src/agent.c

   1 /*
   2     Copyright (C) 2016-2019 Ben Kibbey <bjk@luxsci.net>
   3
   4     This file is part of pwmd.
   5
   6     Pwmd is free software: you can redistribute it and/or modify
   7     it under the terms of the GNU General Public License as published by
   8     the Free Software Foundation, either version 2 of the License, or
   9     (at your option) any later version.
  10
  11     Pwmd is distributed in the hope that it will be useful,
  12     but WITHOUT ANY WARRANTY; without even the implied warranty of
  13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14     GNU General Public License for more details.
  15
  16     You should have received a copy of the GNU General Public License
  17     along with Pwmd.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 #ifdef HAVE_CONFIG_H
  20 #include <config.h>
  21 #endif
  22
  23 #include <stdlib.h>
  24 #include <errno.h>
  25 #include <pwd.h>
  26 #include <sys/types.h>
  27 #include <signal.h>
  28 #include <sys/wait.h>
  29 #include <fcntl.h>
  30 #include <dirent.h>
  31
  32 #ifdef HAVE_LIMITS_H
  33 #include <limits.h>
  34 #endif
  35
  36 #include "pwmd-error.h"
  37 #include <gpgme.h>
  38 #include "util-misc.h"
  39 #include "mem.h"
  40 #include "common.h"
  41 #include "agent.h"
  42 #include "util-string.h"
  43 #include "mutex.h"
  44 #include "rcfile.h"
  45 #include "cache.h"
  46
  47 static gpg_error_t
  48 mem_realloc_cb (void *data, const void *buffer, size_t len)
  49 {
  50   membuf_t *mem = (membuf_t *) data;
  51   void *p;
  52
  53   if (!buffer)
  54     return 0;
  55
  56   if ((p = xrealloc (mem->buf, mem->len + len)) == NULL)
  57     return 1;
  58
  59   mem->buf = p;
  60   memcpy ((char *) mem->buf + mem->len, buffer, len);
  61   mem->len += len;
  62   return 0;
  63 }
  64
  65 static gpg_error_t
  66 assuan_command (struct agent_s *a, char **result,
  67                 size_t * len, const char *cmd)
  68 {
  69   gpg_error_t rc;
  70
  71   a->data.len = 0;
  72   a->data.buf = NULL;
  73   if (result)
  74     *result = NULL;
  75   if (len)
  76     *len = 0;
  77
  78   rc = assuan_transact (a->ctx, cmd, mem_realloc_cb, &a->data, NULL, NULL,
  79                         NULL, NULL);
  80   if (rc)
  81     xfree (a->data.buf);
  82   else
  83     {
  84       if (a->data.buf)
  85         {
  86           mem_realloc_cb (&a->data, "", 1);
  87           if (result)
  88             *result = (char *) a->data.buf;
  89           else
  90             xfree (a->data.buf);
  91
  92           if (len)
  93             *len = a->data.len;
  94         }
  95     }
  96
  97   return rc;
  98 }
  99
 100 static char *
 101 get_gpg_connect_agent_path (void)
 102 {
 103   gpgme_engine_info_t engine;
 104   char *s, *p;
 105
 106   gpgme_get_engine_info (&engine);
 107   while (engine)
 108     {
 109       if (engine->protocol == GPGME_PROTOCOL_GPGCONF)
 110         break;
 111
 112       engine = engine->next;
 113     }
 114
 115   if (!engine)
 116     return NULL;
 117
 118   s = str_dup (engine->file_name);
 119   if (!s)
 120     return NULL;
 121
 122   p = strrchr (s, '/');
 123   if (p)
 124     {
 125       *p = 0;
 126       p = str_asprintf ("%s/gpg-connect-agent", s);
 127       xfree (s);
 128       return p;
 129     }
 130
 131   xfree (s);
 132   return NULL;
 133 }
 134
 135 gpg_error_t
 136 agent_connect (struct agent_s *agent)
 137 {
 138   gpg_error_t rc;
 139   assuan_context_t ctx = NULL;
 140   static struct assuan_malloc_hooks mhooks = { xmalloc, xrealloc, xfree };
 141
 142   agent->did_restart = 0;
 143   if (agent->restart)
 144     {
 145       gpgme_ctx_t gctx;
 146
 147       rc = gpgme_new (&gctx);
 148       if (!rc)
 149         {
 150           char **args = NULL;
 151
 152           pthread_cleanup_push ((void *)gpgme_release, gctx);
 153           rc = gpgme_set_protocol (gctx, GPGME_PROTOCOL_SPAWN);
 154           if (!rc && strv_printf (&args, ""))
 155             {
 156               if (!rc && strv_printf (&args, "--homedir"))
 157                 {
 158                   char *gpghome = config_get_string ("global", "gpg_homedir");
 159
 160                   if (gpghome)
 161                     {
 162                       if (!strv_printf (&args, "%s", gpghome))
 163                         rc = GPG_ERR_ENOMEM;
 164                     }
 165                   else
 166                     {
 167                       if (!strv_printf (&args, "%s/.gnupg", homedir))
 168                         rc = GPG_ERR_ENOMEM;
 169                     }
 170
 171                   xfree (gpghome);
 172                 }
 173               else if (!rc)
 174                 rc = GPG_ERR_ENOMEM;
 175             }
 176           else if (!rc)
 177             rc = GPG_ERR_ENOMEM;
 178
 179           pthread_cleanup_push ((void *)strv_free, args);
 180           if (!rc)
 181             {
 182               gpgme_data_t idata = NULL;
 183               size_t len;
 184               char *s;
 185
 186               rc = gpgme_data_new (&idata);
 187               if (!rc)
 188                 {
 189                   char *gca = get_gpg_connect_agent_path ();
 190
 191                   pthread_cleanup_push (xfree, gca);
 192                   if (gca)
 193                     rc = gpgme_op_spawn (gctx, gca, (const char **)args, NULL,
 194                                          idata, NULL,
 195                                          GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG);
 196                   else
 197                     rc = GPG_ERR_ENOMEM;
 198
 199                   pthread_cleanup_pop (1);
 200                 }
 201
 202               if (!rc)
 203                 {
 204                   ssize_t ret = gpgme_data_write (idata, "/BYE\n", 5);
 205
 206                   if (ret != 5)
 207                     rc = gpg_error_from_syserror ();
 208                 }
 209
 210               if (idata)
 211                 {
 212                   s = gpgme_data_release_and_get_mem (idata, &len);
 213                   gpgme_free (s);
 214                 }
 215             }
 216
 217           pthread_cleanup_pop (1);
 218           pthread_cleanup_pop (1);
 219         }
 220
 221       if (rc)
 222         return rc;
 223     }
 224
 225   rc = assuan_new_ext (&ctx, GPG_ERR_SOURCE_DEFAULT, &mhooks, assuan_log_cb,
 226                        NULL);
 227   if (rc)
 228     return rc;
 229
 230   pthread_cleanup_push ((void *)assuan_release, ctx);
 231   rc = assuan_socket_connect (ctx, agent->socket, ASSUAN_INVALID_PID, 0);
 232   if (!rc)
 233     {
 234       if (agent->ctx)
 235         assuan_release (agent->ctx);
 236
 237       agent->ctx = ctx;
 238     }
 239   else
 240     {
 241       if (ctx)
 242         assuan_release (ctx);
 243     }
 244
 245   pthread_cleanup_pop (0);
 246   return rc;
 247 }
 248
 249 static gpg_error_t
 250 send_to_agent (struct agent_s *agent, char **result, size_t *len,
 251                const char *cmd)
 252 {
 253   gpg_error_t rc = 0;
 254
 255   if (agent->ctx)
 256     rc = assuan_command (agent, result, len, cmd);
 257   else
 258     {
 259       rc = agent_connect (agent);
 260       if (!rc)
 261         rc = assuan_command (agent, result, len, cmd);
 262     }
 263
 264   if (!agent->restart && gpg_err_source (rc) == GPG_ERR_SOURCE_DEFAULT
 265       && (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED
 266           || gpg_err_code (rc) == GPG_ERR_EPIPE))
 267     {
 268       log_write (_ ("gpg-agent connection died (rc=%u), reconnecting"), rc);
 269       agent->restart = 1;
 270       rc = agent_connect (agent);
 271       if (!rc)
 272         {
 273           agent->did_restart = 1;
 274           rc = assuan_command (agent, result, len, cmd);
 275         }
 276     }
 277
 278   agent->restart = 0;
 279   return rc;
 280 }
 281
 282 gpg_error_t
 283 agent_command (struct agent_s *agent, char **result, size_t * len,
 284                const char *fmt, ...)
 285 {
 286   va_list ap;
 287   char *cmd = NULL;
 288   gpg_error_t rc;
 289
 290   va_start (ap, fmt);
 291
 292   if (str_vasprintf (&cmd, fmt, ap) > 0)
 293     {
 294       pthread_cleanup_push (xfree, cmd);
 295       rc = send_to_agent (agent, result, len, cmd);
 296       pthread_cleanup_pop (0);
 297     }
 298   else
 299     rc = GPG_ERR_ENOMEM;
 300
 301   xfree (cmd);
 302   va_end (ap);
 303   return rc;
 304 }
 305
 306 void
 307 agent_disconnect (struct agent_s *agent)
 308 {
 309   if (!agent)
 310     return;
 311
 312   if (agent->ctx)
 313     assuan_release (agent->ctx);
 314
 315   agent->ctx = NULL;
 316 }
 317
 318 void
 319 agent_free (struct agent_s *agent)
 320 {
 321   if (!agent)
 322     return;
 323
 324   agent_disconnect (agent);
 325   xfree (agent->socket);
 326   xfree (agent);
 327 }
 328
 329 gpg_error_t
 330 agent_init (struct agent_s **agent)
 331 {
 332   struct agent_s *new;
 333   FILE *fp;
 334   char *buf;
 335   char line[PATH_MAX], *p;
 336   gpg_error_t rc = 0;
 337   int ret;
 338   char *gpghome = config_get_string ("global", "gpg_homedir");
 339
 340   if (gpghome)
 341     buf = str_asprintf ("gpgconf --homedir %s --list-dirs", gpghome);
 342   else
 343     buf = str_asprintf ("gpgconf --homedir %s/.gnupg --list-dirs", homedir);
 344
 345   xfree (gpghome);
 346   fp = popen (buf, "r");
 347   if (!fp)
 348     {
 349       rc = gpg_error_from_syserror ();
 350       xfree (buf);
 351       return rc;
 352     }
 353
 354   xfree (buf);
 355   buf = NULL;
 356
 357   while ((p = fgets (line, sizeof(line), fp)))
 358     {
 359       if (line[strlen(line)-1] == '\n')
 360         line[strlen(line)-1] = 0;
 361
 362       if (!strncmp (line, "agent-socket:", 13))
 363         {
 364           buf = str_dup (line+13);
 365           break;
 366         }
 367     }
 368
 369   ret = pclose (fp);
 370   if (ret)
 371     {
 372       xfree (buf);
 373       return GPG_ERR_ASS_GENERAL;
 374     }
 375
 376   new = xcalloc (1, sizeof (struct agent_s));
 377   if (!new)
 378     {
 379       xfree (buf);
 380       return GPG_ERR_ENOMEM;
 381     }
 382
 383   new->socket = buf;
 384   *agent = new;
 385   return 0;
 386 }
 387
 388 gpg_error_t
 389 agent_set_option (struct agent_s * agent, const char *name, const char *value)
 390 {
 391   return agent_command (agent, NULL, NULL, "OPTION %s=%s", name, value);
 392 }
 393
 394 gpg_error_t
 395 agent_kill_scd (struct agent_s *agent)
 396 {
 397   gpg_error_t rc = 0;
 398
 399   if (config_get_boolean (NULL, "kill_scd"))
 400     {
 401       rc = agent_command (agent, NULL, NULL, "SCD KILLSCD");
 402       if (rc && gpg_err_code (rc) != GPG_ERR_NO_SCDAEMON
 403           && gpg_err_code (rc) != GPG_ERR_EPIPE
 404           && gpg_err_code (rc) != GPG_ERR_EOF)
 405         log_write ("%s: ERR %u: %s", __FUNCTION__, rc, pwmd_strerror (rc));
 406     }
 407
 408   return rc;
 409 }