microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
CBL-Mariner/SPECS/tdnf/tdnf-ssl-support.patch

309 строки
9.1 KiB
Diff
Исходник Ответственный История

From 5a1b12078c682297f06d48cc3e843c5a9bff5a5c Mon Sep 17 00:00:00 2001
From: Emre Girgin <mrgirgin@microsoft.com>
Date: Wed, 30 Oct 2019 18:05:46 +0000
Subject: [PATCH 1/2] Merged PR 126: Add SSL options to TDNF
- Parse SSL related fields from .repo file.
- Pass these options to curl.
- Define a new error value for errors occurring in this phase.
---
client/defines.h | 5 +++
client/prototypes.h | 7 ++++
client/remoterepo.c | 3 ++
client/repolist.c | 28 +++++++++++++
client/repoutils.c | 98 +++++++++++++++++++++++++++++++++++++++++++++
client/structs.h | 4 ++
include/tdnferror.h | 1 +
7 files changed, 146 insertions(+)
diff --git a/client/defines.h b/client/defines.h
index 3953290..bee38d6 100644
--- a/client/defines.h
+++ b/client/defines.h
@@ -130,6 +130,10 @@ typedef enum
#define TDNF_REPO_KEY_USERNAME "username"
#define TDNF_REPO_KEY_PASSWORD "password"
#define TDNF_REPO_KEY_METADATA_EXPIRE "metadata_expire"
+#define TDNF_REPO_KEY_SSL_VERIFY "sslverify"
+#define TDNF_REPO_KEY_SSL_CA_CERT "sslcacert"
+#define TDNF_REPO_KEY_SSL_CLI_CERT "sslclientcert"
+#define TDNF_REPO_KEY_SSL_CLI_KEY "sslclientkey"
//file names
#define TDNF_REPO_METADATA_MARKER "lastrefresh"
@@ -197,6 +201,7 @@ typedef enum
{ERROR_TDNF_SOLV_CACHE_NOT_CREATED, "ERROR_TDNF_SOLV_CACHE_NOT_CREATED", "Solv - Solv cache not found"}, \
{ERROR_TDNF_ADD_SOLV, "ERROR_TDNF_ADD_SOLV", "Solv - Failed to add solv"}, \
{ERROR_TDNF_REPO_BASE, "ERROR_TDNF_REPO_BASE", "Repo error base"}, \
+ {ERROR_TDNF_SET_SSL_SETTINGS, "ERROR_TDNF_SET_SSL_SETTINGS", "There was an error while setting SSL settings for the repo."}, \
{ERROR_TDNF_REPO_PERFORM, "ERROR_TDNF_REPO_PERFORM", "Error during repo handle execution"}, \
{ERROR_TDNF_REPO_GETINFO, "ERROR_TDNF_REPO_GETINFO", "Repo during repo result getinfo"}, \
{ERROR_TDNF_TRANS_INCOMPLETE, "ERROR_TDNF_TRANS_INCOMPLETE", "Incomplete rpm transaction"}, \
diff --git a/client/prototypes.h b/client/prototypes.h
index 3161650..38d8125 100644
--- a/client/prototypes.h
+++ b/client/prototypes.h
@@ -151,6 +151,13 @@ TDNFRepoApplyProxySettings(
CURL *pCurl
);
+uint32_t
+TDNFRepoApplySSLSettings(
+ PTDNF pTdnf,
+ const char* pszRepo,
+ CURL *pCurl
+ );
+
//remoterepo.c
uint32_t
TDNFDownloadFile(
diff --git a/client/remoterepo.c b/client/remoterepo.c
index de0e04c..5605e70 100644
--- a/client/remoterepo.c
+++ b/client/remoterepo.c
@@ -157,6 +157,9 @@ TDNFDownloadFile(
dwError = TDNFRepoApplyProxySettings(pTdnf->pConf, pCurl);
BAIL_ON_TDNF_ERROR(dwError);
+ dwError = TDNFRepoApplySSLSettings(pTdnf, pszRepo, pCurl);
+ BAIL_ON_TDNF_ERROR(dwError);
+
dwError = curl_easy_setopt(pCurl, CURLOPT_URL, pszFileUrl);
BAIL_ON_TDNF_CURL_ERROR(dwError);
diff --git a/client/repolist.c b/client/repolist.c
index 51f14ad..f61219f 100644
--- a/client/repolist.c
+++ b/client/repolist.c
@@ -291,6 +291,34 @@ TDNFLoadReposFromFile(
&pRepo->pszPass);
BAIL_ON_TDNF_ERROR(dwError);
+ dwError = TDNFReadKeyValueBoolean(
+ pSections,
+ TDNF_REPO_KEY_SSL_VERIFY,
+ 1,
+ &pRepo->nSSLVerify);
+ BAIL_ON_TDNF_ERROR(dwError);
+
+ dwError = TDNFReadKeyValue(
+ pSections,
+ TDNF_REPO_KEY_SSL_CA_CERT,
+ NULL,
+ &pRepo->pszSSLCaCert);
+ BAIL_ON_TDNF_ERROR(dwError);
+
+ dwError = TDNFReadKeyValue(
+ pSections,
+ TDNF_REPO_KEY_SSL_CLI_CERT,
+ NULL,
+ &pRepo->pszSSLClientCert);
+ BAIL_ON_TDNF_ERROR(dwError);
+
+ dwError = TDNFReadKeyValue(
+ pSections,
+ TDNF_REPO_KEY_SSL_CLI_KEY,
+ NULL,
+ &pRepo->pszSSLClientKey);
+ BAIL_ON_TDNF_ERROR(dwError);
+
dwError = TDNFReadKeyValue(
pSections,
TDNF_REPO_KEY_METADATA_EXPIRE,
diff --git a/client/repoutils.c b/client/repoutils.c
index f3a4b11..66f89f6 100644
--- a/client/repoutils.c
+++ b/client/repoutils.c
@@ -468,3 +468,101 @@ cleanup:
error:
goto cleanup;
}
+
+uint32_t
+TDNFRepoApplySSLSettings(
+ PTDNF pTdnf,
+ const char* pszRepo,
+ CURL *pCurl
+ )
+{
+ uint32_t dwError = 0;
+ PTDNF_REPO_DATA_INTERNAL pRepos = NULL;
+
+ if(!pTdnf || IsNullOrEmptyString(pszRepo) || !pCurl)
+ {
+ dwError = ERROR_TDNF_INVALID_PARAMETER;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+ if(!pTdnf->pRepos)
+ {
+ dwError = ERROR_TDNF_NO_REPOS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+ pRepos = pTdnf->pRepos;
+
+ while(pRepos)
+ {
+ if(!strcmp(pszRepo, pRepos->pszId))
+ {
+ break;
+ }
+ pRepos = pRepos->pNext;
+ }
+
+ if(!pRepos)
+ {
+ dwError = ERROR_TDNF_REPO_NOT_FOUND;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+
+ if(curl_easy_setopt(
+ pCurl,
+ CURLOPT_SSL_VERIFYPEER,
+ ((pRepos->nSSLVerify) ? 1 : 0)) != CURLE_OK)
+ {
+ dwError = ERROR_TDNF_SET_SSL_SETTINGS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+
+ if(curl_easy_setopt(
+ pCurl,
+ CURLOPT_SSL_VERIFYHOST,
+ ((pRepos->nSSLVerify) ? 2 : 0)) != CURLE_OK)
+ {
+ dwError = ERROR_TDNF_SET_SSL_SETTINGS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+
+
+ if(!IsNullOrEmptyString(pRepos->pszSSLCaCert))
+ {
+ if(curl_easy_setopt(
+ pCurl,
+ CURLOPT_CAINFO,
+ pRepos->pszSSLCaCert) != CURLE_OK)
+ {
+ dwError = ERROR_TDNF_SET_SSL_SETTINGS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+ }
+
+ if(!IsNullOrEmptyString(pRepos->pszSSLClientCert))
+ {
+ if(curl_easy_setopt(
+ pCurl,
+ CURLOPT_SSLCERT,
+ pRepos->pszSSLClientCert) != CURLE_OK)
+ {
+ dwError = ERROR_TDNF_SET_SSL_SETTINGS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+ }
+
+ if(!IsNullOrEmptyString(pRepos->pszSSLClientKey))
+ {
+ if(curl_easy_setopt(
+ pCurl,
+ CURLOPT_SSLKEY,
+ pRepos->pszSSLClientKey) != CURLE_OK)
+ {
+ dwError = ERROR_TDNF_SET_SSL_SETTINGS;
+ BAIL_ON_TDNF_ERROR(dwError);
+ }
+ }
+
+cleanup:
+ return dwError;
+error:
+ goto cleanup;
+}
diff --git a/client/structs.h b/client/structs.h
index 1445afa..4f3fff5 100644
--- a/client/structs.h
+++ b/client/structs.h
@@ -35,6 +35,7 @@ typedef struct _TDNF_REPO_DATA_INTERNAL_
int nEnabled;
int nSkipIfUnavailable;
int nGPGCheck;
+ int nSSLVerify;
long lMetadataExpire;
char* pszId;
char* pszName;
@@ -43,6 +44,9 @@ typedef struct _TDNF_REPO_DATA_INTERNAL_
char* pszUrlGPGKey;
char* pszUser;
char* pszPass;
+ char* pszSSLCaCert;
+ char* pszSSLClientCert;
+ char* pszSSLClientKey;
struct _TDNF_REPO_DATA_INTERNAL_* pNext;
}TDNF_REPO_DATA_INTERNAL, *PTDNF_REPO_DATA_INTERNAL;
diff --git a/include/tdnferror.h b/include/tdnferror.h
index 6896ec7..9247d25 100644
--- a/include/tdnferror.h
+++ b/include/tdnferror.h
@@ -103,6 +103,7 @@ extern "C" {
#define ERROR_TDNF_ADD_SOLV (ERROR_TDNF_SOLV_BASE + 15)
//Repo errors 1400 to 1469
#define ERROR_TDNF_REPO_BASE 1400
+#define ERROR_TDNF_SET_SSL_SETTINGS 1401
//RPM Errors 1470 to 1599
#define ERROR_TDNF_RPM_BASE 1470
--
2.17.1
From a2a2d8c0286a4ce958a8aa4c25f2d64c876fe1a1 Mon Sep 17 00:00:00 2001
From: Emre Girgin <mrgirgin@microsoft.com>
Date: Wed, 6 May 2020 16:51:34 -0700
Subject: [PATCH 2/2] Match TDNF_REPO_DATA and TDNF_REPO_DATA_INTERNAL
---
client/structs.h | 4 ++--
include/tdnftypes.h | 4 ++++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/client/structs.h b/client/structs.h
index 4f3fff5..28c9022 100644
--- a/client/structs.h
+++ b/client/structs.h
@@ -42,11 +42,11 @@ typedef struct _TDNF_REPO_DATA_INTERNAL_
char* pszBaseUrl;
char* pszMetaLink;
char* pszUrlGPGKey;
- char* pszUser;
- char* pszPass;
char* pszSSLCaCert;
char* pszSSLClientCert;
char* pszSSLClientKey;
+ char* pszUser;
+ char* pszPass;
struct _TDNF_REPO_DATA_INTERNAL_* pNext;
}TDNF_REPO_DATA_INTERNAL, *PTDNF_REPO_DATA_INTERNAL;
diff --git a/include/tdnftypes.h b/include/tdnftypes.h
index 14b3908..df75732 100644
--- a/include/tdnftypes.h
+++ b/include/tdnftypes.h
@@ -265,12 +265,16 @@ typedef struct _TDNF_REPO_DATA
int nEnabled;
int nSkipIfUnavailable;
int nGPGCheck;
+ int nSSLVerify;
long lMetadataExpire;
char* pszId;
char* pszName;
char* pszBaseUrl;
char* pszMetaLink;
char* pszUrlGPGKey;
+ char* pszSSLCaCert;
+ char* pszSSLClientCert;
+ char* pszSSLClientKey;
struct _TDNF_REPO_DATA* pNext;
}TDNF_REPO_DATA, *PTDNF_REPO_DATA;
--
2.17.1
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку