|
||
{
|
||
switch (pargs.r_opt)
|
||
{
|
||
case oVerbose: opt.verbose++; break;
|
||
case oHomedir: opt.homedir = pargs.r.ret_str; break;
|
||
case oCheck: opt.checkonly = 1; break;
|
||
case oNull: opt.null = 1; break;
|
||
|
||
default : pargs.err = 2; break;
|
||
}
|
||
}
|
||
if (log_get_errorcount(0))
|
||
exit (2);
|
||
|
||
if (argc != 1)
|
||
usage (1);
|
||
|
||
/* We read the entire pattern file into our memory and parse it
|
||
using a separate function. This allows us to eventual do the
|
||
reading while running setuid so that the pattern file can be
|
||
hidden from regular users. I am not sure whether this makes
|
||
sense, but lets be prepared for it. */
|
||
raw_pattern = read_file (*argv, &raw_pattern_length);
|
||
if (!raw_pattern)
|
||
exit (2);
|
||
|
||
patternarray = parse_pattern_file (raw_pattern, raw_pattern_length);
|
||
if (!patternarray)
|
||
exit (1);
|
||
if (opt.checkonly)
|
||
return 0;
|
||
|
||
#ifdef HAVE_DOSISH_SYSTEM
|
||
setmode (fileno (stdin) , O_BINARY );
|
||
#endif
|
||
process (stdin, patternarray);
|
||
|
||
return log_get_errorcount(0)? 1 : 0;
|
||
}
|
||
|
||
|
||
|
||
/* Read a file FNAME into a buffer and return that malloced buffer.
|
||
Caller must free the buffer. On error NULL is returned, on success
|
||
the valid length of the buffer is stored at R_LENGTH. The returned
|
||
buffer is guarnteed to be nul terminated. */
|
||
static char *
|
||
read_file (const char *fname, size_t *r_length)
|
||
{
|
||
FILE *fp;
|
||
char *buf;
|
||
size_t buflen;
|
||
|
||
if (!strcmp (fname, "-"))
|
||
{
|
||
size_t nread, bufsize = 0;
|
||
|
||
fp = stdin;
|
||
#ifdef HAVE_DOSISH_SYSTEM
|
||
setmode ( fileno(fp) , O_BINARY );
|
||
#endif
|
||
buf = NULL;
|
||
buflen = 0;
|
||
#define NCHUNK 8192
|
||
do
|
||
{
|
||
bufsize += NCHUNK;
|
||
if (!buf)
|
||
buf = xmalloc (bufsize+1);
|
||
else
|
||
buf = xrealloc (buf, bufsize+1);
|
||
|
||
nread = fread (buf+buflen, 1, NCHUNK, fp);
|
||
if (nread < NCHUNK && ferror (fp))
|
||
{
|
||
log_error ("error reading '[stdin]': %s\n", strerror (errno));
|
||
xfree (buf);
|
||
return NULL;
|
||
}
|
||
buflen += nread;
|
||
}
|
||
while (nread == NCHUNK);
|
||
#undef NCHUNK
|
||
|
||
}
|
||
else
|
||
{
|
||
struct stat st;
|
||
|
||
fp = fopen (fname, "rb");
|
||
if (!fp)
|
||
{
|
||
log_error ("can't open '%s': %s\n", fname, strerror (errno));
|
||
return NULL;
|
||
}
|
||
|
||
if (fstat (fileno(fp), &st))
|
||
{
|
||
log_error ("can't stat '%s': %s\n", fname, strerror (errno));
|
||
fclose (fp);
|
||
return NULL;
|
||
}
|
||
|
||
buflen = st.st_size;
|
||
buf = xmalloc (buflen+1);
|
||
if (fread (buf, buflen, 1, fp) != 1)
|
||
{
|
||
log_error ("error reading '%s': %s\n", fname, strerror (errno));
|
||
fclose (fp);
|
||
xfree (buf);
|
||
return NULL;
|
||
}
|
||
fclose (fp);
|
||
}
|
||
buf[buflen] = 0;
|
||
*r_length = buflen;
|
||
return buf;
|
||
}
|
||
|
||
|
||
|
||
static char *
|
||
get_regerror (int errcode, regex_t *compiled)
|
||
{
|
||
size_t length = regerror (errcode, compiled, NULL, 0);
|
||
char *buffer = xmalloc (length);
|
||
regerror (errcode, compiled, buffer, length);
|
||
return buffer;
|
||
}
|
||
|
||
/* Parse the pattern given in the memory aread DATA/DATALEN and return
|
||
a new pattern array. The end of the array is indicated by a NULL
|
||
entry. On error an error message is printed and the function
|
||
returns NULL. Note that the function modifies DATA and assumes
|
||
that data is nul terminated (even if this is one byte past
|
||
DATALEN). */
|
||
static pattern_t *
|
||
parse_pattern_file (char *data, size_t datalen)
|
||
{
|
||
char *p, *p2;
|
||
size_t n;
|
||
pattern_t *array;
|
||
size_t arraysize, arrayidx;
|
||
unsigned int lineno = 0;
|
||
|
||
/* Estimate the number of entries by counting the non-comment lines. */
|
||
arraysize = 0;
|
||
p = data;
|
||
for (n = datalen; n && (p2 = memchr (p, '\n', n)); p2++, n -= p2 - p, p = p2)
|
||
if (*p != '#')
|
||
arraysize++;
|
||
arraysize += 2; /* For the terminating NULL and a last line w/o a LF. */
|
||
|
||
array = xcalloc (arraysize, sizeof *array);
|
||
arrayidx = 0;
|
||
|
||
/* Loop over all lines. */
|
||
while (datalen && data)
|
||
{
|
||
lineno++;
|
||
p = data;
|
||
p2 = data = memchr (p, '\n', datalen);
|
||
if (p2)
|
||
{
|
||
*data++ = 0;
|
||
datalen -= data - p;
|
||
}
|
||
else
|
||
p2 = p + datalen;
|
||
assert (!*p2);
|
||
p2--;
|
||
while (isascii (*p) && isspace (*p))
|
||
p++;
|
||
if (*p == '#')
|
||
continue;
|
||
while (p2 > p && isascii (*p2) && isspace (*p2))
|
||
*p2-- = 0;
|
||
if (!*p)
|
||
continue;
|
||
assert (arrayidx < arraysize);
|
||
array[arrayidx].lineno = lineno;
|
||
if (*p == '/')
|
||
{
|
||
int rerr;
|
||
|
||
p++;
|
||
array[arrayidx].type = PAT_REGEX;
|
||
if (*p && p[strlen(p)-1] == '/')
|
||
p[strlen(p)-1] = 0; /* Remove optional delimiter. */
|
||
array[arrayidx].u.r.regex = xcalloc (1, sizeof (regex_t));
|
||
rerr = regcomp (array[arrayidx].u.r.regex, p,
|
||
REG_ICASE|REG_NOSUB|REG_EXTENDED);
|
||
if (rerr)
|
||
{
|
||
char *rerrbuf = get_regerror (rerr, array[arrayidx].u.r.regex);
|
||
log_error ("invalid r.e. at line %u: %s\n", lineno, rerrbuf);
|
||
xfree (rerrbuf);
|
||
if (!opt.checkonly)
|
||
exit (1);
|
||
}
|
||
}
|
||
else
|
||
{
|
||
array[arrayidx].type = PAT_STRING;
|
||
array[arrayidx].u.s.string = p;
|
||
array[arrayidx].u.s.length = strlen (p);
|
||
}
|
||
arrayidx++;
|
||
}
|
||
assert (arrayidx < arraysize);
|
||
array[arrayidx].type = PAT_NULL;
|
||
|
||
return array;
|
||
}
|
||
|
||
|
||
/* Check whether string macthes any of the pattern in PATARRAY and
|
||
returns the matching pattern item or NULL. */
|
||
static pattern_t *
|
||
match_p (const char *string, pattern_t *patarray)
|
||
{
|
||
pattern_t *pat;
|
||
|
||
if (!*string)
|
||
{
|
||
if (opt.verbose)
|
||
log_info ("zero length input line - ignored\n");
|
||
return NULL;
|
||
}
|
||
|
||
for (pat = patarray; pat->type != PAT_NULL; pat++)
|
||
{
|
||
if (pat->type == PAT_STRING)
|
||
{
|
||
if (!strcasecmp (pat->u.s.string, string))
|
||
return pat;
|
||
}
|
||
else if (pat->type == PAT_REGEX)
|
||
{
|
||
int rerr;
|
||
|
||
rerr = regexec (pat->u.r.regex, string, 0, NULL, 0);
|
||
if (!rerr)
|
||
return pat;
|
||
else if (rerr != REG_NOMATCH)
|
||
{
|
||
char *rerrbuf = get_regerror (rerr, pat->u.r.regex);
|
||
log_error ("matching r.e. failed: %s\n", rerrbuf);
|
||
xfree (rerrbuf);
|
||
return pat; /* Better indicate a match on error. */
|
||
}
|
||
}
|
||
else
|
||
BUG ();
|
||
}
|
||
return NULL;
|
||
}
|
||
|
||
|
||
/* Actual processing of the input. This function does not return an
|
||
error code but exits as soon as a match has been found. */
|
||
static void
|
||
process (FILE *fp, pattern_t *patarray)
|
||
{
|
||
char buffer[2048];
|
||
size_t idx;
|
||
int c;
|
||
unsigned long lineno = 0;
|
||
pattern_t *pat;
|
||
|
||
idx = 0;
|
||
c = 0;
|
||
while (idx < sizeof buffer -1 && c != EOF )
|
||
{
|
||
if ((c = getc (fp)) != EOF)
|
||
buffer[idx] = c;
|
||
if ((c == '\n' && !opt.null) || (!c && opt.null) || c == EOF)
|
||
{
|
||
lineno++;
|
||
if (!opt.null)
|
||
{
|
||
while (idx && isascii (buffer[idx-1]) && isspace (buffer[idx-1]))
|
||
idx--;
|
||
}
|
||
buffer[idx] = 0;
|
||
pat = match_p (buffer, patarray);
|
||
if (pat)
|
||
{
|
||
if (opt.verbose)
|
||
log_error ("input line %lu matches pattern at line %u"
|
||
" - rejected\n",
|
||
lineno, pat->lineno);
|
||
exit (1);
|
||
}
|
||
idx = 0;
|
||
}
|
||
else
|
||
idx++;
|
||
}
|
||
if (c != EOF)
|
||
{
|
||
log_error ("input line %lu too long - rejected\n", lineno+1);
|
||
exit (1);
|
||
}
|
||
if (ferror (fp))
|
||
{
|
||
log_error ("input read error at line %lu: %s - rejected\n",
|
||
lineno+1, strerror (errno));
|
||
exit (1);
|
||
}
|
||
if (opt.verbose)
|
||
log_info ("no input line matches the pattern - accepted\n");
|
||
}
|
||
|