import certmonger-0.79.6-5.el8
This commit is contained in:
commit
94b42d705f
1
.certmonger.metadata
Normal file
1
.certmonger.metadata
Normal file
@ -0,0 +1 @@
|
||||
7eac3ce49718df4be8f47ec92ae3a951eb4ac435 SOURCES/certmonger-0.79.6.tar.gz
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/certmonger-0.79.6.tar.gz
|
@ -0,0 +1,293 @@
|
||||
From fd17f002b2f4150a1fddc2582a21c6c03933a28a Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 23 Feb 2018 10:43:44 -0500
|
||||
Subject: [PATCH] NSS crypto policy sets minimum RSA and DSA key size to 2048
|
||||
|
||||
Remove keys < 2048 for the NSS tests. This affects some of the
|
||||
OpenSSL tests as well where they run in a combined loop.
|
||||
|
||||
Where it was not invasive to do I left the 1024/1536 for OpenSSL.
|
||||
---
|
||||
tests/001-keyiread-dsa/expected.out | 6 +++---
|
||||
tests/001-keyiread-dsa/run.sh | 2 +-
|
||||
tests/001-keyiread-rsa/expected.out | 2 --
|
||||
tests/001-keyiread-rsa/run.sh | 2 +-
|
||||
tests/001-keyiread/expected.out | 2 --
|
||||
tests/001-keyiread/run.sh | 2 +-
|
||||
tests/002-keygen-rsa/expected.out | 6 ------
|
||||
tests/002-keygen-rsa/run.sh | 2 +-
|
||||
tests/002-keygen/expected.out | 18 ------------------
|
||||
tests/002-keygen/run.sh | 2 +-
|
||||
tests/003-csrgen-rsa/expected.out | 6 ------
|
||||
tests/003-csrgen-rsa/run.sh | 4 ++--
|
||||
tests/003-csrgen/expected.out | 8 --------
|
||||
tests/003-csrgen/run.sh | 4 ++--
|
||||
tests/004-selfsign-rsa/expected.out | 2 --
|
||||
tests/004-selfsign-rsa/run.sh | 2 +-
|
||||
tests/004-selfsign/expected.out | 2 --
|
||||
tests/004-selfsign/run.sh | 2 +-
|
||||
18 files changed, 14 insertions(+), 60 deletions(-)
|
||||
|
||||
diff --git a/tests/001-keyiread-dsa/expected.out b/tests/001-keyiread-dsa/expected.out
|
||||
index b09db0ae..50643176 100644
|
||||
--- a/tests/001-keyiread-dsa/expected.out
|
||||
+++ b/tests/001-keyiread-dsa/expected.out
|
||||
@@ -1,4 +1,4 @@
|
||||
-OK (DSA:1024).
|
||||
-OK (DSA:1024).
|
||||
-OK (DSA:1024).
|
||||
+OK (DSA:2048).
|
||||
+OK (DSA:2048).
|
||||
+OK (DSA:2048).
|
||||
Test complete.
|
||||
diff --git a/tests/001-keyiread-dsa/run.sh b/tests/001-keyiread-dsa/run.sh
|
||||
index 9f96b3bc..68f6d1c3 100755
|
||||
--- a/tests/001-keyiread-dsa/run.sh
|
||||
+++ b/tests/001-keyiread-dsa/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 ; do
|
||||
+for size in 2048 ; do
|
||||
# Generate a self-signed cert.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
|
||||
index 727897d1..3daa51f2 100644
|
||||
--- a/tests/001-keyiread-rsa/expected.out
|
||||
+++ b/tests/001-keyiread-rsa/expected.out
|
||||
@@ -1,5 +1,3 @@
|
||||
-OK (RSA:1024).
|
||||
-OK (RSA:1536).
|
||||
OK (RSA:2048).
|
||||
OK (RSA:3072).
|
||||
OK (RSA:4096).
|
||||
diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
|
||||
index c7b77686..ec31c7c7 100755
|
||||
--- a/tests/001-keyiread-rsa/run.sh
|
||||
+++ b/tests/001-keyiread-rsa/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Generate a self-signed cert.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
|
||||
index 727897d1..3daa51f2 100644
|
||||
--- a/tests/001-keyiread/expected.out
|
||||
+++ b/tests/001-keyiread/expected.out
|
||||
@@ -1,5 +1,3 @@
|
||||
-OK (RSA:1024).
|
||||
-OK (RSA:1536).
|
||||
OK (RSA:2048).
|
||||
OK (RSA:3072).
|
||||
OK (RSA:4096).
|
||||
diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
|
||||
index ce1428ed..0b31df95 100755
|
||||
--- a/tests/001-keyiread/run.sh
|
||||
+++ b/tests/001-keyiread/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Generate a self-signed cert.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
|
||||
index 3e6e9f3c..f7c146d0 100644
|
||||
--- a/tests/002-keygen-rsa/expected.out
|
||||
+++ b/tests/002-keygen-rsa/expected.out
|
||||
@@ -1,9 +1,3 @@
|
||||
-[nss:1024]
|
||||
-OK.
|
||||
-OK (RSA:1024).
|
||||
-[nss:1536]
|
||||
-OK.
|
||||
-OK (RSA:1536).
|
||||
[nss:2048]
|
||||
OK.
|
||||
OK (RSA:2048).
|
||||
diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
|
||||
index 476f4127..c0c59249 100755
|
||||
--- a/tests/002-keygen-rsa/run.sh
|
||||
+++ b/tests/002-keygen-rsa/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
echo "[nss:$size]"
|
||||
# Generate a key.
|
||||
cat > entry.$size <<- EOF
|
||||
diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
|
||||
index dcd1af06..b8fbea56 100644
|
||||
--- a/tests/002-keygen/expected.out
|
||||
+++ b/tests/002-keygen/expected.out
|
||||
@@ -1,21 +1,3 @@
|
||||
-[nss:1024]
|
||||
-OK.
|
||||
-OK (RSA:1024).
|
||||
-OK.
|
||||
-OK (RSA:1024 after RSA:1024).
|
||||
-OK.
|
||||
-OK (RSA:1024 after RSA:1024).
|
||||
-keyi1024
|
||||
-keyi1024 (candidate (next))
|
||||
-[nss:1536]
|
||||
-OK.
|
||||
-OK (RSA:1536).
|
||||
-OK.
|
||||
-OK (RSA:1536 after RSA:1536).
|
||||
-OK.
|
||||
-OK (RSA:1536 after RSA:1536).
|
||||
-keyi1536
|
||||
-keyi1536 (candidate (next))
|
||||
[nss:2048]
|
||||
OK.
|
||||
OK (RSA:2048).
|
||||
diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
|
||||
index 08af1523..94230e6f 100755
|
||||
--- a/tests/002-keygen/run.sh
|
||||
+++ b/tests/002-keygen/run.sh
|
||||
@@ -7,7 +7,7 @@ scheme="${scheme:-dbm:}"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$scheme$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
echo "[nss:$size]"
|
||||
# Generate a key.
|
||||
cat > entry.$size <<- EOF
|
||||
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
|
||||
index c9dec729..def53fe4 100644
|
||||
--- a/tests/003-csrgen-rsa/expected.out
|
||||
+++ b/tests/003-csrgen-rsa/expected.out
|
||||
@@ -1,10 +1,4 @@
|
||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
-1024 OK.
|
||||
-Signature OK
|
||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
-1536 OK.
|
||||
-Signature OK
|
||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
2048 OK.
|
||||
Signature OK
|
||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
|
||||
index 4cd84084..bb8ebecb 100755
|
||||
--- a/tests/003-csrgen-rsa/run.sh
|
||||
+++ b/tests/003-csrgen-rsa/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Build a self-signed certificate.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
@@ -147,7 +147,7 @@ iterate() {
|
||||
|
||||
iteration=1
|
||||
|
||||
-for size in 1024 ; do
|
||||
+for size in 2048 ; do
|
||||
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment"
|
||||
done
|
||||
|
||||
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
|
||||
index 8e6cac6e..04342c0f 100644
|
||||
--- a/tests/003-csrgen/expected.out
|
||||
+++ b/tests/003-csrgen/expected.out
|
||||
@@ -1,13 +1,5 @@
|
||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
Signature OK
|
||||
-minicert.openssl.1024.pem: OK
|
||||
-1024 OK.
|
||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
-Signature OK
|
||||
-minicert.openssl.1536.pem: OK
|
||||
-1536 OK.
|
||||
-pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
-Signature OK
|
||||
minicert.openssl.2048.pem: OK
|
||||
2048 OK.
|
||||
pk12util: PKCS12 EXPORT SUCCESSFUL
|
||||
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
|
||||
index 7c169ed9..31466b5c 100755
|
||||
--- a/tests/003-csrgen/run.sh
|
||||
+++ b/tests/003-csrgen/run.sh
|
||||
@@ -5,7 +5,7 @@ cd "$tmpdir"
|
||||
source "$srcdir"/functions
|
||||
initnssdb "$tmpdir"
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Build a self-signed certificate.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
@@ -199,7 +199,7 @@ iterate() {
|
||||
|
||||
iteration=1
|
||||
|
||||
-for size in 1024 ; do
|
||||
+for size in 2048 ; do
|
||||
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype"
|
||||
done
|
||||
|
||||
diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
|
||||
index dd5029ec..0eb84ef1 100644
|
||||
--- a/tests/004-selfsign-rsa/expected.out
|
||||
+++ b/tests/004-selfsign-rsa/expected.out
|
||||
@@ -1,5 +1,3 @@
|
||||
-1024 OK.
|
||||
-1536 OK.
|
||||
2048 OK.
|
||||
3072 OK.
|
||||
4096 OK.
|
||||
diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
|
||||
index 6f9285b6..c1dd4c80 100755
|
||||
--- a/tests/004-selfsign-rsa/run.sh
|
||||
+++ b/tests/004-selfsign-rsa/run.sh
|
||||
@@ -33,7 +33,7 @@ function setupca() {
|
||||
EOF
|
||||
}
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Build a self-signed certificate.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
|
||||
index dd5029ec..0eb84ef1 100644
|
||||
--- a/tests/004-selfsign/expected.out
|
||||
+++ b/tests/004-selfsign/expected.out
|
||||
@@ -1,5 +1,3 @@
|
||||
-1024 OK.
|
||||
-1536 OK.
|
||||
2048 OK.
|
||||
3072 OK.
|
||||
4096 OK.
|
||||
diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
|
||||
index 7bb368ec..eb1df4ee 100755
|
||||
--- a/tests/004-selfsign/run.sh
|
||||
+++ b/tests/004-selfsign/run.sh
|
||||
@@ -43,7 +43,7 @@ function setupca() {
|
||||
EOF
|
||||
}
|
||||
|
||||
-for size in 1024 1536 2048 3072 4096 ; do
|
||||
+for size in 2048 3072 4096 ; do
|
||||
# Build a self-signed certificate.
|
||||
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
|
||||
-s "cn=T$size" -c "cn=T$size" \
|
||||
--
|
||||
2.16.2
|
||||
|
788
SOURCES/0002-Convert-tests-to-use-python3.patch
Normal file
788
SOURCES/0002-Convert-tests-to-use-python3.patch
Normal file
@ -0,0 +1,788 @@
|
||||
From 653cd0571fe92c9fd4323f93ff23b9720c00fd5f Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 31 Jul 2018 13:09:02 -0400
|
||||
Subject: [PATCH] Convert tests to use python3
|
||||
|
||||
---
|
||||
tests/028-dbus/expected.out | 32 +-
|
||||
tests/028-dbus/expected.out.nodsa | 22 +-
|
||||
tests/028-dbus/prequal.sh | 8 +-
|
||||
tests/028-dbus/run.sh | 9 +-
|
||||
tests/028-dbus/runsub.sh | 2 +-
|
||||
tests/028-dbus/simpleprop.py | 14 +-
|
||||
tests/028-dbus/walk.py | 392 ++++++++++----------
|
||||
tests/038-ms-v2-template/extract-extdata.py | 5 +-
|
||||
8 files changed, 243 insertions(+), 241 deletions(-)
|
||||
|
||||
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
||||
index ca3179e..1d8bec4 100644
|
||||
--- a/tests/028-dbus/expected.out
|
||||
+++ b/tests/028-dbus/expected.out
|
||||
@@ -1,5 +1,3 @@
|
||||
-Certificate in file "${tmpdir}/test.crt" issued by CA and saved.
|
||||
-Certificate in file "${tmpdir}/test.crt" issued by CA and saved.
|
||||
[[ getcert ]]
|
||||
State MONITORING, stuck: no.
|
||||
Number of certificates and requests being tracked: 1.
|
||||
@@ -187,13 +185,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object
|
||||
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ]
|
||||
-dbus.Array([dbus.String(u'RSA'), dbus.String(u'DSA'), dbus.String(u'EC')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('RSA'), dbus.String('DSA'), dbus.String('EC')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ]
|
||||
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ]
|
||||
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ]
|
||||
OK
|
||||
@@ -433,19 +431,19 @@ Buddy
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
|
||||
-(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
|
||||
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
|
||||
recently
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ]
|
||||
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt'))
|
||||
+(dbus.String('FILE'), dbus.String('$tmpdir/test.crt'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ]
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ]
|
||||
-(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s')))
|
||||
+(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s')))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ]
|
||||
|
||||
@@ -454,19 +452,19 @@ recently
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ]
|
||||
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key'))
|
||||
+(dbus.String('FILE'), dbus.String('$tmpdir/test.key'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ]
|
||||
-(dbus.String(u'RSA'), dbus.Int64(512L))
|
||||
+(dbus.String('RSA'), dbus.Int64(512))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ]
|
||||
1
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ]
|
||||
-(dbus.String(u'stdout'), dbus.String(u'daemon.notice'))
|
||||
+(dbus.String('stdout'), dbus.String('daemon.notice'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ]
|
||||
-(dbus.String(u'MONITORING'), dbus.Boolean(False))
|
||||
+(dbus.String('MONITORING'), dbus.Boolean(False))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ]
|
||||
/org/fedorahosted/certmonger/cas/CA1
|
||||
@@ -482,7 +480,7 @@ recently
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ]
|
||||
1 on /org/fedorahosted/certmonger/requests/Request2
|
||||
-After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
|
||||
+After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ]
|
||||
1
|
||||
@@ -713,7 +711,7 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||
</node>
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||
-$tmpdir/cas/20180327134236
|
||||
+$tmpdir/cas/date
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||
SelfSign
|
||||
@@ -828,7 +826,7 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||
</node>
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||
-$tmpdir/cas/20180327134236-1
|
||||
+$tmpdir/cas/date-1
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||
IPA
|
||||
@@ -941,7 +939,7 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||
</node>
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||
-$tmpdir/cas/20180327134236-2
|
||||
+$tmpdir/cas/date-2
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||
certmaster
|
||||
@@ -1054,7 +1052,7 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||
</node>
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||
-$tmpdir/cas/20180327134236-3
|
||||
+$tmpdir/cas/date-3
|
||||
|
||||
[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
|
||||
dogtag-ipa-renew-agent
|
||||
diff --git a/tests/028-dbus/expected.out.nodsa b/tests/028-dbus/expected.out.nodsa
|
||||
index a23af40..5082ee0 100644
|
||||
--- a/tests/028-dbus/expected.out.nodsa
|
||||
+++ b/tests/028-dbus/expected.out.nodsa
|
||||
@@ -187,13 +187,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object
|
||||
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ]
|
||||
-dbus.Array([dbus.String(u'RSA'), dbus.String(u'EC')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('RSA'), dbus.String('EC')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ]
|
||||
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ]
|
||||
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
|
||||
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
|
||||
|
||||
[ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ]
|
||||
OK
|
||||
@@ -432,19 +432,19 @@ Buddy
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
|
||||
-(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
|
||||
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
|
||||
recently
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ]
|
||||
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt'))
|
||||
+(dbus.String('FILE'), dbus.String('$tmpdir/test.crt'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ]
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ]
|
||||
-(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s')))
|
||||
+(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s')))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ]
|
||||
|
||||
@@ -453,19 +453,19 @@ recently
|
||||
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ]
|
||||
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key'))
|
||||
+(dbus.String('FILE'), dbus.String('$tmpdir/test.key'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ]
|
||||
-(dbus.String(u'RSA'), dbus.Int64(512L))
|
||||
+(dbus.String('RSA'), dbus.Int64(512))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ]
|
||||
1
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ]
|
||||
-(dbus.String(u'stdout'), dbus.String(u'daemon.notice'))
|
||||
+(dbus.String('stdout'), dbus.String('daemon.notice'))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ]
|
||||
-(dbus.String(u'MONITORING'), dbus.Boolean(False))
|
||||
+(dbus.String('MONITORING'), dbus.Boolean(False))
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ]
|
||||
/org/fedorahosted/certmonger/cas/CA1
|
||||
@@ -481,7 +481,7 @@ recently
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ]
|
||||
1 on /org/fedorahosted/certmonger/requests/Request2
|
||||
-After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
|
||||
+After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
|
||||
|
||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ]
|
||||
1
|
||||
diff --git a/tests/028-dbus/prequal.sh b/tests/028-dbus/prequal.sh
|
||||
index e645c19..4fe79c8 100755
|
||||
--- a/tests/028-dbus/prequal.sh
|
||||
+++ b/tests/028-dbus/prequal.sh
|
||||
@@ -9,19 +9,19 @@ if test -z "$DBUSDAEMON" ; then
|
||||
echo dbus-daemon not found
|
||||
exit 1
|
||||
fi
|
||||
-if ! python -c 'import os' 2> /dev/null ; then
|
||||
+if ! python3 -c 'import os' 2> /dev/null ; then
|
||||
echo python not found
|
||||
exit 1
|
||||
fi
|
||||
-if ! python -c 'import dbus' 2> /dev/null ; then
|
||||
+if ! python3 -c 'import dbus' 2> /dev/null ; then
|
||||
echo python-dbus not found
|
||||
exit 1
|
||||
fi
|
||||
-if ! python -c 'import xml' 2> /dev/null ; then
|
||||
+if ! python3 -c 'import xml' 2> /dev/null ; then
|
||||
echo python-xml not found
|
||||
exit 1
|
||||
fi
|
||||
-if ! python -c 'import xml.etree.ElementTree' 2> /dev/null ; then
|
||||
+if ! python3 -c 'import xml.etree.ElementTree' 2> /dev/null ; then
|
||||
echo python-xml does not include etree.ElementTree
|
||||
exit 1
|
||||
fi
|
||||
diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh
|
||||
index c468d51..ee90875 100755
|
||||
--- a/tests/028-dbus/run.sh
|
||||
+++ b/tests/028-dbus/run.sh
|
||||
@@ -23,7 +23,7 @@ EOF
|
||||
$DBUSDAEMON --session --print-address=3 --print-pid=4 --fork 3> $tmpdir/address 4> $tmpdir/pid
|
||||
if test -s $tmpdir/pid ; then
|
||||
env DBUS_SESSION_BUS_ADDRESS=`cat $tmpdir/address` \
|
||||
- $toolsdir/../../src/certmonger-session -n -c $tmpdir/runsub.sh
|
||||
+ $toolsdir/../../src/certmonger-session -n -c $tmpdir/runsub.sh > /dev/null
|
||||
fi
|
||||
kill `cat $tmpdir/pid`
|
||||
|
||||
@@ -33,8 +33,8 @@ now=`date +%s`
|
||||
for i in `seq 240` ; do
|
||||
recently=$(($now-$i))
|
||||
tomorrow=$(($now-$i+24*60*60))
|
||||
- sed -i -e s/^$recently'$/recently/g' -e s/"("$recently"L)"/'(recently)'/g \
|
||||
- -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow"L)"/'(tomorrow)'/g $tmpdir/runsub.out
|
||||
+ sed -i -e s/^$recently'$/recently/g' -e s/"("$recently")"/'(recently)'/g \
|
||||
+ -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow")"/'(tomorrow)'/g $tmpdir/runsub.out
|
||||
done
|
||||
|
||||
cat $tmpdir/runsub.out | \
|
||||
@@ -43,4 +43,5 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \
|
||||
-e "s|$libexecdir|\$libexecdir|g" \
|
||||
-e "s|$tmpdir|\$tmpdir|g" \
|
||||
-e "s|expires:.*|expires: sometime|g" \
|
||||
- -e "s|u'(00)?[0-9a-fA-F]{32}|u'"'$UUID|g'
|
||||
+ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \
|
||||
+ -e "s|cas\/[0-9]{14}|cas\/date|g"
|
||||
diff --git a/tests/028-dbus/runsub.sh b/tests/028-dbus/runsub.sh
|
||||
index 3510d79..fe6766c 100755
|
||||
--- a/tests/028-dbus/runsub.sh
|
||||
+++ b/tests/028-dbus/runsub.sh
|
||||
@@ -22,5 +22,5 @@ echo ""
|
||||
echo "[[ API ]]"
|
||||
for i in ./*.py ; do
|
||||
echo "[" `basename "$i"` "]"
|
||||
- python $i
|
||||
+ python3 $i
|
||||
done
|
||||
diff --git a/tests/028-dbus/simpleprop.py b/tests/028-dbus/simpleprop.py
|
||||
index e4f937e..35d9591 100644
|
||||
--- a/tests/028-dbus/simpleprop.py
|
||||
+++ b/tests/028-dbus/simpleprop.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
import dbus
|
||||
|
||||
# Get a handle for the main certmonger interface.
|
||||
@@ -19,7 +19,7 @@ ca = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
|
||||
# Toggle the helper a couple of times.
|
||||
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
|
||||
-print ca_ext_h, "->",
|
||||
+print(ca_ext_h, "-> ", end='')
|
||||
|
||||
if ca_ext_h.split()[0] == ca_ext_h:
|
||||
ca_ext_h += ' -k admin@localhost'
|
||||
@@ -28,7 +28,7 @@ else:
|
||||
ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h)
|
||||
|
||||
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
|
||||
-print ca_ext_h, "->",
|
||||
+print(ca_ext_h, "-> ", end='')
|
||||
|
||||
if ca_ext_h.split()[0] == ca_ext_h:
|
||||
ca_ext_h += ' -k admin@localhost'
|
||||
@@ -37,20 +37,20 @@ else:
|
||||
ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h)
|
||||
|
||||
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
|
||||
-print ca_ext_h
|
||||
+print(ca_ext_h)
|
||||
|
||||
# Toggle the "is-default" value a couple of times.
|
||||
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
|
||||
-print isdef, "->",
|
||||
+print(isdef, "-> ", end='')
|
||||
|
||||
ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef)
|
||||
|
||||
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
|
||||
-print isdef, "->",
|
||||
+print(isdef, "-> ", end='')
|
||||
|
||||
ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef)
|
||||
|
||||
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
|
||||
-print isdef
|
||||
+print(isdef)
|
||||
|
||||
cm.remove_known_ca(path)
|
||||
diff --git a/tests/028-dbus/walk.py b/tests/028-dbus/walk.py
|
||||
index f60ca93..683d94e 100644
|
||||
--- a/tests/028-dbus/walk.py
|
||||
+++ b/tests/028-dbus/walk.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python
|
||||
+#!/usr/bin/python3
|
||||
import dbus
|
||||
import xml.etree.ElementTree
|
||||
import os
|
||||
@@ -9,217 +9,219 @@ bus = dbus.SessionBus()
|
||||
|
||||
# Check that reading a property directly produces the same value as reading it via GetAll().
|
||||
def check_props(objpath, interface):
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
- props = i.GetAll(interface)
|
||||
- for prop in props.keys():
|
||||
- value = props[prop]
|
||||
- if value != i.Get(interface, prop):
|
||||
- print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop)))
|
||||
- return False
|
||||
- return True
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
+ props = i.GetAll(interface)
|
||||
+ for prop in props.keys():
|
||||
+ value = props[prop]
|
||||
+ if value != i.Get(interface, prop):
|
||||
+ print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop)))
|
||||
+ return False
|
||||
+ return True
|
||||
|
||||
# Try to call the method.
|
||||
def examine_method(objpath, interface, method, idata):
|
||||
- in_args = 0
|
||||
- out_args = 0
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
- i = dbus.Interface(o, interface)
|
||||
- for child in idata.getchildren():
|
||||
- if child.tag == 'arg':
|
||||
- if child.get('direction') != 'out':
|
||||
- in_args = in_args + 1
|
||||
- else:
|
||||
- out_args = out_args + 1
|
||||
- if in_args == 0:
|
||||
- # Takes no inputs, so just call it.
|
||||
- m = i.get_dbus_method(method)
|
||||
- if out_args == 0:
|
||||
- m()
|
||||
- print("[ %s: %s.%s ]\n" % (objpath, interface, method))
|
||||
- elif out_args == 1:
|
||||
- result = m()
|
||||
- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
|
||||
- else:
|
||||
- result = m()
|
||||
- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
|
||||
- elif method == 'Get' or method == 'Set' or method == 'GetAll':
|
||||
- # We check on properties elsewhere.
|
||||
- return True
|
||||
- # Per-method exercise.
|
||||
- elif method == 'add_known_ca' or method == 'remove_known_ca':
|
||||
- (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', [])
|
||||
- if not result:
|
||||
- print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method))
|
||||
- return False
|
||||
- result = i.remove_known_ca(path)
|
||||
- if not result:
|
||||
- print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method))
|
||||
- return False
|
||||
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
- elif method == 'add_request' or method == 'remove_request':
|
||||
- tmpdir = os.getenv('TMPDIR')
|
||||
- if not tmpdir or tmpdir == '':
|
||||
- tmpdir = '/tmp'
|
||||
- properties = {
|
||||
- 'nickname': 'foo',
|
||||
- 'cert-storage': 'file',
|
||||
- 'cert-file': tmpdir + "/028-certfile",
|
||||
- 'key-storage': 'file',
|
||||
- 'key-file': tmpdir + "/028-keyfile",
|
||||
- 'template-email': ['root@localhost', 'toor@localhost'],
|
||||
- }
|
||||
- (result, path) = i.add_request(properties)
|
||||
- if not result:
|
||||
- print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method))
|
||||
- return False
|
||||
- result = i.remove_request(path)
|
||||
- if not result:
|
||||
- print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method))
|
||||
- return False
|
||||
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
- elif method == 'find_ca_by_nickname':
|
||||
- capath = i.find_ca_by_nickname('local')
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', capath)
|
||||
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
- if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local':
|
||||
- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname')))
|
||||
- return False
|
||||
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
- elif method == 'find_request_by_nickname':
|
||||
- reqpath = i.find_request_by_nickname('Buddy')
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', reqpath)
|
||||
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
- if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy':
|
||||
- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname')))
|
||||
- return False
|
||||
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
- elif method == 'modify':
|
||||
- mods = {}
|
||||
- propname = "template-eku"
|
||||
- propval = '1.2.3.4.5.6.7.8.9.10'
|
||||
- mods[propname] = [propval,]
|
||||
- status, path = i.modify(mods)
|
||||
- if not status:
|
||||
- print("[ %s : %s.%s ] error\n" % (objpath, interface, method))
|
||||
- return False
|
||||
- print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path))
|
||||
- props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
- prop = props.Get(interface, 'template-eku')
|
||||
- print("After setting %s to %s, we got %s\n" % (propname, propval, prop))
|
||||
- else:
|
||||
- # We're in FIXME territory.
|
||||
- print('FIXME: need support for "%s"' % method)
|
||||
- return False
|
||||
- # If we caused things to start churning, wait for them to settle.
|
||||
+ in_args = 0
|
||||
+ out_args = 0
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
+ i = dbus.Interface(o, interface)
|
||||
+ for child in idata.getchildren():
|
||||
+ if child.tag == 'arg':
|
||||
+ if child.get('direction') != 'out':
|
||||
+ in_args = in_args + 1
|
||||
+ else:
|
||||
+ out_args = out_args + 1
|
||||
+ if in_args == 0:
|
||||
+ # Takes no inputs, so just call it.
|
||||
+ m = i.get_dbus_method(method)
|
||||
+ if out_args == 0:
|
||||
+ m()
|
||||
+ print("[ %s: %s.%s ]\n" % (objpath, interface, method))
|
||||
+ elif out_args == 1:
|
||||
+ result = m()
|
||||
+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
|
||||
+ else:
|
||||
+ result = m()
|
||||
+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
|
||||
+ elif method == 'Get' or method == 'Set' or method == 'GetAll':
|
||||
+ # We check on properties elsewhere.
|
||||
+ return True
|
||||
+ # Per-method exercise.
|
||||
+ elif method == 'add_known_ca' or method == 'remove_known_ca':
|
||||
+ (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', [])
|
||||
+ if not result:
|
||||
+ print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method))
|
||||
+ return False
|
||||
+ result = i.remove_known_ca(path)
|
||||
+ if not result:
|
||||
+ print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method))
|
||||
+ return False
|
||||
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
+ elif method == 'add_request' or method == 'remove_request':
|
||||
+ tmpdir = os.getenv('TMPDIR')
|
||||
+ if not tmpdir or tmpdir == '':
|
||||
+ tmpdir = '/tmp'
|
||||
+ properties = {
|
||||
+ 'nickname': 'foo',
|
||||
+ 'cert-storage': 'file',
|
||||
+ 'cert-file': tmpdir + "/028-certfile",
|
||||
+ 'key-storage': 'file',
|
||||
+ 'key-file': tmpdir + "/028-keyfile",
|
||||
+ 'template-email': ['root@localhost', 'toor@localhost'],
|
||||
+ }
|
||||
+ (result, path) = i.add_request(properties)
|
||||
+ if not result:
|
||||
+ print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method))
|
||||
+ return False
|
||||
+ result = i.remove_request(path)
|
||||
+ if not result:
|
||||
+ print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method))
|
||||
+ return False
|
||||
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
+ elif method == 'find_ca_by_nickname':
|
||||
+ capath = i.find_ca_by_nickname('local')
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', capath)
|
||||
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
+ if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local':
|
||||
+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname')))
|
||||
+ return False
|
||||
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
+ elif method == 'find_request_by_nickname':
|
||||
+ reqpath = i.find_request_by_nickname('Buddy')
|
||||
+ if not reqpath:
|
||||
+ return False
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', reqpath)
|
||||
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
+ if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy':
|
||||
+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname')))
|
||||
+ return False
|
||||
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
|
||||
+ elif method == 'modify':
|
||||
+ mods = {}
|
||||
+ propname = "template-eku"
|
||||
+ propval = '1.2.3.4.5.6.7.8.9.10'
|
||||
+ mods[propname] = [propval,]
|
||||
+ status, path = i.modify(mods)
|
||||
+ if not status:
|
||||
+ print("[ %s : %s.%s ] error\n" % (objpath, interface, method))
|
||||
+ return False
|
||||
+ print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path))
|
||||
+ props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
+ prop = props.Get(interface, 'template-eku')
|
||||
+ print("After setting %s to %s, we got %s\n" % (propname, propval, prop))
|
||||
+ else:
|
||||
+ # We're in FIXME territory.
|
||||
+ print('FIXME: need support for "%s"' % method)
|
||||
+ return False
|
||||
+ # If we caused things to start churning, wait for them to settle.
|
||||
if method == 'resubmit':
|
||||
props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
prop = props.Get(interface, 'status')
|
||||
while prop != 'MONITORING':
|
||||
time.sleep(1)
|
||||
prop = props.Get(interface, 'status')
|
||||
- return True
|
||||
+ return True
|
||||
|
||||
def iget(child, proxy, interface, prop):
|
||||
- value = proxy.Get(interface, prop)
|
||||
- if not value:
|
||||
- if child.get('type') == 'b':
|
||||
- value = False
|
||||
- elif child.get('type') == 'n' or child.get('type') == 'x':
|
||||
- value = 0
|
||||
- elif child.get('type') == 's':
|
||||
- value = ''
|
||||
- elif child.get('type') == 'as':
|
||||
- value = ['']
|
||||
- else:
|
||||
- print("%s.%s: %s" % (interface, prop, child.get('type')))
|
||||
- return False
|
||||
- return value
|
||||
+ value = proxy.Get(interface, prop)
|
||||
+ if not value:
|
||||
+ if child.get('type') == 'b':
|
||||
+ value = False
|
||||
+ elif child.get('type') == 'n' or child.get('type') == 'x':
|
||||
+ value = 0
|
||||
+ elif child.get('type') == 's':
|
||||
+ value = ''
|
||||
+ elif child.get('type') == 'as':
|
||||
+ value = ['']
|
||||
+ else:
|
||||
+ print("%s.%s: %s" % (interface, prop, child.get('type')))
|
||||
+ return False
|
||||
+ return value
|
||||
|
||||
def examine_interface(objpath, interface, idata):
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
- for child in idata.getchildren():
|
||||
- if child.tag == 'property':
|
||||
- prop = child.get('name')
|
||||
- if child.get('access') == 'read':
|
||||
- # Check that we can read it.
|
||||
- value = i.Get(interface, prop)
|
||||
- elif child.get('access') == 'readwrite':
|
||||
- if prop == 'external-helper' or prop == 'scep-ca-identifier':
|
||||
- cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca')
|
||||
- if cai.get_type() != 'EXTERNAL':
|
||||
- print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop))
|
||||
- continue
|
||||
- # Check that we can read it, tweak it, and then reset it.
|
||||
- value = iget(child, i, interface, prop)
|
||||
- i.Set(interface, prop, value)
|
||||
- newvalue = None
|
||||
- if child.get('type') == 'b':
|
||||
- newvalue = not value
|
||||
- elif child.get('type') == 'n' or child.get('type') == 'x':
|
||||
- newvalue = value + 1
|
||||
- elif child.get('type') == 's':
|
||||
- newvalue = 'x' + value
|
||||
- elif child.get('type') == 'as':
|
||||
- newvalue = ['x'] + value
|
||||
- else:
|
||||
- print("%s.%s: %s" % (interface, prop, child.get('type')))
|
||||
- return False
|
||||
- if newvalue:
|
||||
- if newvalue == value:
|
||||
- print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value))
|
||||
- return False
|
||||
- i.Set(interface, prop, newvalue)
|
||||
- if newvalue != iget(child, i, interface, prop):
|
||||
- print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue))
|
||||
- return False
|
||||
- i.Set(interface, prop, value)
|
||||
- if value != iget(child, i, interface, prop):
|
||||
- print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value))
|
||||
- return False
|
||||
- elif child.tag == 'method':
|
||||
- method = child.get('name')
|
||||
- if not examine_method(objpath, interface, method, child):
|
||||
- return False
|
||||
- elif child.tag == 'signal':
|
||||
- continue
|
||||
- else:
|
||||
- print "FIXME: handle child tag %s" % child.tag
|
||||
- return False
|
||||
- return True
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
|
||||
+ for child in idata.getchildren():
|
||||
+ if child.tag == 'property':
|
||||
+ prop = child.get('name')
|
||||
+ if child.get('access') == 'read':
|
||||
+ # Check that we can read it.
|
||||
+ value = i.Get(interface, prop)
|
||||
+ elif child.get('access') == 'readwrite':
|
||||
+ if prop == 'external-helper' or prop == 'scep-ca-identifier':
|
||||
+ cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca')
|
||||
+ if cai.get_type() != 'EXTERNAL':
|
||||
+ print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop))
|
||||
+ continue
|
||||
+ # Check that we can read it, tweak it, and then reset it.
|
||||
+ value = iget(child, i, interface, prop)
|
||||
+ i.Set(interface, prop, value)
|
||||
+ newvalue = None
|
||||
+ if child.get('type') == 'b':
|
||||
+ newvalue = not value
|
||||
+ elif child.get('type') == 'n' or child.get('type') == 'x':
|
||||
+ newvalue = value + 1
|
||||
+ elif child.get('type') == 's':
|
||||
+ newvalue = 'x' + value
|
||||
+ elif child.get('type') == 'as':
|
||||
+ newvalue = ['x'] + value
|
||||
+ else:
|
||||
+ print("%s.%s: %s" % (interface, prop, child.get('type')))
|
||||
+ return False
|
||||
+ if newvalue:
|
||||
+ if newvalue == value:
|
||||
+ print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value))
|
||||
+ return False
|
||||
+ i.Set(interface, prop, newvalue)
|
||||
+ if newvalue != iget(child, i, interface, prop):
|
||||
+ print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue))
|
||||
+ return False
|
||||
+ i.Set(interface, prop, value)
|
||||
+ if value != iget(child, i, interface, prop):
|
||||
+ print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value))
|
||||
+ return False
|
||||
+ elif child.tag == 'method':
|
||||
+ method = child.get('name')
|
||||
+ if not examine_method(objpath, interface, method, child):
|
||||
+ return False
|
||||
+ elif child.tag == 'signal':
|
||||
+ continue
|
||||
+ else:
|
||||
+ print("FIXME: handle child tag %s" % child.tag)
|
||||
+ return False
|
||||
+ return True
|
||||
|
||||
def examine_object(objpath):
|
||||
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
- i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable')
|
||||
- idata = i.Introspect()
|
||||
- x = xml.etree.ElementTree.XML(idata)
|
||||
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
|
||||
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable')
|
||||
+ idata = i.Introspect()
|
||||
+ x = xml.etree.ElementTree.XML(idata)
|
||||
|
||||
- # Check if the object supports properties interfaces.
|
||||
- props = False
|
||||
- for child in x.getchildren():
|
||||
- if child.tag == 'interface':
|
||||
- if child.get('name') == 'org.freedesktop.DBus.Properties':
|
||||
- props = True
|
||||
+ # Check if the object supports properties interfaces.
|
||||
+ props = False
|
||||
+ for child in x.getchildren():
|
||||
+ if child.tag == 'interface':
|
||||
+ if child.get('name') == 'org.freedesktop.DBus.Properties':
|
||||
+ props = True
|
||||
|
||||
- # Look at the interfaces and child nodes.
|
||||
- for child in x.getchildren():
|
||||
- if child.tag == 'interface':
|
||||
- if props and not check_props(objpath, child.get('name')):
|
||||
- return False
|
||||
- if not examine_interface(objpath, child.get('name'), child):
|
||||
- return False
|
||||
- elif child.tag == 'node':
|
||||
- if objpath == '/':
|
||||
- childpath = '/' + child.get('name')
|
||||
- else:
|
||||
- childpath = objpath + '/' + child.get('name')
|
||||
- examine_object(childpath)
|
||||
- else:
|
||||
- print "FIXME: handle child tag %s" % child.tag
|
||||
- return False
|
||||
- return True
|
||||
+ # Look at the interfaces and child nodes.
|
||||
+ for child in x.getchildren():
|
||||
+ if child.tag == 'interface':
|
||||
+ if props and not check_props(objpath, child.get('name')):
|
||||
+ return False
|
||||
+ if not examine_interface(objpath, child.get('name'), child):
|
||||
+ return False
|
||||
+ elif child.tag == 'node':
|
||||
+ if objpath == '/':
|
||||
+ childpath = '/' + child.get('name')
|
||||
+ else:
|
||||
+ childpath = objpath + '/' + child.get('name')
|
||||
+ examine_object(childpath)
|
||||
+ else:
|
||||
+ print("FIXME: handle child tag %s" % child.tag)
|
||||
+ return False
|
||||
+ return True
|
||||
|
||||
if not examine_object('/'):
|
||||
- sys.exit(1)
|
||||
+ sys.exit(1)
|
||||
sys.exit(0)
|
||||
diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
|
||||
index 1a845fd..9f9d910 100755
|
||||
--- a/tests/038-ms-v2-template/extract-extdata.py
|
||||
+++ b/tests/038-ms-v2-template/extract-extdata.py
|
||||
@@ -1,10 +1,11 @@
|
||||
-#!/usr/bin/python2
|
||||
+#!/usr/bin/python3
|
||||
|
||||
# Given `openssl asn1parse` output of a CSR, look for the V2 Template
|
||||
# extension and output its data if found. Nonzero exit status if
|
||||
# not found.
|
||||
|
||||
import binascii
|
||||
+import os
|
||||
import re
|
||||
import sys
|
||||
|
||||
@@ -21,7 +22,7 @@ for line in sys.stdin:
|
||||
#
|
||||
if state == STATE_FOUND and 'OCTET STRING' in line:
|
||||
result = re.search(r'\[HEX DUMP\]:(\w*)', line)
|
||||
- sys.stdout.write(binascii.unhexlify(result.group(1)))
|
||||
+ os.write(1, binascii.unhexlify(result.group(1)))
|
||||
state = STATE_DONE
|
||||
break
|
||||
|
||||
--
|
||||
2.17.0
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,49 @@
|
||||
From c029b32c04a9a5993b9c8715fb82421fee613137 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 31 Aug 2018 10:37:12 -0400
|
||||
Subject: [PATCH 2/7] Include the token name when a PIN is provided but is
|
||||
unused
|
||||
|
||||
This improves the output so the user will know which token
|
||||
the PIN is missing for. Theoretically it should be the token
|
||||
they asked for but this will show certmogner's view of it.
|
||||
---
|
||||
src/certread-n.c | 6 +++---
|
||||
src/keygen-n.c | 4 ++--
|
||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
||||
index f2e78c07..57a38dcf 100644
|
||||
--- a/src/certread-n.c
|
||||
+++ b/src/certread-n.c
|
||||
@@ -259,9 +259,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
if ((pin != NULL) &&
|
||||
(strlen(pin) > 0) &&
|
||||
(cb_data.n_attempts == 0)) {
|
||||
- cm_log(1, "PIN was not needed to auth to cert "
|
||||
- "db, though one was provided. "
|
||||
- "Treating this as an error.\n");
|
||||
+ cm_log(1, "PIN was not needed to auth to token "
|
||||
+ "%s, though one was provided. "
|
||||
+ "Treating this as an error.\n", token);
|
||||
goto next_slot;
|
||||
}
|
||||
}
|
||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
||||
index 8078a520..84b0bbd3 100644
|
||||
--- a/src/keygen-n.c
|
||||
+++ b/src/keygen-n.c
|
||||
@@ -400,8 +400,8 @@ next_slot:
|
||||
(strlen(pin) > 0) &&
|
||||
(cb_data.n_attempts == 0)) {
|
||||
cm_log(1, "PIN was not needed to auth to key "
|
||||
- "store, though one was provided. "
|
||||
- "Treating this as an error.\n");
|
||||
+ "store token %s, though one was provided. "
|
||||
+ "Treating this as an error.\n", token);
|
||||
PK11_FreeSlotList(slotlist);
|
||||
error = NSS_ShutdownContext(ctx);
|
||||
if (error != SECSuccess) {
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,134 @@
|
||||
From f396b19b2c222fa0a50e9bb9704059af4578e678 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 31 Aug 2018 12:08:35 -0400
|
||||
Subject: [PATCH 3/7] Add utility function to get the internal token name
|
||||
|
||||
The NSS internal token is the default if no token is specified for
|
||||
the cert or the key.
|
||||
---
|
||||
src/certread-n.c | 6 +++++-
|
||||
src/certsave-n.c | 3 +++
|
||||
src/keygen-n.c | 3 +++
|
||||
src/keyiread-n.c | 3 +++
|
||||
src/submit-n.c | 5 ++++-
|
||||
src/util-n.c | 6 ++++++
|
||||
src/util-n.h | 1 +
|
||||
7 files changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
||||
index 57a38dcf..1d9217c6 100644
|
||||
--- a/src/certread-n.c
|
||||
+++ b/src/certread-n.c
|
||||
@@ -190,6 +190,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
cm_log(1, "Error reading PIN for cert db.\n");
|
||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
||||
}
|
||||
+ if (entry->cm_cert_token == NULL) {
|
||||
+ entry->cm_cert_token = util_internal_token_name();
|
||||
+ }
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
for (sle = slotlist->head;
|
||||
((sle != NULL) && (sle->slot != NULL));
|
||||
@@ -253,7 +256,8 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
}
|
||||
error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data);
|
||||
if (error != SECSuccess) {
|
||||
- cm_log(1, "Error authenticating to cert db.\n");
|
||||
+ cm_log(1, "certread-n: Error authenticating to cert db "
|
||||
+ "slot %s.\n", PK11_GetTokenName(sle->slot));
|
||||
goto next_slot;
|
||||
}
|
||||
if ((pin != NULL) &&
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index af176ce5..193309c5 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -214,6 +214,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
+ if (entry->cm_cert_token == NULL) {
|
||||
+ entry->cm_cert_token = util_internal_token_name();
|
||||
+ }
|
||||
for (sle = slotlist->head;
|
||||
((sle != NULL) && (sle->slot != NULL));
|
||||
sle = sle->next)
|
||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
||||
index 84b0bbd3..f7fdf6c0 100644
|
||||
--- a/src/keygen-n.c
|
||||
+++ b/src/keygen-n.c
|
||||
@@ -272,6 +272,9 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
cm_log(1, "Error locating token for key generation.\n");
|
||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
||||
}
|
||||
+ if (entry->cm_cert_token == NULL) {
|
||||
+ entry->cm_cert_token = util_internal_token_name();
|
||||
+ }
|
||||
/* Walk the list looking for the requested slot, or the first one if
|
||||
* none was requested. */
|
||||
slot = NULL;
|
||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
||||
index 89913aa2..b8408bf1 100644
|
||||
--- a/src/keyiread-n.c
|
||||
+++ b/src/keyiread-n.c
|
||||
@@ -152,6 +152,9 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
+ if (entry->cm_key_token == NULL) {
|
||||
+ entry->cm_key_token = util_internal_token_name();
|
||||
+ }
|
||||
n_tokens = 0;
|
||||
pubkey = NULL;
|
||||
/* In practice, the internal slot is either a non-storage slot (in
|
||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
||||
index 872153ea..da07d253 100644
|
||||
--- a/src/submit-n.c
|
||||
+++ b/src/submit-n.c
|
||||
@@ -346,6 +346,9 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
||||
cm_log(1, "Error reading PIN for key storage.\n");
|
||||
goto done;
|
||||
}
|
||||
+ if (args->entry->cm_key_token == NULL) {
|
||||
+ args->entry->cm_key_token = util_internal_token_name();
|
||||
+ }
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
n_tokens = 0;
|
||||
/* In practice, the internal slot is either a non-storage slot (in
|
||||
@@ -402,7 +405,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
||||
}
|
||||
error = PK11_Authenticate(slot, PR_TRUE, &cb_data);
|
||||
if (error != SECSuccess) {
|
||||
- cm_log(1, "Error authenticating to token "
|
||||
+ cm_log(1, "submit-n: Error authenticating to token "
|
||||
"\"%s\".\n", token);
|
||||
goto done;
|
||||
}
|
||||
diff --git a/src/util-n.c b/src/util-n.c
|
||||
index 7805e58e..293e2583 100644
|
||||
--- a/src/util-n.c
|
||||
+++ b/src/util-n.c
|
||||
@@ -287,3 +287,9 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
||||
util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner,
|
||||
entry->cm_cert_perms);
|
||||
}
|
||||
+
|
||||
+char *
|
||||
+util_internal_token_name()
|
||||
+{
|
||||
+ return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
||||
+}
|
||||
diff --git a/src/util-n.h b/src/util-n.h
|
||||
index 8a918d5c..637fd4b1 100644
|
||||
--- a/src/util-n.h
|
||||
+++ b/src/util-n.h
|
||||
@@ -29,5 +29,6 @@ void util_set_db_entry_key_owner(const char *dbdir,
|
||||
struct cm_store_entry *entry);
|
||||
void util_set_db_entry_cert_owner(const char *dbdir,
|
||||
struct cm_store_entry *entry);
|
||||
+char * util_internal_token_name();
|
||||
|
||||
#endif
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 4 Sep 2018 11:06:13 -0400
|
||||
Subject: [PATCH 4/7] Only de-duplicate certificates within the same token
|
||||
|
||||
certmonger may not have read/write access to tokens other than
|
||||
the one it is examining so don't try to de-duplicate certificates
|
||||
on other tokens.
|
||||
---
|
||||
src/certsave-n.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index 193309c5..d0152cad 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
!CERT_LIST_EMPTY(certlist) &&
|
||||
!CERT_LIST_END(node, certlist);
|
||||
node = CERT_LIST_NEXT(node)) {
|
||||
- if (!SECITEM_ItemsAreEqual(&subject,
|
||||
- &node->cert->derSubject)) {
|
||||
+ if ((!SECITEM_ItemsAreEqual(&subject,
|
||||
+ &node->cert->derSubject)) &&
|
||||
+ (sle->slot == node->cert->slot)) {
|
||||
cm_log(3, "Found a "
|
||||
"certificate "
|
||||
"with the same "
|
||||
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
node = CERT_LIST_NEXT(node)) {
|
||||
if ((node->cert->nickname != NULL) &&
|
||||
(strcmp(entry->cm_cert_nickname,
|
||||
- node->cert->nickname) != 0))
|
||||
+ node->cert->nickname) != 0) &&
|
||||
+ (sle->slot == node->cert->slot))
|
||||
{
|
||||
i++;
|
||||
cm_log(3, "Found a "
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,30 @@
|
||||
From 697dd085e7b2ce15eefc454509987270131d7f1e Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 4 Sep 2018 16:59:28 -0400
|
||||
Subject: [PATCH 5/7] Ensure that an OpenSSL random seed file exists when
|
||||
testing
|
||||
|
||||
Otherwise some openssl command-line invocations will fail and
|
||||
because of the way the tests are done the error message is not
|
||||
shown.
|
||||
---
|
||||
tests/Makefile.am | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||
index 4e407434..fe368dc0 100644
|
||||
--- a/tests/Makefile.am
|
||||
+++ b/tests/Makefile.am
|
||||
@@ -433,6 +433,9 @@ subdirs += \
|
||||
endif
|
||||
|
||||
check: all
|
||||
+ if [ ! -e $$HOME/.rnd ] ; then \
|
||||
+ openssl rand -writerand $$HOME/.rnd; \
|
||||
+ fi
|
||||
for required in certutil cmsutil pk12util openssl diff cmp mktemp \
|
||||
dos2unix unix2dos dbus-launch ; do \
|
||||
which $$required || exit 1; \
|
||||
--
|
||||
2.14.4
|
||||
|
29
SOURCES/0008-Log-test-failures-of-bad-pin.patch
Normal file
29
SOURCES/0008-Log-test-failures-of-bad-pin.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From e93ecadec7c868f4227e084ffb65c70a6efd7314 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 4 Sep 2018 18:12:18 -0400
|
||||
Subject: [PATCH 6/7] Log test failures of bad pin
|
||||
|
||||
Previously this would show a "don't know why" failure.
|
||||
---
|
||||
tests/tools/certsave.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
||||
index ac0f73ec..fd86a4c1 100644
|
||||
--- a/tests/tools/certsave.c
|
||||
+++ b/tests/tools/certsave.c
|
||||
@@ -106,6 +106,11 @@ main(int argc, char **argv)
|
||||
printf("Failed to save (%s:%s), "
|
||||
"filesystem permissions error.\n",
|
||||
ctype, entry->cm_cert_storage_location);
|
||||
+ } else
|
||||
+ if (cm_certsave_pin_error(state) == 0) {
|
||||
+ printf("Failed to save (%s:%s), "
|
||||
+ "pin error.\n",
|
||||
+ ctype, entry->cm_cert_storage_location);
|
||||
} else {
|
||||
printf("Failed to save (%s:%s), "
|
||||
"don't know why.\n",
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,95 @@
|
||||
From 15d406ee3afbb52832d5c61a1afb735724d109a2 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 18 Sep 2018 10:21:28 -0400
|
||||
Subject: [PATCH 7/7] Use only PK11_ImportCert to import certs, not
|
||||
CERT_ImportCerts
|
||||
|
||||
CERT_ImportCerts always imports a given certificate into the
|
||||
certificate database, whether a token is requested or not.
|
||||
|
||||
Using PK11_ImportCert will import the cert, associate the key
|
||||
properly and will only add the certificate to the appropriate
|
||||
token.
|
||||
---
|
||||
src/certsave-n.c | 37 +++++++++++--------------------------
|
||||
1 file changed, 11 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index d0152cad..fcb43148 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -100,7 +100,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
NSSInitContext *ctx;
|
||||
CERTCertDBHandle *certdb;
|
||||
CERTCertList *certlist;
|
||||
- CERTCertificate **returned, *oldcert, cert;
|
||||
+ CERTCertificate *oldcert, *newcert, cert;
|
||||
CERTCertTrust trust;
|
||||
CERTSignedData csdata;
|
||||
CERTCertListNode *node;
|
||||
@@ -497,33 +497,18 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
}
|
||||
}
|
||||
/* Import the certificate. */
|
||||
- returned = NULL;
|
||||
- error = CERT_ImportCerts(certdb,
|
||||
- certUsageUserCertImport,
|
||||
- 1, &item, &returned,
|
||||
- PR_TRUE,
|
||||
- PR_FALSE,
|
||||
- entry->cm_cert_nickname);
|
||||
- ec = PORT_GetError();
|
||||
- if (error == SECSuccess) {
|
||||
- /* If NSS uses SQL DB storage, CERT_ImportCerts creates
|
||||
- * an incomplete internal state (the cert isn't
|
||||
- * associated with the private key, and calling
|
||||
- * PK11_FindKeyByAnyCert returns no result).
|
||||
- * As a workaround, we import the cert again using
|
||||
- * PK11_ImportCert, which magically fixes the issue.
|
||||
- * See rhbz#1532188 */
|
||||
+ newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
|
||||
+ if (newcert != NULL) {
|
||||
error = PK11_ImportCert(sle->slot,
|
||||
- returned[0],
|
||||
+ newcert,
|
||||
CK_INVALID_HANDLE,
|
||||
- returned[0]->nickname,
|
||||
+ entry->cm_cert_nickname,
|
||||
PR_FALSE);
|
||||
}
|
||||
if (error == SECSuccess) {
|
||||
- cm_log(1, "Imported certificate \"%s\", got "
|
||||
+ cm_log(1, "Imported certificate with "
|
||||
"nickname \"%s\".\n",
|
||||
- entry->cm_cert_nickname,
|
||||
- returned[0]->nickname);
|
||||
+ entry->cm_cert_nickname);
|
||||
status = 0;
|
||||
/* Set the trust on the new certificate,
|
||||
* perhaps matching the trust on an
|
||||
@@ -536,7 +521,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
trust.objectSigningFlags = CERTDB_USER;
|
||||
}
|
||||
error = CERT_ChangeCertTrust(certdb,
|
||||
- returned[0],
|
||||
+ newcert,
|
||||
&trust);
|
||||
ec = PORT_GetError();
|
||||
if (error != SECSuccess) {
|
||||
@@ -621,10 +606,10 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
}
|
||||
/* If we managed to import the certificate, mark its
|
||||
* key for having its nickname removed. */
|
||||
- if ((returned != NULL) && (returned[0] != NULL)) {
|
||||
- privkey = PK11_FindKeyByAnyCert(returned[0], NULL);
|
||||
+ if (newcert != NULL) {
|
||||
+ privkey = PK11_FindKeyByAnyCert(newcert, NULL);
|
||||
privkeys = add_privkey_to_list(privkeys, privkey);
|
||||
- CERT_DestroyCertArray(returned, 1);
|
||||
+ CERT_DestroyCertificate(newcert);
|
||||
}
|
||||
/* In case we're rekeying, but failed, mark the
|
||||
* candidate key for name-clearing or removal, too. */
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,95 @@
|
||||
From 5d2554ed31fa6bc121d94efe533f9e4fea3900aa Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 4 Oct 2018 08:21:35 -0400
|
||||
Subject: [PATCH 10/17] Fix memory leak in util_internal_token_name()
|
||||
|
||||
Allocate memory using the talloc context instead of relying on
|
||||
the caller to call free().
|
||||
---
|
||||
src/certread-n.c | 2 +-
|
||||
src/certsave-n.c | 2 +-
|
||||
src/keygen-n.c | 2 +-
|
||||
src/keyiread-n.c | 2 +-
|
||||
src/submit-n.c | 2 +-
|
||||
src/util-n.c | 2 +-
|
||||
6 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
||||
index 1d9217c6..d535030b 100644
|
||||
--- a/src/certread-n.c
|
||||
+++ b/src/certread-n.c
|
||||
@@ -191,7 +191,7 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
||||
}
|
||||
if (entry->cm_cert_token == NULL) {
|
||||
- entry->cm_cert_token = util_internal_token_name();
|
||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
for (sle = slotlist->head;
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index fcb43148..49b28324 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -215,7 +215,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
if (entry->cm_cert_token == NULL) {
|
||||
- entry->cm_cert_token = util_internal_token_name();
|
||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
||||
}
|
||||
for (sle = slotlist->head;
|
||||
((sle != NULL) && (sle->slot != NULL));
|
||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
||||
index f7fdf6c0..76a5c1d3 100644
|
||||
--- a/src/keygen-n.c
|
||||
+++ b/src/keygen-n.c
|
||||
@@ -273,7 +273,7 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
||||
}
|
||||
if (entry->cm_cert_token == NULL) {
|
||||
- entry->cm_cert_token = util_internal_token_name();
|
||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
||||
}
|
||||
/* Walk the list looking for the requested slot, or the first one if
|
||||
* none was requested. */
|
||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
||||
index b8408bf1..8f46ec0f 100644
|
||||
--- a/src/keyiread-n.c
|
||||
+++ b/src/keyiread-n.c
|
||||
@@ -153,7 +153,7 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
if (entry->cm_key_token == NULL) {
|
||||
- entry->cm_key_token = util_internal_token_name();
|
||||
+ entry->cm_key_token = talloc_strdup(entry, util_internal_token_name());
|
||||
}
|
||||
n_tokens = 0;
|
||||
pubkey = NULL;
|
||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
||||
index da07d253..ee6f3105 100644
|
||||
--- a/src/submit-n.c
|
||||
+++ b/src/submit-n.c
|
||||
@@ -347,7 +347,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
||||
goto done;
|
||||
}
|
||||
if (args->entry->cm_key_token == NULL) {
|
||||
- args->entry->cm_key_token = util_internal_token_name();
|
||||
+ args->entry->cm_key_token = talloc_strdup(args->entry, util_internal_token_name());
|
||||
}
|
||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
||||
n_tokens = 0;
|
||||
diff --git a/src/util-n.c b/src/util-n.c
|
||||
index 293e2583..4ab3d47b 100644
|
||||
--- a/src/util-n.c
|
||||
+++ b/src/util-n.c
|
||||
@@ -291,5 +291,5 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
||||
char *
|
||||
util_internal_token_name()
|
||||
{
|
||||
- return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
||||
+ return PK11_GetTokenName(PK11_GetInternalKeySlot());
|
||||
}
|
||||
--
|
||||
2.14.4
|
||||
|
266
SOURCES/0011-clang-Dead-assignment.patch
Normal file
266
SOURCES/0011-clang-Dead-assignment.patch
Normal file
@ -0,0 +1,266 @@
|
||||
From 648fe74986f2a84416805cfd73206e9e67166ae2 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 13 Sep 2018 15:40:23 -0400
|
||||
Subject: [PATCH 11/17] clang: Dead assignment
|
||||
|
||||
---
|
||||
src/casave.c | 4 +++-
|
||||
src/keygen-n.c | 1 -
|
||||
src/keyiread-n.c | 1 -
|
||||
src/store-files.c | 2 --
|
||||
src/store-gen.c | 3 ---
|
||||
src/submit-e.c | 54 ++++++++++++++++++++++++++------------------------
|
||||
src/submit-u.c | 2 --
|
||||
src/tdbush.c | 8 ++++++--
|
||||
tests/tools/addcinfo.c | 1 -
|
||||
tests/tools/certsave.c | 4 +++-
|
||||
10 files changed, 40 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/src/casave.c b/src/casave.c
|
||||
index 5fb31b8d..bde63f99 100644
|
||||
--- a/src/casave.c
|
||||
+++ b/src/casave.c
|
||||
@@ -163,7 +163,6 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
||||
decoded = CERT_DecodeCertFromPackage(package,
|
||||
strlen(package));
|
||||
p = state->certs[i]->nickname;
|
||||
- ttrust = ",,";
|
||||
switch (state->certs[i]->level) {
|
||||
case root:
|
||||
case other_root:
|
||||
@@ -178,6 +177,9 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
||||
ttrust = ",,";
|
||||
}
|
||||
break;
|
||||
+ default:
|
||||
+ ttrust = ",,";
|
||||
+ break;
|
||||
}
|
||||
memset(&trust, 0, sizeof(trust));
|
||||
CERT_DecodeTrustString(&trust, ttrust);
|
||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
||||
index 76a5c1d3..061bd2af 100644
|
||||
--- a/src/keygen-n.c
|
||||
+++ b/src/keygen-n.c
|
||||
@@ -591,7 +591,6 @@ retry_gen:
|
||||
break;
|
||||
}
|
||||
}
|
||||
- generated_size = SECKEY_PublicKeyStrengthInBits(pubkey);
|
||||
cm_log(1, "Ended up with %d bit public key.\n",
|
||||
SECKEY_PublicKeyStrengthInBits(pubkey));
|
||||
/* Check for keys with the desired name, selecting a new name if
|
||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
||||
index 8f46ec0f..91b1be41 100644
|
||||
--- a/src/keyiread-n.c
|
||||
+++ b/src/keyiread-n.c
|
||||
@@ -492,7 +492,6 @@ cm_keyiread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
readwrite = settings->readwrite;
|
||||
keys = cm_keyiread_n_get_keys(entry, readwrite);
|
||||
alg = "";
|
||||
- size = 0;
|
||||
if (keys != NULL) {
|
||||
switch (SECKEY_GetPrivateKeyType(keys->privkey)) {
|
||||
case rsaKey:
|
||||
diff --git a/src/store-files.c b/src/store-files.c
|
||||
index 06a17485..df1fa336 100644
|
||||
--- a/src/store-files.c
|
||||
+++ b/src/store-files.c
|
||||
@@ -2182,7 +2182,6 @@ cm_store_entry_delete(struct cm_store_entry *entry)
|
||||
} else {
|
||||
cm_log(3, "No file to remove for \"%s\".\n",
|
||||
entry->cm_nickname);
|
||||
- ret = 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -2469,7 +2468,6 @@ cm_store_ca_delete(struct cm_store_ca *ca)
|
||||
}
|
||||
} else {
|
||||
cm_log(3, "No file to remove for \"%s\".\n", ca->cm_nickname);
|
||||
- ret = 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
||||
index 5ce4ab84..da32afc8 100644
|
||||
--- a/src/store-gen.c
|
||||
+++ b/src/store-gen.c
|
||||
@@ -530,8 +530,6 @@ cm_store_hex_to_bin(const char *serial, unsigned char *buf, int length)
|
||||
const char *p, *q, *chars = "0123456789abcdef";
|
||||
unsigned char *b, u;
|
||||
|
||||
- p = serial;
|
||||
- b = buf;
|
||||
u = 0;
|
||||
for (p = serial, b = buf;
|
||||
((*p != '\0') && ((b - buf) < length));
|
||||
@@ -606,7 +604,6 @@ cm_store_canonicalize_path(void *parent, const char *path)
|
||||
for (p = tmp; *p != '\0'; p++) {
|
||||
if ((strncmp(p, "/.", 2) == 0) &&
|
||||
((p[2] == '/') || (p[2] == '\0'))) {
|
||||
- q = p - 1;
|
||||
memmove(p, p + 2, strlen(p + 2) + 1);
|
||||
}
|
||||
}
|
||||
diff --git a/src/submit-e.c b/src/submit-e.c
|
||||
index 8ba8e44c..d6158d7a 100644
|
||||
--- a/src/submit-e.c
|
||||
+++ b/src/submit-e.c
|
||||
@@ -587,32 +587,34 @@ cm_submit_e_postprocess_main(int fd, struct cm_store_ca *ca,
|
||||
estate->msg_length, NULL);
|
||||
msg = cm_json_new_object(estate);
|
||||
chain = cm_json_new_array(msg);
|
||||
- if (leaf != NULL) {
|
||||
- cert = cm_json_new_string(msg, leaf, -1);
|
||||
- cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
||||
- }
|
||||
- for (i = 0;
|
||||
- (others != NULL) && (others[i] != NULL);
|
||||
- i++) {
|
||||
- cert = cm_json_new_object(chain);
|
||||
- val = cm_json_new_string(cert, others[i], -1);
|
||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
||||
- cm_json_append(chain, cert);
|
||||
- }
|
||||
- if (top!= NULL) {
|
||||
- cert = cm_json_new_object(chain);
|
||||
- val = cm_json_new_string(cert, top, -1);
|
||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
||||
- cm_json_append(chain, cert);
|
||||
- }
|
||||
- if (cm_json_array_size(chain) > 0) {
|
||||
- cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
||||
+ if (i == 0) {
|
||||
+ if (leaf != NULL) {
|
||||
+ cert = cm_json_new_string(msg, leaf, -1);
|
||||
+ cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
||||
+ }
|
||||
+ for (i = 0;
|
||||
+ (others != NULL) && (others[i] != NULL);
|
||||
+ i++) {
|
||||
+ cert = cm_json_new_object(chain);
|
||||
+ val = cm_json_new_string(cert, others[i], -1);
|
||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
||||
+ cm_json_append(chain, cert);
|
||||
+ }
|
||||
+ if (top!= NULL) {
|
||||
+ cert = cm_json_new_object(chain);
|
||||
+ val = cm_json_new_string(cert, top, -1);
|
||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
||||
+ cm_json_append(chain, cert);
|
||||
+ }
|
||||
+ if (cm_json_array_size(chain) > 0) {
|
||||
+ cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
/* Get ready to build an output message. */
|
||||
diff --git a/src/submit-u.c b/src/submit-u.c
|
||||
index dda2edbc..b0b45baf 100644
|
||||
--- a/src/submit-u.c
|
||||
+++ b/src/submit-u.c
|
||||
@@ -120,14 +120,12 @@ cm_submit_u_from_file_single(const char *filename)
|
||||
if (csr == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
- p = csr;
|
||||
for (i = 0; i < sizeof(strip) / sizeof(strip[0]); i++) {
|
||||
while ((p = strstr(csr, strip[i])) != NULL) {
|
||||
q = p + strcspn(p, "\r\n");
|
||||
memmove(p, q, strlen(q) + 1);
|
||||
}
|
||||
}
|
||||
- p = csr;
|
||||
q = strdup(csr);
|
||||
for (p = csr, i = 0; *p != '\0'; p++) {
|
||||
if (strchr("\r\n\t ", *p) == NULL) {
|
||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
||||
index 1d487222..3184e67a 100644
|
||||
--- a/src/tdbush.c
|
||||
+++ b/src/tdbush.c
|
||||
@@ -2911,7 +2911,6 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
||||
}
|
||||
rep = dbus_message_new_method_return(msg);
|
||||
- type = "UNKNOWN";
|
||||
switch (entry->cm_key_type.cm_key_algorithm) {
|
||||
case cm_key_unspecified:
|
||||
type = "UNKNOWN";
|
||||
@@ -2929,6 +2928,9 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
||||
type = "EC";
|
||||
break;
|
||||
#endif
|
||||
+ default:
|
||||
+ type = "UNKNOWN";
|
||||
+ break;
|
||||
}
|
||||
if (rep != NULL) {
|
||||
size = entry->cm_key_type.cm_key_size;
|
||||
@@ -4790,7 +4792,6 @@ cm_tdbush_introspect_method(void *parent,
|
||||
method->cm_name);
|
||||
arg = method->cm_args;
|
||||
while (arg != NULL) {
|
||||
- direction = "unknown";
|
||||
switch (arg->cm_direction) {
|
||||
case cm_tdbush_method_arg_in:
|
||||
direction = "in";
|
||||
@@ -4798,6 +4799,9 @@ cm_tdbush_introspect_method(void *parent,
|
||||
case cm_tdbush_method_arg_out:
|
||||
direction = "out";
|
||||
break;
|
||||
+ default:
|
||||
+ direction = "unknown";
|
||||
+ break;
|
||||
}
|
||||
ret = talloc_asprintf(parent,
|
||||
"%s\n <arg name=\"%s\" type=\"%s\" "
|
||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
||||
index d3cea2ca..f016acb4 100644
|
||||
--- a/tests/tools/addcinfo.c
|
||||
+++ b/tests/tools/addcinfo.c
|
||||
@@ -98,7 +98,6 @@ main(int argc, char **argv)
|
||||
PR_ErrorToName(PORT_GetError()));
|
||||
return 1;
|
||||
}
|
||||
- n = encoded.len;
|
||||
j = 0;
|
||||
while ((i = write(STDOUT_FILENO, encoded.data + j, encoded.len - j)) > 0) {
|
||||
j += i;
|
||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
||||
index fd86a4c1..8ec60ddd 100644
|
||||
--- a/tests/tools/certsave.c
|
||||
+++ b/tests/tools/certsave.c
|
||||
@@ -83,7 +83,6 @@ main(int argc, char **argv)
|
||||
if (cm_certsave_saved(state) == 0) {
|
||||
ret = 0;
|
||||
} else {
|
||||
- ctype = "unknown";
|
||||
switch (entry->cm_cert_storage_type) {
|
||||
case cm_cert_storage_file:
|
||||
ctype = "FILE";
|
||||
@@ -91,6 +90,9 @@ main(int argc, char **argv)
|
||||
case cm_cert_storage_nssdb:
|
||||
ctype = "NSS";
|
||||
break;
|
||||
+ default:
|
||||
+ ctype = "unknown";
|
||||
+ break;
|
||||
}
|
||||
if (cm_certsave_conflict_subject(state) == 0) {
|
||||
printf("Failed to save (%s:%s), "
|
||||
--
|
||||
2.14.4
|
||||
|
437
SOURCES/0012-clang-Memory-leak.patch
Normal file
437
SOURCES/0012-clang-Memory-leak.patch
Normal file
@ -0,0 +1,437 @@
|
||||
From 3310a25181e94f5e05e671acc12d008cbac339ab Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 13 Sep 2018 15:50:53 -0400
|
||||
Subject: [PATCH 12/17] clang: Memory leak
|
||||
|
||||
---
|
||||
src/certmaster.c | 3 +++
|
||||
src/certsave-o.c | 1 +
|
||||
src/dogtag.c | 3 +++
|
||||
src/ipa.c | 9 ++++++++-
|
||||
src/local.c | 5 +++++
|
||||
src/scep.c | 5 +++++
|
||||
src/srvloc.c | 1 +
|
||||
src/store-files.c | 2 +-
|
||||
src/submit-x.c | 22 ++++++++++++++++++++++
|
||||
src/util.c | 8 +++++++-
|
||||
tests/tools/addcinfo.c | 3 +++
|
||||
tests/tools/base2pem.c | 1 +
|
||||
tests/tools/pem2base.c | 1 +
|
||||
13 files changed, 61 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/certmaster.c b/src/certmaster.c
|
||||
index 7e0bed90..4a5cf6af 100644
|
||||
--- a/src/certmaster.c
|
||||
+++ b/src/certmaster.c
|
||||
@@ -160,6 +160,7 @@ main(int argc, const char **argv)
|
||||
CM_SUBMIT_CSR_ENV);
|
||||
}
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
|
||||
@@ -185,11 +186,13 @@ main(int argc, const char **argv)
|
||||
if (ctx == NULL) {
|
||||
fprintf(stderr, "Error setting up for XMLRPC.\n");
|
||||
printf(_("Error setting up for XMLRPC.\n"));
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
|
||||
/* Add the CSR as the sole argument. */
|
||||
cm_submit_x_add_arg_s(ctx, csr);
|
||||
+ free(csr);
|
||||
|
||||
/* Submit the request. */
|
||||
fprintf(stderr, "Submitting request to \"%s\".\n", uri);
|
||||
diff --git a/src/certsave-o.c b/src/certsave-o.c
|
||||
index 77f54d7e..3d4018d8 100644
|
||||
--- a/src/certsave-o.c
|
||||
+++ b/src/certsave-o.c
|
||||
@@ -258,6 +258,7 @@ cm_certsave_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
if (bin != NULL) {
|
||||
BN_bn2bin(bn, bin);
|
||||
serial = cm_store_hex_from_bin(NULL, bin, BN_num_bytes(bn));
|
||||
+ free(bin);
|
||||
}
|
||||
}
|
||||
if (serial != NULL) {
|
||||
diff --git a/src/dogtag.c b/src/dogtag.c
|
||||
index cd0b38b7..55607f3d 100644
|
||||
--- a/src/dogtag.c
|
||||
+++ b/src/dogtag.c
|
||||
@@ -536,6 +536,7 @@ main(int argc, const char **argv)
|
||||
CM_SUBMIT_CSR_ENV);
|
||||
}
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
csr = cm_submit_u_url_encode(csr);
|
||||
@@ -588,6 +589,8 @@ main(int argc, const char **argv)
|
||||
params = talloc_asprintf(ctx,
|
||||
"%s&%s=%s",
|
||||
params, p, q);
|
||||
+ free(p);
|
||||
+ free(q);
|
||||
}
|
||||
use_agent_approval = FALSE;
|
||||
break;
|
||||
diff --git a/src/ipa.c b/src/ipa.c
|
||||
index 67a0c651..acd1a4e2 100644
|
||||
--- a/src/ipa.c
|
||||
+++ b/src/ipa.c
|
||||
@@ -226,6 +226,7 @@ cm_locate_xmlrpc_service(const char *server,
|
||||
if (basedn == NULL) {
|
||||
i = cm_find_default_naming_context(ld, &basedn);
|
||||
if (i != 0) {
|
||||
+ free(basedn);
|
||||
return i;
|
||||
}
|
||||
}
|
||||
@@ -526,6 +527,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
||||
if (basedn == NULL) {
|
||||
i = cm_find_default_naming_context(ld, &basedn);
|
||||
if (i != 0) {
|
||||
+ free(basedn);
|
||||
return i;
|
||||
}
|
||||
}
|
||||
@@ -802,6 +804,7 @@ main(int argc, const char **argv)
|
||||
printf(_("Unable to read signing request from environment variable \"%s\".\n"),
|
||||
CM_SUBMIT_CSR_ENV);
|
||||
}
|
||||
+ free(csr);
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
@@ -903,12 +906,16 @@ main(int argc, const char **argv)
|
||||
|
||||
if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) ||
|
||||
(strcasecmp(mode, CM_OP_POLL) == 0)) {
|
||||
- return submit_or_poll(uri, cainfo, capath, server,
|
||||
+ int ret;
|
||||
+ ret = submit_or_poll(uri, cainfo, capath, server,
|
||||
ldap_uri_cmd, ldap_uri, host, domain,
|
||||
basedn, uid, pwd, csr, reqprinc, profile,
|
||||
issuer);
|
||||
+ free(csr);
|
||||
+ return ret;
|
||||
} else
|
||||
if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) {
|
||||
+ free(csr);
|
||||
return fetch_roots(server, ldap_uri_cmd, ldap_uri, host,
|
||||
uid, pwd, domain, basedn);
|
||||
}
|
||||
diff --git a/src/local.c b/src/local.c
|
||||
index f437d62e..92bea144 100644
|
||||
--- a/src/local.c
|
||||
+++ b/src/local.c
|
||||
@@ -559,6 +559,7 @@ main(int argc, const char **argv)
|
||||
printf(_("Unable to read signing request.\n"));
|
||||
cm_log(1, "Unable to read signing request.\n");
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
/* Take the lock. */
|
||||
@@ -568,6 +569,7 @@ main(int argc, const char **argv)
|
||||
&signer, &key);
|
||||
if ((i != 0) || (signer == NULL)) {
|
||||
cm_log(1, "Error reading signer info.\n");
|
||||
+ free(csr);
|
||||
/* Try again sometime later. */
|
||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||
}
|
||||
@@ -577,11 +579,13 @@ main(int argc, const char **argv)
|
||||
if ((fp == NULL) && (errno != ENOENT)) {
|
||||
cm_log(1, "Error reading '%s': %s.\n", serial,
|
||||
strerror(errno));
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||
}
|
||||
if (fp != NULL) {
|
||||
if (fgets(buf, sizeof(buf), fp) == NULL) {
|
||||
fclose(fp);
|
||||
+ free(csr);
|
||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||
}
|
||||
buf[strcspn(buf, "\r\n")] = '\0';
|
||||
@@ -601,6 +605,7 @@ main(int argc, const char **argv)
|
||||
/* Actually sign the request. */
|
||||
i = cm_submit_o_sign(parent, csr, signer, key, hexserial,
|
||||
now, 0, &cert);
|
||||
+ free(csr);
|
||||
if ((i == 0) && (cert != NULL)) {
|
||||
/* Roll the serial number up. */
|
||||
hexserial = cm_store_increment_serial(parent,
|
||||
diff --git a/src/scep.c b/src/scep.c
|
||||
index 72dff3d5..68eae788 100644
|
||||
--- a/src/scep.c
|
||||
+++ b/src/scep.c
|
||||
@@ -338,6 +338,7 @@ main(int argc, const char **argv)
|
||||
}
|
||||
if (c != -1) {
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(cainfo);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
|
||||
@@ -386,6 +387,7 @@ main(int argc, const char **argv)
|
||||
}
|
||||
if ((message == NULL) || (strlen(message) == 0)) {
|
||||
printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
|
||||
+ free(cainfo);
|
||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
||||
}
|
||||
/* First step: read capabilities for our use. */
|
||||
@@ -405,6 +407,7 @@ main(int argc, const char **argv)
|
||||
}
|
||||
if ((message == NULL) || (strlen(message) == 0)) {
|
||||
printf(_("Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n"));
|
||||
+ free(cainfo);
|
||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
||||
}
|
||||
/* First step: read capabilities for our use. */
|
||||
@@ -416,6 +419,7 @@ main(int argc, const char **argv)
|
||||
/* Supply help output, if it's needed. */
|
||||
if (missing_args) {
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(cainfo);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
|
||||
@@ -492,6 +496,7 @@ main(int argc, const char **argv)
|
||||
verbose > 1 ?
|
||||
cm_submit_h_curl_verbose_on :
|
||||
cm_submit_h_curl_verbose_off);
|
||||
+ free(cainfo);
|
||||
cm_submit_h_run(hctx);
|
||||
content_type = cm_submit_h_result_type(hctx);
|
||||
if (content_type == NULL) {
|
||||
diff --git a/src/srvloc.c b/src/srvloc.c
|
||||
index acab55bf..e8f3f5a5 100644
|
||||
--- a/src/srvloc.c
|
||||
+++ b/src/srvloc.c
|
||||
@@ -189,6 +189,7 @@ cm_srvloc_resolve(void *parent, const char *name, const char *udomain,
|
||||
domain = strdup(udomain);
|
||||
#endif
|
||||
i = res_querydomain(name, domain, C_IN, T_SRV, answer, answer_len);
|
||||
+ free(domain);
|
||||
if (i == -1) {
|
||||
return -1;
|
||||
}
|
||||
diff --git a/src/store-files.c b/src/store-files.c
|
||||
index df1fa336..b97ba5ff 100644
|
||||
--- a/src/store-files.c
|
||||
+++ b/src/store-files.c
|
||||
@@ -558,8 +558,8 @@ cm_store_file_read_lines(void *parent, FILE *fp)
|
||||
case ';':
|
||||
break;
|
||||
}
|
||||
+ free(buf);
|
||||
}
|
||||
- free(buf);
|
||||
/* If we were reading a line, append it to the list. */
|
||||
if (s != NULL) {
|
||||
tlines = talloc_realloc(parent, lines, char *, n_lines + 2);
|
||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
||||
index 60bcf78a..fa81e9aa 100644
|
||||
--- a/src/submit-x.c
|
||||
+++ b/src/submit-x.c
|
||||
@@ -75,6 +75,8 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -84,6 +86,8 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -93,6 +97,8 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -139,6 +145,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -152,6 +160,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -163,6 +173,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
principal, ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -174,6 +186,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -195,6 +209,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -213,6 +229,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -227,6 +245,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -237,6 +257,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
+ } else {
|
||||
+ free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
diff --git a/src/util.c b/src/util.c
|
||||
index 67143d52..373bb533 100644
|
||||
--- a/src/util.c
|
||||
+++ b/src/util.c
|
||||
@@ -98,7 +98,7 @@ read_config_file(const char *filename)
|
||||
char *
|
||||
get_config_entry(char * in_data, const char *section, const char *key)
|
||||
{
|
||||
- char *ptr = NULL, *p, *tmp;
|
||||
+ char *ptr = NULL, *p, *tmp = NULL;
|
||||
char *line;
|
||||
int in_section = 0;
|
||||
char * data = strdup(in_data);
|
||||
@@ -129,9 +129,12 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
||||
}
|
||||
if (strcmp(section, tmp) == 0) {
|
||||
free(tmp);
|
||||
+ tmp = NULL;
|
||||
in_section = 1;
|
||||
continue;
|
||||
}
|
||||
+ free(tmp);
|
||||
+ tmp = NULL;
|
||||
}
|
||||
} /* [ */
|
||||
|
||||
@@ -145,8 +148,10 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
||||
tmp = strndup(line, p - line);
|
||||
if (strcmp(key, tmp) != 0) {
|
||||
free(tmp);
|
||||
+ tmp = NULL;
|
||||
} else {
|
||||
free(tmp);
|
||||
+ tmp = NULL;
|
||||
|
||||
/* Skip over any whitespace after the equal sign. */
|
||||
line = strchr(line, '=');
|
||||
@@ -168,5 +173,6 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
||||
}
|
||||
}
|
||||
free(data);
|
||||
+ free(tmp);
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
||||
index f016acb4..939005c2 100644
|
||||
--- a/tests/tools/addcinfo.c
|
||||
+++ b/tests/tools/addcinfo.c
|
||||
@@ -86,6 +86,7 @@ main(int argc, char **argv)
|
||||
if (enveloped == NULL) {
|
||||
cm_log(0, "Internal error: %s.\n",
|
||||
PR_ErrorToName(PORT_GetError()));
|
||||
+ free(buffer);
|
||||
return 1;
|
||||
}
|
||||
ci.content_type = enveloped->oid;
|
||||
@@ -96,6 +97,7 @@ main(int argc, char **argv)
|
||||
content_info_template) != &encoded) {
|
||||
cm_log(0, "Encoding error: %s.\n",
|
||||
PR_ErrorToName(PORT_GetError()));
|
||||
+ free(buffer);
|
||||
return 1;
|
||||
}
|
||||
j = 0;
|
||||
@@ -105,5 +107,6 @@ main(int argc, char **argv)
|
||||
break;
|
||||
}
|
||||
}
|
||||
+ free(buffer);
|
||||
return 0;
|
||||
}
|
||||
diff --git a/tests/tools/base2pem.c b/tests/tools/base2pem.c
|
||||
index 40e74201..31359684 100644
|
||||
--- a/tests/tools/base2pem.c
|
||||
+++ b/tests/tools/base2pem.c
|
||||
@@ -76,5 +76,6 @@ main(int argc, const char **argv)
|
||||
}
|
||||
}
|
||||
printf("%s", cm_submit_u_pem_from_base64(type, dos, p));
|
||||
+ free(p);
|
||||
return 0;
|
||||
}
|
||||
diff --git a/tests/tools/pem2base.c b/tests/tools/pem2base.c
|
||||
index 0607c162..bb686c0e 100644
|
||||
--- a/tests/tools/pem2base.c
|
||||
+++ b/tests/tools/pem2base.c
|
||||
@@ -46,5 +46,6 @@ main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
printf("%s\n", cm_submit_u_base64_from_text(p));
|
||||
+ free(p);
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.14.4
|
||||
|
25
SOURCES/0013-clang-Uninitialized-initial-value.patch
Normal file
25
SOURCES/0013-clang-Uninitialized-initial-value.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From db0f835829b739cf843d44b08c22407194aadd71 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 13 Sep 2018 17:57:21 -0400
|
||||
Subject: [PATCH 13/17] clang: Uninitialized initial value
|
||||
|
||||
---
|
||||
src/submit-n.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
||||
index ee6f3105..b07ea23a 100644
|
||||
--- a/src/submit-n.c
|
||||
+++ b/src/submit-n.c
|
||||
@@ -281,7 +281,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
||||
PLArenaPool *arena = NULL;
|
||||
SECStatus error;
|
||||
NSSInitContext *ctx = NULL;
|
||||
- PK11SlotInfo *slot;
|
||||
+ PK11SlotInfo *slot = NULL;
|
||||
PK11SlotList *slotlist = NULL;
|
||||
PK11SlotListElement *sle;
|
||||
SECKEYPrivateKeyList *keylist = NULL;
|
||||
--
|
||||
2.14.4
|
||||
|
@ -0,0 +1,99 @@
|
||||
From 753d98b3e70f34a52caabbe8db30bf06fc917f38 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Thu, 13 Sep 2018 11:46:51 -0400
|
||||
Subject: [PATCH 14/17] clang: Null pointer passed as an argument to a
|
||||
'nonnull' parameter
|
||||
|
||||
---
|
||||
src/certsave-n.c | 3 ++-
|
||||
src/getcert.c | 7 ++++---
|
||||
src/scep.c | 8 ++++----
|
||||
src/submit-sn.c | 7 +++++--
|
||||
4 files changed, 15 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index 49b28324..972a1dfa 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -72,7 +72,8 @@ add_privkey_to_list(SECKEYPrivateKey **list, SECKEYPrivateKey *key)
|
||||
if ((list == NULL) || (list[i] == NULL)) {
|
||||
newlist = malloc(sizeof(newlist[0]) * (i + 2));
|
||||
if (newlist != NULL) {
|
||||
- memcpy(newlist, list, sizeof(newlist[0]) * i);
|
||||
+ if (list != NULL)
|
||||
+ memcpy(newlist, list, sizeof(newlist[0]) * i);
|
||||
newlist[i] = key;
|
||||
newlist[i + 1] = NULL;
|
||||
list = newlist;
|
||||
diff --git a/src/getcert.c b/src/getcert.c
|
||||
index 6417cd44..ddb28de2 100644
|
||||
--- a/src/getcert.c
|
||||
+++ b/src/getcert.c
|
||||
@@ -291,7 +291,8 @@ add_string(void *parent, char ***dest, const char *value)
|
||||
printf(_("Out of memory.\n"));
|
||||
exit(1);
|
||||
}
|
||||
- memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
||||
+ if (*dest)
|
||||
+ memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
||||
tmp[i] = talloc_strdup(tmp, value);
|
||||
i++;
|
||||
tmp[i] = NULL;
|
||||
@@ -1582,8 +1583,8 @@ add_basic_request(enum cm_tdbus_type bus, char *id,
|
||||
{
|
||||
DBusMessage *req, *rep;
|
||||
int i;
|
||||
- struct cm_tdbusm_dict param[28];
|
||||
- const struct cm_tdbusm_dict *params[29];
|
||||
+ struct cm_tdbusm_dict param[30];
|
||||
+ const struct cm_tdbusm_dict *params[30];
|
||||
dbus_bool_t b;
|
||||
const char *capath;
|
||||
char *p;
|
||||
diff --git a/src/scep.c b/src/scep.c
|
||||
index 68eae788..b0bd214b 100644
|
||||
--- a/src/scep.c
|
||||
+++ b/src/scep.c
|
||||
@@ -793,8 +793,8 @@ main(int argc, const char **argv)
|
||||
fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx));
|
||||
syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params2);
|
||||
}
|
||||
- if (strcasecmp(content_type2,
|
||||
- "application/x-x509-ca-cert") != 0) {
|
||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
||||
+ "application/x-x509-ca-cert") != 0)) {
|
||||
if (verbose > 0) {
|
||||
fprintf(stderr, "Content is not "
|
||||
"\"application/x-x509-ca-cert\""
|
||||
@@ -882,8 +882,8 @@ main(int argc, const char **argv)
|
||||
break;
|
||||
case op_get_cert_initial:
|
||||
case op_pkcsreq:
|
||||
- if (strcasecmp(content_type2,
|
||||
- "application/x-pki-message") == 0) {
|
||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
||||
+ "application/x-pki-message") == 0)) {
|
||||
memset(&cacerts, 0, sizeof(cacerts));
|
||||
cacerts[0] = cacert ? cacert : racert;
|
||||
cacerts[1] = cacert ? racert : NULL;
|
||||
diff --git a/src/submit-sn.c b/src/submit-sn.c
|
||||
index e9c62b22..ecd78dc0 100644
|
||||
--- a/src/submit-sn.c
|
||||
+++ b/src/submit-sn.c
|
||||
@@ -258,8 +258,11 @@ cm_submit_sn_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
/* Allocate space for one more extension. */
|
||||
extensions = PORT_ArenaZAlloc(arena, (i + 2) * sizeof(extensions[0]));
|
||||
if (extensions != NULL) {
|
||||
- memcpy(extensions, ucert->extensions,
|
||||
- i * sizeof(extensions[0]));
|
||||
+ if (i != 0) {
|
||||
+ /* Note that C99 says copy of 0 items is ok, quieting clang */
|
||||
+ memcpy(extensions, ucert->extensions,
|
||||
+ i * sizeof(extensions[0]));
|
||||
+ }
|
||||
if (found_basic) {
|
||||
extensions[i] = NULL;
|
||||
} else {
|
||||
--
|
||||
2.14.4
|
||||
|
24
SOURCES/0015-clang-Dead-increment.patch
Normal file
24
SOURCES/0015-clang-Dead-increment.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From 9e44680dbd207cef48beb7598114ea59aa457055 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 14 Sep 2018 16:15:23 -0400
|
||||
Subject: [PATCH 15/17] clang: Dead increment
|
||||
|
||||
---
|
||||
src/store-gen.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
||||
index da32afc8..653767a1 100644
|
||||
--- a/src/store-gen.c
|
||||
+++ b/src/store-gen.c
|
||||
@@ -363,7 +363,6 @@ cm_store_time_from_timestamp(const char *timestamp)
|
||||
buf[2] = '\0';
|
||||
stamp.tm_min = atoi(buf);
|
||||
memcpy(buf, timestamp + i, 2);
|
||||
- i += 2;
|
||||
buf[2] = '\0';
|
||||
stamp.tm_sec = atoi(buf);
|
||||
t = timegm(&stamp);
|
||||
--
|
||||
2.14.4
|
||||
|
83
SOURCES/0016-clang-Dereference-of-null-pointer.patch
Normal file
83
SOURCES/0016-clang-Dereference-of-null-pointer.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From 319858127df42c1a95b9b3282705c90ecd6754a5 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 14 Sep 2018 16:16:55 -0400
|
||||
Subject: [PATCH 16/17] clang: Dereference of null pointer
|
||||
|
||||
---
|
||||
src/tdbush.c | 56 +++++++++++++++++++++++++++++---------------------------
|
||||
1 file changed, 29 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
||||
index 3184e67a..d1bbe4da 100644
|
||||
--- a/src/tdbush.c
|
||||
+++ b/src/tdbush.c
|
||||
@@ -3655,37 +3655,39 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
|
||||
break;
|
||||
}
|
||||
}
|
||||
- if (d[i] == NULL) {
|
||||
- new_request_path = talloc_asprintf(parent, "%s/%s",
|
||||
- CM_DBUS_REQUEST_PATH,
|
||||
- entry->cm_busname);
|
||||
- if ((n_propname > 0) &&
|
||||
- (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
||||
- propname[n_propname] = NULL;
|
||||
- cm_tdbush_property_emit_changed(ctx, new_request_path,
|
||||
- CM_DBUS_REQUEST_INTERFACE,
|
||||
- propname);
|
||||
- }
|
||||
- cm_tdbusm_set_bp(rep,
|
||||
- cm_restart_entry(ctx,
|
||||
- entry->cm_nickname),
|
||||
- new_request_path);
|
||||
- dbus_connection_send(conn, rep, NULL);
|
||||
- dbus_message_unref(rep);
|
||||
- talloc_free(new_request_path);
|
||||
- return DBUS_HANDLER_RESULT_HANDLED;
|
||||
- } else {
|
||||
- dbus_message_unref(rep);
|
||||
- rep = dbus_message_new_error(msg,
|
||||
- CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
||||
- _("Unrecognized parameter or wrong value type."));
|
||||
- if (rep != NULL) {
|
||||
- cm_tdbusm_set_s(rep, d[i]->key);
|
||||
+ if (d != NULL) {
|
||||
+ if (d[i] == NULL) {
|
||||
+ new_request_path = talloc_asprintf(parent, "%s/%s",
|
||||
+ CM_DBUS_REQUEST_PATH,
|
||||
+ entry->cm_busname);
|
||||
+ if ((n_propname > 0) &&
|
||||
+ (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
||||
+ propname[n_propname] = NULL;
|
||||
+ cm_tdbush_property_emit_changed(ctx, new_request_path,
|
||||
+ CM_DBUS_REQUEST_INTERFACE,
|
||||
+ propname);
|
||||
+ }
|
||||
+ cm_tdbusm_set_bp(rep,
|
||||
+ cm_restart_entry(ctx,
|
||||
+ entry->cm_nickname),
|
||||
+ new_request_path);
|
||||
dbus_connection_send(conn, rep, NULL);
|
||||
dbus_message_unref(rep);
|
||||
+ talloc_free(new_request_path);
|
||||
return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ } else {
|
||||
+ dbus_message_unref(rep);
|
||||
+ rep = dbus_message_new_error(msg,
|
||||
+ CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
||||
+ _("Unrecognized parameter or wrong value type."));
|
||||
+ if (rep != NULL) {
|
||||
+ cm_tdbusm_set_s(rep, d[i]->key);
|
||||
+ dbus_connection_send(conn, rep, NULL);
|
||||
+ dbus_message_unref(rep);
|
||||
+ return DBUS_HANDLER_RESULT_HANDLED;
|
||||
+ }
|
||||
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
||||
}
|
||||
- return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
||||
}
|
||||
} else {
|
||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
||||
--
|
||||
2.14.4
|
||||
|
26
SOURCES/0017-Add-missing-case-for-cm_prefs_aes192.patch
Normal file
26
SOURCES/0017-Add-missing-case-for-cm_prefs_aes192.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From f17b7c0a22f4d49dca001d984673046e133577d1 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Fri, 14 Sep 2018 16:41:19 -0400
|
||||
Subject: [PATCH 17/17] Add missing case for cm_prefs_aes192
|
||||
|
||||
---
|
||||
src/prefs-o.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/prefs-o.c b/src/prefs-o.c
|
||||
index 64542f85..ac68164d 100644
|
||||
--- a/src/prefs-o.c
|
||||
+++ b/src/prefs-o.c
|
||||
@@ -75,6 +75,9 @@ cm_prefs_ossl_cipher_by_pref(enum cm_prefs_cipher cipher)
|
||||
case cm_prefs_aes128:
|
||||
return EVP_aes_128_cbc();
|
||||
break;
|
||||
+ case cm_prefs_aes192:
|
||||
+ return EVP_aes_192_cbc();
|
||||
+ break;
|
||||
case cm_prefs_aes256:
|
||||
return EVP_aes_256_cbc();
|
||||
break;
|
||||
--
|
||||
2.14.4
|
||||
|
41
SOURCES/0018-clang-more-Dead-assignment.patch
Normal file
41
SOURCES/0018-clang-more-Dead-assignment.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 20d569b57edf2f859aeb48d32bbb91801a45fb91 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 12:48:41 -0400
|
||||
Subject: [PATCH 18/26] clang: more Dead assignment
|
||||
|
||||
---
|
||||
src/submit-x.c | 5 ++---
|
||||
src/tdbus.c | 1 -
|
||||
2 files changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
||||
index fa81e9aa..abebc610 100644
|
||||
--- a/src/submit-x.c
|
||||
+++ b/src/submit-x.c
|
||||
@@ -914,9 +914,8 @@ main(int argc, const char **argv)
|
||||
|
||||
/* Maybe we need a ccache. */
|
||||
if (k5 || (kpname != NULL) || (ktname != NULL)) {
|
||||
- if (!make_ccache ||
|
||||
- (cm_submit_x_make_ccache(ktname, kpname, NULL) == 0)) {
|
||||
- k5 = TRUE;
|
||||
+ if (make_ccache) {
|
||||
+ cm_submit_x_make_ccache(ktname, kpname, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/src/tdbus.c b/src/tdbus.c
|
||||
index cb0a8ad7..a81b5349 100644
|
||||
--- a/src/tdbus.c
|
||||
+++ b/src/tdbus.c
|
||||
@@ -757,7 +757,6 @@ cm_tdbus_setup_public(struct tevent_context *ec, enum cm_tdbus_type bus_type,
|
||||
/* Connect to the right bus. */
|
||||
bus_desc = NULL;
|
||||
conn = NULL;
|
||||
- exit_on_disconnect = TRUE;
|
||||
if (error != NULL) {
|
||||
dbus_error_init(error);
|
||||
}
|
||||
--
|
||||
2.14.4
|
||||
|
321
SOURCES/0019-clang-more-Memory-leaks.patch
Normal file
321
SOURCES/0019-clang-more-Memory-leaks.patch
Normal file
@ -0,0 +1,321 @@
|
||||
From 83a701de85a6b22cc5ad3cec8cb2ddb54d0b2aae Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 12:53:57 -0400
|
||||
Subject: [PATCH 19/26] clang: more Memory leaks
|
||||
|
||||
Fix leaks in tests/tools/addcinfo.c, dogtag.c and submit-x.c
|
||||
---
|
||||
src/dogtag.c | 17 +++++++++++++----
|
||||
src/getcert.c | 3 ++-
|
||||
src/store-files.c | 1 +
|
||||
src/submit-d.c | 6 ++++++
|
||||
src/submit-x.c | 39 ++++++++++-----------------------------
|
||||
tests/tools/addcinfo.c | 8 +++++---
|
||||
6 files changed, 37 insertions(+), 37 deletions(-)
|
||||
|
||||
diff --git a/src/dogtag.c b/src/dogtag.c
|
||||
index 55607f3d..8e3890a5 100644
|
||||
--- a/src/dogtag.c
|
||||
+++ b/src/dogtag.c
|
||||
@@ -117,7 +117,7 @@ main(int argc, const char **argv)
|
||||
const char *ssldir = NULL, *cainfo = NULL, *capath = NULL;
|
||||
const char *sslcert = NULL, *sslkey = NULL;
|
||||
const char *sslpin = NULL, *sslpinfile = NULL;
|
||||
- const char *csr = NULL, *serial = NULL, *template = NULL;
|
||||
+ const char *csr = NULL, *csre = NULL, *serial = NULL, *template = NULL;
|
||||
const char *uid = NULL, *pwd = NULL, *pwdfile = NULL;
|
||||
const char *udn = NULL, *pin = NULL, *pinfile = NULL;
|
||||
char *poptarg;
|
||||
@@ -127,7 +127,7 @@ main(int argc, const char **argv)
|
||||
} *aoptions = NULL, *soptions = NULL;
|
||||
size_t num_aoptions = 0, num_soptions = 0, j;
|
||||
char *savedstate = NULL;
|
||||
- char *p, *q, *params = NULL, *params2 = NULL;
|
||||
+ char *p = NULL, *q = NULL, *params = NULL, *params2 = NULL;
|
||||
const char *lasturl = NULL, *lastparams = NULL;
|
||||
const char *tmp = NULL, *results = NULL;
|
||||
struct cm_submit_h_context *hctx;
|
||||
@@ -537,16 +537,19 @@ main(int argc, const char **argv)
|
||||
}
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
free(csr);
|
||||
+ free(p);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
- csr = cm_submit_u_url_encode(csr);
|
||||
+ csre = cm_submit_u_url_encode(csr);
|
||||
params = talloc_asprintf(ctx,
|
||||
"profileId=%s&"
|
||||
"cert_request_type=pkcs10&"
|
||||
"cert_request=%s&"
|
||||
"xml=true",
|
||||
template,
|
||||
- csr);
|
||||
+ csre);
|
||||
+ free(csr);
|
||||
+ free(csre);
|
||||
}
|
||||
/* Check for creds specified as options. */
|
||||
for (j = 0; j < num_soptions; j++) {
|
||||
@@ -608,12 +611,16 @@ main(int argc, const char **argv)
|
||||
printf(_("No agent URL (-A) given, and no default "
|
||||
"known.\n"));
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(p);
|
||||
+ free(q);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
if ((sslcert == NULL) || (strlen(sslcert) == 0)) {
|
||||
printf(_("No agent credentials (-n) given, but they "
|
||||
"are needed.\n"));
|
||||
poptPrintUsage(pctx, stdout, 0);
|
||||
+ free(p);
|
||||
+ free(q);
|
||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
||||
}
|
||||
/* Reading profile defaults for this certificate, then applying
|
||||
@@ -778,12 +785,14 @@ main(int argc, const char **argv)
|
||||
lasturl);
|
||||
}
|
||||
talloc_free(ctx);
|
||||
+ free(p);
|
||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
||||
}
|
||||
if (results == NULL) {
|
||||
printf(_("Internal error: no response to \"%s?%s\".\n"),
|
||||
lasturl, lastparams);
|
||||
talloc_free(ctx);
|
||||
+ free(p);
|
||||
return CM_SUBMIT_STATUS_REJECTED;
|
||||
}
|
||||
switch (op) {
|
||||
diff --git a/src/getcert.c b/src/getcert.c
|
||||
index ddb28de2..0d527ab0 100644
|
||||
--- a/src/getcert.c
|
||||
+++ b/src/getcert.c
|
||||
@@ -4042,11 +4042,12 @@ thumbprint(const char *s, SECOidTag tag, int bits)
|
||||
}
|
||||
u = malloc(length);
|
||||
if (u == NULL) {
|
||||
+ free(t);
|
||||
goto done;
|
||||
}
|
||||
length = cm_store_base64_to_bin(t, -1, u, length);
|
||||
+ free(t);
|
||||
if (PK11_HashBuf(tag, digest, u, length) == SECSuccess) {
|
||||
- free(t);
|
||||
t = malloc(bits / 4 + howmany(bits, 32));
|
||||
if (t != NULL) {
|
||||
ret = t;
|
||||
diff --git a/src/store-files.c b/src/store-files.c
|
||||
index b97ba5ff..4e57ae16 100644
|
||||
--- a/src/store-files.c
|
||||
+++ b/src/store-files.c
|
||||
@@ -573,6 +573,7 @@ cm_store_file_read_lines(void *parent, FILE *fp)
|
||||
lines = tlines;
|
||||
}
|
||||
}
|
||||
+ free(buf);
|
||||
return lines;
|
||||
}
|
||||
|
||||
diff --git a/src/submit-d.c b/src/submit-d.c
|
||||
index 5a4edb3f..36cc9828 100644
|
||||
--- a/src/submit-d.c
|
||||
+++ b/src/submit-d.c
|
||||
@@ -1204,6 +1204,9 @@ restart:
|
||||
} else {
|
||||
printf("Error %d.\n", c);
|
||||
}
|
||||
+ if (defaults != nodefault) {
|
||||
+ free(defaults);
|
||||
+ }
|
||||
return 1;
|
||||
}
|
||||
result = cm_submit_h_results(hctx, NULL) ?: "";
|
||||
@@ -1365,6 +1368,9 @@ restart:
|
||||
/* never reached */
|
||||
break;
|
||||
}
|
||||
+ if (defaults != nodefault) {
|
||||
+ free(defaults);
|
||||
+ }
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
||||
index abebc610..58d007ef 100644
|
||||
--- a/src/submit-x.c
|
||||
+++ b/src/submit-x.c
|
||||
@@ -45,14 +45,17 @@ get_error_message(krb5_context ctx, krb5_error_code kcode)
|
||||
{
|
||||
const char *ret;
|
||||
#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
|
||||
- ret = ctx ? krb5_get_error_message(ctx, kcode) : NULL;
|
||||
- if (ret == NULL) {
|
||||
- ret = error_message(kcode);
|
||||
+ if (ctx) {
|
||||
+ const char *msg = krb5_get_error_message(ctx, kcode);
|
||||
+ ret = strdup(msg);
|
||||
+ krb5_free_error_message(ctx, msg);
|
||||
+ } else {
|
||||
+ ret = strdup(error_message(kcode));
|
||||
}
|
||||
#else
|
||||
- ret = error_message(kcode);
|
||||
+ ret = strdup(error_message(kcode));
|
||||
#endif
|
||||
- return strdup(ret);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
char *
|
||||
@@ -75,8 +78,6 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -86,8 +87,6 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -97,8 +96,6 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -106,7 +103,7 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
if (data == NULL) {
|
||||
fprintf(stderr, "Error retrieving principal realm.\n");
|
||||
if (msg != NULL) {
|
||||
- *msg = "Error retrieving principal realm.\n";
|
||||
+ *msg = strdup("Error retrieving principal realm.\n");
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -114,7 +111,7 @@ cm_submit_x_ccache_realm(char **msg)
|
||||
if (ret == NULL) {
|
||||
fprintf(stderr, "Out of memory for principal realm.\n");
|
||||
if (msg != NULL) {
|
||||
- *msg = "Out of memory for principal realm.\n";
|
||||
+ *msg = strdup("Out of memory for principal realm.\n");
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -145,8 +142,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -160,8 +155,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -173,8 +166,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
principal, ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -186,8 +177,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -209,8 +198,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -229,8 +216,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -245,8 +230,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
@@ -257,8 +240,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
||||
ret = get_error_message(ctx, kret));
|
||||
if (msg != NULL) {
|
||||
*msg = ret;
|
||||
- } else {
|
||||
- free(ret);
|
||||
}
|
||||
return kret;
|
||||
}
|
||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
||||
index 939005c2..e34612a5 100644
|
||||
--- a/tests/tools/addcinfo.c
|
||||
+++ b/tests/tools/addcinfo.c
|
||||
@@ -63,7 +63,7 @@ content_info_template[] = {
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
- unsigned char *buffer = NULL, buf[BUFSIZ];
|
||||
+ unsigned char *buffer = NULL, *newbuffer = NULL, buf[BUFSIZ];
|
||||
int i, n = 0;
|
||||
unsigned int j;
|
||||
SECItem encoded;
|
||||
@@ -73,11 +73,13 @@ main(int argc, char **argv)
|
||||
cm_log_set_method(cm_log_stderr);
|
||||
cm_log_set_level(3);
|
||||
while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
|
||||
- buffer = realloc(buffer, n + i);
|
||||
- if (buffer == NULL) {
|
||||
+ newbuffer = realloc(buffer, n + i);
|
||||
+ if (newbuffer == NULL) {
|
||||
+ free(buffer);
|
||||
cm_log(0, "Out of memory.\n");
|
||||
return 1;
|
||||
}
|
||||
+ buffer = newbuffer;
|
||||
memcpy(buffer + n, buf, i);
|
||||
n += i;
|
||||
}
|
||||
--
|
||||
2.14.4
|
||||
|
29
SOURCES/0020-clang-Avoid-buffer-overflow.patch
Normal file
29
SOURCES/0020-clang-Avoid-buffer-overflow.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From e9f16cf50ab3438a6e9ea50669854c93c8a399f2 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 13:16:08 -0400
|
||||
Subject: [PATCH 20/26] clang: Avoid buffer overflow
|
||||
|
||||
This shouldn't be possible because the caller would never allow
|
||||
it all to be passed in but quiet static analyzers.
|
||||
---
|
||||
src/getcert.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/getcert.c b/src/getcert.c
|
||||
index 0d527ab0..bbc45479 100644
|
||||
--- a/src/getcert.c
|
||||
+++ b/src/getcert.c
|
||||
@@ -1839,8 +1839,8 @@ set_tracking(const char *argv0, const char *category,
|
||||
enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS;
|
||||
DBusMessage *req, *rep;
|
||||
const char *request, *capath;
|
||||
- struct cm_tdbusm_dict param[28];
|
||||
- const struct cm_tdbusm_dict *params[29];
|
||||
+ struct cm_tdbusm_dict param[30];
|
||||
+ const struct cm_tdbusm_dict *params[30];
|
||||
char *nss_scheme, *dbdir = NULL, *token = NULL, *nickname = NULL;
|
||||
char **anchor_dbs = NULL, **anchor_files = NULL;
|
||||
char *id = NULL, *new_id = NULL, *new_request;
|
||||
--
|
||||
2.14.4
|
||||
|
43
SOURCES/0021-clang-Garbage-value-possible.patch
Normal file
43
SOURCES/0021-clang-Garbage-value-possible.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From bfe2b956c1a9f83bd3d998924788942716767a65 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 14:44:05 -0400
|
||||
Subject: [PATCH 21/26] clang: Garbage value possible
|
||||
|
||||
Need to add guard so that error was only considered if the
|
||||
certificate was decodable and an import was attempted.
|
||||
---
|
||||
src/certsave-n.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
||||
index 972a1dfa..30e242c1 100644
|
||||
--- a/src/certsave-n.c
|
||||
+++ b/src/certsave-n.c
|
||||
@@ -498,6 +498,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
}
|
||||
}
|
||||
/* Import the certificate. */
|
||||
+ error = SECFailure;
|
||||
newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
|
||||
if (newcert != NULL) {
|
||||
error = PK11_ImportCert(sle->slot,
|
||||
@@ -506,7 +507,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
entry->cm_cert_nickname,
|
||||
PR_FALSE);
|
||||
}
|
||||
- if (error == SECSuccess) {
|
||||
+ if ((newcert != NULL) && (error == SECSuccess)) {
|
||||
cm_log(1, "Imported certificate with "
|
||||
"nickname \"%s\".\n",
|
||||
entry->cm_cert_nickname);
|
||||
@@ -581,6 +582,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
CERT_DestroyCertList(certlist);
|
||||
}
|
||||
} else {
|
||||
+ ec = PORT_GetError();
|
||||
if (ec != 0) {
|
||||
es = PR_ErrorToName(ec);
|
||||
} else {
|
||||
--
|
||||
2.14.4
|
||||
|
25
SOURCES/0022-Uninitialized-variable.patch
Normal file
25
SOURCES/0022-Uninitialized-variable.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From a5fef9f676334c6b373f9739a2687dc64ad2c0c0 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 14:48:43 -0400
|
||||
Subject: [PATCH 22/26] Uninitialized variable
|
||||
|
||||
---
|
||||
src/csrgen-o.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/csrgen-o.c b/src/csrgen-o.c
|
||||
index 55b0a598..7ca7065d 100644
|
||||
--- a/src/csrgen-o.c
|
||||
+++ b/src/csrgen-o.c
|
||||
@@ -94,7 +94,7 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||
BIGNUM *serialbn;
|
||||
char buf[LINE_MAX], *p, *q, *s, *nickname, *pin, *password, *filename;
|
||||
unsigned char *extensions, *upassword, *bmp, *name, *up, *uq, md[CM_DIGEST_MAX];
|
||||
- char *spkidec, *mcb64, *nows;
|
||||
+ char *spkidec = NULL, *mcb64, *nows;
|
||||
const char *default_cn = CM_DEFAULT_CERT_SUBJECT_CN, *spkihex = NULL;
|
||||
const unsigned char *nametmp;
|
||||
struct tm *now;
|
||||
--
|
||||
2.14.4
|
||||
|
39
SOURCES/0023-merge-into-clang-more-Memory-leaks.patch
Normal file
39
SOURCES/0023-merge-into-clang-more-Memory-leaks.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From b0766cfdfd8bbac9109a2846c6ac3802e60cb56f Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 15:43:02 -0400
|
||||
Subject: [PATCH 23/26] merge into clang: more Memory leaks
|
||||
|
||||
---
|
||||
src/getcert.c | 2 +-
|
||||
src/submit-x.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/getcert.c b/src/getcert.c
|
||||
index bbc45479..4713dd15 100644
|
||||
--- a/src/getcert.c
|
||||
+++ b/src/getcert.c
|
||||
@@ -4040,7 +4040,7 @@ thumbprint(const char *s, SECOidTag tag, int bits)
|
||||
if (length == 0) {
|
||||
goto done;
|
||||
}
|
||||
- u = malloc(length);
|
||||
+ u = malloc(length+1);
|
||||
if (u == NULL) {
|
||||
free(t);
|
||||
goto done;
|
||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
||||
index 58d007ef..467e67e4 100644
|
||||
--- a/src/submit-x.c
|
||||
+++ b/src/submit-x.c
|
||||
@@ -43,7 +43,7 @@
|
||||
static char *
|
||||
get_error_message(krb5_context ctx, krb5_error_code kcode)
|
||||
{
|
||||
- const char *ret;
|
||||
+ char *ret;
|
||||
#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
|
||||
if (ctx) {
|
||||
const char *msg = krb5_get_error_message(ctx, kcode);
|
||||
--
|
||||
2.14.4
|
||||
|
24
SOURCES/0024-Add-missing-return-type-declaration.patch
Normal file
24
SOURCES/0024-Add-missing-return-type-declaration.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From daaca020810962c568caa49514f5159e1592aaf0 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 15:44:07 -0400
|
||||
Subject: [PATCH 24/26] Add missing return type declaration
|
||||
|
||||
---
|
||||
src/tdbush.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
||||
index d1bbe4da..a10a1aff 100644
|
||||
--- a/src/tdbush.c
|
||||
+++ b/src/tdbush.c
|
||||
@@ -2129,6 +2129,7 @@ ca_get_serial(DBusConnection *conn, DBusMessage *msg,
|
||||
}
|
||||
|
||||
/* org.fedorahosted.certonger.ca.get_config_file_path */
|
||||
+static DBusHandlerResult
|
||||
ca_get_config_file_path(DBusConnection *conn, DBusMessage *msg,
|
||||
struct cm_client_info *ci, struct cm_context *ctx)
|
||||
{
|
||||
--
|
||||
2.14.4
|
||||
|
43
SOURCES/0025-Discards-const-qualifier.patch
Normal file
43
SOURCES/0025-Discards-const-qualifier.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From b12dfc9d43128f05b7e0b9e83c2a6100f808fe94 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 15:46:50 -0400
|
||||
Subject: [PATCH 25/26] Discards const qualifier
|
||||
|
||||
---
|
||||
src/dogtag.c | 3 ++-
|
||||
src/scep.c | 3 ++-
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/dogtag.c b/src/dogtag.c
|
||||
index 8e3890a5..962a8bf4 100644
|
||||
--- a/src/dogtag.c
|
||||
+++ b/src/dogtag.c
|
||||
@@ -117,9 +117,10 @@ main(int argc, const char **argv)
|
||||
const char *ssldir = NULL, *cainfo = NULL, *capath = NULL;
|
||||
const char *sslcert = NULL, *sslkey = NULL;
|
||||
const char *sslpin = NULL, *sslpinfile = NULL;
|
||||
- const char *csr = NULL, *csre = NULL, *serial = NULL, *template = NULL;
|
||||
+ const char *serial = NULL, *template = NULL;
|
||||
const char *uid = NULL, *pwd = NULL, *pwdfile = NULL;
|
||||
const char *udn = NULL, *pin = NULL, *pinfile = NULL;
|
||||
+ char *csr = NULL, *csre = NULL;
|
||||
char *poptarg;
|
||||
struct {
|
||||
char *name;
|
||||
diff --git a/src/scep.c b/src/scep.c
|
||||
index b0bd214b..b37711cf 100644
|
||||
--- a/src/scep.c
|
||||
+++ b/src/scep.c
|
||||
@@ -204,7 +204,8 @@ main(int argc, const char **argv)
|
||||
int prefer_non_renewal = 0, can_renewal = 0;
|
||||
int response_code = 0, response_code2 = 0;
|
||||
enum known_ops op = op_unset;
|
||||
- const char *id = NULL, *cainfo = NULL;
|
||||
+ const char *id = NULL;
|
||||
+ char *cainfo = NULL;
|
||||
char *poptarg;
|
||||
char *message = NULL, *rekey_message = NULL;
|
||||
const char *mode = NULL, *content_type = NULL, *content_type2 = NULL;
|
||||
--
|
||||
2.14.4
|
||||
|
28
SOURCES/0026-Add-missing-case-for-cm_prefs_aes192.patch
Normal file
28
SOURCES/0026-Add-missing-case-for-cm_prefs_aes192.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From f1a328159d46149513e32950284e5dd33525e8e1 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Mon, 8 Oct 2018 15:57:35 -0400
|
||||
Subject: [PATCH 26/26] Add missing case for cm_prefs_aes192
|
||||
|
||||
---
|
||||
src/prefs.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/prefs.c b/src/prefs.c
|
||||
index ab363bbc..20e2ecf8 100644
|
||||
--- a/src/prefs.c
|
||||
+++ b/src/prefs.c
|
||||
@@ -102,6 +102,11 @@ cm_prefs_preferred_cipher(void)
|
||||
free(cipher);
|
||||
return cm_prefs_aes128;
|
||||
}
|
||||
+ if ((strcasecmp(cipher, "aes192") == 0) ||
|
||||
+ (strcasecmp(cipher, "aes-192") == 0)) {
|
||||
+ free(cipher);
|
||||
+ return cm_prefs_aes192;
|
||||
+ }
|
||||
if ((strcasecmp(cipher, "aes256") == 0) ||
|
||||
(strcasecmp(cipher, "aes-256") == 0)) {
|
||||
free(cipher);
|
||||
--
|
||||
2.14.4
|
||||
|
1331
SPECS/certmonger.spec
Normal file
1331
SPECS/certmonger.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user