Patch by Robert Scheck <robert@fedoraproject.org> for geoipupdate <= 2.5.0 which backports
the support for hashed license keys. It is based on the following upstream commits:
1. https://github.com/maxmind/geoipupdate/commit/b7862460b6769f5c40b72de835b868882c3f3883
2. https://github.com/maxmind/geoipupdate/commit/4b41ea887e836ddb1a36c0c3a071ac49e8d71a25
3. https://github.com/maxmind/geoipupdate/commit/01fcfc1170dcedc35c758e111b8905cf6513d8b9
4. https://github.com/maxmind/geoipupdate/commit/6794f2eed0063a50749bf400e135f4f47ca2f465
5. https://github.com/maxmind/geoipupdate/commit/0670ee3e1237a72bae785877b354dbfe135de6be
6. https://github.com/maxmind/geoipupdate/commit/cddabc6f645ea3abbb8117ef0d03069df560fc36
7. https://github.com/maxmind/geoipupdate/commit/35a640087a4eca4e37306b717fa8513e26487b47
8. https://github.com/maxmind/geoipupdate/commit/642978928019f87181dd7c108b0363841c0135a9
9. https://github.com/maxmind/geoipupdate/commit/824ef039bbc8a2ed5a90d1da5a51d4a1639fdb09
--- geoipupdate-2.5.0/bin/geoipupdate.c 2017-10-30 15:38:24.000000000 +0100
+++ geoipupdate-2.5.0/bin/geoipupdate.c.licensekey 2023-04-13 21:23:51.340750299 +0200
@@ -22,6 +22,7 @@
enum gu_status {
GU_OK = 0,
GU_ERROR = 1,
+ GU_NO_UPDATE = 2,
};
typedef struct {
@@ -41,17 +42,14 @@
static int md5hex(const char *, char *);
static void common_req(CURL *, geoipupdate_s *);
static size_t get_expected_file_md5(char *, size_t, size_t, void *);
-static void
+static int
download_to_file(geoipupdate_s *, const char *, const char *, char *);
static long get_server_time(geoipupdate_s *);
static size_t mem_cb(void *, size_t, size_t, void *);
static in_mem_s *in_mem_s_new(void);
static void in_mem_s_delete(in_mem_s *);
-static in_mem_s *get(geoipupdate_s *, const char *);
-static void md5hex_license_ipaddr(geoipupdate_s *, const char *, char *);
static int update_database_general_all(geoipupdate_s *);
static int update_database_general(geoipupdate_s *, const char *);
-static int update_country_database(geoipupdate_s *);
static int gunzip_and_replace(geoipupdate_s const *const,
char const *const,
char const *const,
@@ -196,14 +194,12 @@
return GU_ERROR;
}
- err = (gu->license.account_id == NO_ACCOUNT_ID)
- ? update_country_database(gu)
- : update_database_general_all(gu);
+ err = update_database_general_all(gu);
}
geoipupdate_s_delete(gu);
}
curl_global_cleanup();
- return err ? GU_ERROR : GU_OK;
+ return err & GU_ERROR ? GU_ERROR : GU_OK;
}
static ssize_t my_getline(char **linep, size_t *linecapp, FILE *stream) {
@@ -242,8 +238,9 @@
say_if(up->verbose, "AccountID %d\n", up->license.account_id);
continue;
}
- if (sscanf(strt, "LicenseKey %12s", &up->license.license_key[0]) == 1) {
- say_if(up->verbose, "LicenseKey %s\n", up->license.license_key);
+ if (sscanf(strt, "LicenseKey %99s", &up->license.license_key[0]) == 1) {
+ say_if(
+ up->verbose, "LicenseKey %.4s...\n", up->license.license_key);
continue;
}
@@ -534,15 +531,11 @@
// Make an HTTP request and download the response body to a file.
//
// If the HTTP status is not 2xx, we have a error message in the body rather
-// than a file. Write it to stderr and exit.
-//
-// TODO(wstorey@maxmind.com): Return boolean/int whether we succeeded rather
-// than exiting. Beyond being cleaner and easier to test, it will allow us to
-// clean up after ourselves better.
-static void download_to_file(geoipupdate_s *gu,
- const char *url,
- const char *fname,
- char *expected_file_md5) {
+// than a file. Write it to stderr and return an error.
+static int download_to_file(geoipupdate_s *gu,
+ const char *url,
+ const char *fname,
+ char *expected_file_md5) {
FILE *f = fopen(fname, "wb");
if (f == NULL) {
fprintf(stderr, "Can't open %s: %s\n", fname, strerror(errno));
@@ -553,6 +546,20 @@
CURL *curl = gu->curl;
expected_file_md5[0] = '\0';
+
+ char account_id[10] = {0};
+ int n = snprintf(account_id, 10, "%d", gu->license.account_id);
+ exit_if(n < 0,
+ "Error creating account ID string for %d: %s\n",
+ gu->license.account_id,
+ strerror(errno));
+ exit_if(n < 0 || n >= 10,
+ "An unexpectedly large account ID was encountered: %d\n",
+ gu->license.account_id);
+
+ curl_easy_setopt(curl, CURLOPT_USERNAME, account_id);
+ curl_easy_setopt(curl, CURLOPT_PASSWORD, gu->license.license_key);
+
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, get_expected_file_md5);
curl_easy_setopt(curl, CURLOPT_HEADERDATA, expected_file_md5);
@@ -577,7 +584,19 @@
exit(1);
}
- if (status < 200 || status >= 300) {
+ if (status == 304) {
+ say_if(gu->verbose, "No new updates available\n");
+ unlink(fname);
+ return GU_NO_UPDATE;
+ }
+
+ if (status == 401) {
+ fprintf(stderr, "Your account ID or license key is invalid\n");
+ unlink(fname);
+ return GU_ERROR;
+ }
+
+ if (status != 200) {
fprintf(stderr,
"Received an unexpected HTTP status code of %ld from %s:\n",
status,
@@ -589,7 +608,7 @@
free(message);
}
unlink(fname);
- exit(1);
+ return GU_ERROR;
}
// We have HTTP 2xx.
@@ -600,8 +619,9 @@
fprintf(stderr,
"Did not receive a valid expected database MD5 from server\n");
unlink(fname);
- exit(1);
+ return GU_ERROR;
}
+ return GU_OK;
}
// Retrieve the server file time for the previous HTTP request.
@@ -645,7 +665,17 @@
}
}
-static in_mem_s *get(geoipupdate_s *gu, const char *url) {
+static int update_database_general(geoipupdate_s *gu, const char *edition_id) {
+ char *url = NULL, *geoip_filename = NULL, *geoip_gz_filename = NULL;
+ char hex_digest[33] = {0};
+
+ // Get the filename.
+ xasprintf(&url,
+ "%s://%s/app/update_getfilename?product_id=%s",
+ gu->proto,
+ gu->host,
+ edition_id);
+
in_mem_s *mem = in_mem_s_new();
say_if(gu->verbose, "url: %s\n", url);
@@ -663,47 +693,16 @@
long status = 0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &status);
- exit_if(status < 200 || status >= 300,
- "Received an unexpected HTTP status code of %ld from %s",
- status,
- url);
-
- return mem;
-}
-
-// Generate an MD5 hash of the concatenation of license key with IP address.
-//
-// This hash is suitable for the challenge parameter for downloading from the
-// /update_secure endpoint.
-static void md5hex_license_ipaddr(geoipupdate_s *gu,
- const char *client_ipaddr,
- char *new_digest_str) {
- unsigned char digest[16];
- MD5_CONTEXT context;
- md5_init(&context);
- md5_write(&context,
- (unsigned char *)gu->license.license_key,
- strlen(gu->license.license_key));
- md5_write(&context, (unsigned char *)client_ipaddr, strlen(client_ipaddr));
- md5_final(&context);
- memcpy(digest, context.buf, 16);
- for (int i = 0; i < 16; i++) {
- snprintf(&new_digest_str[2 * i], 3, "%02x", digest[i]);
+ if (status != 200) {
+ fprintf(stderr,
+ "Received an unexpected HTTP status code of %ld from %s\n",
+ status,
+ url);
+ free(url);
+ in_mem_s_delete(mem);
+ return GU_ERROR;
}
-}
-
-static int update_database_general(geoipupdate_s *gu, const char *edition_id) {
- char *url = NULL, *geoip_filename = NULL, *geoip_gz_filename = NULL,
- *client_ipaddr = NULL;
- char hex_digest[33] = {0}, hex_digest2[33] = {0};
- // Get the filename.
- xasprintf(&url,
- "%s://%s/app/update_getfilename?product_id=%s",
- gu->proto,
- gu->host,
- edition_id);
- in_mem_s *mem = get(gu, url);
free(url);
if (mem->size == 0) {
fprintf(stderr, "edition_id %s not found\n", edition_id);
@@ -718,63 +717,27 @@
md5hex(geoip_filename, hex_digest);
say_if(gu->verbose, "md5hex_digest: %s\n", hex_digest);
- // Look up our IP.
- xasprintf(&url, "%s://%s/app/update_getipaddr", gu->proto, gu->host);
- mem = get(gu, url);
- free(url);
-
- client_ipaddr = strdup(mem->ptr);
- if (NULL == client_ipaddr) {
- fprintf(stderr, "Unable to allocate memory for client IP address.\n");
- free(geoip_filename);
- in_mem_s_delete(mem);
- return GU_ERROR;
- }
-
- in_mem_s_delete(mem);
-
- say_if(gu->verbose, "Client IP address: %s\n", client_ipaddr);
-
- // Make the challenge MD5 hash.
- md5hex_license_ipaddr(gu, client_ipaddr, hex_digest2);
-
- free(client_ipaddr);
- say_if(gu->verbose, "md5hex_digest2 (challenge): %s\n", hex_digest2);
-
// Download.
xasprintf(&url,
- "%s://%s/app/"
- "update_secure?db_md5=%s&challenge_md5=%s&user_id=%d&edition_id=%"
- "s",
+ "%s://%s/geoip/databases/%s/update?db_md5=%s",
gu->proto,
gu->host,
- hex_digest,
- hex_digest2,
- gu->license.account_id,
- edition_id);
+ edition_id,
+ hex_digest);
xasprintf(&geoip_gz_filename, "%s.gz", geoip_filename);
char expected_file_md5[33] = {0};
- download_to_file(gu, url, geoip_gz_filename, expected_file_md5);
+ int rc = download_to_file(gu, url, geoip_gz_filename, expected_file_md5);
free(url);
- // Was there actually an update? We can tell because if not we will have
- // the same MD5 reported back. Note in the past we would check the response
- // body which does still say whether we have an update.
- if (strcmp(hex_digest, expected_file_md5) == 0) {
- say_if(gu->verbose, "No new updates available\n");
- unlink(geoip_gz_filename);
- free(geoip_filename);
- free(geoip_gz_filename);
- return GU_OK;
- }
-
- long filetime = -1;
- if (gu->preserve_file_times) {
- filetime = get_server_time(gu);
+ if (rc == GU_OK) {
+ long filetime = -1;
+ if (gu->preserve_file_times) {
+ filetime = get_server_time(gu);
+ }
+ rc = gunzip_and_replace(
+ gu, geoip_gz_filename, geoip_filename, expected_file_md5, filetime);
}
- int rc = gunzip_and_replace(
- gu, geoip_gz_filename, geoip_filename, expected_file_md5, filetime);
free(geoip_gz_filename);
free(geoip_filename);
@@ -790,53 +753,6 @@
return err;
}
-static int update_country_database(geoipupdate_s *gu) {
- char *geoip_filename = NULL, *geoip_gz_filename = NULL, *url = NULL;
- char hex_digest[33] = {0};
-
- xasprintf(&geoip_filename, "%s/GeoIP.dat", gu->database_dir);
- xasprintf(&geoip_gz_filename, "%s/GeoIP.dat.gz", gu->database_dir);
-
- // Calculate the MD5 hash of the database we currently have, if any. We get
- // back a zero MD5 hash if we don't have it yet.
- md5hex(geoip_filename, hex_digest);
- say_if(gu->verbose, "md5hex_digest: %s\n", hex_digest);
-
- xasprintf(&url,
- "%s://%s/app/update?license_key=%s&md5=%s",
- gu->proto,
- gu->host,
- &gu->license.license_key[0],
- hex_digest);
-
- char expected_file_md5[33] = {0};
- download_to_file(gu, url, geoip_gz_filename, expected_file_md5);
- free(url);
-
- // Was there actually an update? We can tell because if not we will have
- // the same MD5 reported back. Note in the past we would check the response
- // body which does still say whether we have an update.
- if (strcmp(hex_digest, expected_file_md5) == 0) {
- say_if(gu->verbose, "No new updates available\n");
- unlink(geoip_gz_filename);
- free(geoip_filename);
- free(geoip_gz_filename);
- return GU_OK;
- }
-
- long filetime = -1;
- if (gu->preserve_file_times) {
- filetime = get_server_time(gu);
- }
- int rc = gunzip_and_replace(
- gu, geoip_gz_filename, geoip_filename, expected_file_md5, filetime);
-
- free(geoip_gz_filename);
- free(geoip_filename);
-
- return rc;
-}
-
// Decompress the compressed database and move it into place in the database
// directory.
//
--- geoipupdate-2.5.0/bin/geoipupdate.h 2017-10-30 15:38:24.000000000 +0100
+++ geoipupdate-2.5.0/bin/geoipupdate.h.licensekey 2023-04-13 20:59:03.483969697 +0200
@@ -12,7 +12,11 @@
typedef struct {
int account_id;
- char license_key[13];
+ // For a long time, license keys were restricted to 12 characters. However,
+ // we want to change this for newer license keys. The array size is
+ // arbitrarily 100 as that seems big enough to hold any future license
+ // key.
+ char license_key[100];
edition_s *first;
} license_s;