search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added OPTION ITERATIONS to set the encryption iterations for the
[pwmd.git] / src / commands.c
blobdb4e179816fd781d37d7ce1b9c94afa9175a46f9
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2008 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <err.h>
23 #include <errno.h>
24 #include <sys/types.h>
25 #include <sys/stat.h>
26 #include <fcntl.h>
27 #include <ctype.h>
28 #include <glib.h>
29 #include <gcrypt.h>
30 #include <zlib.h>
31
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35
36 #ifndef MEM_DEBUG
37 #include "mem.h"
38 #endif
39
40 #include "xml.h"
41 #include "common.h"
42
43 #ifdef WITH_PINENTRY
44 #include "pinentry.h"
45 #endif
46
47 #include "pwmd_error.h"
48 #include "cache.h"
49 #include "misc.h"
50 #include "commands.h"
51
52 static void *z_alloc(void *data, unsigned items, unsigned size)
53 {
54 #ifndef MEM_DEBUG
55 return gcry_calloc(items, size);
56 #else
57 return calloc(items, size);
58 #endif
59 }
60
61 static void z_free(void *data, void *p)
62 {
63 #ifndef MEM_DEBUG
64 gcry_free(p);
65 #else
66 free(p);
67 #endif
68 }
69
70 static gpg_error_t file_modified(struct client_s *client)
71 {
72 struct stat st;
73 gpg_error_t rc;
74
75 if (client->state != STATE_OPEN)
76 return EPWMD_NO_FILE;
77
78 rc = lock_file_mutex(client);
79
80 if (rc)
81 return rc;
82
83 if (stat(client->filename, &st) == 0 && client->mtime) {
84 if (client->mtime != st.st_mtime)
85 return EPWMD_FILE_MODIFIED;
86 }
87
88 return 0;
89 }
90
91 static gboolean encrypt_xml(gcry_cipher_hd_t gh, void *outbuf, gsize outsize,
92 void *inbuf, gsize insize)
93 {
94 gpg_error_t rc;
95
96 if ((rc = gcry_cipher_encrypt(gh, outbuf, outsize, inbuf, insize))) {
97 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
98 return FALSE;
99 }
100
101 return TRUE;
102 }
103
104 static gpg_error_t decrypt_xml(gcry_cipher_hd_t gh, void *outbuf, gsize outsize,
105 void *inbuf, gsize insize)
106 {
107 gpg_error_t rc;
108
109 if ((rc = gcry_cipher_decrypt(gh, outbuf, outsize, inbuf, insize)))
110 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
111
112 return rc;
113 }
114
115 static gpg_error_t parse_xml(assuan_context_t ctx)
116 {
117 struct client_s *client = assuan_get_pointer(ctx);
118
119 client->doc = xmlReadMemory(client->xml, client->len, NULL, "UTF-8", XML_PARSE_NOBLANKS);
120
121 if (!client->doc)
122 return EPWMD_LIBXML_ERROR;
123
124 return 0;
125 }
126
127 void unlock_file_mutex(struct client_s *client)
128 {
129 pth_mutex_t *m;
130
131 #ifdef WITH_PINENTRY
132 if (client->has_lock == FALSE || client->pinentry->status != PINENTRY_NONE)
133 #else
134 if (client->has_lock == FALSE)
135 #endif
136 return;
137
138 CACHE_LOCK(client->ctx);
139
140 if (cache_get_mutex(client->md5file, &m) == FALSE) {
141 CACHE_UNLOCK;
142 return;
143 }
144
145 CACHE_UNLOCK;
146 pth_mutex_release(m);
147 client->has_lock = client->is_lock_cmd = FALSE;
148 }
149
150 gpg_error_t lock_file_mutex(struct client_s *client)
151 {
152 pth_mutex_t *m;
153
154 if (client->has_lock == TRUE)
155 return 0;
156
157 CACHE_LOCK(client->ctx);
158
159 if (cache_get_mutex(client->md5file, &m) == FALSE) {
160 CACHE_UNLOCK;
161 return 0;
162 }
163
164 CACHE_UNLOCK;
165
166 if (pth_mutex_acquire(m, TRUE, NULL) == FALSE) {
167 if (errno == EBUSY) {
168 if (client->ctx)
169 assuan_write_status(client->ctx, "LOCKED", N_("Waiting for lock"));
170
171 pth_mutex_acquire(m, FALSE, NULL);
172 }
173 else {
174 gint e = errno;
175 log_write("%s(%i): %s", __FUNCTION__, __LINE__, strerror(errno));
176 return gpg_error_from_errno(e);
177 }
178 }
179
180 client->has_lock = TRUE;
181 return 0;
182 }
183
184 void free_client(struct client_s *client)
185 {
186 if (client->doc)
187 xmlFreeDoc(client->doc);
188
189 if (client->xml)
190 gcry_free(client->xml);
191
192 if (client->filename)
193 g_free(client->filename);
194
195 if (client->gh)
196 gcry_cipher_close(client->gh);
197 }
198
199 void cleanup_client(struct client_s *client)
200 {
201 assuan_context_t ctx = client->ctx;
202 #ifdef WITH_PINENTRY
203 struct pinentry_s *pin = client->pinentry;
204 #endif
205
206 unlock_file_mutex(client);
207 CACHE_LOCK(client->ctx);
208 cache_decr_refcount(client->md5file);
209
210 /*
211 * This may be a new file so don't use a cache slot. save_command() will
212 * set this to FALSE on success.
213 */
214 if (client->new == TRUE)
215 cache_clear(client->md5file, 1);
216
217 free_client(client);
218 memset(client, 0, sizeof(struct client_s));
219 client->state = STATE_CONNECTED;
220 client->ctx = ctx;
221 client->freed = TRUE;
222 #ifdef WITH_PINENTRY
223 client->pinentry = pin;
224 #endif
225 CACHE_UNLOCK;
226 }
227
228 gboolean do_decompress(assuan_context_t ctx, gpointer in, gint insize,
229 gpointer *out, glong *outsize, gint *rc)
230 {
231 z_stream z;
232 gpointer pout;
233 gz_header h;
234 gchar buf[17];
235 gchar str[ASSUAN_LINELENGTH];
236
237 z.zalloc = z_alloc;
238 z.zfree = z_free;
239 z.next_in = in;
240 z.avail_in = insize;
241 z.avail_out = zlib_bufsize;
242 z.next_out = pout = g_malloc(zlib_bufsize);
243
244 if (!pout) {
245 log_write("%s(%i): %s", __FUNCTION__, __LINE__, strerror(ENOMEM));
246 *rc = Z_MEM_ERROR;
247 return FALSE;
248 }
249
250 *rc = inflateInit2(&z, 47);
251
252 if (*rc != Z_OK) {
253 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
254 g_free(pout);
255 return FALSE;
256 }
257
258 memset(&h, 0, sizeof(gz_header));
259 h.comment = (guchar *)buf;
260 h.comm_max = sizeof(buf);
261 *rc = inflateGetHeader(&z, &h);
262
263 if (*rc != Z_OK) {
264 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
265 g_free(pout);
266 inflateEnd(&z);
267 return FALSE;
268 }
269
270 *rc = inflate(&z, Z_BLOCK);
271
272 if (*rc != Z_OK) {
273 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
274 g_free(pout);
275 inflateEnd(&z);
276 return FALSE;
277 }
278
279 if (h.comment)
280 insize = atoi((gchar *)h.comment);
281
282 do {
283 gpointer p;
284
285 *rc = inflate(&z, Z_FINISH);
286
287 switch (*rc) {
288 case Z_OK:
289 break;
290 case Z_BUF_ERROR:
291 if (!z.avail_out) {
292 p = g_realloc(pout, z.total_out + zlib_bufsize);
293
294 if (!p) {
295 *rc = Z_MEM_ERROR;
296 goto fail;
297 }
298
299 pout = p;
300 z.next_out = pout + z.total_out;
301 z.avail_out = zlib_bufsize;
302
303 if (ctx) {
304 *rc = assuan_write_status(ctx, "DECOMPRESS",
305 print_fmt(str, sizeof(str), "%i %i", z.total_out, insize));
306
307 if (*rc)
308 goto fail;
309 }
310 }
311 break;
312 case Z_STREAM_END:
313 break;
314 default:
315 goto fail;
316 break;
317 }
318
319 pth_yield(NULL);
320 } while (*rc != Z_STREAM_END);
321
322 if (ctx) {
323 *rc = assuan_write_status(ctx, "DECOMPRESS",
324 print_fmt(str, sizeof(str), "%i %i", z.total_out, insize));
325
326 if (*rc)
327 goto fail;
328 }
329
330 *out = pout;
331 *outsize = z.total_out;
332 inflateEnd(&z);
333 *rc = 0;
334 return TRUE;
335
336 fail:
337 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
338 g_free(pout);
339 inflateEnd(&z);
340 return FALSE;
341 }
342
343 gpg_error_t read_file_header(const gchar *filename, file_header_t *fh)
344 {
345 gint fd;
346 gsize len;
347
348 fd = open(filename, O_RDONLY);
349
350 if (fd == -1)
351 return gpg_error_from_errno(errno);
352
353 len = pth_read(fd, fh, sizeof(file_header_t));
354 close(fd);
355
356 if (len != sizeof(file_header_t))
357 return gpg_error_from_errno(errno);
358
359 return 0;
360 }
361
362 static gpg_error_t open_command_finalize(assuan_context_t ctx, guchar shakey[],
363 gboolean cached)
364 {
365 struct client_s *client = assuan_get_pointer(ctx);
366 gpg_error_t rc;
367 struct stat st;
368 gint fd;
369 gint timeout;
370
371 if ((fd = open_file(client->filename, &st)) == -1) {
372 /* New file. */
373 if (errno == ENOENT) {
374 if (shakey[0])
375 goto update_cache;
376
377 goto done;
378 }
379
380 rc = errno;
381 log_write("%s: %s", client->filename, strerror(errno));
382 cleanup_client(client);
383 memset(shakey, 0, sizeof(shakey));
384 return send_syserror(ctx, rc);
385 }
386
387 rc = try_xml_decrypt(ctx, fd, st, shakey);
388 close(fd);
389
390 if (rc) {
391 memset(shakey, 0, sizeof(shakey));
392 cleanup_client(client);
393 return send_error(ctx, rc);
394 }
395
396 update_cache:
397 CACHE_LOCK(client->ctx);
398
399 if (cached == FALSE) {
400 if (cache_update_key(client->md5file, shakey) == FALSE) {
401 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(EPWMD_MAX_SLOTS));
402 cleanup_client(client);
403 CACHE_UNLOCK;
404 return send_error(ctx, EPWMD_MAX_SLOTS);
405 }
406
407 timeout = get_key_file_integer(client->filename, "cache_timeout");
408 cache_reset_timeout(client->md5file, timeout);
409 }
410 else
411 cache_set_timeout(client->md5file, -2);
412
413 CACHE_UNLOCK;
414
415 done:
416 memset(shakey, 0, sizeof(shakey));
417 rc = parse_xml(ctx);
418
419 if (client->xml) {
420 gcry_free(client->xml);
421 client->xml = NULL;
422 }
423
424 if (!rc) {
425 if (client->new == FALSE)
426 send_status_all(STATUS_CACHE);
427
428 client->state = STATE_OPEN;
429 }
430
431 return send_error(ctx, rc);
432 }
433
434 static int open_command(assuan_context_t ctx, char *line)
435 {
436 struct stat st;
437 guchar shakey[gcrykeysize];
438 gboolean cached = FALSE;
439 gpg_error_t rc;
440 struct client_s *client = assuan_get_pointer(ctx);
441 gchar **req;
442 gchar *filename = NULL;
443 file_header_t file_header;
444
445 memset(shakey, 0, sizeof(shakey));
446
447 if ((req = split_input_line(line, " ", 2)) != NULL)
448 filename = req[0];
449
450 if (!filename || !*filename) {
451 g_strfreev(req);
452 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
453 }
454
455 if (valid_filename(filename) == FALSE) {
456 g_strfreev(req);
457 return send_error(ctx, EPWMD_INVALID_FILENAME);
458 }
459
460 if (client->state == STATE_OPEN)
461 cleanup_client(client);
462
463 gcry_md_hash_buffer(GCRY_MD_MD5, client->md5file, filename, strlen(filename));
464 CACHE_LOCK(client->ctx);
465
466 if (cache_has_file(client->md5file) == FALSE) {
467 if (cache_add_file(client->md5file, NULL) == FALSE) {
468 g_strfreev(req);
469 CACHE_UNLOCK;
470 return send_error(ctx, EPWMD_MAX_SLOTS);
471 }
472 }
473
474 cache_incr_refcount(client->md5file);
475 CACHE_UNLOCK;
476 rc = lock_file_mutex(client);
477
478 if (rc) {
479 g_strfreev(req);
480 return send_error(ctx, rc);
481 }
482
483 client->freed = FALSE;
484
485 if ((rc = gcry_cipher_open(&client->gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0))) {
486 g_strfreev(req);
487 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
488 cleanup_client(client);
489 return send_error(ctx, rc);
490 }
491
492 if (stat(filename, &st) == 0) {
493 if (!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) {
494 log_write("%s: %s", filename, pwmd_strerror(EPWMD_INVALID_FILENAME));
495 g_strfreev(req);
496 cleanup_client(client);
497 return send_error(ctx, EPWMD_INVALID_FILENAME);
498 }
499
500 client->mtime = st.st_mtime;
501 }
502
503 client->filename = g_strdup(filename);
504
505 if (!client->filename) {
506 memset(shakey, 0, sizeof(shakey));
507 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
508 cleanup_client(client);
509 g_strfreev(req);
510 return send_syserror(ctx, ENOMEM);
511 }
512
513 #ifdef WITH_PINENTRY
514 client->pinentry->filename = g_strdup(client->filename);
515
516 if (!client->pinentry->filename) {
517 memset(shakey, 0, sizeof(shakey));
518 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
519 cleanup_client(client);
520 g_strfreev(req);
521 return send_syserror(ctx, ENOMEM);
522 }
523 #endif
524
525 /*
526 * New files don't need a key.
527 */
528 if (access(filename, R_OK) != 0) {
529 if (errno != ENOENT) {
530 rc = errno;
531 log_write("%s: %s", filename, strerror(errno));
532 g_strfreev(req);
533 cleanup_client(client);
534 return send_syserror(ctx, rc);
535 }
536
537 if ((client->xml = new_document()) == NULL) {
538 log_write("%s", strerror(ENOMEM));
539 g_strfreev(req);
540 cleanup_client(client);
541 return send_syserror(ctx, ENOMEM);
542 }
543
544 client->len = xmlStrlen(client->xml);
545 client->new = TRUE;
546 client->filename = g_strdup(filename);
547
548 if (!client->filename) {
549 g_strfreev(req);
550 cleanup_client(client);
551 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
552 return send_syserror(ctx, ENOMEM);
553 }
554
555 memset(shakey, 0, sizeof(shakey));
556
557 if (req[1] && *req[1])
558 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, req[1], strlen(req[1]));
559
560 g_strfreev(req);
561 return open_command_finalize(ctx, shakey, cached);
562 }
563
564 rc = read_file_header(filename, &file_header);
565
566 if (rc) {
567 g_strfreev(req);
568 cleanup_client(client);
569 return send_error(ctx, rc);
570 }
571
572 if (file_header.iter == -1)
573 goto done;
574
575 CACHE_LOCK(client->ctx);
576 cached = cache_get_key(client->md5file, shakey);
577 CACHE_UNLOCK;
578
579 if (cached == FALSE) {
580 /*
581 * No key specified and no matching filename found in the cache. Use
582 * pinentry to retrieve the key. Cannot return assuan_process_done()
583 * here otherwise the command will be interrupted. The event loop in
584 * client_thread() will poll the file descriptor waiting for it to
585 * become ready to read a pinentry_key_s which will contain the
586 * entered key or rc. It will then call open_command_finalize() to
587 * to finish the command.
588 */
589 if (!req[1] || !*req[1]) {
590 #ifdef WITH_PINENTRY
591 gboolean b = get_key_file_boolean(filename, "enable_pinentry");
592
593 /* From set_pinentry_defaults(). */
594 if (client->pinentry->enable == FALSE ||
595 (client->pinentry->enable == -1 && b == FALSE)) {
596 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, "", 1);
597 goto done;
598 }
599
600 g_strfreev(req);
601 lock_pin_mutex(client);
602 client->pinentry->which = PINENTRY_OPEN;
603 rc = pinentry_fork(ctx);
604
605 if (rc) {
606 unlock_pin_mutex(client->pinentry);
607 cleanup_client(client);
608 return send_error(ctx, rc);
609 }
610
611 client->pinentry->cb = open_command_finalize;
612 client->pinentry->status = PINENTRY_INIT;
613 return 0;
614 #else
615 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, "", 1);
616 goto done;
617 #endif
618 }
619
620 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, req[1], strlen(req[1]));
621 }
622
623 done:
624 g_strfreev(req);
625 return open_command_finalize(ctx, shakey, cached);
626 }
627
628 gboolean do_compress(assuan_context_t ctx, gint level, gpointer data,
629 gint size, gpointer *out, glong *outsize, gint *rc)
630 {
631 z_stream z;
632 gpointer pout, pin;
633 gz_header h;
634 gchar buf[17];
635 gint cmd = Z_NO_FLUSH;
636 gchar str[ASSUAN_LINELENGTH];
637
638 z.zalloc = z_alloc;
639 z.zfree = z_free;
640 z.next_in = pin = data;
641 z.avail_in = size < zlib_bufsize ? size : zlib_bufsize;
642 z.avail_out = zlib_bufsize;
643 z.next_out = pout = g_malloc(zlib_bufsize);
644
645 if (!pout) {
646 log_write("%s(%i): %s", __FUNCTION__, __LINE__, strerror(ENOMEM));
647 *rc = Z_MEM_ERROR;
648 return FALSE;
649 }
650
651 *rc = deflateInit2(&z, level, Z_DEFLATED, 31, 8, Z_DEFAULT_STRATEGY);
652
653 if (*rc != Z_OK) {
654 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
655 g_free(pout);
656 return FALSE;
657 }
658
659 memset(&h, 0, sizeof(gz_header));
660 g_snprintf(buf, sizeof(buf), "%i", size);
661 h.comment = (guchar *)buf;
662 *rc = deflateSetHeader(&z, &h);
663
664 if (*rc != Z_OK) {
665 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
666 g_free(pout);
667 deflateEnd(&z);
668 return FALSE;
669 }
670
671 do {
672 gpointer p;
673
674 *rc = deflate(&z, cmd);
675
676 switch (*rc) {
677 case Z_OK:
678 break;
679 case Z_BUF_ERROR:
680 if (!z.avail_out) {
681 p = g_realloc(pout, z.total_out + zlib_bufsize);
682
683 if (!p) {
684 *rc = Z_MEM_ERROR;
685 goto fail;
686 }
687
688 pout = p;
689 z.next_out = pout + z.total_out;
690 z.avail_out = zlib_bufsize;
691 }
692
693 if (!z.avail_in && z.total_in < size) {
694 if (z.total_in + zlib_bufsize > size)
695 z.avail_in = size - z.total_in;
696 else
697 z.avail_in = zlib_bufsize;
698
699 if (ctx) {
700 *rc = assuan_write_status(ctx, "COMPRESS",
701 print_fmt(str, sizeof(str), "%i %i", z.total_in, size));
702
703 if (*rc)
704 goto fail;
705 }
706 }
707
708 if (z.total_in >= size)
709 cmd = Z_FINISH;
710
711 break;
712 case Z_STREAM_END:
713 break;
714 default:
715 goto fail;
716 }
717
718 pth_yield(NULL);
719 } while (*rc != Z_STREAM_END);
720
721 if (ctx) {
722 *rc = assuan_write_status(ctx, "COMPRESS",
723 print_fmt(str, sizeof(str), "%i %i", z.total_in, size));
724
725 if (*rc)
726 goto fail;
727 }
728
729 *out = pout;
730 *outsize = z.total_out;
731 deflateEnd(&z);
732 *rc = 0;
733 return TRUE;
734
735 fail:
736 log_write("%s(%i): %s", __FUNCTION__, __LINE__, z.msg);
737 g_free(pout);
738 deflateEnd(&z);
739 return FALSE;
740 }
741
742 gpg_error_t do_xml_encrypt(struct client_s *client, gcry_cipher_hd_t gh,
743 const gchar *filename, gpointer data, size_t insize, guchar *shakey,
744 gint iter)
745 {
746 gsize len = insize;
747 gint fd;
748 gpointer inbuf;
749 guchar tkey[gcrykeysize];
750 gchar *p;
751 gpg_error_t rc;
752 guint iter_progress = 0, n_iter = 0, xiter = 0;
753 gchar tmp[FILENAME_MAX];
754 struct stat st;
755 mode_t mode = 0;
756 file_header_t file_header;
757 gchar str[ASSUAN_LINELENGTH];
758
759 if (iter == -1) {
760 /*
761 * cache_file_count() needs both .used == TRUE and a valid key in
762 * order for it to count as a used cache entry. Fixes CACHE status
763 * messages.
764 */
765 memset(shakey, '!', gcrykeysize);
766 inbuf = data;
767 file_header.iter = iter;
768 goto write_file;
769 }
770
771 if (insize / gcryblocksize) {
772 len = (insize / gcryblocksize) * gcryblocksize;
773
774 if (insize % gcryblocksize)
775 len += gcryblocksize;
776 }
777
778 /*
779 * Resize the existing xml buffer to the block size required by gcrypt
780 * rather than duplicating it and wasting memory.
781 */
782 inbuf = gcry_realloc(data, len);
783
784 if (!inbuf)
785 return gpg_error_from_errno(ENOMEM);
786
787 insize = len;
788 gcry_create_nonce(file_header.iv, sizeof(file_header.iv));
789 memcpy(tkey, shakey, sizeof(tkey));
790 tkey[0] ^= 1;
791
792 if ((rc = gcry_cipher_setkey(gh, tkey, gcrykeysize))) {
793 gcry_free(inbuf);
794 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
795 return rc;
796 }
797
798 file_header.iter = iter;
799
800 if (client)
801 iter_progress = get_key_file_integer(client->filename, "iteration_progress");
802
803 if (client && iter_progress && file_header.iter >= iter_progress) {
804 rc = assuan_write_status(client->ctx, "ENCRYPT", "0");
805
806 if (rc) {
807 gcry_free(inbuf);
808 return rc;
809 }
810 }
811
812 while (xiter < file_header.iter) {
813 if (client && iter_progress > 0 && xiter >= iter_progress) {
814 if (!(xiter % iter_progress)) {
815 rc = assuan_write_status(client->ctx, "ENCRYPT",
816 print_fmt(str, sizeof(str), "%i", ++n_iter * iter_progress));
817
818 if (rc) {
819 gcry_free(inbuf);
820 return rc;
821 }
822 }
823 }
824
825 if ((rc = gcry_cipher_setiv(gh, file_header.iv,
826 sizeof(file_header.iv)))) {
827 gcry_free(inbuf);
828 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
829 return rc;
830 }
831
832 if (encrypt_xml(gh, inbuf, insize, NULL, 0)
833 == FALSE) {
834 gcry_free(inbuf);
835 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
836 return rc;
837 }
838
839 xiter++;
840 pth_yield(NULL);
841 }
842
843 if ((rc = gcry_cipher_setiv(gh, file_header.iv,
844 sizeof(file_header.iv)))) {
845 gcry_free(inbuf);
846 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
847 return rc;
848 }
849
850 if ((rc = gcry_cipher_setkey(gh, shakey, gcrykeysize))) {
851 gcry_free(inbuf);
852 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
853 return rc;
854 }
855
856 if (encrypt_xml(gh, inbuf, insize, NULL, 0) == FALSE) {
857 gcry_free(inbuf);
858 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
859 return rc;
860 }
861
862 if (client && iter_progress && file_header.iter >= iter_progress) {
863 rc = assuan_write_status(client->ctx, "ENCRYPT",
864 print_fmt(str, sizeof(str), "%i", file_header.iter));
865
866 if (rc) {
867 gcry_free(inbuf);
868 return rc;
869 }
870 }
871
872 write_file:
873 if (filename) {
874 if (stat(filename, &st) == 0) {
875 mode = st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);
876
877 /*
878 * FIXME What if the file has an ACL?
879 */
880 if (!(mode & S_IWUSR)) {
881 gcry_free(inbuf);
882 return gpg_error_from_errno(EACCES);
883 }
884 }
885 else {
886 if (errno != ENOENT) {
887 rc = errno;
888 gcry_free(inbuf);
889 return gpg_error_from_errno(rc);
890 }
891 }
892
893 g_snprintf(tmp, sizeof(tmp), ".%s.tmp", filename);
894
895 if ((fd = open(tmp, O_WRONLY|O_CREAT|O_TRUNC, 0600)) == -1) {
896 rc = errno;
897 gcry_free(inbuf);
898 p = strrchr(tmp, '/');
899 p++;
900 log_write("%s: %s", p, strerror(rc));
901 return gpg_error_from_errno(rc);
902 }
903 }
904 else
905 /*
906 * xml_import() from command line.
907 */
908 fd = STDOUT_FILENO;
909
910 len = pth_write(fd, &file_header, sizeof(file_header_t));
911
912 if (len != sizeof(file_header)) {
913 len = errno;
914
915 if (filename) {
916 close(fd);
917 unlink(tmp);
918 }
919
920 gcry_free(inbuf);
921 return gpg_error_from_errno(len);
922 }
923
924 len = pth_write(fd, inbuf, insize);
925
926 if (len != insize) {
927 len = errno;
928
929 if (filename) {
930 close(fd);
931 unlink(tmp);
932 }
933
934 gcry_free(inbuf);
935 return gpg_error_from_errno(len);
936 }
937
938 if (fsync(fd) == -1) {
939 len = errno;
940
941 if (filename) {
942 close(fd);
943 unlink(tmp);
944 }
945
946 gcry_free(inbuf);
947 return gpg_error_from_errno(len);
948 }
949
950 if (filename) {
951 close(fd);
952
953 if (mode && get_key_file_boolean(filename, "backup") == TRUE) {
954 gchar tmp2[FILENAME_MAX];
955
956 g_snprintf(tmp2, sizeof(tmp2), "%s.backup", filename);
957
958 if (rename(filename, tmp2) == -1) {
959 unlink(tmp);
960 len = errno;
961 gcry_free(inbuf);
962 return gpg_error_from_errno(len);
963 }
964 }
965
966 if (rename(tmp, filename) == -1) {
967 len = errno;
968 unlink(tmp);
969 gcry_free(inbuf);
970 return gpg_error_from_errno(len);
971 }
972
973 if (mode)
974 chmod(filename, mode);
975 }
976
977 gcry_free(inbuf);
978 return 0;
979 }
980
981 static gpg_error_t save_command_finalize(assuan_context_t ctx,
982 guchar shakey[], gboolean cached)
983 {
984 struct client_s *client = assuan_get_pointer(ctx);
985 gpointer xmlbuf;
986 xmlChar *p;
987 gint len;
988 gint iter;
989 gint timeout;
990 gpointer outbuf;
991 glong outsize = 0;
992 gint zrc;
993 gpg_error_t rc;
994 struct stat st;
995
996 xmlDocDumpFormatMemory(client->doc, &p, &len, 0);
997 xmlbuf = p;
998
999 iter = get_key_file_integer(client->filename, "compression_level");
1000
1001 if (iter < 0)
1002 iter = 0;
1003
1004 if (do_compress(ctx, iter, xmlbuf, len, &outbuf, &outsize, &zrc) == FALSE) {
1005 memset(shakey, 0, sizeof(shakey));
1006 xmlFree(xmlbuf);
1007
1008 if (zrc == Z_MEM_ERROR) {
1009 return send_syserror(ctx, ENOMEM);
1010 }
1011 else
1012 return send_error(ctx, GPG_ERR_COMPR_ALGO);
1013 }
1014 else {
1015 gcry_free(xmlbuf);
1016 xmlbuf = outbuf;
1017 len = outsize;
1018 }
1019
1020 iter = get_key_file_integer(client->filename, "iterations");
1021 rc = do_xml_encrypt(client, client->gh, client->filename, xmlbuf, len, shakey, iter);
1022
1023 if (rc) {
1024 memset(shakey, 0, sizeof(shakey));
1025 return send_error(ctx, rc);
1026 }
1027
1028 stat(client->filename, &st);
1029 client->mtime = st.st_mtime;
1030 timeout = get_key_file_integer(client->filename, "cache_timeout");
1031 CACHE_LOCK(client->ctx);
1032
1033 if (cached) {
1034 memset(shakey, 0, sizeof(shakey));
1035 cache_reset_timeout(client->md5file, timeout);
1036 CACHE_UNLOCK;
1037
1038 if (client->new == TRUE)
1039 send_status_all(STATUS_CACHE);
1040
1041 client->new = FALSE;
1042 return send_error(ctx, 0);
1043 }
1044
1045 if (cache_update_key(client->md5file, shakey) == FALSE) {
1046 memset(shakey, 0, sizeof(shakey));
1047 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(EPWMD_MAX_SLOTS));
1048 CACHE_UNLOCK;
1049 return send_error(ctx, EPWMD_MAX_SLOTS);
1050 }
1051
1052 client->new = FALSE;
1053 memset(shakey, 0, sizeof(shakey));
1054 cache_reset_timeout(client->md5file, timeout);
1055 CACHE_UNLOCK;
1056 send_status_all(STATUS_CACHE);
1057 return send_error(ctx, 0);
1058 }
1059
1060 static int save_command(assuan_context_t ctx, char *line)
1061 {
1062 gboolean cached = FALSE;
1063 guchar shakey[gcrykeysize];
1064 struct stat st;
1065 struct client_s *client = assuan_get_pointer(ctx);
1066 gpg_error_t rc;
1067
1068 memset(shakey, 0, sizeof(shakey));
1069 rc = file_modified(client);
1070
1071 if (rc) {
1072 log_write("%s: %s", client->filename ? client->filename : "",
1073 pwmd_strerror(rc));
1074 return send_error(ctx, rc);
1075 }
1076
1077 rc = lock_file_mutex(client);
1078
1079 if (rc)
1080 return send_error(ctx, rc);
1081
1082 if (stat(client->filename, &st) == -1 && errno != ENOENT)
1083 return send_syserror(ctx, errno);
1084
1085 if (errno != ENOENT && !S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) {
1086 log_write("%s: %s", client->filename, pwmd_strerror(EPWMD_INVALID_FILENAME));
1087 return send_error(ctx, EPWMD_INVALID_FILENAME);
1088 }
1089
1090 if (get_key_file_integer(client->filename, "iterations") == -1)
1091 goto done;
1092
1093 if (!line || !*line) {
1094 guchar tmp[sizeof(shakey)];
1095 CACHE_LOCK(ctx);
1096
1097 memset(tmp, '!', sizeof(tmp));
1098
1099 if (cache_get_key(client->md5file, shakey) == FALSE ||
1100 memcmp(shakey, tmp, sizeof(shakey)) == 0) {
1101 CACHE_UNLOCK;
1102 #ifdef WITH_PINENTRY
1103 if (get_key_file_boolean(client->filename, "enable_pinentry") == FALSE) {
1104 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, "", 1);
1105 goto done;
1106 }
1107
1108 lock_pin_mutex(client);
1109 client->pinentry->which = PINENTRY_SAVE;
1110 rc = pinentry_fork(ctx);
1111
1112 if (rc) {
1113 unlock_pin_mutex(client->pinentry);
1114 return send_error(ctx, rc);
1115 }
1116
1117 client->pinentry->cb = save_command_finalize;
1118 client->pinentry->status = PINENTRY_INIT;
1119 return 0;
1120 #else
1121 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, "", 1);
1122 goto done;
1123 #endif
1124 }
1125 else {
1126 CACHE_UNLOCK;
1127 cached = TRUE;
1128 }
1129 }
1130 else {
1131 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, line, strlen(line));
1132 memset(line, 0, strlen(line));
1133 }
1134
1135 done:
1136 return save_command_finalize(ctx, shakey, cached);
1137 }
1138
1139 static int delete_command(assuan_context_t ctx, char *line)
1140 {
1141 struct client_s *client = assuan_get_pointer(ctx);
1142 gchar **req;
1143 gpg_error_t rc;
1144 xmlNodePtr n;
1145
1146 rc = file_modified(client);
1147
1148 if (rc) {
1149 log_write("%s: %s", client->filename ? client->filename : "",
1150 pwmd_strerror(rc));
1151 return send_error(ctx, rc);
1152 }
1153
1154 if (strchr(line, '\t'))
1155 req = split_input_line(line, "\t", -1);
1156 else
1157 req = split_input_line(line, " ", -1);
1158
1159 if (!req || !*req)
1160 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
1161
1162 n = find_account(client->doc, &req, &rc, NULL, 0);
1163
1164 if (!n) {
1165 g_strfreev(req);
1166 return send_error(ctx, rc);
1167 }
1168
1169 /*
1170 * No sub-node defined. Remove the entire node (account).
1171 */
1172 if (!req[1]) {
1173 if (n) {
1174 xmlUnlinkNode(n);
1175 xmlFreeNode(n);
1176 }
1177
1178 g_strfreev(req);
1179 return send_error(ctx, 0);
1180 }
1181
1182 n = find_elements(client->doc, n->children, req+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL);
1183 g_strfreev(req);
1184
1185 if (!n)
1186 return send_error(ctx, rc);
1187
1188 if (n) {
1189 xmlUnlinkNode(n);
1190 xmlFreeNode(n);
1191 }
1192
1193 return send_error(ctx, 0);
1194 }
1195
1196 /*
1197 * Don't return with assuan_process_done() here. This has been called from
1198 * assuan_process_next() and the command should be finished in
1199 * client_thread().
1200 */
1201 static int store_command_finalize(gpointer data, gint assuan_rc, guchar *line,
1202 gsize len)
1203 {
1204 assuan_context_t ctx = data;
1205 struct client_s *client = assuan_get_pointer(ctx);
1206 gchar **req;
1207 xmlNodePtr n;
1208 gpg_error_t rc = file_modified(client);
1209
1210 if (assuan_rc || rc) {
1211 if (line)
1212 #ifndef MEM_DEBUG
1213 xfree(line);
1214 #else
1215 free(line);
1216 #endif
1217 return assuan_rc ? assuan_rc : rc;
1218 }
1219
1220 req = split_input_line((gchar *)line, "\t", 0);
1221 #ifndef MEM_DEBUG
1222 xfree(line);
1223 #else
1224 free(line);
1225 #endif
1226
1227 if (!req || !*req)
1228 return EPWMD_COMMAND_SYNTAX;
1229
1230 if (valid_xml_element((xmlChar *)*req) == FALSE) {
1231 g_strfreev(req);
1232 return EPWMD_INVALID_ELEMENT;
1233 }
1234
1235 if (valid_element_path(req+1, TRUE) == FALSE) {
1236 g_strfreev(req);
1237 return EPWMD_INVALID_ELEMENT;
1238 }
1239
1240 again:
1241 n = find_account(client->doc, &req, &rc, NULL, 0);
1242
1243 if (rc && rc == EPWMD_ELEMENT_NOT_FOUND) {
1244 rc = new_account(client->doc, *req);
1245
1246 if (rc) {
1247 g_strfreev(req);
1248 return rc;
1249 }
1250
1251 goto again;
1252 }
1253
1254 if (!n) {
1255 g_strfreev(req);
1256 return rc;
1257 }
1258
1259 if (req[1]) {
1260 if (!n->children)
1261 create_elements_cb(n, req+1, &rc, NULL);
1262 else
1263 find_elements(client->doc, n->children, req+1, &rc,
1264 NULL, NULL, create_elements_cb, FALSE, 0, NULL);
1265 }
1266
1267 g_strfreev(req);
1268 client->inquire_status = INQUIRE_DONE;
1269 return rc;
1270 }
1271
1272 static int store_command(assuan_context_t ctx, char *line)
1273 {
1274 struct client_s *client = assuan_get_pointer(ctx);
1275 gpg_error_t rc = file_modified(client);
1276
1277 if (rc) {
1278 log_write("%s: %s", client->filename ? client->filename : "",
1279 pwmd_strerror(rc));
1280 return send_error(ctx, rc);
1281 }
1282
1283 rc = assuan_inquire_ext(ctx, "STORE", 0, store_command_finalize, ctx);
1284
1285 if (rc)
1286 return send_error(ctx, rc);
1287
1288 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
1289 client->inquire_status = INQUIRE_BUSY;
1290 return 0;
1291 }
1292
1293 static int get_command(assuan_context_t ctx, char *line)
1294 {
1295 struct client_s *client = assuan_get_pointer(ctx);
1296 gchar **req;
1297 gpg_error_t rc;
1298 xmlNodePtr n;
1299
1300 rc = file_modified(client);
1301
1302 if (rc) {
1303 log_write("%s: %s", client->filename ? client->filename : "",
1304 pwmd_strerror(rc));
1305 return send_error(ctx, rc);
1306 }
1307
1308 req = split_input_line(line, "\t", -1);
1309
1310 if (!req || !*req) {
1311 g_strfreev(req);
1312 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
1313 }
1314
1315 n = find_account(client->doc, &req, &rc, NULL, 0);
1316
1317 if (!n) {
1318 g_strfreev(req);
1319 return send_error(ctx, rc);
1320 }
1321
1322 if (req[1])
1323 n = find_elements(client->doc, n->children, req+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL);
1324
1325 g_strfreev(req);
1326
1327 if (rc)
1328 return send_error(ctx, rc);
1329
1330 if (!n || !n->children)
1331 return send_error(ctx, EPWMD_EMPTY_ELEMENT);
1332
1333 n = find_text_node(n->children);
1334
1335 if (!n || !n->content || !*n->content)
1336 return send_error(ctx, EPWMD_EMPTY_ELEMENT);
1337
1338 rc = assuan_send_data(ctx, n->content, xmlStrlen(n->content));
1339 return send_error(ctx, rc);
1340 }
1341
1342 static xmlNodePtr realpath_elements_cb(xmlNodePtr node, gchar **target,
1343 gpg_error_t *rc, gchar **req_orig, void *data)
1344 {
1345 gchar *path = *(gchar **)data;
1346 gchar *tmp = NULL, *result;
1347
1348 if (path) {
1349 g_free(path);
1350 *(gchar **)data = NULL;
1351 }
1352
1353 path = g_strjoinv("\t", target);
1354
1355 if (!path) {
1356 *rc = gpg_error_from_errno(ENOMEM);
1357 return NULL;
1358 }
1359
1360 if (req_orig) {
1361 tmp = g_strjoinv("\t", req_orig);
1362
1363 if (!tmp) {
1364 g_free(path);
1365 *rc = gpg_error_from_errno(ENOMEM);
1366 return NULL;
1367 }
1368 }
1369
1370 if (tmp && *tmp)
1371 result = g_strdup_printf("%s\t%s", path, tmp);
1372 else
1373 result = g_strdup(path);
1374
1375 if (!result) {
1376 *rc = gpg_error_from_errno(ENOMEM);
1377 g_free(path);
1378 g_free(tmp);
1379 return NULL;
1380 }
1381
1382 g_free(path);
1383 g_free(tmp);
1384 *(gchar **)data = result;
1385 return node;
1386 }
1387
1388 static int realpath_command(assuan_context_t ctx, char *line)
1389 {
1390 gpg_error_t rc;
1391 struct client_s *client = assuan_get_pointer(ctx);
1392 gchar **req;
1393 gchar *t;
1394 gint i;
1395 xmlNodePtr n;
1396 GString *string;
1397 gchar *rp = NULL;
1398
1399 rc = file_modified(client);
1400
1401 if (rc) {
1402 log_write("%s: %s", client->filename ? client->filename : "",
1403 pwmd_strerror(rc));
1404 return send_error(ctx, rc);
1405 }
1406
1407 if (strchr(line, '\t') != NULL) {
1408 if ((req = split_input_line(line, "\t", 0)) == NULL)
1409 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
1410 }
1411 else {
1412 if ((req = split_input_line(line, " ", 0)) == NULL)
1413 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
1414 }
1415
1416 n = find_account(client->doc, &req, &rc, NULL, 0);
1417
1418 if (!n) {
1419 g_strfreev(req);
1420 return send_error(ctx, rc);
1421 }
1422
1423 rp = g_strjoinv("\t", req);
1424
1425 if (!rp) {
1426 g_strfreev(req);
1427 return send_syserror(ctx, ENOMEM);
1428 }
1429
1430 if (req[1]) {
1431 n = find_elements(client->doc, n->children, req+1, &rc,
1432 NULL, realpath_elements_cb, NULL, FALSE, 0, &rp);
1433
1434 if (!n) {
1435 g_free(rp);
1436 g_strfreev(req);
1437 return send_error(ctx, rc);
1438 }
1439 }
1440
1441 string = g_string_new(rp);
1442 g_free(rp);
1443 g_strfreev(req);
1444
1445 if (!string)
1446 return send_syserror(ctx, ENOMEM);
1447
1448 again:
1449 for (i = 0, t = string->str + i; *t; t++, i++) {
1450 if ((!i && *t != '!') || (*t == '\t' && *(t+1) && *(t+1) != '!')) {
1451 string = g_string_insert_c(string, !i ? i++ : ++i, '!');
1452 goto again;
1453 }
1454 }
1455
1456 rc = assuan_send_data(ctx, string->str, string->len);
1457 g_string_free(string, TRUE);
1458 return send_error(ctx, rc);
1459 }
1460
1461 static int list_command(assuan_context_t ctx, char *line)
1462 {
1463 struct client_s *client = assuan_get_pointer(ctx);
1464 gpg_error_t rc;
1465 struct element_list_s *elements = NULL;
1466 gchar *tmp;
1467
1468 if (disable_list_and_dump == TRUE)
1469 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
1470
1471 rc = file_modified(client);
1472
1473 if (rc) {
1474 log_write("%s: %s", client->filename, pwmd_strerror(rc));
1475 return send_error(ctx, rc);
1476 }
1477
1478 if (!*line) {
1479 GString *str;
1480
1481 rc = list_accounts(client->doc, &str);
1482
1483 if (rc)
1484 return send_error(ctx, rc);
1485
1486 rc = assuan_send_data(ctx, str->str, str->len);
1487 g_string_free(str, TRUE);
1488 return send_error(ctx, rc);
1489 }
1490
1491 elements = g_malloc0(sizeof(struct element_list_s));
1492
1493 if (!elements) {
1494 rc = gpg_err_code_from_errno(ENOMEM);
1495 goto fail;
1496 }
1497
1498 rc = create_path_list(client->doc, elements, line);
1499
1500 if (rc)
1501 goto fail;
1502
1503 if (elements) {
1504 gint total = g_slist_length(elements->list);
1505 gint i;
1506 GString *str;
1507
1508 if (!total) {
1509 rc = EPWMD_EMPTY_ELEMENT;
1510 goto fail;
1511 }
1512
1513 str = g_string_new(NULL);
1514
1515 if (!str) {
1516 rc = gpg_err_code_from_errno(ENOMEM);
1517 goto fail;
1518 }
1519
1520 for (i = 0; i < total; i++) {
1521 tmp = g_slist_nth_data(elements->list, i);
1522 g_string_append_printf(str, "%s%s", tmp, i+1 == total ? "" : "\n");
1523 }
1524
1525 rc = assuan_send_data(ctx, str->str, str->len);
1526 g_string_free(str, TRUE);
1527 }
1528 else
1529 rc = EPWMD_EMPTY_ELEMENT;
1530
1531 fail:
1532 if (elements) {
1533 gint total = g_slist_length(elements->list);
1534 gint i;
1535
1536 for (i = 0; i < total; i++) {
1537 tmp = g_slist_nth_data(elements->list, i);
1538 g_free(tmp);
1539 }
1540
1541 g_slist_free(elements->list);
1542
1543 if (elements->prefix)
1544 g_free(elements->prefix);
1545
1546 g_free(elements);
1547 }
1548
1549 return send_error(ctx, rc);
1550 }
1551
1552 static gpg_error_t add_attribute(xmlNodePtr node, const gchar *name,
1553 const gchar *value)
1554 {
1555 xmlAttrPtr a;
1556
1557 if ((a = xmlHasProp(node, (xmlChar *)name)) == NULL) {
1558 a = xmlNewProp(node, (xmlChar *)name, (xmlChar *)value);
1559
1560 if (!a)
1561 return EPWMD_LIBXML_ERROR;
1562 }
1563 else
1564 xmlNodeSetContent(a->children, (xmlChar *)value);
1565
1566 return 0;
1567 }
1568
1569 /*
1570 * req[0] - element path
1571 */
1572 static int attribute_list(assuan_context_t ctx, gchar **req)
1573 {
1574 struct client_s *client = assuan_get_pointer(ctx);
1575 gchar **attrlist = NULL;
1576 gint i = 0;
1577 gchar **path = NULL;
1578 xmlAttrPtr a;
1579 xmlNodePtr n, an;
1580 gchar *line;
1581 gpg_error_t rc;
1582
1583 if (!req || !req[0])
1584 return EPWMD_COMMAND_SYNTAX;
1585
1586 if ((path = split_input_line(req[0], "\t", 0)) == NULL) {
1587 /*
1588 * The first argument may be only an account.
1589 */
1590 if ((path = split_input_line(req[0], " ", 0)) == NULL)
1591 return EPWMD_COMMAND_SYNTAX;
1592 }
1593
1594 n = find_account(client->doc, &path, &rc, NULL, 0);
1595
1596 if (!n) {
1597 g_strfreev(path);
1598 return rc;
1599 }
1600
1601 if (path[1]) {
1602 n = find_elements(client->doc, n->children, path+1, &rc,
1603 NULL, NULL, NULL, FALSE, 0, NULL);
1604
1605 if (!n) {
1606 g_strfreev(path);
1607 return rc;
1608 }
1609 }
1610
1611 g_strfreev(path);
1612
1613 for (a = n->properties; a; a = a->next) {
1614 gchar **pa;
1615
1616 if ((pa = g_realloc(attrlist, (i + 2) * sizeof(gchar *))) == NULL) {
1617 if (attrlist)
1618 g_strfreev(attrlist);
1619
1620 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1621 return gpg_error_from_errno(ENOMEM);
1622 }
1623
1624 attrlist = pa;
1625 an = a->children;
1626 attrlist[i] = g_strdup_printf("%s\t%s", (gchar *)a->name, (gchar *)an->content);
1627
1628 if (!attrlist[i]) {
1629 g_strfreev(attrlist);
1630 return gpg_error_from_errno(ENOMEM);
1631 }
1632
1633 attrlist[++i] = NULL;
1634 }
1635
1636 if (!attrlist)
1637 return EPWMD_EMPTY_ELEMENT;
1638
1639 line = g_strjoinv("\n", attrlist);
1640
1641 if (!line) {
1642 g_strfreev(attrlist);
1643 return gpg_error_from_errno(ENOMEM);
1644 }
1645
1646 rc = assuan_send_data(ctx, line, strlen(line));
1647 g_free(line);
1648 g_strfreev(attrlist);
1649 return rc;
1650 }
1651
1652 /*
1653 * req[0] - attribute
1654 * req[1] - element path
1655 */
1656 static int attribute_delete(struct client_s *client, gchar **req)
1657 {
1658 xmlAttrPtr a;
1659 xmlNodePtr n;
1660 gchar **path = NULL;
1661 gpg_error_t rc;
1662
1663 if (!req || !req[0] || !req[1])
1664 return EPWMD_COMMAND_SYNTAX;
1665
1666 if ((path = split_input_line(req[1], "\t", 0)) == NULL) {
1667 /*
1668 * The first argument may be only an account.
1669 */
1670 if ((path = split_input_line(req[1], " ", 0)) == NULL)
1671 return EPWMD_COMMAND_SYNTAX;
1672 }
1673
1674 /*
1675 * Don't remove the "name" attribute for the account element. To remove an
1676 * account use DELETE <account>.
1677 */
1678 if (!path[1] && xmlStrEqual((xmlChar *)req[0], (xmlChar *)"name")) {
1679 rc = EPWMD_ATTR_SYNTAX;
1680 goto fail;
1681 }
1682
1683 n = find_account(client->doc, &path, &rc, NULL, 0);
1684
1685 if (!n)
1686 goto fail;
1687
1688 if (path[1]) {
1689 n = find_elements(client->doc, n->children, path+1, &rc,
1690 NULL, NULL, NULL, FALSE, 0, NULL);
1691
1692 if (!n)
1693 goto fail;
1694 }
1695
1696 g_strfreev(path);
1697
1698 if ((a = xmlHasProp(n, (xmlChar *)req[0])) == NULL)
1699 return EPWMD_ATTR_NOT_FOUND;
1700
1701 if (xmlRemoveProp(a) == -1)
1702 return EPWMD_LIBXML_ERROR;
1703
1704 return 0;
1705
1706 fail:
1707 g_strfreev(path);
1708 return rc;
1709 }
1710
1711 static xmlNodePtr create_element_path(struct client_s *client, gchar ***path,
1712 gpg_error_t *rc)
1713 {
1714 gchar **src = *path;
1715 gchar **src_orig = g_strdupv(src);
1716 xmlNodePtr n = NULL;
1717
1718 *rc = 0;
1719
1720 if (!src_orig) {
1721 *rc = gpg_error_from_errno(ENOMEM);
1722 goto fail;
1723 }
1724
1725 again:
1726 n = find_account(client->doc, &src, rc, NULL, 0);
1727
1728 if (!n) {
1729 if (*rc == EPWMD_ELEMENT_NOT_FOUND) {
1730 *rc = new_account(client->doc, src[0]);
1731
1732 if (*rc)
1733 goto fail;
1734
1735 goto again;
1736 }
1737 else
1738 goto fail;
1739 }
1740
1741 if (src[1]) {
1742 if (!n->children)
1743 n = create_target_elements_cb(n, src+1, rc, NULL);
1744 else
1745 n = find_elements(client->doc, n->children, src+1, rc,
1746 NULL, NULL, create_target_elements_cb, FALSE, 0, NULL);
1747
1748 if (!n)
1749 goto fail;
1750
1751 /*
1752 * Reset the position of the element tree now that the elements
1753 * have been created.
1754 */
1755 g_strfreev(src);
1756 src = src_orig;
1757 src_orig = NULL;
1758 n = find_account(client->doc, &src, rc, NULL, 0);
1759
1760 if (!n)
1761 goto fail;
1762
1763 n = find_elements(client->doc, n->children, src+1, rc,
1764 NULL, NULL, NULL, FALSE, 0, NULL);
1765
1766 if (!n)
1767 goto fail;
1768 }
1769
1770 fail:
1771 if (src_orig)
1772 g_strfreev(src_orig);
1773
1774 *path = src;
1775 return n;
1776 }
1777
1778 /*
1779 * Creates a "target" attribute. When other commands encounter an element with
1780 * this attribute, the element path is modified to the target value. If the
1781 * source element path doesn't exist when using 'ATTR SET target', it is
1782 * created, but the destination element path must exist.
1783 *
1784 * req[0] - source element path
1785 * req[1] - destination element path
1786 */
1787 static gpg_error_t target_attribute(struct client_s *client, gchar **req)
1788 {
1789 gchar **src, **dst, *line = NULL;
1790 gpg_error_t rc;
1791 xmlNodePtr n;
1792
1793 if (!req || !req[0] || !req[1])
1794 return EPWMD_COMMAND_SYNTAX;
1795
1796 if ((src = split_input_line(req[0], "\t", 0)) == NULL) {
1797 /*
1798 * The first argument may be only an account.
1799 */
1800 if ((src = split_input_line(req[0], " ", 0)) == NULL)
1801 return EPWMD_COMMAND_SYNTAX;
1802 }
1803
1804 if (valid_element_path(src, FALSE) == FALSE) {
1805 g_strfreev(src);
1806 return EPWMD_INVALID_ELEMENT;
1807 }
1808
1809 if ((dst = split_input_line(req[1], "\t", 0)) == NULL) {
1810 /*
1811 * The first argument may be only an account.
1812 */
1813 if ((dst = split_input_line(req[1], " ", 0)) == NULL) {
1814 rc = EPWMD_COMMAND_SYNTAX;
1815 goto fail;
1816 }
1817 }
1818
1819 n = find_account(client->doc, &dst, &rc, NULL, 0);
1820
1821 /*
1822 * Make sure the destination element path exists.
1823 */
1824 if (!n)
1825 goto fail;
1826
1827 if (dst[1]) {
1828 n = find_elements(client->doc, n->children, dst+1, &rc,
1829 NULL, NULL, NULL, FALSE, 0, NULL);
1830
1831 if (!n)
1832 goto fail;
1833 }
1834
1835 n = create_element_path(client, &src, &rc);
1836
1837 if (rc)
1838 goto fail;
1839
1840 line = g_strjoinv("\t", dst);
1841
1842 if (!line) {
1843 rc = gpg_error_from_errno(ENOMEM);
1844 goto fail;
1845 }
1846
1847 rc = add_attribute(n, "target", line);
1848
1849 fail:
1850 g_free(line);
1851 g_strfreev(src);
1852 g_strfreev(dst);
1853 return rc;
1854 }
1855
1856 /*
1857 * req[0] - account name
1858 * req[1] - new name
1859 */
1860 static gpg_error_t name_attribute(struct client_s *client, gchar **req)
1861 {
1862 gpg_error_t rc;
1863 gchar **tmp;
1864 xmlNodePtr n;
1865
1866 tmp = g_strdupv(req);
1867
1868 if (!tmp)
1869 return gpg_error_from_errno(ENOMEM);
1870
1871 n = find_account(client->doc, &tmp, &rc, NULL, 0);
1872 g_strfreev(tmp);
1873
1874 if (!n)
1875 return rc;
1876
1877 if (g_utf8_collate(req[0], req[1]) == 0)
1878 return 0;
1879
1880 /*
1881 * Will not overwrite an existing account.
1882 */
1883 tmp = g_strdupv(req+1);
1884
1885 if (!tmp)
1886 return gpg_error_from_errno(ENOMEM);
1887
1888 n = find_account(client->doc, &tmp, &rc, NULL, 0);
1889 g_strfreev(tmp);
1890
1891 if (rc && rc != EPWMD_ELEMENT_NOT_FOUND)
1892 return rc;
1893
1894 if (n)
1895 return EPWMD_ACCOUNT_EXISTS;
1896
1897 /*
1898 * Whitespace not allowed in account names.
1899 */
1900 if (contains_whitespace(req[1]) == TRUE)
1901 return EPWMD_ATTR_SYNTAX;
1902
1903 tmp = g_strdupv(req);
1904
1905 if (!tmp)
1906 return gpg_error_from_errno(ENOMEM);
1907
1908 n = find_account(client->doc, &tmp, &rc, NULL, 0);
1909 g_strfreev(tmp);
1910
1911 if (!n)
1912 return EPWMD_ELEMENT_NOT_FOUND;
1913
1914 return add_attribute(n, "name", req[1]);
1915 }
1916
1917 /*
1918 * req[0] - attribute
1919 * req[1] - element path
1920 */
1921 static int attribute_get(assuan_context_t ctx, gchar **req)
1922 {
1923 struct client_s *client = assuan_get_pointer(ctx);
1924 xmlNodePtr n;
1925 xmlChar *a;
1926 gchar **path= NULL;
1927 gpg_error_t rc;
1928
1929 if (!req || !req[0] || !req[1])
1930 return EPWMD_COMMAND_SYNTAX;
1931
1932 if (strchr(req[1], '\t')) {
1933 if ((path = split_input_line(req[1], "\t", 0)) == NULL)
1934 return EPWMD_COMMAND_SYNTAX;
1935 }
1936 else {
1937 if ((path = split_input_line(req[1], " ", 0)) == NULL)
1938 return EPWMD_COMMAND_SYNTAX;
1939 }
1940
1941 n = find_account(client->doc, &path, &rc, NULL, 0);
1942
1943 if (!n)
1944 goto fail;
1945
1946 if (path[1]) {
1947 n = find_elements(client->doc, n->children, path+1, &rc,
1948 NULL, NULL, NULL, FALSE, 0, NULL);
1949
1950 if (!n)
1951 goto fail;
1952 }
1953
1954 g_strfreev(path);
1955
1956 if ((a = xmlGetProp(n, (xmlChar *)req[0])) == NULL)
1957 return EPWMD_ATTR_NOT_FOUND;
1958
1959 rc = assuan_send_data(ctx, a, xmlStrlen(a));
1960 xmlFree(a);
1961 return rc;
1962
1963 fail:
1964 g_strfreev(path);
1965 return rc;
1966 }
1967
1968 /*
1969 * req[0] - attribute
1970 * req[1] - element path
1971 * req[2] - value
1972 */
1973 static int attribute_set(struct client_s *client, gchar **req)
1974 {
1975 gchar **path = NULL;
1976 gpg_error_t rc;
1977 xmlNodePtr n;
1978
1979 if (!req || !req[0] || !req[1] || !req[2])
1980 return EPWMD_COMMAND_SYNTAX;
1981
1982 /*
1983 * Reserved attribute names.
1984 */
1985 if (g_utf8_collate(req[0], "name") == 0) {
1986 /*
1987 * Only reserved for the account element. Not the rest of the
1988 * document.
1989 */
1990 if (strchr(req[1], '\t') == NULL)
1991 return name_attribute(client, req + 1);
1992 }
1993 else if (g_utf8_collate(req[0], "target") == 0)
1994 return target_attribute(client, req + 1);
1995
1996 if ((path = split_input_line(req[1], "\t", 0)) == NULL) {
1997 /*
1998 * The first argument may be only an account.
1999 */
2000 if ((path = split_input_line(req[1], " ", 0)) == NULL)
2001 return EPWMD_COMMAND_SYNTAX;
2002 }
2003
2004 n = find_account(client->doc, &path, &rc, NULL, 0);
2005
2006 if (!n)
2007 goto fail;
2008
2009 if (path[1]) {
2010 n = find_elements(client->doc, n->children, path+1, &rc,
2011 NULL, NULL, NULL, FALSE, 0, NULL);
2012
2013 if (!n)
2014 goto fail;
2015 }
2016
2017 g_strfreev(path);
2018 return add_attribute(n, req[0], req[2]);
2019
2020 fail:
2021 g_strfreev(path);
2022 return rc;
2023 }
2024
2025 /*
2026 * req[0] - command
2027 * req[1] - attribute name or element path if command is LIST
2028 * req[2] - element path
2029 * req[2] - element path or value
2030 */
2031 static int attr_command(assuan_context_t ctx, char *line)
2032 {
2033 struct client_s *client = assuan_get_pointer(ctx);
2034 gchar **req;
2035 gpg_error_t rc = 0;
2036
2037 rc = file_modified(client);
2038
2039 if (rc) {
2040 log_write("%s: %s", client->filename ? client->filename : "",
2041 pwmd_strerror(rc));
2042 return send_error(ctx, rc);
2043 }
2044
2045 req = split_input_line(line, " ", 4);
2046
2047 if (!req || !req[0] || !req[1]) {
2048 g_strfreev(req);
2049 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2050 }
2051
2052 if (g_ascii_strcasecmp(req[0], "SET") == 0)
2053 rc = attribute_set(client, req+1);
2054 else if (g_ascii_strcasecmp(req[0], "GET") == 0)
2055 rc = attribute_get(ctx, req+1);
2056 else if (g_ascii_strcasecmp(req[0], "DELETE") == 0)
2057 rc = attribute_delete(client, req+1);
2058 else if (g_ascii_strcasecmp(req[0], "LIST") == 0)
2059 rc = attribute_list(ctx, req+1);
2060 else
2061 rc = EPWMD_COMMAND_SYNTAX;
2062
2063 g_strfreev(req);
2064 return send_error(ctx, rc);
2065 }
2066
2067 static int iscached_command(assuan_context_t ctx, char *line)
2068 {
2069 gchar **req = split_input_line(line, " ", 0);
2070 guchar md5file[16];
2071
2072 if (!req || !*req) {
2073 g_strfreev(req);
2074 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2075 }
2076
2077 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[0], strlen(req[0]));
2078 g_strfreev(req);
2079 CACHE_LOCK(ctx);
2080
2081 if (cache_iscached(md5file) == FALSE) {
2082 CACHE_UNLOCK;
2083 return send_error(ctx, EPWMD_CACHE_NOT_FOUND);
2084 }
2085
2086 CACHE_UNLOCK;
2087 return send_error(ctx, 0);
2088 }
2089
2090 static int clearcache_command(assuan_context_t ctx, char *line)
2091 {
2092 struct client_s *client = assuan_get_pointer(ctx);
2093 gchar **req = split_input_line(line, " ", 0);
2094 guchar md5file[16];
2095
2096 CACHE_LOCK(ctx);
2097
2098 if (!req || !*req) {
2099 g_strfreev(req);
2100 cache_clear(client->md5file, 2);
2101 CACHE_UNLOCK;
2102 return send_error(ctx, 0);
2103 }
2104
2105 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[0], strlen(req[0]));
2106 g_strfreev(req);
2107
2108 if (cache_clear(md5file, 1) == FALSE) {
2109 CACHE_UNLOCK;
2110 return send_error(ctx, EPWMD_CACHE_NOT_FOUND);
2111 }
2112
2113 CACHE_UNLOCK;
2114 return send_error(ctx, 0);
2115 }
2116
2117 static int cachetimeout_command(assuan_context_t ctx, char *line)
2118 {
2119 guchar md5file[16];
2120 glong timeout;
2121 gchar **req = split_input_line(line, " ", 0);
2122 gchar *p;
2123 struct client_s *client = assuan_get_pointer(ctx);
2124
2125 if (!req || !*req || !req[1]) {
2126 g_strfreev(req);
2127 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2128 }
2129
2130 errno = 0;
2131 timeout = strtol(req[0], &p, 10);
2132
2133 if (errno != 0 || *p != 0) {
2134 g_strfreev(req);
2135 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2136 }
2137
2138 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[1], strlen(req[1]));
2139 g_strfreev(req);
2140 CACHE_LOCK(client->ctx);
2141
2142 if (cache_set_timeout(md5file, timeout) == FALSE) {
2143 CACHE_UNLOCK;
2144 return send_error(ctx, EPWMD_CACHE_NOT_FOUND);
2145 }
2146
2147 CACHE_UNLOCK;
2148 return send_error(ctx, 0);
2149 }
2150
2151 static int dump_command(assuan_context_t ctx, char *line)
2152 {
2153 xmlChar *xml;
2154 gssize len;
2155 struct client_s *client = assuan_get_pointer(ctx);
2156 gpg_error_t rc;
2157
2158 if (disable_list_and_dump == TRUE)
2159 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
2160
2161 rc = file_modified(client);
2162
2163 if (rc) {
2164 log_write("%s: %s", client->filename ? client->filename : "",
2165 pwmd_strerror(rc));
2166 return send_error(ctx, rc);
2167 }
2168
2169 xmlDocDumpFormatMemory(client->doc, &xml, &len, 1);
2170
2171 if (!xml)
2172 return send_syserror(ctx, ENOMEM);
2173
2174 rc = assuan_send_data(ctx, xml, len);
2175 xmlFree(xml);
2176 return send_error(ctx, rc);
2177 }
2178
2179 static int getconfig_command(assuan_context_t ctx, gchar *line)
2180 {
2181 struct client_s *client = assuan_get_pointer(ctx);
2182 gpg_error_t rc = 0;
2183 gchar filename[255]={0}, param[747]={0};
2184 gchar *p, *tmp, *fp = client->filename, *paramp = line;
2185
2186 if (strchr(line, ' ')) {
2187 sscanf(line, " %254[a-zA-Z] %746c", filename, param);
2188 fp = filename;
2189 paramp = param;
2190 }
2191
2192 if (strcmp(line, "key") == 0 || strcmp(line, "key_file") == 0)
2193 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
2194
2195 p = get_key_file_string(fp ? fp : "global", paramp);
2196
2197 if (!p)
2198 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2199
2200 tmp = expand_homedir(p);
2201
2202 if (!tmp) {
2203 g_free(p);
2204 return send_syserror(ctx, ENOMEM);
2205 }
2206
2207 g_free(p);
2208 p = tmp;
2209 rc = assuan_send_data(ctx, p, strlen(p));
2210 g_free(p);
2211 return send_error(ctx, rc);
2212 }
2213
2214 static int xpath_command(assuan_context_t ctx, gchar *line)
2215 {
2216 struct client_s *client = assuan_get_pointer(ctx);
2217 gpg_error_t rc;
2218 xmlXPathContextPtr xp;
2219 xmlXPathObjectPtr result;
2220 xmlBufferPtr buf = NULL;
2221 gchar **req = NULL;
2222
2223 rc = file_modified(client);
2224
2225 if (rc) {
2226 log_write("%s: %s", client->filename ? client->filename : "",
2227 pwmd_strerror(rc));
2228 return send_error(ctx, rc);
2229 }
2230
2231 if (!line || !*line)
2232 return send_error(ctx, EPWMD_COMMAND_SYNTAX);
2233
2234 if ((req = split_input_line(line, "\t", 2)) == NULL) {
2235 if (strv_printf(&req, "%s", line) == FALSE)
2236 return send_syserror(ctx, ENOMEM);
2237 }
2238
2239 xp = xmlXPathNewContext(client->doc);
2240
2241 if (!xp)
2242 return send_error(ctx, EPWMD_LIBXML_ERROR);
2243
2244 result = xmlXPathEvalExpression((xmlChar *)req[0], xp);
2245
2246 if (!result) {
2247 xmlXPathFreeContext(xp);
2248 return send_error(ctx, EPWMD_LIBXML_ERROR);
2249 }
2250
2251 if (xmlXPathNodeSetIsEmpty(result->nodesetval)) {
2252 rc = EPWMD_EMPTY_ELEMENT;
2253 goto fail;
2254 }
2255
2256 rc = recurse_xpath_nodeset(client->doc, result->nodesetval,
2257 (xmlChar *)req[1], &buf);
2258
2259 if (rc)
2260 goto fail;
2261 else if (!req[1] && !xmlBufferLength(buf)) {
2262 rc = EPWMD_EMPTY_ELEMENT;
2263 goto fail;
2264 }
2265 else if (req[1])
2266 goto fail;
2267
2268 rc = assuan_send_data(ctx, xmlBufferContent(buf), xmlBufferLength(buf));
2269
2270 fail:
2271 g_strfreev(req);
2272
2273 if (buf)
2274 xmlBufferFree(buf);
2275
2276 if (result)
2277 xmlXPathFreeObject(result);
2278
2279 if (xp)
2280 xmlXPathFreeContext(xp);
2281
2282 return send_error(ctx, rc);
2283 }
2284
2285 static int import_command_finalize(gpointer data, gint assuan_rc, guchar *line,
2286 gsize len)
2287 {
2288 struct client_s *client = assuan_get_pointer((assuan_context_t)data);
2289 gpg_error_t rc = file_modified(client);
2290 gchar **req, **path = NULL, **path_orig = NULL, *content;
2291 xmlDocPtr doc;
2292 xmlNodePtr n, root, copy;
2293
2294 if (assuan_rc || rc) {
2295 if (line)
2296 #ifndef MEM_DEBUG
2297 xfree(line);
2298 #else
2299 free(line);
2300 #endif
2301 return assuan_rc ? assuan_rc : rc;
2302 }
2303
2304 req = split_input_line((gchar *)line, " ", 2);
2305 #ifndef MEM_DEBUG
2306 xfree(line);
2307 #else
2308 free(line);
2309 #endif
2310
2311 if (!req || !*req)
2312 return EPWMD_COMMAND_SYNTAX;
2313
2314 if ((path = split_input_line(req[0], "\t", 0)) == NULL) {
2315 if ((path = split_input_line(req[0], " ", 0)) == NULL)
2316 return EPWMD_COMMAND_SYNTAX;
2317 }
2318
2319 content = req[1];
2320
2321 if (!content || !*content) {
2322 rc = EPWMD_COMMAND_SYNTAX;
2323 goto fail;
2324 }
2325
2326 if (valid_xml_element((xmlChar *)*path) == FALSE) {
2327 rc = EPWMD_INVALID_ELEMENT;
2328 goto fail;
2329 }
2330
2331 if (valid_element_path(path+1, FALSE) == FALSE) {
2332 rc = EPWMD_INVALID_ELEMENT;
2333 goto fail;
2334 }
2335
2336 doc = xmlReadDoc((xmlChar *)content, NULL, "UTF-8", XML_PARSE_NOBLANKS);
2337
2338 if (!doc) {
2339 rc = EPWMD_LIBXML_ERROR;
2340 goto fail;
2341 }
2342
2343 root = xmlDocGetRootElement(doc);
2344 path_orig = g_strdupv(path);
2345
2346 if (!path_orig) {
2347 xmlFreeDoc(doc);
2348 rc = gpg_error_from_errno(ENOMEM);
2349 goto fail;
2350 }
2351
2352 if (strv_printf(&path, "%s", (gchar *)root->name) == FALSE) {
2353 g_strfreev(path_orig);
2354 xmlFreeDoc(doc);
2355 rc = gpg_error_from_errno(ENOMEM);
2356 goto fail;
2357 }
2358
2359 n = find_account(client->doc, &path, &rc, NULL, 0);
2360
2361 if (rc && rc != EPWMD_ELEMENT_NOT_FOUND) {
2362 g_strfreev(path_orig);
2363 xmlFreeDoc(doc);
2364 goto fail;
2365 }
2366 else if (!rc) {
2367 n = find_elements(client->doc, n->children, path+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL);
2368
2369 if (rc && rc != EPWMD_ELEMENT_NOT_FOUND) {
2370 g_strfreev(path_orig);
2371 xmlFreeDoc(doc);
2372 goto fail;
2373 }
2374 else if (!rc) {
2375 xmlNodePtr parent = n->parent;
2376
2377 xmlUnlinkNode(n);
2378 xmlFreeNode(n);
2379 n = parent;
2380 }
2381 }
2382
2383 g_strfreev(path);
2384 path = path_orig;
2385
2386 if (rc == EPWMD_ELEMENT_NOT_FOUND) {
2387 n = create_element_path(client, &path, &rc);
2388
2389 if (rc) {
2390 xmlFreeDoc(doc);
2391 goto fail;
2392 }
2393 }
2394
2395 copy = xmlCopyNode(root, 1);
2396 n = xmlAddChild(n, copy);
2397 xmlFreeDoc(doc);
2398
2399 if (!n)
2400 rc = EPWMD_LIBXML_ERROR;
2401
2402 fail:
2403 g_strfreev(path);
2404 g_strfreev(req);
2405 client->inquire_status = INQUIRE_DONE;
2406 return rc;
2407 }
2408
2409 static int import_command(assuan_context_t ctx, gchar *line)
2410 {
2411 gpg_error_t rc;
2412 struct client_s *client = assuan_get_pointer(ctx);
2413
2414 rc = file_modified(client);
2415
2416 if (rc) {
2417 log_write("%s: %s", client->filename ? client->filename : "",
2418 pwmd_strerror(rc));
2419 return send_error(ctx, rc);
2420 }
2421
2422 rc = assuan_inquire_ext(ctx, "IMPORT", 0, import_command_finalize, ctx);
2423
2424 if (rc)
2425 return send_error(ctx, rc);
2426
2427 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
2428 client->inquire_status = INQUIRE_BUSY;
2429 return 0;
2430 }
2431
2432 static int lock_command(assuan_context_t ctx, gchar *line)
2433 {
2434 gpg_error_t rc;
2435 struct client_s *client = assuan_get_pointer(ctx);
2436
2437 rc = file_modified(client);
2438
2439 if (rc) {
2440 log_write("%s: %s", client->filename ? client->filename : "",
2441 pwmd_strerror(rc));
2442 return send_error(ctx, rc);
2443 }
2444
2445 rc = lock_file_mutex(client);
2446
2447 if (!rc)
2448 client->is_lock_cmd = TRUE;
2449
2450 return send_error(ctx, rc);
2451 }
2452
2453 static int unlock_command(assuan_context_t ctx, gchar *line)
2454 {
2455 gpg_error_t rc;
2456 struct client_s *client = assuan_get_pointer(ctx);
2457
2458 rc = file_modified(client);
2459
2460 if (rc) {
2461 log_write("%s: %s", client->filename ? client->filename : "",
2462 pwmd_strerror(rc));
2463 return send_error(ctx, rc);
2464 }
2465
2466 unlock_file_mutex(client);
2467 return send_error(ctx, 0);
2468 }
2469
2470 void cleanup_assuan(assuan_context_t ctx)
2471 {
2472 struct client_s *cl = assuan_get_pointer(ctx);
2473
2474 if (cl)
2475 cleanup_client(cl);
2476 }
2477
2478 static void reset_notify(assuan_context_t ctx)
2479 {
2480 struct client_s *cl = assuan_get_pointer(ctx);
2481
2482 if (cl)
2483 cleanup_client(cl);
2484 }
2485
2486 static gpg_error_t parse_client_option(assuan_context_t ctx, const gchar *line)
2487 {
2488 gchar name[32] = {0}, value[256] = {0};
2489
2490 if (sscanf(line, " %31[a-zA-Z] = %255c", name, value) != 2)
2491 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_SYNTAX);
2492
2493 if (g_strcasecmp(name, (gchar *)"NAME") == 0) {
2494 pth_attr_t attr = pth_attr_of(pth_self());
2495
2496 log_write("OPTION CLIENT %s", line);
2497 pth_attr_set(attr, PTH_ATTR_NAME, value);
2498 pth_attr_destroy(attr);
2499 }
2500 else
2501 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_UNKNOWN_OPTION);
2502
2503 return 0;
2504 }
2505
2506 static int option_handler(assuan_context_t ctx, const gchar *name,
2507 const gchar *value)
2508 {
2509 #ifdef WITH_PINENTRY
2510 struct client_s *client = assuan_get_pointer(ctx);
2511 #endif
2512
2513 if (!value || !*value)
2514 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
2515
2516 if (g_strcasecmp(name, (gchar *)"client") == 0)
2517 return parse_client_option(ctx, value);
2518
2519 if (g_strcasecmp(name, (gchar *)"iterations") == 0) {
2520 long n;
2521 gchar *p = NULL;
2522
2523 if (!client->filename)
2524 return assuan_set_error(ctx, EPWMD_NO_FILE, pwmd_strerror(EPWMD_NO_FILE));
2525
2526 errno = 0;
2527 n = strtol(value, &p, 10);
2528
2529 if (errno || (p && *p))
2530 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
2531
2532 g_key_file_set_integer(keyfileh, client->filename, "iterations", n);
2533 send_status(ctx, STATUS_CONFIG);
2534 }
2535 #ifdef WITH_PINENTRY
2536 else if (g_strcasecmp(name, (gchar *)"ttyname") == 0) {
2537 g_free(client->pinentry->ttyname);
2538 client->pinentry->ttyname = g_strdup(value);
2539 }
2540 else if (g_strcasecmp(name, (gchar *)"ttytype") == 0) {
2541 g_free(client->pinentry->ttytype);
2542 client->pinentry->ttytype = g_strdup(value);
2543 }
2544 else if (g_strcasecmp(name, (gchar *)"display") == 0) {
2545 g_free(client->pinentry->display);
2546 client->pinentry->display = g_strdup(value);
2547 }
2548 else if (g_strcasecmp(name, (gchar *)"path") == 0) {
2549 g_free(client->pinentry->path);
2550 client->pinentry->path = g_strdup(value);
2551 }
2552 else if (g_strcasecmp(name, (gchar *)"title") == 0) {
2553 g_free(client->pinentry->title);
2554 client->pinentry->title = g_strdup(value);
2555 }
2556 else if (g_strcasecmp(name, (gchar *)"prompt") == 0) {
2557 g_free(client->pinentry->prompt);
2558 client->pinentry->prompt = g_strdup(value);
2559 }
2560 else if (g_strcasecmp(name, (gchar *)"desc") == 0) {
2561 g_free(client->pinentry->desc);
2562 client->pinentry->desc = g_strdup(value);
2563 }
2564 #if 0
2565 /* Need to wait for pinentry to support a --timeout option so it can
2566 * terminate itself. Cannot do it here because assuan_pipe_connect() calls
2567 * execv() which replaces the pid of the fork()ed thread from
2568 * pinentry_fork(). So pinentry will become a real process after the
2569 * thread terminates and won't be able to be kill()ed from pwmd.
2570 */
2571 else if (g_strcasecmp(name, (gchar *)"timeout") == 0) {
2572 gchar *p = NULL;
2573 gint n = strtol(value, &p, 10);
2574
2575 if (*p || n < 0)
2576 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
2577
2578 client->pinentry->timeout = n;
2579 }
2580 #endif
2581 else if (g_strcasecmp(name, (gchar *)"pinentry") == 0) {
2582 gchar *p = NULL;
2583 gint n = strtol(value, &p, 10);
2584
2585 if (*p || n < 0 || n > 1)
2586 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
2587
2588 client->pinentry->enable = n == 0 ? FALSE : TRUE;
2589 }
2590 #else
2591 else
2592 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_UNKNOWN_OPTION);
2593 #endif
2594
2595 log_write("OPTION %s=%s", name, value);
2596 return 0;
2597 }
2598
2599 gpg_error_t register_commands(assuan_context_t ctx)
2600 {
2601 static struct {
2602 const gchar *name;
2603 gint (*handler)(assuan_context_t, gchar *line);
2604 } table[] = {
2605 { "OPEN", open_command },
2606 { "SAVE", save_command },
2607 { "LIST", list_command },
2608 { "REALPATH", realpath_command },
2609 { "STORE", store_command },
2610 { "DELETE", delete_command },
2611 { "GET", get_command },
2612 { "ATTR", attr_command },
2613 { "ISCACHED", iscached_command },
2614 { "CLEARCACHE", clearcache_command },
2615 { "CACHETIMEOUT", cachetimeout_command },
2616 { "GETCONFIG", getconfig_command },
2617 { "DUMP", dump_command },
2618 { "XPATH", xpath_command },
2619 { "IMPORT", import_command },
2620 { "LOCK", lock_command },
2621 { "UNLOCK", unlock_command },
2622 { "INPUT", NULL },
2623 { "OUTPUT", NULL },
2624 { NULL, NULL }
2625 };
2626 gint i, rc;
2627
2628 for (i=0; table[i].name; i++) {
2629 rc = assuan_register_command (ctx, table[i].name, table[i].handler);
2630
2631 if (rc)
2632 return rc;
2633 }
2634
2635 rc = assuan_register_bye_notify(ctx, cleanup_assuan);
2636
2637 if (rc)
2638 return rc;
2639
2640 rc = assuan_register_option_handler(ctx, option_handler);
2641
2642 if (rc)
2643 return rc;
2644
2645 return assuan_register_reset_notify(ctx, reset_notify);
2646 }
2647
2648 gpg_error_t try_xml_decrypt(assuan_context_t ctx, gint fd, struct stat st,
2649 guchar *key)
2650 {
2651 guchar *iv;
2652 void *inbuf;
2653 gsize insize, len;
2654 guchar tkey[gcrykeysize];
2655 struct client_s *client = ctx ? assuan_get_pointer(ctx) : NULL;
2656 gcry_cipher_hd_t gh;
2657 guint iter = 0, n_iter = 0;
2658 gint iter_progress;
2659 void *outbuf = NULL;
2660 gint zrc = 0;
2661 glong outsize = 0;
2662 gpg_error_t rc;
2663 file_header_t file_header;
2664 gchar str[ASSUAN_LINELENGTH];
2665
2666 if (!ctx) {
2667 rc = gcry_cipher_open(&gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0);
2668
2669 if (rc)
2670 return rc;
2671 }
2672 else
2673 gh = client->gh;
2674
2675 lseek(fd, 0, SEEK_SET);
2676 insize = st.st_size - sizeof(file_header_t);
2677 iv = gcry_malloc(gcryblocksize);
2678
2679 if (!iv) {
2680 if (!ctx)
2681 gcry_cipher_close(gh);
2682
2683 return gpg_error_from_errno(ENOMEM);
2684 }
2685
2686 len = pth_read(fd, &file_header, sizeof(file_header_t));
2687
2688 if (len != sizeof(file_header_t)) {
2689 len = errno;
2690
2691 if (!ctx)
2692 gcry_cipher_close(gh);
2693
2694 gcry_free(iv);
2695 errno = len;
2696 return gpg_error_from_errno(errno);
2697 }
2698
2699 /* No encryption iterations. This is a plain (gzipped) file. */
2700 if (file_header.iter == -1) {
2701 /*
2702 * cache_file_count() needs both .used == TRUE and a valid key in
2703 * order for it to count as a used cache entry. Fixes CACHE status
2704 * messages.
2705 */
2706 memset(key, '!', gcrykeysize);
2707 insize = st.st_size - sizeof(file_header_t);
2708 }
2709
2710 memcpy(iv, &file_header.iv, sizeof(file_header.iv));
2711 inbuf = gcry_malloc(insize);
2712
2713 if (!inbuf) {
2714 if (!ctx)
2715 gcry_cipher_close(gh);
2716
2717 gcry_free(iv);
2718 return gpg_error_from_errno(ENOMEM);
2719 }
2720
2721 len = pth_read(fd, inbuf, insize);
2722
2723 if (len != insize) {
2724 len = errno;
2725
2726 if (!ctx)
2727 gcry_cipher_close(gh);
2728
2729 gcry_free(iv);
2730 errno = len;
2731 return gpg_error_from_errno(errno);
2732 }
2733
2734 if (file_header.iter == -1)
2735 goto decompress;
2736
2737 memcpy(tkey, key, sizeof(tkey));
2738 tkey[0] ^= 1;
2739
2740 if ((rc = gcry_cipher_setiv(gh, iv, gcryblocksize))) {
2741 if (!ctx) {
2742 gcry_cipher_close(gh);
2743 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2744 }
2745 else
2746 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2747
2748 gcry_free(inbuf);
2749 gcry_free(iv);
2750 return rc;
2751 }
2752
2753 if ((rc = gcry_cipher_setkey(gh, key, gcrykeysize))) {
2754 if (!ctx) {
2755 gcry_cipher_close(gh);
2756 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2757 }
2758 else
2759 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2760
2761 gcry_free(inbuf);
2762 gcry_free(iv);
2763
2764 if (!ctx)
2765 gcry_cipher_close(gh);
2766
2767 return rc;
2768 }
2769
2770 iter_progress = get_key_file_integer(client->filename, "iteration_progress");
2771
2772 if (ctx && iter_progress > 0 && file_header.iter >= iter_progress) {
2773 rc = assuan_write_status(client->ctx, "DECRYPT", "0");
2774
2775 if (rc) {
2776 gcry_free(inbuf);
2777 gcry_free(iv);
2778 return rc;
2779 }
2780 }
2781
2782 rc = decrypt_xml(gh, inbuf, insize, NULL, 0);
2783
2784 if (rc) {
2785 gcry_free(inbuf);
2786 gcry_free(iv);
2787 return rc;
2788 }
2789
2790 if ((rc = gcry_cipher_setkey(gh, tkey, gcrykeysize))) {
2791 if (!ctx) {
2792 gcry_cipher_close(gh);
2793 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2794 }
2795 else
2796 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2797
2798 gcry_free(inbuf);
2799 gcry_free(iv);
2800 return rc;
2801 }
2802
2803 while (iter < file_header.iter) {
2804 if (ctx && iter_progress > 0 && iter >= iter_progress) {
2805 if (!(iter % iter_progress)) {
2806 rc = assuan_write_status(ctx, "DECRYPT",
2807 print_fmt(str, sizeof(str), "%i", ++n_iter * iter_progress));
2808
2809 if (rc) {
2810 gcry_free(inbuf);
2811 gcry_free(iv);
2812 return rc;
2813 }
2814 }
2815 }
2816
2817 if ((rc = gcry_cipher_setiv(gh, iv, gcryblocksize))) {
2818 if (!ctx) {
2819 gcry_cipher_close(gh);
2820 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2821 }
2822 else
2823 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2824
2825 gcry_free(inbuf);
2826 gcry_free(iv);
2827 return rc;
2828 }
2829
2830 rc = decrypt_xml(gh, inbuf, insize, NULL, 0);
2831
2832 if (rc) {
2833 if (!ctx) {
2834 gcry_cipher_close(gh);
2835 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2836 }
2837 else
2838 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
2839
2840 gcry_free(inbuf);
2841 gcry_free(iv);
2842 return rc;
2843 }
2844
2845 iter++;
2846 pth_yield(NULL);
2847 }
2848
2849 if (ctx && iter_progress && file_header.iter >= iter_progress) {
2850 rc = assuan_write_status(ctx, "DECRYPT",
2851 print_fmt(str, sizeof(str), "%i", file_header.iter));
2852
2853 if (rc) {
2854 gcry_free(inbuf);
2855 gcry_free(iv);
2856 return rc;
2857 }
2858 }
2859
2860 gcry_free(iv);
2861
2862 decompress:
2863 if (do_decompress(ctx, inbuf, insize, &outbuf, &outsize, &zrc) == FALSE) {
2864 /*
2865 * Z_DATA_ERROR may be returned if this file hasn't been compressed yet.
2866 */
2867 if (zrc == Z_MEM_ERROR) {
2868 gcry_free(inbuf);
2869 return gpg_error_from_errno(ENOMEM);
2870 }
2871 else if (zrc != Z_DATA_ERROR) {
2872 gcry_free(inbuf);
2873
2874 if (!ctx)
2875 gcry_cipher_close(gh);
2876
2877 return EPWMD_BADKEY;
2878 }
2879 }
2880 else {
2881 gcry_free(inbuf);
2882 inbuf = outbuf;
2883 insize = outsize;
2884 }
2885
2886 if (g_strncasecmp(inbuf, "<?xml version=\"1.0\"?>", 21) != 0) {
2887 gcry_free(inbuf);
2888
2889 if (!ctx)
2890 gcry_cipher_close(gh);
2891
2892 return EPWMD_BADKEY;
2893 }
2894
2895 if (ctx) {
2896 client->xml = inbuf;
2897 client->len = insize;
2898 }
2899 else {
2900 gcry_cipher_close(gh);
2901 gcry_free(inbuf);
2902 }
2903
2904 return 0;
2905 }
2906
2907 /*
2908 * This is called after every Assuan command.
2909 */
2910 void command_finalize(assuan_context_t ctx, gint rc)
2911 {
2912 struct client_s *client = assuan_get_pointer(ctx);
2913
2914 if (!client->is_lock_cmd)
2915 unlock_file_mutex(client);
2916 }
A server for managing passphrases and anything else.