src/agent.c

   1 /*
   2     Copyright (C) 2016-2023 Ben Kibbey <bjk@luxsci.net>
   3
   4     This file is part of pwmd.
   5
   6     Pwmd is free software: you can redistribute it and/or modify
   7     it under the terms of the GNU General Public License version 2 as
   8     published by the Free Software Foundation.
   9
  10     Pwmd is distributed in the hope that it will be useful,
  11     but WITHOUT ANY WARRANTY; without even the implied warranty of
  12     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13     GNU General Public License for more details.
  14
  15     You should have received a copy of the GNU General Public License
  16     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  17 */
  18 #ifdef HAVE_CONFIG_H
  19 #include <config.h>
  20 #endif
  21
  22 #include <stdlib.h>
  23 #include <errno.h>
  24 #include <pwd.h>
  25 #include <sys/types.h>
  26 #include <signal.h>
  27 #include <sys/wait.h>
  28 #ifdef HAVE_FCNTL_H
  29 #include <fcntl.h>
  30 #endif
  31 #include <dirent.h>
  32
  33 #ifdef HAVE_LIMITS_H
  34 #include <limits.h>
  35 #endif
  36
  37 #include "pwmd-error.h"
  38 #include <gpgme.h>
  39 #include "util-misc.h"
  40 #include "mem.h"
  41 #include "common.h"
  42 #include "agent.h"
  43 #include "util-string.h"
  44 #include "mutex.h"
  45 #include "rcfile.h"
  46 #include "cache.h"
  47
  48 static gpg_error_t
  49 mem_realloc_cb (void *data, const void *buffer, size_t len)
  50 {
  51   membuf_t *mem = (membuf_t *) data;
  52   void *p;
  53
  54   if (!buffer)
  55     return 0;
  56
  57   if ((p = xrealloc (mem->buf, mem->len + len)) == NULL)
  58     return 1;
  59
  60   mem->buf = p;
  61   memcpy ((char *) mem->buf + mem->len, buffer, len);
  62   mem->len += len;
  63   return 0;
  64 }
  65
  66 static gpg_error_t
  67 assuan_command (struct agent_s *a, char **result,
  68                 size_t * len, const char *cmd)
  69 {
  70   gpg_error_t rc;
  71
  72   a->data.len = 0;
  73   a->data.buf = NULL;
  74   if (result)
  75     *result = NULL;
  76   if (len)
  77     *len = 0;
  78
  79   rc = assuan_transact (a->ctx, cmd, mem_realloc_cb, &a->data, NULL, NULL,
  80                         NULL, NULL);
  81   if (rc)
  82     xfree (a->data.buf);
  83   else
  84     {
  85       if (a->data.buf)
  86         {
  87           mem_realloc_cb (&a->data, "", 1);
  88           if (result)
  89             *result = (char *) a->data.buf;
  90           else
  91             xfree (a->data.buf);
  92
  93           if (len)
  94             *len = a->data.len;
  95         }
  96     }
  97
  98   return rc;
  99 }
 100
 101 static char *
 102 get_gpg_connect_agent_path (void)
 103 {
 104   gpgme_engine_info_t engine;
 105   char *s, *p;
 106
 107   gpgme_get_engine_info (&engine);
 108   while (engine)
 109     {
 110       if (engine->protocol == GPGME_PROTOCOL_GPGCONF)
 111         break;
 112
 113       engine = engine->next;
 114     }
 115
 116   if (!engine)
 117     return NULL;
 118
 119   s = str_dup (engine->file_name);
 120   if (!s)
 121     return NULL;
 122
 123   p = strrchr (s, '/');
 124   if (p)
 125     {
 126       *p = 0;
 127       p = str_asprintf ("%s/gpg-connect-agent", s);
 128       xfree (s);
 129       return p;
 130     }
 131
 132   xfree (s);
 133   return NULL;
 134 }
 135
 136 gpg_error_t
 137 agent_connect (struct agent_s *agent)
 138 {
 139   gpg_error_t rc;
 140   assuan_context_t ctx = NULL;
 141   static struct assuan_malloc_hooks mhooks = { xmalloc, xrealloc, xfree };
 142
 143   agent->did_restart = 0;
 144   if (agent->restart)
 145     {
 146       gpgme_ctx_t gctx;
 147
 148       rc = gpgme_new (&gctx);
 149       if (!rc)
 150         {
 151           char **args = NULL;
 152
 153           pthread_cleanup_push ((void *)gpgme_release, gctx);
 154           rc = gpgme_set_protocol (gctx, GPGME_PROTOCOL_SPAWN);
 155           if (!rc && strv_printf (&args, ""))
 156             {
 157               if (!rc && strv_printf (&args, "--homedir"))
 158                 {
 159                   char *gpghome = config_get_string ("global", "gpg_homedir");
 160
 161                   if (gpghome)
 162                     {
 163                       if (!strv_printf (&args, "%s", gpghome))
 164                         rc = GPG_ERR_ENOMEM;
 165                     }
 166                   else
 167                     {
 168                       if (!strv_printf (&args, "%s/.gnupg", homedir))
 169                         rc = GPG_ERR_ENOMEM;
 170                     }
 171
 172                   xfree (gpghome);
 173                 }
 174               else if (!rc)
 175                 rc = GPG_ERR_ENOMEM;
 176             }
 177           else if (!rc)
 178             rc = GPG_ERR_ENOMEM;
 179
 180           pthread_cleanup_push ((void *)strv_free, args);
 181           if (!rc)
 182             {
 183               gpgme_data_t idata = NULL;
 184               size_t len;
 185               char *s;
 186
 187               rc = gpgme_data_new (&idata);
 188               if (!rc)
 189                 {
 190                   char *gca = get_gpg_connect_agent_path ();
 191
 192                   pthread_cleanup_push (xfree, gca);
 193                   if (gca)
 194                     rc = gpgme_op_spawn (gctx, gca, (const char **)args, NULL,
 195                                          idata, NULL,
 196                                          GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG);
 197                   else
 198                     rc = GPG_ERR_ENOMEM;
 199
 200                   pthread_cleanup_pop (1);
 201                 }
 202
 203               if (!rc)
 204                 {
 205                   ssize_t ret = gpgme_data_write (idata, "/BYE\n", 5);
 206
 207                   if (ret != 5)
 208                     rc = gpg_error_from_syserror ();
 209                 }
 210
 211               if (idata)
 212                 {
 213                   s = gpgme_data_release_and_get_mem (idata, &len);
 214                   gpgme_free (s);
 215                 }
 216             }
 217
 218           pthread_cleanup_pop (1);
 219           pthread_cleanup_pop (1);
 220         }
 221
 222       if (rc)
 223         return rc;
 224     }
 225
 226   rc = assuan_new_ext (&ctx, GPG_ERR_SOURCE_DEFAULT, &mhooks, assuan_log_cb,
 227                        NULL);
 228   if (rc)
 229     return rc;
 230
 231   pthread_cleanup_push ((void *)assuan_release, ctx);
 232   rc = assuan_socket_connect (ctx, agent->socket, ASSUAN_INVALID_PID, 0);
 233   if (!rc)
 234     {
 235       if (agent->ctx)
 236         assuan_release (agent->ctx);
 237
 238       agent->ctx = ctx;
 239     }
 240   else
 241     {
 242       if (ctx)
 243         assuan_release (ctx);
 244     }
 245
 246   pthread_cleanup_pop (0);
 247   return rc;
 248 }
 249
 250 static gpg_error_t
 251 send_to_agent (struct agent_s *agent, char **result, size_t *len,
 252                const char *cmd)
 253 {
 254   gpg_error_t rc = 0;
 255
 256   if (agent->ctx)
 257     rc = assuan_command (agent, result, len, cmd);
 258   else
 259     {
 260       rc = agent_connect (agent);
 261       if (!rc)
 262         rc = assuan_command (agent, result, len, cmd);
 263     }
 264
 265   if (!agent->restart && gpg_err_source (rc) == GPG_ERR_SOURCE_DEFAULT
 266       && (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED
 267           || gpg_err_code (rc) == GPG_ERR_EPIPE))
 268     {
 269       log_write (_ ("gpg-agent connection died (rc=%u), reconnecting"), rc);
 270       agent->restart = 1;
 271       rc = agent_connect (agent);
 272       if (!rc)
 273         {
 274           agent->did_restart = 1;
 275           rc = assuan_command (agent, result, len, cmd);
 276         }
 277     }
 278
 279   agent->restart = 0;
 280   return rc;
 281 }
 282
 283 gpg_error_t
 284 agent_command (struct agent_s *agent, char **result, size_t * len,
 285                const char *fmt, ...)
 286 {
 287   va_list ap;
 288   char *cmd = NULL;
 289   gpg_error_t rc;
 290
 291   va_start (ap, fmt);
 292
 293   if (str_vasprintf (&cmd, fmt, ap) > 0)
 294     {
 295       pthread_cleanup_push (xfree, cmd);
 296       rc = send_to_agent (agent, result, len, cmd);
 297       pthread_cleanup_pop (0);
 298     }
 299   else
 300     rc = GPG_ERR_ENOMEM;
 301
 302   xfree (cmd);
 303   va_end (ap);
 304   return rc;
 305 }
 306
 307 void
 308 agent_disconnect (struct agent_s *agent)
 309 {
 310   if (!agent)
 311     return;
 312
 313   if (agent->ctx)
 314     assuan_release (agent->ctx);
 315
 316   agent->ctx = NULL;
 317 }
 318
 319 void
 320 agent_free (struct agent_s *agent)
 321 {
 322   if (!agent)
 323     return;
 324
 325   agent_disconnect (agent);
 326   xfree (agent->socket);
 327   xfree (agent);
 328 }
 329
 330 gpg_error_t
 331 agent_init (struct agent_s **agent)
 332 {
 333   struct agent_s *new;
 334   FILE *fp;
 335   char *buf;
 336   char line[PATH_MAX];
 337   gpg_error_t rc = 0;
 338   int ret;
 339   char *gpghome = config_get_string ("global", "gpg_homedir");
 340
 341   if (gpghome)
 342     buf = str_asprintf ("gpgconf --homedir %s --list-dirs", gpghome);
 343   else
 344     buf = str_asprintf ("gpgconf --homedir %s/.gnupg --list-dirs", homedir);
 345
 346   xfree (gpghome);
 347   fp = popen (buf, "r");
 348   if (!fp)
 349     {
 350       rc = gpg_error_from_syserror ();
 351       xfree (buf);
 352       return rc;
 353     }
 354
 355   xfree (buf);
 356   buf = NULL;
 357
 358   while (fgets (line, sizeof(line), fp))
 359     {
 360       if (line[strlen(line)-1] == '\n')
 361         line[strlen(line)-1] = 0;
 362
 363       if (!strncmp (line, "agent-socket:", 13))
 364         {
 365           buf = str_dup (line+13);
 366           break;
 367         }
 368     }
 369
 370   ret = pclose (fp);
 371   if (ret)
 372     {
 373       xfree (buf);
 374       return GPG_ERR_ASS_GENERAL;
 375     }
 376
 377   new = xcalloc (1, sizeof (struct agent_s));
 378   if (!new)
 379     {
 380       xfree (buf);
 381       return GPG_ERR_ENOMEM;
 382     }
 383
 384   new->socket = buf;
 385   *agent = new;
 386   return 0;
 387 }
 388
 389 gpg_error_t
 390 agent_set_option (struct agent_s * agent, const char *name, const char *value)
 391 {
 392   return agent_command (agent, NULL, NULL, "OPTION %s=%s", name, value);
 393 }
 394
 395 gpg_error_t
 396 agent_kill_scd (struct agent_s *agent)
 397 {
 398   gpg_error_t rc = 0;
 399
 400   if (config_get_boolean (NULL, "kill_scd"))
 401     {
 402       rc = agent_command (agent, NULL, NULL, "SCD KILLSCD");
 403       if (rc && gpg_err_code (rc) != GPG_ERR_NO_SCDAEMON
 404           && gpg_err_code (rc) != GPG_ERR_EPIPE
 405           && gpg_err_code (rc) != GPG_ERR_EOF)
 406         log_write ("%s: ERR %u: %s", __FUNCTION__, rc, pwmd_strerror (rc));
 407     }
 408
 409   return rc;
 410 }