diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/gpg0001-utils-settrans-improve-chroot-functionality.patch | 173 | ||||
-rw-r--r-- | debian/patches/gpg0002-trans-add-transparent-GnuPG-translator.patch | 1682 | ||||
-rw-r--r-- | debian/patches/series | 2 |
3 files changed, 1857 insertions, 0 deletions
diff --git a/debian/patches/gpg0001-utils-settrans-improve-chroot-functionality.patch b/debian/patches/gpg0001-utils-settrans-improve-chroot-functionality.patch new file mode 100644 index 00000000..4e0379b5 --- /dev/null +++ b/debian/patches/gpg0001-utils-settrans-improve-chroot-functionality.patch @@ -0,0 +1,173 @@ +From b39f06e90b48b94227075c6f71c8c6cd3d2970f8 Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Fri, 15 Jan 2016 18:56:25 +0100 +Subject: [PATCH hurd 1/2] utils/settrans: improve --chroot functionality + +Add an option '--chroot-chdir' to settrans and make it chdir to this +directory before executing the target program. + +* utils/fakeroot.sh: Simplify using the new option. +* utils/remap.sh: Likewise. +* utils/settrans.c (OPT_CHROOT_CHDIR): New constant. +(options): New option 'chroot-chdir'. +(main): Handle new option. Search for target executable in PATH. +* utils/fakeauth.c (main): Likewise. +--- + utils/fakeauth.c | 6 +++++- + utils/fakeroot.sh | 15 ++++++--------- + utils/remap.sh | 14 ++++++-------- + utils/settrans.c | 32 ++++++++++++++++++++++++++++++-- + 4 files changed, 47 insertions(+), 20 deletions(-) + +diff --git a/utils/fakeauth.c b/utils/fakeauth.c +index ba6a3ee..004cc46 100644 +--- a/utils/fakeauth.c ++++ b/utils/fakeauth.c +@@ -402,9 +402,13 @@ believe it has restricted them to different identities or no identity at all.\ + { + task_t newtask; + process_t proc; +- file_t execfile = file_name_lookup (argv[argi], O_EXEC, 0); ++ char *prefixed_name; ++ file_t execfile = file_name_path_lookup (argv[argi], getenv ("PATH"), ++ O_EXEC, 0, &prefixed_name); + if (execfile == MACH_PORT_NULL) + error (3, errno, "%s", argv[argi]); ++ if (prefixed_name) ++ argv[0] = prefixed_name; + + err = task_create (mach_task_self (), + #ifdef KERN_INVALID_LEDGER +diff --git a/utils/fakeroot.sh b/utils/fakeroot.sh +index 6993365..7bc5dc7 100644 +--- a/utils/fakeroot.sh ++++ b/utils/fakeroot.sh +@@ -54,12 +54,9 @@ if [ $# -eq 0 ]; then + set -- ${SHELL:-/bin/sh} + fi + +-# We exec settrans, which execs the "fakeauth" command in the chroot context. +-# The `pwd` is evaluated here and now, and that result interpreted inside +-# the shell running under fakeauth to chdir there inside the chroot world. +-# That shell then execs our arguments as a command line. +-exec /bin/settrans --chroot \ +- /bin/fakeauth \ +- /bin/sh -c 'cd "$1" || exit ; shift ; exec "$@"' \ +- "$1" "$PWD" "$@" \ +- -- / /hurd/fakeroot ++# We exec settrans, which execs the "fakeauth" command in the chroot ++# context provided by /hurd/fakeroot. ++exec /bin/settrans \ ++ --chroot-chdir "$PWD" \ ++ --chroot /bin/fakeauth "$@" -- \ ++ / /hurd/fakeroot +diff --git a/utils/remap.sh b/utils/remap.sh +index f24ed0e..40c2d76 100644 +--- a/utils/remap.sh ++++ b/utils/remap.sh +@@ -57,11 +57,9 @@ if [ $# -eq 0 ]; then + set -- ${SHELL:-/bin/sh} + fi + +-# We exec settrans, which execs the "fakeauth" command in the chroot context. +-# The `pwd` is evaluated here and now, and that result interpreted inside +-# the shell running under fakeauth to chdir there inside the chroot world. +-# That shell then execs our arguments as a command line. +-exec /bin/settrans --chroot \ +- /bin/sh -c 'cd "$1" || exit ; shift ; exec "$@"' \ +- "$1" "$PWD" "$@" \ +- -- / /hurd/remap $MAPPED ++# We exec settrans, which execs the target command in the chroot ++# context provided by /hurd/remap. ++exec /bin/settrans \ ++ --chroot-chdir "$PWD" \ ++ --chroot "$@" -- \ ++ / /hurd/remap $MAPPED +diff --git a/utils/settrans.c b/utils/settrans.c +index cd40c56..00cc358 100644 +--- a/utils/settrans.c ++++ b/utils/settrans.c +@@ -18,6 +18,7 @@ + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + ++#include <assert.h> + #include <hurd.h> + #include <stdio.h> + #include <stdlib.h> +@@ -45,6 +46,8 @@ const char *argp_program_version = STANDARD_HURD_VERSION (settrans); + #define _STRINGIFY(arg) #arg + #define STRINGIFY(arg) _STRINGIFY (arg) + ++#define OPT_CHROOT_CHDIR -1 ++ + static struct argp_option options[] = + { + {"active", 'a', 0, 0, "Start TRANSLATOR and set it as NODE's active translator" }, +@@ -65,6 +68,9 @@ static struct argp_option options[] = + {"chroot", 'C', 0, 0, + "Instead of setting the node's translator, take following arguments up to" + " `--' and run that command chroot'd to the translated node."}, ++ {"chroot-chdir", OPT_CHROOT_CHDIR, "DIR", 0, ++ "Change to DIR before running the chrooted command. " ++ "DIR must be an absolute path."}, + + {0,0,0,0, "When setting the passive translator, if there's an active translator:"}, + {"goaway", 'g', 0, 0, "Ask the active translator to go away"}, +@@ -114,6 +120,7 @@ main(int argc, char *argv[]) + int excl = 0; + int timeout = DEFAULT_TIMEOUT * 1000; /* ms */ + char **chroot_command = 0; ++ char *chroot_chdir = "/"; + + /* Parse our options... */ + error_t parse_opt (int key, char *arg, struct argp_state *state) +@@ -183,6 +190,12 @@ main(int argc, char *argv[]) + argp_error (state, "--chroot command must be terminated with `--'"); + return EINVAL; + ++ case OPT_CHROOT_CHDIR: ++ if (arg[0] != '/') ++ argp_error (state, "--chroot-chdir must be absolute"); ++ chroot_chdir = arg; ++ break; ++ + case 'c': lookup_flags |= O_CREAT; break; + case 'L': lookup_flags &= ~O_NOTRANS; break; + +@@ -325,6 +338,8 @@ main(int argc, char *argv[]) + char retry_name[1024]; /* XXX */ + retry_type do_retry; + mach_port_t root; ++ file_t executable; ++ char *prefixed_name; + err = fsys_getroot (active_control, + MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND, + NULL, 0, NULL, 0, 0, +@@ -341,8 +356,21 @@ main(int argc, char *argv[]) + if (setcrdir (root)) + error (7, errno, "cannot install root port"); + mach_port_deallocate (mach_task_self (), root); +- if (chdir ("/")) +- error (8, errno, "cannot chdir to new root"); ++ if (chdir (chroot_chdir)) ++ error (8, errno, "%s", chroot_chdir); ++ ++ /* Lookup executable in PATH. */ ++ executable = file_name_path_lookup (chroot_command[0], ++ getenv ("PATH"), ++ O_EXEC, 0, ++ &prefixed_name); ++ if (MACH_PORT_VALID (executable)) ++ { ++ err = mach_port_deallocate (mach_task_self (), executable); ++ assert_perror (err); ++ if (prefixed_name) ++ chroot_command[0] = prefixed_name; ++ } + + execvp (chroot_command[0], chroot_command); + error (8, errno, "cannot execute %s", chroot_command[0]); +-- +2.1.4 + diff --git a/debian/patches/gpg0002-trans-add-transparent-GnuPG-translator.patch b/debian/patches/gpg0002-trans-add-transparent-GnuPG-translator.patch new file mode 100644 index 00000000..023d17ba --- /dev/null +++ b/debian/patches/gpg0002-trans-add-transparent-GnuPG-translator.patch @@ -0,0 +1,1682 @@ +From f0aaa8688c98435cb95668bf0308c8e44dd087af Mon Sep 17 00:00:00 2001 +From: Justus Winter <4winter@informatik.uni-hamburg.de> +Date: Sat, 23 Jan 2016 00:14:56 +0100 +Subject: [PATCH hurd 2/2] trans: add transparent GnuPG translator + +* trans/Makefile: Add new files. +* trans/chroot.c: New file. +* trans/chroot.h: Likewise. +* trans/gpg.c: Likewise. +* utils/gpg-env.sh: Likewise. +--- + trans/Makefile | 7 +- + trans/chroot.c | 690 +++++++++++++++++++++++++++++++++++++++++++++++++++ + trans/chroot.h | 37 +++ + trans/gpg.c | 734 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + utils/Makefile | 6 +- + utils/gpg-env.sh | 120 +++++++++ + 6 files changed, 1588 insertions(+), 6 deletions(-) + create mode 100644 trans/chroot.c + create mode 100644 trans/chroot.h + create mode 100644 trans/gpg.c + create mode 100755 utils/gpg-env.sh + +diff --git a/trans/Makefile b/trans/Makefile +index 65b51d1..b4ebb96 100644 +--- a/trans/Makefile ++++ b/trans/Makefile +@@ -21,10 +21,10 @@ makemode := servers + + targets = symlink firmlink ifsock magic null fifo new-fifo fwd crash \ + password hello hello-mt streamio fakeroot proxy-defpager remap \ +- mtab ++ mtab gpg + SRCS = ifsock.c symlink.c magic.c null.c fifo.c new-fifo.c fwd.c \ + crash.c firmlink.c password.c hello.c hello-mt.c streamio.c \ +- fakeroot.c proxy-defpager.c remap.c mtab.c ++ fakeroot.c proxy-defpager.c remap.c mtab.c gpg.c chroot.c + OBJS = $(SRCS:.c=.o) fsysServer.o ifsockServer.o passwordServer.o \ + crashServer.o crash_replyUser.o msgServer.o \ + default_pagerServer.o default_pagerUser.o \ +@@ -65,7 +65,8 @@ proxy-defpager: default_pagerServer.o default_pagerUser.o + streamio: device_replyServer.o + symlink: fsysServer.o + +-fakeroot: ../libnetfs/libnetfs.a ++gpg: chroot.o ++fakeroot gpg: ../libnetfs/libnetfs.a + fifo new-fifo: ../libpipe/libpipe.a + crash fifo firmlink hello hello-mt ifsock magic mtab new-fifo null password proxy-defpager remap streamio: ../libtrivfs/libtrivfs.a + $(targets): ../libfshelp/libfshelp.a \ +diff --git a/trans/chroot.c b/trans/chroot.c +new file mode 100644 +index 0000000..29f9a28 +--- /dev/null ++++ b/trans/chroot.c +@@ -0,0 +1,690 @@ ++/* chroot.c -- support for writing chrooting translators ++ Copyright (C) 2002, 2003, 2008, 2013, 2016 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License as ++ published by the Free Software Foundation; either version 2, or (at ++ your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ ++ ++#include <argz.h> ++#include <argp.h> ++#include <dirent.h> ++#include <error.h> ++#include <hurd/netfs.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <fcntl.h> ++#include <sys/mman.h> ++#include <sys/stat.h> ++#include <pthread.h> ++#include <hurd/ihash.h> ++#include <hurd/paths.h> ++#include <sys/types.h> ++#include <sys/wait.h> ++#include <unistd.h> ++ ++#include <version.h> ++ ++#include "chroot.h" ++ ++#include "libnetfs/fs_S.h" ++#include "libnetfs/io_S.h" ++#include "libnetfs/fsys_S.h" ++#include "libports/notify_S.h" ++#include "libports/interrupt_S.h" ++ ++pthread_mutex_t idport_ihash_lock = PTHREAD_MUTEX_INITIALIZER; ++struct hurd_ihash idport_ihash ++= HURD_IHASH_INITIALIZER (sizeof (struct node) ++ + offsetof (struct netnode, idport_locp)); ++ ++/* Make a new virtual node. Always consumes the ports. If ++ successful, NP will be locked. */ ++error_t ++chroot_new_node (file_t file, mach_port_t idport, int locked, ++ size_t size, struct node **np) ++{ ++ error_t err; ++ struct netnode *nn; ++ ++ *np = netfs_make_node_alloc (sizeof *nn + size); ++ if (*np == 0) ++ { ++ mach_port_deallocate (mach_task_self (), file); ++ if (MACH_PORT_VALID (idport)) ++ mach_port_deallocate (mach_task_self (), idport); ++ if (locked) ++ pthread_mutex_unlock (&idport_ihash_lock); ++ return ENOMEM; ++ } ++ nn = netfs_node_netnode (*np); ++ nn->file = file; ++ if (MACH_PORT_VALID (idport)) ++ nn->idport = idport; ++ else ++ { ++ ino_t fileno; ++ mach_port_t fsidport; ++ assert (!locked); ++ err = io_identity (file, &nn->idport, &fsidport, &fileno); ++ if (err) ++ { ++ mach_port_deallocate (mach_task_self (), file); ++ free (*np); ++ return err; ++ } ++ } ++ ++ if (!locked) ++ pthread_mutex_lock (&idport_ihash_lock); ++ err = hurd_ihash_add (&idport_ihash, nn->idport, *np); ++ if (err) ++ goto lose; ++ ++ pthread_mutex_lock (&(*np)->lock); ++ pthread_mutex_unlock (&idport_ihash_lock); ++ return 0; ++ ++ lose: ++ pthread_mutex_unlock (&idport_ihash_lock); ++ mach_port_deallocate (mach_task_self (), nn->idport); ++ mach_port_deallocate (mach_task_self (), file); ++ free (*np); ++ *np = NULL; ++ return err; ++} ++ ++/* Node NP has no more references; free all its associated storage. */ ++void ++netfs_node_norefs (struct node *np) ++{ ++ pthread_mutex_unlock (&np->lock); ++ pthread_spin_unlock (&netfs_node_refcnt_lock); ++ ++ pthread_mutex_lock (&idport_ihash_lock); ++ hurd_ihash_locp_remove (&idport_ihash, netfs_node_netnode (np)->idport_locp); ++ pthread_mutex_unlock (&idport_ihash_lock); ++ ++ chroot_node_norefs (np); ++ mach_port_deallocate (mach_task_self (), netfs_node_netnode (np)->file); ++ mach_port_deallocate (mach_task_self (), netfs_node_netnode (np)->idport); ++ free (np); ++ ++ pthread_spin_lock (&netfs_node_refcnt_lock); ++} ++ ++/* This is the cleanup function we install in netfs_protid_class. If ++ the associated nodes reference count would also drop to zero, and ++ the node has no faked attributes, we destroy it as well. */ ++static void ++gpg_netfs_release_protid (void *cookie) ++{ ++ netfs_release_protid (cookie); ++ ++ int cports = ports_count_class (netfs_control_class); ++ int nports = ports_count_class (netfs_protid_class); ++ ports_enable_class (netfs_control_class); ++ ports_enable_class (netfs_protid_class); ++ if (cports == 0 && nports == 0) ++ { ++ /* The last client is gone. Our job is done. */ ++ error_t err = netfs_shutdown (0); ++ if (! err) ++ exit (EXIT_SUCCESS); ++ ++ /* If netfs_shutdown returns EBUSY, we lost a race against ++ fsys_goaway. Hence we ignore this error. */ ++ if (err != EBUSY) ++ error (1, err, "netfs_shutdown"); ++ } ++} ++ ++error_t ++chroot_init (void) ++{ ++ /* Install our own clean routine. */ ++ netfs_protid_class->clean_routine = gpg_netfs_release_protid; ++ return 0; ++} ++ ++/* This is called by netfs_S_fsys_getroot. */ ++error_t ++netfs_check_open_permissions (struct iouser *user, struct node *np, ++ int flags, int newnode) ++{ ++ return 0; /* XXX */ ++} ++ ++/* The user may define this function. Attempt to set the passive ++ translator record for FILE to ARGZ (of length ARGZLEN) for user ++ CRED. */ ++error_t ++netfs_set_translator (struct iouser *cred, struct node *np, ++ char *argz, size_t argzlen) ++{ ++ return file_set_translator (netfs_node_netnode (np)->file, ++ FS_TRANS_EXCL|FS_TRANS_SET, ++ FS_TRANS_EXCL|FS_TRANS_SET, 0, ++ argz, argzlen, ++ MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND); ++} ++ ++/* These callbacks are used only by the standard netfs_S_dir_lookup, ++ which we do not use. But the shared library requires us to define them. */ ++error_t ++netfs_attempt_lookup (struct iouser *user, struct node *dir, ++ char *name, struct node **np) ++{ ++ assert (! "should not be here"); ++ return EIEIO; ++} ++ ++error_t ++netfs_attempt_create_file (struct iouser *user, struct node *dir, ++ char *name, mode_t mode, struct node **np) ++{ ++ assert (! "should not be here"); ++ return EIEIO; ++} ++ ++/* Make sure that NP->nn_stat is filled with the most current information. ++ CRED identifies the user responsible for the operation. NP is locked. */ ++error_t ++netfs_validate_stat (struct node *np, struct iouser *cred) ++{ ++ struct stat st; ++ error_t err = io_stat (netfs_node_netnode (np)->file, &st); ++ if (err) ++ return err; ++ ++ np->nn_stat = st; ++ np->nn_translated = S_ISLNK (st.st_mode) ? S_IFLNK : 0; ++ ++ return 0; ++} ++ ++/* Various netfs functions will call fshelp_isowner to check whether ++ USER is allowed to do some operation. As gpg is not running ++ within the fakeauth'ed environment, USER contains the real ++ user. Hence, we override this check. */ ++error_t ++fshelp_isowner (struct stat *st, struct iouser *user) ++{ ++ return 0; ++} ++ ++error_t ++netfs_attempt_chown (struct iouser *cred, struct node *np, ++ uid_t uid, uid_t gid) ++{ ++ if (! cred) ++ return EOPNOTSUPP; ++ return file_chown (netfs_node_netnode (np)->file, uid, gid); ++} ++ ++error_t ++netfs_attempt_chauthor (struct iouser *cred, struct node *np, uid_t author) ++{ ++ if (! cred) ++ return EOPNOTSUPP; ++ return file_chauthor (netfs_node_netnode (np)->file, author); ++} ++ ++/* This should attempt a chmod call for the user specified by CRED on ++ locked node NODE, to change the mode to MODE. Unlike the normal Unix ++ and Hurd meaning of chmod, this function is also used to attempt to ++ change files into other types. If such a transition is attempted which ++ is impossible, then return EOPNOTSUPP. */ ++error_t ++netfs_attempt_chmod (struct iouser *cred, struct node *np, mode_t mode) ++{ ++ if (! cred) ++ return EOPNOTSUPP; ++ return file_chmod (netfs_node_netnode (np)->file, mode); ++} ++ ++/* The user must define this function. Attempt to turn locked node NP ++ (user CRED) into a symlink with target NAME. */ ++error_t ++netfs_attempt_mksymlink (struct iouser *cred, struct node *np, char *name) ++{ ++ int namelen = strlen (name) + 1; ++ char trans[sizeof _HURD_SYMLINK + namelen]; ++ memcpy (trans, _HURD_SYMLINK, sizeof _HURD_SYMLINK); ++ memcpy (&trans[sizeof _HURD_SYMLINK], name, namelen); ++ return file_set_translator (netfs_node_netnode (np)->file, ++ FS_TRANS_EXCL|FS_TRANS_SET, ++ FS_TRANS_EXCL|FS_TRANS_SET, 0, ++ trans, sizeof trans, ++ MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND); ++} ++ ++error_t ++netfs_attempt_mkdev (struct iouser *cred, struct node *np, ++ mode_t type, dev_t indexes) ++{ ++ char *trans = 0; ++ int translen = asprintf (&trans, "%s%c%d%c%d", ++ S_ISCHR (type) ? _HURD_CHRDEV : _HURD_BLKDEV, ++ '\0', major (indexes), '\0', minor (indexes)); ++ if (trans == 0) ++ return ENOMEM; ++ else ++ { ++ error_t err = file_set_translator (netfs_node_netnode (np)->file, ++ FS_TRANS_EXCL|FS_TRANS_SET, ++ FS_TRANS_EXCL|FS_TRANS_SET, 0, ++ trans, translen + 1, ++ MACH_PORT_NULL, ++ MACH_MSG_TYPE_COPY_SEND); ++ free (trans); ++ return err; ++ } ++} ++ ++error_t ++netfs_attempt_chflags (struct iouser *cred, struct node *np, int flags) ++{ ++ return file_chflags (netfs_node_netnode (np)->file, flags); ++} ++ ++error_t ++netfs_attempt_utimes (struct iouser *cred, struct node *np, ++ struct timespec *atime, struct timespec *mtime) ++{ ++ union tv ++ { ++ struct timeval tv; ++ time_value_t tvt; ++ }; ++ union tv a, m; ++ if (atime) ++ { ++ TIMESPEC_TO_TIMEVAL (&a.tv, atime); ++ } ++ else ++ a.tv.tv_sec = a.tv.tv_usec = -1; ++ if (mtime) ++ { ++ TIMESPEC_TO_TIMEVAL (&m.tv, mtime); ++ } ++ else ++ m.tv.tv_sec = m.tv.tv_usec = -1; ++ ++ return file_utimes (netfs_node_netnode (np)->file, a.tvt, m.tvt); ++} ++ ++error_t ++netfs_attempt_set_size (struct iouser *cred, struct node *np, off_t size) ++{ ++ return file_set_size (netfs_node_netnode (np)->file, size); ++} ++ ++error_t ++netfs_attempt_statfs (struct iouser *cred, struct node *np, struct statfs *st) ++{ ++ return file_statfs (netfs_node_netnode (np)->file, st); ++} ++ ++error_t __attribute__ ((weak)) ++netfs_attempt_sync (struct iouser *cred, struct node *np, int wait) ++{ ++ return file_sync (netfs_node_netnode (np)->file, wait, 0); ++} ++ ++error_t ++netfs_attempt_syncfs (struct iouser *cred, int wait) ++{ ++ return 0; ++} ++ ++error_t ++netfs_attempt_mkdir (struct iouser *user, struct node *dir, ++ char *name, mode_t mode) ++{ ++ return dir_mkdir (netfs_node_netnode (dir)->file, name, mode | S_IRWXU); ++} ++ ++ ++/* XXX ++ Removing a node should mark the netnode so that it is GC'd when ++ it has no hard refs. ++ */ ++ ++error_t ++netfs_attempt_unlink (struct iouser *user, struct node *dir, char *name) ++{ ++ return dir_unlink (netfs_node_netnode (dir)->file, name); ++} ++ ++error_t ++netfs_attempt_rename (struct iouser *user, struct node *fromdir, ++ char *fromname, struct node *todir, ++ char *toname, int excl) ++{ ++ return dir_rename (netfs_node_netnode (fromdir)->file, fromname, ++ netfs_node_netnode (todir)->file, toname, excl); ++} ++ ++error_t ++netfs_attempt_rmdir (struct iouser *user, ++ struct node *dir, char *name) ++{ ++ return dir_rmdir (netfs_node_netnode (dir)->file, name); ++} ++ ++error_t __attribute__ ((weak)) ++netfs_attempt_link (struct iouser *user, struct node *dir, ++ struct node *file, char *name, int excl) ++{ ++ return dir_link (netfs_node_netnode (dir)->file, netfs_node_netnode (file)->file, name, excl); ++} ++ ++error_t ++netfs_attempt_readlink (struct iouser *user, struct node *np, char *buf) ++{ ++ char transbuf[sizeof _HURD_SYMLINK + np->nn_stat.st_size + 1]; ++ char *trans = transbuf; ++ size_t translen = sizeof transbuf; ++ error_t err = file_get_translator (netfs_node_netnode (np)->file, ++ &trans, &translen); ++ if (err == 0) ++ { ++ if (translen < sizeof _HURD_SYMLINK ++ || memcmp (trans, _HURD_SYMLINK, sizeof _HURD_SYMLINK) != 0) ++ err = EINVAL; ++ else ++ { ++ assert (translen <= sizeof _HURD_SYMLINK + np->nn_stat.st_size + 1); ++ memcpy (buf, &trans[sizeof _HURD_SYMLINK], ++ translen - sizeof _HURD_SYMLINK); ++ } ++ if (trans != transbuf) ++ munmap (trans, translen); ++ } ++ return err; ++} ++ ++error_t __attribute__ ((weak)) ++netfs_attempt_read (struct iouser *cred, struct node *np, ++ off_t offset, size_t *len, void *data) ++{ ++ char *buf = data; ++ error_t err = io_read (netfs_node_netnode (np)->file, ++ &buf, len, offset, *len); ++ if (err == 0 && buf != data) ++ { ++ memcpy (data, buf, *len); ++ munmap (buf, *len); ++ } ++ return err; ++} ++ ++error_t __attribute__ ((weak)) ++netfs_attempt_write (struct iouser *cred, struct node *np, ++ off_t offset, size_t *len, void *data) ++{ ++ return io_write (netfs_node_netnode (np)->file, data, *len, offset, len); ++} ++ ++error_t ++netfs_report_access (struct iouser *cred, struct node *np, int *types) ++{ ++ return file_check_access (netfs_node_netnode (np)->file, types); ++} ++ ++error_t ++netfs_file_get_storage_info (struct iouser *cred, ++ struct node *np, ++ mach_port_t **ports, ++ mach_msg_type_name_t *ports_type, ++ mach_msg_type_number_t *num_ports, ++ int **ints, ++ mach_msg_type_number_t *num_ints, ++ off_t **offsets, ++ mach_msg_type_number_t *num_offsets, ++ char **data, ++ mach_msg_type_number_t *data_len) ++{ ++ *ports_type = MACH_MSG_TYPE_MOVE_SEND; ++ return file_get_storage_info (netfs_node_netnode (np)->file, ++ ports, num_ports, ++ ints, num_ints, ++ offsets, num_offsets, ++ data, data_len); ++} ++ ++kern_return_t ++netfs_S_file_exec (struct protid *user, ++ task_t task, ++ int flags, ++ char *argv, ++ size_t argvlen, ++ char *envp, ++ size_t envplen, ++ mach_port_t *fds, ++ size_t fdslen, ++ mach_port_t *portarray, ++ size_t portarraylen, ++ int *intarray, ++ size_t intarraylen, ++ mach_port_t *deallocnames, ++ size_t deallocnameslen, ++ mach_port_t *destroynames, ++ size_t destroynameslen) ++{ ++ error_t err; ++ file_t file; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ file = netfs_node_netnode (user->po->np)->file; ++ err = mach_port_mod_refs (mach_task_self (), ++ file, MACH_PORT_RIGHT_SEND, 1); ++ pthread_mutex_unlock (&user->po->np->lock); ++ ++ if (!err) ++ { ++ /* We cannot use MACH_MSG_TYPE_MOVE_SEND because we might need to ++ retry an interrupted call that would have consumed the rights. */ ++ err = file_exec (netfs_node_netnode (user->po->np)->file, ++ task, flags, argv, argvlen, ++ envp, envplen, fds, MACH_MSG_TYPE_COPY_SEND, fdslen, ++ portarray, MACH_MSG_TYPE_COPY_SEND, portarraylen, ++ intarray, intarraylen, deallocnames, deallocnameslen, ++ destroynames, destroynameslen); ++ mach_port_deallocate (mach_task_self (), file); ++ } ++ ++ if (err == 0) ++ { ++ size_t i; ++ mach_port_deallocate (mach_task_self (), task); ++ for (i = 0; i < fdslen; ++i) ++ mach_port_deallocate (mach_task_self (), fds[i]); ++ for (i = 0; i < portarraylen; ++i) ++ mach_port_deallocate (mach_task_self (), portarray[i]); ++ } ++ return err; ++} ++ ++error_t ++netfs_S_io_map (struct protid *user, ++ mach_port_t *rdobj, mach_msg_type_name_t *rdobjtype, ++ mach_port_t *wrobj, mach_msg_type_name_t *wrobjtype) ++{ ++ error_t err; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ *rdobjtype = *wrobjtype = MACH_MSG_TYPE_MOVE_SEND; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ err = io_map (netfs_node_netnode (user->po->np)->file, rdobj, wrobj); ++ pthread_mutex_unlock (&user->po->np->lock); ++ return err; ++} ++ ++error_t ++netfs_S_io_map_cntl (struct protid *user, ++ mach_port_t *obj, ++ mach_msg_type_name_t *objtype) ++{ ++ error_t err; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ *objtype = MACH_MSG_TYPE_MOVE_SEND; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ err = io_map_cntl (netfs_node_netnode (user->po->np)->file, obj); ++ pthread_mutex_unlock (&user->po->np->lock); ++ return err; ++} ++ ++error_t ++netfs_S_io_identity (struct protid *user, ++ mach_port_t *id, ++ mach_msg_type_name_t *idtype, ++ mach_port_t *fsys, ++ mach_msg_type_name_t *fsystype, ++ ino_t *fileno) ++{ ++ error_t err; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ ++ *idtype = *fsystype = MACH_MSG_TYPE_MOVE_SEND; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ err = io_identity (netfs_node_netnode (user->po->np)->file, ++ id, fsys, fileno); ++ pthread_mutex_unlock (&user->po->np->lock); ++ return err; ++} ++ ++#define NETFS_S_SIMPLE(name) \ ++error_t \ ++netfs_S_##name (struct protid *user) \ ++{ \ ++ error_t err; \ ++ \ ++ if (!user) \ ++ return EOPNOTSUPP; \ ++ \ ++ pthread_mutex_lock (&user->po->np->lock); \ ++ err = name (netfs_node_netnode (user->po->np)->file); \ ++ pthread_mutex_unlock (&user->po->np->lock); \ ++ return err; \ ++} ++ ++NETFS_S_SIMPLE (io_get_conch) ++NETFS_S_SIMPLE (io_release_conch) ++NETFS_S_SIMPLE (io_eofnotify) ++NETFS_S_SIMPLE (io_readnotify) ++NETFS_S_SIMPLE (io_readsleep) ++NETFS_S_SIMPLE (io_sigio) ++ ++error_t ++netfs_S_io_prenotify (struct protid *user, ++ vm_offset_t start, vm_offset_t stop) ++{ ++ error_t err; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ err = io_prenotify (netfs_node_netnode (user->po->np)->file, start, stop); ++ pthread_mutex_unlock (&user->po->np->lock); ++ return err; ++} ++ ++error_t ++netfs_S_io_postnotify (struct protid *user, ++ vm_offset_t start, vm_offset_t stop) ++{ ++ error_t err; ++ ++ if (!user) ++ return EOPNOTSUPP; ++ ++ pthread_mutex_lock (&user->po->np->lock); ++ err = io_postnotify (netfs_node_netnode (user->po->np)->file, start, stop); ++ pthread_mutex_unlock (&user->po->np->lock); ++ return err; ++} ++ ++/* This overrides the library's definition. */ ++int ++netfs_demuxer (mach_msg_header_t *inp, ++ mach_msg_header_t *outp) ++{ ++ mig_routine_t routine; ++ if ((routine = netfs_io_server_routine (inp)) || ++ (routine = netfs_fs_server_routine (inp)) || ++ (routine = ports_notify_server_routine (inp)) || ++ (routine = netfs_fsys_server_routine (inp)) || ++ /* XXX we should intercept interrupt_operation and do ++ the ports_S_interrupt_operation work as well as ++ sending an interrupt_operation to the underlying file. ++ */ ++ (routine = ports_interrupt_server_routine (inp))) ++ { ++ (*routine) (inp, outp); ++ return TRUE; ++ } ++ else ++ { ++ /* We didn't recognize the message ID, so pass the message through ++ unchanged to the underlying file. */ ++ struct protid *cred; ++ if (MACH_MSGH_BITS_LOCAL (inp->msgh_bits) == ++ MACH_MSG_TYPE_PROTECTED_PAYLOAD) ++ cred = ports_lookup_payload (netfs_port_bucket, ++ inp->msgh_protected_payload, ++ netfs_protid_class); ++ else ++ cred = ports_lookup_port (netfs_port_bucket, ++ inp->msgh_local_port, ++ netfs_protid_class); ++ if (cred == 0) ++ /* This must be an unknown message on our fsys control port. */ ++ return 0; ++ else ++ { ++ error_t err; ++ assert (MACH_MSGH_BITS_LOCAL (inp->msgh_bits) ++ == MACH_MSG_TYPE_MOVE_SEND ++ || MACH_MSGH_BITS_LOCAL (inp->msgh_bits) ++ == MACH_MSG_TYPE_PROTECTED_PAYLOAD); ++ inp->msgh_bits = (inp->msgh_bits & MACH_MSGH_BITS_COMPLEX) ++ | MACH_MSGH_BITS (MACH_MSG_TYPE_COPY_SEND, ++ MACH_MSGH_BITS_REMOTE (inp->msgh_bits)); ++ inp->msgh_local_port = inp->msgh_remote_port; /* reply port */ ++ inp->msgh_remote_port = netfs_node_netnode (cred->po->np)->file; ++ err = mach_msg (inp, MACH_SEND_MSG, inp->msgh_size, 0, ++ MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, ++ MACH_PORT_NULL); ++ assert_perror (err); /* XXX should synthesize reply */ ++ ports_port_deref (cred); ++ /* We already sent the message, so the server loop shouldn't do it again. */ ++ ((mig_reply_header_t *) outp)->RetCode = MIG_NO_REPLY; ++ return 1; ++ } ++ } ++} +diff --git a/trans/chroot.h b/trans/chroot.h +new file mode 100644 +index 0000000..adabad0 +--- /dev/null ++++ b/trans/chroot.h +@@ -0,0 +1,37 @@ ++#ifndef __HURD_CHROOT_H__ ++#define __HURD_CHROOT_H__ ++ ++struct netnode ++{ ++ hurd_ihash_locp_t idport_locp;/* easy removal pointer in idport ihash */ ++ mach_port_t idport; /* port from io_identity */ ++ file_t file; /* port on real file */ ++}; ++ ++struct chroot_node; ++ ++error_t chroot_init (void); ++ ++/* Make a new virtual node. Always consumes the ports. If ++ successful, NP will be locked. */ ++error_t chroot_new_node (file_t file, mach_port_t idport, int locked, ++ size_t size, struct node **np); ++ ++/* Users must implement this. */ ++void chroot_node_norefs (struct node *np); ++ ++/* Return the address of the chroot_node for NODE. NODE must have been ++ allocated using chroot_new_node. */ ++static inline struct chroot_node * ++chroot_node (struct node *node) ++{ ++ return (struct chroot_node *) ((char *) netfs_node_netnode (node) ++ + sizeof (struct netnode)); ++} ++ ++// XXX ++pthread_mutex_t idport_ihash_lock; ++struct hurd_ihash idport_ihash; ++ ++ ++#endif /* __HURD_CHROOT_H__ */ +diff --git a/trans/gpg.c b/trans/gpg.c +new file mode 100644 +index 0000000..51f0043 +--- /dev/null ++++ b/trans/gpg.c +@@ -0,0 +1,734 @@ ++/* gpg -- a translator for encrypting, decrypting, and verifying files ++ Copyright (C) 2016 Free Software Foundation, Inc. ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License as ++ published by the Free Software Foundation; either version 2, or (at ++ your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ ++ ++#include <argz.h> ++#include <argp.h> ++#include <dirent.h> ++#include <error.h> ++#include <hurd/netfs.h> ++#include <stddef.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <fcntl.h> ++#include <sys/mman.h> ++#include <sys/stat.h> ++#include <pthread.h> ++#include <hurd/ihash.h> ++#include <hurd/paths.h> ++#include <sys/types.h> ++#include <sys/wait.h> ++#include <unistd.h> ++ ++#include <version.h> ++ ++#include "chroot.h" ++ ++#include "libnetfs/fs_S.h" ++#include "libnetfs/io_S.h" ++#include "libnetfs/fsys_S.h" ++#include "libports/notify_S.h" ++#include "libports/interrupt_S.h" ++ ++const char *argp_program_version = STANDARD_HURD_VERSION (gpg); ++ ++char *netfs_server_name = "gpg"; ++char *netfs_server_version = HURD_VERSION; ++int netfs_maxsymlinks = 16; /* arbitrary */ ++ ++struct chroot_node ++{ ++ unsigned int encrypt:1; ++ file_t shadow_file; ++}; ++ ++#define GPG_DEFAULT_FILENAME "/usr/bin/gpg2" ++static char* gpg_filename = GPG_DEFAULT_FILENAME; ++static file_t gpg_file; ++ ++int symmetric; ++char *recipients; ++size_t recipients_len; ++ ++static error_t ++execute_gpg (mach_port_t in, mach_port_t out, mach_port_t extra, ++ char *argz, int argz_len, ++ pid_t *pid) ++{ ++ error_t err; ++ task_t task; ++ process_t proc; ++ mach_port_t ports[INIT_PORT_MAX]; ++ mach_port_t fds[STDERR_FILENO + 2]; ++ int ints[INIT_INT_MAX]; ++ int i; ++ ++ for (i = 0; i < INIT_PORT_MAX; i++) ++ ports[i] = MACH_PORT_NULL; ++ for (i = 0; i < STDERR_FILENO + 2; i++) ++ fds[i] = MACH_PORT_NULL; ++ memset (ints, 0, INIT_INT_MAX * sizeof(int)); ++ ++ ports[INIT_PORT_CWDIR] = getcwdir (); ++ ports[INIT_PORT_CRDIR] = getcrdir (); ++ ports[INIT_PORT_AUTH] = getauth (); ++ fds[STDIN_FILENO] = in; ++ fds[STDOUT_FILENO] = out; ++ fds[STDERR_FILENO] = getdport (STDERR_FILENO); ++ fds[STDERR_FILENO+1] = extra; ++ ++ err = task_create (mach_task_self (), 0, &task); ++ if (err) ++ goto lose; ++ ++ proc = getproc (); ++ proc_child (proc, task); ++ ++ /* Try and exec GnuPG in TASK... */ ++ err = file_exec (gpg_file, task, EXEC_DEFAULTS, ++ argz, argz_len, 0, 0, ++ fds, MACH_MSG_TYPE_COPY_SEND, STDERR_FILENO + 2, ++ ports, MACH_MSG_TYPE_COPY_SEND, INIT_PORT_MAX, ++ ints, INIT_INT_MAX, 0, 0, 0, 0); ++ if (err) ++ goto lose; ++ ++ err = proc_task2pid (proc, task, pid); ++ ++ lose: ++ for (i = 0; i < INIT_PORT_MAX; i++) ++ mach_port_deallocate (mach_task_self (), ports[i]); ++ mach_port_deallocate (mach_task_self (), fds[STDERR_FILENO]); ++ return err; ++} ++ ++error_t ++clone_file (file_t file, file_t *new_file) ++{ ++ error_t err; ++ off_t newp; ++ retry_type do_retry; ++ string_t retry_name; ++ err = dir_lookup (file, "", O_RDONLY, 0, &do_retry, retry_name, new_file); ++ if (err) ++ return err; ++ return io_seek (*new_file, 0, SEEK_SET, &newp); ++} ++ ++static int ++gpg_verify (file_t sigfile, file_t orig_file) ++{ ++ error_t err; ++ file_t file; ++ pid_t pid; ++ char *argz = NULL; ++ size_t argz_len = 0; ++ err = clone_file (orig_file, &file); ++ if (err) ++ return 0; ++ ++ argz_add (&argz, &argz_len, "gpg2"); ++ argz_add (&argz, &argz_len, "--verify"); ++ argz_add (&argz, &argz_len, "/dev/fd/3"); ++ argz_add (&argz, &argz_len, "-"); ++ err = execute_gpg (file, getdport (STDERR_FILENO), sigfile, argz, argz_len, &pid); ++ mach_port_deallocate (mach_task_self (), file); ++ if (err) ++ { ++ error (0, err, "execute_gpg"); ++ return 0; ++ } ++ ++ int status; ++ while (waitpid (pid, &status, 0) == (pid_t)-1 && errno == EINTR) ++ { } ++ ++ return WIFEXITED (status) && WEXITSTATUS (status) == 0; ++} ++ ++static int ++gpg_decrypt (file_t cipherfile, file_t plainfile) ++{ ++ error_t err; ++ pid_t pid; ++ char *argz = NULL; ++ size_t argz_len = 0; ++ ++ argz_add (&argz, &argz_len, "gpg2"); ++ argz_add (&argz, &argz_len, "--output"); ++ argz_add (&argz, &argz_len, "-"); ++ err = execute_gpg (cipherfile, plainfile, MACH_PORT_NULL, ++ argz, argz_len, &pid); ++ if (err) ++ { ++ error (0, err, "execute_gpg"); ++ return 0; ++ } ++ ++ int status; ++ while (waitpid (pid, &status, 0) == (pid_t)-1 && errno == EINTR) ++ { } ++ ++ return WIFEXITED (status) && WEXITSTATUS (status) == 0; ++} ++ ++static int ++gpg_encrypt (file_t plainfile, file_t cipherfile) ++{ ++ error_t err; ++ pid_t pid; ++ char *argz = NULL; ++ size_t argz_len = 0; ++ ++ argz_add (&argz, &argz_len, "gpg2"); ++ argz_add (&argz, &argz_len, "--always-trust"); // XXX ++ argz_add (&argz, &argz_len, "--output"); ++ argz_add (&argz, &argz_len, "-"); ++ if (recipients) ++ { ++ char *recipient; ++ argz_add (&argz, &argz_len, "--encrypt"); ++ for (recipient = recipients; ++ recipient; ++ recipient = argz_next (recipients, recipients_len, recipient)) ++ { ++ argz_add (&argz, &argz_len, "--recipient"); ++ argz_add (&argz, &argz_len, recipient); ++ } ++ } ++ if (symmetric) ++ argz_add (&argz, &argz_len, "--symmetric"); ++ ++ err = execute_gpg (plainfile, cipherfile, MACH_PORT_NULL, ++ argz, argz_len, &pid); ++ if (err) ++ { ++ error (0, err, "execute_gpg"); ++ return 0; ++ } ++ ++ int status; ++ while (waitpid (pid, &status, 0) == (pid_t)-1 && errno == EINTR) ++ { } ++ ++ return WIFEXITED (status) && WEXITSTATUS (status) == 0; ++} ++ ++static error_t ++make_tmp_file (file_t *file) ++{ ++ char name[] = "/tmp/gpgtmp-XXXXXX"; ++ int fd; ++ ++ fd = mkstemp (name); ++ if (fd == -1) ++ return errno; ++ if (unlink (name) == -1) ++ return errno; ++ *file = getdport (fd); ++ close (fd); ++ return 0; ++} ++ ++error_t ++netfs_S_dir_lookup (struct protid *diruser, ++ char *filename, ++ int flags, ++ mode_t mode, ++ retry_type *do_retry, ++ char *retry_name, ++ mach_port_t *retry_port, ++ mach_msg_type_name_t *retry_port_type) ++{ ++ struct node *dnp, *np; ++ error_t err; ++ struct protid *newpi; ++ struct iouser *user; ++ mach_port_t file; ++ mach_port_t idport, fsidport; ++ ino_t fileno; ++ ++ if (!diruser) ++ return EOPNOTSUPP; ++ ++ //error (0, 0, "netfs_S_dir_lookup (%p, %s, 0x%x, ...", diruser, filename, flags); ++ dnp = diruser->po->np; ++ ++ mach_port_t dir = netfs_node_netnode (dnp)->file; ++ err = dir_lookup (dir, filename, ++ flags & (O_NOLINK|O_RDWR|O_EXEC|O_CREAT|O_EXCL|O_NONBLOCK), ++ mode, do_retry, retry_name, &file); ++ if (err == ENOENT) ++ { ++ file_t gpgfile; ++ char *gpgname; ++ asprintf (&gpgname, "%s.gpg", filename); ++ gpgfile = file_name_lookup_under (dir, gpgname, O_RDONLY, 0); ++ if (MACH_PORT_VALID (gpgfile)) ++ { ++ /* XXX */ ++ char tmpname[] = "/tmp/gpgtmp-XXXXXX"; ++ file_t tmpfile; ++ int ok, tmpfd; ++ ++ err = 0; ++ tmpfd = mkstemp (tmpname); ++ if (tmpfd == -1) ++ return errno; ++ unlink (tmpname); ++ tmpfile = getdport (tmpfd); ++ ok = gpg_decrypt (gpgfile, tmpfile); ++ mach_port_deallocate (mach_task_self (), gpgfile); ++ mach_port_deallocate (mach_task_self (), tmpfile); ++ if (! ok) ++ { ++ close (tmpfd); ++ return EIO; ++ } ++ ++ *do_retry = FS_RETRY_NORMAL; ++ retry_name[0] = 0; ++ *retry_port = getdport (tmpfd); ++ lseek (tmpfd, 0, SEEK_SET); ++ close (tmpfd); ++ *retry_port_type = MACH_MSG_TYPE_MOVE_SEND; ++ return 0; ++ } ++ free (gpgname); ++ } ++ ++ if (err) ++ { ++ /* xxx deref stuff */ ++ return err; ++ } ++ ++ switch (*do_retry) ++ { ++ case FS_RETRY_NORMAL: ++ break; ++ ++ case FS_RETRY_REAUTH: ++ error (0, 0, "FS_RETRY_REAUTH"); ++ /* Fallthrough. */ ++ ++ case FS_RETRY_MAGICAL: ++ *retry_port = file; ++ *retry_port_type = MACH_MSG_TYPE_MOVE_SEND; ++ return 0; ++ ++ default: ++ /* Invalid response to our dir_lookup request. */ ++ if (MACH_PORT_VALID (file)) ++ mach_port_deallocate (mach_task_self (), file); ++ *retry_port = MACH_PORT_NULL; ++ *retry_port_type = MACH_MSG_TYPE_COPY_SEND; ++ return EOPNOTSUPP; ++ } ++ ++ /* We have a new port to an underlying node. ++ Find or make our corresponding virtual node. */ ++ ++ np = 0; ++ err = io_identity (file, &idport, &fsidport, &fileno); ++ if (err) ++ { ++ mach_port_deallocate (mach_task_self (), file); ++ return err; ++ } ++ ++ mach_port_deallocate (mach_task_self (), fsidport); ++ ++ redo_hash_lookup: ++ pthread_mutex_lock (&idport_ihash_lock); ++ pthread_mutex_lock (&dnp->lock); ++ /* The hashtable may not hold a true reference on the node. Acquire the ++ refcount lock so that, if a node is found, its reference counter cannot ++ drop to 0 before we get our own reference. */ ++ pthread_spin_lock (&netfs_node_refcnt_lock); ++ np = hurd_ihash_find (&idport_ihash, idport); ++ if (np != NULL) ++ { ++ /* We already know about this node. */ ++ ++ if (np->references == 0) ++ { ++ /* But it might be in the process of being released. If so, ++ unlock the hash table to give the node a chance to actually ++ be removed and retry. */ ++ pthread_spin_unlock (&netfs_node_refcnt_lock); ++ pthread_mutex_unlock (&dnp->lock); ++ pthread_mutex_unlock (&idport_ihash_lock); ++ goto redo_hash_lookup; ++ } ++ ++ /* Otherwise, reference it right away. */ ++ np->references++; ++ pthread_spin_unlock (&netfs_node_refcnt_lock); ++ ++ mach_port_deallocate (mach_task_self (), idport); ++ ++ if (np == dnp) ++ { ++ /* dnp is already locked. */ ++ } ++ else ++ { ++ pthread_mutex_lock (&np->lock); ++ pthread_mutex_unlock (&dnp->lock); ++ } ++ ++ pthread_mutex_unlock (&idport_ihash_lock); ++ } ++ else ++ { ++ pthread_spin_unlock (&netfs_node_refcnt_lock); ++ err = chroot_new_node (file, idport, 1, sizeof (struct chroot_node), &np); ++ pthread_mutex_unlock (&dnp->lock); ++ if (!err) ++ { ++ chroot_node (np)->encrypt = chroot_node (dnp)->encrypt; ++ chroot_node (np)->shadow_file = MACH_PORT_NULL; ++ err = netfs_validate_stat (np, diruser->user); ++ } ++ } ++ if (err) ++ goto lose; ++ ++ { ++ if (chroot_node (np)->encrypt && flags & O_WRITE ++ && strncmp (filename, "dev/", 4) != 0) ++ { ++ char *ciphname; ++ asprintf (&ciphname, "%s.gpg", filename); ++ if (ciphname == NULL) ++ { ++ err = errno; ++ goto lose; ++ } ++ ++ /* Fixup name. */ ++ err = dir_link (dir, file, ciphname, 0); ++ free (ciphname); ++ if (err) ++ return err; ++ ++ err = dir_unlink (dir, filename); ++ if (err) ++ return err; ++ ++ err = make_tmp_file (&chroot_node (np)->shadow_file); ++ if (err) ++ return err; ++ } ++ ++ if (retry_name[0] == 0) ++ { ++ file_t sig; ++ char *signame; ++ asprintf (&signame, "%s.sig", filename); ++ sig = file_name_lookup_under (dir, signame, O_RDONLY, 0); ++ if (MACH_PORT_VALID (sig)) ++ { ++ if (! gpg_verify (sig, file)) ++ err = EIO; ++ free (signame); ++ signame = NULL; ++ mach_port_deallocate (mach_task_self (), sig); ++ if (err) ++ goto lose; ++ } ++ free (signame); ++ } ++ } ++ ++ assert (*do_retry == FS_RETRY_NORMAL); ++ flags &= ~(O_CREAT|O_EXCL|O_NOLINK|O_NOTRANS|O_NONBLOCK); ++ ++ err = iohelp_dup_iouser (&user, diruser->user); ++ if (!err) ++ { ++ newpi = netfs_make_protid (netfs_make_peropen (np, flags, diruser->po), ++ user); ++ if (! newpi) ++ { ++ iohelp_free_iouser (user); ++ err = errno; ++ } ++ else ++ { ++ *retry_port = ports_get_right (newpi); ++ *retry_port_type = MACH_MSG_TYPE_MAKE_SEND; ++ ports_port_deref (newpi); ++ } ++ } ++ ++ lose: ++ if (dir != netfs_node_netnode (dnp)->file) ++ mach_port_deallocate (mach_task_self (), dir); ++ if (np != NULL) ++ netfs_nput (np); ++ return err; ++} ++ ++error_t ++netfs_attempt_mkfile (struct iouser *user, struct node *dir, ++ mode_t mode, struct node **np) ++{ ++ file_t newfile; ++ error_t err = dir_mkfile (netfs_node_netnode (dir)->file, O_RDWR|O_EXEC, ++ mode, &newfile); ++ pthread_mutex_unlock (&dir->lock); ++ if (err) ++ return err; ++ ++ err = chroot_new_node (newfile, MACH_PORT_NULL, ++ 0, sizeof (struct chroot_node), np); ++ if (err) ++ return err; ++ ++ if (chroot_node (dir)->encrypt) ++ { ++ err = make_tmp_file (&chroot_node (*np)->shadow_file); ++ if (err) ++ return err; ++ } ++ else ++ chroot_node (*np)->shadow_file = MACH_PORT_NULL; ++ ++ pthread_mutex_unlock (&(*np)->lock); ++ return err; ++} ++ ++error_t ++netfs_attempt_read (struct iouser *cred, struct node *np, ++ off_t offset, size_t *len, void *data) ++{ ++ struct chroot_node *n = chroot_node (np); ++ char *buf = data; ++ error_t err = io_read (n->shadow_file ?: netfs_node_netnode (np)->file, ++ &buf, len, offset, *len); ++ if (err == 0 && buf != data) ++ { ++ memcpy (data, buf, *len); ++ munmap (buf, *len); ++ } ++ return err; ++} ++ ++error_t ++netfs_attempt_write (struct iouser *cred, struct node *np, ++ off_t offset, size_t *len, void *data) ++{ ++ struct chroot_node *n = chroot_node (np); ++ return io_write (n->shadow_file ?: netfs_node_netnode (np)->file, ++ data, *len, offset, len); ++} ++ ++error_t ++netfs_attempt_sync (struct iouser *cred, struct node *np, int wait) ++{ ++ error_t err; ++ file_t gpg_file = netfs_node_netnode (np)->file; ++ struct chroot_node *n = chroot_node (np); ++ ++ err = file_sync (n->shadow_file ?: gpg_file, wait, 0); ++ if (err) ++ return err; ++ ++ if (wait && MACH_PORT_VALID (n->shadow_file)) ++ { ++ file_t shadow_file; ++ off_t newp; ++ ++ err = clone_file (n->shadow_file, &shadow_file); ++ if (err) ++ return err; ++ ++ err = io_seek (gpg_file, 0, SEEK_SET, &newp); ++ if (err) ++ return err; ++ ++ err = gpg_encrypt (shadow_file, gpg_file); ++ if (err) ++ return err; ++ ++ mach_port_deallocate (mach_task_self (), shadow_file); ++ err = file_sync (gpg_file, wait, 0); ++ } ++ ++ return err; ++} ++ ++ ++error_t ++netfs_attempt_link (struct iouser *user, struct node *dir, ++ struct node *file, char *name, int excl) ++{ ++ /* XXX translate name if file is encrypted. */ ++ return dir_link (netfs_node_netnode (dir)->file, ++ netfs_node_netnode (file)->file, name, excl); ++} ++ ++void ++chroot_node_norefs (struct node *np) ++{ ++ error_t err; ++ file_t gpg_file = netfs_node_netnode (np)->file; ++ struct chroot_node *n = chroot_node (np); ++ if (n->encrypt) ++ { ++ off_t newp; ++ ++ err = io_seek (n->shadow_file, 0, SEEK_SET, &newp); ++ if (err) ++ return; ++ ++ err = io_seek (gpg_file, 0, SEEK_SET, &newp); ++ if (err) ++ return; ++ ++ err = gpg_encrypt (n->shadow_file, gpg_file); ++ if (err) ++ return; ++ ++ mach_port_deallocate (mach_task_self (), n->shadow_file); ++ } ++} ++ ++ ++error_t ++netfs_get_dirents (struct iouser *cred, struct node *dir, ++ int entry, int nentries, char **data, ++ mach_msg_type_number_t *datacnt, ++ vm_size_t bufsize, int *amt) ++{ ++ error_t err; ++ char *ptr; ++ struct dirent *dent; ++ err = dir_readdir (netfs_node_netnode (dir)->file, data, datacnt, ++ entry, nentries, bufsize, amt); ++ if (err) ++ return err; ++ ++ for (ptr = *data, dent = (struct dirent *) ptr; ++ ptr - *data < *datacnt; ++ ptr += dent->d_reclen, dent = (struct dirent *) ptr) ++ { ++ size_t len = strlen (dent->d_name); ++ if (len > 4 && strcmp (&dent->d_name[len - 4], ".gpg") == 0) ++ memset (&dent->d_name[len - 4], 0, 4); ++ } ++ ++ return 0; ++} ++ ++#define OPT_GPG_PROGRAM -1 ++ ++static struct argp_option options[] = ++{ ++ {NULL, 0, NULL, 0, "How to encrypt:", 1}, ++ {"recipient", 'r', "NAME", 0, "Encrypt for user NAME. " ++ "Can be given multiple times.", 1}, ++ {"symmetric", 'c', NULL, 0, "Encrypt with a password.", 1}, ++ {NULL, 0, NULL, 0, "Advanced options:", 2}, ++ {"gpg-program", OPT_GPG_PROGRAM, "FILENAME", 0, ++ "Path to the GNU Privacy Guard executable ["GPG_DEFAULT_FILENAME"].", 2}, ++ {0} ++}; ++ ++static char *args_doc = ""; ++static char *doc = "XXX." ++"\vXXX."; ++ ++static error_t ++parse_opt (int key, char *arg, struct argp_state *state) ++{ ++ error_t err; ++ switch (key) ++ { ++ case 'r': ++ err = argz_add (&recipients, &recipients_len, arg); ++ if (err) ++ error (1, err, "argz_add"); ++ break; ++ ++ case 'c': ++ symmetric = 1; ++ break; ++ ++ case OPT_GPG_PROGRAM: ++ gpg_filename = arg; ++ break; ++ ++ default: ++ return ARGP_ERR_UNKNOWN; ++ } ++ return 0; ++} ++ ++int ++main (int argc, char **argv) ++{ ++ error_t err; ++ mach_port_t bootstrap; ++ ++ struct argp argp = ++ { ++ .options = options, ++ .parser = parse_opt, ++ .args_doc = args_doc, ++ .doc = doc, ++ }; ++ ++ /* Parse our command line arguments (all none of them). */ ++ argp_parse (&argp, argc, argv, 0, 0, 0); ++ ++ task_get_bootstrap_port (mach_task_self (), &bootstrap); ++ if (! MACH_PORT_VALID (bootstrap)) ++ error (1, 0, "Must be started as a translator"); ++ ++ gpg_file = file_name_lookup (gpg_filename, O_EXEC, 0); ++ if (! MACH_PORT_VALID (gpg_file)) ++ error (1, errno, "%s", gpg_filename); ++ ++ netfs_init (); ++ chroot_init (); ++ ++ /* Get our underlying node (we presume it's a directory) and use ++ that to make the root node of the filesystem. */ ++ err = chroot_new_node (netfs_startup (bootstrap, O_READ), MACH_PORT_NULL, ++ 0, sizeof (struct chroot_node), &netfs_root_node); ++ if (err) ++ error (5, err, "Cannot create root node"); ++ ++ err = netfs_validate_stat (netfs_root_node, 0); ++ if (err) ++ error (6, err, "Cannot stat underlying node"); ++ ++ netfs_root_node->nn_stat.st_mode &= ~(S_IPTRANS | S_IATRANS); ++ netfs_root_node->nn_stat.st_mode |= S_IROOT; ++ pthread_mutex_unlock (&netfs_root_node->lock); ++ ++ chroot_node (netfs_root_node)->encrypt = 1; // XXX ++ chroot_node (netfs_root_node)->shadow_file = MACH_PORT_NULL; ++ ++ netfs_server_loop (); /* Never returns. */ ++ ++ /*NOTREACHED*/ ++ return 0; ++} +diff --git a/utils/Makefile b/utils/Makefile +index 603b722..8685093 100644 +--- a/utils/Makefile ++++ b/utils/Makefile +@@ -22,16 +22,16 @@ targets = shd ps settrans showtrans syncfs fsysopts \ + storeinfo login w uptime ids loginpr sush vmstat portinfo \ + devprobe vminfo addauth rmauth unsu setauth ftpcp ftpdir storecat \ + storeread msgport rpctrace mount gcore fakeauth fakeroot remap \ +- umount nullauth rpcscan ++ umount nullauth rpcscan gpg-env + +-special-targets = loginpr sush uptime fakeroot remap ++special-targets = loginpr sush uptime fakeroot remap gpg-env + SRCS = shd.c ps.c settrans.c syncfs.c showtrans.c addauth.c rmauth.c \ + fsysopts.c storeinfo.c login.c loginpr.sh sush.sh w.c \ + uptime.sh psout.c ids.c vmstat.c portinfo.c devprobe.c vminfo.c \ + parse.c frobauth.c frobauth-mod.c setauth.c pids.c nonsugid.c \ + unsu.c ftpcp.c ftpdir.c storeread.c storecat.c msgport.c \ + rpctrace.c mount.c gcore.c fakeauth.c fakeroot.sh remap.sh \ +- nullauth.c match-options.c msgids.c rpcscan.c ++ nullauth.c match-options.c msgids.c rpcscan.c gpg-env.sh + + OBJS = $(filter-out %.sh,$(SRCS:.c=.o)) + HURDLIBS = ps ihash store fshelp ports ftpconn shouldbeinlibc +diff --git a/utils/gpg-env.sh b/utils/gpg-env.sh +new file mode 100755 +index 0000000..567dea7 +--- /dev/null ++++ b/utils/gpg-env.sh +@@ -0,0 +1,120 @@ ++#!/bin/sh ++# Execute a command in an environment which encrypts, decrypts, and ++# verifies files on demand. ++# ++# Copyright (C) 2002, 2013, 2016 Free Software Foundation, Inc. ++# ++# This file is part of the GNU Hurd. ++# ++# The GNU Hurd is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2, or (at ++# your option) any later version. ++# ++# The GNU Hurd is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++ ++USAGE="Usage: ++ [$0] encrypt for RECIPIENT [RECIPIENT...] -- [OPTION...] [COMMAND...] ++ [$0] encrypt with password [OPTION...] [COMMAND...] ++ [$0] decrypt [OPTION...] [COMMAND...] ++ [$0] decrypt with password [OPTION...] [COMMAND...] ++ [$0] verify [OPTION...] [COMMAND...]" ++DOC="Execute COMMAND in an environment where files are automatically ++encrypted, decrypted and verified." ++ ++help() ++{ ++ [ "$1" ] && echo "$1 ++" ++ echo "$USAGE" ++ echo "$DOC" ++ echo "" ++ echo " -?, --help Give this help list" ++ echo " --usage Give a short usage message" ++ echo " -V, --version Print program version" ++ [ "$1" ] && exit 1 || exit 0 ++} ++ ++if [ "$(basename $0)" = "gpg-env.sh" ] \ ++ || [ "$(basename $0)" = "gpg-env" ]; then ++ ACTION="$1" ++ if [ ! "$ACTION" ]; then ++ help "No action given." ++ fi ++ shift ++else ++ ACTION="$(basename $0)" ++fi ++ ++case "$ACTION" in ++ "encrypt") ;; ++ "decrypt") ;; ++ "verify") ;; ++ *) ++ help "Invalid action '$ACTION'." ++esac ++ ++ENCRYPT="" ++if [ "$ACTION" = "encrypt" ]; then ++ if [ "$1" = "with" ] && [ "$2" = "password" ]; then ++ ENCRYPT="--symmetric" ++ shift 2 ++ elif [ "$1" = "for" ]; then ++ shift ++ while [ "$#" -gt 0 ] && [ "x$1" != "x--" ]; do ++ ENCRYPT="$ENCRYPT --recipient $1" ++ shift ++ done ++ if [ "$ENCRYPT" = "" ]; then ++ echo "No recipients given." ++ exit 1 ++ fi ++ if [ "x$1" = "x--" ]; then ++ shift ++ elif [ "$#" -eq 0 ]; then ++ # it's ok if there are no more arguments ++ else ++ echo "Recipient list must be terminated using '--'." ++ exit 1 ++ fi ++ fi ++fi ++ ++while [ "$#" -gt 0 ]; do ++ case "$1" in ++ --help|"-?") ++ help ++ ;; ++ --usage) ++ echo "$USAGE" ++ echo "Options: [-V?] [--help] [--usage] [--version]" ++ exit 0;; ++ --version|-V) ++ echo "STANDARD_HURD_VERSION_gpg-env_"; exit 0;; ++ --) ++ shift ++ break ++ ;; ++ *) ++ break ++ esac ++done ++ ++if [ $# -eq 0 ]; then ++ set -- ${SHELL:-/bin/sh} ++fi ++ ++# We exec settrans, which execs the target command in the chroot ++# context provided by /hurd/remap. ++exec /bin/settrans \ ++ --chroot-chdir "$PWD" \ ++ --chroot "$@" -- \ ++ / /hurd/gpg $ENCRYPT +-- +2.1.4 + diff --git a/debian/patches/series b/debian/patches/series index 711b6eb9..6d270789 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -38,3 +38,5 @@ translators-list0003-libfshelp-improve-translator-list.patch translators-list0004-add-iteration.patch nodeihash0001-xxx-fix-node-iteration.patch fix-devnode0001-devnode-fix-falling-back-to-the-kernel-driver.patch +gpg0001-utils-settrans-improve-chroot-functionality.patch +gpg0002-trans-add-transparent-GnuPG-translator.patch |