2017-08-10 18:19:50 +00:00
|
|
|
From 01b89fb7a191f4639a93c5a7c47a80752118ba95 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Peter Jones <pjones@redhat.com>
|
|
|
|
Date: Tue, 25 Apr 2017 16:58:50 -0400
|
2017-08-15 15:14:22 +00:00
|
|
|
Subject: [PATCH 18/29] show which db we're checking
|
2017-08-10 18:19:50 +00:00
|
|
|
|
|
|
|
---
|
|
|
|
src/certdb.c | 35 ++++++++++++++++++++++++++++++++++-
|
|
|
|
src/pesigcheck_context.c | 2 ++
|
|
|
|
src/pesigcheck_context.h | 1 +
|
|
|
|
3 files changed, 37 insertions(+), 1 deletion(-)
|
|
|
|
|
|
|
|
diff --git a/src/certdb.c b/src/certdb.c
|
|
|
|
index 1a4baf1..673e074 100644
|
|
|
|
--- a/src/certdb.c
|
|
|
|
+++ b/src/certdb.c
|
|
|
|
@@ -18,6 +18,7 @@
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
+#include <libgen.h>
|
|
|
|
#include <sys/mman.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
@@ -42,17 +43,33 @@ add_db_file(pesigcheck_context *ctx, db_specifier which, const char *dbfile,
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
db->type = type;
|
|
|
|
-
|
|
|
|
db->fd = open(dbfile, O_RDONLY);
|
|
|
|
if (db->fd < 0) {
|
|
|
|
save_errno(free(db));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ char *path = strdup(dbfile);
|
|
|
|
+ if (!path) {
|
|
|
|
+ save_errno(close(db->fd);
|
|
|
|
+ free(db));
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ db->path = basename(path);
|
|
|
|
+ db->path = strdup(db->path);
|
|
|
|
+ free(path);
|
|
|
|
+ if (!db->path) {
|
|
|
|
+ save_errno(close(db->fd);
|
|
|
|
+ free(db));
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
struct stat sb;
|
|
|
|
int rc = fstat(db->fd, &sb);
|
|
|
|
if (rc < 0) {
|
|
|
|
save_errno(close(db->fd);
|
|
|
|
+ free(db->path);
|
|
|
|
free(db));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
@@ -65,6 +82,7 @@ add_db_file(pesigcheck_context *ctx, db_specifier which, const char *dbfile,
|
|
|
|
rc = read_file(db->fd, (char **)&db->map, &sz);
|
|
|
|
if (rc < 0) {
|
|
|
|
save_errno(close(db->fd);
|
|
|
|
+ free(db->path);
|
|
|
|
free(db));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
@@ -133,6 +151,7 @@ add_cert_file(pesigcheck_context *ctx, const char *filename)
|
|
|
|
#define DB_PATH "/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f"
|
|
|
|
#define MOK_PATH "/sys/firmware/efi/efivars/MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23"
|
|
|
|
#define DBX_PATH "/sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f"
|
|
|
|
+#define MOKX_PATH "/sys/firmware/efi/efivars/MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23"
|
|
|
|
|
|
|
|
void
|
|
|
|
init_cert_db(pesigcheck_context *ctx, int use_system_dbs)
|
|
|
|
@@ -167,6 +186,18 @@ init_cert_db(pesigcheck_context *ctx, int use_system_dbs)
|
|
|
|
"database \"%s\": %m\n", DBX_PATH);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
+
|
|
|
|
+ rc = add_db_file(ctx, DBX, MOKX_PATH, DB_EFIVAR);
|
|
|
|
+ if (rc < 0 && errno != ENOENT) {
|
|
|
|
+ fprintf(stderr, "pesigcheck: Could not add key database "
|
|
|
|
+ "\"%s\": %m\n", MOKX_PATH);
|
|
|
|
+ exit(1);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (ctx->dbx == NULL) {
|
|
|
|
+ fprintf(stderr, "pesigcheck: warning: "
|
|
|
|
+ "No key recovation database available\n");
|
|
|
|
+ }
|
|
|
|
}
|
|
|
|
|
|
|
|
typedef db_status (*checkfn)(pesigcheck_context *ctx, SECItem *sig,
|
|
|
|
@@ -187,6 +218,8 @@ check_db(db_specifier which, pesigcheck_context *ctx, checkfn check,
|
|
|
|
sig.type = siBuffer;
|
|
|
|
|
|
|
|
while (dbl) {
|
|
|
|
+ printf("Searching %s %s\n", which == DB ? "db" : "dbx",
|
|
|
|
+ dbl->path);
|
|
|
|
EFI_SIGNATURE_LIST *certlist;
|
|
|
|
EFI_SIGNATURE_DATA *cert;
|
|
|
|
size_t dbsize = dbl->datalen;
|
|
|
|
diff --git a/src/pesigcheck_context.c b/src/pesigcheck_context.c
|
|
|
|
index b934cbe..5a355b1 100644
|
|
|
|
--- a/src/pesigcheck_context.c
|
|
|
|
+++ b/src/pesigcheck_context.c
|
|
|
|
@@ -87,6 +87,7 @@ pesigcheck_context_fini(pesigcheck_context *ctx)
|
|
|
|
munmap(db->map, db->size);
|
|
|
|
close(db->fd);
|
|
|
|
ctx->db = db->next;
|
|
|
|
+ free(db->path);
|
|
|
|
free(db);
|
|
|
|
}
|
|
|
|
while (ctx->dbx) {
|
|
|
|
@@ -95,6 +96,7 @@ pesigcheck_context_fini(pesigcheck_context *ctx)
|
|
|
|
if (db->type == DB_CERT)
|
|
|
|
free(db->data);
|
|
|
|
munmap(db->map, db->size);
|
|
|
|
+ free(db->path);
|
|
|
|
close(db->fd);
|
|
|
|
ctx->dbx = db->next;
|
|
|
|
free(db);
|
|
|
|
diff --git a/src/pesigcheck_context.h b/src/pesigcheck_context.h
|
|
|
|
index 1b916e3..7b5cc89 100644
|
|
|
|
--- a/src/pesigcheck_context.h
|
|
|
|
+++ b/src/pesigcheck_context.h
|
|
|
|
@@ -34,6 +34,7 @@ typedef enum {
|
|
|
|
|
|
|
|
struct dblist {
|
|
|
|
db_f_type type;
|
|
|
|
+ char *path;
|
|
|
|
int fd;
|
|
|
|
struct dblist *next;
|
|
|
|
size_t size;
|
|
|
|
--
|
|
|
|
2.13.4
|
|
|
|
|