INN commit: trunk (3 files)

INN Commit rra at isc.org
Sat Mar 15 16:49:12 UTC 2014


    Date: Saturday, March 15, 2014 @ 09:49:11
  Author: iulius
Revision: 9620

Handle several UIDs on PGP keys when verifying control messages

Fixed a long-standing limitation on how controlchan and pgpverify
were checking the signer of control messages.  They now properly handle
the case of several UIDs being defined on a single PGP key, as well
as the presence of spaces into UIDs.  In previous versions of INN,
a few valid control messages got ignored because of that limitation
(fido.ger.* and grisbi.* were for instance impacted).

Modified:
  trunk/control/controlchan.in
  trunk/control/pgpverify.in
  trunk/doc/pod/news.pod

------------------------+
 control/controlchan.in |    7 ++-
 control/pgpverify.in   |   90 ++++++++++++++++++++++++++++++++++-------------
 doc/pod/news.pod       |   19 +++++++++
 3 files changed, 89 insertions(+), 27 deletions(-)

Modified: control/controlchan.in
===================================================================
--- control/controlchan.in	2014-03-13 13:18:38 UTC (rev 9619)
+++ control/controlchan.in	2014-03-15 16:49:11 UTC (rev 9620)
@@ -446,7 +446,7 @@
             if (!exists($keyresults{$keyowner})) {
                 if ($INN::Config::pgpverify and $INN::Config::pgpverify =~ /^(?:true|on|yes)$/i) {
                     my $pgpresult = defined &local_pgpverify ?
-                        local_pgpverify($token, $article) : pgpverify($token);
+                        local_pgpverify($token, $article, $keyowner) : pgpverify($token, $keyowner);
                     if ($keyowner eq $pgpresult) {
                         $keyresults{$keyowner} = 'doit';
                     } else {
@@ -554,12 +554,13 @@
 
 sub pgpverify {
     my $token = shift;
+    my $keyid = shift;
 
     if ($token =~ /^\@.+\@$/) {
         open(PGPCHECK, "$INN::Config::newsbin/sm -q $token "
-            . "| $INN::Config::newsbin/pgpverify |") or goto ERROR;
+            . "| $INN::Config::newsbin/pgpverify --findid='$keyid' |") or goto ERROR;
     } else {
-        open(PGPCHECK, "$INN::Config::newsbin/pgpverify < $token |") or goto ERROR;
+        open(PGPCHECK, "$INN::Config::newsbin/pgpverify --findid='$keyid' < $token |") or goto ERROR;
     }
     my $pgpresult = <PGPCHECK>;
     close PGPCHECK or goto ERROR;

Modified: control/pgpverify.in
===================================================================
--- control/pgpverify.in	2014-03-13 13:18:38 UTC (rev 9619)
+++ control/pgpverify.in	2014-03-15 16:49:11 UTC (rev 9620)
@@ -3,8 +3,8 @@
 # If running inside INN, uncomment the above and point to INN::Config.
 #
 # Written April 1996, <tale at isc.org> (David C Lawrence)
-# Currently maintained by Russ Allbery <rra at stanford.edu>
-# Version 1.28, 2007-09-18
+# Currently maintained by Russ Allbery <eagle at eyrie.org>
+# Version 1.29, 2014-04-15
 #
 # NOTICE TO INN MAINTAINERS:  The version that is shipped with INN is the
 # same as the version that I make available to the rest of the world
@@ -12,10 +12,18 @@
 #
 # This program requires Perl 5, probably at least about Perl 5.003 since
 # that's when FileHandle was introduced.  If you want to use this program
-# and your Perl is too old, please contact me (rra at stanford.edu) and tell
+# and your Perl is too old, please contact me (eagle at eyrie.org) and tell
 # me about it; I want to know what old versions of Perl are still used in
 # practice.
 #
+# Changes from 1.28 -> 1.29
+# -- Disambiguate numbered lists from description lists in POD to silent
+#    a pod2man warning.
+# -- Add a --findid=<string> flag to explicitly search for <string> in the
+#    output from PGP's analysis of the message.  In case the signature is
+#    valid but does not contain <string>, pgpverify exits with the new
+#    exit status 4.
+#
 # Changes from 1.27 -> 1.28
 # -- Use the INN::Config Perl module instead of innshellvars.pl to
 #    accomodate the new build process of INN 2.5.
@@ -196,23 +204,23 @@
 
 use strict;
 use vars qw($gpgv $pgp $keyring $tmp $tmpdir $lockdir $syslog_method
-            $syslog_facility $syslog_level $log_date $test $messageid);
+            $syslog_facility $syslog_level $log_date $findid $test $messageid);
 
 use Fcntl qw(O_WRONLY O_CREAT O_EXCL);
 use FileHandle;
 use IPC::Open3 qw(open3);
 use POSIX qw(strftime);
+use Getopt::Long;
 
-# Turn on test mode if the first argument is '-test'.
-if (@ARGV && $ARGV[0] eq '-test') {
-  shift @ARGV;
-  $test = 1;
-}
+# Check the arguments passed to pgpverify.
+# If a syntax error occurs, do not syslog it:  such an error is almost
+# certainly from someone running the script manually.
+Getopt::Long::Configure('bundling_override');
+GetOptions(
+  'test'      => sub { $test = 1 },
+  'findid=s'  => \$findid
+) or die "Usage: $0 [--findid='string'] [--test] < message\n";
 
-# Not syslogged, such an error is almost certainly from someone running
-# the script manually.
-die "Usage: $0 < message\n" if @ARGV != 0;
-
 # Grab various defaults from INN::Config if running inside INN.
 $pgp = $INN::Config::pgp
     if $INN::Config::pgp && $INN::Config::pgp ne "no-pgp-found-during-configure";
@@ -366,7 +374,9 @@
 # the form of an ASCII-armored string with embedded newlines), a version
 # number (which may be undef), and the message.  We return an exit status
 # and the key id if the signature is verified.  0 means good signature, 1
-# means bad data, 2 means an unknown signer, and 3 means a bad signature.
+# means bad data, 2 means an unknown signer, 3 means a bad signature, and
+# 4 means good signature without having found the argument given to the
+# --findid flag.
 # In the event of an error, we report with errmsg.
 #
 # This code is taken almost verbatim from PGP::Sign except for the code to
@@ -497,34 +507,45 @@
         $signer = $1;
       } elsif (/\[GNUPG:\]\s+NODATA/ || /\[GNUPG:\]\s+UNEXPECTED/) {
         $ok = 1;
+        last;
       } elsif (/\[GNUPG:\]\s+NO_PUBKEY/) {
         $ok = 2;
+        last;
       } elsif (/\[GNUPG:\]\s+BADSIG\s+/) {
         $ok = 3;
+        last;
       }
     } else {
       if (/^Good signature from user(?::\s+(.*)|\s+\"(.*)\"\.)$/m) {
         $signer = $+;
         $ok = 0;
-        last;
       } elsif (/^Good signature made .* by key:\n.+\n\s+\"(.*)\"/m) {
         $signer = $1;
         $ok = 0;
-        last;
       } elsif (/^\S+: Good signature from \"(.*)\"/m) {
         $signer = $1;
         $ok = 0;
-        last;
       } elsif (/^(?:\S+: )?Bad signature /im) {
         $ok = 3;
         last;
       }
     }
+    # If the --findid flag is used, and the signature is good,
+    # override the value of the signer with the string specified in
+    # the --findid flag.
+    if (defined ($findid) and $ok eq 0) {
+      $signer = $findid if (/$findid/);
+    }
   }
   close $input;
   waitpid ($pid, 0);
   unlink ($filename, "$filename.asc");
   umask $umask;
+
+  if (defined ($findid) and $ok eq 0 and $signer ne $findid) {
+    $ok = 4;
+  }
+
   return ($ok, $signer || '');
 }
 
@@ -687,7 +708,7 @@
 
 =head1 SYNOPSIS
 
-B<pgpverify> [B<-test>] < I<message>
+B<pgpverify> [B<--findid>=I<string>] [B<--test>] < I<message>
 
 =head1 DESCRIPTION
 
@@ -723,11 +744,26 @@
 
 =head1 OPTIONS
 
-The B<-test> flag causes B<pgpverify> to print out the input that it is
+=over 4
+
+=item B<--findid>=I<string>
+
+The B<--findid> flag causes B<pgpverify> to explicitly search for
+I<string> in the output from PGP's analysis of the message.  This option
+is useful when several UIDs are defined on a single PGP key, and the
+caller to B<pgpverify> needs checking whether a given one is defined on
+this key.  In case the signature is valid but does not contain I<string>,
+B<pgpverify> exits with exit status 4.
+
+=item B<--test>
+
+The B<--test> flag causes B<pgpverify> to print out the input that it is
 passing to PGP (which is a reconstructed version of the input that
 supposedly created the control message) as well as the output from PGP's
 analysis of the message.
 
+=back
+
 =head1 EXIT STATUS
 
 B<pgpverify> may exit with the following statuses:
@@ -738,20 +774,26 @@
 
 The control message had a good PGP signature.
 
-=item 1
+=item 1Z<>
 
 The control message had no PGP signature.
 
-=item 2
+=item 2Z<>
 
 The control message had an unknown PGP signature.
 
-=item 3
+=item 3Z<>
 
 The control message had a bad PGP signature.
 
-=item 255
+=item 4Z<>
 
+The control message had a good PGP signature but the argument given
+to the B<--findid> flag had non been found in the output from PGP's
+analysis of the message.
+
+=item 255Z<>
+
 A problem occurred not directly related to PGP analysis of signature.
 
 =back
@@ -810,7 +852,7 @@
 
 B<pgpverify> was written by David C Lawrence <tale at isc.org>.  Manual page
 provided by James Ralston.  It is currently maintained by Russ Allbery
-<rra at stanford.edu>.
+<eagle at eyrie.org>.
 
 =head1 COPYRIGHT AND LICENSE
 

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2014-03-13 13:18:38 UTC (rev 9619)
+++ doc/pod/news.pod	2014-03-15 16:49:11 UTC (rev 9620)
@@ -176,6 +176,21 @@
 
 =item *
 
+An up-to-date F<control.ctl> file is provided with this release.  You should
+manually update your F<control.ctl> file with the new information recorded
+about Usenet hierarchies.
+
+=item *
+
+Fixed a long-standing limitation on how B<controlchan> and B<pgpverify>
+were checking the signer of control messages.  They now properly handle
+the case of several UIDs being defined on a single PGP key, as well
+as the presence of spaces into UIDs.  In previous versions of INN,
+a few valid control messages got ignored because of that limitation
+(fido.ger.* and grisbi.* were for instance impacted).
+
+=item *
+
 As the name of the F<radius.conf> configuration file shipped with INN
 for the B<nnrpd> authenticator against a RADIUS server conflicts with
 the libradius package, this file is renamed to F<inn-radius.conf>
@@ -276,6 +291,10 @@
 in I<pathetc>, named differently so that their default contents are
 not displayed to news clients before they get customised.
 
+=item *
+
+Other minor bug fixes and documentation improvements.
+
 =back
 
 =head1 Changes in 2.5.3



More information about the inn-committers mailing list