Skip to content

Commit

Permalink
Domain/Selector/KeyFile no longer mandatory in verifying mode
Browse files Browse the repository at this point in the history
Limit checks for Domain/Selector/KeyFile to signing mode only.

trusteddomainproject/OpenARC#159
  • Loading branch information
minfrin authored and flowerysong committed Feb 4, 2024
1 parent 31afd2e commit c2344f0
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 19 deletions.
6 changes: 3 additions & 3 deletions openarc/openarc-config.h
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,20 @@ struct configdef arcf_config[] =
{ "BaseDirectory", CONFIG_TYPE_STRING, FALSE },
{ "Canonicalization", CONFIG_TYPE_STRING, FALSE },
{ "ChangeRootDirectory", CONFIG_TYPE_STRING, FALSE },
{ "Domain", CONFIG_TYPE_STRING, TRUE },
{ "Domain", CONFIG_TYPE_STRING, FALSE },
{ "EnableCoredumps", CONFIG_TYPE_BOOLEAN, FALSE },
{ "FinalReceiver", CONFIG_TYPE_BOOLEAN, FALSE },
{ "FixedTimestamp", CONFIG_TYPE_STRING, FALSE },
{ "Include", CONFIG_TYPE_INCLUDE, FALSE },
{ "InternalHosts", CONFIG_TYPE_STRING, FALSE },
{ "KeepTemporaryFiles", CONFIG_TYPE_BOOLEAN, FALSE },
{ "KeyFile", CONFIG_TYPE_STRING, TRUE },
{ "KeyFile", CONFIG_TYPE_STRING, FALSE },
{ "MaximumHeaders", CONFIG_TYPE_INTEGER, FALSE },
{ "MilterDebug", CONFIG_TYPE_INTEGER, FALSE },
{ "Mode", CONFIG_TYPE_STRING, FALSE },
{ "PeerList", CONFIG_TYPE_STRING, FALSE },
{ "PidFile", CONFIG_TYPE_STRING, FALSE },
{ "Selector", CONFIG_TYPE_STRING, TRUE },
{ "Selector", CONFIG_TYPE_STRING, FALSE },
{ "SignatureAlgorithm", CONFIG_TYPE_STRING, FALSE },
{ "SignHeaders", CONFIG_TYPE_STRING, FALSE },
{ "OverSignHeaders", CONFIG_TYPE_STRING, FALSE },
Expand Down
40 changes: 24 additions & 16 deletions openarc/openarc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1469,17 +1469,32 @@ arcf_config_load(struct config *data, struct arcf_config *conf,
conf->conf_signalg = ARC_SIGN_RSASHA256;
}

(void) config_get(data, "Domain",
&conf->conf_domain,
sizeof conf->conf_domain);
if ((conf->conf_mode & ARC_MODE_SIGN))
{
if (config_get(data, "Domain",
&conf->conf_domain,
sizeof conf->conf_domain) < 1)
{
strlcpy(err, "parameter \"Domain\" required when signing", errlen);
return -1;
}

(void) config_get(data, "Selector",
&conf->conf_selector,
sizeof conf->conf_selector);
if (config_get(data, "Selector",
&conf->conf_selector,
sizeof conf->conf_selector) < 1)
{
strlcpy(err, "parameter \"Selector\" required when signing", errlen);
return -1;
}

(void) config_get(data, "KeyFile",
&conf->conf_keyfile,
sizeof conf->conf_keyfile);
if (config_get(data, "KeyFile",
&conf->conf_keyfile,
sizeof conf->conf_keyfile) < 1)
{
strlcpy(err, "parameter \"KeyFile\" required when signing", errlen);
return -1;
}
}

(void) config_get(data, "EnableCoredumps",
&conf->conf_enablecores,
Expand Down Expand Up @@ -4445,13 +4460,6 @@ main(int argc, char **argv)
return EX_CONFIG;
}

if (curconf->conf_selector == NULL || curconf->conf_domain == FALSE)
{
fprintf(stderr, "%s: selector and domain must be specified\n",
progname);
return EX_CONFIG;
}

/* suppress a bunch of things if we're in test mode */
if (testmode)
{
Expand Down

0 comments on commit c2344f0

Please sign in to comment.