RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 24-Aug-2007 22:18:29
Branch: HEAD Handle: 2007082421182801
Modified files:
rpm CHANGES
rpm/lib signature.c
rpm/rpmio getpass.c tpw.c
Log:
- use keyutils to get password out of rpm's address space. disabled.
Summary:
Revision Changes Path
1.1599 +1 -0 rpm/CHANGES
2.181 +46 -2 rpm/lib/signature.c
1.5 +15 -1 rpm/rpmio/getpass.c
1.2 +1 -1 rpm/rpmio/tpw.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1598 -r1.1599 CHANGES
--- rpm/CHANGES 21 Aug 2007 03:41:51 -0000 1.1598
+++ rpm/CHANGES 24 Aug 2007 20:18:28 -0000 1.1599
@@ -1,4 +1,5 @@
4.5 -> 5.0:
+ - jbj: use keyutils to get password out of rpm's address space. disabled.
- jbj: start ripping availablePackages.
- jbj: rpmtsDbmode() and rpmtsSetDbmode() added for rpmts-py.c opaqueness.
- jbj: start marking availablePackages for destruction.
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/signature.c
============================================================================
$ cvs diff -u -r2.180 -r2.181 signature.c
--- rpm/lib/signature.c 17 Aug 2007 16:04:51 -0000 2.180
+++ rpm/lib/signature.c 24 Aug 2007 20:18:28 -0000 2.181
@@ -3,6 +3,9 @@
*/
#include "system.h"
+#if defined(HAVE_KEYUTILS_H)
+#include <keyutils.h>
+#endif
#include "rpmio_internal.h"
#include <rpmlib.h>
@@ -533,6 +536,7 @@
char *const *av;
pgpDig dig = NULL;
pgpDigParams sigp = NULL;
+ const char * pw = NULL;
int rc;
(void) stpcpy( stpcpy(sigfile, file), ".sig");
@@ -566,12 +570,31 @@
delMacro(NULL, "__plaintext_filename");
delMacro(NULL, "__signature_filename");
+#if defined(XXX_HAVE_KEYUTILS_H)
+ if (!strcmp(passPhrase, "@u user rpm:passwd")) {
+ key_serial_t key, keyring = KEY_SPEC_USER_KEYRING;
+ int xx;
+
+ if ((key = keyctl_search(keyring, "user", "rpm:passwd", 0) != 0)
+ && (xx = keyctl_read_alloc(key, (void **)&pw)) < 0) {
+ rpmError(RPMERR_SIGGEN, _("Failed %s(%d): %s\n"),
+ "keyctl_read_alloc", xx, strerror(errno));
+ return 1;
+ }
+ } else
+#endif
+ pw = passPhrase;
+
fpipe = fdopen(inpipe[1], "w");
(void) close(inpipe[0]);
if (fpipe) {
- fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
+ fprintf(fpipe, "%s\n", (pw ? pw : ""));
(void) fclose(fpipe);
}
+ if (pw && pw != passPhrase) {
+ (void) memset((void *)pw, 0, strlen(pw));
+ pw = _free(pw);
+ }
(void) waitpid(pid, &status, 0);
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
@@ -829,6 +852,7 @@
int rpmCheckPassPhrase(const char * passPhrase)
{
+ const char *pw;
int p[2];
int pid, status;
int rc;
@@ -907,11 +931,31 @@
}
}
+#if defined(XXX_HAVE_KEYUTILS_H)
+ if (!strcmp(passPhrase, "@u user rpm:passwd")) {
+ key_serial_t key, keyring = KEY_SPEC_USER_KEYRING;
+ int xx;
+
+ if ((key = keyctl_search(keyring, "user", "rpm:passwd", 0) != 0)
+ && (xx = keyctl_read_alloc(key, (void **)&pw)) < 0) {
+ rpmError(RPMERR_SIGGEN, _("Failed %s(%d): %s\n"),
+ "keyctl_read_alloc", xx, strerror(errno));
+ return 1;
+ }
+ } else
+#endif
+ pw = passPhrase;
+
xx = close(p[0]);
- xx = write(p[1], passPhrase, strlen(passPhrase));
+ xx = write(p[1], pw, strlen(pw));
xx = write(p[1], "\n", 1);
xx = close(p[1]);
+ if (pw && pw != passPhrase) {
+ (void) memset((void *)pw, 0, strlen(pw));
+ pw = _free(pw);
+ }
+
(void) waitpid(pid, &status, 0);
return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/getpass.c
============================================================================
$ cvs diff -u -r1.4 -r1.5 getpass.c
--- rpm/rpmio/getpass.c 10 Jul 2007 12:15:19 -0000 1.4
+++ rpm/rpmio/getpass.c 24 Aug 2007 20:18:29 -0000 1.5
@@ -12,9 +12,23 @@
char * _GetPass(const char * prompt)
{
+ char * pw;
+
/*@-unrecog@*/
- return getpass( prompt ? prompt : "" );
+ pw = getpass( prompt ? prompt : "" );
/*@=unrecog@*/
+
+#if defined(XXX_HAVE_KEYUTILS_H)
+ if (pw && *pw) {
+ size_t npw = strlen(pw);
+ int keyring = KEY_SPEC_USER_KEYRING;
+ (void) add_key("user", "rpm:passwd", pw, npw, keyring);
+ (void) memset(pw, 0, npw); /* burn the password */
+ pw = "@u user rpm:passwd";
+ }
+#endif
+
+ return pw;
}
char * _RequestPass(const char * prompt)
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/tpw.c
============================================================================
$ cvs diff -u -r1.1 -r1.2 tpw.c
--- rpm/rpmio/tpw.c 22 Aug 2007 19:09:16 -0000 1.1
+++ rpm/rpmio/tpw.c 24 Aug 2007 20:18:29 -0000 1.2
@@ -14,7 +14,7 @@
NULL, NULL },
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, rpmcliAllPoptTable, 0,
- N_("Common options for all rpm modes and executables:"),
+ N_("Common options:"),
NULL },
POPT_AUTOALIAS
@@ .
Received on Fri Aug 24 22:18:29 2007