2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
30 #include <sys/socket.h>
44 #include <netinet/in.h>
45 #include <arpa/inet.h>
48 #include <sys/resource.h>
62 #ifdef HAVE_GETOPT_LONG
67 #include "getopt_long.h"
70 #ifdef HAVE_PR_SET_NAME
71 #include <sys/prctl.h>
74 #include "pwmd-error.h"
77 #include "util-misc.h"
83 #include "util-string.h"
90 /* In tenths of a second. */
93 /* For (tcp_)accept_thread (usec). */
94 #define ACCEPT_TIMEOUT 30000
101 static pthread_cond_t quit_cond
;
102 static pthread_mutex_t quit_mutex
;
103 static int no_passphrase_file
= 0;
104 static pthread_t keepalive_tid
;
107 #ifndef HAVE_PTHREAD_CANCEL
108 static pthread_key_t signal_thread_key
;
114 static pthread_t tls_tid
;
115 static pthread_t tls6_tid
;
116 static int spawned_tls
;
117 static int spawned_tls6
;
119 static int start_stop_tls (int term
);
122 static int do_cache_push (const char *filename
, struct crypto_s
*crypto
);
123 static int signal_loop (sigset_t sigset
);
125 GCRY_THREAD_OPTION_PTHREAD_IMPL
;
127 #ifndef HAVE_PTHREAD_CANCEL
128 #define INIT_THREAD_SIGNAL do { \
129 struct sigaction act; \
131 sigemptyset (&sigset); \
132 sigaddset (&sigset, SIGUSR2); \
133 pthread_sigmask (SIG_UNBLOCK, &sigset, NULL); \
134 memset (&act, 0, sizeof(act)); \
135 act.sa_flags = SA_SIGINFO; \
136 act.sa_mask = sigset; \
137 act.sa_sigaction = catch_thread_signal; \
138 sigaction (SIGUSR2, &act, NULL); \
142 catch_thread_signal (int sig
, siginfo_t
*info
, void *ctx
)
144 int *n
= (int *) pthread_getspecific (signal_thread_key
);
147 pthread_setspecific (signal_thread_key
, n
);
152 cache_push_from_rcfile ()
154 struct crypto_s
*crypto
= NULL
;
156 gpg_error_t rc
= init_client_crypto (&crypto
);
160 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
167 rc
= set_agent_option (crypto
->agent
, "pinentry-mode", "error");
170 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
176 cache_push
= config_get_list ("global", "cache_push");
181 for (p
= cache_push
; *p
; p
++)
183 (void) do_cache_push (*p
, crypto
);
184 cleanup_crypto_stage1 (crypto
);
187 strv_free (cache_push
);
191 (void) kill_scd (crypto
->agent
);
193 cleanup_crypto (&crypto
);
199 int n
= config_get_boolean ("global", "enable_logging");
203 char *p
= config_get_string ("global", "log_path");
205 if (!p
|| (logfile
&& p
&& log_fd
!= -1 && strcmp(p
, logfile
)))
216 logfile
= expand_homedir (p
);
229 log_syslog
= config_get_boolean ("global", "syslog");
231 openlog ("pwmd", LOG_NDELAY
| LOG_PID
, LOG_DAEMON
);
235 reload_rcfile_thread (void *arg
)
237 #ifndef HAVE_PTHREAD_CANCEL
238 int *n
= xmalloc (sizeof (int));
241 pthread_setspecific (signal_thread_key
, n
);
245 #ifdef HAVE_PR_SET_NAME
246 prctl (PR_SET_NAME
, "reload rcfile");
248 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
249 MUTEX_LOCK (&rcfile_mutex
);
250 pthread_cleanup_push (cleanup_mutex_cb
, &rcfile_mutex
);
254 struct allowed_users_s
259 struct slist_s
*allowed_users
= NULL
;
260 struct slist_s
*config
;
261 int b
= disable_list_and_dump
;
264 char **invoking_orig
= config_get_list_param (global_config
, "global",
265 "invoking_user", &exists
);
266 int require_save_key
= config_get_bool_param (global_config
, "global",
270 int tcp_require_key
= config_get_bool_param (global_config
, "global",
275 pthread_cond_wait (&rcfile_cond
, &rcfile_mutex
);
276 #ifndef HAVE_PTHREAD_CANCEL
277 int *cancel
= (int *) pthread_getspecific (signal_thread_key
);
282 /* Keep the "allowed" parameter across rcfile reloads to prevent
284 int n
, t
= slist_length (global_config
);
285 for (n
= 0; n
< t
; n
++)
287 struct config_section_s
*section
;
290 section
= slist_nth_data (global_config
, n
);
291 users
= config_get_list_param (global_config
, section
->name
,
295 struct allowed_users_s
*allowed
;
297 allowed
= xmalloc (sizeof(struct allowed_users_s
));
298 allowed
->section
= str_dup (section
->name
);
299 allowed
->users
= users
;
300 allowed_users
= slist_append (allowed_users
, allowed
);
304 log_write (_("reloading configuration file '%s'"), rcfile
);
306 config
= config_parse (rcfile
, 1);
309 config_free (global_config
);
310 global_config
= config
;
312 cache_push_from_rcfile ();
313 config_clear_keys ();
316 tmp
= strv_join (",", invoking_orig
);
317 strv_free (invoking_orig
);
318 config_set_list_param (&global_config
, "global", "invoking_user", tmp
);
321 disable_list_and_dump
= !disable_list_and_dump
? b
: 1;
322 config_set_bool_param (&global_config
, "global", "require_save_key",
323 require_save_key
? "true" : "false");
325 if (config_get_bool_param (global_config
, "global", "tcp_require_key",
329 config_set_bool_param (&global_config
, "global", "tcp_require_key",
330 tcp_require_key
? "true" : "false");
335 int n
, t
= slist_length (allowed_users
);
337 for (n
= 0; n
< t
; n
++)
339 struct allowed_users_s
*allowed
;
342 allowed
= slist_nth_data (allowed_users
, n
);
343 tmp
= strv_join (",", allowed
->users
);
344 config_set_list_param (&global_config
, allowed
->section
,
347 xfree (allowed
->section
);
348 strv_free (allowed
->users
);
352 slist_free (allowed_users
);
356 /* Kill existing listening threads since the configured listening
357 * protocols may have changed. */
363 pthread_cleanup_pop (1);
368 send_error (assuan_context_t ctx
, gpg_error_t e
)
370 struct client_s
*client
= assuan_get_pointer (ctx
);
372 if (gpg_err_source (e
) == GPG_ERR_SOURCE_UNKNOWN
)
379 return assuan_process_done (ctx
, 0);
383 log_write ("ERR %i: %s", e
, pwmd_strerror (e
));
387 if (client
&& client
->xml_error
)
389 log_write ("%s", client
->xml_error
->message
);
390 xfree (client
->last_error
);
391 client
->last_error
= NULL
;
392 if (client
->xml_error
->message
)
393 client
->last_error
= str_dup (client
->xml_error
->message
);
395 e
= assuan_process_done (ctx
,
396 assuan_set_error (ctx
, e
,
397 client
->xml_error
->message
? client
->xml_error
->message
: NULL
));
398 xmlResetLastError ();
399 xmlResetError (client
->xml_error
);
400 xfree (client
->xml_error
);
401 client
->xml_error
= NULL
;
405 return assuan_process_done (ctx
,
406 assuan_set_error (ctx
, e
, pwmd_strerror (e
)));
410 assuan_log_cb (assuan_context_t ctx
, void *data
, unsigned cat
,
413 static pthread_mutex_t m
= PTHREAD_MUTEX_INITIALIZER
;
417 pthread_mutex_lock (&m
);
418 pthread_cleanup_push ((void (*)(void *)) pthread_mutex_unlock
, &m
);
419 t
= strv_length (debug_level
);
421 for (i
= 0; i
< t
; i
++)
423 if (!strcasecmp (debug_level
[i
], (char *) "init")
424 && cat
== ASSUAN_LOG_INIT
)
430 if (!strcasecmp (debug_level
[i
], (char *) "ctx")
431 && cat
== ASSUAN_LOG_CTX
)
437 if (!strcasecmp (debug_level
[i
], (char *) "engine")
438 && cat
== ASSUAN_LOG_ENGINE
)
444 if (!strcasecmp (debug_level
[i
], (char *) "data")
445 && cat
== ASSUAN_LOG_DATA
)
451 if (!strcasecmp (debug_level
[i
], (char *) "sysio")
452 && cat
== ASSUAN_LOG_SYSIO
)
458 if (!strcasecmp (debug_level
[i
], (char *) "control")
459 && cat
== ASSUAN_LOG_CONTROL
)
473 open (logfile
, O_WRONLY
| O_CREAT
| O_APPEND
, 0600)) == -1)
474 warn ("%s", logfile
);
477 pthread_cleanup_push (cleanup_fd_cb
, &fd
);
478 write (fd
, msg
, strlen (msg
));
479 pthread_cleanup_pop (1);
485 fprintf (stderr
, "%s%s", data
? (char *) data
: "", msg
);
490 pthread_cleanup_pop (1);
495 log_write (const char *fmt
, ...)
501 pthread_t tid
= pthread_self ();
502 static pthread_mutex_t m
= PTHREAD_MUTEX_INITIALIZER
;
504 if ((!logfile
&& !isatty (STDERR_FILENO
) && !log_syslog
) || !fmt
)
507 pthread_mutex_lock (&m
);
508 pthread_cleanup_push ((void (*)(void *)) pthread_mutex_unlock
, &m
);
510 if (!cmdline
&& logfile
&& log_fd
== -1)
512 log_fd
= open (logfile
, O_WRONLY
| O_CREAT
| O_APPEND
, 0600);
514 warn ("%s", logfile
);
519 if (str_vasprintf (&args
, fmt
, ap
) != -1)
523 pthread_cleanup_push (xfree
, args
);
524 fprintf (stderr
, "pwmd: %s\n", args
);
526 pthread_cleanup_pop (1);
530 char *name
= pthread_getspecific (thread_name_key
);
533 pthread_cleanup_push (xfree
, args
);
534 snprintf (buf
, sizeof (buf
), "%s(%p): ", name
? name
: _("unknown"),
538 if (!cmdline
&& log_syslog
&& !nofork
)
539 syslog (LOG_INFO
, "%s%s", name
, args
);
542 struct tm
*tm
= localtime (&now
);
544 strftime (tbuf
, sizeof (tbuf
), "%b %d %Y %H:%M:%S ", tm
);
545 tbuf
[sizeof (tbuf
) - 1] = 0;
547 if (args
[strlen (args
) - 1] == '\n')
548 args
[strlen (args
) - 1] = 0;
550 line
= str_asprintf ("%s %i %s%s\n", tbuf
, getpid (), name
,
552 pthread_cleanup_pop (1);
555 pthread_cleanup_push (xfree
, line
);
556 if (logfile
&& log_fd
!= -1)
558 write (log_fd
, line
, strlen (line
));
564 fprintf (stdout
, "%s", line
);
568 pthread_cleanup_pop (1);
574 pthread_cleanup_pop (0);
576 if (log_fd
!= -1 && config_get_boolean (NULL
, "log_keepopen") <= 0)
582 pthread_mutex_unlock (&m
);
588 gcry_control (GCRYCTL_SET_THREAD_CBS
, &gcry_threads_pthread
);
590 if (!gcry_check_version (GCRYPT_VERSION
))
592 fprintf (stderr
, _("gcry_check_version(): Incompatible libgcrypt. "
593 "Wanted %s, got %s.\n"), GCRYPT_VERSION
,
594 gcry_check_version (NULL
));
595 return GPG_ERR_UNKNOWN_VERSION
;
598 gcry_set_allocation_handler (xmalloc
, xmalloc
, NULL
, xrealloc
, xfree
);
603 do_validate_peer (assuan_context_t ctx
, const char *section
,
604 assuan_peercred_t
* peer
)
609 struct client_s
*client
= assuan_get_pointer (ctx
);
612 return GPG_ERR_EACCES
;
615 if (client
->thd
->remote
)
616 return tls_validate_access (client
, section
);
619 rc
= assuan_get_peercred (ctx
, peer
);
623 users
= config_get_list (section
, "allowed");
626 for (char **p
= users
; *p
; p
++)
628 rc
= acl_check_common(client
, *p
, (*peer
)->uid
, (*peer
)->gid
,
635 return allowed
? 0 : rc
? rc
: GPG_ERR_EACCES
;
638 /* Test if uid is a member of group 'name'. Invert when 'not' is true. */
639 #ifdef HAVE_GETGRNAM_R
641 acl_check_group (const char *name
, uid_t uid
, gid_t gid
, int not, int *allowed
)
644 struct group gr
, *gresult
;
645 size_t len
= sysconf (_SC_GETGR_R_SIZE_MAX
);
652 return GPG_ERR_ENOMEM
;
654 if (!getgrnam_r (name
, &gr
, buf
, len
, &gresult
) && gresult
)
656 if (gresult
->gr_gid
== gid
)
663 len
= sysconf (_SC_GETPW_R_SIZE_MAX
);
667 for (char **t
= gresult
->gr_mem
; *t
; t
++)
671 struct passwd
*result
= get_pwd_struct (*t
, 0, &pw
, &tbuf
);
673 if (result
&& result
->pw_uid
== uid
)
688 return GPG_ERR_EACCES
;
692 acl_check_group (const char *name
, uid_t uid
, gid_t gid
, int not, int *allowed
)
694 struct group
*gresult
;
696 gresult
= getgrnam (name
);
697 if (gresult
&& gresult
->gr_gid
== gid
)
703 for (char **t
= gresult
->gr_mem
; *t
; t
++)
707 struct passwd
*result
= get_pwd_struct (*t
, 0, &pw
, &buf
);
709 if (result
&& result
->pw_uid
== uid
)
724 peer_is_invoker(struct client_s
*client
)
726 struct invoking_user_s
*user
;
729 if (client
->thd
->state
== CLIENT_STATE_UNKNOWN
)
730 return GPG_ERR_EACCES
;
732 for (user
= invoking_users
; user
; user
= user
->next
)
735 if (client
->thd
->remote
)
737 if (user
->type
== INVOKING_TLS
738 && !strcmp(client
->thd
->tls
->fp
, user
->id
))
739 allowed
= user
->not ? 0 : 1;
745 if (user
->type
== INVOKING_GID
)
747 gpg_error_t rc
= acl_check_group (user
->id
,
748 client
->thd
->peer
->uid
,
749 client
->thd
->peer
->gid
,
750 user
->not, &allowed
);
754 else if (user
->type
== INVOKING_UID
&& client
->thd
->peer
->uid
== user
->uid
)
755 allowed
= user
->not ? 0 : 1;
758 return allowed
? 0 : GPG_ERR_EACCES
;
761 #ifdef HAVE_GETGRNAM_R
763 acl_check_common (struct client_s
*client
, const char *user
, uid_t uid
,
764 gid_t gid
, int *allowed
)
773 if (*user
== '-' || *user
== '!')
776 if (*user
== '+') // not implemented yet
779 if (*user
== '#') // TLS fingerprint hash
782 if (not || rw
|| tls
)
788 if (client
->thd
->remote
)
790 if (!strcasecmp (client
->thd
->tls
->fp
, user
))
800 else if (client
->thd
->remote
) // Remote client with no TLS in the ACL
804 if (*user
== '@') // all users in group
805 return acl_check_group (user
+1, uid
, gid
, not, allowed
);
810 struct passwd
*pwd
= get_pwd_struct (user
, 0, &pw
, &buf
);
812 if (pwd
&& pwd
->pw_uid
== uid
)
822 acl_check_common (struct client_s
*client
, const char *user
, uid_t uid
,
823 gid_t gid
, int *allowed
)
832 if (*user
== '-' || *user
== '!')
835 if (*user
== '+') // not implemented yet
838 if (*user
== '#') // TLS fingerprint hash
841 if (not || rw
|| tls
)
847 if (client
->thd
->remote
)
849 if (!strcasecmp (client
->thd
->tls
->fp
, user
))
859 if (*user
== '@') // all users in group
860 return acl_check_group (user
+1, uid
, gid
, not, allowed
);
865 struct passwd
*result
= get_pwd_struct (user
, 0, &pw
, &buf
);
867 if (result
&& result
->pw_uid
== uid
)
878 validate_peer (struct client_s
*cl
)
884 return tls_validate_access (cl
, NULL
);
887 MUTEX_LOCK (&cn_mutex
);
888 rc
= do_validate_peer (cl
->ctx
, "global", &cl
->thd
->peer
);
889 MUTEX_UNLOCK (&cn_mutex
);
890 if (!rc
|| gpg_err_code (rc
) == GPG_ERR_EACCES
)
891 log_write ("peer %s: uid=%i, gid=%i, pid=%i",
892 !rc
? _("accepted") : _("rejected"), cl
->thd
->peer
->uid
,
893 cl
->thd
->peer
->gid
, cl
->thd
->peer
->pid
);
895 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
901 xml_error_cb (void *data
, xmlErrorPtr e
)
903 struct client_s
*client
= data
;
906 * Keep the first reported error as the one to show in the error
907 * description. Reset in send_error().
909 if (client
->xml_error
)
912 client
->xml_error
= xcalloc (1, sizeof(xmlError
));
913 xmlCopyError (e
, client
->xml_error
);
917 hook_waitpid (assuan_context_t ctx
, pid_t pid
, int action
,
918 int *status
, int options
)
920 return waitpid (pid
, status
, options
);
924 hook_read (assuan_context_t ctx
, assuan_fd_t fd
, void *data
, size_t len
)
927 struct client_s
*client
= assuan_get_pointer (ctx
);
929 if (client
->thd
->remote
)
930 return tls_read_hook (ctx
, (int) fd
, data
, len
);
933 return read ((int) fd
, data
, len
);
937 hook_write (assuan_context_t ctx
, assuan_fd_t fd
,
938 const void *data
, size_t len
)
941 struct client_s
*client
= assuan_get_pointer (ctx
);
943 if (client
->thd
->remote
)
944 return tls_write_hook (ctx
, (int) fd
, data
, len
);
947 return write ((int) fd
, data
, len
);
951 new_connection (struct client_s
*cl
)
954 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
955 static struct assuan_system_hooks shooks
= {
956 ASSUAN_SYSTEM_HOOKS_VERSION
,
964 NULL
, //sendmsg both are used for FD passing
975 char *prio
= config_get_string ("global", "tls_cipher_suite");
977 cl
->thd
->timeout
= config_get_integer ("global", "tls_timeout");
978 if (fcntl (cl
->thd
->fd
, F_SETFL
, O_NONBLOCK
) == -1)
981 cl
->thd
->tls
= tls_init (cl
->thd
->fd
, cl
->thd
->timeout
, prio
);
988 rc
= assuan_new_ext (&cl
->ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
989 debug_level
? assuan_log_cb
: NULL
, NULL
);
993 assuan_ctx_set_system_hooks (cl
->ctx
, &shooks
);
994 rc
= assuan_init_socket_server (cl
->ctx
, cl
->thd
->fd
, 2);
998 assuan_set_pointer (cl
->ctx
, cl
);
999 assuan_set_hello_line (cl
->ctx
, PACKAGE_STRING
);
1000 rc
= register_commands (cl
->ctx
);
1004 rc
= assuan_accept (cl
->ctx
);
1008 rc
= validate_peer (cl
);
1009 /* May not be implemented on all platforms. */
1010 if (rc
&& gpg_err_code (rc
) != GPG_ERR_ASS_GENERAL
)
1013 MUTEX_LOCK (&cn_mutex
);
1014 cl
->thd
->state
= CLIENT_STATE_INIT
;
1015 MUTEX_UNLOCK (&cn_mutex
);
1016 rc
= init_client_crypto (&cl
->crypto
);
1022 cl
->crypto
->agent
->client_ctx
= cl
->ctx
;
1025 cl
->crypto
->client_ctx
= cl
->ctx
;
1026 cl
->lock_timeout
= config_get_integer ("global", "lock_timeout");
1027 xmlSetStructuredErrorFunc (cl
, xml_error_cb
);
1031 log_write ("%s", pwmd_strerror (rc
));
1036 * This is called after a client_thread() terminates. Set with
1037 * pthread_cleanup_push().
1040 cleanup_cb (void *arg
)
1042 struct client_thread_s
*cn
= arg
;
1043 struct client_s
*cl
= cn
->cl
;
1045 MUTEX_LOCK (&cn_mutex
);
1046 cn_thread_list
= slist_remove (cn_thread_list
, cn
);
1047 MUTEX_UNLOCK (&cn_mutex
);
1051 cleanup_client (cl
);
1053 xmlResetError (cl
->xml_error
);
1055 xfree (cl
->xml_error
);
1060 gnutls_deinit (cn
->tls
->ses
);
1061 xfree (cn
->tls
->fp
);
1066 if (!cn
->atfork
&& cl
->ctx
)
1067 assuan_release (cl
->ctx
);
1068 else if (!cn
->atfork
&& cl
->thd
&& cl
->thd
->fd
!= -1)
1069 close (cl
->thd
->fd
);
1072 cleanup_crypto (&cl
->crypto
);
1074 pinentry_free_opts (&cl
->pinentry_opts
);
1083 while (cn
->msg_queue
)
1085 struct status_msg_s
*msg
= cn
->msg_queue
;
1087 cn
->msg_queue
= msg
->next
;
1092 if (!cn
->atfork
&& cn
->status_msg_pipe
[0] != -1)
1093 close (cn
->status_msg_pipe
[0]);
1095 if (!cn
->atfork
&& cn
->status_msg_pipe
[1] != -1)
1096 close (cn
->status_msg_pipe
[1]);
1098 pthread_mutex_destroy (&cn
->status_mutex
);
1102 log_write (_("exiting, fd=%i"), cn
->fd
);
1103 send_status_all (STATUS_CLIENTS
, NULL
);
1108 xfree (cn
->peeraddr
);
1111 pthread_cond_signal (&quit_cond
);
1115 cleanup_all_clients (int atfork
)
1117 /* This function may be called from pthread_atfork() which requires
1118 reinitialization. */
1121 pthread_mutexattr_t attr
;
1123 pthread_mutexattr_init (&attr
);
1124 pthread_mutexattr_settype (&attr
, PTHREAD_MUTEX_RECURSIVE
);
1125 pthread_mutex_init (&cn_mutex
, &attr
);
1126 pthread_mutexattr_destroy (&attr
);
1127 cache_mutex_init ();
1130 MUTEX_LOCK (&cn_mutex
);
1132 while (slist_length (cn_thread_list
))
1134 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, 0);
1136 thd
->atfork
= atfork
;
1141 MUTEX_UNLOCK (&cn_mutex
);
1142 cache_deinit (atfork
);
1146 send_msg_queue (struct client_thread_s
*thd
)
1148 MUTEX_LOCK (&thd
->status_mutex
);
1152 read (thd
->status_msg_pipe
[0], &c
, 1);
1153 thd
->wrote_status
= 0;
1155 while (thd
->msg_queue
)
1157 struct status_msg_s
*msg
= thd
->msg_queue
;
1159 thd
->msg_queue
= thd
->msg_queue
->next
;
1160 MUTEX_UNLOCK (&thd
->status_mutex
);
1161 rc
= send_status (thd
->cl
->ctx
, msg
->s
, msg
->line
);
1162 MUTEX_LOCK (&thd
->status_mutex
);
1170 MUTEX_UNLOCK (&thd
->status_mutex
);
1171 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1172 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
1178 client_thread (void *data
)
1180 struct client_thread_s
*thd
= data
;
1181 struct client_s
*cl
= xcalloc (1, sizeof (struct client_s
));
1183 #ifdef HAVE_PR_SET_NAME
1184 prctl (PR_SET_NAME
, "client");
1186 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1190 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
1191 pwmd_strerror (GPG_ERR_ENOMEM
));
1195 MUTEX_LOCK (&cn_mutex
);
1196 pthread_cleanup_push (cleanup_cb
, thd
);
1199 MUTEX_UNLOCK (&cn_mutex
);
1201 if (new_connection (cl
))
1206 send_status_all (STATUS_CLIENTS
, NULL
);
1207 rc
= send_status (cl
->ctx
, STATUS_CACHE
, NULL
);
1210 log_write ("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror (rc
));
1221 FD_SET (thd
->fd
, &rfds
);
1222 FD_SET (thd
->status_msg_pipe
[0], &rfds
);
1223 n
= thd
->fd
> thd
->status_msg_pipe
[0]
1224 ? thd
->fd
: thd
->status_msg_pipe
[0];
1226 n
= select (n
+ 1, &rfds
, NULL
, NULL
, NULL
);
1229 log_write ("%s", strerror (errno
));
1233 if (FD_ISSET (thd
->status_msg_pipe
[0], &rfds
))
1235 rc
= send_msg_queue (thd
);
1236 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1240 if (!FD_ISSET (thd
->fd
, &rfds
))
1243 rc
= assuan_process_next (cl
->ctx
, &eof
);
1246 if (gpg_err_code (rc
) == GPG_ERR_EOF
|| eof
)
1249 log_write ("assuan_process_next(): rc=%i %s", rc
,
1250 pwmd_strerror (rc
));
1251 if (rc
== gpg_error (GPG_ERR_ETIMEDOUT
))
1254 rc
= send_error (cl
->ctx
, rc
);
1257 log_write ("assuan_process_done(): rc=%i %s", rc
,
1258 pwmd_strerror (rc
));
1263 /* Since the msg queue pipe fd's are non-blocking, check for
1264 * pending status msgs here. GPG_ERR_EPIPE can be seen when the
1265 * client has already disconnected and will be converted to
1266 * GPG_ERR_EOF during assuan_process_next().
1268 rc
= send_msg_queue (thd
);
1269 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1274 /* Don't do pthread_exit() here because any set pthread_cleanup_push
1275 * functions would be called after a command failed but then the client
1276 * exited normally which may lead to a double free. */
1277 pthread_cleanup_pop (1);
1282 xml_import (const char *filename
, const char *outfile
,
1283 const char *keygrip
, const char *sign_keygrip
,
1284 const char *keyfile
, int no_passphrase
, const char *cipher
,
1285 const char *params
, uint64_t iterations
)
1294 struct crypto_s
*crypto
= NULL
;
1297 int algo
= cipher
? cipher_string_to_gcrypt ((char *) cipher
) :
1302 log_write ("ERR %i: %s", gpg_error (GPG_ERR_CIPHER_ALGO
),
1303 pwmd_strerror (GPG_ERR_CIPHER_ALGO
));
1307 if (stat (filename
, &st
) == -1)
1309 log_write ("%s: %s", filename
,
1310 pwmd_strerror (gpg_error_from_errno (errno
)));
1314 rc
= init_client_crypto (&crypto
);
1318 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
1319 crypto
->save
.hdr
.flags
= set_cipher_flag (crypto
->save
.hdr
.flags
, algo
);
1320 log_write (_("Importing XML from '%s'. Output will be written to '%s' ..."),
1323 if ((fd
= open (filename
, O_RDONLY
)) == -1)
1325 log_write ("%s: %s", filename
,
1326 pwmd_strerror (gpg_error_from_errno (errno
)));
1330 if ((xmlbuf
= xmalloc (st
.st_size
+ 1)) == NULL
)
1333 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
1334 pwmd_strerror (GPG_ERR_ENOMEM
));
1338 if (read (fd
, xmlbuf
, st
.st_size
) == -1)
1340 rc
= gpg_error_from_errno (errno
);
1342 log_write ("%s: %s", filename
, pwmd_strerror (rc
));
1347 xmlbuf
[st
.st_size
] = 0;
1349 * Make sure the document validates.
1351 if ((doc
= xmlReadDoc (xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
)) == NULL
)
1353 log_write ("xmlReadDoc() failed");
1359 xmlNodePtr n
= xmlDocGetRootElement (doc
);
1360 if (n
&& !xmlStrEqual (n
->name
, (xmlChar
*) "pwmd"))
1362 log_write (_("Could not find root \"pwmd\" element."));
1363 rc
= GPG_ERR_BAD_DATA
;
1367 rc
= validate_import (NULL
, n
? n
->children
: n
);
1371 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1376 xmlDocDumpMemory (doc
, &xml
, &len
);
1378 crypto
->save
.s2k_count
= iterations
;
1379 crypto
->save
.hdr
.s2k_count
= iterations
;
1382 rc
= export_common (NULL
, 0, crypto
, xml
, len
, outfile
, keyfile
, &key
,
1383 &keylen
, 0, 0, no_passphrase
);
1385 log_write (_("Success!"));
1390 rc
= agent_set_pinentry_options (crypto
->agent
);
1392 rc
= agent_export_common (crypto
, keygrip
, sign_keygrip
, no_passphrase
,
1393 xml
, len
, outfile
, params
, keyfile
);
1401 send_error (NULL
, rc
);
1405 cleanup_crypto (&crypto
);
1409 cleanup_crypto (&crypto
);
1414 do_cache_push (const char *filename
, struct crypto_s
*crypto
)
1416 unsigned char md5file
[16];
1421 struct cache_data_s
*cdata
;
1425 log_write (_("Trying to add datafile '%s' to the file cache ..."),
1428 if (valid_filename (filename
) == 0)
1430 log_write (_("%s: Invalid characters in filename"), filename
);
1434 rc
= decrypt_common (NULL
, 0, crypto
, filename
, &key
, &keylen
, NULL
, NULL
);
1438 rc
= parse_doc ((char *) crypto
->plaintext
, crypto
->plaintext_len
, &doc
);
1441 log_write ("%s", pwmd_strerror (rc
));
1446 gcry_md_hash_buffer (GCRY_MD_MD5
, md5file
, filename
, strlen (filename
));
1447 cdata
= xcalloc (1, sizeof (struct cache_data_s
));
1451 log_write ("%s", pwmd_strerror (GPG_ERR_ENOMEM
));
1456 rc
= get_checksum (filename
, &crc
, &len
);
1459 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1461 free_cache_data_once (cdata
);
1467 rc
= encrypt_xml (NULL
, cache_key
, cache_keysize
, GCRY_CIPHER_AES
,
1468 crypto
->plaintext
, crypto
->plaintext_len
, &cdata
->doc
,
1469 &cdata
->doclen
, &cache_iv
, &cache_blocksize
);
1470 if (!rc
&& !IS_PKI (crypto
))
1473 cdata
->keylen
= keylen
;
1480 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1482 free_cache_data_once (cdata
);
1487 if (use_agent
&& IS_PKI (crypto
))
1489 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->pubkey
, NULL
, "%S",
1491 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->sigkey
, NULL
, "%S",
1492 crypto
->sigpkey_sexp
);
1496 int timeout
= config_get_integer (filename
, "cache_timeout");
1497 cache_add_file (md5file
, crypto
->grip
, cdata
, timeout
);
1498 log_write (_("Successfully added '%s' to the cache."), filename
);
1503 init_client (int fd
, const char *addr
)
1506 struct client_thread_s
*new = xcalloc (1, sizeof (struct client_thread_s
));
1511 return GPG_ERR_ENOMEM
;
1514 MUTEX_LOCK (&cn_mutex
);
1515 pthread_cleanup_push (cleanup_mutex_cb
, &cn_mutex
);
1517 if (pipe (new->status_msg_pipe
) == -1)
1518 rc
= gpg_error_from_errno (errno
);
1522 if (fcntl (new->status_msg_pipe
[0], F_SETFL
, O_NONBLOCK
) == -1)
1523 rc
= gpg_error_from_errno (errno
);
1526 if (fcntl (new->status_msg_pipe
[1], F_SETFL
, O_NONBLOCK
) == -1)
1527 rc
= gpg_error_from_errno (errno
);
1529 pthread_mutex_init (&new->status_mutex
, NULL
);
1535 new->remote
= addr
? 1 : 0;
1538 rc
= create_thread (client_thread
, new, &new->tid
, 1);
1541 close (new->status_msg_pipe
[0]);
1542 close (new->status_msg_pipe
[1]);
1543 pthread_mutex_destroy (&new->status_mutex
);
1549 struct slist_s
*list
= slist_append (cn_thread_list
, new);
1553 cn_thread_list
= list
;
1556 log_write (_("new connection: tid=%p, fd=%i, addr=%s"),
1557 (pthread_t
*) new->tid
, fd
, addr
);
1559 new->peeraddr
= str_dup (addr
);
1563 log_write (_("new connection: tid=%p, fd=%i"),
1564 (pthread_t
*) new->tid
, fd
);
1567 rc
= GPG_ERR_ENOMEM
;
1570 pthread_cleanup_pop (1);
1576 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1577 pwmd_strerror (rc
));
1583 keepalive_thread (void *arg
)
1585 #ifndef HAVE_PTHREAD_CANCEL
1586 int *n
= xmalloc (sizeof (int));
1589 pthread_setspecific (signal_thread_key
, n
);
1593 #ifdef HAVE_PR_SET_NAME
1594 prctl (PR_SET_NAME
, "keepalive");
1596 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1600 int n
= config_get_integer ("global", "keepalive_interval");
1601 struct timeval tv
= { n
, 0 };
1602 #ifndef HAVE_PTHREAD_CANCEL
1605 sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1610 send_status_all (STATUS_KEEPALIVE
, NULL
);
1611 select (0, NULL
, NULL
, NULL
, &tv
);
1618 /* From Beej's Guide to Network Programming. It's a good tutorial. */
1620 get_in_addr (struct sockaddr
*sa
)
1622 if (sa
->sa_family
== AF_INET
)
1623 return &(((struct sockaddr_in
*) sa
)->sin_addr
);
1625 return &(((struct sockaddr_in6
*) sa
)->sin6_addr
);
1629 tcp_accept_thread (void *arg
)
1631 int sockfd
= *(int *) arg
;
1632 #ifndef HAVE_PTHREAD_CANCEL
1633 int *n
= xmalloc (sizeof (int));
1636 pthread_setspecific (signal_thread_key
, n
);
1638 fcntl (sockfd
, F_SETFL
, O_NONBLOCK
);
1641 #ifdef HAVE_PR_SET_NAME
1642 prctl (PR_SET_NAME
, "tcp_accept");
1644 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1648 struct sockaddr_storage raddr
;
1649 socklen_t slen
= sizeof (raddr
);
1652 char s
[INET6_ADDRSTRLEN
];
1653 struct timeval tv
= { 0, ACCEPT_TIMEOUT
};
1654 #ifndef HAVE_PTHREAD_CANCEL
1657 sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1662 fd
= accept (sockfd
, (struct sockaddr
*) &raddr
, &slen
);
1665 if (errno
== EMFILE
|| errno
== ENFILE
)
1666 log_write ("accept(): %s",
1667 pwmd_strerror (gpg_error_from_errno (errno
)));
1668 else if (errno
!= EAGAIN
)
1670 if (!quit
) // probably EBADF
1671 log_write ("accept(): %s", strerror (errno
));
1676 #ifndef HAVE_PTHREAD_CANCEL
1677 select (0, NULL
, NULL
, NULL
, &tv
);
1688 inet_ntop (raddr
.ss_family
, get_in_addr ((struct sockaddr
*) &raddr
),
1690 (void) init_client (fd
, s
);
1691 n
= config_get_integer ("global", "tcp_wait");
1694 tv
.tv_sec
= (n
* 100000) / 100000;
1695 tv
.tv_usec
= (n
* 100000) % 100000;
1696 select (0, NULL
, NULL
, NULL
, &tv
);
1704 start_stop_tls_with_protocol (int ipv6
, int term
)
1706 struct addrinfo hints
, *servinfo
, *p
;
1707 int port
= config_get_integer ("global", "tcp_port");
1711 int *fd
= ipv6
? &tls6_fd
: &tls_fd
;
1713 if (term
|| config_get_boolean ("global", "enable_tcp") == 0)
1719 #ifdef HAVE_PTHREAD_CANCEL
1720 pthread_cancel (tls6_tid
);
1722 pthread_kill (tls6_tid
, SIGUSR2
);
1724 pthread_join (tls6_tid
, NULL
);
1727 shutdown (tls6_fd
, SHUT_RDWR
);
1737 #ifdef HAVE_PTHREAD_CANCEL
1738 pthread_cancel (tls_tid
);
1740 pthread_kill (tls_tid
, SIGUSR2
);
1742 pthread_join (tls_tid
, NULL
);
1745 shutdown (tls_fd
, SHUT_RDWR
);
1751 /* A client may still be connected. */
1752 if (!quit
&& x509_cred
!= NULL
)
1753 tls_deinit_params ();
1758 if ((ipv6
&& tls6_fd
!= -1) || (!ipv6
&& tls_fd
!= -1))
1761 memset (&hints
, 0, sizeof (hints
));
1762 hints
.ai_family
= ipv6
? AF_INET6
: AF_INET
;
1763 hints
.ai_socktype
= SOCK_STREAM
;
1764 hints
.ai_flags
= AI_PASSIVE
;
1765 snprintf (buf
, sizeof (buf
), "%i", port
);
1767 if ((n
= getaddrinfo (NULL
, buf
, &hints
, &servinfo
)) == -1)
1769 log_write ("getaddrinfo(): %s", gai_strerror (n
));
1773 for (n
= 0, p
= servinfo
; p
!= NULL
; p
= p
->ai_next
)
1777 if ((ipv6
&& p
->ai_family
!= AF_INET6
)
1778 || (!ipv6
&& p
->ai_family
!= AF_INET
))
1781 if ((*fd
= socket (p
->ai_family
, p
->ai_socktype
, p
->ai_protocol
)) == -1)
1783 log_write ("socket(): %s", strerror (errno
));
1787 if (setsockopt (*fd
, SOL_SOCKET
, SO_REUSEADDR
, &r
, sizeof (int)) == -1)
1789 log_write ("setsockopt(): %s",
1790 pwmd_strerror (gpg_error_from_errno (errno
)));
1791 freeaddrinfo (servinfo
);
1795 if (bind (*fd
, p
->ai_addr
, p
->ai_addrlen
) == -1)
1798 log_write ("bind(): %s",
1799 pwmd_strerror (gpg_error_from_errno (errno
)));
1807 freeaddrinfo (servinfo
);
1812 #if HAVE_DECL_SO_BINDTODEVICE != 0
1813 char *tmp
= config_get_string ("global", "tcp_interface");
1814 if (tmp
&& setsockopt (*fd
, SOL_SOCKET
, SO_BINDTODEVICE
, tmp
,
1815 strlen (tmp
)) == -1)
1817 log_write ("setsockopt(): %s",
1818 pwmd_strerror (gpg_error_from_errno (errno
)));
1826 if (x509_cred
== NULL
)
1828 char *tmp
= config_get_string ("global", "tls_dh_level");
1830 rc
= tls_init_params (tmp
);
1836 if (listen (*fd
, 0) == -1)
1838 log_write ("listen(): %s", strerror (errno
));
1843 rc
= create_thread (tcp_accept_thread
, fd
, &tls6_tid
, 0);
1845 rc
= create_thread (tcp_accept_thread
, fd
, &tls_tid
, 0);
1849 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1850 pwmd_strerror (rc
));
1862 start_stop_tls_with_protocol (0, 1);
1875 start_stop_tls (int term
)
1877 char *s
= config_get_string ("global", "tcp_bind");
1883 if (!strcmp (s
, "any"))
1885 b
= start_stop_tls_with_protocol (0, term
);
1887 b
= start_stop_tls_with_protocol (1, term
);
1889 else if (!strcmp (s
, "ipv4"))
1890 b
= start_stop_tls_with_protocol (0, term
);
1891 else if (!strcmp (s
, "ipv6"))
1892 b
= start_stop_tls_with_protocol (1, term
);
1902 accept_thread (void *arg
)
1904 int sockfd
= *(int *) arg
;
1905 #ifndef HAVE_PTHREAD_CANCEL
1906 int *n
= xmalloc (sizeof (int));
1909 pthread_setspecific (signal_thread_key
, n
);
1911 fcntl (sockfd
, F_SETFL
, O_NONBLOCK
);
1914 #ifdef HAVE_PR_SET_NAME
1915 prctl (PR_SET_NAME
, "accept");
1917 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1921 socklen_t slen
= sizeof (struct sockaddr_un
);
1922 struct sockaddr_un raddr
;
1924 #ifndef HAVE_PTHREAD_CANCEL
1925 struct timeval tv
= { 0, ACCEPT_TIMEOUT
};
1926 int *sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1932 fd
= accept (sockfd
, (struct sockaddr
*) &raddr
, &slen
);
1935 if (errno
== EMFILE
|| errno
== ENFILE
)
1936 log_write ("accept(): %s",
1937 pwmd_strerror (gpg_error_from_errno (errno
)));
1938 else if (errno
!= EAGAIN
)
1940 if (!quit
) // probably EBADF
1941 log_write ("accept(): %s",
1942 pwmd_strerror (gpg_error_from_errno (errno
)));
1947 #ifndef HAVE_PTHREAD_CANCEL
1948 select (0, NULL
, NULL
, NULL
, &tv
);
1953 (void) init_client (fd
, NULL
);
1956 /* Just in case accept() failed for some reason other than EBADF */
1962 cache_timer_thread (void *arg
)
1964 #ifndef HAVE_PTHREAD_CANCEL
1965 int *n
= xmalloc (sizeof (int));
1968 pthread_setspecific (signal_thread_key
, n
);
1972 #ifdef HAVE_PR_SET_NAME
1973 prctl (PR_SET_NAME
, "cache timer");
1975 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1979 struct timeval tv
= { 1, 0 };
1980 #ifndef HAVE_PTHREAD_CANCEL
1983 n
= (int *) pthread_getspecific (signal_thread_key
);
1988 select (0, NULL
, NULL
, NULL
, &tv
);
1989 cache_adjust_timeout ();
1996 signal_loop (sigset_t sigset
)
2005 sigwait (&sigset
, &sig
);
2008 log_write (_("caught signal %i (%s)"), sig
, strsignal (sig
));
2013 pthread_cond_signal (&rcfile_cond
);
2016 log_write (_("clearing file cache"));
2018 send_status_all (STATUS_CACHE
, NULL
);
2037 log_write (_ ("Caught signal %i (%s). Exiting."), sig
, strsignal (sig
));
2038 #ifdef HAVE_BACKTRACE
2039 BACKTRACE (__FUNCTION__
);
2045 waiting_for_exit (void *arg
)
2048 #ifndef HAVE_PTHREAD_CANCEL
2049 int *n
= xmalloc (sizeof (int));
2052 pthread_setspecific (signal_thread_key
, n
);
2056 #ifdef HAVE_PR_SET_NAME
2057 prctl (PR_SET_NAME
, "exiting");
2059 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
2060 log_write (_("waiting for all clients to disconnect"));
2061 MUTEX_LOCK (&quit_mutex
);
2062 pthread_cleanup_push (cleanup_mutex_cb
, &quit_mutex
);
2069 MUTEX_LOCK (&cn_mutex
);
2070 n
= slist_length (cn_thread_list
);
2071 MUTEX_UNLOCK (&cn_mutex
);
2075 #ifndef HAVE_PTHREAD_CANCEL
2076 int *s
= (int *) pthread_getspecific (signal_thread_key
);
2083 log_write (_("%i clients remain"), n
);
2087 INIT_TIMESPEC (SIG_TIMEOUT
, ts
);
2088 pthread_cond_timedwait (&quit_cond
, &quit_mutex
, &ts
);
2091 kill (getpid (), SIGQUIT
);
2092 pthread_cleanup_pop (1);
2097 server_loop (int sockfd
, char **socketpath
)
2099 pthread_t accept_tid
;
2100 pthread_t cache_timeout_tid
;
2101 int cancel_timeout_thread
= 0, cancel_accept_thread
= 0;
2102 int cancel_keepalive_thread
= 0;
2109 sigemptyset (&sigset
);
2112 sigaddset (&sigset
, SIGTERM
);
2113 sigaddset (&sigset
, SIGINT
);
2115 /* Clears the file cache. */
2116 sigaddset (&sigset
, SIGUSR1
);
2118 /* Configuration file reloading. */
2119 sigaddset (&sigset
, SIGHUP
);
2121 /* For exiting cleanly. */
2122 sigaddset (&sigset
, SIGQUIT
);
2124 #ifndef HAVE_PTHREAD_CANCEL
2126 The socket, cache and rcfile threads use this signal when
2127 pthread_cancel() is unavailable. Prevent the main thread from
2128 catching this signal from another process.
2130 sigaddset (&sigset
, SIGUSR2
);
2133 /* When mem.c cannot find a pointer in the list (double free). */
2134 signal (SIGABRT
, catchsig
);
2135 sigaddset (&sigset
, SIGABRT
);
2136 sigprocmask (SIG_BLOCK
, &sigset
, NULL
);
2138 #ifndef HAVE_PTHREAD_CANCEL
2139 /* Remove this signal from the watched signals in signal_loop(). */
2140 sigdelset (&sigset
, SIGUSR2
);
2143 /* Ignored everywhere. When a client disconnects abnormally this signal
2144 * gets raised. It isn't needed though because client_thread() will check
2145 * for rcs even after the client disconnects. */
2146 signal (SIGPIPE
, SIG_IGN
);
2148 /* Can show a backtrace of the stack in the log. */
2149 signal (SIGSEGV
, catchsig
);
2152 /* Needs to be done after the fork(). */
2153 if (!start_stop_tls (0))
2160 pthread_mutex_init (&quit_mutex
, NULL
);
2161 pthread_cond_init (&quit_cond
, NULL
);
2162 char *p
= get_username (getuid());
2163 log_write (_("%s started for user %s"), PACKAGE_STRING
, p
);
2167 if (config_get_boolean ("global", "enable_tcp"))
2168 log_write (_("Listening on %s and TCP port %i"), *socketpath
,
2169 config_get_integer ("global", "tcp_port"));
2171 log_write (_("Listening on %s"), *socketpath
);
2173 log_write (_("Listening on %s"), *socketpath
);
2176 rc
= create_thread (keepalive_thread
, NULL
, &keepalive_tid
, 0);
2179 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2180 pwmd_strerror (rc
));
2184 cancel_keepalive_thread
= 1;
2185 rc
= create_thread (reload_rcfile_thread
, NULL
, &rcfile_tid
, 0);
2188 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2189 pwmd_strerror (rc
));
2193 rc
= create_thread (cache_timer_thread
, NULL
, &cache_timeout_tid
, 0);
2196 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2197 pwmd_strerror (rc
));
2201 cancel_timeout_thread
= 1;
2202 rc
= create_thread (accept_thread
, &sockfd
, &accept_tid
, 0);
2205 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2206 pwmd_strerror (rc
));
2210 cancel_accept_thread
= 1;
2212 signal_loop (sigset
);
2218 * We're out of the main server loop. This happens when a signal was sent
2219 * to terminate the daemon. We'll wait for all clients to disconnect
2220 * before exiting but exit immediately if another termination signal is
2223 if (cancel_accept_thread
)
2225 #ifdef HAVE_PTHREAD_CANCEL
2226 int n
= pthread_cancel (accept_tid
);
2228 int n
= pthread_kill (accept_tid
, SIGUSR2
);
2231 pthread_join (accept_tid
, NULL
);
2237 shutdown (sockfd
, SHUT_RDWR
);
2239 unlink (*socketpath
);
2240 xfree (*socketpath
);
2242 MUTEX_LOCK (&cn_mutex
);
2243 n
= slist_length (cn_thread_list
);
2244 MUTEX_UNLOCK (&cn_mutex
);
2250 rc
= create_thread (waiting_for_exit
, NULL
, &tid
, 0);
2253 if (signal_loop (sigset
))
2255 log_write (_("Received second termination request. Exiting."));
2256 #ifdef HAVE_PTHREAD_CANCEL
2257 pthread_cancel (tid
);
2259 pthread_kill (tid
, SIGUSR2
);
2261 pthread_join (tid
, NULL
);
2265 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2266 pwmd_strerror (rc
));
2269 if (cancel_timeout_thread
)
2271 #ifdef HAVE_PTHREAD_CANCEL
2272 pthread_cancel (cache_timeout_tid
);
2274 pthread_kill (cache_timeout_tid
, SIGUSR2
);
2276 pthread_join (cache_timeout_tid
, NULL
);
2279 if (cancel_keepalive_thread
)
2281 #ifdef HAVE_PTHREAD_CANCEL
2282 pthread_cancel (keepalive_tid
);
2284 pthread_kill (keepalive_tid
, SIGUSR2
);
2286 pthread_join (keepalive_tid
, NULL
);
2289 cleanup_all_clients (0);
2294 pthread_cond_destroy (&quit_cond
);
2295 pthread_mutex_destroy (&quit_mutex
);
2296 return segv
? EXIT_FAILURE
: EXIT_SUCCESS
;;
2303 ("Failed to add a file to the cache. Use --ignore to force startup. Exiting."));
2307 /* This is called from cache.c:clear_once(). See
2308 * command.c:clearcache_command() for details about lock checking.
2311 free_cache_data (file_cache_t
* cache
)
2313 gpg_error_t rc
= GPG_ERR_NO_DATA
;
2315 struct client_thread_s
*found
= NULL
;
2322 MUTEX_LOCK (&cn_mutex
);
2323 pthread_cleanup_push (cleanup_mutex_cb
, &cn_mutex
);
2324 t
= slist_length (cn_thread_list
);
2326 for (i
= 0; i
< t
; i
++)
2328 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, i
);
2333 if (!memcmp (thd
->cl
->md5file
, cache
->filename
,
2334 sizeof (cache
->filename
)))
2336 if (pthread_equal (pthread_self (), thd
->tid
))
2343 /* Continue trying to find a client who has the same file open and
2344 * also has a lock. */
2345 rc
= cache_lock_mutex (thd
->cl
->ctx
, thd
->cl
->md5file
, -1, 0, -1);
2355 if (self
&& (!rc
|| rc
== GPG_ERR_NO_DATA
))
2356 rc
= cache_lock_mutex (found
->cl
->ctx
, found
->cl
->md5file
, -1, 0, -1);
2358 if (exiting
|| !rc
|| rc
== GPG_ERR_NO_DATA
)
2360 free_cache_data_once (cache
->data
);
2362 cache
->defer_clear
= 0;
2363 cache
->timeout
= -1;
2366 cache_unlock_mutex (found
->cl
->md5file
, 0);
2372 cache
->defer_clear
= 1;
2374 pthread_cleanup_pop (1);
2380 convert_v2_datafile (const char *filename
, const char *cipher
,
2381 const char *keyfile
, const char *keygrip
,
2382 const char *sign_keygrip
, int nopass
,
2383 const char *outfile
, const char *keyparam
,
2384 uint64_t iterations
)
2389 struct crypto_s
*crypto
= NULL
;
2395 if (outfile
[0] == '-' && outfile
[1] == 0)
2398 log_write (_("Converting version 2 data file \"%s\" ..."), filename
);
2399 if (access (filename
, R_OK
) == -1)
2401 log_write ("%s: %s", filename
,
2402 pwmd_strerror (gpg_error_from_errno (errno
)));
2408 log_write (_("Using passphrase file \"%s\" for decryption ..."),
2410 if (access (keyfile
, R_OK
) == -1)
2412 log_write ("%s: %s", keyfile
,
2413 pwmd_strerror (gpg_error_from_errno (errno
)));
2418 rc
= read_v2_datafile (filename
, keyfile
, &data
, &datalen
, &ver
, &algo
);
2421 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
2427 algo
= cipher_string_to_gcrypt (cipher
);
2430 rc
= GPG_ERR_CIPHER_ALGO
;
2439 rc
= parse_doc (data
, datalen
, &doc
);
2443 rc
= convert_pre_212_elements (doc
);
2448 xmlDocDumpFormatMemory (doc
, (xmlChar
**) & data
, (int *) &datalen
,
2451 rc
= GPG_ERR_ENOMEM
;
2459 rc
= init_client_crypto (&crypto
);
2462 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
2463 crypto
->save
.hdr
.flags
= set_cipher_flag (crypto
->save
.hdr
.flags
, algo
);
2464 crypto
->save
.hdr
.s2k_count
= iterations
;
2468 rc
= export_common (NULL
, 0, crypto
, data
, datalen
, outfile
, keyfile
,
2469 &key
, &keylen
, 0, 0, nopass
);
2474 rc
= agent_set_pinentry_options (crypto
->agent
);
2476 rc
= agent_export_common (crypto
, keygrip
, sign_keygrip
, nopass
,
2477 data
, datalen
, outfile
, keyparam
,
2478 no_passphrase_file
? NULL
: keyfile
);
2482 log_write (_("Output written to \"%s\"."),
2483 outfile
? outfile
: "<stdout>");
2493 cleanup_crypto (&crypto
);
2496 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
2501 usage (const char *pn
, int status
)
2503 FILE *fp
= status
== EXIT_FAILURE
? stderr
: stdout
;
2505 fprintf (fp
, _("Usage: %s [OPTIONS] [file1] [...]\n"
2506 " -f, --rcfile=filename load the specfied configuration file\n"
2507 " (~/.pwmd/config)\n"
2508 " --homedir alternate pwmd home directory (~/.pwmd)\n"
2509 " --kill terminate an existing instance of pwmd\n"
2511 " --use-agent[=integer] enable/disable use of gpg-agent\n"
2513 " -n, --no-fork run as a foreground process\n"
2514 " -D, --disable-dump disable the LIST, XPATH and DUMP commands\n"
2515 " --ignore, --force ignore file errors during startup\n"
2516 " --debug-level=keywords log protocol output (see manual for details)\n"
2517 " -o, --outfile=filename output file when importing or converting\n"
2518 " -C, --convert=filename convert a version 2 data file to version 3\n"
2519 " -I, --import=filename import a pwmd DTD formatted XML file)\n"
2520 " -k, --passphrase-file=file for use when importing or converting\n"
2521 " --no-passphrase-file prompt instead of using --passphrase-file when\n"
2523 " --no-passphrase when importing or converting\n"
2524 " --keygrip=hex public key to use when encrypting\n"
2525 " --sign-keygrip=hex private key to use when signing\n"
2526 " --keyparam=s-exp custom key parameters to use (RSA-2048)\n"
2527 " --cipher=string encryption cipher (aes256)\n"
2528 " --cipher-iterations=N cipher iteration count (alias for --s2k-count)\n"
2529 " --s2k-count=N hash iteration count (>65536, calibrated)\n"
2530 " --help this help text\n"
2531 " --version show version and compile time features\n"),
2537 unlink_stale_socket (const char *sock
, const char *pidfile
)
2539 log_write (_ ("removing stale socket %s"), sock
);
2545 test_pidfile (const char *path
, const char *sock
, char *buf
, size_t buflen
,
2546 char **pidfile
, int create
, mode_t mode
, int terminate
)
2554 snprintf (buf
, buflen
, "%s/%s.pid", homedir
, sock
);
2555 *pidfile
= str_dup (buf
);
2556 fd
= open (buf
, O_RDONLY
);
2559 fd
= open (*pidfile
, O_CREAT
|O_WRONLY
|O_TRUNC
, mode
);
2563 if (!create
&& errno
!= ENOENT
)
2565 log_write ("%s: %s", buf
, pwmd_strerror (errno
));
2570 else if (!create
&& !terminate
)
2573 log_write ("%s: %s", *pidfile
, strerror (errno
));
2579 snprintf (buf
, buflen
, "%i", getpid ());
2580 write (fd
, buf
, strlen (buf
));
2585 len
= read (fd
, buf
, buflen
);
2589 unlink_stale_socket (path
, *pidfile
);
2593 if (sscanf (buf
, "%5i", &pid
) != 1 || pid
== 0)
2597 unlink_stale_socket (path
, *pidfile
);
2602 if (kill (pid
, 0) == -1)
2604 unlink_stale_socket (path
, *pidfile
);
2610 if (kill (pid
, SIGTERM
) == -1)
2611 log_write ("%s: %s", path
, pwmd_strerror (errno
));
2614 log_write (_ ("an instance for socket %s is already running"), path
);
2622 main (int argc
, char *argv
[])
2625 struct sockaddr_un addr
;
2627 char *socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
2628 char *socketarg
= NULL
;
2629 char *datadir
= NULL
;
2630 char *pidfile
= NULL
;
2634 char **cache_push
= NULL
;
2635 char *import
= NULL
, *keygrip
= NULL
, *sign_keygrip
= NULL
;
2636 char *keyparam
= NULL
;
2637 int estatus
= EXIT_FAILURE
;
2639 char *outfile
= NULL
;
2642 int show_version
= 0;
2644 int no_passphrase
= 0;
2646 char *convertfile
= NULL
;
2647 char *cipher
= NULL
;
2648 char *keyfile
= NULL
;
2649 uint64_t s2k_count
= 0;
2651 char *debug_level_opt
= NULL
;
2654 /* Must maintain the same order as longopts[] */
2657 OPT_VERSION
, OPT_HELP
,
2661 OPT_DEBUG_LEVEL
, OPT_HOMEDIR
, OPT_NO_FORK
, OPT_DISABLE_DUMP
,
2662 OPT_IGNORE
, OPT_FORCE
, OPT_RCFILE
, OPT_CONVERT
,
2663 OPT_PASSPHRASE_FILE
, OPT_IMPORT
, OPT_OUTFILE
,
2664 OPT_NO_PASSPHRASE_FILE
, OPT_KEYGRIP
, OPT_SIGN_KEYGRIP
,
2665 OPT_KEYPARAM
, OPT_CIPHER
, OPT_ITERATIONS
, OPT_S2K_COUNT
,
2666 OPT_NO_PASSPHRASE
, OPT_KILL
2668 const char *optstring
= "nf:C:k:I:o:";
2669 const struct option longopts
[] = {
2670 {"version", no_argument
, 0, 0},
2671 {"help", no_argument
, 0, 0},
2673 {"use-agent", optional_argument
, 0, 0},
2675 {"debug-level", required_argument
, 0, 0},
2676 {"homedir", required_argument
, 0, 0},
2677 {"no-fork", no_argument
, 0, 'n'},
2678 {"disable_dump", no_argument
, 0, 0},
2679 {"ignore", no_argument
, 0, 0},
2680 {"force", no_argument
, 0, 0},
2681 {"rcfile", required_argument
, 0, 'f'},
2682 {"convert", required_argument
, 0, 'C'},
2683 {"passphrase-file", required_argument
, 0, 'k'},
2684 {"import", required_argument
, 0, 'I'},
2685 {"outfile", required_argument
, 0, 'o'},
2686 {"no-passphrase-file", no_argument
, 0, 0},
2687 {"keygrip", required_argument
, 0, 0},
2688 {"sign-keygrip", required_argument
, 0, 0},
2689 {"keyparam", required_argument
, 0, 0},
2690 {"cipher", required_argument
, 0, 0},
2691 {"cipher-iterations", required_argument
, 0, 0},
2692 {"s2k-count", required_argument
, 0, 0},
2693 {"no-passphrase", no_argument
, 0, 0},
2694 {"kill", no_argument
, 0, 0},
2701 #ifdef HAVE_SETRLIMIT
2704 rl
.rlim_cur
= rl
.rlim_max
= 0;
2706 if (setrlimit (RLIMIT_CORE
, &rl
) != 0)
2707 err (EXIT_FAILURE
, "setrlimit()");
2710 #ifdef HAVE_PR_SET_DUMPABLE
2711 prctl (PR_SET_DUMPABLE
, 0);
2716 setlocale (LC_ALL
, "");
2717 bindtextdomain ("pwmd", LOCALEDIR
);
2718 textdomain ("pwmd");
2726 if (setup_crypto ())
2727 exit (EXIT_FAILURE
);
2730 gnutls_global_init ();
2731 gnutls_global_set_log_function (tls_log
);
2732 gnutls_global_set_log_level (1);
2736 xmlMemSetup (xfree
, xmalloc
, xrealloc
, str_dup
);
2744 while ((opt
= getopt_long (argc
, argv
, optstring
, longopts
, &optindex
))
2753 convertfile
= optarg
;
2768 rcfile
= str_dup (optarg
);
2771 usage (argv
[0], EXIT_FAILURE
);
2784 use_agent
= optarg
&& *optarg
? atoi (optarg
) : 1;
2785 if (use_agent
< 0 || use_agent
> 1)
2789 case OPT_DEBUG_LEVEL
:
2790 debug_level_opt
= optarg
;
2793 homedir
= str_dup (optarg
);
2798 case OPT_DISABLE_DUMP
:
2806 rcfile
= str_dup (optarg
);
2809 convertfile
= optarg
;
2811 case OPT_PASSPHRASE_FILE
:
2820 case OPT_NO_PASSPHRASE_FILE
:
2821 no_passphrase_file
= 1;
2826 case OPT_SIGN_KEYGRIP
:
2827 sign_keygrip
= optarg
;
2835 case OPT_ITERATIONS
:
2837 s2k_count
= strtoul (optarg
, NULL
, 10);
2839 case OPT_NO_PASSPHRASE
:
2854 "Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015\n"
2856 "Released under the terms of the GPL v2. Use at your own risk.\n\n"
2857 "Compile time features:\n%s"), PACKAGE_STRING
,
2860 "+PWMD_HOMEDIR=" PWMD_HOMEDIR
"\n"
2893 exit (EXIT_SUCCESS
);
2898 homedir
= str_dup(PWMD_HOMEDIR
);
2900 homedir
= str_asprintf ("%s/.pwmd", get_home_dir());
2903 if (mkdir (homedir
, 0700) == -1 && errno
!= EEXIST
)
2904 err (EXIT_FAILURE
, "%s", homedir
);
2906 snprintf (buf
, sizeof (buf
), "%s/data", homedir
);
2907 if (mkdir (buf
, 0700) == -1 && errno
!= EEXIST
)
2908 err (EXIT_FAILURE
, "%s", buf
);
2910 datadir
= str_dup (buf
);
2911 pthread_mutexattr_t attr
;
2912 pthread_mutexattr_init (&attr
);
2913 pthread_mutexattr_settype (&attr
, PTHREAD_MUTEX_RECURSIVE
);
2914 pthread_mutex_init (&rcfile_mutex
, &attr
);
2915 pthread_cond_init (&rcfile_cond
, NULL
);
2916 pthread_mutex_init (&cn_mutex
, &attr
);
2917 pthread_mutexattr_destroy (&attr
);
2918 pthread_key_create (&last_error_key
, free_key
);
2919 #ifndef HAVE_PTHREAD_CANCEL
2920 pthread_key_create (&signal_thread_key
, free_key
);
2924 rcfile
= str_asprintf ("%s/config", homedir
);
2926 global_config
= config_parse (rcfile
, 0);
2928 exit (EXIT_FAILURE
);
2931 if (use_agent
== -1)
2932 use_agent
= config_get_boolean ("global", "use_agent");
2937 if (debug_level_opt
)
2938 debug_level
= str_split (debug_level_opt
, ",", 0);
2940 x
= config_get_int_param (global_config
, "global", "priority", &exists
);
2941 if (exists
&& x
!= atoi(INVALID_PRIORITY
))
2944 if (setpriority (PRIO_PROCESS
, 0, x
) == -1)
2946 log_write ("setpriority(): %s",
2947 pwmd_strerror (gpg_error_from_errno (errno
)));
2951 #ifdef HAVE_MLOCKALL
2952 if (disable_mlock
== 0 && mlockall (MCL_CURRENT
| MCL_FUTURE
) == -1)
2954 log_write ("mlockall(): %s",
2955 pwmd_strerror (gpg_error_from_errno (errno
)));
2960 rc
= cache_init (free_cache_data
);
2963 log_write ("pwmd: ERR %i: %s", rc
,
2964 gpg_err_code (rc
) == GPG_ERR_UNKNOWN_VERSION
2965 ? _("incompatible gpg-agent version: 2.1.0 or later required")
2966 : pwmd_strerror (rc
));
2971 s2k_count
= config_get_ulong (NULL
, "s2k_count");
2975 if (!outfile
|| !*outfile
|| argc
!= optind
)
2976 usage (argv
[0], EXIT_FAILURE
);
2978 estatus
= convert_v2_datafile (convertfile
, cipher
, keyfile
, keygrip
,
2979 sign_keygrip
, no_passphrase
, outfile
,
2980 keyparam
, s2k_count
);
2981 config_free (global_config
);
2988 if (!outfile
|| !*outfile
|| argc
!= optind
)
2989 usage (argv
[0], EXIT_FAILURE
);
2991 if (outfile
&& outfile
[0] == '-' && outfile
[1] == 0)
2994 estatus
= xml_import (import
, outfile
, keygrip
, sign_keygrip
, keyfile
,
2995 no_passphrase
, cipher
, keyparam
, s2k_count
);
2996 config_free (global_config
);
3001 p
= config_get_string ("global", "socket_path");
3003 p
= str_asprintf ("%s/socket", homedir
);
3005 socketarg
= expand_homedir (p
);
3009 disable_list_and_dump
= config_get_boolean ("global",
3010 "disable_list_and_dump");
3012 disable_list_and_dump
= secure
;
3014 cache_push
= config_get_list ("global", "cache_push");
3016 while (optind
< argc
)
3018 if (strv_printf (&cache_push
, "%s", argv
[optind
++]) == 0)
3019 errx (EXIT_FAILURE
, "%s", pwmd_strerror (GPG_ERR_ENOMEM
));
3022 if (strchr (socketarg
, '/') == NULL
)
3024 socketdir
= getcwd (buf
, sizeof (buf
));
3025 socketname
= str_dup (socketarg
);
3026 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
3030 socketname
= str_dup (strrchr (socketarg
, '/'));
3032 socketarg
[strlen (socketarg
) - strlen (socketname
) - 1] = 0;
3033 socketdir
= str_dup (socketarg
);
3034 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
3037 if (chdir (datadir
))
3039 log_write ("%s: %s", datadir
,
3040 pwmd_strerror (gpg_error_from_errno (errno
)));
3041 unlink (socketpath
);
3045 x
= test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 0,
3047 if (!terminate
&& x
)
3051 estatus
= x
!= 1 ? EXIT_FAILURE
: EXIT_SUCCESS
;
3056 * bind() doesn't like the full pathname of the socket or any non alphanum
3057 * characters so change to the directory where the socket is wanted then
3058 * create it then change to datadir.
3060 if (chdir (socketdir
))
3062 log_write ("%s: %s", socketdir
,
3063 pwmd_strerror (gpg_error_from_errno (errno
)));
3069 if ((sockfd
= socket (PF_UNIX
, SOCK_STREAM
, 0)) == -1)
3071 log_write ("socket(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3075 addr
.sun_family
= AF_UNIX
;
3076 snprintf (addr
.sun_path
, sizeof (addr
.sun_path
), "%s", socketname
);
3078 if (bind (sockfd
, (struct sockaddr
*) &addr
, sizeof (struct sockaddr
)) ==
3081 log_write ("bind(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3083 if (errno
== EADDRINUSE
)
3086 log_write (_("Either there is another pwmd running or '%s' is a \n"
3087 "stale socket. Please remove it manually."), socketpath
);
3094 char *t
= config_get_string ("global", "socket_perms");
3099 mode
= strtol (t
, NULL
, 8);
3103 if (chmod (socketname
, mode
) == -1)
3105 log_write ("%s: %s", socketname
,
3106 pwmd_strerror (gpg_error_from_errno (errno
)));
3116 xfree (--socketname
);
3118 if (chdir (datadir
))
3120 log_write ("%s: %s", datadir
,
3121 pwmd_strerror (gpg_error_from_errno (errno
)));
3129 * Set the cache entry for a file. Prompts for the password.
3133 struct crypto_s
*crypto
= NULL
;
3134 gpg_error_t rc
= init_client_crypto (&crypto
);
3138 estatus
= EXIT_FAILURE
;
3145 rc
= agent_set_pinentry_options (crypto
->agent
);
3148 estatus
= EXIT_FAILURE
;
3154 for (opt
= 0; cache_push
[opt
]; opt
++)
3156 if (!do_cache_push (cache_push
[opt
], crypto
) && !force
)
3158 strv_free (cache_push
);
3160 estatus
= EXIT_FAILURE
;
3161 cleanup_crypto (&crypto
);
3165 cleanup_crypto_stage1 (crypto
);
3170 (void) kill_scd (crypto
->agent
);
3173 cleanup_crypto (&crypto
);
3174 strv_free (cache_push
);
3175 log_write (!nofork
? _("Done. Daemonizing...") :
3176 _("Done. Waiting for connections..."));
3179 config_clear_keys ();
3181 if (listen (sockfd
, 0) == -1)
3183 log_write ("listen(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3192 log_write ("fork(): %s",
3193 pwmd_strerror (gpg_error_from_errno (errno
)));
3202 _exit (EXIT_SUCCESS
);
3206 (void)test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 1,
3209 pthread_key_create (&thread_name_key
, free_key
);
3210 pthread_setspecific (thread_name_key
, str_dup ("main"));
3211 estatus
= server_loop (sockfd
, &socketpath
);
3214 if (socketpath
&& do_unlink
)
3216 unlink (socketpath
);
3222 gnutls_global_deinit ();
3226 #ifdef HAVE_PTHREAD_CANCEL
3227 pthread_cancel (rcfile_tid
);
3229 pthread_kill (rcfile_tid
, SIGUSR2
);
3230 pthread_cond_signal (&rcfile_cond
);
3232 pthread_join (rcfile_tid
, NULL
);
3235 pthread_cond_destroy (&rcfile_cond
);
3236 pthread_mutex_destroy (&rcfile_mutex
);
3237 pthread_key_delete (last_error_key
);
3238 #ifndef HAVE_PTHREAD_CANCEL
3239 pthread_key_delete (signal_thread_key
);
3243 config_free (global_config
);
3245 free_invoking_users (invoking_users
);
3247 xfree (home_directory
);
3249 xmlCleanupParser ();
3250 xmlCleanupGlobals ();
3256 if (estatus
== EXIT_SUCCESS
&& !terminate
)
3257 log_write (_("pwmd exiting normally"));
3259 pthread_key_delete (thread_name_key
);
3261 #if defined(DEBUG) && !defined(MEM_DEBUG)