src/cache.c

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012
   3     Ben Kibbey <bjk@luxsci.net>
   4
   5     This file is part of pwmd.
   6
   7     Pwmd is free software: you can redistribute it and/or modify
   8     it under the terms of the GNU General Public License as published by
   9     the Free Software Foundation, either version 2 of the License, or
  10     (at your option) any later version.
  11
  12     Pwmd is distributed in the hope that it will be useful,
  13     but WITHOUT ANY WARRANTY; without even the implied warranty of
  14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15     GNU General Public License for more details.
  16
  17     You should have received a copy of the GNU General Public License
  18     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 #ifdef HAVE_CONFIG_H
  21 #include <config.h>
  22 #endif
  23
  24 #include <stdio.h>
  25 #include <unistd.h>
  26 #include <pthread.h>
  27 #include <ctype.h>
  28
  29 #include "pwmd-error.h"
  30 #include <gcrypt.h>
  31 #include "mutex.h"
  32 #include "cache.h"
  33 #include "status.h"
  34 #include "mem.h"
  35 #include "util-misc.h"
  36 #include "util-string.h"
  37 #include "crypto.h"
  38
  39 #ifdef HAVE_TIME_H
  40 #include <time.h>
  41 #endif
  42
  43 static pthread_mutex_t cache_mutex;
  44 static struct slist_s *key_cache;
  45 #ifdef WITH_AGENT
  46 static struct agent_s *cache_agent;
  47 #endif
  48
  49 extern void log_write (const char *fmt, ...);
  50
  51 typedef gpg_error_t (*free_data_fn_t) (file_cache_t *);
  52 static free_data_fn_t free_data_fn;
  53 static gpg_error_t clear_once (file_cache_t * p);
  54 static int remove_entry (const unsigned char *md5file);
  55 static void free_entry (file_cache_t * p);
  56
  57 static file_cache_t *
  58 get_entry (const unsigned char *md5file)
  59 {
  60   int t = slist_length (key_cache);
  61   int i;
  62
  63   if (!md5file)
  64     return NULL;
  65
  66   for (i = 0; i < t; i++)
  67     {
  68       file_cache_t *p = slist_nth_data (key_cache, i);
  69
  70       if (!memcmp (p->filename, md5file, sizeof (p->filename)))
  71         return p;
  72     }
  73
  74   return NULL;
  75 }
  76
  77 gpg_error_t
  78 cache_lock_mutex (void *ctx, const unsigned char *md5file,
  79                   long lock_timeout, int add, int timeout)
  80 {
  81   MUTEX_LOCK (&cache_mutex);
  82   gpg_error_t rc = 0;
  83   file_cache_t *p = get_entry (md5file);
  84
  85   if (p)
  86     {
  87       MUTEX_UNLOCK (&cache_mutex);
  88       MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
  89     }
  90   else if (add)
  91     {
  92       if (cache_add_file (md5file, NULL, NULL, timeout))
  93         {
  94           p = get_entry (md5file);
  95           MUTEX_UNLOCK (&cache_mutex);
  96           MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
  97         }
  98       else
  99         {
 100           MUTEX_UNLOCK (&cache_mutex);
 101           rc = GPG_ERR_ENOMEM;
 102         }
 103     }
 104   else
 105     {
 106       MUTEX_UNLOCK (&cache_mutex);
 107     }
 108
 109   return !p && !rc ? GPG_ERR_NO_DATA : rc;
 110 }
 111
 112 static int
 113 remove_entry (const unsigned char *md5file)
 114 {
 115   MUTEX_LOCK (&cache_mutex);
 116   file_cache_t *p = get_entry (md5file);
 117
 118   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 119   if (p)
 120     {
 121       /* Keep a refcount because another client maybe editing this same new
 122        * file. The entry needs to be kept in case the other client SAVE's.
 123        */
 124       p->refcount--;
 125       if (!p->refcount)
 126         free_entry (p);
 127     }
 128
 129   pthread_cleanup_pop (1);
 130   return p ? 1 : 0;
 131 }
 132
 133 gpg_error_t
 134 cache_unlock_mutex (const unsigned char *md5file, int remove)
 135 {
 136   MUTEX_LOCK (&cache_mutex);
 137   file_cache_t *p = get_entry (md5file);
 138
 139   if (p)
 140     {
 141       MUTEX_UNLOCK (p->mutex);
 142       if (remove)
 143         remove_entry (md5file);
 144     }
 145
 146   MUTEX_UNLOCK (&cache_mutex);
 147   return p ? 0 : GPG_ERR_NO_DATA;
 148 }
 149
 150 #ifdef WITH_AGENT
 151 static int valid_agent_grip (file_cache_t *e)
 152 {
 153   size_t c;
 154
 155   for (c = 0; c < sizeof (e->grip); c++)
 156     {
 157       if (e->grip[c])
 158         return 1;
 159     }
 160
 161   return 0;
 162 }
 163 #endif
 164
 165 static int
 166 valid_grip (file_cache_t * e)
 167 {
 168   if (e->data && e->data->key)
 169     return 1;
 170
 171 #ifdef WITH_AGENT
 172   return valid_agent_grip (e);
 173 #else
 174   return 0;
 175 #endif
 176 }
 177
 178 static gpg_error_t
 179 iscached (const unsigned char *md5file, int *defer)
 180 {
 181   gpg_error_t rc = 0;
 182   file_cache_t *p = get_entry (md5file);
 183
 184   if (!p || !p->data || !valid_grip (p))
 185     return GPG_ERR_NO_DATA;
 186
 187   if (defer)
 188     *defer = p->defer_clear;
 189
 190   if (p->data && p->data->key)
 191     return 0;
 192
 193 #ifdef WITH_AGENT
 194   char *line;
 195
 196   rc = send_to_agent (cache_agent, &line, NULL, "KEYINFO --data %s", p->grip);
 197   if (!rc)
 198     {
 199       char **fields = str_split (line, " ", 0);
 200
 201       /* Smartcard with a cached document. */
 202       if (*fields[1] == 'T' && p->data->doc)
 203         rc = 0;
 204       else
 205         rc = isdigit (*fields[4]) || *fields[5] == 'C' ? 0 : GPG_ERR_NO_DATA;
 206
 207       strv_free (fields);
 208       xfree (line);
 209     }
 210 #endif
 211
 212   return rc;
 213 }
 214
 215 unsigned
 216 cache_file_count ()
 217 {
 218   MUTEX_LOCK (&cache_mutex);
 219   unsigned total = 0, i, n;
 220
 221   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 222   n = slist_length (key_cache);
 223   for (i = 0; i < n; i++)
 224     {
 225       file_cache_t *p = slist_nth_data (key_cache, i);
 226
 227       if (!iscached (p->filename, NULL))
 228         total++;
 229     }
 230
 231   pthread_cleanup_pop (1);
 232   return total;
 233 }
 234
 235 void
 236 cache_adjust_timeout ()
 237 {
 238   MUTEX_LOCK (&cache_mutex);
 239   int t = slist_length (key_cache);
 240   int i;
 241
 242   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 243
 244   for (i = 0; i < t; i++)
 245     {
 246       file_cache_t *p = slist_nth_data (key_cache, i);
 247
 248       if (p->timeout > 0)
 249         p->timeout--;
 250
 251       if (!p->timeout)
 252         {
 253           /* The file associated with this cache entry may be locked by a
 254            * client. Defer freeing this cache entry until the next timeout
 255            * check. */
 256           if (!clear_once (p))
 257             send_status_all (STATUS_CACHE, NULL);
 258         }
 259     }
 260
 261   pthread_cleanup_pop (1);
 262 }
 263
 264 static void
 265 setgrip (file_cache_t * p, const unsigned char *grip)
 266 {
 267   if (grip)
 268     {
 269       char *tmp = bin2hex (grip, 20);
 270
 271       memcpy (p->grip, tmp, sizeof (p->grip));
 272       xfree (tmp);
 273     }
 274 }
 275
 276 static gpg_error_t
 277 set_timeout (const unsigned char *md5file, int timeout, int defer)
 278 {
 279   MUTEX_LOCK (&cache_mutex);
 280   file_cache_t *p = get_entry (md5file);
 281   gpg_error_t rc = 0;
 282
 283   if (!p)
 284     {
 285       MUTEX_UNLOCK (&cache_mutex);
 286       return GPG_ERR_NOT_FOUND;
 287     }
 288
 289   p->reset = timeout;
 290   if (p->timeout == -1 || timeout == -1)
 291     p->timeout = timeout;
 292
 293   if (!timeout || defer)
 294     {
 295       rc = clear_once (p);
 296       if (!rc)
 297         send_status_all (STATUS_CACHE, NULL);
 298     }
 299
 300   MUTEX_UNLOCK (&cache_mutex);
 301   return rc;
 302 }
 303
 304 gpg_error_t
 305 cache_set_data (const unsigned char *md5file, struct cache_data_s * data,
 306                 const unsigned char *grip)
 307 {
 308   MUTEX_LOCK (&cache_mutex);
 309   file_cache_t *p = get_entry (md5file);
 310
 311   if (p)
 312     {
 313       setgrip (p, grip);
 314       p->data = data;
 315       set_timeout (md5file, p->reset, p->defer_clear);
 316       if (!p->reset)
 317         {
 318           clear_once (p);
 319           send_status_all (STATUS_CACHE, NULL);
 320         }
 321     }
 322
 323   MUTEX_UNLOCK (&cache_mutex);
 324   return p ? 0 : GPG_ERR_NO_DATA;
 325 }
 326
 327 struct cache_data_s *
 328 cache_get_data (const unsigned char *md5file)
 329 {
 330   MUTEX_LOCK (&cache_mutex);
 331   file_cache_t *p = get_entry (md5file);
 332
 333   MUTEX_UNLOCK (&cache_mutex);
 334   return p ? p->data : NULL;
 335 }
 336
 337
 338 struct cache_data_s *
 339 cache_get_data_filename (const char *filename)
 340 {
 341   unsigned char md5file[16];
 342
 343   gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
 344   return cache_get_data (md5file);
 345 }
 346
 347 int
 348 cache_add_file (const unsigned char *md5file, const unsigned char *grip,
 349                 struct cache_data_s *data, int timeout)
 350 {
 351   MUTEX_LOCK (&cache_mutex);
 352   file_cache_t *p = get_entry (md5file);
 353   struct slist_s *new;
 354   int b;
 355
 356   if (p)
 357     {
 358       setgrip (p, grip);
 359       p->data = data;
 360       p->refcount++;
 361       b = set_timeout (md5file, timeout, p->defer_clear) == 0 ? 1 : 0;
 362       MUTEX_UNLOCK (&cache_mutex);
 363       send_status_all (STATUS_CACHE, NULL);
 364       return b;
 365     }
 366
 367   p = xcalloc (1, sizeof (file_cache_t));
 368   if (!p)
 369     {
 370       MUTEX_UNLOCK (&cache_mutex);
 371       return 0;
 372     }
 373
 374   p->mutex = (pthread_mutex_t *) xmalloc (sizeof (pthread_mutex_t));
 375   if (!p->mutex)
 376     {
 377       xfree (p);
 378       MUTEX_UNLOCK (&cache_mutex);
 379       return 0;
 380     }
 381
 382   pthread_mutexattr_t attr;
 383   pthread_mutexattr_init (&attr);
 384   pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
 385   pthread_mutex_init (p->mutex, &attr);
 386   pthread_mutexattr_destroy (&attr);
 387   memcpy (p->filename, md5file, sizeof (p->filename));
 388   setgrip (p, grip);
 389   p->reset = p->timeout = timeout;
 390   p->data = data;
 391   p->refcount++;
 392   new = slist_append (key_cache, p);
 393   if (!new)
 394     {
 395       pthread_mutex_destroy (p->mutex);
 396       xfree (p->mutex);
 397       xfree (p);
 398       MUTEX_UNLOCK (&cache_mutex);
 399       return 0;
 400     }
 401
 402   key_cache = new;
 403   MUTEX_UNLOCK (&cache_mutex);
 404   send_status_all (STATUS_CACHE, NULL);
 405   return 1;
 406 }
 407
 408 static gpg_error_t
 409 clear_once (file_cache_t * p)
 410 {
 411   gpg_error_t rc = free_data_fn (p);
 412
 413   if (!rc && valid_grip (p))
 414     {
 415 #ifdef WITH_AGENT
 416       if (use_agent && valid_agent_grip (p))
 417         {
 418           rc = send_to_agent (cache_agent, NULL, NULL,
 419                               "CLEAR_PASSPHRASE --mode=normal %s", p->grip);
 420           if (rc)
 421             log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
 422         }
 423 #endif
 424       memset (p->grip, 0, sizeof (p->grip));
 425     }
 426
 427   return rc;
 428 }
 429
 430 static void
 431 free_entry (file_cache_t * p)
 432 {
 433   gpg_error_t rc;
 434
 435   if (!p)
 436     return;
 437
 438   rc = clear_once (p);
 439   if (rc)
 440     log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
 441
 442   if (p->mutex)
 443     {
 444       pthread_mutex_destroy (p->mutex);
 445       xfree (p->mutex);
 446     }
 447
 448   key_cache = slist_remove (key_cache, p);
 449   xfree (p);
 450 }
 451
 452 gpg_error_t
 453 cache_clear (const unsigned char *md5file)
 454 {
 455   file_cache_t *p;
 456   gpg_error_t rc = 0;
 457   int i, t;
 458
 459   MUTEX_LOCK (&cache_mutex);
 460
 461   if (md5file)
 462     {
 463       p = get_entry (md5file);
 464       if (!p)
 465         {
 466           MUTEX_UNLOCK (&cache_mutex);
 467           return 0;
 468         }
 469
 470       pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 471       rc = clear_once (p);
 472       pthread_cleanup_pop (1);
 473       if (rc)
 474         log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
 475
 476       return rc;
 477     }
 478
 479   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 480   t = slist_length (key_cache);
 481   for (i = 0; i < t; i++)
 482     {
 483       p = slist_nth_data (key_cache, i);
 484       clear_once (p);
 485     }
 486
 487   pthread_cleanup_pop (1);
 488   return 0;
 489 }
 490
 491 gpg_error_t
 492 cache_iscached (const char *filename, int *defer)
 493 {
 494   gpg_error_t rc;
 495   unsigned char md5file[16];
 496
 497   if (access (filename, R_OK) == -1)
 498     return gpg_error_from_syserror ();
 499
 500   MUTEX_LOCK (&cache_mutex);
 501   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 502   gcry_md_hash_buffer (GCRY_MD_MD5, md5file, filename, strlen (filename));
 503   rc = iscached (md5file, defer);
 504   pthread_cleanup_pop (1);
 505   return rc;
 506 }
 507
 508 gpg_error_t
 509 cache_defer_clear (const unsigned char *md5file)
 510 {
 511   MUTEX_LOCK (&cache_mutex);
 512   file_cache_t *p = get_entry (md5file);
 513   gpg_error_t rc = 0;
 514
 515   if (!p)
 516     rc = GPG_ERR_NOT_FOUND;
 517   else
 518     p->defer_clear = 1;
 519
 520   MUTEX_UNLOCK (&cache_mutex);
 521   return rc;
 522 }
 523
 524 gpg_error_t
 525 cache_set_timeout (const unsigned char *md5file, int timeout)
 526 {
 527   return set_timeout (md5file, timeout, 0);
 528 }
 529
 530 int
 531 cache_get_grip (const unsigned char *md5file, unsigned char *grip)
 532 {
 533   MUTEX_LOCK (&cache_mutex);
 534   file_cache_t *p = get_entry (md5file);
 535
 536   if (!p || !valid_grip (p))
 537     {
 538       MUTEX_UNLOCK (&cache_mutex);
 539       return 0;
 540     }
 541
 542   memcpy (grip, p->grip, sizeof (p->grip));
 543   MUTEX_UNLOCK (&cache_mutex);
 544   return 1;
 545 }
 546
 547 void
 548 cache_deinit ()
 549 {
 550   MUTEX_LOCK (&cache_mutex);
 551   file_cache_t *p;
 552
 553   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 554   while ((p = slist_nth_data (key_cache, 0)))
 555     free_entry (p);
 556
 557 #ifdef WITH_AGENT
 558   if (use_agent && cache_agent)
 559     cleanup_agent (cache_agent);
 560
 561   cache_agent = NULL;
 562 #endif
 563   gcry_free (cache_key);
 564   xfree (cache_iv);
 565   cache_key = NULL;
 566   cache_iv = NULL;
 567   pthread_cleanup_pop (1);
 568   pthread_mutex_destroy (&cache_mutex);
 569 }
 570
 571 gpg_error_t
 572 cache_init (free_data_fn_t fn)
 573 {
 574   gpg_error_t rc = 0;
 575   pthread_mutexattr_t attr;
 576
 577   if (!cache_key)
 578     {
 579       rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_BLKLEN, NULL,
 580                                   &cache_blocksize);
 581       if (rc)
 582         return rc;
 583
 584       rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_KEYLEN, NULL,
 585                                   &cache_keysize);
 586       if (rc)
 587         return rc;
 588
 589       cache_key = gcry_malloc (cache_keysize);
 590       if (!cache_key)
 591         return GPG_ERR_ENOMEM;
 592
 593       cache_iv = xmalloc (cache_blocksize);
 594       if (!cache_iv)
 595         {
 596           gcry_free (cache_key);
 597           cache_key = NULL;
 598           return GPG_ERR_ENOMEM;
 599         }
 600
 601       gcry_create_nonce (cache_key, cache_keysize);
 602       gcry_create_nonce (cache_iv, cache_blocksize);
 603     }
 604
 605 #ifdef WITH_AGENT
 606   if (use_agent && !cache_agent)
 607     {
 608       rc = agent_init (&cache_agent);
 609       if (!rc)
 610         {
 611           char *line;
 612
 613           rc = send_to_agent (cache_agent, &line, NULL, "GETINFO version");
 614           if (!rc)
 615             {
 616               char **fields = str_split (line, ".", 0);
 617               int major, minor;
 618
 619               major = atoi (fields[0]);
 620               minor = atoi (fields[1]);
 621               if (major < 2 || minor < 1)
 622                 rc = GPG_ERR_UNKNOWN_VERSION;
 623
 624               strv_free (fields);
 625               xfree (line);
 626             }
 627         }
 628     }
 629 #endif
 630
 631   pthread_mutexattr_init (&attr);
 632   pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
 633   pthread_mutex_init (&cache_mutex, &attr);
 634   pthread_mutexattr_destroy (&attr);
 635   free_data_fn = fn;
 636   return rc;
 637 }
 638
 639 #ifdef WITH_AGENT
 640 gpg_error_t
 641 cache_is_shadowed (const char *grip)
 642 {
 643   MUTEX_LOCK (&cache_mutex);
 644   char *line;
 645   size_t len;
 646   gpg_error_t rc;
 647
 648   pthread_cleanup_push (cleanup_mutex_cb, &cache_mutex);
 649   rc = send_to_agent (cache_agent, &line, &len, "KEYINFO --data %s", grip);
 650   pthread_cleanup_pop (1);
 651
 652   if (!rc)
 653     {
 654       char **fields = str_split (line, " ", 0);
 655
 656       rc = (*fields[1] == 'T') ? 0 : GPG_ERR_NO_DATA;
 657       xfree (line);
 658       strv_free (fields);
 659     }
 660
 661   return rc;
 662 }
 663 #endif
 664
 665 void
 666 cache_lock ()
 667 {
 668   MUTEX_LOCK (&cache_mutex);
 669 }
 670
 671 void
 672 cache_unlock ()
 673 {
 674   MUTEX_UNLOCK (&cache_mutex);
 675 }
 676
 677 void
 678 free_cache_data_once (struct cache_data_s *data)
 679 {
 680   if (!data)
 681     return;
 682
 683 #ifdef WITH_AGENT
 684   if (data->pubkey)
 685     gcry_sexp_release (data->pubkey);
 686 #endif
 687
 688   gcry_free (data->doc);
 689   gcry_free (data->key);
 690   xfree (data->crc);
 691   xfree (data);
 692 }