[Cvs-cvs] ccvs/src ChangeLog client.c sanity.sh verify.c ... [signed-commits3]

[Derek Robert Price]

CVSROOT:        /cvsroot/cvs
Module name:    ccvs
Branch:         signed-commits3
Changes by:     Derek Robert Price <address@hidden>     06/01/13 16:14:03

Modified files:
        src            : ChangeLog client.c sanity.sh verify.c verify.h 

Log message:
        * client.c (update_entries): Warn/exit when unsigned file contents are
        received from the server.
        * verify.c (get_verify_checkouts_fatal): New function.
        * verify.h (get_verify_checkouts_fatal): New proto.
        * sanity.sh (client): Skip tests incompatible with OpenPGP signatures.
        (openpgp2): New tests.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/ChangeLog.diff?only_with_tag=signed-commits3&tr1=1.3328.2.30&tr2=1.3328.2.31&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/client.c.diff?only_with_tag=signed-commits3&tr1=1.438.2.9&tr2=1.438.2.10&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/sanity.sh.diff?only_with_tag=signed-commits3&tr1=1.1105.2.11&tr2=1.1105.2.12&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.c.diff?only_with_tag=signed-commits3&tr1=1.1.2.10&tr2=1.1.2.11&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/cvs/ccvs/src/verify.h.diff?only_with_tag=signed-commits3&tr1=1.1.2.5&tr2=1.1.2.6&r1=text&r2=text

Patches:
Index: ccvs/src/ChangeLog
diff -u ccvs/src/ChangeLog:1.3328.2.30 ccvs/src/ChangeLog:1.3328.2.31
--- ccvs/src/ChangeLog:1.3328.2.30      Fri Jan 13 14:23:43 2006
+++ ccvs/src/ChangeLog  Fri Jan 13 16:14:03 2006
@@ -1,5 +1,12 @@
 2006-01-13  Derek Price  <address@hidden>
 
+       * client.c (update_entries): Warn/exit when unsigned file contents are
+       received from the server.
+       * verify.c (get_verify_checkouts_fatal): New function.
+       * verify.h (get_verify_checkouts_fatal): New proto.
+       * sanity.sh (client): Skip tests incompatible with OpenPGP signatures.
+       (openpgp2): New tests.
+
        * parseinfo.c (parse_config): Avoid a core dump.
        * sanity.sh (openpgp): Add a few tests for commit signature
        verification.
Index: ccvs/src/client.c
diff -u ccvs/src/client.c:1.438.2.9 ccvs/src/client.c:1.438.2.10
--- ccvs/src/client.c:1.438.2.9 Thu Jan 12 18:20:31 2006
+++ ccvs/src/client.c   Fri Jan 13 16:14:03 2006
@@ -1590,6 +1590,10 @@
        char *buf;
        bool patch_failed;
 
+       if (get_verify_checkouts (true))
+           error (get_verify_checkouts_fatal (), 0,
+                  "The server sent unsigned file content.");
+
        if (!validate_change (data->existp, filename, short_pathname))
        {
            /* The Mode, Mod-time, and Checksum responses should not carry
@@ -1897,7 +1901,9 @@
            updated_fname = NULL;
        }
     }
-    else if (!noexec && data->contents == UPDATE_ENTRIES_CHECKIN
+    else if (data->contents == UPDATE_ENTRIES_CHECKIN
+            && !noexec
+            /* This isn't add or remove.  */
             && strcmp (vn, "0") && *vn != '-')
     {
        /* On checkin, create the base file.  */
@@ -1941,6 +1947,16 @@
            free (basefile);
        }
     }
+    else if (data->contents != UPDATE_ENTRIES_CHECKIN)
+       /* This error is important.  It makes sure that all three cases which
+        * write files are caught by the openpgp2 set of tests when the user
+        * has requested that failed checkout verification is fatal and the
+        * server attempts to bypass signatures by sending old-style responses
+        * which do not support signatures.  (The `Checkin' response does not
+        * count since it does not accept any file data from the server and is
+        * used in both modes.)
+        */
+       error (1, 0, "internal error: unhandled update_entries cases.");
 
     if (stored_mode)
     {
Index: ccvs/src/sanity.sh
diff -u ccvs/src/sanity.sh:1.1105.2.11 ccvs/src/sanity.sh:1.1105.2.12
--- ccvs/src/sanity.sh:1.1105.2.11      Fri Jan 13 14:23:43 2006
+++ ccvs/src/sanity.sh  Fri Jan 13 16:14:03 2006
@@ -31326,6 +31326,13 @@
            continue
          fi
 
+         if $gpg; then
+           # The openpgp2 tests test client responses to these old Responses.
+           skip client \
+"Tested functionality incompatible with checkout signature verification."
+           continue
+         fi
+
          if $proxy; then
            # Skip these tests in proxy mode since they assume we are not
            # writing through a proxy server.  There is no writeproxy-client
@@ -32776,6 +32783,127 @@
          modify_repo rm -rf $CVSROOT_DIRNAME/openpgp
          ;;
 
+       openpgp2)
+         # Some tests of the client (independent of the server).
+         if $remote; then :; else
+           remoteonly openpgp2
+           continue
+         fi
+
+         if $proxy; then
+           # Skip these tests in proxy mode since they assume we are not
+           # writing through a proxy server.  There is no writeproxy-openpgp
+           # test currently.  The writeproxy & writeproxy-noredirect tests
+           # test the writeproxy server.
+           notproxy openpgp2
+           continue
+         fi
+
+         cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified 
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Created first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+         # Cygwin.  Pthffffffffft!
+         if test -n "$remotehost"; then
+           $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+         else
+           chmod +x $TESTDIR/serveme
+         fi
+         save_CVS_SERVER=$CVS_SERVER
+         CVS_SERVER=$TESTDIR/serveme; export CVS_SERVER
+         mkdir openpgp2; cd openpgp2
+         dotest_fail openpgp2-1 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+         cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified 
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Patched first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+         # Cygwin.  Pthffffffffft!
+         if test -n "$remotehost"; then
+           $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+         else
+           chmod +x $TESTDIR/serveme
+         fi
+         dotest_fail openpgp2-2 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+         cat >$TESTDIR/serveme <<EOF
+#!$TESTSHELL
+# This is admittedly a bit cheezy, in the sense that we make lots
+# of assumptions about what the client is going to send us.
+# We don't mention Repository, because current clients don't require it.
+# Sending these at our own pace, rather than waiting for the client to
+# make the requests, is bogus, but hopefully we can get away with it.
+cat <<IEOF
+Valid-requests Root Valid-responses valid-requests Directory Entry Modified 
Unchanged Argument Argumentx ci co update
+ok
+M special message
+Rcs-diff first-dir/
+$CVSROOT_DIRNAME/first-dir/file1
+/file1/1.1///
+u=rw,g=rw,o=rw
+4
+xyz
+ok
+M second special message
+IEOF
+cat >/dev/null
+EOF
+         # Cygwin.  Pthffffffffft!
+         if test -n "$remotehost"; then
+           $CVS_RSH $remotehost "chmod +x $TESTDIR/serveme"
+         else
+           chmod +x $TESTDIR/serveme
+         fi
+         dotest_fail openpgp2-3 "$testcvs co first-dir" \
+"special message
+$CPROG \[checkout aborted\]: The server sent unsigned file content\."
+
+         dokeep
+         cd ..
+         rm -r openpgp2
+         CVS_SERVER=$save_CVS_SERVER; export CVS_SERVER
+         ;;
+
 
 
        trace)
Index: ccvs/src/verify.c
diff -u ccvs/src/verify.c:1.1.2.10 ccvs/src/verify.c:1.1.2.11
--- ccvs/src/verify.c:1.1.2.10  Fri Jan 13 05:08:12 2006
+++ ccvs/src/verify.c   Fri Jan 13 16:14:03 2006
@@ -161,6 +161,24 @@
 
 
 
+/* Return true if a client failure to verify a checkout should be fatal.
+ *
+ * GLOBALS
+ *   server_active     Whether the server is active (via
+ *                     iget_verify_checkouts).
+ *
+ * INPUTS
+ *   server_support    Whether the server supports signed files.
+ */
+bool
+get_verify_checkouts_fatal (void)
+{
+    verify_state tmp = iget_verify_checkouts (true);
+    return tmp == VERIFY_FATAL;
+}
+
+
+
 static const char *
 verify_state_to_string (verify_state state)
 {
Index: ccvs/src/verify.h
diff -u ccvs/src/verify.h:1.1.2.5 ccvs/src/verify.h:1.1.2.6
--- ccvs/src/verify.h:1.1.2.5   Fri Jan 13 05:08:12 2006
+++ ccvs/src/verify.h   Fri Jan 13 16:14:03 2006
@@ -45,6 +45,7 @@
 
 /* Get values.  */
 bool get_verify_checkouts (bool server_support);
+bool get_verify_checkouts_fatal (void);
 bool get_verify_commits (void);
 bool verify_signature (const char *srepos, const char *sig, size_t siglen,
                       const char *filename, bool bin);