lib/system.c

   1 /*
   2  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * The GnuTLS is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 3 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  20  *
  21  */
  22
  23 #include <system.h>
  24 #include <gnutls_int.h>
  25 #include <gnutls_errors.h>
  26
  27 #include <errno.h>
  28 #include <sys/stat.h>
  29 #include <sys/types.h>
  30
  31 #ifdef _WIN32
  32 # include <windows.h>
  33 # include <wincrypt.h>
  34 #  if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
  35 typedef PCCRL_CONTEXT WINAPI (*Type_CertEnumCRLsInStore) (HCERTSTORE hCertStore, PCCRL_CONTEXT pPrevCrlContext);
  36 static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
  37 static HMODULE Crypt32_dll;
  38 #  else
  39 #   define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
  40 #  endif
  41 #else
  42 # ifdef HAVE_PTHREAD_LOCKS
  43 #  include <pthread.h>
  44 # endif
  45
  46 # if defined(HAVE_GETPWUID_R)
  47 #  include <pwd.h>
  48 # endif
  49 #endif
  50
  51 /* We need to disable gnulib's replacement wrappers to get native
  52    Windows interfaces. */
  53 #undef recv
  54 #undef send
  55 #undef select
  56
  57 /* System specific function wrappers.
  58  */
  59
  60 #ifdef _WIN32
  61 int
  62 system_errno (gnutls_transport_ptr p)
  63 {
  64   int tmperr = WSAGetLastError ();
  65   int ret = 0;
  66   switch (tmperr)
  67     {
  68     case WSAEWOULDBLOCK:
  69       ret = EAGAIN;
  70       break;
  71     case NO_ERROR:
  72       ret = 0;
  73       break;
  74     case WSAEINTR:
  75       ret = EINTR;
  76       break;
  77     case WSAEMSGSIZE:
  78       ret = EMSGSIZE;
  79       break;
  80     default:
  81       ret = EIO;
  82       break;
  83     }
  84   WSASetLastError (tmperr);
  85
  86   return ret;
  87 }
  88
  89 ssize_t
  90 system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size)
  91 {
  92   return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
  93 }
  94 #else /* POSIX */
  95 int
  96 system_errno (gnutls_transport_ptr_t ptr)
  97 {
  98 #if defined(_AIX) || defined(AIX)
  99   if (errno == 0) errno = EAGAIN;
 100 #endif
 101
 102   return errno;
 103 }
 104
 105 ssize_t
 106 system_writev (gnutls_transport_ptr_t ptr, const giovec_t * iovec,
 107                int iovec_cnt)
 108 {
 109   return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
 110                  iovec_cnt);
 111
 112 }
 113 #endif
 114
 115 ssize_t
 116 system_read (gnutls_transport_ptr_t ptr, void *data, size_t data_size)
 117 {
 118   return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
 119 }
 120
 121 /* Wait for data to be received within a timeout period in milliseconds.
 122  * To catch a termination it will also try to receive 0 bytes from the
 123  * socket if select reports to proceed.
 124  *
 125  * Returns -1 on error, 0 on timeout, positive value if data are available for reading.
 126  */
 127 int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
 128 {
 129 fd_set rfds;
 130 struct timeval tv;
 131 int ret;
 132 int fd = GNUTLS_POINTER_TO_INT(ptr);
 133
 134   FD_ZERO(&rfds);
 135   FD_SET(fd, &rfds);
 136
 137   tv.tv_sec = 0;
 138   tv.tv_usec = ms * 1000;
 139
 140   while(tv.tv_usec >= 1000000)
 141     {
 142       tv.tv_usec -= 1000000;
 143       tv.tv_sec++;
 144     }
 145
 146   ret = select(fd+1, &rfds, NULL, NULL, &tv);
 147   if (ret <= 0)
 148     return ret;
 149
 150   return ret;
 151 }
 152
 153 /* Thread stuff */
 154
 155 #ifdef HAVE_WIN32_LOCKS
 156 static int
 157 gnutls_system_mutex_init (void **priv)
 158 {
 159   CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION));
 160
 161   if (lock == NULL)
 162     return GNUTLS_E_MEMORY_ERROR;
 163
 164   InitializeCriticalSection (lock);
 165
 166   *priv = lock;
 167
 168   return 0;
 169 }
 170
 171 static int
 172 gnutls_system_mutex_deinit (void **priv)
 173 {
 174   DeleteCriticalSection ((CRITICAL_SECTION *) * priv);
 175   free (*priv);
 176
 177   return 0;
 178 }
 179
 180 static int
 181 gnutls_system_mutex_lock (void **priv)
 182 {
 183   EnterCriticalSection ((CRITICAL_SECTION *) * priv);
 184   return 0;
 185 }
 186
 187 static int
 188 gnutls_system_mutex_unlock (void **priv)
 189 {
 190   LeaveCriticalSection ((CRITICAL_SECTION *) * priv);
 191   return 0;
 192 }
 193
 194 #endif /* WIN32_LOCKS */
 195
 196 #ifdef HAVE_PTHREAD_LOCKS
 197
 198 static int
 199 gnutls_system_mutex_init (void **priv)
 200 {
 201   pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t));
 202   int ret;
 203
 204   if (lock == NULL)
 205     return GNUTLS_E_MEMORY_ERROR;
 206
 207   ret = pthread_mutex_init (lock, NULL);
 208   if (ret)
 209     {
 210       free (lock);
 211       gnutls_assert ();
 212       return GNUTLS_E_LOCKING_ERROR;
 213     }
 214
 215   *priv = lock;
 216
 217   return 0;
 218 }
 219
 220 static int
 221 gnutls_system_mutex_deinit (void **priv)
 222 {
 223   pthread_mutex_destroy ((pthread_mutex_t *) * priv);
 224   free (*priv);
 225   return 0;
 226 }
 227
 228 static int
 229 gnutls_system_mutex_lock (void **priv)
 230 {
 231   if (pthread_mutex_lock ((pthread_mutex_t *) * priv))
 232     {
 233       gnutls_assert ();
 234       return GNUTLS_E_LOCKING_ERROR;
 235     }
 236
 237   return 0;
 238 }
 239
 240 static int
 241 gnutls_system_mutex_unlock (void **priv)
 242 {
 243   if (pthread_mutex_unlock ((pthread_mutex_t *) * priv))
 244     {
 245       gnutls_assert ();
 246       return GNUTLS_E_LOCKING_ERROR;
 247     }
 248
 249   return 0;
 250 }
 251
 252 #endif /* PTHREAD_LOCKS */
 253
 254 #ifdef HAVE_NO_LOCKS
 255
 256 static int
 257 gnutls_system_mutex_init (void **priv)
 258 {
 259   return 0;
 260 }
 261
 262 static int
 263 gnutls_system_mutex_deinit (void **priv)
 264 {
 265   return 0;
 266 }
 267
 268 static int
 269 gnutls_system_mutex_lock (void **priv)
 270 {
 271   return 0;
 272 }
 273
 274 static int
 275 gnutls_system_mutex_unlock (void **priv)
 276 {
 277   return 0;
 278 }
 279
 280 #endif /* NO_LOCKS */
 281
 282 gnutls_time_func gnutls_time = time;
 283 mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
 284 mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
 285 mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
 286 mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
 287
 288 int
 289 gnutls_system_global_init ()
 290 {
 291 #ifdef _WIN32
 292 # if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
 293   HMODULE crypto;
 294   crypto = LoadLibraryA ("Crypt32.dll");
 295
 296   if (crypto == NULL)
 297     return GNUTLS_E_CRYPTO_INIT_FAILED;
 298
 299   Loaded_CertEnumCRLsInStore = (Type_CertEnumCRLsInStore) GetProcAddress (crypto, "CertEnumCRLsInStore");
 300   if (Loaded_CertEnumCRLsInStore == NULL)
 301     {
 302       FreeLibrary (crypto);
 303       return GNUTLS_E_CRYPTO_INIT_FAILED;
 304     }
 305
 306   Crypt32_dll = crypto;
 307 # endif
 308 #endif
 309   return 0;
 310 }
 311
 312 void
 313 gnutls_system_global_deinit ()
 314 {
 315 #ifdef _WIN32
 316 # if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
 317   FreeLibrary (Crypt32_dll);
 318 # endif
 319 #endif
 320 }
 321
 322
 323 #define CONFIG_PATH ".gnutls"
 324
 325 /* Returns a path to store user-specific configuration
 326  * data.
 327  */
 328 int _gnutls_find_config_path(char* path, size_t max_size)
 329 {
 330 char tmp_home_dir[1024];
 331 const char *home_dir = getenv ("HOME");
 332
 333 #ifdef _WIN32
 334   if (home_dir == NULL || home_dir[0] == '\0')
 335     {
 336       const char *home_drive = getenv ("HOMEDRIVE");
 337       const char *home_path = getenv ("HOMEPATH");
 338
 339       if (home_drive != NULL && home_path != NULL)
 340         {
 341           snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s%s", home_drive, home_path);
 342         }
 343       else
 344         {
 345           tmp_home_dir[0] = 0;
 346         }
 347
 348       home_dir = tmp_home_dir;
 349     }
 350 #elif defined(HAVE_GETPWUID_R)
 351   if (home_dir == NULL || home_dir[0] == '\0')
 352     {
 353       struct passwd *pwd;
 354       struct passwd _pwd;
 355       char buf[1024];
 356
 357       getpwuid_r(getuid(), &_pwd, buf, sizeof(buf), &pwd);
 358       if (pwd != NULL)
 359         {
 360           snprintf(tmp_home_dir, sizeof(tmp_home_dir), "%s", pwd->pw_dir);
 361         }
 362       else
 363         {
 364           tmp_home_dir[0] = 0;
 365         }
 366
 367       home_dir = tmp_home_dir;
 368     }
 369 #else
 370   if (home_dir == NULL || home_dir[0] == '\0')
 371     {
 372       tmp_home_dir[0] = 0;
 373       home_dir = tmp_home_dir;
 374     }
 375 #endif
 376
 377   if (home_dir == NULL || home_dir[0] == 0)
 378     path[0] = 0;
 379   else
 380     snprintf(path, max_size, "%s/"CONFIG_PATH, home_dir);
 381
 382   return 0;
 383 }
 384
 385 /**
 386  * gnutls_x509_trust_list_add_system_trust:
 387  * @list: The structure of the list
 388  * @tl_flags: GNUTLS_TL_*
 389  * @tl_vflags: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL
 390  *
 391  * This function adds the system's default trusted certificate
 392  * authorities to the trusted list. Note that on unsupported system
 393  * this function returns %GNUTLS_E_UNIMPLEMENTED_FEATURE.
 394  *
 395  * Returns: The number of added elements or a negative error code on error.
 396  *
 397  * Since: 3.1
 398  **/
 399 int
 400 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
 401                                         unsigned int tl_flags, unsigned int tl_vflags)
 402 {
 403 #if !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE) && !defined(_WIN32)
 404   return GNUTLS_E_UNIMPLEMENTED_FEATURE;
 405 #else
 406   int ret, r = 0;
 407   const char* crl_file =
 408 # ifdef DEFAULT_CRL_FILE
 409   DEFAULT_CRL_FILE;
 410 # else
 411   NULL;
 412 # endif
 413
 414 # ifdef _WIN32
 415   unsigned int i;
 416
 417   for (i=0;i<2;i++)
 418   {
 419     HCERTSTORE store;
 420     const CERT_CONTEXT *cert;
 421     const CRL_CONTEXT *crl;
 422     gnutls_datum_t data;
 423
 424     if (i==0) store = CertOpenSystemStore(0, "ROOT");
 425     else store = CertOpenSystemStore(0, "CA");
 426
 427     if (store == NULL) return GNUTLS_E_FILE_ERROR;
 428
 429     cert = CertEnumCertificatesInStore(store, NULL);
 430     crl = Loaded_CertEnumCRLsInStore(store, NULL);
 431
 432     while(cert != NULL)
 433       {
 434         if (cert->dwCertEncodingType == X509_ASN_ENCODING)
 435           {
 436             data.data = cert->pbCertEncoded;
 437             data.size = cert->cbCertEncoded;
 438             if (gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags) > 0)
 439               r++;
 440           }
 441         cert = CertEnumCertificatesInStore(store, cert);
 442       }
 443
 444     while(crl != NULL)
 445       {
 446         if (crl->dwCertEncodingType == X509_ASN_ENCODING)
 447           {
 448             data.data = crl->pbCrlEncoded;
 449             data.size = crl->cbCrlEncoded;
 450             gnutls_x509_trust_list_add_trust_mem(list, NULL, &data, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
 451           }
 452         crl = Loaded_CertEnumCRLsInStore(store, crl);
 453       }
 454     CertCloseStore(store, 0);
 455   }
 456 # endif
 457
 458 # if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
 459   ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_PKCS11, crl_file,
 460                                               GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
 461   if (ret > 0)
 462     r += ret;
 463 # endif
 464
 465 # ifdef DEFAULT_TRUST_STORE_FILE
 466   ret = gnutls_x509_trust_list_add_trust_file(list, DEFAULT_TRUST_STORE_FILE, crl_file,
 467                                               GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
 468   if (ret > 0)
 469     r += ret;
 470 # endif
 471   return r;
 472 #endif
 473 }