2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
4 Ben Kibbey <bjk@luxsci.net>
6 This file is part of pwmd.
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
31 #include <sys/socket.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
49 #include <sys/resource.h>
64 #ifdef HAVE_GETOPT_LONG
69 #include "getopt_long.h"
72 #ifdef HAVE_PR_SET_NAME
73 #include <sys/prctl.h>
76 #include "pwmd-error.h"
79 #include "util-misc.h"
85 #include "util-string.h"
96 static unsigned assuan_level
;
98 #ifndef HAVE_PTHREAD_CANCEL
99 #define INIT_SIGNAL(s, cb) do { \
100 int *n = xmalloc (sizeof (int)); \
102 pthread_setspecific (signal_thread_key, n); \
103 struct sigaction act; \
105 sigemptyset (&sigset); \
106 sigaddset (&sigset, s); \
107 pthread_sigmask (SIG_UNBLOCK, &sigset, NULL); \
108 memset (&act, 0, sizeof(act)); \
109 act.sa_flags = SA_SIGINFO; \
110 act.sa_mask = sigset; \
111 act.sa_sigaction = cb; \
112 sigaction (s, &act, NULL); \
116 catch_thread_signal (int sig
, siginfo_t
*info
, void *ctx
)
118 int *n
= (int *) pthread_getspecific (signal_thread_key
);
127 int n
= config_get_boolean ("global", "enable_logging");
131 char *p
= config_get_string ("global", "log_path");
133 if (!p
|| (logfile
&& p
&& log_fd
!= -1 && strcmp(p
, logfile
)))
144 logfile
= expand_homedir (p
);
158 log_syslog
= config_get_boolean ("global", "syslog");
160 openlog ("pwmd", LOG_NDELAY
| LOG_PID
, LOG_DAEMON
);
164 reload_rcfile_thread (void *arg
)
166 #ifndef HAVE_PTHREAD_CANCEL
167 INIT_SIGNAL (SIGUSR2
, catch_thread_signal
);
170 #ifdef HAVE_PR_SET_NAME
171 prctl (PR_SET_NAME
, "reload rcfile");
173 pthread_setspecific (thread_name_key
, str_asprintf ("!%s", __FUNCTION__
));
174 MUTEX_LOCK (&rcfile_mutex
);
180 struct slist_s
*keep
= NULL
;
181 struct slist_s
*config
;
182 int b
= disable_list_and_dump
;
188 pthread_cleanup_push (release_mutex_cb
, &rcfile_mutex
);
189 pthread_cond_wait (&rcfile_cond
, &rcfile_mutex
);
191 keep
= config_keep_save ();
192 log_write (_("reloading configuration file '%s'"), rcfile
);
195 prio
= config_get_string ("global", "tls_cipher_suite");
197 config
= config_parse (rcfile
, 1);
200 config_free (global_config
);
201 global_config
= config
;
205 config_keep_restore (keep
);
206 disable_list_and_dump
= !disable_list_and_dump
? b
: 1;
209 /* Restart listening sockets since they may have changed. */
213 prio2
= config_get_string ("global", "tls_cipher_suite");
214 if ((prio2
&& (!prio
|| strcmp (prio
, prio2
))) || (prio
&& !prio2
))
220 crypto_set_keepalive ();
221 pthread_cleanup_pop (0);
224 MUTEX_UNLOCK (&rcfile_mutex
);
229 send_error (assuan_context_t ctx
, gpg_error_t e
)
231 struct client_s
*client
= assuan_get_pointer (ctx
);
233 if (gpg_err_source (e
) == GPG_ERR_SOURCE_UNKNOWN
)
240 return assuan_process_done (ctx
, 0);
244 log_write ("ERR %i: %s", e
, pwmd_strerror (e
));
248 if (client
&& client
->xml_error
)
250 log_write ("%s", client
->xml_error
->message
);
251 xfree (client
->last_error
);
252 client
->last_error
= NULL
;
253 if (client
->xml_error
->message
)
254 client
->last_error
= str_dup (client
->xml_error
->message
);
256 e
= assuan_process_done (ctx
,
257 assuan_set_error (ctx
, e
,
258 client
->xml_error
->message
? client
->xml_error
->message
: NULL
));
259 xmlResetLastError ();
260 xmlResetError (client
->xml_error
);
261 xfree (client
->xml_error
);
262 client
->xml_error
= NULL
;
266 return assuan_process_done (ctx
,
267 assuan_set_error (ctx
, e
, pwmd_strerror (e
)));
271 log_write (const char *fmt
, ...)
277 pthread_t tid
= pthread_self ();
278 static pthread_mutex_t m
= PTHREAD_MUTEX_INITIALIZER
;
280 if ((!logfile
&& !isatty (STDERR_FILENO
) && !log_syslog
) || !fmt
)
284 pthread_cleanup_push (release_mutex_cb
, &m
);
286 if (!cmdline
&& logfile
&& log_fd
== -1)
288 log_fd
= open (logfile
, O_WRONLY
| O_CREAT
| O_APPEND
, 0600);
290 warn ("%s", logfile
);
295 if (str_vasprintf (&args
, fmt
, ap
) != -1)
297 pthread_cleanup_push (xfree
, args
);
300 fprintf (stderr
, "pwmd: %s\n", args
);
305 char *name
= pthread_getspecific (thread_name_key
);
311 snprintf (buf
, sizeof (buf
), "%s: ", name
+1);
313 snprintf (buf
, sizeof (buf
), "%s(%p): ", name
,
317 snprintf (buf
, sizeof (buf
), "%p: ", (pthread_t
*)tid
);
320 if (!cmdline
&& log_syslog
&& !nofork
)
321 syslog (LOG_INFO
, "%s%s", name
, args
);
324 struct tm
*tm
= localtime (&now
);
326 strftime (tbuf
, sizeof (tbuf
), "%b %d %Y %H:%M:%S ", tm
);
327 tbuf
[sizeof (tbuf
) - 1] = 0;
329 if (args
[strlen (args
) - 1] == '\n')
330 args
[strlen (args
) - 1] = 0;
332 line
= str_asprintf ("%s %i %s%s\n", tbuf
, getpid (), name
,
336 pthread_cleanup_push (xfree
, line
);
337 if (logfile
&& log_fd
!= -1)
339 ssize_t ret
= write (log_fd
, line
, strlen (line
));
346 fprintf (stdout
, "%s", line
);
350 pthread_cleanup_pop (1);
353 pthread_cleanup_pop (1);
358 if (log_fd
!= -1 && log_keepopen
<= 0)
364 pthread_cleanup_pop (1);
372 if (!gpgrt_check_version (REQUIRE_LIBGPGERROR_VERSION
))
374 fprintf (stderr
, _("gpgrt_check_version(): Incompatible libgpg-error. "
375 "Wanted %s, got %s.\n"), REQUIRE_LIBGPGERROR_VERSION
,
376 gpgrt_check_version (NULL
));
377 return GPG_ERR_UNKNOWN_VERSION
;
381 //gpgrt_set_alloc_func (xrealloc_gpgrt);
383 if (!assuan_check_version (REQUIRE_LIBASSUAN_VERSION
))
385 fprintf (stderr
, _("assuan_check_version(): Incompatible libassuan. "
386 "Wanted %s, got %s.\n"), REQUIRE_LIBASSUAN_VERSION
,
387 assuan_check_version (NULL
));
388 return GPG_ERR_UNKNOWN_VERSION
;
391 if (!gcry_check_version (REQUIRE_LIBGCRYPT_VERSION
))
393 fprintf (stderr
, _("gcry_check_version(): Incompatible libgcrypt. "
394 "Wanted %s, got %s.\n"), REQUIRE_LIBGCRYPT_VERSION
,
395 gcry_check_version (NULL
));
396 return GPG_ERR_UNKNOWN_VERSION
;
399 gcry_set_allocation_handler (xmalloc
, xmalloc
, NULL
, xrealloc
, xfree
);
401 if (!gpgme_check_version (REQUIRE_LIBGPGME_VERSION
))
403 fprintf (stderr
, _("gpgme_check_version(): Incompatible libgpgme. "
404 "Wanted %s, got %s.\n"), REQUIRE_LIBGPGME_VERSION
,
405 gpgme_check_version (NULL
));
406 return GPG_ERR_UNKNOWN_VERSION
;
409 rc
= gpgme_engine_check_version (GPGME_PROTOCOL_OPENPGP
);
412 fprintf (stderr
, _("gpgme_engine_check_version(GPGME_PROTOCOL_OPENPGP): %s"), gpgme_strerror (rc
));
413 return GPG_ERR_UNKNOWN_VERSION
;
416 //gpgme_set_global_flag ("require-gnupg", REQUIRE_GNUPG_VERSION);
418 gpgme_set_locale (NULL
, LC_CTYPE
, setlocale (LC_CTYPE
, NULL
));
419 gpgme_set_locale (NULL
, LC_MESSAGES
, setlocale (LC_MESSAGES
, NULL
));
423 if (gnutls_global_init ())
425 fprintf(stderr
, _("gnutls_global_init() failed.\n"));
426 return GPG_ERR_UNKNOWN_VERSION
;
429 if (!gnutls_check_version (REQUIRE_LIBGNUTLS_VERSION
))
431 fprintf (stderr
, _("gnutls_check_version(): Incompatible libgnutls. "
432 "Wanted %s, got %s.\n"), REQUIRE_LIBGNUTLS_VERSION
,
433 gnutls_check_version (NULL
));
434 return GPG_ERR_UNKNOWN_VERSION
;
437 gnutls_global_set_log_function (tls_log
);
438 gnutls_global_set_audit_log_function (tls_audit_log
);
444 xml_error_cb (void *data
, xmlErrorPtr e
)
446 struct client_s
*client
= data
;
449 * Keep the first reported error as the one to show in the error
450 * description. Reset in send_error().
452 if (client
->xml_error
)
455 client
->xml_error
= xcalloc (1, sizeof(xmlError
));
456 xmlCopyError (e
, client
->xml_error
);
460 hook_waitpid (assuan_context_t ctx
, pid_t pid
, int action
,
461 int *status
, int options
)
465 return waitpid (pid
, status
, options
);
469 hook_read (assuan_context_t ctx
, assuan_fd_t fd
, void *data
, size_t len
)
473 struct client_s
*client
= assuan_get_pointer (ctx
);
475 if (client
->thd
->remote
)
476 return tls_read_hook (ctx
, (int) fd
, data
, len
);
479 return read ((int) fd
, data
, len
);
483 hook_write (assuan_context_t ctx
, assuan_fd_t fd
,
484 const void *data
, size_t len
)
488 struct client_s
*client
= assuan_get_pointer (ctx
);
490 if (client
->thd
->remote
)
491 return tls_write_hook (ctx
, (int) fd
, data
, len
);
494 return write ((int) fd
, data
, len
);
498 assuan_log_cb (assuan_context_t ctx
, void *data
, unsigned cat
,
501 struct client_s
*client
= data
;
502 const char *str
= NULL
;
507 if (!(assuan_level
& cat
))
515 case ASSUAN_LOG_INIT
:
516 str
= "ASSUAN[INIT]";
521 case ASSUAN_LOG_ENGINE
:
522 str
= "ASSUAN[ENGINE]";
524 case ASSUAN_LOG_DATA
:
525 str
= "ASSUAN[DATA]";
527 case ASSUAN_LOG_SYSIO
:
528 str
= "ASSUAN[SYSIO]";
530 case ASSUAN_LOG_CONTROL
:
531 str
= "ASSUAN[CONTROL]";
534 str
= "ASSUAN[UNKNOWN]";
538 log_write ("%s: %s", str
, msg
);
543 new_connection (struct client_s
*cl
)
546 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
547 static struct assuan_system_hooks shooks
= {
548 ASSUAN_SYSTEM_HOOKS_VERSION
,
556 NULL
, //sendmsg both are used for FD passing
567 char *prio
= config_get_string ("global", "tls_cipher_suite");
569 cl
->thd
->timeout
= config_get_integer ("global", "tls_timeout");
570 if (fcntl (cl
->thd
->fd
, F_SETFL
, O_NONBLOCK
) == -1)
573 cl
->thd
->tls
= tls_init_client (cl
->thd
->fd
, cl
->thd
->timeout
, prio
);
580 rc
= assuan_new_ext (&cl
->ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
585 assuan_ctx_set_system_hooks (cl
->ctx
, &shooks
);
586 rc
= assuan_init_socket_server (cl
->ctx
, cl
->thd
->fd
, 2);
590 assuan_set_pointer (cl
->ctx
, cl
);
591 assuan_set_hello_line (cl
->ctx
, PACKAGE_STRING
);
592 rc
= register_commands (cl
->ctx
);
596 rc
= assuan_accept (cl
->ctx
);
600 rc
= validate_peer (cl
);
601 /* May not be implemented on all platforms. */
602 if (rc
&& gpg_err_code (rc
) != GPG_ERR_ASS_GENERAL
)
605 MUTEX_LOCK (&cn_mutex
);
606 cl
->thd
->state
= CLIENT_STATE_INIT
;
607 MUTEX_UNLOCK (&cn_mutex
);
608 cl
->lock_timeout
= config_get_integer ("global", "lock_timeout");
609 xmlSetStructuredErrorFunc (cl
, xml_error_cb
);
613 log_write ("%s", pwmd_strerror (rc
));
618 * This is called after a client is cancelled or disconnects. Set with
619 * pthread_cleanup_push().
622 free_client_cb (void *arg
)
624 struct client_thread_s
*cn
= arg
;
625 struct client_s
*cl
= cn
->cl
;
626 #ifndef HAVE_PTHREAD_CANCEL
627 char *tmp
= pthread_getspecific (signal_thread_key
);
630 pthread_setspecific (signal_thread_key
, NULL
);
632 MUTEX_LOCK (&cn_mutex
);
633 cn_thread_list
= slist_remove (cn_thread_list
, cn
);
634 MUTEX_UNLOCK (&cn_mutex
);
638 unlock_flock (&cl
->flock_fd
);
641 xmlResetError (cl
->xml_error
);
643 xfree (cl
->xml_error
);
648 gnutls_deinit (cn
->tls
->ses
);
655 assuan_release (cl
->ctx
);
656 else if (cl
->thd
&& cl
->thd
->fd
!= -1)
660 crypto_free (cl
->crypto
);
671 while (cn
->msg_queue
)
673 struct status_msg_s
*msg
= cn
->msg_queue
;
675 cn
->msg_queue
= msg
->next
;
680 if (cn
->status_msg_pipe
[0] != -1)
681 close (cn
->status_msg_pipe
[0]);
683 if (cn
->status_msg_pipe
[1] != -1)
684 close (cn
->status_msg_pipe
[1]);
686 pthread_mutex_destroy (&cn
->status_mutex
);
687 log_write (_("exiting, fd=%i"), cn
->fd
);
688 send_status_all (STATUS_CLIENTS
, NULL
);
691 xfree (cn
->peeraddr
);
699 MUTEX_LOCK (&cn_mutex
);
700 pthread_cleanup_push (release_mutex_cb
, &cn_mutex
);
702 while (slist_length (cn_thread_list
))
704 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, 0);
706 free_client_cb (thd
);
709 pthread_cleanup_pop (1);
713 send_msg_queue (struct client_thread_s
*thd
)
715 MUTEX_LOCK (&thd
->status_mutex
);
720 ret
= read (thd
->status_msg_pipe
[0], &c
, 1);
721 rc
= gpg_error_from_syserror ();
722 if (ret
== -1 && gpg_err_code (rc
) != GPG_ERR_EAGAIN
)
723 log_write ("%s (%i): %s", __FUNCTION__
, __LINE__
, pwmd_strerror (rc
));
727 thd
->wrote_status
= 0;
729 while (thd
->msg_queue
)
731 struct status_msg_s
*msg
= thd
->msg_queue
;
733 thd
->msg_queue
= thd
->msg_queue
->next
;
734 MUTEX_UNLOCK (&thd
->status_mutex
);
735 pthread_cleanup_push (xfree
, msg
);
736 pthread_cleanup_push (xfree
, msg
->line
);
737 rc
= send_status (thd
->cl
->ctx
, msg
->s
, msg
->line
);
738 pthread_cleanup_pop (1);
739 pthread_cleanup_pop (1);
740 MUTEX_LOCK (&thd
->status_mutex
);
745 MUTEX_UNLOCK (&thd
->status_mutex
);
746 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
747 log_write ("%s (%i): %s", __FUNCTION__
, __LINE__
, pwmd_strerror (rc
));
753 client_thread (void *data
)
755 struct client_thread_s
*thd
= data
;
756 struct client_s
*cl
= xcalloc (1, sizeof (struct client_s
));
757 struct slist_s
*list
;
759 #ifndef HAVE_PTHREAD_CANCEL
760 INIT_SIGNAL (SIGUSR2
, catch_thread_signal
);
763 #ifdef HAVE_PR_SET_NAME
764 prctl (PR_SET_NAME
, "client");
766 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
770 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
771 pwmd_strerror (GPG_ERR_ENOMEM
));
775 MUTEX_LOCK (&cn_mutex
);
776 pthread_cleanup_push (free_client_cb
, thd
);
781 list
= slist_append (cn_thread_list
, thd
);
783 cn_thread_list
= list
;
786 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
787 pwmd_strerror (GPG_ERR_ENOMEM
));
788 MUTEX_UNLOCK (&cn_mutex
);
792 if (fcntl (thd
->status_msg_pipe
[0], F_SETFL
, O_NONBLOCK
) == -1)
793 rc
= gpg_error_from_errno (errno
);
796 if (fcntl (thd
->status_msg_pipe
[1], F_SETFL
, O_NONBLOCK
) == -1)
797 rc
= gpg_error_from_errno (errno
);
799 MUTEX_UNLOCK (&cn_mutex
);
803 log_write ("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror (rc
));
807 if (new_connection (cl
))
810 struct pollfd fds
[2];
813 fds
[0].events
= POLLIN
;
814 fds
[1].fd
= thd
->status_msg_pipe
[0];
815 fds
[1].events
= POLLIN
;
817 send_status_all (STATUS_CLIENTS
, NULL
);
818 rc
= send_status (cl
->ctx
, STATUS_CACHE
, NULL
);
821 log_write ("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror (rc
));
830 n
= poll (fds
, 2, 100);
833 log_write ("%s", strerror (errno
));
838 if (thd
->remote
&& thd
->tls
&& thd
->tls
->rehandshake
)
844 if (thd
->tls
->rehandshake
== 1)
846 prio
= config_get_string ("global", "tls_cipher_suite");
849 thd
->tls
->rehandshake
= 0;
853 ret
= gnutls_priority_set_direct (thd
->tls
->ses
, prio
, &e
);
854 if (ret
== GNUTLS_E_SUCCESS
)
856 rc
= send_status (cl
->ctx
, STATUS_REHANDSHAKE
, NULL
);
859 rc
= assuan_send_data (cl
->ctx
, NULL
, 0);
862 ret
= gnutls_rehandshake (thd
->tls
->ses
);
865 log_write ("%s", gnutls_strerror (ret
));
866 thd
->tls
->rehandshake
= 0;
869 thd
->tls
->rehandshake
= 2;
874 log_write ("%s", pwmd_strerror (rc
));
877 log_write ("%s: %s", gnutls_strerror (ret
), e
);
888 if (fds
[1].revents
& POLLIN
)
891 if (!thd
->remote
|| (thd
->tls
&& !thd
->tls
->rehandshake
))
894 rc
= send_msg_queue (thd
);
895 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
900 #ifdef HAVE_PTHREAD_CANCEL
901 if (!(fds
[0].revents
& POLLIN
))
903 if (thd
->fd
!= -1 && !(fds
[0].revents
& POLLIN
))
907 rc
= assuan_process_next (cl
->ctx
, &eof
);
910 if (gpg_err_code (rc
) == GPG_ERR_EOF
|| eof
)
913 log_write ("assuan_process_next(): rc=%u %s", rc
,
915 if (rc
== gpg_error (GPG_ERR_ETIMEDOUT
))
918 rc
= send_error (cl
->ctx
, rc
);
921 log_write ("assuan_process_done(): rc=%u %s", rc
,
927 /* Since the msg queue pipe fd's are non-blocking, check for
928 * pending status msgs here. GPG_ERR_EPIPE can be seen when the
929 * client has already disconnected and will be converted to
930 * GPG_ERR_EOF during assuan_process_next().
933 if (!thd
->remote
|| (thd
->tls
&& !thd
->tls
->rehandshake
))
936 rc
= send_msg_queue (thd
);
937 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
943 /* Don't do pthread_exit() here because any set pthread_cleanup_push
944 * functions would be called after a command failed but then the client
945 * exited normally which may lead to a double free. */
946 pthread_cleanup_pop (1);
951 xml_import (const char *filename
, const char *outfile
, char **keyid
,
952 char **sign_keyid
, char *keyfile
, const char *keyparam
,
961 struct crypto_s
*crypto
= NULL
;
963 if (stat (filename
, &st
) == -1)
965 rc
= gpg_error_from_errno (errno
);
969 fd
= open (filename
, O_RDONLY
);
971 return gpg_error_from_errno (errno
);
973 xmlbuf
= xmalloc (st
.st_size
+ 1);
977 return GPG_ERR_ENOMEM
;
980 if (read (fd
, xmlbuf
, st
.st_size
) == -1)
982 rc
= gpg_error_from_errno (errno
);
989 xmlbuf
[st
.st_size
] = 0;
990 // Be sure the document validates.
991 doc
= xmlReadDoc (xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
);
994 return GPG_ERR_BAD_DATA
;
996 xmlNodePtr n
= xmlDocGetRootElement (doc
);
997 if (n
&& !xmlStrEqual (n
->name
, (xmlChar
*) "pwmd"))
998 rc
= GPG_ERR_BAD_DATA
;
1002 rc
= xml_validate_import (NULL
, n
? n
->children
: n
);
1005 rc
= crypto_init (&crypto
, NULL
, filename
, keyfile
!= NULL
, keyfile
);
1010 crypto
->flags
|= CRYPTO_FLAG_KEYFILE
;
1011 crypto
->keyfile
= str_dup (keyfile
);
1014 xmlDocDumpMemory (doc
, &crypto
->plaintext
, &len
);
1016 crypto
->plaintext_size
= len
;
1018 rc
= GPG_ERR_ENOMEM
;
1025 if (!symmetric
&& (keyparam
|| !keyid
))
1031 fd
= open (keyparam
, O_RDONLY
);
1033 rc
= gpg_error_from_errno (errno
);
1037 if (stat (keyparam
, &st
) == -1)
1038 rc
= gpg_error_from_errno (errno
);
1042 buf
= xmalloc (st
.st_size
+1);
1044 rc
= GPG_ERR_ENOMEM
;
1048 len
= read (fd
, buf
, st
.st_size
);
1049 if (len
!= st
.st_size
)
1050 rc
= gpg_error_from_errno (errno
);
1063 buf
= crypto_default_key_params ();
1065 rc
= GPG_ERR_ENOMEM
;
1069 rc
= crypto_genkey (NULL
, crypto
, (unsigned char *)buf
);
1075 crypto
->save
.pubkey
= strv_dup (keyid
);
1076 crypto
->save
.sigkey
= strv_dup (sign_keyid
);
1081 crypto
->flags
|= symmetric
? CRYPTO_FLAG_SYMMETRIC
: 0;
1082 rc
= crypto_encrypt (NULL
, crypto
);
1088 if (!strcmp (outfile
, "-"))
1091 xfree (crypto
->plaintext
);
1092 crypto
->plaintext
= NULL
;
1093 xfree (crypto
->filename
);
1094 crypto
->filename
= outfile
? str_dup (outfile
) : NULL
;
1095 rc
= crypto_write_file (crypto
);
1099 crypto_free (crypto
);
1104 do_cache_push (struct crypto_s
*crypto
)
1108 struct cache_data_s
*cdata
;
1113 log_write (_("Trying to add datafile '%s' to the file cache ..."),
1116 if (valid_filename (crypto
->filename
) == 0)
1118 log_write (_("%s: Invalid characters in filename"), crypto
->filename
);
1119 return GPG_ERR_INV_VALUE
;
1122 rc
= lock_flock (NULL
, crypto
->filename
, LOCK_SH
, &fd
);
1124 rc
= crypto_decrypt (NULL
, crypto
);
1131 rc
= xml_parse_doc ((char *) crypto
->plaintext
, crypto
->plaintext_size
, &doc
);
1135 log_write ("%s", pwmd_strerror (rc
));
1139 cdata
= xcalloc (1, sizeof (struct cache_data_s
));
1144 return GPG_ERR_ENOMEM
;
1147 rc
= get_checksum (crypto
->filename
, &crc
, &len
);
1152 cache_free_data_once (cdata
);
1157 rc
= cache_encrypt (crypto
);
1160 cdata
->doc
= crypto
->plaintext
;
1161 cdata
->size
= crypto
->plaintext_size
;
1162 crypto
->plaintext
= NULL
;
1163 cdata
->pubkey
= crypto
->pubkey
;
1164 cdata
->sigkey
= crypto
->sigkey
;
1165 crypto
->pubkey
= NULL
;
1166 crypto
->sigkey
= NULL
;
1171 cache_free_data_once (cdata
);
1175 int timeout
= config_get_integer (crypto
->filename
, "cache_timeout");
1176 rc
= cache_add_file (crypto
->filename
, cdata
, timeout
);
1181 init_client (int fd
, const char *addr
)
1184 struct client_thread_s
*new = xcalloc (1, sizeof (struct client_thread_s
));
1189 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (ENOMEM
));
1190 return GPG_ERR_ENOMEM
;
1193 MUTEX_LOCK (&cn_mutex
);
1194 pthread_cleanup_push (release_mutex_cb
, &cn_mutex
);
1195 new->conntime
= time (NULL
);
1197 if (pipe (new->status_msg_pipe
) == -1)
1198 rc
= gpg_error_from_errno (errno
);
1200 pthread_mutex_init (&new->status_mutex
, NULL
);
1205 new->remote
= addr
? 1 : 0;
1207 new->peeraddr
= str_dup (addr
);
1210 rc
= create_thread (client_thread
, new, &new->tid
, 1);
1213 close (new->status_msg_pipe
[0]);
1214 close (new->status_msg_pipe
[1]);
1215 pthread_mutex_destroy (&new->status_mutex
);
1222 log_write (_("new connection: tid=%p, fd=%i, addr=%s"),
1223 (pthread_t
*) new->tid
, fd
, addr
);
1225 log_write (_("new connection: tid=%p, fd=%i"),
1226 (pthread_t
*) new->tid
, fd
);
1229 pthread_cleanup_pop (1);
1235 log_write ("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror (rc
));
1242 do_tls_accept (struct pollfd
*fds
)
1244 struct sockaddr_storage raddr
;
1245 socklen_t slen
= sizeof (raddr
);
1247 char s
[INET6_ADDRSTRLEN
];
1249 if (!(fds
->revents
& POLLIN
))
1252 fd
= accept (fds
->fd
, (struct sockaddr
*) &raddr
, &slen
);
1257 if (errno
!= EAGAIN
&& !quit
)
1258 log_write ("%s: %s", __FUNCTION__
,
1259 pwmd_strerror (gpg_error_from_syserror()));
1261 return gpg_error_from_errno (e
);
1264 inet_ntop (raddr
.ss_family
, get_in_addr ((struct sockaddr
*) &raddr
), s
,
1266 (void) init_client (fd
, s
);
1272 accept_thread (void *arg
)
1274 int sockfd
= *(int *) arg
;
1275 #ifndef HAVE_PTHREAD_CANCEL
1276 INIT_SIGNAL (SIGUSR2
, catch_thread_signal
);
1279 #ifdef HAVE_PR_SET_NAME
1280 prctl (PR_SET_NAME
, "accept");
1282 pthread_setspecific (thread_name_key
, str_asprintf ("!%s", __FUNCTION__
));
1286 socklen_t slen
= sizeof (struct sockaddr_un
);
1287 struct sockaddr_un raddr
;
1289 struct pollfd fds
[3];
1292 memset (fds
, 0, sizeof (fds
));
1294 fds
[s
++].events
= POLLIN
;
1300 fds
[s
++].events
= POLLIN
;
1307 fds
[s
].fd
= tls6_fd
;
1308 fds
[s
++].events
= POLLIN
;
1311 fds
[s
].fd
= tls6_fd
;
1314 s
= poll (fds
, s
, 500);
1318 log_write ("%s", strerror (errno
));
1324 if (fds
[0].revents
& POLLIN
)
1326 fd
= accept (sockfd
, (struct sockaddr
*) &raddr
, &slen
);
1329 if (errno
== EMFILE
|| errno
== ENFILE
)
1330 log_write ("%s: %s", __FUNCTION__
,
1331 pwmd_strerror (gpg_error_from_errno (errno
)));
1332 else if (errno
!= EAGAIN
&& errno
!= EINTR
)
1334 if (!quit
) // probably EBADF
1335 log_write ("%s: %s", __FUNCTION__
,
1336 pwmd_strerror (gpg_error_from_errno (errno
)));
1344 (void) init_client (fd
, NULL
);
1348 if (tls_fd
!= -1 && fds
[1].fd
== tls_fd
)
1349 (void)do_tls_accept (&fds
[1]);
1351 if (tls6_fd
!= -1 && fds
[1].fd
== tls6_fd
)
1352 (void)do_tls_accept (&fds
[1]);
1354 if (tls6_fd
!= -1 && fds
[2].fd
== tls6_fd
)
1355 (void)do_tls_accept (&fds
[2]);
1359 /* Just in case accept() failed for some reason other than EBADF */
1365 cache_timer_thread (void *arg
)
1368 #ifndef HAVE_PTHREAD_CANCEL
1369 INIT_SIGNAL (SIGUSR2
, catch_thread_signal
);
1374 #ifdef HAVE_PR_SET_NAME
1375 prctl (PR_SET_NAME
, "timer");
1377 pthread_setspecific (thread_name_key
, str_asprintf ("!%s", __FUNCTION__
));
1381 struct timeval tv
= { 1, 0 };
1382 unsigned keepalive
= config_get_integer ("global", "keepalive_interval");
1385 select (0, NULL
, NULL
, NULL
, &tv
);
1386 cache_adjust_timeout ();
1388 if (keepalive
&& ++k
>= keepalive
)
1390 send_status_all (STATUS_KEEPALIVE
, NULL
);
1399 signal_loop (sigset_t sigset
)
1407 sigwait (&sigset
, &sig
);
1408 log_write (_("caught signal %i (%s)"), sig
, strsignal (sig
));
1413 pthread_cond_signal (&rcfile_cond
);
1416 log_write (_("clearing file cache"));
1417 cache_clear (NULL
, NULL
, 1);
1418 send_status_all (STATUS_CACHE
, NULL
);
1433 log_write (_ ("Caught signal %i (%s). Exiting."), sig
, strsignal (sig
));
1434 #ifdef HAVE_BACKTRACE
1435 BACKTRACE (__FUNCTION__
);
1441 cancel_all_clients ()
1445 MUTEX_LOCK (&cn_mutex
);
1446 t
= slist_length (cn_thread_list
);
1447 for (i
= 0; i
< t
; i
++)
1449 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, i
);
1451 #ifdef HAVE_PTHREAD_CANCEL
1452 pthread_cancel (thd
->tid
);
1454 pthread_kill (thd
->tid
, SIGUSR2
);
1458 while (slist_length (cn_thread_list
))
1460 MUTEX_UNLOCK (&cn_mutex
);
1462 MUTEX_LOCK (&cn_mutex
);
1465 MUTEX_UNLOCK (&cn_mutex
);
1469 server_loop (int sockfd
, char **socketpath
)
1471 pthread_t cache_timeout_tid
;
1472 pthread_t accept_tid
;
1473 int cancel_timeout_thread
= 0;
1474 int cancel_accept_thread
= 0;
1475 int cancel_rcfile_thread
= 0;
1482 sigemptyset (&sigset
);
1485 sigaddset (&sigset
, SIGTERM
);
1486 sigaddset (&sigset
, SIGINT
);
1488 /* Clears the file cache. */
1489 sigaddset (&sigset
, SIGUSR1
);
1491 /* Configuration file reloading. */
1492 sigaddset (&sigset
, SIGHUP
);
1494 #ifndef HAVE_PTHREAD_CANCEL
1496 The socket, cache and rcfile threads use this signal when
1497 pthread_cancel() is unavailable. Prevent the main thread from
1498 catching this signal from another process.
1500 sigaddset (&sigset
, SIGUSR2
);
1503 /* An assertion failure. */
1504 signal (SIGABRT
, catchsig
);
1505 sigaddset (&sigset
, SIGABRT
);
1506 sigprocmask (SIG_BLOCK
, &sigset
, NULL
);
1508 #ifndef HAVE_PTHREAD_CANCEL
1509 /* Remove this signal from the watched signals in signal_loop(). */
1510 sigdelset (&sigset
, SIGUSR2
);
1513 /* Can show a backtrace of the stack in the log. */
1514 signal (SIGSEGV
, catchsig
);
1516 char *p
= get_username (getuid());
1517 log_write (_("%s started for user %s"), PACKAGE_STRING
, p
);
1521 if (config_get_boolean ("global", "enable_tcp"))
1522 log_write (_("Listening on %s and TCP port %i"), *socketpath
,
1523 config_get_integer ("global", "tcp_port"));
1525 log_write (_("Listening on %s"), *socketpath
);
1527 log_write (_("Listening on %s"), *socketpath
);
1530 rc
= create_thread (reload_rcfile_thread
, NULL
, &rcfile_tid
, 0);
1533 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1534 pwmd_strerror (rc
));
1538 cancel_rcfile_thread
= 1;
1539 rc
= create_thread (cache_timer_thread
, NULL
, &cache_timeout_tid
, 0);
1542 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1543 pwmd_strerror (rc
));
1547 cancel_timeout_thread
= 1;
1548 rc
= create_thread (accept_thread
, &sockfd
, &accept_tid
, 0);
1551 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1552 pwmd_strerror (rc
));
1556 cancel_accept_thread
= 1;
1558 signal_loop (sigset
);
1564 * We're out of the main server loop. This happens when a signal was sent
1565 * to terminate the daemon. Cancel all clients and exit.
1567 if (cancel_accept_thread
)
1569 #ifdef HAVE_PTHREAD_CANCEL
1570 n
= pthread_cancel (accept_tid
);
1572 n
= pthread_kill (accept_tid
, SIGUSR2
);
1575 pthread_join (accept_tid
, NULL
);
1578 if (cancel_timeout_thread
)
1580 #ifdef HAVE_PTHREAD_CANCEL
1581 n
= pthread_cancel (cache_timeout_tid
);
1583 n
= pthread_kill (cache_timeout_tid
, SIGUSR2
);
1586 pthread_join (cache_timeout_tid
, NULL
);
1592 shutdown (sockfd
, SHUT_RDWR
);
1594 unlink (*socketpath
);
1595 xfree (*socketpath
);
1597 MUTEX_LOCK (&cn_mutex
);
1598 n
= slist_length (cn_thread_list
);
1599 MUTEX_UNLOCK (&cn_mutex
);
1602 cancel_all_clients ();
1604 free_all_clients ();
1606 if (cancel_rcfile_thread
)
1608 #ifdef HAVE_PTHREAD_CANCEL
1609 pthread_cancel (rcfile_tid
);
1611 pthread_kill (rcfile_tid
, SIGUSR2
);
1612 pthread_cond_signal (&rcfile_cond
);
1614 pthread_join (rcfile_tid
, NULL
);
1619 return segv
? EXIT_FAILURE
: EXIT_SUCCESS
;
1623 usage (const char *pn
, int status
)
1625 FILE *fp
= status
== EXIT_FAILURE
? stderr
: stdout
;
1627 fprintf (fp
, _("Usage: %s [OPTIONS] [file1] [...]\n"
1628 " --homedir alternate pwmd home directory (~/.pwmd)\n"
1629 " -f, --rcfile=filename load the specfied configuration file\n"
1630 " (~/.pwmd/config)\n"
1631 " --kill terminate an existing instance of pwmd\n"
1632 " -n, --no-fork run as a foreground process\n"
1633 " --disable-dump disable the LIST, XPATH and DUMP commands\n"
1634 " --ignore, --force ignore cache pushing errors during startup\n"
1635 " -I, --import=filename import a pwmd DTD formatted XML file)\n"
1636 " -k, --passphrase-file=file for use when importing\n"
1637 " -o, --outfile=filename output file when importing\n"
1638 " --keyid=fpr[,..] public key to use when encrypting\n"
1639 " --sign-keyid=fpr[,..] fingerprint of the signing key to use\n"
1640 " -s, --symmetric use conventional encryption with optional signer\n"
1641 " --keyparam=filename custom key parameters to use (gpg default)\n"
1642 " --debug=[a:..][,g:N][,t:N] enable debugging (a:[ixedsc],g:[1-9],t:[0-N])\n"
1643 " --help this help text\n"
1644 " --version show version and compile time features\n"),
1650 unlink_stale_socket (const char *sock
, const char *pidfile
)
1652 log_write (_ ("removing stale socket %s"), sock
);
1658 test_pidfile (const char *path
, const char *sock
, char *buf
, size_t buflen
,
1659 char **pidfile
, int create
, mode_t mode
, int terminate
)
1667 snprintf (buf
, buflen
, "%s/%s.pid", homedir
, sock
);
1668 *pidfile
= str_dup (buf
);
1669 fd
= open (buf
, O_RDONLY
);
1672 fd
= open (*pidfile
, O_CREAT
|O_WRONLY
|O_TRUNC
, mode
);
1676 if (!create
&& errno
!= ENOENT
)
1678 log_write ("%s: %s", buf
, pwmd_strerror (errno
));
1683 else if (!create
&& !terminate
)
1686 log_write ("%s: %s", *pidfile
, strerror (errno
));
1692 snprintf (buf
, buflen
, "%i", getpid ());
1693 ssize_t ret
= write (fd
, buf
, strlen (buf
));
1695 log_write ("%s (%i): %s", __FUNCTION__
, __LINE__
,
1696 pwmd_strerror (gpg_error_from_syserror ()));
1701 len
= read (fd
, buf
, buflen
);
1705 unlink_stale_socket (path
, *pidfile
);
1709 if (sscanf (buf
, "%5i", &pid
) != 1 || pid
== 0)
1713 unlink_stale_socket (path
, *pidfile
);
1718 if (kill (pid
, 0) == -1)
1720 unlink_stale_socket (path
, *pidfile
);
1726 if (kill (pid
, SIGTERM
) == -1)
1727 log_write ("%s: %s", path
, pwmd_strerror (errno
));
1730 log_write (_ ("an instance for socket %s is already running"), path
);
1738 parse_debug_level (const char *str
, unsigned *debug
, int *gpgme
, int *tls
)
1744 for (p
= str
; p
&& *p
; p
++)
1746 if (*p
== 'a') // assuan debug flags
1756 level
|= ASSUAN_LOG_INIT
;
1759 level
|= ASSUAN_LOG_CTX
;
1762 level
|= ASSUAN_LOG_ENGINE
;
1765 level
|= ASSUAN_LOG_DATA
;
1768 level
|= ASSUAN_LOG_SYSIO
;
1771 level
|= ASSUAN_LOG_CONTROL
;
1786 else if (*p
== 'g' || *p
== 't') // gpgme and TLS debug level
1794 if (!isdigit (*++p
))
1803 if (tl
< 0 || gl
< 0 || gl
> 9)
1806 while (isdigit (*p
))
1810 if (*(p
+1) && *(p
+1) != ',')
1830 main (int argc
, char *argv
[])
1833 struct sockaddr_un addr
;
1835 char *socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
1836 char *socketarg
= NULL
;
1837 char *datadir
= NULL
;
1838 char *pidfile
= NULL
;
1842 char **cache_push
= NULL
;
1843 char *import
= NULL
, *keyid
= NULL
, *sign_keyid
= NULL
;
1844 char *keyparam
= NULL
;
1845 int estatus
= EXIT_FAILURE
;
1847 char *outfile
= NULL
;
1850 int show_version
= 0;
1853 char *keyfile
= NULL
;
1858 int gpgme_level
= -1;
1861 /* Must maintain the same order as longopts[] */
1864 OPT_VERSION
, OPT_HELP
, OPT_HOMEDIR
, OPT_NO_FORK
, OPT_DISABLE_DUMP
,
1865 OPT_FORCE
, OPT_RCFILE
, OPT_PASSPHRASE_FILE
, OPT_IMPORT
, OPT_OUTFILE
,
1866 OPT_KEYID
, OPT_SIGN_KEYID
, OPT_SYMMETRIC
, OPT_KEYPARAM
, OPT_KILL
,
1869 const char *optstring
= "nf:C:k:I:o:s";
1870 const struct option longopts
[] = {
1871 {"version", no_argument
, 0, 0},
1872 {"help", no_argument
, 0, 0},
1873 {"homedir", required_argument
, 0, 0},
1874 {"no-fork", no_argument
, 0, 'n'},
1875 {"disable_dump", no_argument
, 0, 0},
1876 {"force", no_argument
, 0, 0},
1877 {"rcfile", required_argument
, 0, 'f'},
1878 {"passphrase-file", required_argument
, 0, 'k'},
1879 {"import", required_argument
, 0, 'I'},
1880 {"outfile", required_argument
, 0, 'o'},
1881 {"keyid", required_argument
, 0, 0},
1882 {"sign-keyid", required_argument
, 0, 0},
1883 {"symmetric", no_argument
, 0, 's'},
1884 {"keyparam", required_argument
, 0, 0},
1885 {"kill", no_argument
, 0, 0},
1886 {"debug", required_argument
, 0, 0},
1894 #ifdef HAVE_SETRLIMIT
1897 rl
.rlim_cur
= rl
.rlim_max
= 0;
1899 if (setrlimit (RLIMIT_CORE
, &rl
) != 0)
1900 err (EXIT_FAILURE
, "setrlimit()");
1903 #ifdef HAVE_PR_SET_DUMPABLE
1904 prctl (PR_SET_DUMPABLE
, 0);
1909 setlocale (LC_ALL
, "");
1910 bindtextdomain ("pwmd", LOCALEDIR
);
1911 textdomain ("pwmd");
1914 while ((opt
= getopt_long (argc
, argv
, optstring
, longopts
, &optindex
))
1932 rcfile
= str_dup (optarg
);
1938 usage (argv
[0], EXIT_FAILURE
);
1944 if (parse_debug_level (optarg
, &assuan_level
, &gpgme_level
,
1946 usage (argv
[0], EXIT_FAILURE
);
1955 usage (argv
[0], EXIT_SUCCESS
);
1958 homedir
= str_dup (optarg
);
1963 case OPT_DISABLE_DUMP
:
1970 rcfile
= str_dup (optarg
);
1972 case OPT_PASSPHRASE_FILE
:
1984 case OPT_SIGN_KEYID
:
1985 sign_keyid
= optarg
;
1994 usage (argv
[0], EXIT_FAILURE
);
2002 "Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016\n"
2004 "Released under the terms of the GPL v2. Use at your own risk.\n\n"
2005 "Compile time features:\n%s"), PACKAGE_STRING
,
2008 "+PWMD_HOMEDIR=" PWMD_HOMEDIR
"\n"
2036 exit (EXIT_SUCCESS
);
2039 if (gpgme_level
!= -1)
2041 char s
[2] = { gpgme_level
+ '0', 0 };
2043 if (getenv ("GPGME_DEBUG"))
2044 log_write (_ ("Overriding GPGME_DEBUG environment with level %u!"),
2047 gpgme_set_global_flag ("debug", s
);
2050 if (setup_crypto ())
2051 exit (EXIT_FAILURE
);
2054 tls_level
= tls_level
== -1 ? 1 : tls_level
;
2055 gnutls_global_set_log_level (tls_level
);
2059 xmlMemSetup (xfree
, xmalloc
, xrealloc
, str_dup
);
2067 homedir
= str_dup(PWMD_HOMEDIR
);
2069 homedir
= str_asprintf ("%s/.pwmd", get_home_dir());
2072 if (mkdir (homedir
, 0700) == -1 && errno
!= EEXIST
)
2073 err (EXIT_FAILURE
, "%s", homedir
);
2076 rcfile
= str_asprintf ("%s/config", homedir
);
2078 pthread_key_create (&last_error_key
, free_key
);
2079 #ifndef HAVE_PTHREAD_CANCEL
2080 pthread_key_create (&signal_thread_key
, free_key
);
2083 pthread_mutexattr_t attr
;
2084 pthread_mutexattr_init (&attr
);
2085 pthread_mutexattr_settype (&attr
, PTHREAD_MUTEX_RECURSIVE
);
2086 pthread_mutex_init (&rcfile_mutex
, &attr
);
2087 global_config
= config_parse (rcfile
, 0);
2090 pthread_mutexattr_destroy (&attr
);
2091 pthread_mutex_destroy (&rcfile_mutex
);
2092 exit (EXIT_FAILURE
);
2095 p
= config_get_string ("global", "gpg_homedir");
2097 datadir
= str_asprintf ("%s/.gnupg", homedir
);
2099 datadir
= expand_homedir (p
);
2102 if (mkdir (datadir
, 0700) == -1 && errno
!= EEXIST
)
2103 err (EXIT_FAILURE
, "%s", datadir
);
2105 rc
= gpgme_set_engine_info (GPGME_PROTOCOL_OpenPGP
, NULL
, datadir
);
2108 snprintf (buf
, sizeof (buf
), "%s/data", homedir
);
2109 if (mkdir (buf
, 0700) == -1 && errno
!= EEXIST
)
2110 err (EXIT_FAILURE
, "%s", buf
);
2112 datadir
= str_dup (buf
);
2113 pthread_cond_init (&rcfile_cond
, NULL
);
2114 pthread_mutex_init (&cn_mutex
, &attr
);
2115 pthread_mutexattr_destroy (&attr
);
2119 x
= config_get_int_param (global_config
, "global", "priority", &exists
);
2120 if (exists
&& x
!= atoi(INVALID_PRIORITY
))
2123 if (setpriority (PRIO_PROCESS
, 0, x
) == -1)
2125 log_write ("setpriority(): %s",
2126 pwmd_strerror (gpg_error_from_errno (errno
)));
2130 #ifdef HAVE_MLOCKALL
2131 if (disable_mlock
== 0 && mlockall (MCL_CURRENT
| MCL_FUTURE
) == -1)
2133 log_write ("mlockall(): %s",
2134 pwmd_strerror (gpg_error_from_errno (errno
)));
2142 log_write ("pwmd: ERR %i: %s", rc
, pwmd_strerror (rc
));
2143 exit (EXIT_FAILURE
);
2148 char **keyids
= NULL
, **sign_keyids
= NULL
;
2150 if (!outfile
|| !*outfile
|| argc
!= optind
)
2151 usage (argv
[0], EXIT_FAILURE
);
2154 keyids
= str_split (keyid
, ",", 0);
2156 sign_keyids
= str_split (sign_keyid
, ",", 0);
2157 rc
= xml_import (import
, outfile
, keyids
, sign_keyids
, keyfile
, keyparam
, sym
);
2159 strv_free (sign_keyids
);
2162 if (gpg_err_source (rc
) == GPG_ERR_SOURCE_UNKNOWN
)
2163 rc
= gpg_error (rc
);
2165 log_write ("%s: %u: %s", import
, rc
, pwmd_strerror (rc
));
2168 config_free (global_config
);
2170 exit (rc
? EXIT_FAILURE
: EXIT_SUCCESS
);
2173 p
= config_get_string ("global", "socket_path");
2175 p
= str_asprintf ("%s/socket", homedir
);
2177 socketarg
= expand_homedir (p
);
2181 disable_list_and_dump
= config_get_boolean ("global",
2182 "disable_list_and_dump");
2184 disable_list_and_dump
= secure
;
2186 cache_push
= config_get_list ("global", "cache_push");
2188 while (optind
< argc
)
2190 if (strv_printf (&cache_push
, "%s", argv
[optind
++]) == 0)
2191 errx (EXIT_FAILURE
, "%s", pwmd_strerror (GPG_ERR_ENOMEM
));
2194 if (strchr (socketarg
, '/') == NULL
)
2196 socketdir
= getcwd (buf
, sizeof (buf
));
2197 socketname
= str_dup (socketarg
);
2198 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
2202 socketname
= str_dup (strrchr (socketarg
, '/'));
2204 socketarg
[strlen (socketarg
) - strlen (socketname
) - 1] = 0;
2205 socketdir
= str_dup (socketarg
);
2206 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
2209 if (chdir (datadir
))
2211 log_write ("%s: %s", datadir
,
2212 pwmd_strerror (gpg_error_from_errno (errno
)));
2213 unlink (socketpath
);
2217 x
= test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 0,
2219 if (!terminate
&& x
)
2223 estatus
= x
!= 1 ? EXIT_FAILURE
: EXIT_SUCCESS
;
2228 * bind() doesn't like the full pathname of the socket or any non alphanum
2229 * characters so change to the directory where the socket is wanted then
2230 * create it then change to datadir.
2232 if (chdir (socketdir
))
2234 log_write ("%s: %s", socketdir
,
2235 pwmd_strerror (gpg_error_from_errno (errno
)));
2241 if ((sockfd
= socket (PF_UNIX
, SOCK_STREAM
, 0)) == -1)
2243 log_write ("socket(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
2247 addr
.sun_family
= AF_UNIX
;
2248 snprintf (addr
.sun_path
, sizeof (addr
.sun_path
), "%s", socketname
);
2250 if (bind (sockfd
, (struct sockaddr
*) &addr
, sizeof (struct sockaddr
)) ==
2253 log_write ("bind(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
2255 if (errno
== EADDRINUSE
)
2258 log_write (_("Either there is another pwmd running or '%s' is a \n"
2259 "stale socket. Please remove it manually."), socketpath
);
2266 char *t
= config_get_string ("global", "socket_perms");
2271 mode
= strtol (t
, NULL
, 8);
2275 if (chmod (socketname
, mode
) == -1)
2277 log_write ("%s: %s", socketname
,
2278 pwmd_strerror (gpg_error_from_errno (errno
)));
2288 xfree (--socketname
);
2290 if (chdir (datadir
))
2292 log_write ("%s: %s", datadir
,
2293 pwmd_strerror (gpg_error_from_errno (errno
)));
2300 if (config_get_boolean ("global", "enable_tcp"))
2302 if (!tls_start_stop (0))
2311 * Set the cache entry for a file. Prompts for the password.
2315 for (opt
= 0; cache_push
[opt
]; opt
++)
2317 struct crypto_s
*crypto
= NULL
;
2318 char *pw_file
= config_get_string (cache_push
[opt
],
2320 rc
= crypto_init (&crypto
, NULL
, cache_push
[opt
], pw_file
!= NULL
,
2325 crypto
->flags
|= pw_file
? CRYPTO_FLAG_KEYFILE
: 0;
2326 crypto
->keyfile
= pw_file
;
2333 estatus
= EXIT_FAILURE
;
2337 rc
= do_cache_push (crypto
);
2340 log_write ("ERR %u: %s", rc
, pwmd_strerror(rc
));
2341 strv_free (cache_push
);
2342 log_write (_ ("Failed to add a file to the cache. Use --force to force startup. Exiting."));
2343 cache_clear (NULL
, NULL
, 1);
2344 estatus
= EXIT_FAILURE
;
2345 crypto_free (crypto
);
2349 log_write ("%s: %s", crypto
->filename
, pwmd_strerror(rc
));
2351 log_write (_("Successfully added '%s' to the cache."),
2354 crypto_free (crypto
);
2357 strv_free (cache_push
);
2358 log_write (!nofork
? _("Done. Daemonizing...") :
2359 _("Done. Waiting for connections..."));
2362 backlog
= config_get_integer ("global", "backlog");
2363 if (listen (sockfd
, backlog
) == -1)
2365 log_write ("listen(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
2374 log_write ("fork(): %s",
2375 pwmd_strerror (gpg_error_from_errno (errno
)));
2384 _exit (EXIT_SUCCESS
);
2388 (void)test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 1,
2391 pthread_key_create (&thread_name_key
, free_key
);
2392 pthread_setspecific (thread_name_key
, str_asprintf ("!%s", __FUNCTION__
));
2393 estatus
= server_loop (sockfd
, &socketpath
);
2396 if (socketpath
&& do_unlink
)
2398 unlink (socketpath
);
2404 gnutls_global_deinit ();
2405 tls_deinit_params ();
2407 pthread_cond_destroy (&rcfile_cond
);
2408 pthread_mutex_destroy (&rcfile_mutex
);
2409 pthread_key_delete (last_error_key
);
2410 #ifndef HAVE_PTHREAD_CANCEL
2411 pthread_key_delete (signal_thread_key
);
2415 config_free (global_config
);
2417 free_invoking_users (invoking_users
);
2419 xfree (home_directory
);
2421 xmlCleanupParser ();
2422 xmlCleanupGlobals ();
2428 if (estatus
== EXIT_SUCCESS
&& !terminate
)
2429 log_write (_("pwmd exiting normally"));
2431 pthread_key_delete (thread_name_key
);
2440 gpg_error_t
lock_flock (assuan_context_t ctx
, const char *filename
,
2446 *fd
= open (filename
, O_RDONLY
);
2448 return gpg_error_from_syserror ();
2450 TRY_FLOCK (ctx
, *fd
, type
, rc
);
2461 void unlock_flock (int *fd
)