search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyright header.
[pwmd.git] / src / cache.c
blob4f123f2539d1557b83cefd4b6c1e2d9df70c14c8
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
3 2016, 2017
4 Ben Kibbey <bjk@luxsci.net>
5
6 This file is part of pwmd.
7
8 Pwmd is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation, either version 2 of the License, or
11 (at your option) any later version.
12
13 Pwmd is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
20 */
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24
25 #include <stdio.h>
26 #include <unistd.h>
27 #include <pthread.h>
28 #include <ctype.h>
29 #include <errno.h>
30
31 #include "pwmd-error.h"
32 #include <gcrypt.h>
33 #include "mutex.h"
34 #include "cache.h"
35 #include "status.h"
36 #include "mem.h"
37 #include "util-misc.h"
38 #include "util-string.h"
39 #include "agent.h"
40 #include "acl.h"
41
42 #ifdef HAVE_TIME_H
43 #include <time.h>
44 #endif
45
46 struct plaintext_s
47 {
48 xmlDocPtr plaintext;
49 unsigned refcount;
50 char *filename;
51 int modified;
52 };
53
54 static pthread_mutex_t cache_mutex;
55 static struct slist_s *key_cache;
56 static struct slist_s *plaintext_list;
57 static unsigned char *cache_iv;
58 static unsigned char *cache_key;
59 static size_t cache_blocksize;
60 static size_t cache_keysize;
61 static struct agent_s *cache_agent;
62 static int exiting;
63
64 extern void log_write (const char *fmt, ...);
65
66 static gpg_error_t clear_once (file_cache_t * p, int agent, int force);
67 static int remove_entry (const char *);
68 static void free_entry (file_cache_t * p, int agent);
69
70 static file_cache_t *
71 get_entry (const char *filename)
72 {
73 int t = slist_length (key_cache);
74 int i;
75
76 if (!filename)
77 return NULL;
78
79 for (i = 0; i < t; i++)
80 {
81 file_cache_t *p = slist_nth_data (key_cache, i);
82
83 if (!strcmp (p->filename, filename))
84 return p;
85 }
86
87 return NULL;
88 }
89
90 gpg_error_t
91 cache_lock_mutex (void *ctx, const char *filename, long lock_timeout, int add,
92 long timeout)
93 {
94 MUTEX_LOCK (&cache_mutex);
95 gpg_error_t rc = 0;
96 file_cache_t *p = get_entry (filename);
97
98 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
99
100 if (p)
101 {
102 MUTEX_UNLOCK (&cache_mutex);
103 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
104 }
105 else if (add)
106 {
107 rc = cache_add_file (filename, NULL, timeout);
108 if (!rc)
109 {
110 p = get_entry (filename);
111 MUTEX_UNLOCK (&cache_mutex);
112 if (p)
113 MUTEX_TRYLOCK (ctx, p->mutex, rc, lock_timeout);
114 }
115 else
116 {
117 MUTEX_UNLOCK (&cache_mutex);
118 }
119 }
120 else
121 {
122 MUTEX_UNLOCK (&cache_mutex);
123 }
124
125 pthread_cleanup_pop (0);
126 return !p && !rc ? GPG_ERR_NO_DATA : rc;
127 }
128
129 static int
130 remove_entry (const char *filename)
131 {
132 MUTEX_LOCK (&cache_mutex);
133 file_cache_t *p = get_entry (filename);
134
135 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
136 if (p)
137 {
138 /* Keep a refcount because another client maybe editing this same new
139 * file. The entry needs to be kept in case the other client SAVE's.
140 */
141 p->refcount--;
142 if (!p->refcount)
143 free_entry (p, 0);
144 }
145
146 pthread_cleanup_pop (1);
147 return p ? 1 : 0;
148 }
149
150 static gpg_error_t
151 free_cache_data (file_cache_t *cache, int force)
152 {
153 gpg_error_t rc = GPG_ERR_NO_DATA;
154 int i, t;
155 struct client_thread_s *found = NULL;
156 int self = 0;
157
158 if (!cache->data)
159 return 0;
160
161 MUTEX_LOCK (&cn_mutex);
162 t = slist_length (cn_thread_list);
163
164 /* Prevent clearing the cache entry when there are any connected clients
165 * using this cache entry to prevent clearing the plaintext which would cause
166 * cache_plaintext_set() to return GPG_ERR_NO_DATA and prevent CoW commands
167 * from working. */
168 for (i = 0; i < t; i++)
169 {
170 struct client_thread_s *thd = slist_nth_data (cn_thread_list, i);
171
172 if (!thd->cl)
173 continue;
174
175 if (thd->cl->filename && !strcmp (thd->cl->filename, cache->filename)
176 && !force)
177 {
178 cache->defer_clear = 1;
179 MUTEX_UNLOCK (&cn_mutex);
180 return 0;
181 }
182 }
183
184 pthread_cleanup_push (release_mutex_cb, &cn_mutex);
185 MUTEX_LOCK (&cache_mutex);
186 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
187
188 for (i = 0; i < t; i++)
189 {
190 struct client_thread_s *thd = slist_nth_data (cn_thread_list, i);
191
192 if (!thd->cl)
193 continue;
194
195 self = pthread_equal (pthread_self (), thd->tid);
196
197 if (thd->cl->filename && !strcmp (thd->cl->filename, cache->filename))
198 {
199 if (self)
200 {
201 found = thd;
202 continue;
203 }
204
205 /* Continue trying to find a client who has the same file open and
206 * also has a lock. */
207 rc = cache_lock_mutex (thd->cl->ctx, thd->cl->filename, -1, 0, -1);
208 if (!rc)
209 {
210 found = thd;
211 break;
212 }
213 }
214 }
215
216 if (self && (!rc || rc == GPG_ERR_NO_DATA) && found)
217 rc = cache_lock_mutex (found->cl->ctx, found->cl->filename, -1, 0, -1);
218
219 if (exiting || !rc || rc == GPG_ERR_NO_DATA)
220 {
221 cache_free_data_once (cache->data);
222 cache->data = NULL;
223 cache->defer_clear = 0;
224 cache->timeout = (long)-1;
225
226 if (found)
227 cache_unlock_mutex (found->cl->filename, 0);
228
229 rc = 0;
230 }
231
232 if (rc)
233 cache->defer_clear = 1;
234
235 pthread_cleanup_pop (1);
236 pthread_cleanup_pop (1);
237 return rc;
238 }
239
240 gpg_error_t
241 cache_unlock_mutex (const char *filename, int remove)
242 {
243 MUTEX_LOCK (&cache_mutex);
244 file_cache_t *p = get_entry (filename);
245
246 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
247
248 if (p)
249 {
250 MUTEX_UNLOCK (p->mutex);
251 if (remove)
252 remove_entry (filename);
253 }
254
255 pthread_cleanup_pop (1);
256 return p ? 0 : GPG_ERR_NO_DATA;
257 }
258
259 static gpg_error_t
260 test_agent_cache_once (file_cache_t *p, const char *grip)
261 {
262 gpg_error_t rc;
263 char *line;
264
265 (void)p;
266 rc = agent_command (cache_agent, &line, NULL, "KEYINFO --data %s", grip);
267 if (!rc)
268 {
269 char **fields = str_split (line, " ", 0);
270
271 /* Smartcard. */
272 if (*fields[1] == 'T')
273 rc = GPG_ERR_NO_DATA;
274 else
275 rc = isdigit (*fields[4]) || *fields[5] == 'C' ? 0 : GPG_ERR_NO_DATA;
276
277 strv_free (fields);
278 xfree (line);
279 }
280
281 return rc;
282 }
283
284 /* Test each keygrip in data->(sig)grip for gpg-agent cache status. The file is
285 * considered cached if at least one grip is cached in the agent or one siggrip
286 * is cached in the case of 'sign'.
287 */
288 static gpg_error_t
289 test_agent_cache (file_cache_t *data, int sign)
290 {
291 gpg_error_t rc = 0;
292 char **p;
293
294 if ((!data->grip && !sign) || (!data->siggrip && sign))
295 return GPG_ERR_NO_DATA;
296
297 for (p = data->grip; !sign && p && *p; p++)
298 {
299 rc = test_agent_cache_once (data, *p);
300 if (!rc || rc != GPG_ERR_NO_DATA)
301 break;
302 }
303
304 if (!rc && sign)
305 rc = test_agent_cache_once (data, data->siggrip);
306
307 return rc;
308 }
309
310 static gpg_error_t
311 extract_keygrip_once (struct crypto_s *crypto, char **keyids, int sign,
312 char ***dst)
313 {
314 gpgme_key_t *result;
315 gpgme_error_t rc;
316 int i;
317 char **grips = NULL;
318
319 rc = crypto_list_keys (crypto, keyids, sign, &result);
320 if (rc)
321 return rc;
322
323 for (i = 0; result[i]; i++)
324 {
325 gpgme_subkey_t s;
326
327 for (s = result[i]->subkeys; s; s = s->next)
328 {
329 char **k;
330
331 if (sign && !s->can_sign)
332 continue;
333
334 for (k = keyids; *k; k++)
335 {
336 if (!strcmp (*k, s->keyid) && s->keygrip)
337 {
338 char **tmp;
339 size_t len = strv_length (grips);
340
341 tmp = xrealloc (grips, len+2 * sizeof (char *));
342 if (!tmp)
343 {
344 rc = GPG_ERR_ENOMEM;
345 break;
346 }
347
348 grips = tmp;
349 grips[len] = str_dup (s->keygrip);
350 if (!grips[len])
351 {
352 rc = GPG_ERR_ENOMEM;
353 break;
354 }
355
356 grips[++len] = NULL;
357 }
358 }
359 }
360 }
361
362 if (!rc)
363 {
364 strv_free (*dst);
365 *dst = grips;
366 }
367 else
368 {
369 strv_free (grips);
370 grips = NULL;
371 }
372
373 crypto_free_key_list (result);
374 return rc ? rc : grips ? rc : GPG_ERR_NO_DATA;
375 }
376
377 static gpg_error_t
378 extract_keygrips (file_cache_t *data)
379 {
380 gpg_error_t rc = 0;
381 struct crypto_s *crypto;
382 char **grips = NULL, **siggrips = NULL;
383
384 if (!data || !data->data)
385 return 0;
386
387 rc = crypto_init (&crypto, NULL, NULL, 0, NULL);
388 if (rc)
389 return rc;
390
391 pthread_cleanup_push ((void *)crypto_free, crypto);
392
393 if (data->data->pubkey)
394 rc = extract_keygrip_once (crypto, data->data->pubkey, 0, &grips);
395
396 if (!rc && data->data->sigkey)
397 {
398 char **tmp = NULL;
399
400 strv_printf (&tmp, "%s", data->data->sigkey);
401 rc = extract_keygrip_once (crypto, tmp, 1, &siggrips);
402 strv_free (tmp);
403 }
404
405 if (!rc)
406 {
407 strv_free (data->grip);
408 data->grip = grips;
409 xfree (data->siggrip);
410 data->siggrip = NULL;
411 if (siggrips && *siggrips)
412 data->siggrip = str_dup (*siggrips);
413 strv_free (siggrips);
414 }
415 else
416 {
417 strv_free (grips);
418 strv_free (siggrips);
419 }
420
421 pthread_cleanup_pop (1);
422 return rc;
423 }
424
425 static gpg_error_t
426 iscached (const char *filename, int *defer, int agent, int sign)
427 {
428 file_cache_t *p = get_entry (filename);
429 gpg_error_t rc = 0;
430
431 if (!agent)
432 {
433 if (!p || !p->data)
434 return GPG_ERR_NO_DATA;
435
436 if (defer)
437 *defer = p->defer_clear;
438
439 return 0;
440 }
441
442 if (!p)
443 return GPG_ERR_NO_DATA;
444
445 if (defer)
446 *defer = p->defer_clear;
447
448 if (!rc && (p->grip || p->siggrip))
449 rc = test_agent_cache (p, sign);
450 else if (!rc)
451 rc = GPG_ERR_NO_DATA;
452
453 return rc;
454 }
455
456 unsigned
457 cache_file_count ()
458 {
459 MUTEX_LOCK (&cache_mutex);
460 unsigned total = 0, i, n;
461
462 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
463 n = slist_length (key_cache);
464 for (i = 0; i < n; i++)
465 {
466 file_cache_t *p = slist_nth_data (key_cache, i);
467
468 if (!iscached (p->filename, NULL, 0, 0))
469 total++;
470 }
471
472 pthread_cleanup_pop (1);
473 return total;
474 }
475
476 void
477 cache_adjust_timeout ()
478 {
479 MUTEX_LOCK (&cache_mutex);
480 int t = slist_length (key_cache);
481 int i;
482
483 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
484
485 for (i = 0; i < t; i++)
486 {
487 file_cache_t *p = slist_nth_data (key_cache, i);
488
489 if (p->timeout > 0)
490 p->timeout--;
491
492 if (!p->timeout || (p->defer_clear && p->timeout != (long)-1))
493 {
494 /* The file associated with this cache entry may be locked by a
495 * client. Defer freeing this cache entry until the next timeout
496 * check. */
497 gpg_error_t rc = clear_once (p, 1, 0);
498
499 if (!rc && !p->defer_clear)
500 send_status_all (STATUS_CACHE, NULL);
501 }
502 }
503
504 pthread_cleanup_pop (1);
505 }
506
507 static gpg_error_t
508 set_timeout (const char *filename, long timeout, int defer, int force)
509 {
510 MUTEX_LOCK (&cache_mutex);
511 file_cache_t *p = get_entry (filename);
512 gpg_error_t rc = 0;
513
514 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
515
516 if (p)
517 {
518 p->reset = timeout;
519 if (!p->defer_clear && (p->timeout == -1 || force))
520 p->timeout = timeout;
521
522 if (!timeout || defer)
523 {
524 rc = clear_once (p, 1, 0);
525 if (!rc)
526 send_status_all (STATUS_CACHE, NULL);
527 }
528 }
529 else
530 rc = GPG_ERR_NOT_FOUND;
531
532 pthread_cleanup_pop (1);
533 return rc;
534 }
535
536 gpg_error_t
537 cache_set_data (const char *filename, struct cache_data_s *data)
538 {
539 MUTEX_LOCK (&cache_mutex);
540 gpg_error_t rc = GPG_ERR_NO_DATA;
541 file_cache_t *p = get_entry (filename);
542
543 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
544
545 if (p)
546 {
547 xfree (data->filename);
548 data->filename = NULL;
549 if (p->filename)
550 data->filename = str_dup (p->filename);
551
552 p->data = data;
553 rc = set_timeout (filename, p->reset, p->defer_clear, 0);
554 if (!rc && !p->reset)
555 {
556 clear_once (p, 0, 0);
557 send_status_all (STATUS_CACHE, NULL);
558 }
559 else if (!rc)
560 rc = extract_keygrips (p);
561 }
562
563 pthread_cleanup_pop (1);
564 return p && !rc ? 0 : rc;
565 }
566
567 struct cache_data_s *
568 cache_get_data (const char *filename, int *defer)
569 {
570 MUTEX_LOCK (&cache_mutex);
571 file_cache_t *p = get_entry (filename);
572
573 if (defer && p)
574 *defer = p->defer_clear;
575 MUTEX_UNLOCK (&cache_mutex);
576 return p ? p->data : NULL;
577 }
578
579 gpg_error_t
580 cache_add_file (const char *filename, struct cache_data_s *data, long timeout)
581 {
582 MUTEX_LOCK (&cache_mutex);
583 file_cache_t *p = get_entry (filename);
584 struct slist_s *new;
585 gpg_error_t rc = 0;
586
587 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
588
589 if (p)
590 {
591 if (data)
592 {
593 char *str = p->filename ? str_dup (p->filename) : NULL;
594
595 if (p->filename && !str)
596 rc = GPG_ERR_ENOMEM;
597 else
598 {
599 xfree (data->filename);
600 data->filename = str;
601 }
602 }
603
604 if (!rc)
605 {
606 p->data = data;
607 p->refcount++;
608 rc = set_timeout (filename, timeout, p->defer_clear, 0);
609 }
610 }
611 else
612 {
613 p = xcalloc (1, sizeof (file_cache_t));
614 if (p)
615 {
616 p->mutex = (pthread_mutex_t *) xmalloc (sizeof (pthread_mutex_t));
617 if (p->mutex)
618 {
619 pthread_mutexattr_t attr;
620 pthread_mutexattr_init (&attr);
621 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
622 pthread_mutex_init (p->mutex, &attr);
623 pthread_mutexattr_destroy (&attr);
624 p->filename = str_dup (filename);
625
626 if (data)
627 {
628 xfree (data->filename);
629 data->filename = NULL;
630 data->filename = str_dup (p->filename);
631 }
632
633 p->data = data;
634 p->refcount++;
635 new = slist_append (key_cache, p);
636 if (new)
637 {
638 key_cache = new;
639 rc = cache_set_timeout(filename, timeout);
640 }
641 else
642 {
643 pthread_mutex_destroy (p->mutex);
644 xfree (p->mutex);
645 xfree (p->filename);
646 xfree (p);
647 p = NULL;
648 rc = GPG_ERR_ENOMEM;
649 }
650 }
651 else
652 {
653 xfree (p);
654 p = NULL;
655 rc = GPG_ERR_ENOMEM;
656 }
657 }
658 else
659 rc = GPG_ERR_ENOMEM;
660 }
661
662 if (!rc)
663 rc = extract_keygrips (p);
664
665 pthread_cleanup_pop (1);
666
667 if (!rc)
668 send_status_all (STATUS_CACHE, NULL);
669
670 return rc;
671 }
672
673 gpg_error_t
674 cache_clear_agent_keys (const char *filename, int decrypt, int sign)
675 {
676 MUTEX_LOCK (&cache_mutex);
677 gpg_error_t rc = 0;
678 char **key;
679 file_cache_t *p = get_entry (filename);
680
681 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
682
683 if (p)
684 {
685 for (key = p->grip; decrypt && key && *key; key++)
686 {
687 rc = agent_command (cache_agent, NULL, NULL,
688 "CLEAR_PASSPHRASE --mode=normal %s", *key);
689 if (rc)
690 break;
691 }
692
693 if (p->siggrip && sign)
694 {
695 rc = agent_command (cache_agent, NULL, NULL,
696 "CLEAR_PASSPHRASE --mode=normal %s", p->siggrip);
697 if (rc)
698 break;
699 }
700 }
701 else
702 rc = GPG_ERR_NOT_FOUND;
703
704 pthread_cleanup_pop (1);
705 return rc;
706 }
707
708 static gpg_error_t
709 clear_once (file_cache_t *p, int agent, int force)
710 {
711 gpg_error_t rc = 0, trc;
712
713 if (agent)
714 rc = cache_clear_agent_keys (p->filename, 1, 1);
715
716 trc = free_cache_data (p, force);
717 return rc ? rc : trc;
718 }
719
720 static void
721 free_entry (file_cache_t *p, int agent)
722 {
723 gpg_error_t rc;
724
725 if (!p)
726 return;
727
728 rc = clear_once (p, agent, 0);
729 if (rc)
730 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
731
732 if (p->mutex)
733 {
734 pthread_mutex_destroy (p->mutex);
735 xfree (p->mutex);
736 }
737
738 strv_free (p->grip);
739 xfree (p->siggrip);
740 xfree (p->filename);
741 key_cache = slist_remove (key_cache, p);
742 xfree (p);
743 }
744
745 gpg_error_t
746 cache_clear (struct client_s *client, const char *filename, int agent,
747 int force)
748 {
749 file_cache_t *p;
750 gpg_error_t rc = 0, all_rc = 0;
751 int i, t;
752
753 MUTEX_LOCK (&cache_mutex);
754 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
755
756 if (filename)
757 {
758 p = get_entry (filename);
759 if (p)
760 {
761 rc = clear_once (p, agent, force);
762 if (rc)
763 log_write ("%s(): %s", __FUNCTION__, pwmd_strerror (rc));
764 }
765 }
766 else
767 {
768 t = slist_length (key_cache);
769 for (i = 0; i < t; i++)
770 {
771 p = slist_nth_data (key_cache, i);
772
773 if (client)
774 {
775 assuan_peercred_t peer;
776 int n = client->no_access_param;
777
778 client->no_access_param = 1;
779 rc = do_validate_peer (client->ctx, p->filename, &peer);
780 client->no_access_param = n;
781 if (rc == GPG_ERR_FORBIDDEN)
782 rc = peer_is_invoker (client);
783
784 if (rc)
785 {
786 all_rc = !all_rc ? rc : all_rc;
787 continue;
788 }
789 }
790
791 clear_once (p, agent, 0);
792 }
793 }
794
795 pthread_cleanup_pop (1);
796 return filename ? rc : all_rc;
797 }
798
799 gpg_error_t
800 cache_iscached (const char *filename, int *defer, int agent, int sign)
801 {
802 gpg_error_t rc;
803
804 if (!filename)
805 return GPG_ERR_INV_PARAMETER;
806
807 MUTEX_LOCK (&cache_mutex);
808 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
809 rc = iscached (filename, defer, agent, sign);
810
811 /* Test if the data file disappeared from the filesystem. */
812 if ((!rc || gpg_err_code (rc) == GPG_ERR_NO_DATA)
813 && access (filename, R_OK) == -1)
814 {
815 rc = gpg_error_from_errno (errno);
816 if (gpg_err_code (rc) == GPG_ERR_ENOENT)
817 {
818 /* Fixes clearing the cache entry that was created during OPEN when
819 * SAVE'ing a new file. */
820 if ((defer && *defer == 1) || !defer)
821 {
822 rc = cache_defer_clear (filename);
823 if (!rc && defer)
824 *defer = 1;
825 }
826
827 rc = GPG_ERR_ENOENT;
828 }
829 }
830
831 pthread_cleanup_pop (1);
832 return rc;
833 }
834
835 gpg_error_t
836 cache_defer_clear (const char *filename)
837 {
838 MUTEX_LOCK (&cache_mutex);
839 file_cache_t *p = get_entry (filename);
840 gpg_error_t rc = 0;
841
842 if (!p)
843 rc = GPG_ERR_NOT_FOUND;
844 else
845 p->defer_clear = 1;
846
847 MUTEX_UNLOCK (&cache_mutex);
848 return rc;
849 }
850
851 gpg_error_t
852 cache_set_timeout (const char *filename, long timeout)
853 {
854 return set_timeout (filename, timeout, 0, 1);
855 }
856
857 void
858 cache_deinit ()
859 {
860 exiting = 1;
861 MUTEX_LOCK (&cache_mutex);
862 int i, t = slist_length (key_cache);
863
864 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
865 for (i = 0; i < t; i++)
866 {
867 file_cache_t *p = slist_nth_data (key_cache, i);
868
869 free_entry (p, 1);
870 t = slist_length (key_cache);
871 i = -1;
872 }
873
874 gcry_free (cache_key);
875 xfree (cache_iv);
876 cache_key = NULL;
877 cache_iv = NULL;
878 agent_free (cache_agent);
879 cache_agent = NULL;
880 pthread_cleanup_pop (1);
881 pthread_mutex_destroy (&cache_mutex);
882 }
883
884 void
885 cache_mutex_init ()
886 {
887 pthread_mutexattr_t attr;
888
889 pthread_mutexattr_init (&attr);
890 pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE);
891 pthread_mutex_init (&cache_mutex, &attr);
892 pthread_mutexattr_destroy (&attr);
893 }
894
895 gpg_error_t
896 cache_init ()
897 {
898 gpg_error_t rc = 0;
899
900 rc = agent_init (&cache_agent);
901 if (rc)
902 {
903 cache_agent = NULL;
904 return rc;
905 }
906
907 if (!cache_key)
908 {
909 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_BLKLEN, NULL,
910 &cache_blocksize);
911 if (rc)
912 return rc;
913
914 rc = gcry_cipher_algo_info (GCRY_CIPHER_AES, GCRYCTL_GET_KEYLEN, NULL,
915 &cache_keysize);
916 if (rc)
917 return rc;
918
919 cache_key = gcry_malloc (cache_keysize);
920 if (!cache_key)
921 return GPG_ERR_ENOMEM;
922
923 cache_iv = xmalloc (cache_blocksize);
924 if (!cache_iv)
925 {
926 gcry_free (cache_key);
927 cache_key = NULL;
928 return GPG_ERR_ENOMEM;
929 }
930
931 gcry_create_nonce (cache_key, cache_keysize);
932 gcry_create_nonce (cache_iv, cache_blocksize);
933 }
934
935
936 cache_mutex_init ();
937 return rc;
938 }
939
940 void
941 cache_lock ()
942 {
943 MUTEX_LOCK (&cache_mutex);
944 }
945
946 void
947 cache_unlock ()
948 {
949 MUTEX_UNLOCK (&cache_mutex);
950 }
951
952 static void
953 update_plaintext_pointer (xmlDocPtr plaintext)
954 {
955 unsigned i;
956 unsigned t;
957
958 t = slist_length (key_cache);
959 for (i = 0; i < t; i++)
960 {
961 file_cache_t *p = slist_nth_data (key_cache, i);
962
963 if (p->data && p->data->plaintext == plaintext)
964 p->data->plaintext = NULL;
965 }
966 }
967
968 void
969 cache_free_data_once (struct cache_data_s *data)
970 {
971 if (!data)
972 return;
973
974 xfree (data->filename);
975 strv_free (data->pubkey);
976 xfree (data->sigkey);
977 xfree (data->crc);
978 xfree (data->doc);
979 xfree (data);
980 }
981
982 static void
983 release_cipher (void *arg)
984 {
985 gcry_cipher_close ((gcry_cipher_hd_t) arg);
986 }
987
988 gpg_error_t
989 cache_encrypt (struct crypto_s *crypto)
990 {
991 gpg_error_t rc;
992 gcry_cipher_hd_t h;
993 size_t len = crypto->plaintext_size;
994
995 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC, 0);
996 if (rc)
997 return rc;
998
999 if (len % cache_blocksize)
1000 {
1001 unsigned char *p;
1002
1003 len += cache_blocksize - (len % cache_blocksize);
1004 p = xrealloc (crypto->plaintext, len * sizeof (unsigned char));
1005 if (!p)
1006 {
1007 gcry_cipher_close (h);
1008 return GPG_ERR_ENOMEM;
1009 }
1010
1011 crypto->plaintext = p;
1012 memset (&crypto->plaintext[crypto->plaintext_size], 0,
1013 len - crypto->plaintext_size);
1014 }
1015
1016 pthread_cleanup_push (release_cipher, h);
1017 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
1018 if (!rc)
1019 {
1020 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
1021 if (!rc)
1022 {
1023 unsigned char *buf = xmalloc (len);
1024
1025 pthread_cleanup_push (xfree, buf);
1026
1027 if (!buf)
1028 rc = GPG_ERR_ENOMEM;
1029
1030 if (!rc)
1031 {
1032 rc = gcry_cipher_encrypt (h, buf, len, crypto->plaintext, len);
1033 if (!rc)
1034 {
1035 xfree (crypto->plaintext);
1036 crypto->plaintext = buf;
1037 crypto->plaintext_size = len;
1038 }
1039 }
1040
1041 pthread_cleanup_pop (rc != 0);
1042 }
1043 }
1044
1045 pthread_cleanup_pop (1);
1046 return rc;
1047 }
1048
1049 gpg_error_t
1050 cache_decrypt (struct crypto_s *crypto)
1051 {
1052 gcry_cipher_hd_t h = NULL;
1053 gpg_error_t rc;
1054
1055 rc = gcry_cipher_open (&h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
1056 if (rc)
1057 return rc;
1058
1059 if (!rc)
1060 rc = gcry_cipher_setiv (h, cache_iv, cache_blocksize);
1061
1062 if (!rc)
1063 rc = gcry_cipher_setkey (h, cache_key, cache_keysize);
1064
1065 pthread_cleanup_push (release_cipher, h);
1066
1067 if (!rc)
1068 {
1069 rc = gcry_cipher_decrypt (h, crypto->plaintext, crypto->plaintext_size,
1070 NULL, 0);
1071 if (rc || strncmp ((char *)crypto->plaintext, "<?xml ", 6))
1072 {
1073 if (!rc)
1074 rc = GPG_ERR_BAD_DATA;
1075 }
1076 }
1077
1078 pthread_cleanup_pop (1);
1079 return rc;
1080 }
1081
1082 gpg_error_t
1083 cache_kill_scd ()
1084 {
1085 gpg_error_t rc;
1086
1087 MUTEX_LOCK (&cache_mutex);
1088 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
1089 rc = agent_kill_scd (cache_agent);
1090 pthread_cleanup_pop (1);
1091 return rc;
1092 }
1093
1094 gpg_error_t
1095 cache_agent_command (const char *cmd)
1096 {
1097 gpg_error_t rc;
1098
1099 MUTEX_LOCK (&cache_mutex);
1100 rc = agent_command (cache_agent, NULL, NULL, "%s", cmd);
1101 MUTEX_UNLOCK (&cache_mutex);
1102 return rc;
1103 }
1104
1105 void
1106 cache_release_mutex ()
1107 {
1108 MUTEX_UNLOCK (&cache_mutex);
1109 }
1110
1111 static gpg_error_t
1112 plaintext_get (struct cache_data_s *data, xmlDocPtr *r_doc)
1113 {
1114 unsigned i;
1115 unsigned t = slist_length (plaintext_list);
1116
1117 assert (r_doc != NULL);
1118
1119 for (i = 0; i < t; i++)
1120 {
1121 struct plaintext_s *p = slist_nth_data (plaintext_list, i);
1122
1123 if (!strcmp (p->filename, data->filename) && !p->modified)
1124 {
1125 *r_doc = p->plaintext;
1126 p->refcount++;
1127 return 0;
1128 }
1129 }
1130
1131 return GPG_ERR_NO_DATA;
1132 }
1133
1134 gpg_error_t
1135 cache_plaintext_get (const char *filename, xmlDocPtr *r_doc)
1136 {
1137 file_cache_t *p;
1138 gpg_error_t rc = 0;
1139
1140 MUTEX_LOCK (&cache_mutex);
1141 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
1142
1143 p = get_entry (filename);
1144 if (p && p->data)
1145 rc = plaintext_get (p->data, r_doc);
1146 else
1147 rc = GPG_ERR_NO_DATA;
1148
1149 pthread_cleanup_pop (1);
1150 return rc;
1151 }
1152
1153 static gpg_error_t
1154 release_plaintext (xmlDocPtr *plaintext)
1155 {
1156 unsigned i;
1157 unsigned t;
1158
1159 if (!plaintext)
1160 return GPG_ERR_NO_DATA;
1161
1162 t = slist_length (plaintext_list);
1163 for (i = 0; i < t; i++)
1164 {
1165 struct plaintext_s *p = slist_nth_data (plaintext_list, i);
1166
1167 if (p->plaintext == *plaintext)
1168 {
1169 assert (p->refcount > 0);
1170 if (--p->refcount == 0)
1171 {
1172 xmlFreeDoc (p->plaintext);
1173 xfree (p->filename);
1174 plaintext_list = slist_remove (plaintext_list, p);
1175 xfree (p);
1176 update_plaintext_pointer (*plaintext);
1177 *plaintext = NULL;
1178 }
1179
1180 return 0;
1181 }
1182 }
1183
1184 return GPG_ERR_NO_DATA;
1185 }
1186
1187 gpg_error_t
1188 cache_plaintext_release (xmlDocPtr *plaintext)
1189 {
1190 gpg_error_t rc = 0;
1191
1192 MUTEX_LOCK (&cache_mutex);
1193 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
1194 rc = release_plaintext (plaintext);
1195 pthread_cleanup_pop (1);
1196 return rc;
1197 }
1198
1199 gpg_error_t
1200 cache_plaintext_set (const char *filename, xmlDocPtr doc, int modified)
1201 {
1202 file_cache_t *p;
1203 gpg_error_t rc = 0;
1204
1205 MUTEX_LOCK (&cache_mutex);
1206 pthread_cleanup_push (release_mutex_cb, &cache_mutex);
1207
1208 p = get_entry (filename);
1209 if (p && p->data)
1210 {
1211 struct plaintext_s *s = xcalloc (1, sizeof (struct plaintext_s));
1212
1213 if (s)
1214 {
1215 s->filename = str_dup (p->data->filename);
1216 if (s->filename)
1217 {
1218 struct slist_s *l;
1219
1220 l = slist_append (plaintext_list, s);
1221 if (l)
1222 {
1223 plaintext_list = l;
1224 s->plaintext = p->data->plaintext = doc;
1225 s->modified = modified;
1226 s->refcount = 1;
1227 }
1228 else
1229 {
1230 xfree (s->filename);
1231 rc = GPG_ERR_ENOMEM;
1232 }
1233 }
1234 else
1235 rc = GPG_ERR_ENOMEM;
1236
1237 if (rc)
1238 xfree (s);
1239 }
1240 else
1241 rc = GPG_ERR_ENOMEM;
1242 }
1243 else
1244 rc = GPG_ERR_NO_DATA;
1245
1246 pthread_cleanup_pop (1);
1247 return rc;
1248 }
A server for managing passphrases and anything else.