search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tls: Disable TLS1.1 and CBC cipher suites by default.
[pwmd.git] / src / rcfile.c
blobbc7c8744745898f97e7df9729fbc88d32e1d1941
1 /*
2 Copyright (C) 2006-2019 Ben Kibbey <bjk@luxsci.net>
3
4 This file is part of pwmd.
5
6 Pwmd is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 2 of the License, or
9 (at your option) any later version.
10
11 Pwmd is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef HAVE_CONFIG_H
20 #include <config.h>
21 #endif
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <fcntl.h>
28 #include <errno.h>
29 #include <ctype.h>
30 #include <pwd.h>
31 #include <grp.h>
32
33 #include "pwmd-error.h"
34 #include "mutex.h"
35 #include "rcfile.h"
36 #include "util-misc.h"
37 #include "common.h"
38 #include "util-slist.h"
39 #include "util-string.h"
40 #include "mem.h"
41
42 #define DEFAULT_CACHE_TIMEOUT "600"
43 #define DEFAULT_KEEPALIVE_INTERVAL "60"
44 #define DEFAULT_LOCK_TIMEOUT "50" // MUTEX_TRYLOCK in tenths of a second
45 #define DEFAULT_BACKLOG "128"
46 #define DEFAULT_CIPHER_PRIORITY "SECURE256:SECURE192:SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-AES-128-CBC:-AES-256-CBC"
47
48 #define INVALID_VALUE(file, line) do { \
49 if (file) \
50 log_write(_("%s(%i): invalid value for parameter."), file, line); \
51 } while (0);
52
53 enum
54 {
55 PARAM_INT, PARAM_CHARP, PARAM_LONG, PARAM_LONGLONG, PARAM_CHARPP,
56 PARAM_BOOL, PARAM_INVALID
57 };
58
59 static struct config_params_s
60 {
61 const char *name;
62 int type;
63 const char *value;
64 } config_params[] = {
65 { "backup", PARAM_BOOL, "true"},
66 { "socket_path", PARAM_CHARP, NULL},
67 { "socket_perms", PARAM_CHARP, NULL},
68 { "backlog", PARAM_INT, DEFAULT_BACKLOG},
69 { "passphrase_file", PARAM_CHARP, NULL},
70 { "log_path", PARAM_CHARP, "~/.pwmd/log"},
71 { "enable_logging", PARAM_BOOL, "0"},
72 { "log_keepopen", PARAM_BOOL, "true"},
73 { "log_level", PARAM_INT, "0"},
74 { "disable_mlockall", PARAM_BOOL, "true"},
75 { "cache_timeout", PARAM_LONG, DEFAULT_CACHE_TIMEOUT},
76 { "cache_push", PARAM_CHARPP, NULL},
77 { "disable_list_and_dump", PARAM_BOOL, "false"},
78 { "recursion_depth", PARAM_INT, "100"},
79 { "syslog", PARAM_BOOL, "false"},
80 { "allowed", PARAM_CHARPP, NULL},
81 { "allowed_file", PARAM_CHARP, NULL},
82 { "priority", PARAM_INT, INVALID_PRIORITY},
83 { "keepalive_interval", PARAM_INT, DEFAULT_KEEPALIVE_INTERVAL},
84 { "tcp_port", PARAM_INT, "6466"},
85 { "enable_tcp", PARAM_BOOL, "false"},
86 { "tcp_require_key", PARAM_BOOL, "false"},
87 { "tcp_bind", PARAM_CHARP, "any"},
88 { "tcp_interface", PARAM_CHARP, NULL},
89 { "tls_timeout", PARAM_INT, "300"},
90 { "tls_cipher_suite", PARAM_CHARP, DEFAULT_CIPHER_PRIORITY},
91 { "tls_dh_params_file", PARAM_CHARP, NULL},
92 { "tls_use_crl", PARAM_BOOL, "false"},
93 { "require_save_key", PARAM_BOOL, "true"},
94 { "invoking_user", PARAM_CHARPP, NULL},
95 { "invoking_file", PARAM_CHARP, NULL},
96 { "encrypt_to", PARAM_BOOL, "false"},
97 { "always_trust", PARAM_BOOL, "false"},
98 { "gpg_homedir", PARAM_CHARP, NULL},
99 { "strict_kill", PARAM_BOOL, "false"},
100 { "lock_timeout", PARAM_LONG, DEFAULT_LOCK_TIMEOUT},
101 { "kill_scd", PARAM_BOOL, "false"},
102 { "strict_open", PARAM_BOOL, "false"},
103 { NULL, PARAM_INVALID, NULL},
104 };
105
106 struct config_param_s
107 {
108 char *name;
109 int type;
110 union
111 {
112 int itype;
113 char *cptype;
114 char **cpptype;
115 long ltype;
116 long long lltype;
117 } value;
118 };
119
120 struct config_keep_s
121 {
122 char *section;
123 char *name;
124 char *value;
125 };
126
127 static struct config_section_s *config_find_section (struct slist_s *config,
128 const char *name);
129 static int new_param (struct config_section_s *section, const char *filename,
130 int lineno, const char *name, const char *value,
131 int type);
132 static void free_section (struct config_section_s *s);
133 static int set_defaults (struct slist_s **config, int reload);
134
135 static void
136 section_remove_param (struct config_section_s *section, const char *name)
137 {
138 unsigned i, t = slist_length (section->params);
139
140 for (i = 0; i < t; i++)
141 {
142 struct config_param_s *p = slist_nth_data (section->params, i);
143
144 if (!p)
145 continue;
146
147 if (!strcmp (p->name, name))
148 {
149 switch (p->type)
150 {
151 case PARAM_CHARP:
152 xfree (p->value.cptype);
153 break;
154 case PARAM_CHARPP:
155 strv_free (p->value.cpptype);
156 break;
157 }
158
159 section->params = slist_remove (section->params, p);
160 xfree (p->name);
161 xfree (p);
162 break;
163 }
164 }
165 }
166
167 static struct config_param_s *
168 config_has_param (struct config_section_s *s, const char *what)
169 {
170 unsigned i, t = slist_length (s->params);
171
172 for (i = 0; i < t; i++)
173 {
174 struct config_param_s *p = slist_nth_data (s->params, i);
175 if (!p)
176 break;
177
178 if (!strcmp (p->name, what))
179 return p;
180 }
181
182 return NULL;
183 }
184
185 static struct config_param_s *
186 config_get_param (struct slist_s *config,
187 const char *section, const char *what, int *exists)
188 {
189 unsigned i, t = slist_length (config);
190
191 *exists = 0;
192
193 for (i = 0; i < t; i++)
194 {
195 struct config_param_s *p;
196 struct config_section_s *s = slist_nth_data (config, i);
197
198 if (!s)
199 break;
200
201 if (strcmp (s->name, section))
202 continue;
203
204 p = config_has_param (s, what);
205 if (!p)
206 return NULL;
207
208 *exists = 1;
209 return p;
210 }
211
212 return NULL;
213 }
214
215 static struct config_section_s *
216 new_section (struct slist_s **config, const char *name)
217 {
218 struct slist_s *tmp;
219 struct config_section_s *s = xcalloc (1, sizeof (struct config_section_s));
220
221 if (!s)
222 return NULL;
223
224 s->name = str_dup (name);
225 if (!s->name)
226 {
227 log_write ("%s", pwmd_strerror (ENOMEM));
228 xfree (s);
229 return NULL;
230 }
231
232 tmp = slist_append (*config, s);
233 if (!tmp)
234 {
235 log_write ("%s", pwmd_strerror (ENOMEM));
236 xfree (s->name);
237 xfree (s);
238 return NULL;
239 }
240
241 *config = tmp;
242 return s;
243 }
244
245 int
246 config_set_string_param (struct slist_s **config, const char *section,
247 const char *name, const char *value)
248 {
249 struct config_section_s *s = config_find_section (*config, section);
250
251 if (!s)
252 {
253 s = new_section (config, section);
254 if (!s)
255 return 1;
256 }
257
258 return new_param (s, NULL, 0, name, value, PARAM_CHARP);
259 }
260
261 char *
262 config_get_string_param (struct slist_s *config, const char *section,
263 const char *what, int *exists)
264 {
265 struct config_param_s *p = config_get_param (config, section, what, exists);
266 return *exists && p->value.cptype ? str_dup (p->value.cptype) : NULL;
267 }
268
269 int
270 config_set_int_param (struct slist_s **config, const char *section,
271 const char *name, const char *value)
272 {
273 struct config_section_s *s = config_find_section (*config, section);
274
275 if (!s)
276 {
277 s = new_section (config, section);
278 if (!s)
279 return 1;
280 }
281
282 return new_param (s, NULL, 0, name, value, PARAM_INT);
283 }
284
285 int
286 config_get_int_param (struct slist_s *config, const char *section,
287 const char *what, int *exists)
288 {
289 struct config_param_s *p = config_get_param (config, section, what, exists);
290 return *exists ? p->value.itype : -1;
291 }
292
293 int
294 config_set_bool_param (struct slist_s **config, const char *section,
295 const char *name, const char *value)
296 {
297 struct config_section_s *s = config_find_section (*config, section);
298
299 if (!s)
300 {
301 s = new_section (config, section);
302 if (!s)
303 return 1;
304 }
305
306 return new_param (s, NULL, 0, name, value, PARAM_BOOL);
307 }
308
309 int
310 config_get_bool_param (struct slist_s *config, const char *section,
311 const char *what, int *exists)
312 {
313 return config_get_int_param (config, section, what, exists);
314 }
315
316 int
317 config_set_long_param (struct slist_s **config, const char *section,
318 const char *name, const char *value)
319 {
320 struct config_section_s *s = config_find_section (*config, section);
321
322 if (!s)
323 {
324 s = new_section (config, section);
325 if (!s)
326 return 1;
327 }
328
329 return new_param (s, NULL, 0, name, value, PARAM_LONG);
330 }
331
332 long
333 config_get_long_param (struct slist_s *config, const char *section,
334 const char *what, int *exists)
335 {
336 struct config_param_s *p = config_get_param (config, section, what, exists);
337 return *exists ? p->value.ltype : -1;
338 }
339
340 int
341 config_set_longlong_param (struct slist_s **config, const char *section,
342 const char *name, const char *value)
343 {
344 struct config_section_s *s = config_find_section (*config, section);
345
346 if (!s)
347 {
348 s = new_section (config, section);
349 if (!s)
350 return 1;
351 }
352
353 return new_param (s, NULL, 0, name, value, PARAM_LONGLONG);
354 }
355
356 long long
357 config_get_longlong_param (struct slist_s *config,
358 const char *section, const char *what, int *exists)
359 {
360 struct config_param_s *p = config_get_param (config, section, what, exists);
361 return *exists ? p->value.lltype : -1;
362 }
363
364 int
365 config_set_list_param (struct slist_s **config, const char *section,
366 const char *name, const char *value)
367 {
368 struct config_section_s *s = config_find_section (*config, section);
369
370 if (!s)
371 {
372 s = new_section (config, section);
373 if (!s)
374 return 1;
375 }
376
377 return new_param (s, NULL, 0, name, value, PARAM_CHARPP);
378 }
379
380 char **
381 config_get_list_param (struct slist_s *config, const char *section,
382 const char *what, int *exists)
383 {
384 struct config_param_s *p = config_get_param (config, section, what, exists);
385 return *exists && p->value.cpptype ? strv_dup (p->value.cpptype) : NULL;
386 }
387
388 char *
389 config_get_string (const char *section, const char *what)
390 {
391 char *val = NULL;
392 const char *where = section ? section : "global";
393 int exists = 0;
394
395 MUTEX_LOCK (&rcfile_mutex);
396 val = config_get_string_param (global_config, where, what, &exists);
397 if (!exists && strcmp (section ? section : "", "global"))
398 val = config_get_string_param (global_config, "global", what, &exists);
399
400 MUTEX_UNLOCK (&rcfile_mutex);
401 return val;
402 }
403
404 char **
405 config_get_list (const char *section, const char *what)
406 {
407 char **val = NULL;
408 const char *where = section ? section : "global";
409 int exists = 0;
410
411 MUTEX_LOCK (&rcfile_mutex);
412 val = config_get_list_param (global_config, where, what, &exists);
413 if (!exists && strcmp (section ? section : "", "global"))
414 val = config_get_list_param (global_config, "global", what, &exists);
415
416 MUTEX_UNLOCK (&rcfile_mutex);
417 return val;
418 }
419
420 int
421 config_get_integer (const char *section, const char *what)
422 {
423 int val = 0;
424 const char *where = section ? section : "global";
425 int exists = 0;
426
427 MUTEX_LOCK (&rcfile_mutex);
428 val = config_get_int_param (global_config, where, what, &exists);
429 if (!exists && strcmp (section ? section : "", "global"))
430 val = config_get_int_param (global_config, "global", what, &exists);
431
432 MUTEX_UNLOCK (&rcfile_mutex);
433 return val;
434 }
435
436 long long
437 config_get_longlong (const char *section, const char *what)
438 {
439 long long val = 0;
440 const char *where = section ? section : "global";
441 int exists = 0;
442
443 MUTEX_LOCK (&rcfile_mutex);
444 val = config_get_longlong_param (global_config, where, what, &exists);
445 if (!exists && strcmp (section ? section : "", "global"))
446 val = config_get_longlong_param (global_config, "global", what, &exists);
447
448 MUTEX_UNLOCK (&rcfile_mutex);
449 return val;
450 }
451
452 long
453 config_get_long (const char *section, const char *what)
454 {
455 long val = 0;
456 const char *where = section ? section : "global";
457 int exists = 0;
458
459 MUTEX_LOCK (&rcfile_mutex);
460 val = config_get_long_param (global_config, where, what, &exists);
461 if (!exists && strcmp (section ? section : "", "global"))
462 val = config_get_long_param (global_config, "global", what, &exists);
463
464 MUTEX_UNLOCK (&rcfile_mutex);
465 return val;
466 }
467
468 int
469 config_get_boolean (const char *section, const char *what)
470 {
471 return config_get_integer (section, what);
472 }
473
474 char *
475 config_get_value (const char *section, const char *what)
476 {
477 const char *where = section ? section : "global";
478 int exists = 0;
479 int i;
480 int ival;
481 long lval;
482 long long llval;
483 char *cpval;
484 char **cppval;
485 char *result = NULL;
486
487 MUTEX_LOCK (&rcfile_mutex);
488
489 for (i = 0; config_params[i].name; i++)
490 {
491 if (!strcmp (config_params[i].name, what))
492 {
493 switch (config_params[i].type)
494 {
495 case PARAM_BOOL:
496 case PARAM_INT:
497 ival = config_get_int_param (global_config, where, what,
498 &exists);
499 if (!exists && strcmp (section ? section : "", "global"))
500 ival = config_get_int_param (global_config, "global", what,
501 &exists);
502 result = str_asprintf ("%i", ival);
503 break;
504 case PARAM_CHARP:
505 cpval = config_get_string_param (global_config, where, what,
506 &exists);
507 if (!exists && strcmp (section ? section : "", "global"))
508 cpval =
509 config_get_string_param (global_config, "global", what,
510 &exists);
511 result = cpval;
512 break;
513 case PARAM_LONG:
514 lval = config_get_long_param (global_config, where, what,
515 &exists);
516 if (!exists && strcmp (section ? section : "", "global"))
517 lval = config_get_long_param (global_config, "global", what,
518 &exists);
519 result = str_asprintf ("%li", lval);
520 break;
521 case PARAM_LONGLONG:
522 llval = config_get_longlong_param (global_config, where, what,
523 &exists);
524 if (!exists && strcmp (section ? section : "", "global"))
525 llval = config_get_longlong_param (global_config, "global",
526 what, &exists);
527 result = str_asprintf ("%lli", llval);
528 break;
529 case PARAM_CHARPP:
530 cppval = config_get_list_param (global_config, where, what,
531 &exists);
532 if (!exists && strcmp (section ? section : "", "global"))
533 cppval = config_get_list_param (global_config, "global", what,
534 &exists);
535
536 if (cppval)
537 result = strv_join (",", cppval);
538
539 strv_free (cppval);
540 break;
541 }
542 }
543 }
544
545 MUTEX_UNLOCK (&rcfile_mutex);
546 return result;
547 }
548
549 /* 'file' is the list parameter file to load into the list parameter 'what'.
550 * The parsing of the parameter is not done here. */
551 static gpg_error_t
552 parse_list_file (struct slist_s *config, const char *section,
553 const char *file, const char *what)
554 {
555 FILE *fp;
556 char buf[LINE_MAX] = {0};
557 int exists;
558 char **list = NULL;
559 char *tmp;
560 char *p = config_get_string_param (config, section, file, &exists);
561 gpg_error_t rc;
562
563 if (!p || !*p)
564 {
565 xfree (p);
566 return 0;
567 }
568
569 tmp = expand_homedir (p);
570 xfree (p);
571 p = tmp;
572 fp = fopen (p, "r");
573 if (!fp)
574 {
575 rc = gpg_error_from_errno (errno);
576 log_write ("%s: %s", p, pwmd_strerror (rc));
577 xfree (p);
578 return rc;
579 }
580
581 xfree (p);
582 list = config_get_list_param (config, section, what, &exists);
583 if (!list && exists)
584 {
585 fclose (fp);
586 log_write ("%s", pwmd_strerror (ENOMEM));
587 return gpg_error (ENOMEM);
588 }
589
590 while ((p = fgets (buf, sizeof (buf)-1, fp)))
591 {
592 char **pp = NULL;
593
594 if (p[strlen(p)-1] == '\n')
595 p[strlen(p)-1] = 0;
596
597 while (*p && isspace (*p))
598 p++;
599
600 if (!*p || *p == ';')
601 continue;
602
603 tmp = str_dup (p);
604 if (tmp)
605 pp = strv_cat (list, str_dup (p));
606
607 if (!pp || !tmp)
608 {
609 xfree (tmp);
610 strv_free (list);
611 fclose (fp);
612 log_write ("%s", strerror (ENOMEM));
613 return gpg_error (ENOMEM);
614 }
615
616 xfree (tmp);
617 list = pp;
618 }
619
620 fclose(fp);
621 if (!list)
622 return 0;
623
624 p = strv_join (",", list);
625 strv_free (list);
626
627 if (!p)
628 {
629 log_write ("%s", pwmd_strerror (ENOMEM));
630 return gpg_error (ENOMEM);
631 }
632
633 config_set_list_param (&config, section, what, p);
634 xfree (p);
635 return 0;
636 }
637
638 static int
639 fixup_allowed_once (struct slist_s **config, const char *section)
640 {
641 char **list, **pp, *p;
642 int exists;
643 gpg_error_t rc;
644
645 rc = parse_list_file (*config, section, "allowed_file", "allowed");
646 if (rc)
647 return 1;
648
649 list = config_get_list_param (*config, section, "allowed", &exists);
650 for (pp = list; pp && *pp; pp++)
651 {
652 if (*(*pp) == '#')
653 {
654 for (p = *pp; p && *p; p++)
655 *p = toupper(*p);
656 }
657 }
658
659 strv_free (list);
660 if (!exists)
661 {
662 if (!strcmp (section, "global"))
663 {
664 p = get_username (getuid());
665
666 if (config_set_list_param (config, section, "allowed", p))
667 {
668 xfree (p);
669 return 1;
670 }
671
672 xfree (p);
673 }
674 else
675 {
676 list = config_get_list_param (*config, "global", "allowed", &exists);
677 if (list)
678 {
679 p = strv_join (",", list);
680 strv_free (list);
681 if (config_set_list_param (config, section, "allowed", p))
682 {
683 xfree (p);
684 return 1;
685 }
686
687 xfree (p);
688 }
689 }
690 }
691
692 return 0;
693 }
694
695 static int
696 fixup_allowed (struct slist_s **config)
697 {
698 int n, t = slist_length (*config);
699
700 for (n = 0; n < t; n++)
701 {
702 struct config_section_s *section;
703
704 section = slist_nth_data (*config, n);
705 if (fixup_allowed_once (config, section->name))
706 return 1;
707 }
708
709 return 0;
710 }
711
712 static int
713 add_invoking_user (struct invoking_user_s **users, char *id,
714 struct slist_s **config)
715 {
716 struct passwd *pwd = NULL;
717 struct group *grp = NULL;
718 struct invoking_user_s *user, *p;
719 int not = 0;
720
721 if (id && (*id == '!' || *id == '-'))
722 {
723 not = 1;
724 id++;
725 }
726
727 errno = 0;
728 if (!id || !*id)
729 {
730 pwd = getpwuid (getuid ());
731 if (!pwd)
732 {
733 log_write (_("could not set any invoking user: %s"),
734 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
735 return 1;
736 }
737 }
738 else if (*id == '@')
739 {
740 grp = getgrnam (id+1);
741 if (!grp)
742 {
743 log_write (_("could not parse group '%s': %s"), id+1,
744 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
745 return 1;
746 }
747 }
748 else if (*id != '#')
749 pwd = getpwnam (id);
750
751 if (!grp && !pwd && id && *id != '#')
752 {
753 if (id && *id)
754 log_write (_("could not set invoking user '%s': %s"), id,
755 pwmd_strerror (errno ? errno : GPG_ERR_INV_VALUE));
756 else
757 log_write (_("could not set any invoking user!"));
758
759 return 1;
760 }
761
762 user = xcalloc (1, sizeof (struct invoking_user_s));
763 if (!user)
764 {
765 log_write ("%s", pwmd_strerror (ENOMEM));
766 return 1;
767 }
768
769 user->not = not;
770 user->type = pwd ? INVOKING_UID : grp ? INVOKING_GID : INVOKING_TLS;
771 if (pwd)
772 user->uid = pwd->pw_uid;
773 else if (grp)
774 user->id = str_dup (id+1);
775 else
776 {
777 char *s;
778
779 for (s = id; s && *s; s++)
780 *s = toupper(*s);
781
782 user->id = str_dup (id+1);
783 }
784
785 /* Set the default invoking_user since it doesn't exist. */
786 if (pwd && (!id || !*id))
787 config_set_list_param (config, "global", "invoking_user", pwd->pw_name);
788
789 if (!*users)
790 {
791 *users = user;
792 return 0;
793 }
794
795 for (p = *users; p; p = p->next)
796 {
797 if (!p->next)
798 {
799 p->next = user;
800 break;
801 }
802 }
803
804 return 0;
805 }
806
807 static int
808 parse_invoking_users (struct slist_s **config)
809 {
810 struct invoking_user_s *users = NULL;
811 int exists;
812 char **list, **l;
813
814 if (parse_list_file (*config, "global", "invoking_file", "invoking_user"))
815 return 1;
816
817 list = config_get_list_param (*config, "global", "invoking_user", &exists);
818 for (l = list; l && *l; l++)
819 {
820 if (add_invoking_user (&users, *l, config))
821 {
822 strv_free (list);
823 free_invoking_users (users);
824 return 1;
825 }
826 }
827
828 if (!list || !*list)
829 {
830 if (add_invoking_user (&users, NULL, config))
831 {
832 strv_free (list);
833 return 1;
834 }
835 }
836
837 free_invoking_users (invoking_users);
838 invoking_users = users;
839 strv_free (list);
840 return 0;
841 }
842
843 static int
844 set_defaults (struct slist_s **config, int reload)
845 {
846 char *s = NULL;
847 char **list;
848 int exists;
849 int i;
850
851 for (i = 0; config_params[i].name; i++)
852 {
853 switch (config_params[i].type)
854 {
855 case PARAM_BOOL:
856 config_get_bool_param (*config, "global", config_params[i].name,
857 &exists);
858 if (!exists)
859 {
860 if (config_set_bool_param
861 (config, "global", config_params[i].name,
862 config_params[i].value))
863 goto fail;
864 }
865 break;
866 case PARAM_INT:
867 config_get_int_param (*config, "global", config_params[i].name,
868 &exists);
869 if (!exists)
870 {
871 if (config_set_int_param
872 (config, "global", config_params[i].name,
873 config_params[i].value))
874 goto fail;
875 }
876 break;
877 case PARAM_CHARP:
878 s = config_get_string_param (*config, "global",
879 config_params[i].name, &exists);
880 xfree (s);
881 if (!exists && config_params[i].value)
882 {
883 if (config_set_string_param (config, "global",
884 config_params[i].name,
885 config_params[i].value))
886 goto fail;
887 }
888 break;
889 case PARAM_CHARPP:
890 list = config_get_list_param (*config, "global",
891 config_params[i].name, &exists);
892 strv_free (list);
893 if (!exists && config_params[i].value)
894 {
895 if (config_set_list_param (config, "global",
896 config_params[i].name,
897 config_params[i].value))
898 goto fail;
899 }
900 break;
901 case PARAM_LONG:
902 config_get_long_param (*config, "global", config_params[i].name,
903 &exists);
904 if (!exists)
905 {
906 if (config_set_long_param
907 (config, "global", config_params[i].name,
908 config_params[i].value))
909 goto fail;
910 }
911 break;
912 case PARAM_LONGLONG:
913 config_get_longlong_param (*config, "global", config_params[i].name,
914 &exists);
915 if (!exists)
916 {
917 if (config_set_longlong_param (config, "global",
918 config_params[i].name,
919 config_params[i].value))
920 goto fail;
921 }
922 break;
923 }
924 }
925
926 s = NULL;
927 if (!reload && fixup_allowed (config))
928 goto fail;
929
930 if (!reload && parse_invoking_users (config))
931 goto fail;
932
933 log_level = config_get_int_param (*config, "global",
934 "log_level", &exists);
935 log_keepopen = config_get_int_param (*config, "global",
936 "log_keepopen", &exists);
937 max_recursion_depth = config_get_int_param (*config, "global",
938 "recursion_depth", &exists);
939 disable_list_and_dump = config_get_bool_param (*config, "global",
940 "disable_list_and_dump",
941 &exists);
942 #ifdef HAVE_MLOCKALL
943 disable_mlock =
944 config_get_bool_param (*config, "global", "disable_mlockall", &exists);
945 #endif
946
947 xfree (s);
948 return 0;
949
950 fail:
951 xfree (s);
952 return 1;
953 }
954
955 static struct config_section_s *
956 config_find_section (struct slist_s *config, const char *name)
957 {
958 unsigned i, t = slist_length (config);
959
960 for (i = 0; i < t; i++)
961 {
962 struct config_section_s *s = slist_nth_data (config, i);
963
964 if (!strcmp (s->name, name))
965 return s;
966 }
967
968 return NULL;
969 }
970
971 /* Append a new parameter to the list of parameters for a file
972 * section. When an existing parameter of the same name exists, its
973 * value is updated.
974 */
975 static int
976 new_param (struct config_section_s *section, const char *filename, int lineno,
977 const char *name, const char *value, int type)
978 {
979 struct config_param_s *param = NULL;
980 struct slist_s *tmp;
981 char *e;
982 unsigned i, t = slist_length (section->params);
983 int dup = 0;
984
985 for (i = 0; i < t; i++)
986 {
987 struct config_param_s *p = slist_nth_data (section->params, i);
988 if (!p)
989 break;
990
991 if (!strcmp (name, p->name))
992 {
993 param = p;
994 dup = 1;
995 break;
996 }
997 }
998
999 if (!param)
1000 {
1001 param = xcalloc (1, sizeof (struct config_param_s));
1002 if (!param)
1003 {
1004 log_write ("%s", pwmd_strerror (ENOMEM));
1005 return 1;
1006 }
1007
1008 param->name = str_dup (name);
1009 if (!param->name)
1010 {
1011 xfree (param);
1012 log_write ("%s", pwmd_strerror (ENOMEM));
1013 return 1;
1014 }
1015 }
1016
1017 param->type = type;
1018
1019 switch (type)
1020 {
1021 case PARAM_BOOL:
1022 if (!strcasecmp (value, "no") || !strcasecmp (value, "0")
1023 || !strcasecmp (value, "false"))
1024 param->value.itype = 0;
1025 else if (!strcasecmp (value, "yes") || !strcasecmp (value, "1")
1026 || !strcasecmp (value, "true"))
1027 param->value.itype = 1;
1028 else
1029 {
1030 INVALID_VALUE (filename, lineno);
1031 goto fail;
1032 }
1033 param->type = PARAM_INT;
1034 break;
1035 case PARAM_CHARP:
1036 xfree (param->value.cptype);
1037 param->value.cptype = NULL;
1038 param->value.cptype = value && *value ? str_dup (value) : NULL;
1039 if (value && *value && !param->value.cptype)
1040 {
1041 log_write ("%s", pwmd_strerror (ENOMEM));
1042 goto fail;
1043 }
1044 break;
1045 case PARAM_CHARPP:
1046 strv_free (param->value.cpptype);
1047 param->value.cpptype = NULL;
1048 param->value.cpptype = value && *value ?
1049 str_split_ws (value, ",", 0) : NULL;
1050 if (value && *value && !param->value.cpptype)
1051 {
1052 log_write ("%s", pwmd_strerror (ENOMEM));
1053 goto fail;
1054 }
1055 break;
1056 case PARAM_INT:
1057 param->value.itype = strtol (value, &e, 10);
1058 if (e && *e)
1059 {
1060 INVALID_VALUE (filename, lineno);
1061 goto fail;
1062 }
1063 break;
1064 case PARAM_LONG:
1065 param->value.ltype = strtol (value, &e, 10);
1066 if (e && *e)
1067 {
1068 INVALID_VALUE (filename, lineno);
1069 goto fail;
1070 }
1071 break;
1072 case PARAM_LONGLONG:
1073 param->value.lltype = strtoll (value, &e, 10);
1074 if (e && *e)
1075 {
1076 INVALID_VALUE (filename, lineno);
1077 goto fail;
1078 }
1079 break;
1080 }
1081
1082 if (dup)
1083 return 0;
1084
1085 tmp = slist_append (section->params, param);
1086 if (!tmp)
1087 {
1088 log_write ("%s", pwmd_strerror (ENOMEM));
1089 goto fail;
1090 }
1091
1092 section->params = tmp;
1093 return 0;
1094
1095 fail:
1096 xfree (param->name);
1097 xfree (param);
1098 return 1;
1099 }
1100
1101 struct slist_s *
1102 config_parse (const char *filename, int reload)
1103 {
1104 struct slist_s *tmpconfig = NULL, *tmp;
1105 struct config_section_s *cur_section = NULL;
1106 char buf[LINE_MAX] = {0};
1107 char *s;
1108 int lineno = 1;
1109 int have_global = 0;
1110 FILE *fp = fopen (filename, "r");
1111
1112 if (!fp)
1113 {
1114 log_write ("%s: %s", filename,
1115 pwmd_strerror (gpg_error_from_errno (errno)));
1116
1117 if (errno != ENOENT)
1118 return NULL;
1119
1120 log_write (_("Using defaults!"));
1121 goto defaults;
1122 }
1123
1124 for (; (s = fgets (buf, sizeof (buf), fp)); lineno++)
1125 {
1126 char line[LINE_MAX] = { 0 };
1127 size_t len = 0;
1128 int match = 0;
1129
1130 if (*s == '#')
1131 continue;
1132
1133 s = str_chomp (s);
1134 if (!*s)
1135 continue;
1136
1137 /* New file section. */
1138 if (*s == '[')
1139 {
1140 struct config_section_s *section;
1141 char *p = strchr (++s, ']');
1142
1143 if (!p)
1144 {
1145 log_write (_("%s(%i): unbalanced braces"), filename, lineno);
1146 goto fail;
1147 }
1148
1149 if (*(p+1))
1150 {
1151 log_write (_("%s(%i): trailing characters"), filename, lineno);
1152 goto fail;
1153 }
1154
1155 len = strlen (s) - strlen (p);
1156 memcpy (line, s, len);
1157 line[len] = 0;
1158
1159 section = config_find_section (tmpconfig, line);
1160 if (section)
1161 {
1162 log_write (_("%s(%i): section '%s' already exists!"),
1163 filename, lineno, line);
1164 goto fail;
1165 }
1166
1167 if (!strcmp (line, "global"))
1168 have_global = 1;
1169
1170 section = xcalloc (1, sizeof (struct config_section_s));
1171 section->name = str_dup (line);
1172
1173 if (cur_section)
1174 {
1175 tmp = slist_append (tmpconfig, cur_section);
1176 if (!tmp)
1177 {
1178 log_write ("%s", pwmd_strerror (ENOMEM));
1179 goto fail;
1180 }
1181
1182 tmpconfig = tmp;
1183 }
1184
1185 cur_section = section;
1186 continue;
1187 }
1188
1189 if (!cur_section)
1190 {
1191 log_write (_("%s(%i): parameter outside of section!"), filename,
1192 lineno);
1193 goto fail;
1194 }
1195
1196 /* Parameters for each section. */
1197 for (int m = 0; config_params[m].name; m++)
1198 {
1199 len = strlen (config_params[m].name);
1200 if (!strncmp (s, config_params[m].name, len))
1201 {
1202 char *p = s + len;
1203
1204 while (*p && *p == ' ')
1205 p++;
1206
1207 if (!*p || *p != '=')
1208 continue;
1209
1210 p++;
1211 while (*p && isspace (*p))
1212 p++;
1213
1214 s[len] = 0;
1215 if (new_param (cur_section, filename, lineno, s, p,
1216 config_params[m].type))
1217 goto fail;
1218
1219 match = 1;
1220 break;
1221 }
1222 }
1223
1224 if (!match)
1225 {
1226 log_write (_("%s(%i): unknown parameter"), filename, lineno);
1227 goto fail;
1228 }
1229 }
1230
1231 if (cur_section)
1232 {
1233 tmp = slist_append (tmpconfig, cur_section);
1234 if (!tmp)
1235 {
1236 log_write ("%s", pwmd_strerror (ENOMEM));
1237 goto fail;
1238 }
1239
1240 cur_section = NULL;
1241 tmpconfig = tmp;
1242 }
1243
1244 if (!have_global)
1245 log_write (_
1246 ("WARNING: %s: could not find a [global] configuration section!"),
1247 filename);
1248
1249 defaults:
1250 if (set_defaults (&tmpconfig, reload))
1251 goto fail;
1252
1253 if (fp)
1254 fclose(fp);
1255
1256 return tmpconfig;
1257
1258 fail:
1259 if (fp)
1260 fclose (fp);
1261
1262 config_free (tmpconfig);
1263 free_section (cur_section);
1264 return NULL;
1265 }
1266
1267 static void
1268 free_section (struct config_section_s *s)
1269 {
1270 if (!s)
1271 return;
1272
1273 for (;;)
1274 {
1275 struct config_param_s *p = slist_nth_data (s->params, 0);
1276
1277 if (!p)
1278 break;
1279
1280 section_remove_param (s, p->name);
1281 }
1282
1283 s->params = NULL;
1284 xfree (s->name);
1285 s->name = NULL;
1286 }
1287
1288 void
1289 config_free (struct slist_s *config)
1290 {
1291 for (;;)
1292 {
1293 struct config_section_s *s = slist_nth_data (config, 0);
1294 if (!s)
1295 break;
1296
1297 free_section (s);
1298 config = slist_remove (config, s);
1299 xfree (s);
1300 }
1301 }
1302
1303 void
1304 free_invoking_users (struct invoking_user_s *users)
1305 {
1306 struct invoking_user_s *p;
1307
1308 for (p = users; p;)
1309 {
1310 struct invoking_user_s *next = p->next;
1311
1312 if (p->type == INVOKING_TLS || p->type == INVOKING_GID)
1313 xfree (p->id);
1314
1315 xfree (p);
1316 p = next;
1317 }
1318 }
1319
1320 static int
1321 param_type (const char *name)
1322 {
1323 int i;
1324
1325 for (i = 0; config_params[i].name; i++)
1326 {
1327 if (!strcmp (config_params[i].name, name))
1328 return config_params[i].type;
1329 }
1330
1331 return PARAM_INVALID;
1332 }
1333
1334 static int
1335 keep_parse (struct config_keep_s *k, const char *section, const char *key)
1336 {
1337 int exists;
1338 int ival;
1339 long lval;
1340 long long llval;
1341 char *cpval;
1342 char **cppval;
1343 int type = param_type (key);
1344 void *value = NULL;
1345
1346 switch (type)
1347 {
1348 case PARAM_BOOL:
1349 case PARAM_INT:
1350 ival = config_get_int_param (global_config, section, key, &exists);
1351 if (exists)
1352 value = str_asprintf ("%i", ival);
1353 break;
1354 case PARAM_LONG:
1355 lval = config_get_long_param (global_config, section, key, &exists);
1356 if (exists)
1357 value = str_asprintf ("%li", lval);
1358 break;
1359 case PARAM_LONGLONG:
1360 llval = config_get_longlong_param (global_config, section, key, &exists);
1361 if (exists)
1362 value = str_asprintf ("%lli", llval);
1363 break;
1364 case PARAM_CHARP:
1365 cpval = config_get_string_param (global_config, section, key, &exists);
1366 if (exists)
1367 value = cpval;
1368 break;
1369 case PARAM_CHARPP:
1370 cppval = config_get_list_param (global_config, section, key, &exists);
1371 if (exists)
1372 {
1373 char *s = strv_join (",", cppval);
1374
1375 strv_free (cppval);
1376 value = s;
1377 }
1378 break;
1379 default:
1380 return 1;
1381 }
1382
1383 if (!value)
1384 return 1;
1385
1386 k->section = str_dup(section);
1387 k->name = str_dup(key);
1388 k->value = value;
1389 return 0;
1390 }
1391
1392 static struct slist_s *
1393 keep_add (struct slist_s *k, const char *s, const char *key)
1394 {
1395 int n, t = slist_length (global_config);
1396
1397 for (n = 0; n < t; n++)
1398 {
1399 struct config_section_s *section;
1400 struct config_keep_s *tmp;
1401 int ret;
1402
1403 section = slist_nth_data (global_config, n);
1404 tmp = xcalloc (1, sizeof(struct config_keep_s));
1405
1406 // Process all sections.
1407 if (!s)
1408 ret = keep_parse (tmp, section->name, key);
1409 else
1410 ret = keep_parse (tmp, s, key);
1411
1412 if (!ret)
1413 k = slist_append (k, tmp);
1414 else
1415 xfree (tmp);
1416 }
1417
1418 return k;
1419 }
1420
1421 /* Keep security sensitive settings across SIGHUP. */
1422 struct slist_s *
1423 config_keep_save ()
1424 {
1425 struct slist_s *keep = NULL;
1426
1427 #ifdef WITH_GNUTLS
1428 keep = keep_add (keep, NULL, "tcp_require_key");
1429 #endif
1430 keep = keep_add (keep, NULL, "require_save_key");
1431 keep = keep_add (keep, NULL, "allowed");
1432 keep = keep_add (keep, NULL, "allowed_file");
1433 keep = keep_add (keep, "global", "encrypt_to");
1434 keep = keep_add (keep, "global", "always_trust");
1435 keep = keep_add (keep, "global", "invoking_user");
1436 keep = keep_add (keep, "global", "invoking_file");
1437 keep = keep_add (keep, "global", "gpg_homedir");
1438 return keep;
1439 }
1440
1441 /* Restore parameters previously saved with config_keep_save(). This will also
1442 * free the 'keep'.
1443 */
1444 void
1445 config_keep_restore (struct slist_s *keep)
1446 {
1447 int n, t = slist_length (keep);
1448
1449 for (n = 0; n < t; n++)
1450 {
1451 struct config_keep_s *k = slist_nth_data (keep, n);
1452 int type = param_type (k->name);
1453
1454 switch (type)
1455 {
1456 case PARAM_BOOL:
1457 config_set_bool_param (&global_config, k->section, k->name, k->value);
1458 break;
1459 case PARAM_INT:
1460 config_set_int_param (&global_config, k->section, k->name, k->value);
1461 break;
1462 case PARAM_LONG:
1463 config_set_long_param (&global_config, k->section, k->name, k->value);
1464 break;
1465 case PARAM_LONGLONG:
1466 config_set_longlong_param (&global_config, k->section, k->name,
1467 k->value);
1468 break;
1469 case PARAM_CHARP:
1470 config_set_string_param (&global_config, k->section, k->name,
1471 k->value);
1472 break;
1473 case PARAM_CHARPP:
1474 config_set_list_param (&global_config, k->section, k->name, k->value);
1475 break;
1476 default:
1477 break;
1478 }
1479
1480 xfree (k->section);
1481 xfree (k->name);
1482 xfree (k->value);
1483 xfree (k);
1484 }
1485
1486 slist_free (keep);
1487 }
A server for managing passphrases and anything else.