Merge pull request trusteddomainproject#159 from minfrin/optional-domain

futatuki · futatuki · commit 9720bb593eea · 2024-09-15T02:12:00.000+09:00
Domain/Selector/KeyFile no longer mandatory in verifying mode Limit checks for Domain/Selector/KeyFile to signing mode only. Fixes issue trusteddomainproject#142 trusteddomainproject#159
diff --git a/openarc/openarc-config.h b/openarc/openarc-config.h
@@ -29,20 +29,20 @@ struct configdef arcf_config[] =
 	{ "BaseDirectory",		CONFIG_TYPE_STRING,	FALSE },
 	{ "Canonicalization",		CONFIG_TYPE_STRING,	FALSE },
 	{ "ChangeRootDirectory",	CONFIG_TYPE_STRING,	FALSE },
-	{ "Domain",			CONFIG_TYPE_STRING,	TRUE },
+	{ "Domain",			CONFIG_TYPE_STRING,	FALSE },
 	{ "EnableCoredumps",		CONFIG_TYPE_BOOLEAN,	FALSE },
 	{ "FinalReceiver",		CONFIG_TYPE_BOOLEAN,	FALSE },
 	{ "FixedTimestamp",		CONFIG_TYPE_STRING,	FALSE },
 	{ "Include",			CONFIG_TYPE_INCLUDE,	FALSE },
 	{ "InternalHosts",		CONFIG_TYPE_STRING,	FALSE },
 	{ "KeepTemporaryFiles",		CONFIG_TYPE_BOOLEAN,	FALSE },
-	{ "KeyFile",			CONFIG_TYPE_STRING,	TRUE },
+	{ "KeyFile",			CONFIG_TYPE_STRING,	FALSE },
 	{ "MaximumHeaders",		CONFIG_TYPE_INTEGER,	FALSE },
 	{ "MilterDebug",		CONFIG_TYPE_INTEGER,	FALSE },
 	{ "Mode",			CONFIG_TYPE_STRING,	FALSE },
 	{ "PeerList",			CONFIG_TYPE_STRING,	FALSE },
 	{ "PidFile",			CONFIG_TYPE_STRING,	FALSE },
-	{ "Selector",			CONFIG_TYPE_STRING,	TRUE },
+	{ "Selector",			CONFIG_TYPE_STRING,	FALSE },
 	{ "SignatureAlgorithm",		CONFIG_TYPE_STRING,	FALSE },
 	{ "SignHeaders",		CONFIG_TYPE_STRING,	FALSE },
 	{ "OverSignHeaders",		CONFIG_TYPE_STRING,	FALSE },
diff --git a/openarc/openarc.c b/openarc/openarc.c
@@ -1469,17 +1469,32 @@ arcf_config_load(struct config *data, struct arcf_config *conf,
 			conf->conf_signalg = ARC_SIGN_RSASHA256;
 		}
 
-		(void) config_get(data, "Domain",
-		                  &conf->conf_domain,
-		                  sizeof conf->conf_domain);
+		if ((conf->conf_mode & ARC_MODE_SIGN))
+		{
+			if (config_get(data, "Domain",
+			                  &conf->conf_domain,
+			                  sizeof conf->conf_domain) < 1)
+			{
+				strlcpy(err, "parameter \"Domain\" required when signing", errlen);
+				return -1;
+			}
 
-		(void) config_get(data, "Selector",
-		                  &conf->conf_selector,
-		                  sizeof conf->conf_selector);
+			if (config_get(data, "Selector",
+			                  &conf->conf_selector,
+			                  sizeof conf->conf_selector) < 1)
+			{
+				strlcpy(err, "parameter \"Selector\" required when signing", errlen);
+				return -1;
+			}
 
-		(void) config_get(data, "KeyFile",
-		                  &conf->conf_keyfile,
-		                  sizeof conf->conf_keyfile);
+			if (config_get(data, "KeyFile",
+			                  &conf->conf_keyfile,
+			                  sizeof conf->conf_keyfile) < 1)
+			{
+				strlcpy(err, "parameter \"KeyFile\" required when signing", errlen);
+				return -1;
+			}
+		}
 
 		(void) config_get(data, "EnableCoredumps",
 		                  &conf->conf_enablecores,
@@ -4443,13 +4458,6 @@ main(int argc, char **argv)
 		return EX_CONFIG;
 	}
 
-	if (curconf->conf_selector == NULL || curconf->conf_domain == FALSE)
-	{
-		fprintf(stderr, "%s: selector and domain must be specified\n",
-		        progname);
-		return EX_CONFIG;
-	}
-
 	/* suppress a bunch of things if we're in test mode */
 	if (testmode)
 	{
