2008-05-15 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / plaintext.c
blob027fe994c0fdd44b8080bfe65c1b142304aaf740
1 /* plaintext.c - process plaintext packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27 #include <sys/types.h>
28 #ifdef HAVE_DOSISH_SYSTEM
29 #include <fcntl.h> /* for setmode() */
30 #endif
32 #include "gpg.h"
33 #include "util.h"
34 #include "options.h"
35 #include "packet.h"
36 #include "ttyio.h"
37 #include "filter.h"
38 #include "main.h"
39 #include "status.h"
40 #include "i18n.h"
43 /****************
44 * Handle a plaintext packet. If MFX is not NULL, update the MDs
45 * Note: we should use the filter stuff here, but we have to add some
46 * easy mimic to set a read limit, so we calculate only the
47 * bytes from the plaintext.
49 int
50 handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
51 int nooutput, int clearsig )
53 char *fname = NULL;
54 FILE *fp = NULL;
55 static off_t count=0;
56 int rc = 0;
57 int c;
58 int convert = (pt->mode == 't' || pt->mode == 'u');
59 #ifdef __riscos__
60 int filetype = 0xfff;
61 #endif
63 /* Let people know what the plaintext info is. This allows the
64 receiving program to try and do something different based on
65 the format code (say, recode UTF-8 to local). */
66 if(!nooutput && is_status_enabled())
68 char status[50];
70 /* Better make sure that stdout has been flushed in case the
71 output will be written to it. This is to make sure that no
72 not-yet-flushed stuff will be written after the plaintext
73 status message. */
74 fflush (stdout);
76 sprintf(status,"%X %lu ",(byte)pt->mode,(ulong)pt->timestamp);
77 write_status_text_and_buffer(STATUS_PLAINTEXT,
78 status,pt->name,pt->namelen,0);
80 if(!pt->is_partial)
82 sprintf(status,"%lu",(ulong)pt->len);
83 write_status_text(STATUS_PLAINTEXT_LENGTH,status);
87 /* create the filename as C string */
88 if( nooutput )
90 else if( opt.outfile ) {
91 fname = xmalloc( strlen( opt.outfile ) + 1);
92 strcpy(fname, opt.outfile );
94 else if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) {
95 log_info(_("data not saved; use option \"--output\" to save it\n"));
96 nooutput = 1;
98 else if( !opt.flags.use_embedded_filename ) {
99 fname = make_outfile_name( iobuf_get_real_fname(pt->buf) );
100 if( !fname )
101 fname = ask_outfile_name( pt->name, pt->namelen );
102 if( !fname ) {
103 rc = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */
104 goto leave;
107 else
108 fname=utf8_to_native(pt->name,pt->namelen,0);
110 if( nooutput )
112 else if ( iobuf_is_pipe_filename (fname) || !*fname)
114 /* No filename or "-" given; write to stdout. */
115 fp = stdout;
116 #ifdef HAVE_DOSISH_SYSTEM
117 setmode ( fileno(fp) , O_BINARY );
118 #endif
120 else {
121 while( !overwrite_filep (fname) ) {
122 char *tmp = ask_outfile_name (NULL, 0);
123 if ( !tmp || !*tmp ) {
124 xfree (tmp);
125 rc = gpg_error (GPG_ERR_GENERAL); /* G10ERR_CREATE_FILE*/
126 goto leave;
128 xfree (fname);
129 fname = tmp;
133 #ifndef __riscos__
134 if( fp || nooutput )
136 else if (is_secured_filename (fname))
138 errno = EPERM;
139 rc = gpg_error_from_syserror ();
140 log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
141 goto leave;
143 else if( !(fp = fopen(fname,"wb")) ) {
144 rc = gpg_error_from_syserror ();
145 log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
146 goto leave;
148 #else /* __riscos__ */
149 /* If no output filename was given, i.e. we constructed it,
150 convert all '.' in fname to '/' but not vice versa as
151 we don't create directories! */
152 if( !opt.outfile )
153 for( c=0; fname[c]; ++c )
154 if( fname[c] == '.' )
155 fname[c] = '/';
157 if( fp || nooutput )
159 else {
160 fp = fopen(fname,"wb");
161 if( !fp ) {
162 log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
163 rc = G10ERR_CREATE_FILE;
164 if (errno == 106)
165 log_info("Do output file and input file have the same name?\n");
166 goto leave;
169 /* If there's a ,xxx extension in the embedded filename,
170 use that, else check whether the user input (in fname)
171 has a ,xxx appended, then use that in preference */
172 if( (c = riscos_get_filetype_from_string( pt->name,
173 pt->namelen )) != -1 )
174 filetype = c;
175 if( (c = riscos_get_filetype_from_string( fname,
176 strlen(fname) )) != -1 )
177 filetype = c;
178 riscos_set_filetype_by_number(fname, filetype);
180 #endif /* __riscos__ */
182 if( !pt->is_partial ) {
183 /* We have an actual length (which might be zero). */
185 if (clearsig) {
186 log_error ("clearsig encountered while not expected\n");
187 rc = G10ERR_UNEXPECTED;
188 goto leave;
191 if( convert ) { /* text mode */
192 for( ; pt->len; pt->len-- ) {
193 if( (c = iobuf_get(pt->buf)) == -1 ) {
194 rc = gpg_error_from_syserror ();
195 log_error ("problem reading source (%u bytes remaining)\n",
196 (unsigned)pt->len);
197 goto leave;
199 if( mfx->md )
200 gcry_md_putc (mfx->md, c );
201 #ifndef HAVE_DOSISH_SYSTEM
202 if( c == '\r' ) /* convert to native line ending */
203 continue; /* fixme: this hack might be too simple */
204 #endif
205 if( fp )
207 if(opt.max_output && (++count)>opt.max_output)
209 log_error ("error writing to `%s': %s\n",
210 fname,"exceeded --max-output limit\n");
211 rc = gpg_error (GPG_ERR_TOO_LARGE);
212 goto leave;
214 else if( putc( c, fp ) == EOF )
216 if (ferror (fp))
217 rc = gpg_error_from_syserror ();
218 else
219 rc = gpg_error (GPG_ERR_EOF);
220 log_error ("error writing to `%s': %s\n",
221 fname, strerror(errno) );
222 goto leave;
227 else { /* binary mode */
228 byte *buffer = xmalloc( 32768 );
229 while( pt->len ) {
230 int len = pt->len > 32768 ? 32768 : pt->len;
231 len = iobuf_read( pt->buf, buffer, len );
232 if( len == -1 ) {
233 rc = gpg_error_from_syserror ();
234 log_error ("problem reading source (%u bytes remaining)\n",
235 (unsigned)pt->len);
236 xfree( buffer );
237 goto leave;
239 if( mfx->md )
240 gcry_md_write ( mfx->md, buffer, len );
241 if( fp )
243 if(opt.max_output && (count+=len)>opt.max_output)
245 log_error ("error writing to `%s': %s\n",
246 fname,"exceeded --max-output limit\n");
247 rc = gpg_error (GPG_ERR_TOO_LARGE);
248 xfree( buffer );
249 goto leave;
251 else if( fwrite( buffer, 1, len, fp ) != len )
253 rc = gpg_error_from_syserror ();
254 log_error ("error writing to `%s': %s\n",
255 fname, strerror(errno) );
256 xfree( buffer );
257 goto leave;
260 pt->len -= len;
262 xfree( buffer );
265 else if( !clearsig ) {
266 if( convert ) { /* text mode */
267 while( (c = iobuf_get(pt->buf)) != -1 ) {
268 if( mfx->md )
269 gcry_md_putc (mfx->md, c );
270 #ifndef HAVE_DOSISH_SYSTEM
271 if( convert && c == '\r' )
272 continue; /* fixme: this hack might be too simple */
273 #endif
274 if( fp )
276 if(opt.max_output && (++count)>opt.max_output)
278 log_error("Error writing to `%s': %s\n",
279 fname,"exceeded --max-output limit\n");
280 rc = gpg_error (GPG_ERR_TOO_LARGE);
281 goto leave;
283 else if( putc( c, fp ) == EOF )
285 if ( ferror (fp ) )
286 rc = gpg_error_from_syserror ();
287 else
288 rc = gpg_error (GPG_ERR_EOF);
289 log_error("error writing to `%s': %s\n",
290 fname, strerror(errno) );
291 goto leave;
296 else { /* binary mode */
297 byte *buffer = xmalloc( 32768 );
298 int eof_seen = 0;
300 while ( !eof_seen ) {
301 /* Why do we check for len < 32768:
302 * If we won't, we would practically read 2 EOFs but
303 * the first one has already popped the block_filter
304 * off and therefore we don't catch the boundary.
305 * So, always assume EOF if iobuf_read returns less bytes
306 * then requested */
307 int len = iobuf_read( pt->buf, buffer, 32768 );
308 if( len == -1 )
309 break;
310 if( len < 32768 )
311 eof_seen = 1;
312 if( mfx->md )
313 gcry_md_write ( mfx->md, buffer, len );
314 if( fp )
316 if(opt.max_output && (count+=len)>opt.max_output)
318 log_error("error writing to `%s': %s\n",
319 fname,"exceeded --max-output limit\n");
320 rc = gpg_error (GPG_ERR_TOO_LARGE);
321 xfree( buffer );
322 goto leave;
324 else if( fwrite( buffer, 1, len, fp ) != len ) {
325 rc = (errno? gpg_error_from_syserror ()
326 : gpg_error (GPG_ERR_INTERNAL));
327 log_error ("error writing to `%s': %s\n",
328 fname, strerror(errno) );
329 xfree( buffer );
330 goto leave;
334 xfree( buffer );
336 pt->buf = NULL;
338 else { /* clear text signature - don't hash the last cr,lf */
339 int state = 0;
341 while( (c = iobuf_get(pt->buf)) != -1 ) {
342 if( fp )
344 if(opt.max_output && (++count)>opt.max_output)
346 log_error ("error writing to `%s': %s\n",
347 fname,"exceeded --max-output limit\n");
348 rc = gpg_error (GPG_ERR_TOO_LARGE);
349 goto leave;
351 else if( putc( c, fp ) == EOF )
353 rc = (errno? gpg_error_from_syserror ()
354 : gpg_error (GPG_ERR_INTERNAL));
355 log_error ("error writing to `%s': %s\n",
356 fname, strerror(errno) );
357 goto leave;
360 if( !mfx->md )
361 continue;
362 if( state == 2 ) {
363 gcry_md_putc (mfx->md, '\r' );
364 gcry_md_putc (mfx->md, '\n' );
365 state = 0;
367 if( !state ) {
368 if( c == '\r' )
369 state = 1;
370 else if( c == '\n' )
371 state = 2;
372 else
373 gcry_md_putc(mfx->md, c );
375 else if( state == 1 ) {
376 if( c == '\n' )
377 state = 2;
378 else {
379 gcry_md_putc(mfx->md, '\r' );
380 if( c == '\r' )
381 state = 1;
382 else {
383 state = 0;
384 gcry_md_putc(mfx->md, c );
389 pt->buf = NULL;
392 if( fp && fp != stdout && fclose(fp) ) {
393 rc = (errno? gpg_error_from_syserror ()
394 : gpg_error (GPG_ERR_INTERNAL));
395 log_error ("error closing `%s': %s\n", fname, strerror(errno) );
396 fp = NULL;
397 goto leave;
399 fp = NULL;
401 leave:
402 /* Make sure that stdout gets flushed after the plaintext has
403 been handled. This is for extra security as we do a
404 flush anyway before checking the signature. */
405 fflush (stdout);
407 if( fp && fp != stdout )
408 fclose (fp);
409 xfree(fname);
410 return rc;
413 static void
414 do_hash( gcry_md_hd_t md, gcry_md_hd_t md2, IOBUF fp, int textmode )
416 text_filter_context_t tfx;
417 int c;
419 if( textmode ) {
420 memset( &tfx, 0, sizeof tfx);
421 iobuf_push_filter( fp, text_filter, &tfx );
423 if( md2 ) { /* work around a strange behaviour in pgp2 */
424 /* It seems that at least PGP5 converts a single CR to a CR,LF too */
425 int lc = -1;
426 while( (c = iobuf_get(fp)) != -1 ) {
427 if( c == '\n' && lc == '\r' )
428 gcry_md_putc (md2, c);
429 else if( c == '\n' ) {
430 gcry_md_putc (md2, '\r');
431 gcry_md_putc (md2, c);
433 else if( c != '\n' && lc == '\r' ) {
434 gcry_md_putc (md2, '\n');
435 gcry_md_putc (md2, c);
437 else
438 gcry_md_putc (md2, c);
440 if( md )
441 gcry_md_putc (md, c );
442 lc = c;
445 else {
446 while( (c = iobuf_get(fp)) != -1 ) {
447 if( md )
448 gcry_md_putc (md, c );
454 /****************
455 * Ask for the detached datafile and calculate the digest from it.
456 * INFILE is the name of the input file.
459 ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2,
460 const char *inname, int textmode )
462 progress_filter_context_t *pfx;
463 char *answer = NULL;
464 IOBUF fp;
465 int rc = 0;
467 pfx = new_progress_context ();
468 fp = open_sigfile ( inname, pfx ); /* Open default file. */
470 if( !fp && !opt.batch ) {
471 int any=0;
472 tty_printf(_("Detached signature.\n"));
473 do {
474 char *name;
476 xfree(answer);
477 tty_enable_completion(NULL);
478 name = cpr_get("detached_signature.filename",
479 _("Please enter name of data file: "));
480 tty_disable_completion();
481 cpr_kill_prompt();
482 answer=make_filename(name,(void *)NULL);
483 xfree(name);
485 if( any && !*answer ) {
486 rc = gpg_error (GPG_ERR_GENERAL); /*G10ERR_READ_FILE*/
487 goto leave;
489 fp = iobuf_open(answer);
490 if (fp && is_secured_file (iobuf_get_fd (fp)))
492 iobuf_close (fp);
493 fp = NULL;
494 errno = EPERM;
496 if( !fp && errno == ENOENT ) {
497 tty_printf("No such file, try again or hit enter to quit.\n");
498 any++;
500 else if( !fp )
502 rc = gpg_error_from_syserror ();
503 log_error(_("can't open `%s': %s\n"), answer, strerror(errno));
504 goto leave;
506 } while( !fp );
509 if( !fp ) {
510 if( opt.verbose )
511 log_info(_("reading stdin ...\n"));
512 fp = iobuf_open( NULL );
513 assert(fp);
515 do_hash( md, md2, fp, textmode );
516 iobuf_close(fp);
518 leave:
519 xfree(answer);
520 release_progress_context (pfx);
521 return rc;
526 /****************
527 * Hash the given files and append the hash to hash context md.
528 * If FILES is NULL, hash stdin.
531 hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
532 const char *sigfilename, int textmode )
534 progress_filter_context_t *pfx;
535 IOBUF fp;
536 strlist_t sl;
538 pfx = new_progress_context ();
540 if( !files ) {
541 /* check whether we can open the signed material */
542 fp = open_sigfile( sigfilename, pfx );
543 if( fp ) {
544 do_hash( md, md2, fp, textmode );
545 iobuf_close(fp);
546 release_progress_context (pfx);
547 return 0;
549 log_error (_("no signed data\n"));
550 release_progress_context (pfx);
551 return gpg_error (GPG_ERR_NO_DATA);
555 for (sl=files; sl; sl = sl->next ) {
556 fp = iobuf_open( sl->d );
557 if (fp && is_secured_file (iobuf_get_fd (fp)))
559 iobuf_close (fp);
560 fp = NULL;
561 errno = EPERM;
563 if( !fp ) {
564 int rc = gpg_error_from_syserror ();
565 log_error(_("can't open signed data `%s'\n"),
566 print_fname_stdin(sl->d));
567 release_progress_context (pfx);
568 return rc;
570 handle_progress (pfx, fp, sl->d);
571 do_hash( md, md2, fp, textmode );
572 iobuf_close(fp);
575 release_progress_context (pfx);
576 return 0;
580 /* Hash the data from file descriptor DATA_FD and append the hash to hash
581 contexts MD and MD2. */
583 hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
584 int textmode )
586 progress_filter_context_t *pfx = new_progress_context ();
587 iobuf_t fp;
589 fp = iobuf_fdopen (data_fd, "rb");
590 if (fp && is_secured_file (data_fd))
592 iobuf_close (fp);
593 fp = NULL;
594 errno = EPERM;
596 if ( !fp )
598 int rc = gpg_error_from_syserror ();
599 log_error ( _("can't open signed data fd=%d: %s\n"),
600 data_fd, strerror (errno));
601 release_progress_context (pfx);
602 return rc;
605 handle_progress (pfx, fp, NULL);
607 do_hash ( md, md2, fp, textmode);
609 iobuf_close(fp);
611 release_progress_context (pfx);
612 return 0;
616 /* Set up a plaintext packet with the appropriate filename. If there
617 is a --set-filename, use it (it's already UTF8). If there is a
618 regular filename, UTF8-ize it if necessary. If there is no
619 filenames at all, set the field empty. */
621 PKT_plaintext *
622 setup_plaintext_name(const char *filename,IOBUF iobuf)
624 PKT_plaintext *pt;
626 if(filename || opt.set_filename)
628 char *s;
630 if(opt.set_filename)
631 s=make_basename(opt.set_filename,iobuf_get_real_fname(iobuf));
632 else if(filename && !opt.flags.utf8_filename)
634 char *tmp=native_to_utf8(filename);
635 s=make_basename(tmp,iobuf_get_real_fname(iobuf));
636 xfree(tmp);
638 else
639 s=make_basename(filename,iobuf_get_real_fname(iobuf));
641 pt = xmalloc (sizeof *pt + strlen(s) - 1);
642 pt->namelen = strlen (s);
643 memcpy (pt->name, s, pt->namelen);
644 xfree (s);
646 else
648 /* no filename */
649 pt = xmalloc (sizeof *pt - 1);
650 pt->namelen = 0;
653 return pt;