fort_SOURCES += file.h file.c
fort_SOURCES += hash.h hash.c
fort_SOURCES += http.h http.c
-fort_SOURCES += incidence.h incidence.c
fort_SOURCES += init.h init.c
fort_SOURCES += json_handler.h json_handler.c
fort_SOURCES += json_util.c json_util.h
* some implementations encode parameters as a NULL element
* while others omit them entirely. The correct encoding is to omit the
* parameters field;
- *
- * We will treat NULL object parameters as one type of error, and any
- * other type of present parameters as a different error. The former
- * will be silenceable, because many people are breaking the rule.
*/
if (id->parameters != NULL) {
error = is_asn1_null_object(id->parameters)
- ? incidence(INID_HASHALG_HAS_PARAMS,
- "The hash algorithm of the '%s' has a NULL object as parameters",
- what)
- : pr_val_err("The hash algorithm of the '%s' has parameters",
- what);
+ ? pr_val_err("The hash algorithm of the '%s' has a NULL object as parameters", what)
+ : pr_val_err("The hash algorithm of the '%s' has parameters", what);
}
return error;
#include "config/incidences.h"
-#include "incidence.h"
+#include "log.h"
static void
incidences_print(struct option_field const *field, void *_value)
{
- incidence_print();
+ /* Empty */
}
static int
incidences_parse_json(struct option_field const *opt, json_t *json,
void *_result)
{
- return incidence_update(json);
+ pr_op_warn("Incidences are deprecated; please delete them from your configuration.");
+ return 0;
}
const struct global_type gt_incidences = {
char *prefix;
unsigned long next_id;
size_t pathlen;
- bool free_prefix; // XXX seems to be always false
+ bool free_prefix;
};
void cseq_init(struct cache_sequence *, char *, unsigned long, bool);
+++ /dev/null
-#include "incidence.h"
-
-#include <assert.h>
-
-#include "json_util.h"
-#include "log.h"
-#include "types/array.h"
-
-struct incidence {
- const enum incidence_id id;
- char const *const name;
- char const *const description;
- const enum incidence_action default_action;
- enum incidence_action action;
-};
-
-static struct incidence incidences[__INID_MAX] = {
- {
- INID_HASHALG_HAS_PARAMS,
- "incid-hashalg-has-params",
- "Signed Object's hash algorithm has NULL object as parameters",
- INAC_IGNORE,
- },
- {
- INID_OBJ_NOT_DER,
- "incid-obj-not-der-encoded",
- "Object isn't DER encoded",
- INAC_IGNORE,
- },
- {
- INID_MFT_FILE_NOT_FOUND,
- "incid-file-at-mft-not-found",
- "File listed at manifest doesn't exist",
- INAC_ERROR,
- },
- {
- INID_MFT_FILE_HASH_NOT_MATCH,
- "incid-file-at-mft-hash-not-match",
- "File hash listed at manifest doesn't match the actual file hash",
- INAC_ERROR,
- },
- {
- INID_MFT_STALE,
- "incid-mft-stale",
- "The current time is after the nextUpdate field at the manifest",
- INAC_ERROR,
- },
-};
-
-static int
-name2id(char const *name, enum incidence_id *id)
-{
- array_index i;
-
- for (i = 0; i < __INID_MAX; i++) {
- if (strcmp(name, incidences[i].name) == 0) {
- *id = i;
- return 0;
- }
- }
-
- return pr_op_err("Unknown incidence name: %s", name);
-}
-
-static char const *
-action2str(enum incidence_action action)
-{
- switch (action) {
- case INAC_IGNORE:
- return "ignore";
- case INAC_WARN:
- return "warn";
- case INAC_ERROR:
- return "error";
- }
-
- return "unknown";
-}
-
-static int
-init_action(json_t *json)
-{
- enum incidence_id id;
- char const *name;
- char const *action_str;
- enum incidence_action action;
- int error;
-
- id = __INID_MAX;
- error = json_get_str(json, "name", &name);
- if (error < 0)
- return error;
- if (error > 0)
- return pr_op_err("Incidence is missing the 'name' tag.");
- error = name2id(name, &id);
- if (error)
- return error;
- error = json_get_str(json, "action", &action_str);
- if (error < 0)
- return error;
- if (error > 0)
- return pr_op_err("Incidence '%s' is missing the 'action' tag.",
- name);
-
- if (strcmp("ignore", action_str) == 0)
- action = INAC_IGNORE;
- else if (strcmp("warn", action_str) == 0)
- action = INAC_WARN;
- else if (strcmp("error", action_str) == 0)
- action = INAC_ERROR;
- else
- return pr_op_err("Unknown incidence action: '%s'", action_str);
-
- incidences[id].action = action;
- return 0;
-}
-
-/**
- * Concurrent inits are allowed.
- */
-int
-incidence_init(void)
-{
- array_index i;
-
- /* Make sure the programmer didn't desync the id enum and the array. */
- assert(__INID_MAX == ARRAY_LEN(incidences));
- for (i = 0; i < __INID_MAX; i++) {
- assert(i == incidences[i].id);
- /* Also init. */
- incidences[i].action = incidences[i].default_action;
- }
-
- return 0;
-}
-
-/**
- * Concurrent calls to this function are allowed.
- */
-int
-incidence_update(json_t *json)
-{
- array_index i;
- json_t *child;
- int error;
-
- if (!json_is_array(json))
- return pr_op_err("The incidences JSON element is supposed to be an array.");
-
- json_array_foreach(json, i, child) {
- error = init_action(child);
- if (error)
- return error;
- }
-
- return 0;
-}
-
-void
-incidence_print(void)
-{
- array_index i;
-
- pr_op_info("Custom incidences:");
-
- for (i = 0; i < __INID_MAX; i++) {
- pr_op_info(" %s (%s): %s", incidences[i].name,
- incidences[i].description,
- action2str(incidences[i].action));
- }
-}
-
-enum incidence_action
-incidence_get_action(enum incidence_id id)
-{
- return incidences[id].action;
-}
+++ /dev/null
-#ifndef SRC_INCIDENCE_INCIDENCE_H_
-#define SRC_INCIDENCE_INCIDENCE_H_
-
-#include <jansson.h>
-
-/*
- * Note: If you need to add, modify or delete an element from this enum,
- * remember that you also need to add it to the incidences array. That's all.
- */
-enum incidence_id {
- INID_HASHALG_HAS_PARAMS,
- INID_OBJ_NOT_DER,
- INID_MFT_FILE_NOT_FOUND, // XXX deprecate and no-op
- INID_MFT_FILE_HASH_NOT_MATCH, // XXX deprecate and no-op
- INID_MFT_STALE,
- // XXX Document elimination of INID_CRL_STALE
-
- __INID_MAX,
-};
-
-enum incidence_action {
- /**
- * Do not print error message, continue validation as if nothing
- * happened.
- */
- INAC_IGNORE,
- /**
- * Print error message in warning log level, continue validation as if
- * nothing happened.
- */
- INAC_WARN,
- /**
- * Print error message in error log level, fail validation of the
- * offending object (and all of its children).
- */
- INAC_ERROR,
-};
-
-int incidence_init(void); /* incidence_destroy() is not needed. */
-int incidence_update(json_t *);
-
-void incidence_print(void);
-enum incidence_action incidence_get_action(enum incidence_id);
-
-#endif /* SRC_INCIDENCE_INCIDENCE_H_ */
print_stack_trace(NULL);
exit(-1);
}
-
-/**
- * Prints the [format, ...] error message using the configured logging severity
- * of the @id incidence.
- */
-int
-incidence(enum incidence_id id, const char *format, ...)
-{
- enum incidence_action action;
-
- action = incidence_get_action(id);
- switch (action) {
- case INAC_IGNORE:
- return 0;
- case INAC_WARN:
- PR_SIMPLE(LOG_WARNING, val_config);
- return 0;
- case INAC_ERROR:
- PR_SIMPLE(LOG_ERR, val_config);
- return EINVAL;
- }
-
- pr_crit("Unknown incidence action: %u", action);
-}
#include <stdbool.h>
#include <stdio.h>
-#include "incidence.h"
-
#define PR_COLOR_DBG "\x1B[36m" /* Cyan */
#define PR_COLOR_INF "\x1B[37m" /* White */
#define PR_COLOR_WRN "\x1B[33m" /* Yellow */
/* Programming errors */
__dead void pr_crit(const char *, ...) CHECK_FORMAT(1, 2);
-int incidence(enum incidence_id, const char *, ...) CHECK_FORMAT(2, 3);
-
/*
* Quick and dirty debugging messages.
*
register_signal_handlers();
error = thvar_init();
- if (error)
- goto revert_rsync;
- error = incidence_init();
if (error)
goto revert_rsync;
error = nid_init();
TM_ARGS(thisUpdate));
}
if (tm_cmp(&now, &nextUpdate) > 0) {
- return incidence(INID_MFT_STALE,
- "Manifest is stale. (nextUpdate: " TM_FMT ")",
+ return pr_val_err("Manifest is stale. (nextUpdate: " TM_FMT ")",
TM_ARGS(nextUpdate));
}
#include <arpa/inet.h>
#include <time.h>
#include "config.h"
-#include "incidence.h"
#include "log.h"
#include "thread_var.h"
MOCK_INT_PRINT(pr_val_err, PR_COLOR_ERR, EINVAL)
MOCK_INT_PRINT(val_crypto_err, PR_COLOR_ERR, EINVAL)
-int
-incidence(enum incidence_id id, const char *format, ...)
-{
- MOCK_PRINT(PR_COLOR_ERR);
- return EINVAL;
-}
-
void
enomem_panic(void)
{
projects / thirdparty / FORT-validator.git / commitdiff
