lib/gnutls_db.c

   1 /*
   2  * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GNUTLS.
   8  *
   9  * The GNUTLS library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 /* This file contains functions that manipulate a database backend for
  27  * resumed sessions.
  28  */
  29
  30 #include "gnutls_int.h"
  31 #include "gnutls_errors.h"
  32 #include <gnutls_db.h>
  33 #include "debug.h"
  34 #include <gnutls_session_pack.h>
  35 #include <gnutls_datum.h>
  36
  37 /**
  38   * gnutls_db_set_retrieve_function - Set the function that will be used to get data
  39   * @session: is a #gnutls_session_t structure.
  40   * @retr_func: is the function.
  41   *
  42   * Sets the function that will be used to retrieve data from the
  43   * resumed sessions database.  This function must return a
  44   * gnutls_datum_t containing the data on success, or a gnutls_datum_t
  45   * containing null and 0 on failure.
  46   *
  47   * The datum's data must be allocated using the function
  48   * gnutls_malloc().
  49   *
  50   * The first argument to retr_func() will be null unless
  51   * gnutls_db_set_ptr() has been called.
  52   **/
  53 void
  54 gnutls_db_set_retrieve_function (gnutls_session_t session,
  55                                  gnutls_db_retr_func retr_func)
  56 {
  57   session->internals.db_retrieve_func = retr_func;
  58 }
  59
  60 /**
  61   * gnutls_db_set_remove_function - Set the function that will be used to remove data
  62   * @session: is a #gnutls_session_t structure.
  63   * @rem_func: is the function.
  64   *
  65   * Sets the function that will be used to remove data from the
  66   * resumed sessions database. This function must return 0 on success.
  67   *
  68   * The first argument to rem_func() will be null unless
  69   * gnutls_db_set_ptr() has been called.
  70   **/
  71 void
  72 gnutls_db_set_remove_function (gnutls_session_t session,
  73                                gnutls_db_remove_func rem_func)
  74 {
  75   session->internals.db_remove_func = rem_func;
  76 }
  77
  78 /**
  79   * gnutls_db_set_store_function - Set the function that will be used to put data
  80   * @session: is a #gnutls_session_t structure.
  81   * @store_func: is the function
  82   *
  83   * Sets the function that will be used to store data from the resumed
  84   * sessions database. This function must remove 0 on success.
  85   *
  86   * The first argument to store_func() will be null unless
  87   * gnutls_db_set_ptr() has been called.
  88   **/
  89 void
  90 gnutls_db_set_store_function (gnutls_session_t session,
  91                               gnutls_db_store_func store_func)
  92 {
  93   session->internals.db_store_func = store_func;
  94 }
  95
  96 /**
  97   * gnutls_db_set_ptr - Set a pointer to be sent to db functions
  98   * @session: is a #gnutls_session_t structure.
  99   * @ptr: is the pointer
 100   *
 101   * Sets the pointer that will be provided to db store, retrieve and
 102   * delete functions, as the first argument.
 103   *
 104   **/
 105 void
 106 gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
 107 {
 108   session->internals.db_ptr = ptr;
 109 }
 110
 111 /**
 112   * gnutls_db_get_ptr - Returns the pointer which is sent to db functions
 113   * @session: is a #gnutls_session_t structure.
 114   *
 115   * Get db function pointer.
 116   *
 117   * Returns: the pointer that will be sent to db store, retrieve and
 118   *   delete functions, as the first argument.
 119   **/
 120 void *
 121 gnutls_db_get_ptr (gnutls_session_t session)
 122 {
 123   return session->internals.db_ptr;
 124 }
 125
 126 /**
 127  * gnutls_db_set_cache_expiration - Set the expiration time for resumed sessions.
 128  * @session: is a #gnutls_session_t structure.
 129  * @seconds: is the number of seconds.
 130  *
 131  * Set the expiration time for resumed sessions. The default is 3600
 132  * (one hour) at the time writing this.
 133  **/
 134 void
 135 gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
 136 {
 137   session->internals.expire_time = seconds;
 138 }
 139
 140 /**
 141  * gnutls_db_check_entry - check if the given db entry has expired
 142  * @session: is a #gnutls_session_t structure.
 143  * @session_entry: is the session data (not key)
 144  *
 145  * Check if database entry has expired.  This function is to be used
 146  * when you want to clear unnesessary session which occupy space in
 147  * your backend.
 148  *
 149  * Returns: Returns %GNUTLS_E_EXPIRED, if the database entry has
 150  *   expired or 0 otherwise.
 151  **/
 152 int
 153 gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
 154 {
 155   time_t timestamp;
 156
 157   timestamp = time (0);
 158
 159   if (session_entry.data != NULL)
 160     if (timestamp -
 161         ((security_parameters_st *) (session_entry.data))->timestamp <=
 162         session->internals.expire_time
 163         || ((security_parameters_st *) (session_entry.data))->timestamp >
 164         timestamp
 165         || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
 166       return GNUTLS_E_EXPIRED;
 167
 168   return 0;
 169 }
 170
 171 /* The format of storing data is:
 172  * (forget it). Check gnutls_session_pack.c
 173  */
 174 int
 175 _gnutls_server_register_current_session (gnutls_session_t session)
 176 {
 177   gnutls_datum_t key;
 178   gnutls_datum_t content;
 179   int ret = 0;
 180
 181   key.data = session->security_parameters.session_id;
 182   key.size = session->security_parameters.session_id_size;
 183
 184   if (session->internals.resumable == RESUME_FALSE)
 185     {
 186       gnutls_assert ();
 187       return GNUTLS_E_INVALID_SESSION;
 188     }
 189
 190   if (session->security_parameters.session_id == NULL
 191       || session->security_parameters.session_id_size == 0)
 192     {
 193       gnutls_assert ();
 194       return GNUTLS_E_INVALID_SESSION;
 195     }
 196
 197 /* copy data */
 198   ret = _gnutls_session_pack (session, &content);
 199   if (ret < 0)
 200     {
 201       gnutls_assert ();
 202       return ret;
 203     }
 204
 205   ret = _gnutls_store_session (session, key, content);
 206   _gnutls_free_datum (&content);
 207
 208   return ret;
 209 }
 210
 211 /* Checks if both db_store and db_retrieve functions have
 212  * been set up.
 213  */
 214 static int
 215 _gnutls_db_func_is_ok (gnutls_session_t session)
 216 {
 217   if (session->internals.db_store_func != NULL &&
 218       session->internals.db_retrieve_func != NULL &&
 219       session->internals.db_remove_func != NULL)
 220     return 0;
 221   else
 222     return GNUTLS_E_DB_ERROR;
 223 }
 224
 225
 226 int
 227 _gnutls_server_restore_session (gnutls_session_t session,
 228                                 uint8_t * session_id, int session_id_size)
 229 {
 230   gnutls_datum_t data;
 231   gnutls_datum_t key;
 232   int ret;
 233
 234   key.data = session_id;
 235   key.size = session_id_size;
 236
 237   if (_gnutls_db_func_is_ok (session) != 0)
 238     {
 239       gnutls_assert ();
 240       return GNUTLS_E_INVALID_SESSION;
 241     }
 242
 243   data = _gnutls_retrieve_session (session, key);
 244
 245   if (data.data == NULL)
 246     {
 247       gnutls_assert ();
 248       return GNUTLS_E_INVALID_SESSION;
 249     }
 250
 251   /* expiration check is performed inside */
 252   ret = gnutls_session_set_data (session, data.data, data.size);
 253   if (ret < 0)
 254     {
 255       gnutls_assert ();
 256       return ret;
 257     }
 258
 259   gnutls_free (data.data);
 260
 261   return 0;
 262 }
 263
 264 int
 265 _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
 266                            int session_id_size)
 267 {
 268   gnutls_datum_t key;
 269
 270   key.data = session_id;
 271   key.size = session_id_size;
 272
 273   return _gnutls_remove_session (session, key);
 274 }
 275
 276
 277 /* Stores session data to the db backend.
 278  */
 279 int
 280 _gnutls_store_session (gnutls_session_t session,
 281                        gnutls_datum_t session_id, gnutls_datum_t session_data)
 282 {
 283   int ret = 0;
 284
 285   if (session->internals.resumable == RESUME_FALSE)
 286     {
 287       gnutls_assert ();
 288       return GNUTLS_E_INVALID_SESSION;
 289     }
 290
 291   if (_gnutls_db_func_is_ok (session) != 0)
 292     {
 293       return GNUTLS_E_DB_ERROR;
 294     }
 295
 296   if (session_id.data == NULL || session_id.size == 0)
 297     {
 298       gnutls_assert ();
 299       return GNUTLS_E_INVALID_SESSION;
 300     }
 301
 302   if (session_data.data == NULL || session_data.size == 0)
 303     {
 304       gnutls_assert ();
 305       return GNUTLS_E_INVALID_SESSION;
 306     }
 307   /* if we can't read why bother writing? */
 308
 309   if (session->internals.db_store_func != NULL)
 310     ret =
 311       session->internals.db_store_func (session->internals.db_ptr,
 312                                         session_id, session_data);
 313
 314   return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
 315
 316 }
 317
 318 /* Retrieves session data from the db backend.
 319  */
 320 gnutls_datum_t
 321 _gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id)
 322 {
 323   gnutls_datum_t ret = { NULL, 0 };
 324
 325   if (session_id.data == NULL || session_id.size == 0)
 326     {
 327       gnutls_assert ();
 328       return ret;
 329     }
 330
 331   if (session->internals.db_retrieve_func != NULL)
 332     ret =
 333       session->internals.db_retrieve_func (session->internals.db_ptr,
 334                                            session_id);
 335
 336   return ret;
 337
 338 }
 339
 340 /* Removes session data from the db backend.
 341  */
 342 int
 343 _gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id)
 344 {
 345   int ret = 0;
 346
 347   if (_gnutls_db_func_is_ok (session) != 0)
 348     {
 349       return GNUTLS_E_DB_ERROR;
 350     }
 351
 352   if (session_id.data == NULL || session_id.size == 0)
 353     return GNUTLS_E_INVALID_SESSION;
 354
 355   /* if we can't read why bother writing? */
 356   if (session->internals.db_remove_func != NULL)
 357     ret =
 358       session->internals.db_remove_func (session->internals.db_ptr,
 359                                          session_id);
 360
 361   return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
 362
 363 }
 364
 365 /**
 366  * gnutls_db_remove_session - remove the current session data from the database
 367  * @session: is a #gnutls_session_t structure.
 368  *
 369  * This function will remove the current session data from the
 370  * session database.  This will prevent future handshakes reusing
 371  * these session data.  This function should be called if a session
 372  * was terminated abnormally, and before gnutls_deinit() is called.
 373  *
 374  * Normally gnutls_deinit() will remove abnormally terminated
 375  * sessions.
 376  **/
 377 void
 378 gnutls_db_remove_session (gnutls_session_t session)
 379 {
 380   _gnutls_db_remove_session (session,
 381                              session->security_parameters.session_id,
 382                              session->security_parameters.session_id_size);
 383 }