34970 – patch for ports/security/pks

Bug 34970 - patch for ports/security/pks

Summary: patch for ports/security/pks

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Kris Kennaway

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-02-15 16:10 UTC by jharris
Modified:	2002-04-19 23:23 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jharris 2002-02-15 16:10:05 UTC

	This patch adds the following to pks:
		HKP (WWW) key submissions disabled by default, enabled via
		  configuration file
		nicer formatting of long (SHA-1) fingerprints
		pksdctl usage() shows available commands/arguments
		manual page fixes

Fix: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

===================================================================
RCS file: globals.h,v
retrieving revision 1.15


iD8DBQE8bTA3SypIl9OdoOMRAhHBAKDAbz5VzhLznykuwg/KVG6qpPCQMACfWqxM
XtcXM1Eq1PQVuvwIBhZDtVw=
=pM1g
-----END PGP SIGNATURE-------JAOMLg9X1Po35Pqo4KgpOjeUbkyolgJslVBlIyjn0MoqDdEg
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

diff -u -r1.15 globals.h
--- globals.h	1999/07/20 05:02:45	1.15
+++ globals.h	2001/09/02 03:43:32
@@ -13,7 +13,7 @@
    "42.17.2+magicfeature", or "42.17.3+joe".  Don't remove any
    existing modifiers. */
 
-#define PKS_VERSION "0.9.4+patch2"
+#define PKS_VERSION "0.9.4+patch2+JHpatch1"
 
 #ifdef DEBUG
 extern int debug;
===================================================================
RCS file: kd_index.c,v
retrieving revision 1.16
diff -u -r1.16 kd_index.c
--- kd_index.c	1999/09/23 03:19:36	1.16
+++ kd_index.c	2001/09/02 04:00:23
@@ -122,6 +122,7 @@
 
 int keys_elem_genindex(void *e, void *c)
 {
+
    keys_elem *ke = (keys_elem *) e;
    keg_state *s = (keg_state *) c;
    gi_state gis;
@@ -131,6 +132,8 @@
    SHS_CTX sha;
    unsigned char hash[20];
    int i;
+   unsigned int pos = 0;
+
 
    /* pgp does gmtime, so we do, too */
    c_tm = gmtime(&(ke->create_time));
@@ -163,24 +166,33 @@
          MD5Final(hash, &md5ctx);
       }
 
-      for (i=0; i<8; i++)
-         sprintf(buf+i*3, "%02X ", hash[i]);
-      buf[24] = ' ';
-      for (i=8; i<16; i++)
-	 sprintf(buf+1+i*3, "%02X ", hash[i]);
+      pos = 0;
+      // print longer SHA-1 hashes differently
       if (ke->keytype == 16 || ke->keytype == 17) {
-         buf[49] = ' ';
-         for (i=16; i<20; i++)
-	    sprintf(buf+2+i*3, "%02X ", hash[i]);
-         buf[62] = '\n';
-      } else {
-         buf[48] = '\n';
-      }
+	for (i = 0; i < 20; i += 2) {
+	  sprintf (&buf[pos], "%02X%02X ", hash[i], hash[i+1]);
+	  pos += 5; // just added n chars...
+	  // add another space halfway through...
+	  if (i == 8) {
+	    buf[pos] = ' ';
+	    pos++;
+	  }
+	} // for i
+	pos--; // remove last space
+	buf[pos] = '\n';
+      } else { // if keytype != 16 or 17
+	for (i=0; i<8; i++)
+	  sprintf(buf+i*3, "%02X ", hash[i]);
+	buf[24] = ' ';
+	for (i=8; i<16; i++)
+	  sprintf(buf+1+i*3, "%02X ", hash[i]);
+	buf[48] = '\n';
+      } // if else on keytype
 
-      if (!xbuffer_append_str(s->xb, "          Key fingerprint =  "))
+      if (!xbuffer_append_str(s->xb, "     Key fingerprint = "))
 	 return(0);
       if (ke->keytype == 16 || ke->keytype == 17) {
-         if (!xbuffer_append(s->xb, (unsigned char *) buf, 63))
+         if (!xbuffer_append(s->xb, (unsigned char *) buf, 51))
 	    return(0);
       } else {
          if (!xbuffer_append(s->xb, (unsigned char *) buf, 49))
===================================================================
RCS file: pks_config.c,v
retrieving revision 1.13
diff -u -r1.13 pks_config.c
--- pks_config.c	1999/05/20 03:39:51	1.13
+++ pks_config.c	2001/09/02 04:05:57
@@ -20,6 +20,7 @@
 const pks_config default_config = {
    "/var/spool/pks/etc/db",
    0,
+   1,
    "/var/spool/pks/pksd_socket",
    "",
    "root",
@@ -40,6 +41,9 @@
 const char www_port_str[] = "www_port";
 long www_port_len = sizeof(www_port_str)-1;
 
+const char www_readonly_str[] = "www_readonly";
+long www_readonly_len = sizeof(www_readonly_str)-1;
+
 const char sockname_str[] = "socket_name";
 long sockname_len = sizeof(sockname_str)-1;
 
@@ -147,6 +151,7 @@
 
       if (str_conf(db_dir_str, db_dir_len, pc->db_dir))
       else if (num_conf(www_port_str, www_port_len, pc->www_port))
+     else if (num_conf(www_readonly_str, www_readonly_len, pc->www_readonly))
       else if (str_conf(sockname_str, sockname_len, pc->socket_name))
       else if (str_conf(mdc_str, mdc_len, pc->mail_delivery_client))
       else if (str_conf(maint_str, maint_len, pc->maintainer_email))
===================================================================
RCS file: pks_config.h,v
retrieving revision 1.11
diff -u -r1.11 pks_config.h
--- pks_config.h	1999/05/20 03:39:52	1.11
+++ pks_config.h	2001/09/02 04:07:18
@@ -16,6 +16,7 @@
 
    /* web server stuff */
    int www_port;
+  int www_readonly;
 
    /* mail server stuff */
    char socket_name[1024];
===================================================================
RCS file: pks_www.c,v
retrieving revision 1.19
diff -u -r1.19 pks_www.c
--- pks_www.c	1999/06/02 06:06:01	1.19
+++ pks_www.c	2001/09/02 04:14:22
@@ -529,5 +529,6 @@
 void pks_www_init(pks_www_conf *conf)
 {
    www_init(conf->port, pks_www, conf);
-   www_init(conf->db_dir, pks_www, conf);
+   //www_init(conf->db_dir, pks_www, conf); // wtf?  This snuck in via
+                                            // NetBSD's patch-ac...
 }
===================================================================
RCS file: pks_www.h,v
retrieving revision 1.4
diff -u -r1.4 pks_www.h
--- pks_www.h	1999/05/20 03:39:52	1.4
+++ pks_www.h	2001/09/02 04:15:06
@@ -12,6 +12,7 @@
 
 typedef struct _pks_www_conf {
    int port;
+  int readonly;
    int max_reply_keys;
    char *db_dir;
    pks_incr_conf *pic;
===================================================================
RCS file: pksd.8,v
retrieving revision 1.3
diff -u -r1.3 pksd.8
--- pksd.8	1999/06/02 06:07:30	1.3
+++ pksd.8	2001/09/02 04:15:53
@@ -17,7 +17,7 @@
 
 The server takes a single argument, which is the name of the
 configuration file.  The format of this file is documented in
-\fBpksd.conf(8)\fR.
+\fBpksd.conf(5)\fR.
 
 The server supports queries via the web and via an email interface.
 The web interface implements a few form URI's which are described in
===================================================================
RCS file: pksd.c,v
retrieving revision 1.24
diff -u -r1.24 pksd.c
--- pksd.c	1999/05/31 20:21:20	1.24
+++ pksd.c	2001/09/02 04:17:59
@@ -84,6 +84,7 @@
    psc.mrc = &mrc;
 
    pwc.port = pc.www_port;
+   pwc.readonly = pc.www_readonly;
    pwc.db_dir = pc.db_dir;
    pwc.max_reply_keys = pc.max_reply_keys;
    pwc.pic = &pic;
===================================================================
RCS file: pksd.conf.5,v
retrieving revision 1.7
diff -u -r1.7 pksd.conf.5
--- pksd.conf.5	1999/05/17 05:20:20	1.7
+++ pksd.conf.5	2001/09/02 04:19:53
@@ -42,6 +42,13 @@
 .BR 0 ,
 then HTTP connections are not accepted on any port.
 .TP
+.B www_readonly
+This controls key updates/submissions via HTTP.  If it is
+.BR 0 ,
+then keys may be submitted via HTTP.  The DEFAULT is
+.BR 1,
+which DOES NOT allow key updates/submissions via HTTP.
+.TP
 .B socket_name
 This is the name of the unix domain socket on which
 .B pksd(8)
===================================================================
RCS file: pksdctl.c,v
retrieving revision 1.11
diff -u -r1.11 pksdctl.c
--- pksdctl.c	1999/05/17 05:20:20	1.11
+++ pksdctl.c	2001/09/02 04:20:57
@@ -20,6 +20,11 @@
 void usage(char *argv0)
 {
    fprintf(stderr, "usage: %s socket string\n", argv0);
+   fprintf(stderr, "usage:  %s <pksd socket> <command> [arg]\n", argv0);
+   fprintf(stderr, "  commands:  mail <msg>\n");
+   fprintf(stderr, "             disable <userid>\n");
+   fprintf(stderr, "             shutdown\n");
+
    exit(1);
 }
 
===================================================================
RCS file: www.c,v
retrieving revision 1.25
diff -u -r1.25 www.c
--- www.c	1999/06/02 06:08:16	1.25
+++ www.c	2001/09/02 04:26:28
@@ -21,6 +21,7 @@
 #include "www.h"
 #include "globals.h"
 #include "parse.h"
+#include "pks_www.h"
 
 static const long hexchar[] = {
    256,256,256,256,256,256,256,256,256,256,256,256,256,256,256,256,
@@ -140,6 +141,7 @@
 typedef struct _hh_state {
    httphandler h;
    xbuffer xb;
+  unsigned int readonly;
    void *c;
    long ptr;
    long method, uri, method_len, uri_len;
@@ -148,10 +150,12 @@
 
 static void reader(int fd, unsigned char *input, long len, int done, void *c)
 {
-   hh_state *s = (hh_state *) c;
 
+   hh_state *s = (hh_state *) c;
    long ptr, cnt;
    long dummy, dummy_len;
+   unsigned int readonly = s->readonly;
+
 
    if (done < 0) {
       xbuffer_free(&(s->xb));
@@ -360,7 +364,7 @@
 	 }
       }
    } else if (is_token(input+s->method, s->method_len, post, post_len, 0)) {
-      if (s->content_length == 0) {
+      if ((s->content_length == 0) || readonly) {
 	 www_reply(fd, 1000, 400, bad_request, NULL, 0);
 	 mp_delete_read(fd);
 	 xbuffer_free(&(s->xb));
@@ -484,6 +488,7 @@
 
    hhs->h = h;
    hhs->c = c;
+   hhs->readonly = ((pks_www_conf *)c)->readonly;
    xbuffer_alloc(&(hhs->xb));
    hhs->ptr = 0;
    hhs->uri = -1;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
How-To-Repeat: 	apply patch below

Comment 1 Pete Fritchman freebsd_committer

2002-02-20 06:45:08 UTC

Responsible Changed
From-To: freebsd-ports->kris

Over to maintainer

Comment 2 jharris 2002-02-22 17:23:11 UTC

I request maintainership of this port as well.

Comment 3 Kris Kennaway freebsd_committer

2002-04-19 23:23:45 UTC

State Changed
From-To: open->closed

Patch committed, sorry for the delay.