search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Remove the "tls_use_crl" configuration parameter."
[pwmd.git] / src / rcfile.c
blobc59745e0fe489159523ece9354295a1ed43eac63
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
3 2016, 2017
4 Ben Kibbey <bjk@luxsci.net>
5
6 This file is part of pwmd.
7
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
12
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
20 */
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
29 #include <fcntl.h>
30 #include <errno.h>
31 #include <ctype.h>
32 #include <pwd.h>
33 #include <grp.h>
34
35 #include "pwmd-error.h"
36 #include "mutex.h"
37 #include "rcfile.h"
38 #include "util-misc.h"
39 #include "common.h"
40 #include "util-slist.h"
41 #include "util-string.h"
42 #include "mem.h"
43
44 #define DEFAULT_CACHE_TIMEOUT "600"
45 #define DEFAULT_KEEPALIVE_INTERVAL "60"
46 #define DEFAULT_LOCK_TIMEOUT "50" // MUTEX_TRYLOCK in tenths of a second
47 #define DEFAULT_BACKLOG "128"
48 #define DEFAULT_CIPHER_PRIORITY "SECURE256:SECURE192:SECURE128:-VERS-SSL3.0:-VERS-TLS1.0"
49
50 #define INVALID_VALUE(file, line) do { \
51 if (file) \
52 log_write(_("%s(%i): invalid value for parameter."), file, line); \
53 } while (0);
54
55 enum
56 {
57 PARAM_INT, PARAM_CHARP, PARAM_LONG, PARAM_LONGLONG, PARAM_CHARPP,
58 PARAM_BOOL, PARAM_INVALID
59 };
60
61 static struct config_params_s
62 {
63 const char *name;
64 int type;
65 const char *value;
66 } config_params[] = {
67 { "backup", PARAM_BOOL, "true"},
68 { "socket_path", PARAM_CHARP, NULL},
69 { "socket_perms", PARAM_CHARP, NULL},
70 { "backlog", PARAM_INT, DEFAULT_BACKLOG},
71 { "passphrase_file", PARAM_CHARP, NULL},
72 { "log_path", PARAM_CHARP, "~/.pwmd/log"},
73 { "enable_logging", PARAM_BOOL, "0"},
74 { "log_keepopen", PARAM_BOOL, "true"},
75 { "log_level", PARAM_INT, "0"},
76 { "disable_mlockall", PARAM_BOOL, "true"},
77 { "cache_timeout", PARAM_LONG, DEFAULT_CACHE_TIMEOUT},
78 { "cache_push", PARAM_CHARPP, NULL},
79 { "disable_list_and_dump", PARAM_BOOL, "false"},
80 { "recursion_depth", PARAM_INT, "100"},
81 { "syslog", PARAM_BOOL, "false"},
82 { "xfer_progress", PARAM_INT, "8196"},
83 { "allowed", PARAM_CHARPP, NULL},
84 { "allowed_file", PARAM_CHARP, NULL},
85 { "priority", PARAM_INT, INVALID_PRIORITY},
86 { "keepalive_interval", PARAM_INT, DEFAULT_KEEPALIVE_INTERVAL},
87 { "tcp_port", PARAM_INT, "6466"},
88 { "enable_tcp", PARAM_BOOL, "false"},
89 { "tcp_require_key", PARAM_BOOL, "false"},
90 { "tcp_bind", PARAM_CHARP, "any"},
91 { "tcp_interface", PARAM_CHARP, NULL},
92 { "tls_timeout", PARAM_INT, "300"},
93 { "tls_cipher_suite", PARAM_CHARP, DEFAULT_CIPHER_PRIORITY},
94 { "tls_dh_params_file", PARAM_CHARP, NULL},
95 { "tls_use_crl", PARAM_BOOL, "1"},
96 { "require_save_key", PARAM_BOOL, "true"},
97 { "invoking_user", PARAM_CHARPP, NULL},
98 { "invoking_file", PARAM_CHARP, NULL},
99 { "encrypt_to", PARAM_BOOL, "false"},
100 { "always_trust", PARAM_BOOL, "false"},
101 { "gpg_homedir", PARAM_CHARP, NULL},
102 { "strict_kill", PARAM_BOOL, "false"},
103 { "lock_timeout", PARAM_LONG, DEFAULT_LOCK_TIMEOUT},
104 { "kill_scd", PARAM_BOOL, "false"},
105 { "strict_open", PARAM_BOOL, "false"},
106 { NULL, PARAM_INVALID, NULL},
107 };
108
109 struct config_param_s
110 {
111 char *name;
112 int type;
113 union
114 {
115 int itype;
116 char *cptype;
117 char **cpptype;
118 long ltype;
119 long long lltype;
120 } value;
121 };
122
123 struct config_keep_s
124 {
125 char *section;
126 char *name;
127 char *value;
128 };
129
130 static struct config_section_s *config_find_section (struct slist_s *config,
131 const char *name);
132 static int new_param (struct config_section_s *section, const char *filename,
133 int lineno, const char *name, const char *value,
134 int type);
135 static void free_section (struct config_section_s *s);
136 static int set_defaults (struct slist_s **config, int reload);
137
138 static void
139 section_remove_param (struct config_section_s *section, const char *name)
140 {
141 unsigned i, t = slist_length (section->params);
142
143 for (i = 0; i < t; i++)
144 {
145 struct config_param_s *p = slist_nth_data (section->params, i);
146
147 if (!p)
148 continue;
149
150 if (!strcmp (p->name, name))
151 {
152 switch (p->type)
153 {
154 case PARAM_CHARP:
155 xfree (p->value.cptype);
156 break;
157 case PARAM_CHARPP:
158 strv_free (p->value.cpptype);
159 break;
160 }
161
162 section->params = slist_remove (section->params, p);
163 xfree (p->name);
164 xfree (p);
165 break;
166 }
167 }
168 }
169
170 static struct config_param_s *
171 config_has_param (struct config_section_s *s, const char *what)
172 {
173 unsigned i, t = slist_length (s->params);
174
175 for (i = 0; i < t; i++)
176 {
177 struct config_param_s *p = slist_nth_data (s->params, i);
178 if (!p)
179 break;
180
181 if (!strcmp (p->name, what))
182 return p;
183 }
184
185 return NULL;
186 }
187
188 static struct config_param_s *
189 config_get_param (struct slist_s *config,
190 const char *section, const char *what, int *exists)
191 {
192 unsigned i, t = slist_length (config);
193
194 *exists = 0;
195
196 for (i = 0; i < t; i++)
197 {
198 struct config_param_s *p;
199 struct config_section_s *s = slist_nth_data (config, i);
200
201 if (!s)
202 break;
203
204 if (strcmp (s->name, section))
205 continue;
206
207 p = config_has_param (s, what);
208 if (!p)
209 return NULL;
210
211 *exists = 1;
212 return p;
213 }
214
215 return NULL;
216 }
217
218 static struct config_section_s *
219 new_section (struct slist_s **config, const char *name)
220 {
221 struct slist_s *tmp;
222 struct config_section_s *s = xcalloc (1, sizeof (struct config_section_s));
223
224 if (!s)
225 return NULL;
226
227 s->name = str_dup (name);
228 if (!s->name)
229 {
230 log_write ("%s", pwmd_strerror (ENOMEM));
231 xfree (s);
232 return NULL;
233 }
234
235 tmp = slist_append (*config, s);
236 if (!tmp)
237 {
238 log_write ("%s", pwmd_strerror (ENOMEM));
239 xfree (s->name);
240 xfree (s);
241 return NULL;
242 }
243
244 *config = tmp;
245 return s;
246 }
247
248 int
249 config_set_string_param (struct slist_s **config, const char *section,
250 const char *name, const char *value)
251 {
252 struct config_section_s *s = config_find_section (*config, section);
253
254 if (!s)
255 {
256 s = new_section (config, section);
257 if (!s)
258 return 1;
259 }
260
261 return new_param (s, NULL, 0, name, value, PARAM_CHARP);
262 }
263
264 char *
265 config_get_string_param (struct slist_s *config, const char *section,
266 const char *what, int *exists)
267 {
268 struct config_param_s *p = config_get_param (config, section, what, exists);
269 return *exists && p->value.cptype ? str_dup (p->value.cptype) : NULL;
270 }
271
272 int
273 config_set_int_param (struct slist_s **config, const char *section,
274 const char *name, const char *value)
275 {
276 struct config_section_s *s = config_find_section (*config, section);
277
278 if (!s)
279 {
280 s = new_section (config, section);
281 if (!s)
282 return 1;
283 }
284
285 return new_param (s, NULL, 0, name, value, PARAM_INT);
286 }
287
288 int
289 config_get_int_param (struct slist_s *config, const char *section,
290 const char *what, int *exists)
291 {
292 struct config_param_s *p = config_get_param (config, section, what, exists);
293 return *exists ? p->value.itype : -1;
294 }
295
296 int
297 config_set_bool_param (struct slist_s **config, const char *section,
298 const char *name, const char *value)
299 {
300 struct config_section_s *s = config_find_section (*config, section);
301
302 if (!s)
303 {
304 s = new_section (config, section);
305 if (!s)
306 return 1;
307 }
308
309 return new_param (s, NULL, 0, name, value, PARAM_BOOL);
310 }
311
312 int
313 config_get_bool_param (struct slist_s *config, const char *section,
314 const char *what, int *exists)
315 {
316 return config_get_int_param (config, section, what, exists);
317 }
318
319 int
320 config_set_long_param (struct slist_s **config, const char *section,
321 const char *name, const char *value)
322 {
323 struct config_section_s *s = config_find_section (*config, section);
324
325 if (!s)
326 {
327 s = new_section (config, section);
328 if (!s)
329 return 1;
330 }
331
332 return new_param (s, NULL, 0, name, value, PARAM_LONG);
333 }
334
335 long
336 config_get_long_param (struct slist_s *config, const char *section,
337 const char *what, int *exists)
338 {
339 struct config_param_s *p = config_get_param (config, section, what, exists);
340 return *exists ? p->value.ltype : -1;
341 }
342
343 int
344 config_set_longlong_param (struct slist_s **config, const char *section,
345 const char *name, const char *value)
346 {
347 struct config_section_s *s = config_find_section (*config, section);
348
349 if (!s)
350 {
351 s = new_section (config, section);
352 if (!s)
353 return 1;
354 }
355
356 return new_param (s, NULL, 0, name, value, PARAM_LONGLONG);
357 }
358
359 long long
360 config_get_longlong_param (struct slist_s *config,
361 const char *section, const char *what, int *exists)
362 {
363 struct config_param_s *p = config_get_param (config, section, what, exists);
364 return *exists ? p->value.lltype : -1;
365 }
366
367 int
368 config_set_list_param (struct slist_s **config, const char *section,
369 const char *name, const char *value)
370 {
371 struct config_section_s *s = config_find_section (*config, section);
372
373 if (!s)
374 {
375 s = new_section (config, section);
376 if (!s)
377 return 1;
378 }
379
380 return new_param (s, NULL, 0, name, value, PARAM_CHARPP);
381 }
382
383 char **
384 config_get_list_param (struct slist_s *config, const char *section,
385 const char *what, int *exists)
386 {
387 struct config_param_s *p = config_get_param (config, section, what, exists);
388 return *exists && p->value.cpptype ? strv_dup (p->value.cpptype) : NULL;
389 }
390
391 char *
392 config_get_string (const char *section, const char *what)
393 {
394 char *val = NULL;
395 const char *where = section ? section : "global";
396 int exists = 0;
397
398 MUTEX_LOCK (&rcfile_mutex);
399 val = config_get_string_param (global_config, where, what, &exists);
400 if (!exists && strcmp (section ? section : "", "global"))
401 val = config_get_string_param (global_config, "global", what, &exists);
402
403 MUTEX_UNLOCK (&rcfile_mutex);
404 return val;
405 }
406
407 char **
408 config_get_list (const char *section, const char *what)
409 {
410 char **val = NULL;
411 const char *where = section ? section : "global";
412 int exists = 0;
413
414 MUTEX_LOCK (&rcfile_mutex);
415 val = config_get_list_param (global_config, where, what, &exists);
416 if (!exists && strcmp (section ? section : "", "global"))
417 val = config_get_list_param (global_config, "global", what, &exists);
418
419 MUTEX_UNLOCK (&rcfile_mutex);
420 return val;
421 }
422
423 int
424 config_get_integer (const char *section, const char *what)
425 {
426 int val = 0;
427 const char *where = section ? section : "global";
428 int exists = 0;
429
430 MUTEX_LOCK (&rcfile_mutex);
431 val = config_get_int_param (global_config, where, what, &exists);
432 if (!exists && strcmp (section ? section : "", "global"))
433 val = config_get_int_param (global_config, "global", what, &exists);
434
435 MUTEX_UNLOCK (&rcfile_mutex);
436 return val;
437 }
438
439 long long
440 config_get_longlong (const char *section, const char *what)
441 {
442 long long val = 0;
443 const char *where = section ? section : "global";
444 int exists = 0;
445
446 MUTEX_LOCK (&rcfile_mutex);
447 val = config_get_longlong_param (global_config, where, what, &exists);
448 if (!exists && strcmp (section ? section : "", "global"))
449 val = config_get_longlong_param (global_config, "global", what, &exists);
450
451 MUTEX_UNLOCK (&rcfile_mutex);
452 return val;
453 }
454
455 long
456 config_get_long (const char *section, const char *what)
457 {
458 long val = 0;
459 const char *where = section ? section : "global";
460 int exists = 0;
461
462 MUTEX_LOCK (&rcfile_mutex);
463 val = config_get_long_param (global_config, where, what, &exists);
464 if (!exists && strcmp (section ? section : "", "global"))
465 val = config_get_long_param (global_config, "global", what, &exists);
466
467 MUTEX_UNLOCK (&rcfile_mutex);
468 return val;
469 }
470
471 int
472 config_get_boolean (const char *section, const char *what)
473 {
474 return config_get_integer (section, what);
475 }
476
477 char *
478 config_get_value (const char *section, const char *what)
479 {
480 const char *where = section ? section : "global";
481 int exists = 0;
482 int i;
483 int ival;
484 long lval;
485 long long llval;
486 char *cpval;
487 char **cppval;
488 char *result = NULL;
489
490 MUTEX_LOCK (&rcfile_mutex);
491
492 for (i = 0; config_params[i].name; i++)
493 {
494 if (!strcmp (config_params[i].name, what))
495 {
496 switch (config_params[i].type)
497 {
498 case PARAM_BOOL:
499 case PARAM_INT:
500 ival = config_get_int_param (global_config, where, what,
501 &exists);
502 if (!exists && strcmp (section ? section : "", "global"))
503 ival = config_get_int_param (global_config, "global", what,
504 &exists);
505 result = str_asprintf ("%i", ival);
506 break;
507 case PARAM_CHARP:
508 cpval = config_get_string_param (global_config, where, what,
509 &exists);
510 if (!exists && strcmp (section ? section : "", "global"))
511 cpval =
512 config_get_string_param (global_config, "global", what,
513 &exists);
514 result = cpval;
515 break;
516 case PARAM_LONG:
517 lval = config_get_long_param (global_config, where, what,
518 &exists);
519 if (!exists && strcmp (section ? section : "", "global"))
520 lval = config_get_long_param (global_config, "global", what,
521 &exists);
522 result = str_asprintf ("%li", lval);
523 break;
524 case PARAM_LONGLONG:
525 llval = config_get_longlong_param (global_config, where, what,
526 &exists);
527 if (!exists && strcmp (section ? section : "", "global"))
528 llval = config_get_longlong_param (global_config, "global",
529 what, &exists);
530 result = str_asprintf ("%lli", llval);
531 break;
532 case PARAM_CHARPP:
533 cppval = config_get_list_param (global_config, where, what,
534 &exists);
535 if (!exists && strcmp (section ? section : "", "global"))
536 cppval = config_get_list_param (global_config, "global", what,
537 &exists);
538
539 if (cppval)
540 result = strv_join (",", cppval);
541
542 strv_free (cppval);
543 break;
544 }
545 }
546 }
547
548 MUTEX_UNLOCK (&rcfile_mutex);
549 return result;
550 }
551
552 /* 'file' is the list parameter file to load into the list parameter 'what'.
553 * The parsing of the parameter is not done here. */
554 static gpg_error_t
555 parse_list_file (struct slist_s *config, const char *section,
556 const char *file, const char *what)
557 {
558 FILE *fp;
559 char buf[LINE_MAX] = {0};
560 int exists;
561 char **list = NULL;
562 char *tmp;
563 char *p = config_get_string_param (config, section, file, &exists);
564 gpg_error_t rc;
565
566 if (!p || !*p)
567 {
568 xfree (p);
569 return 0;
570 }
571
572 tmp = expand_homedir (p);
573 xfree (p);
574 p = tmp;
575 fp = fopen (p, "r");
576 if (!fp)
577 {
578 rc = gpg_error_from_errno (errno);
579 log_write ("%s: %s", p, pwmd_strerror (rc));
580 xfree (p);
581 return rc;
582 }
583
584 xfree (p);
585 list = config_get_list_param (config, section, what, &exists);
586 if (!list && exists)
587 {
588 fclose (fp);
589 log_write ("%s", pwmd_strerror (ENOMEM));
590 return gpg_error (ENOMEM);
591 }
592
593 while ((p = fgets (buf, sizeof (buf)-1, fp)))
594 {
595 char **pp = NULL;
596
597 if (p[strlen(p)-1] == '\n')
598 p[strlen(p)-1] = 0;
599
600 while (*p && isspace (*p))
601 p++;
602
603 if (!*p || *p == ';')
604 continue;
605
606 tmp = str_dup (p);
607 if (tmp)
608 pp = strv_cat (list, str_dup (p));
609
610 if (!pp || !tmp)
611 {
612 xfree (tmp);
613 strv_free (list);
614 fclose (fp);
615 log_write ("%s", strerror (ENOMEM));
616 return gpg_error (ENOMEM);
617 }
618
619 xfree (tmp);
620 list = pp;
621 }
622
623 fclose(fp);
624 if (!list)
625 return 0;
626
627 p = strv_join (",", list);
628 strv_free (list);
629
630 if (!p)
631 {
632 log_write ("%s", pwmd_strerror (ENOMEM));
633 return gpg_error (ENOMEM);
634 }
635
636 config_set_list_param (&config, section, what, p);
637 xfree (p);
638 return 0;
639 }
640
641 static int
642 fixup_allowed_once (struct slist_s **config, const char *section)
643 {
644 char **list, **pp, *p;
645 int exists;
646 gpg_error_t rc;
647
648 rc = parse_list_file (*config, section, "allowed_file", "allowed");
649 if (rc)
650 return 1;
651
652 list = config_get_list_param (*config, section, "allowed", &exists);
653 for (pp = list; pp && *pp; pp++)
654 {
655 if (*(*pp) == '#')
656 {
657 for (p = *pp; p && *p; p++)
658 *p = toupper(*p);
659 }
660 }
661
662 strv_free (list);
663 if (!exists)
664 {
665 if (!strcmp (section, "global"))
666 {
667 p = get_username (getuid());
668
669 if (config_set_list_param (config, section, "allowed", p))
670 {
671 xfree (p);
672 return 1;
673 }
674
675 xfree (p);
676 }
677 else
678 {
679 list = config_get_list_param (*config, "global", "allowed", &exists);
680 if (list)
681 {
682 p = strv_join (",", list);
683 strv_free (list);
684 if (config_set_list_param (config, section, "allowed", p))
685 {
686 xfree (p);
687 return 1;
688 }
689
690 xfree (p);
691 }
692 }
693 }
694
695 return 0;
696 }
697
698 static int
699 fixup_allowed (struct slist_s **config)
700 {
701 int n, t = slist_length (*config);
702
703 for (n = 0; n < t; n++)
704 {
705 struct config_section_s *section;
706
707 section = slist_nth_data (*config, n);
708 if (fixup_allowed_once (config, section->name))
709 return 1;
710 }
711
712 return 0;
713 }
714
715 static int
716 add_invoking_user (struct invoking_user_s **users, char *id,
717 struct slist_s **config)
718 {
719 struct passwd *pwd = NULL;
720 struct group *grp = NULL;
721 struct invoking_user_s *user, *p;
722 int not = 0;
723
724 if (id && (*id == '!' || *id == '-'))
725 {
726 not = 1;
727 id++;
728 }
729
730 errno = 0;
731 if (!id || !*id)
732 {
733 pwd = getpwuid (getuid ());
734 if (!pwd)
735 {
736 log_write (_("could not set any invoking user: %s"),
737 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
738 return 1;
739 }
740 }
741 else if (*id == '@')
742 {
743 grp = getgrnam (id+1);
744 if (!grp)
745 {
746 log_write (_("could not parse group '%s': %s"), id+1,
747 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
748 return 1;
749 }
750 }
751 else if (*id != '#')
752 pwd = getpwnam (id);
753
754 if (!grp && !pwd && id && *id != '#')
755 {
756 if (id && *id)
757 log_write (_("could not set invoking user '%s': %s"), id,
758 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
759 else
760 log_write (_("could not set any invoking user!"));
761
762 return 1;
763 }
764
765 user = xcalloc (1, sizeof (struct invoking_user_s));
766 if (!user)
767 {
768 log_write ("%s", pwmd_strerror (ENOMEM));
769 return 1;
770 }
771
772 user->not = not;
773 user->type = pwd ? INVOKING_UID : grp ? INVOKING_GID : INVOKING_TLS;
774 if (pwd)
775 user->uid = pwd->pw_uid;
776 else if (grp)
777 user->id = str_dup (id+1);
778 else
779 {
780 char *s;
781
782 for (s = id; s && *s; s++)
783 *s = toupper(*s);
784
785 user->id = str_dup (id+1);
786 }
787
788 /* Set the default invoking_user since it doesn't exist. */
789 if (pwd && (!id || !*id))
790 config_set_list_param (config, "global", "invoking_user", pwd->pw_name);
791
792 if (!*users)
793 {
794 *users = user;
795 return 0;
796 }
797
798 for (p = *users; p; p = p->next)
799 {
800 if (!p->next)
801 {
802 p->next = user;
803 break;
804 }
805 }
806
807 return 0;
808 }
809
810 static int
811 parse_invoking_users (struct slist_s **config)
812 {
813 struct invoking_user_s *users = NULL;
814 int exists;
815 char **list, **l;
816
817 if (parse_list_file (*config, "global", "invoking_file", "invoking_user"))
818 return 1;
819
820 list = config_get_list_param (*config, "global", "invoking_user", &exists);
821 for (l = list; l && *l; l++)
822 {
823 if (add_invoking_user (&users, *l, config))
824 {
825 strv_free (list);
826 free_invoking_users (users);
827 return 1;
828 }
829 }
830
831 if (!list || !*list)
832 {
833 if (add_invoking_user (&users, NULL, config))
834 {
835 strv_free (list);
836 return 1;
837 }
838 }
839
840 free_invoking_users (invoking_users);
841 invoking_users = users;
842 strv_free (list);
843 return 0;
844 }
845
846 static int
847 set_defaults (struct slist_s **config, int reload)
848 {
849 char *s = NULL;
850 char **list;
851 int exists;
852 int i;
853
854 for (i = 0; config_params[i].name; i++)
855 {
856 switch (config_params[i].type)
857 {
858 case PARAM_BOOL:
859 config_get_bool_param (*config, "global", config_params[i].name,
860 &exists);
861 if (!exists)
862 {
863 if (config_set_bool_param
864 (config, "global", config_params[i].name,
865 config_params[i].value))
866 goto fail;
867 }
868 break;
869 case PARAM_INT:
870 config_get_int_param (*config, "global", config_params[i].name,
871 &exists);
872 if (!exists)
873 {
874 if (config_set_int_param
875 (config, "global", config_params[i].name,
876 config_params[i].value))
877 goto fail;
878 }
879 break;
880 case PARAM_CHARP:
881 s = config_get_string_param (*config, "global",
882 config_params[i].name, &exists);
883 xfree (s);
884 if (!exists && config_params[i].value)
885 {
886 if (config_set_string_param (config, "global",
887 config_params[i].name,
888 config_params[i].value))
889 goto fail;
890 }
891 break;
892 case PARAM_CHARPP:
893 list = config_get_list_param (*config, "global",
894 config_params[i].name, &exists);
895 strv_free (list);
896 if (!exists && config_params[i].value)
897 {
898 if (config_set_list_param (config, "global",
899 config_params[i].name,
900 config_params[i].value))
901 goto fail;
902 }
903 break;
904 case PARAM_LONG:
905 config_get_long_param (*config, "global", config_params[i].name,
906 &exists);
907 if (!exists)
908 {
909 if (config_set_long_param
910 (config, "global", config_params[i].name,
911 config_params[i].value))
912 goto fail;
913 }
914 break;
915 case PARAM_LONGLONG:
916 config_get_longlong_param (*config, "global", config_params[i].name,
917 &exists);
918 if (!exists)
919 {
920 if (config_set_longlong_param (config, "global",
921 config_params[i].name,
922 config_params[i].value))
923 goto fail;
924 }
925 break;
926 }
927 }
928
929 s = NULL;
930 if (!reload && fixup_allowed (config))
931 goto fail;
932
933 if (!reload && parse_invoking_users (config))
934 goto fail;
935
936 log_level = config_get_int_param (*config, "global",
937 "log_level", &exists);
938 log_keepopen = config_get_int_param (*config, "global",
939 "log_keepopen", &exists);
940 max_recursion_depth = config_get_int_param (*config, "global",
941 "recursion_depth", &exists);
942 disable_list_and_dump = config_get_bool_param (*config, "global",
943 "disable_list_and_dump",
944 &exists);
945 #ifdef HAVE_MLOCKALL
946 disable_mlock =
947 config_get_bool_param (*config, "global", "disable_mlockall", &exists);
948 #endif
949
950 xfree (s);
951 return 0;
952
953 fail:
954 xfree (s);
955 return 1;
956 }
957
958 static struct config_section_s *
959 config_find_section (struct slist_s *config, const char *name)
960 {
961 unsigned i, t = slist_length (config);
962
963 for (i = 0; i < t; i++)
964 {
965 struct config_section_s *s = slist_nth_data (config, i);
966
967 if (!strcmp (s->name, name))
968 return s;
969 }
970
971 return NULL;
972 }
973
974 /* Append a new parameter to the list of parameters for a file
975 * section. When an existing parameter of the same name exists, its
976 * value is updated.
977 */
978 static int
979 new_param (struct config_section_s *section, const char *filename, int lineno,
980 const char *name, const char *value, int type)
981 {
982 struct config_param_s *param = NULL;
983 struct slist_s *tmp;
984 char *e;
985 unsigned i, t = slist_length (section->params);
986 int dup = 0;
987
988 for (i = 0; i < t; i++)
989 {
990 struct config_param_s *p = slist_nth_data (section->params, i);
991 if (!p)
992 break;
993
994 if (!strcmp (name, p->name))
995 {
996 param = p;
997 dup = 1;
998 break;
999 }
1000 }
1001
1002 if (!param)
1003 {
1004 param = xcalloc (1, sizeof (struct config_param_s));
1005 if (!param)
1006 {
1007 log_write ("%s", pwmd_strerror (ENOMEM));
1008 return 1;
1009 }
1010
1011 param->name = str_dup (name);
1012 if (!param->name)
1013 {
1014 xfree (param);
1015 log_write ("%s", pwmd_strerror (ENOMEM));
1016 return 1;
1017 }
1018 }
1019
1020 param->type = type;
1021
1022 switch (type)
1023 {
1024 case PARAM_BOOL:
1025 if (!strcasecmp (value, "no") || !strcasecmp (value, "0")
1026 || !strcasecmp (value, "false"))
1027 param->value.itype = 0;
1028 else if (!strcasecmp (value, "yes") || !strcasecmp (value, "1")
1029 || !strcasecmp (value, "true"))
1030 param->value.itype = 1;
1031 else
1032 {
1033 INVALID_VALUE (filename, lineno);
1034 goto fail;
1035 }
1036 param->type = PARAM_INT;
1037 break;
1038 case PARAM_CHARP:
1039 xfree (param->value.cptype);
1040 param->value.cptype = NULL;
1041 param->value.cptype = value && *value ? str_dup (value) : NULL;
1042 if (value && *value && !param->value.cptype)
1043 {
1044 log_write ("%s", pwmd_strerror (ENOMEM));
1045 goto fail;
1046 }
1047 break;
1048 case PARAM_CHARPP:
1049 strv_free (param->value.cpptype);
1050 param->value.cpptype = NULL;
1051 param->value.cpptype = value && *value ?
1052 str_split_ws (value, ",", 0) : NULL;
1053 if (value && *value && !param->value.cpptype)
1054 {
1055 log_write ("%s", pwmd_strerror (ENOMEM));
1056 goto fail;
1057 }
1058 break;
1059 case PARAM_INT:
1060 param->value.itype = strtol (value, &e, 10);
1061 if (e && *e)
1062 {
1063 INVALID_VALUE (filename, lineno);
1064 goto fail;
1065 }
1066 break;
1067 case PARAM_LONG:
1068 param->value.ltype = strtol (value, &e, 10);
1069 if (e && *e)
1070 {
1071 INVALID_VALUE (filename, lineno);
1072 goto fail;
1073 }
1074 break;
1075 case PARAM_LONGLONG:
1076 param->value.lltype = strtoll (value, &e, 10);
1077 if (e && *e)
1078 {
1079 INVALID_VALUE (filename, lineno);
1080 goto fail;
1081 }
1082 break;
1083 }
1084
1085 if (dup)
1086 return 0;
1087
1088 tmp = slist_append (section->params, param);
1089 if (!tmp)
1090 {
1091 log_write ("%s", pwmd_strerror (ENOMEM));
1092 goto fail;
1093 }
1094
1095 section->params = tmp;
1096 return 0;
1097
1098 fail:
1099 xfree (param->name);
1100 xfree (param);
1101 return 1;
1102 }
1103
1104 struct slist_s *
1105 config_parse (const char *filename, int reload)
1106 {
1107 struct slist_s *tmpconfig = NULL, *tmp;
1108 struct config_section_s *cur_section = NULL;
1109 char buf[LINE_MAX] = {0};
1110 char *s;
1111 int lineno = 1;
1112 int have_global = 0;
1113 FILE *fp = fopen (filename, "r");
1114
1115 if (!fp)
1116 {
1117 log_write ("%s: %s", filename,
1118 pwmd_strerror (gpg_error_from_errno (errno)));
1119
1120 if (errno != ENOENT)
1121 return NULL;
1122
1123 log_write (_("Using defaults!"));
1124 goto defaults;
1125 }
1126
1127 for (; (s = fgets (buf, sizeof (buf), fp)); lineno++)
1128 {
1129 char line[LINE_MAX] = { 0 };
1130 size_t len = 0;
1131 int match = 0;
1132
1133 if (*s == '#')
1134 continue;
1135
1136 s = str_chomp (s);
1137 if (!*s)
1138 continue;
1139
1140 /* New file section. */
1141 if (*s == '[')
1142 {
1143 struct config_section_s *section;
1144 char *p = strchr (++s, ']');
1145
1146 if (!p)
1147 {
1148 log_write (_("%s(%i): unbalanced braces"), filename, lineno);
1149 goto fail;
1150 }
1151
1152 if (*(p+1))
1153 {
1154 log_write (_("%s(%i): trailing characters"), filename, lineno);
1155 goto fail;
1156 }
1157
1158 len = strlen (s) - strlen (p);
1159 memcpy (line, s, len);
1160 line[len] = 0;
1161
1162 section = config_find_section (tmpconfig, line);
1163 if (section)
1164 {
1165 log_write (_("%s(%i): section '%s' already exists!"),
1166 filename, lineno, line);
1167 goto fail;
1168 }
1169
1170 if (!strcmp (line, "global"))
1171 have_global = 1;
1172
1173 section = xcalloc (1, sizeof (struct config_section_s));
1174 section->name = str_dup (line);
1175
1176 if (cur_section)
1177 {
1178 tmp = slist_append (tmpconfig, cur_section);
1179 if (!tmp)
1180 {
1181 log_write ("%s", pwmd_strerror (ENOMEM));
1182 goto fail;
1183 }
1184
1185 tmpconfig = tmp;
1186 }
1187
1188 cur_section = section;
1189 continue;
1190 }
1191
1192 if (!cur_section)
1193 {
1194 log_write (_("%s(%i): parameter outside of section!"), filename,
1195 lineno);
1196 goto fail;
1197 }
1198
1199 /* Parameters for each section. */
1200 for (int m = 0; config_params[m].name; m++)
1201 {
1202 len = strlen (config_params[m].name);
1203 if (!strncmp (s, config_params[m].name, len))
1204 {
1205 char *p = s + len;
1206
1207 while (*p && *p == ' ')
1208 p++;
1209
1210 if (!*p || *p != '=')
1211 continue;
1212
1213 p++;
1214 while (*p && isspace (*p))
1215 p++;
1216
1217 s[len] = 0;
1218 if (new_param (cur_section, filename, lineno, s, p,
1219 config_params[m].type))
1220 goto fail;
1221
1222 match = 1;
1223 break;
1224 }
1225 }
1226
1227 if (!match)
1228 {
1229 log_write (_("%s(%i): unknown parameter"), filename, lineno);
1230 goto fail;
1231 }
1232 }
1233
1234 if (cur_section)
1235 {
1236 tmp = slist_append (tmpconfig, cur_section);
1237 if (!tmp)
1238 {
1239 log_write ("%s", pwmd_strerror (ENOMEM));
1240 goto fail;
1241 }
1242
1243 cur_section = NULL;
1244 tmpconfig = tmp;
1245 }
1246
1247 if (!have_global)
1248 log_write (_
1249 ("WARNING: %s: could not find a [global] configuration section!"),
1250 filename);
1251
1252 defaults:
1253 if (set_defaults (&tmpconfig, reload))
1254 goto fail;
1255
1256 if (fp)
1257 fclose(fp);
1258
1259 return tmpconfig;
1260
1261 fail:
1262 if (fp)
1263 fclose (fp);
1264
1265 config_free (tmpconfig);
1266 free_section (cur_section);
1267 return NULL;
1268 }
1269
1270 static void
1271 free_section (struct config_section_s *s)
1272 {
1273 if (!s)
1274 return;
1275
1276 for (;;)
1277 {
1278 struct config_param_s *p = slist_nth_data (s->params, 0);
1279
1280 if (!p)
1281 break;
1282
1283 section_remove_param (s, p->name);
1284 }
1285
1286 s->params = NULL;
1287 xfree (s->name);
1288 s->name = NULL;
1289 }
1290
1291 void
1292 config_free (struct slist_s *config)
1293 {
1294 for (;;)
1295 {
1296 struct config_section_s *s = slist_nth_data (config, 0);
1297 if (!s)
1298 break;
1299
1300 free_section (s);
1301 config = slist_remove (config, s);
1302 xfree (s);
1303 }
1304 }
1305
1306 void
1307 free_invoking_users (struct invoking_user_s *users)
1308 {
1309 struct invoking_user_s *p;
1310
1311 for (p = users; p;)
1312 {
1313 struct invoking_user_s *next = p->next;
1314
1315 if (p->type == INVOKING_TLS || p->type == INVOKING_GID)
1316 xfree (p->id);
1317
1318 xfree (p);
1319 p = next;
1320 }
1321 }
1322
1323 static int
1324 param_type (const char *name)
1325 {
1326 int i;
1327
1328 for (i = 0; config_params[i].name; i++)
1329 {
1330 if (!strcmp (config_params[i].name, name))
1331 return config_params[i].type;
1332 }
1333
1334 return PARAM_INVALID;
1335 }
1336
1337 static int
1338 keep_parse (struct config_keep_s *k, const char *section, const char *key)
1339 {
1340 int exists;
1341 int ival;
1342 long lval;
1343 long long llval;
1344 char *cpval;
1345 char **cppval;
1346 int type = param_type (key);
1347 void *value = NULL;
1348
1349 switch (type)
1350 {
1351 case PARAM_BOOL:
1352 case PARAM_INT:
1353 ival = config_get_int_param (global_config, section, key, &exists);
1354 if (exists)
1355 value = str_asprintf ("%i", ival);
1356 break;
1357 case PARAM_LONG:
1358 lval = config_get_long_param (global_config, section, key, &exists);
1359 if (exists)
1360 value = str_asprintf ("%li", lval);
1361 break;
1362 case PARAM_LONGLONG:
1363 llval = config_get_longlong_param (global_config, section, key, &exists);
1364 if (exists)
1365 value = str_asprintf ("%lli", llval);
1366 break;
1367 case PARAM_CHARP:
1368 cpval = config_get_string_param (global_config, section, key, &exists);
1369 if (exists)
1370 value = cpval;
1371 break;
1372 case PARAM_CHARPP:
1373 cppval = config_get_list_param (global_config, section, key, &exists);
1374 if (exists)
1375 {
1376 char *s = strv_join (",", cppval);
1377
1378 strv_free (cppval);
1379 value = s;
1380 }
1381 break;
1382 default:
1383 return 1;
1384 }
1385
1386 if (!value)
1387 return 1;
1388
1389 k->section = str_dup(section);
1390 k->name = str_dup(key);
1391 k->value = value;
1392 return 0;
1393 }
1394
1395 static struct slist_s *
1396 keep_add (struct slist_s *k, const char *s, const char *key)
1397 {
1398 int n, t = slist_length (global_config);
1399
1400 for (n = 0; n < t; n++)
1401 {
1402 struct config_section_s *section;
1403 struct config_keep_s *tmp;
1404 int ret;
1405
1406 section = slist_nth_data (global_config, n);
1407 tmp = xcalloc (1, sizeof(struct config_keep_s));
1408
1409 // Process all sections.
1410 if (!s)
1411 ret = keep_parse (tmp, section->name, key);
1412 else
1413 ret = keep_parse (tmp, s, key);
1414
1415 if (!ret)
1416 k = slist_append (k, tmp);
1417 else
1418 xfree (tmp);
1419 }
1420
1421 return k;
1422 }
1423
1424 /* Keep security sensitive settings across SIGHUP. */
1425 struct slist_s *
1426 config_keep_save ()
1427 {
1428 struct slist_s *keep = NULL;
1429
1430 #ifdef WITH_GNUTLS
1431 keep = keep_add (keep, NULL, "tcp_require_key");
1432 #endif
1433 keep = keep_add (keep, NULL, "require_save_key");
1434 keep = keep_add (keep, NULL, "allowed");
1435 keep = keep_add (keep, NULL, "allowed_file");
1436 keep = keep_add (keep, "global", "encrypt_to");
1437 keep = keep_add (keep, "global", "always_trust");
1438 keep = keep_add (keep, "global", "invoking_user");
1439 keep = keep_add (keep, "global", "invoking_file");
1440 keep = keep_add (keep, "global", "gpg_homedir");
1441 return keep;
1442 }
1443
1444 /* Restore parameters previously saved with config_keep_save(). This will also
1445 * free the 'keep'.
1446 */
1447 void
1448 config_keep_restore (struct slist_s *keep)
1449 {
1450 int n, t = slist_length (keep);
1451
1452 for (n = 0; n < t; n++)
1453 {
1454 struct config_keep_s *k = slist_nth_data (keep, n);
1455 int type = param_type (k->name);
1456
1457 switch (type)
1458 {
1459 case PARAM_BOOL:
1460 config_set_bool_param (&global_config, k->section, k->name, k->value);
1461 break;
1462 case PARAM_INT:
1463 config_set_int_param (&global_config, k->section, k->name, k->value);
1464 break;
1465 case PARAM_LONG:
1466 config_set_long_param (&global_config, k->section, k->name, k->value);
1467 break;
1468 case PARAM_LONGLONG:
1469 config_set_longlong_param (&global_config, k->section, k->name,
1470 k->value);
1471 break;
1472 case PARAM_CHARP:
1473 config_set_string_param (&global_config, k->section, k->name,
1474 k->value);
1475 break;
1476 case PARAM_CHARPP:
1477 config_set_list_param (&global_config, k->section, k->name, k->value);
1478 break;
1479 default:
1480 break;
1481 }
1482
1483 xfree (k->section);
1484 xfree (k->name);
1485 xfree (k->value);
1486 xfree (k);
1487 }
1488
1489 slist_free (keep);
1490 }
A server for managing passphrases and anything else.