2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of pwmd.
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
30 #include <sys/socket.h>
44 #include <netinet/in.h>
45 #include <arpa/inet.h>
48 #include <sys/resource.h>
62 #ifdef HAVE_GETOPT_LONG
67 #include "getopt_long.h"
70 #ifdef HAVE_PR_SET_NAME
71 #include <sys/prctl.h>
74 #include "pwmd-error.h"
77 #include "util-misc.h"
83 #include "util-string.h"
90 /* In tenths of a second. */
93 /* For (tcp_)accept_thread (usec). */
94 #define ACCEPT_TIMEOUT 30000
101 static pthread_cond_t quit_cond
;
102 static pthread_mutex_t quit_mutex
;
103 static int no_passphrase_file
= 0;
104 static pthread_t keepalive_tid
;
107 #ifndef HAVE_PTHREAD_CANCEL
108 static pthread_key_t signal_thread_key
;
114 static pthread_t tls_tid
;
115 static pthread_t tls6_tid
;
116 static int spawned_tls
;
117 static int spawned_tls6
;
119 static int start_stop_tls (int term
);
122 static int do_cache_push (const char *filename
, struct crypto_s
*crypto
);
123 static int signal_loop (sigset_t sigset
);
125 GCRY_THREAD_OPTION_PTHREAD_IMPL
;
127 #ifndef HAVE_PTHREAD_CANCEL
128 #define INIT_THREAD_SIGNAL do { \
129 struct sigaction act; \
131 sigemptyset (&sigset); \
132 sigaddset (&sigset, SIGUSR2); \
133 pthread_sigmask (SIG_UNBLOCK, &sigset, NULL); \
134 memset (&act, 0, sizeof(act)); \
135 act.sa_flags = SA_SIGINFO; \
136 act.sa_mask = sigset; \
137 act.sa_sigaction = catch_thread_signal; \
138 sigaction (SIGUSR2, &act, NULL); \
142 catch_thread_signal (int sig
, siginfo_t
*info
, void *ctx
)
144 int *n
= (int *) pthread_getspecific (signal_thread_key
);
147 pthread_setspecific (signal_thread_key
, n
);
152 cache_push_from_rcfile ()
154 struct crypto_s
*crypto
= NULL
;
156 gpg_error_t rc
= init_client_crypto (&crypto
);
160 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
167 rc
= set_agent_option (crypto
->agent
, "pinentry-mode", "error");
170 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
176 cache_push
= config_get_list ("global", "cache_push");
181 for (p
= cache_push
; *p
; p
++)
183 (void) do_cache_push (*p
, crypto
);
184 cleanup_crypto_stage1 (crypto
);
187 strv_free (cache_push
);
191 (void) kill_scd (crypto
->agent
);
193 cleanup_crypto (&crypto
);
199 int n
= config_get_boolean ("global", "enable_logging");
203 char *p
= config_get_string ("global", "log_path");
205 if (!p
|| (logfile
&& p
&& log_fd
!= -1 && strcmp(p
, logfile
)))
216 logfile
= expand_homedir (p
);
229 log_syslog
= config_get_boolean ("global", "syslog");
231 openlog ("pwmd", LOG_NDELAY
| LOG_PID
, LOG_DAEMON
);
235 reload_rcfile_thread (void *arg
)
237 #ifndef HAVE_PTHREAD_CANCEL
238 int *n
= xmalloc (sizeof (int));
241 pthread_setspecific (signal_thread_key
, n
);
245 #ifdef HAVE_PR_SET_NAME
246 prctl (PR_SET_NAME
, "reload rcfile");
248 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
249 MUTEX_LOCK (&rcfile_mutex
);
250 pthread_cleanup_push (cleanup_mutex_cb
, &rcfile_mutex
);
254 struct allowed_users_s
259 struct slist_s
*allowed_users
= NULL
;
260 struct slist_s
*config
;
261 int b
= disable_list_and_dump
;
264 char **invoking_orig
= config_get_list_param (global_config
, "global",
265 "invoking_user", &exists
);
266 int require_save_key
= config_get_bool_param (global_config
, "global",
270 int tcp_require_key
= config_get_bool_param (global_config
, "global",
275 pthread_cond_wait (&rcfile_cond
, &rcfile_mutex
);
276 #ifndef HAVE_PTHREAD_CANCEL
277 int *cancel
= (int *) pthread_getspecific (signal_thread_key
);
282 /* Keep the "allowed" parameter across rcfile reloads to prevent
284 int n
, t
= slist_length (global_config
);
285 for (n
= 0; n
< t
; n
++)
287 struct config_section_s
*section
;
290 section
= slist_nth_data (global_config
, n
);
291 users
= config_get_list_param (global_config
, section
->name
,
295 struct allowed_users_s
*allowed
;
297 allowed
= xmalloc (sizeof(struct allowed_users_s
));
298 allowed
->section
= str_dup (section
->name
);
299 allowed
->users
= users
;
300 allowed_users
= slist_append (allowed_users
, allowed
);
304 log_write (_("reloading configuration file '%s'"), rcfile
);
306 config
= config_parse (rcfile
, 1);
309 config_free (global_config
);
310 global_config
= config
;
312 cache_push_from_rcfile ();
313 config_clear_keys ();
316 tmp
= strv_join (",", invoking_orig
);
317 strv_free (invoking_orig
);
318 config_set_list_param (&global_config
, "global", "invoking_user", tmp
);
321 disable_list_and_dump
= !disable_list_and_dump
? b
: 1;
322 config_set_bool_param (&global_config
, "global", "require_save_key",
323 require_save_key
? "true" : "false");
325 if (config_get_bool_param (global_config
, "global", "tcp_require_key",
329 config_set_bool_param (&global_config
, "global", "tcp_require_key",
330 tcp_require_key
? "true" : "false");
335 int n
, t
= slist_length (allowed_users
);
337 for (n
= 0; n
< t
; n
++)
339 struct allowed_users_s
*allowed
;
342 allowed
= slist_nth_data (allowed_users
, n
);
343 tmp
= strv_join (",", allowed
->users
);
344 config_set_list_param (&global_config
, allowed
->section
,
347 xfree (allowed
->section
);
348 strv_free (allowed
->users
);
352 slist_free (allowed_users
);
356 /* Kill existing listening threads since the configured listening
357 * protocols may have changed. */
363 pthread_cleanup_pop (1);
368 send_error (assuan_context_t ctx
, gpg_error_t e
)
370 struct client_s
*client
= assuan_get_pointer (ctx
);
372 if (gpg_err_source (e
) == GPG_ERR_SOURCE_UNKNOWN
)
379 return assuan_process_done (ctx
, 0);
383 log_write ("ERR %i: %s", e
, pwmd_strerror (e
));
387 if (client
&& client
->xml_error
)
389 log_write ("%s", client
->xml_error
->message
);
390 xfree (client
->last_error
);
391 client
->last_error
= NULL
;
392 if (client
->xml_error
->message
)
393 client
->last_error
= str_dup (client
->xml_error
->message
);
395 e
= assuan_process_done (ctx
,
396 assuan_set_error (ctx
, e
,
397 client
->xml_error
->message
? client
->xml_error
->message
: NULL
));
398 xmlResetLastError ();
399 xmlResetError (client
->xml_error
);
400 xfree (client
->xml_error
);
401 client
->xml_error
= NULL
;
405 return assuan_process_done (ctx
,
406 assuan_set_error (ctx
, e
, pwmd_strerror (e
)));
410 assuan_log_cb (assuan_context_t ctx
, void *data
, unsigned cat
,
413 static pthread_mutex_t m
= PTHREAD_MUTEX_INITIALIZER
;
417 pthread_mutex_lock (&m
);
418 pthread_cleanup_push ((void (*)(void *)) pthread_mutex_unlock
, &m
);
419 t
= strv_length (debug_level
);
421 for (i
= 0; i
< t
; i
++)
423 if (!strcasecmp (debug_level
[i
], (char *) "init")
424 && cat
== ASSUAN_LOG_INIT
)
430 if (!strcasecmp (debug_level
[i
], (char *) "ctx")
431 && cat
== ASSUAN_LOG_CTX
)
437 if (!strcasecmp (debug_level
[i
], (char *) "engine")
438 && cat
== ASSUAN_LOG_ENGINE
)
444 if (!strcasecmp (debug_level
[i
], (char *) "data")
445 && cat
== ASSUAN_LOG_DATA
)
451 if (!strcasecmp (debug_level
[i
], (char *) "sysio")
452 && cat
== ASSUAN_LOG_SYSIO
)
458 if (!strcasecmp (debug_level
[i
], (char *) "control")
459 && cat
== ASSUAN_LOG_CONTROL
)
473 open (logfile
, O_WRONLY
| O_CREAT
| O_APPEND
, 0600)) == -1)
474 warn ("%s", logfile
);
477 pthread_cleanup_push (cleanup_fd_cb
, &fd
);
478 write (fd
, msg
, strlen (msg
));
479 pthread_cleanup_pop (1);
485 fprintf (stderr
, "%s%s", data
? (char *) data
: "", msg
);
490 pthread_cleanup_pop (1);
495 log_write (const char *fmt
, ...)
501 pthread_t tid
= pthread_self ();
502 static pthread_mutex_t m
= PTHREAD_MUTEX_INITIALIZER
;
504 if ((!logfile
&& !isatty (STDERR_FILENO
) && !log_syslog
) || !fmt
)
507 pthread_mutex_lock (&m
);
508 pthread_cleanup_push ((void (*)(void *)) pthread_mutex_unlock
, &m
);
510 if (!cmdline
&& logfile
&& log_fd
== -1)
512 log_fd
= open (logfile
, O_WRONLY
| O_CREAT
| O_APPEND
, 0600);
514 warn ("%s", logfile
);
519 if (str_vasprintf (&args
, fmt
, ap
) != -1)
523 pthread_cleanup_push (xfree
, args
);
524 fprintf (stderr
, "pwmd: %s\n", args
);
526 pthread_cleanup_pop (1);
530 char *name
= pthread_getspecific (thread_name_key
);
533 pthread_cleanup_push (xfree
, args
);
534 snprintf (buf
, sizeof (buf
), "%s(%p): ", name
? name
: _("unknown"),
538 if (!cmdline
&& log_syslog
&& !nofork
)
539 syslog (LOG_INFO
, "%s%s", name
, args
);
542 struct tm
*tm
= localtime (&now
);
544 strftime (tbuf
, sizeof (tbuf
), "%b %d %Y %H:%M:%S ", tm
);
545 tbuf
[sizeof (tbuf
) - 1] = 0;
547 if (args
[strlen (args
) - 1] == '\n')
548 args
[strlen (args
) - 1] = 0;
550 line
= str_asprintf ("%s %i %s%s\n", tbuf
, getpid (), name
,
552 pthread_cleanup_pop (1);
555 pthread_cleanup_push (xfree
, line
);
556 if (logfile
&& log_fd
!= -1)
558 write (log_fd
, line
, strlen (line
));
564 fprintf (stdout
, "%s", line
);
568 pthread_cleanup_pop (1);
574 pthread_cleanup_pop (0);
576 if (log_fd
!= -1 && config_get_boolean (NULL
, "log_keepopen") <= 0)
582 pthread_mutex_unlock (&m
);
587 secure_mem_check (const void *arg
)
596 gcry_control (GCRYCTL_SET_THREAD_CBS
, &gcry_threads_pthread
);
598 if (!gcry_check_version (GCRYPT_VERSION
))
600 fprintf (stderr
, _("gcry_check_version(): Incompatible libgcrypt. "
601 "Wanted %s, got %s.\n"), GCRYPT_VERSION
,
602 gcry_check_version (NULL
));
603 return GPG_ERR_UNKNOWN_VERSION
;
606 gcry_set_allocation_handler (xmalloc
, xmalloc
, NULL
, xrealloc
, xfree
);
611 do_validate_peer (assuan_context_t ctx
, const char *section
,
612 assuan_peercred_t
* peer
)
617 struct client_s
*client
= assuan_get_pointer (ctx
);
620 return GPG_ERR_EACCES
;
623 if (client
->thd
->remote
)
624 return tls_validate_access (client
, section
);
627 rc
= assuan_get_peercred (ctx
, peer
);
631 users
= config_get_list (section
, "allowed");
634 for (char **p
= users
; *p
; p
++)
636 rc
= acl_check_common(client
, *p
, (*peer
)->uid
, (*peer
)->gid
,
643 return allowed
? 0 : rc
? rc
: GPG_ERR_EACCES
;
646 /* Test if uid is a member of group 'name'. Invert when 'not' is true. */
647 #ifdef HAVE_GETGRNAM_R
649 acl_check_group (const char *name
, uid_t uid
, gid_t gid
, int not, int *allowed
)
652 struct group gr
, *gresult
;
653 size_t len
= sysconf (_SC_GETGR_R_SIZE_MAX
);
660 return GPG_ERR_ENOMEM
;
662 if (!getgrnam_r (name
, &gr
, buf
, len
, &gresult
) && gresult
)
664 if (gresult
->gr_gid
== gid
)
671 len
= sysconf (_SC_GETPW_R_SIZE_MAX
);
675 for (char **t
= gresult
->gr_mem
; *t
; t
++)
679 struct passwd
*result
= get_pwd_struct (*t
, 0, &pw
, &tbuf
);
681 if (result
&& result
->pw_uid
== uid
)
696 return GPG_ERR_EACCES
;
700 acl_check_group (const char *name
, uid_t uid
, gid_t gid
, int not, int *allowed
)
702 struct group
*gresult
;
704 gresult
= getgrnam (name
);
705 if (gresult
&& gresult
->gr_gid
== gid
)
711 for (char **t
= gresult
->gr_mem
; *t
; t
++)
715 struct passwd
*result
= get_pwd_struct (*t
, 0, &pw
, &buf
);
717 if (result
&& result
->pw_uid
== uid
)
732 peer_is_invoker(struct client_s
*client
)
734 struct invoking_user_s
*user
;
737 if (client
->thd
->state
== CLIENT_STATE_UNKNOWN
)
738 return GPG_ERR_EACCES
;
740 for (user
= invoking_users
; user
; user
= user
->next
)
743 if (client
->thd
->remote
)
745 if (user
->type
== INVOKING_TLS
746 && !strcmp(client
->thd
->tls
->fp
, user
->id
))
747 allowed
= user
->not ? 0 : 1;
753 if (user
->type
== INVOKING_GID
)
755 gpg_error_t rc
= acl_check_group (user
->id
,
756 client
->thd
->peer
->uid
,
757 client
->thd
->peer
->gid
,
758 user
->not, &allowed
);
762 else if (user
->type
== INVOKING_UID
&& client
->thd
->peer
->uid
== user
->uid
)
763 allowed
= user
->not ? 0 : 1;
766 return allowed
? 0 : GPG_ERR_EACCES
;
769 #ifdef HAVE_GETGRNAM_R
771 acl_check_common (struct client_s
*client
, const char *user
, uid_t uid
,
772 gid_t gid
, int *allowed
)
781 if (*user
== '-' || *user
== '!')
784 if (*user
== '+') // not implemented yet
787 if (*user
== '#') // TLS fingerprint hash
790 if (not || rw
|| tls
)
796 if (client
->thd
->remote
)
798 if (!strcasecmp (client
->thd
->tls
->fp
, user
))
808 else if (client
->thd
->remote
) // Remote client with no TLS in the ACL
812 if (*user
== '@') // all users in group
813 return acl_check_group (user
+1, uid
, gid
, not, allowed
);
818 struct passwd
*pwd
= get_pwd_struct (user
, 0, &pw
, &buf
);
820 if (pwd
&& pwd
->pw_uid
== uid
)
830 acl_check_common (struct client_s
*client
, const char *user
, uid_t uid
,
831 gid_t gid
, int *allowed
)
840 if (*user
== '-' || *user
== '!')
843 if (*user
== '+') // not implemented yet
846 if (*user
== '#') // TLS fingerprint hash
849 if (not || rw
|| tls
)
855 if (client
->thd
->remote
)
857 if (!strcasecmp (client
->thd
->tls
->fp
, user
))
867 if (*user
== '@') // all users in group
868 return acl_check_group (user
+1, uid
, gid
, not, allowed
);
873 struct passwd
*result
= get_pwd_struct (user
, 0, &pw
, &buf
);
875 if (result
&& result
->pw_uid
== uid
)
886 validate_peer (struct client_s
*cl
)
892 return tls_validate_access (cl
, NULL
);
895 MUTEX_LOCK (&cn_mutex
);
896 rc
= do_validate_peer (cl
->ctx
, "global", &cl
->thd
->peer
);
897 MUTEX_UNLOCK (&cn_mutex
);
898 if (!rc
|| gpg_err_code (rc
) == GPG_ERR_EACCES
)
899 log_write ("peer %s: uid=%i, gid=%i, pid=%i",
900 !rc
? _("accepted") : _("rejected"), cl
->thd
->peer
->uid
,
901 cl
->thd
->peer
->gid
, cl
->thd
->peer
->pid
);
903 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
909 xml_error_cb (void *data
, xmlErrorPtr e
)
911 struct client_s
*client
= data
;
914 * Keep the first reported error as the one to show in the error
915 * description. Reset in send_error().
917 if (client
->xml_error
)
920 client
->xml_error
= xcalloc (1, sizeof(xmlError
));
921 xmlCopyError (e
, client
->xml_error
);
925 hook_waitpid (assuan_context_t ctx
, pid_t pid
, int action
,
926 int *status
, int options
)
928 return waitpid (pid
, status
, options
);
932 hook_read (assuan_context_t ctx
, assuan_fd_t fd
, void *data
, size_t len
)
935 struct client_s
*client
= assuan_get_pointer (ctx
);
937 if (client
->thd
->remote
)
938 return tls_read_hook (ctx
, (int) fd
, data
, len
);
941 return read ((int) fd
, data
, len
);
945 hook_write (assuan_context_t ctx
, assuan_fd_t fd
,
946 const void *data
, size_t len
)
949 struct client_s
*client
= assuan_get_pointer (ctx
);
951 if (client
->thd
->remote
)
952 return tls_write_hook (ctx
, (int) fd
, data
, len
);
955 return write ((int) fd
, data
, len
);
959 new_connection (struct client_s
*cl
)
962 static struct assuan_malloc_hooks mhooks
= { xmalloc
, xrealloc
, xfree
};
963 static struct assuan_system_hooks shooks
= {
964 ASSUAN_SYSTEM_HOOKS_VERSION
,
972 NULL
, //sendmsg both are used for FD passing
983 char *prio
= config_get_string ("global", "tls_cipher_suite");
985 cl
->thd
->timeout
= config_get_integer ("global", "tls_timeout");
986 if (fcntl (cl
->thd
->fd
, F_SETFL
, O_NONBLOCK
) == -1)
989 cl
->thd
->tls
= tls_init (cl
->thd
->fd
, cl
->thd
->timeout
, prio
);
996 rc
= assuan_new_ext (&cl
->ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
,
997 debug_level
? assuan_log_cb
: NULL
, NULL
);
1001 assuan_ctx_set_system_hooks (cl
->ctx
, &shooks
);
1002 rc
= assuan_init_socket_server (cl
->ctx
, cl
->thd
->fd
, 2);
1006 assuan_set_pointer (cl
->ctx
, cl
);
1007 assuan_set_hello_line (cl
->ctx
, PACKAGE_STRING
);
1008 rc
= register_commands (cl
->ctx
);
1012 rc
= assuan_accept (cl
->ctx
);
1016 rc
= validate_peer (cl
);
1017 /* May not be implemented on all platforms. */
1018 if (rc
&& gpg_err_code (rc
) != GPG_ERR_ASS_GENERAL
)
1021 MUTEX_LOCK (&cn_mutex
);
1022 cl
->thd
->state
= CLIENT_STATE_INIT
;
1023 MUTEX_UNLOCK (&cn_mutex
);
1024 rc
= init_client_crypto (&cl
->crypto
);
1030 cl
->crypto
->agent
->client_ctx
= cl
->ctx
;
1033 cl
->crypto
->client_ctx
= cl
->ctx
;
1034 cl
->lock_timeout
= config_get_integer ("global", "lock_timeout");
1035 xmlSetStructuredErrorFunc (cl
, xml_error_cb
);
1039 log_write ("%s", pwmd_strerror (rc
));
1044 * This is called after a client_thread() terminates. Set with
1045 * pthread_cleanup_push().
1048 cleanup_cb (void *arg
)
1050 struct client_thread_s
*cn
= arg
;
1051 struct client_s
*cl
= cn
->cl
;
1053 MUTEX_LOCK (&cn_mutex
);
1054 cn_thread_list
= slist_remove (cn_thread_list
, cn
);
1055 MUTEX_UNLOCK (&cn_mutex
);
1059 cleanup_client (cl
);
1061 xmlResetError (cl
->xml_error
);
1063 xfree (cl
->xml_error
);
1068 gnutls_deinit (cn
->tls
->ses
);
1069 xfree (cn
->tls
->fp
);
1074 if (!cn
->atfork
&& cl
->ctx
)
1075 assuan_release (cl
->ctx
);
1076 else if (!cn
->atfork
&& cl
->thd
&& cl
->thd
->fd
!= -1)
1077 close (cl
->thd
->fd
);
1080 cleanup_crypto (&cl
->crypto
);
1082 pinentry_free_opts (&cl
->pinentry_opts
);
1091 while (cn
->msg_queue
)
1093 struct status_msg_s
*msg
= cn
->msg_queue
;
1095 cn
->msg_queue
= msg
->next
;
1100 if (!cn
->atfork
&& cn
->status_msg_pipe
[0] != -1)
1101 close (cn
->status_msg_pipe
[0]);
1103 if (!cn
->atfork
&& cn
->status_msg_pipe
[1] != -1)
1104 close (cn
->status_msg_pipe
[1]);
1106 pthread_mutex_destroy (&cn
->status_mutex
);
1110 log_write (_("exiting, fd=%i"), cn
->fd
);
1111 send_status_all (STATUS_CLIENTS
, NULL
);
1116 xfree (cn
->peeraddr
);
1119 pthread_cond_signal (&quit_cond
);
1123 cleanup_all_clients (int atfork
)
1125 /* This function may be called from pthread_atfork() which requires
1126 reinitialization. */
1129 pthread_mutexattr_t attr
;
1131 pthread_mutexattr_init (&attr
);
1132 pthread_mutexattr_settype (&attr
, PTHREAD_MUTEX_RECURSIVE
);
1133 pthread_mutex_init (&cn_mutex
, &attr
);
1134 pthread_mutexattr_destroy (&attr
);
1135 cache_mutex_init ();
1138 MUTEX_LOCK (&cn_mutex
);
1140 while (slist_length (cn_thread_list
))
1142 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, 0);
1144 thd
->atfork
= atfork
;
1149 MUTEX_UNLOCK (&cn_mutex
);
1150 cache_deinit (atfork
);
1154 send_msg_queue (struct client_thread_s
*thd
)
1156 MUTEX_LOCK (&thd
->status_mutex
);
1160 read (thd
->status_msg_pipe
[0], &c
, 1);
1161 thd
->wrote_status
= 0;
1163 while (thd
->msg_queue
)
1165 struct status_msg_s
*msg
= thd
->msg_queue
;
1167 thd
->msg_queue
= thd
->msg_queue
->next
;
1168 MUTEX_UNLOCK (&thd
->status_mutex
);
1169 rc
= send_status (thd
->cl
->ctx
, msg
->s
, msg
->line
);
1170 MUTEX_LOCK (&thd
->status_mutex
);
1178 MUTEX_UNLOCK (&thd
->status_mutex
);
1179 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1180 log_write ("%s: %s", __FUNCTION__
, pwmd_strerror (rc
));
1186 client_thread (void *data
)
1188 struct client_thread_s
*thd
= data
;
1189 struct client_s
*cl
= xcalloc (1, sizeof (struct client_s
));
1191 #ifdef HAVE_PR_SET_NAME
1192 prctl (PR_SET_NAME
, "client");
1194 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1198 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
1199 pwmd_strerror (GPG_ERR_ENOMEM
));
1203 MUTEX_LOCK (&cn_mutex
);
1204 pthread_cleanup_push (cleanup_cb
, thd
);
1207 MUTEX_UNLOCK (&cn_mutex
);
1209 if (new_connection (cl
))
1214 send_status_all (STATUS_CLIENTS
, NULL
);
1215 rc
= send_status (cl
->ctx
, STATUS_CACHE
, NULL
);
1218 log_write ("%s(%i): %s", __FILE__
, __LINE__
, pwmd_strerror (rc
));
1229 FD_SET (thd
->fd
, &rfds
);
1230 FD_SET (thd
->status_msg_pipe
[0], &rfds
);
1231 n
= thd
->fd
> thd
->status_msg_pipe
[0]
1232 ? thd
->fd
: thd
->status_msg_pipe
[0];
1234 n
= select (n
+ 1, &rfds
, NULL
, NULL
, NULL
);
1237 log_write ("%s", strerror (errno
));
1241 if (FD_ISSET (thd
->status_msg_pipe
[0], &rfds
))
1243 rc
= send_msg_queue (thd
);
1244 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1248 if (!FD_ISSET (thd
->fd
, &rfds
))
1251 rc
= assuan_process_next (cl
->ctx
, &eof
);
1254 if (gpg_err_code (rc
) == GPG_ERR_EOF
|| eof
)
1257 log_write ("assuan_process_next(): rc=%i %s", rc
,
1258 pwmd_strerror (rc
));
1259 if (rc
== gpg_error (GPG_ERR_ETIMEDOUT
))
1262 rc
= send_error (cl
->ctx
, rc
);
1265 log_write ("assuan_process_done(): rc=%i %s", rc
,
1266 pwmd_strerror (rc
));
1271 /* Since the msg queue pipe fd's are non-blocking, check for
1272 * pending status msgs here. GPG_ERR_EPIPE can be seen when the
1273 * client has already disconnected and will be converted to
1274 * GPG_ERR_EOF during assuan_process_next().
1276 rc
= send_msg_queue (thd
);
1277 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EPIPE
)
1282 /* Don't do pthread_exit() here because any set pthread_cleanup_push
1283 * functions would be called after a command failed but then the client
1284 * exited normally which may lead to a double free. */
1285 pthread_cleanup_pop (1);
1290 xml_import (const char *filename
, const char *outfile
,
1291 const char *keygrip
, const char *sign_keygrip
,
1292 const char *keyfile
, int no_passphrase
, const char *cipher
,
1293 const char *params
, uint64_t iterations
)
1302 struct crypto_s
*crypto
= NULL
;
1305 int algo
= cipher
? cipher_string_to_gcrypt ((char *) cipher
) :
1310 log_write ("ERR %i: %s", gpg_error (GPG_ERR_CIPHER_ALGO
),
1311 pwmd_strerror (GPG_ERR_CIPHER_ALGO
));
1315 if (stat (filename
, &st
) == -1)
1317 log_write ("%s: %s", filename
,
1318 pwmd_strerror (gpg_error_from_errno (errno
)));
1322 rc
= init_client_crypto (&crypto
);
1326 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
1327 crypto
->save
.hdr
.flags
= set_cipher_flag (crypto
->save
.hdr
.flags
, algo
);
1328 log_write (_("Importing XML from '%s'. Output will be written to '%s' ..."),
1331 if ((fd
= open (filename
, O_RDONLY
)) == -1)
1333 log_write ("%s: %s", filename
,
1334 pwmd_strerror (gpg_error_from_errno (errno
)));
1338 if ((xmlbuf
= xmalloc (st
.st_size
+ 1)) == NULL
)
1341 log_write ("%s(%i): %s", __FILE__
, __LINE__
,
1342 pwmd_strerror (GPG_ERR_ENOMEM
));
1346 if (read (fd
, xmlbuf
, st
.st_size
) == -1)
1348 rc
= gpg_error_from_errno (errno
);
1350 log_write ("%s: %s", filename
, pwmd_strerror (rc
));
1355 xmlbuf
[st
.st_size
] = 0;
1357 * Make sure the document validates.
1359 if ((doc
= xmlReadDoc (xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
)) == NULL
)
1361 log_write ("xmlReadDoc() failed");
1367 xmlNodePtr n
= xmlDocGetRootElement (doc
);
1368 if (n
&& !xmlStrEqual (n
->name
, (xmlChar
*) "pwmd"))
1370 log_write (_("Could not find root \"pwmd\" element."));
1371 rc
= GPG_ERR_BAD_DATA
;
1375 rc
= validate_import (NULL
, n
? n
->children
: n
);
1379 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1384 xmlDocDumpMemory (doc
, &xml
, &len
);
1386 crypto
->save
.s2k_count
= iterations
;
1387 crypto
->save
.hdr
.s2k_count
= iterations
;
1390 rc
= export_common (NULL
, 0, crypto
, xml
, len
, outfile
, keyfile
, &key
,
1391 &keylen
, 0, 0, no_passphrase
);
1393 log_write (_("Success!"));
1398 rc
= agent_set_pinentry_options (crypto
->agent
);
1400 rc
= agent_export_common (crypto
, keygrip
, sign_keygrip
, no_passphrase
,
1401 xml
, len
, outfile
, params
, keyfile
);
1409 send_error (NULL
, rc
);
1413 cleanup_crypto (&crypto
);
1417 cleanup_crypto (&crypto
);
1422 do_cache_push (const char *filename
, struct crypto_s
*crypto
)
1424 unsigned char md5file
[16];
1429 struct cache_data_s
*cdata
;
1433 log_write (_("Trying to add datafile '%s' to the file cache ..."),
1436 if (valid_filename (filename
) == 0)
1438 log_write (_("%s: Invalid characters in filename"), filename
);
1442 rc
= decrypt_common (NULL
, 0, crypto
, filename
, &key
, &keylen
, NULL
, NULL
);
1446 rc
= parse_doc ((char *) crypto
->plaintext
, crypto
->plaintext_len
, &doc
);
1449 log_write ("%s", pwmd_strerror (rc
));
1454 gcry_md_hash_buffer (GCRY_MD_MD5
, md5file
, filename
, strlen (filename
));
1455 cdata
= xcalloc (1, sizeof (struct cache_data_s
));
1459 log_write ("%s", pwmd_strerror (GPG_ERR_ENOMEM
));
1464 rc
= get_checksum (filename
, &crc
, &len
);
1467 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1469 free_cache_data_once (cdata
);
1475 rc
= encrypt_xml (NULL
, cache_key
, cache_keysize
, GCRY_CIPHER_AES
,
1476 crypto
->plaintext
, crypto
->plaintext_len
, &cdata
->doc
,
1477 &cdata
->doclen
, &cache_iv
, &cache_blocksize
);
1478 if (!rc
&& !IS_PKI (crypto
))
1481 cdata
->keylen
= keylen
;
1488 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
1490 free_cache_data_once (cdata
);
1495 if (use_agent
&& IS_PKI (crypto
))
1497 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->pubkey
, NULL
, "%S",
1499 gcry_sexp_build ((gcry_sexp_t
*) & cdata
->sigkey
, NULL
, "%S",
1500 crypto
->sigpkey_sexp
);
1504 int timeout
= config_get_integer (filename
, "cache_timeout");
1505 cache_add_file (md5file
, crypto
->grip
, cdata
, timeout
);
1506 log_write (_("Successfully added '%s' to the cache."), filename
);
1511 init_client (int fd
, const char *addr
)
1514 struct client_thread_s
*new = xcalloc (1, sizeof (struct client_thread_s
));
1519 return GPG_ERR_ENOMEM
;
1522 MUTEX_LOCK (&cn_mutex
);
1523 pthread_cleanup_push (cleanup_mutex_cb
, &cn_mutex
);
1525 if (pipe (new->status_msg_pipe
) == -1)
1526 rc
= gpg_error_from_errno (errno
);
1530 if (fcntl (new->status_msg_pipe
[0], F_SETFL
, O_NONBLOCK
) == -1)
1531 rc
= gpg_error_from_errno (errno
);
1534 if (fcntl (new->status_msg_pipe
[1], F_SETFL
, O_NONBLOCK
) == -1)
1535 rc
= gpg_error_from_errno (errno
);
1537 pthread_mutex_init (&new->status_mutex
, NULL
);
1543 new->remote
= addr
? 1 : 0;
1546 rc
= create_thread (client_thread
, new, &new->tid
, 1);
1549 close (new->status_msg_pipe
[0]);
1550 close (new->status_msg_pipe
[1]);
1551 pthread_mutex_destroy (&new->status_mutex
);
1557 struct slist_s
*list
= slist_append (cn_thread_list
, new);
1561 cn_thread_list
= list
;
1564 log_write (_("new connection: tid=%p, fd=%i, addr=%s"),
1565 (pthread_t
*) new->tid
, fd
, addr
);
1567 new->peeraddr
= str_dup (addr
);
1571 log_write (_("new connection: tid=%p, fd=%i"),
1572 (pthread_t
*) new->tid
, fd
);
1575 rc
= GPG_ERR_ENOMEM
;
1578 pthread_cleanup_pop (1);
1584 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1585 pwmd_strerror (rc
));
1591 keepalive_thread (void *arg
)
1593 #ifndef HAVE_PTHREAD_CANCEL
1594 int *n
= xmalloc (sizeof (int));
1597 pthread_setspecific (signal_thread_key
, n
);
1601 #ifdef HAVE_PR_SET_NAME
1602 prctl (PR_SET_NAME
, "keepalive");
1604 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1608 int n
= config_get_integer ("global", "keepalive_interval");
1609 struct timeval tv
= { n
, 0 };
1610 #ifndef HAVE_PTHREAD_CANCEL
1613 sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1618 send_status_all (STATUS_KEEPALIVE
, NULL
);
1619 select (0, NULL
, NULL
, NULL
, &tv
);
1626 /* From Beej's Guide to Network Programming. It's a good tutorial. */
1628 get_in_addr (struct sockaddr
*sa
)
1630 if (sa
->sa_family
== AF_INET
)
1631 return &(((struct sockaddr_in
*) sa
)->sin_addr
);
1633 return &(((struct sockaddr_in6
*) sa
)->sin6_addr
);
1637 tcp_accept_thread (void *arg
)
1639 int sockfd
= *(int *) arg
;
1640 #ifndef HAVE_PTHREAD_CANCEL
1641 int *n
= xmalloc (sizeof (int));
1644 pthread_setspecific (signal_thread_key
, n
);
1646 fcntl (sockfd
, F_SETFL
, O_NONBLOCK
);
1649 #ifdef HAVE_PR_SET_NAME
1650 prctl (PR_SET_NAME
, "tcp_accept");
1652 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1656 struct sockaddr_storage raddr
;
1657 socklen_t slen
= sizeof (raddr
);
1660 char s
[INET6_ADDRSTRLEN
];
1661 struct timeval tv
= { 0, ACCEPT_TIMEOUT
};
1662 #ifndef HAVE_PTHREAD_CANCEL
1665 sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1670 fd
= accept (sockfd
, (struct sockaddr
*) &raddr
, &slen
);
1673 if (errno
== EMFILE
|| errno
== ENFILE
)
1674 log_write ("accept(): %s",
1675 pwmd_strerror (gpg_error_from_errno (errno
)));
1676 else if (errno
!= EAGAIN
)
1678 if (!quit
) // probably EBADF
1679 log_write ("accept(): %s", strerror (errno
));
1684 #ifndef HAVE_PTHREAD_CANCEL
1685 select (0, NULL
, NULL
, NULL
, &tv
);
1696 inet_ntop (raddr
.ss_family
, get_in_addr ((struct sockaddr
*) &raddr
),
1698 (void) init_client (fd
, s
);
1699 n
= config_get_integer ("global", "tcp_wait");
1702 tv
.tv_sec
= (n
* 100000) / 100000;
1703 tv
.tv_usec
= (n
* 100000) % 100000;
1704 select (0, NULL
, NULL
, NULL
, &tv
);
1712 start_stop_tls_with_protocol (int ipv6
, int term
)
1714 struct addrinfo hints
, *servinfo
, *p
;
1715 int port
= config_get_integer ("global", "tcp_port");
1719 int *fd
= ipv6
? &tls6_fd
: &tls_fd
;
1721 if (term
|| config_get_boolean ("global", "enable_tcp") == 0)
1727 #ifdef HAVE_PTHREAD_CANCEL
1728 pthread_cancel (tls6_tid
);
1730 pthread_kill (tls6_tid
, SIGUSR2
);
1732 pthread_join (tls6_tid
, NULL
);
1735 shutdown (tls6_fd
, SHUT_RDWR
);
1745 #ifdef HAVE_PTHREAD_CANCEL
1746 pthread_cancel (tls_tid
);
1748 pthread_kill (tls_tid
, SIGUSR2
);
1750 pthread_join (tls_tid
, NULL
);
1753 shutdown (tls_fd
, SHUT_RDWR
);
1759 /* A client may still be connected. */
1760 if (!quit
&& x509_cred
!= NULL
)
1761 tls_deinit_params ();
1766 if ((ipv6
&& tls6_fd
!= -1) || (!ipv6
&& tls_fd
!= -1))
1769 memset (&hints
, 0, sizeof (hints
));
1770 hints
.ai_family
= ipv6
? AF_INET6
: AF_INET
;
1771 hints
.ai_socktype
= SOCK_STREAM
;
1772 hints
.ai_flags
= AI_PASSIVE
;
1773 snprintf (buf
, sizeof (buf
), "%i", port
);
1775 if ((n
= getaddrinfo (NULL
, buf
, &hints
, &servinfo
)) == -1)
1777 log_write ("getaddrinfo(): %s", gai_strerror (n
));
1781 for (n
= 0, p
= servinfo
; p
!= NULL
; p
= p
->ai_next
)
1785 if ((ipv6
&& p
->ai_family
!= AF_INET6
)
1786 || (!ipv6
&& p
->ai_family
!= AF_INET
))
1789 if ((*fd
= socket (p
->ai_family
, p
->ai_socktype
, p
->ai_protocol
)) == -1)
1791 log_write ("socket(): %s", strerror (errno
));
1795 if (setsockopt (*fd
, SOL_SOCKET
, SO_REUSEADDR
, &r
, sizeof (int)) == -1)
1797 log_write ("setsockopt(): %s",
1798 pwmd_strerror (gpg_error_from_errno (errno
)));
1799 freeaddrinfo (servinfo
);
1803 if (bind (*fd
, p
->ai_addr
, p
->ai_addrlen
) == -1)
1806 log_write ("bind(): %s",
1807 pwmd_strerror (gpg_error_from_errno (errno
)));
1815 freeaddrinfo (servinfo
);
1820 #if HAVE_DECL_SO_BINDTODEVICE != 0
1821 char *tmp
= config_get_string ("global", "tcp_interface");
1822 if (tmp
&& setsockopt (*fd
, SOL_SOCKET
, SO_BINDTODEVICE
, tmp
,
1823 strlen (tmp
)) == -1)
1825 log_write ("setsockopt(): %s",
1826 pwmd_strerror (gpg_error_from_errno (errno
)));
1834 if (x509_cred
== NULL
)
1836 char *tmp
= config_get_string ("global", "tls_dh_level");
1838 rc
= tls_init_params (tmp
);
1844 if (listen (*fd
, 0) == -1)
1846 log_write ("listen(): %s", strerror (errno
));
1851 rc
= create_thread (tcp_accept_thread
, fd
, &tls6_tid
, 0);
1853 rc
= create_thread (tcp_accept_thread
, fd
, &tls_tid
, 0);
1857 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
1858 pwmd_strerror (rc
));
1870 start_stop_tls_with_protocol (0, 1);
1883 start_stop_tls (int term
)
1885 char *s
= config_get_string ("global", "tcp_bind");
1891 if (!strcmp (s
, "any"))
1893 b
= start_stop_tls_with_protocol (0, term
);
1895 b
= start_stop_tls_with_protocol (1, term
);
1897 else if (!strcmp (s
, "ipv4"))
1898 b
= start_stop_tls_with_protocol (0, term
);
1899 else if (!strcmp (s
, "ipv6"))
1900 b
= start_stop_tls_with_protocol (1, term
);
1910 accept_thread (void *arg
)
1912 int sockfd
= *(int *) arg
;
1913 #ifndef HAVE_PTHREAD_CANCEL
1914 int *n
= xmalloc (sizeof (int));
1917 pthread_setspecific (signal_thread_key
, n
);
1919 fcntl (sockfd
, F_SETFL
, O_NONBLOCK
);
1922 #ifdef HAVE_PR_SET_NAME
1923 prctl (PR_SET_NAME
, "accept");
1925 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1929 socklen_t slen
= sizeof (struct sockaddr_un
);
1930 struct sockaddr_un raddr
;
1932 #ifndef HAVE_PTHREAD_CANCEL
1933 struct timeval tv
= { 0, ACCEPT_TIMEOUT
};
1934 int *sigusr2
= (int *) pthread_getspecific (signal_thread_key
);
1940 fd
= accept (sockfd
, (struct sockaddr
*) &raddr
, &slen
);
1943 if (errno
== EMFILE
|| errno
== ENFILE
)
1944 log_write ("accept(): %s",
1945 pwmd_strerror (gpg_error_from_errno (errno
)));
1946 else if (errno
!= EAGAIN
)
1948 if (!quit
) // probably EBADF
1949 log_write ("accept(): %s",
1950 pwmd_strerror (gpg_error_from_errno (errno
)));
1955 #ifndef HAVE_PTHREAD_CANCEL
1956 select (0, NULL
, NULL
, NULL
, &tv
);
1961 (void) init_client (fd
, NULL
);
1964 /* Just in case accept() failed for some reason other than EBADF */
1970 cache_timer_thread (void *arg
)
1972 #ifndef HAVE_PTHREAD_CANCEL
1973 int *n
= xmalloc (sizeof (int));
1976 pthread_setspecific (signal_thread_key
, n
);
1980 #ifdef HAVE_PR_SET_NAME
1981 prctl (PR_SET_NAME
, "cache timer");
1983 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
1987 struct timeval tv
= { 1, 0 };
1988 #ifndef HAVE_PTHREAD_CANCEL
1991 n
= (int *) pthread_getspecific (signal_thread_key
);
1996 select (0, NULL
, NULL
, NULL
, &tv
);
1997 cache_adjust_timeout ();
2004 signal_loop (sigset_t sigset
)
2013 sigwait (&sigset
, &sig
);
2016 log_write (_("caught signal %i (%s)"), sig
, strsignal (sig
));
2021 pthread_cond_signal (&rcfile_cond
);
2024 log_write (_("clearing file cache"));
2026 send_status_all (STATUS_CACHE
, NULL
);
2045 log_write (_ ("Caught signal %i (%s). Exiting."), sig
, strsignal (sig
));
2046 #ifdef HAVE_BACKTRACE
2047 BACKTRACE (__FUNCTION__
);
2053 waiting_for_exit (void *arg
)
2056 #ifndef HAVE_PTHREAD_CANCEL
2057 int *n
= xmalloc (sizeof (int));
2060 pthread_setspecific (signal_thread_key
, n
);
2064 #ifdef HAVE_PR_SET_NAME
2065 prctl (PR_SET_NAME
, "exiting");
2067 pthread_setspecific (thread_name_key
, str_dup (__FUNCTION__
));
2068 log_write (_("waiting for all clients to disconnect"));
2069 MUTEX_LOCK (&quit_mutex
);
2070 pthread_cleanup_push (cleanup_mutex_cb
, &quit_mutex
);
2077 MUTEX_LOCK (&cn_mutex
);
2078 n
= slist_length (cn_thread_list
);
2079 MUTEX_UNLOCK (&cn_mutex
);
2083 #ifndef HAVE_PTHREAD_CANCEL
2084 int *s
= (int *) pthread_getspecific (signal_thread_key
);
2091 log_write (_("%i clients remain"), n
);
2095 INIT_TIMESPEC (SIG_TIMEOUT
, ts
);
2096 pthread_cond_timedwait (&quit_cond
, &quit_mutex
, &ts
);
2099 kill (getpid (), SIGQUIT
);
2100 pthread_cleanup_pop (1);
2105 server_loop (int sockfd
, char **socketpath
)
2107 pthread_t accept_tid
;
2108 pthread_t cache_timeout_tid
;
2109 int cancel_timeout_thread
= 0, cancel_accept_thread
= 0;
2110 int cancel_keepalive_thread
= 0;
2117 sigemptyset (&sigset
);
2120 sigaddset (&sigset
, SIGTERM
);
2121 sigaddset (&sigset
, SIGINT
);
2123 /* Clears the file cache. */
2124 sigaddset (&sigset
, SIGUSR1
);
2126 /* Configuration file reloading. */
2127 sigaddset (&sigset
, SIGHUP
);
2129 /* For exiting cleanly. */
2130 sigaddset (&sigset
, SIGQUIT
);
2132 #ifndef HAVE_PTHREAD_CANCEL
2134 The socket, cache and rcfile threads use this signal when
2135 pthread_cancel() is unavailable. Prevent the main thread from
2136 catching this signal from another process.
2138 sigaddset (&sigset
, SIGUSR2
);
2141 /* When mem.c cannot find a pointer in the list (double free). */
2142 signal (SIGABRT
, catchsig
);
2143 sigaddset (&sigset
, SIGABRT
);
2144 sigprocmask (SIG_BLOCK
, &sigset
, NULL
);
2146 #ifndef HAVE_PTHREAD_CANCEL
2147 /* Remove this signal from the watched signals in signal_loop(). */
2148 sigdelset (&sigset
, SIGUSR2
);
2151 /* Ignored everywhere. When a client disconnects abnormally this signal
2152 * gets raised. It isn't needed though because client_thread() will check
2153 * for rcs even after the client disconnects. */
2154 signal (SIGPIPE
, SIG_IGN
);
2156 /* Can show a backtrace of the stack in the log. */
2157 signal (SIGSEGV
, catchsig
);
2160 /* Needs to be done after the fork(). */
2161 if (!start_stop_tls (0))
2168 pthread_mutex_init (&quit_mutex
, NULL
);
2169 pthread_cond_init (&quit_cond
, NULL
);
2170 char *p
= get_username (getuid());
2171 log_write (_("%s started for user %s"), PACKAGE_STRING
, p
);
2175 if (config_get_boolean ("global", "enable_tcp"))
2176 log_write (_("Listening on %s and TCP port %i"), *socketpath
,
2177 config_get_integer ("global", "tcp_port"));
2179 log_write (_("Listening on %s"), *socketpath
);
2181 log_write (_("Listening on %s"), *socketpath
);
2184 rc
= create_thread (keepalive_thread
, NULL
, &keepalive_tid
, 0);
2187 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2188 pwmd_strerror (rc
));
2192 cancel_keepalive_thread
= 1;
2193 rc
= create_thread (reload_rcfile_thread
, NULL
, &rcfile_tid
, 0);
2196 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2197 pwmd_strerror (rc
));
2201 rc
= create_thread (cache_timer_thread
, NULL
, &cache_timeout_tid
, 0);
2204 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2205 pwmd_strerror (rc
));
2209 cancel_timeout_thread
= 1;
2210 rc
= create_thread (accept_thread
, &sockfd
, &accept_tid
, 0);
2213 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2214 pwmd_strerror (rc
));
2218 cancel_accept_thread
= 1;
2220 signal_loop (sigset
);
2226 * We're out of the main server loop. This happens when a signal was sent
2227 * to terminate the daemon. We'll wait for all clients to disconnect
2228 * before exiting but exit immediately if another termination signal is
2231 if (cancel_accept_thread
)
2233 #ifdef HAVE_PTHREAD_CANCEL
2234 int n
= pthread_cancel (accept_tid
);
2236 int n
= pthread_kill (accept_tid
, SIGUSR2
);
2239 pthread_join (accept_tid
, NULL
);
2245 shutdown (sockfd
, SHUT_RDWR
);
2247 unlink (*socketpath
);
2248 xfree (*socketpath
);
2250 MUTEX_LOCK (&cn_mutex
);
2251 n
= slist_length (cn_thread_list
);
2252 MUTEX_UNLOCK (&cn_mutex
);
2258 rc
= create_thread (waiting_for_exit
, NULL
, &tid
, 0);
2261 if (signal_loop (sigset
))
2263 log_write (_("Received second termination request. Exiting."));
2264 #ifdef HAVE_PTHREAD_CANCEL
2265 pthread_cancel (tid
);
2267 pthread_kill (tid
, SIGUSR2
);
2269 pthread_join (tid
, NULL
);
2273 log_write ("%s(%i): pthread_create(): %s", __FILE__
, __LINE__
,
2274 pwmd_strerror (rc
));
2277 if (cancel_timeout_thread
)
2279 #ifdef HAVE_PTHREAD_CANCEL
2280 pthread_cancel (cache_timeout_tid
);
2282 pthread_kill (cache_timeout_tid
, SIGUSR2
);
2284 pthread_join (cache_timeout_tid
, NULL
);
2287 if (cancel_keepalive_thread
)
2289 #ifdef HAVE_PTHREAD_CANCEL
2290 pthread_cancel (keepalive_tid
);
2292 pthread_kill (keepalive_tid
, SIGUSR2
);
2294 pthread_join (keepalive_tid
, NULL
);
2297 cleanup_all_clients (0);
2302 pthread_cond_destroy (&quit_cond
);
2303 pthread_mutex_destroy (&quit_mutex
);
2304 return segv
? EXIT_FAILURE
: EXIT_SUCCESS
;;
2311 ("Failed to add a file to the cache. Use --ignore to force startup. Exiting."));
2315 /* This is called from cache.c:clear_once(). See
2316 * command.c:clearcache_command() for details about lock checking.
2319 free_cache_data (file_cache_t
* cache
)
2321 gpg_error_t rc
= GPG_ERR_NO_DATA
;
2323 struct client_thread_s
*found
= NULL
;
2330 MUTEX_LOCK (&cn_mutex
);
2331 pthread_cleanup_push (cleanup_mutex_cb
, &cn_mutex
);
2332 t
= slist_length (cn_thread_list
);
2334 for (i
= 0; i
< t
; i
++)
2336 struct client_thread_s
*thd
= slist_nth_data (cn_thread_list
, i
);
2341 if (!memcmp (thd
->cl
->md5file
, cache
->filename
,
2342 sizeof (cache
->filename
)))
2344 if (pthread_equal (pthread_self (), thd
->tid
))
2351 /* Continue trying to find a client who has the same file open and
2352 * also has a lock. */
2353 rc
= cache_lock_mutex (thd
->cl
->ctx
, thd
->cl
->md5file
, -1, 0, -1);
2363 if (self
&& (!rc
|| rc
== GPG_ERR_NO_DATA
))
2364 rc
= cache_lock_mutex (found
->cl
->ctx
, found
->cl
->md5file
, -1, 0, -1);
2366 if (exiting
|| !rc
|| rc
== GPG_ERR_NO_DATA
)
2368 free_cache_data_once (cache
->data
);
2370 cache
->defer_clear
= 0;
2371 cache
->timeout
= -1;
2374 cache_unlock_mutex (found
->cl
->md5file
, 0);
2380 cache
->defer_clear
= 1;
2382 pthread_cleanup_pop (1);
2388 convert_v2_datafile (const char *filename
, const char *cipher
,
2389 const char *keyfile
, const char *keygrip
,
2390 const char *sign_keygrip
, int nopass
,
2391 const char *outfile
, const char *keyparam
,
2392 uint64_t iterations
)
2397 struct crypto_s
*crypto
= NULL
;
2403 if (outfile
[0] == '-' && outfile
[1] == 0)
2406 log_write (_("Converting version 2 data file \"%s\" ..."), filename
);
2407 if (access (filename
, R_OK
) == -1)
2409 log_write ("%s: %s", filename
,
2410 pwmd_strerror (gpg_error_from_errno (errno
)));
2416 log_write (_("Using passphrase file \"%s\" for decryption ..."),
2418 if (access (keyfile
, R_OK
) == -1)
2420 log_write ("%s: %s", keyfile
,
2421 pwmd_strerror (gpg_error_from_errno (errno
)));
2426 rc
= read_v2_datafile (filename
, keyfile
, &data
, &datalen
, &ver
, &algo
);
2429 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
2435 algo
= cipher_string_to_gcrypt (cipher
);
2438 rc
= GPG_ERR_CIPHER_ALGO
;
2447 rc
= parse_doc (data
, datalen
, &doc
);
2451 rc
= convert_pre_212_elements (doc
);
2456 xmlDocDumpFormatMemory (doc
, (xmlChar
**) & data
, (int *) &datalen
,
2459 rc
= GPG_ERR_ENOMEM
;
2467 rc
= init_client_crypto (&crypto
);
2470 memcpy (&crypto
->save
.hdr
, &crypto
->hdr
, sizeof (file_header_t
));
2471 crypto
->save
.hdr
.flags
= set_cipher_flag (crypto
->save
.hdr
.flags
, algo
);
2472 crypto
->save
.hdr
.s2k_count
= iterations
;
2476 rc
= export_common (NULL
, 0, crypto
, data
, datalen
, outfile
, keyfile
,
2477 &key
, &keylen
, 0, 0, nopass
);
2482 rc
= agent_set_pinentry_options (crypto
->agent
);
2484 rc
= agent_export_common (crypto
, keygrip
, sign_keygrip
, nopass
,
2485 data
, datalen
, outfile
, keyparam
,
2486 no_passphrase_file
? NULL
: keyfile
);
2490 log_write (_("Output written to \"%s\"."),
2491 outfile
? outfile
: "<stdout>");
2501 cleanup_crypto (&crypto
);
2504 log_write ("ERR %i: %s", rc
, pwmd_strerror (rc
));
2509 usage (const char *pn
, int status
)
2511 FILE *fp
= status
== EXIT_FAILURE
? stderr
: stdout
;
2513 fprintf (fp
, _("Usage: %s [OPTIONS] [file1] [...]\n"
2514 " -f, --rcfile=filename load the specfied configuration file\n"
2515 " (~/.pwmd/config)\n"
2516 " --homedir alternate pwmd home directory (~/.pwmd)\n"
2517 " --kill terminate an existing instance of pwmd\n"
2519 " --use-agent[=integer] enable/disable use of gpg-agent\n"
2521 " -n, --no-fork run as a foreground process\n"
2522 " -D, --disable-dump disable the LIST, XPATH and DUMP commands\n"
2523 " --ignore, --force ignore file errors during startup\n"
2524 " --debug-level=keywords log protocol output (see manual for details)\n"
2525 " -o, --outfile=filename output file when importing or converting\n"
2526 " -C, --convert=filename convert a version 2 data file to version 3\n"
2527 " -I, --import=filename import a pwmd DTD formatted XML file)\n"
2528 " -k, --passphrase-file=file for use when importing or converting\n"
2529 " --no-passphrase-file prompt instead of using --passphrase-file when\n"
2531 " --no-passphrase when importing or converting\n"
2532 " --keygrip=hex public key to use when encrypting\n"
2533 " --sign-keygrip=hex private key to use when signing\n"
2534 " --keyparam=s-exp custom key parameters to use (RSA-2048)\n"
2535 " --cipher=string encryption cipher (aes256)\n"
2536 " --cipher-iterations=N cipher iteration count (alias for --s2k-count)\n"
2537 " --s2k-count=N hash iteration count (>65536, calibrated)\n"
2538 " --help this help text\n"
2539 " --version show version and compile time features\n"),
2545 unlink_stale_socket (const char *sock
, const char *pidfile
)
2547 log_write (_ ("removing stale socket %s"), sock
);
2553 test_pidfile (const char *path
, const char *sock
, char *buf
, size_t buflen
,
2554 char **pidfile
, int create
, mode_t mode
, int terminate
)
2562 snprintf (buf
, buflen
, "%s/%s.pid", homedir
, sock
);
2563 *pidfile
= str_dup (buf
);
2564 fd
= open (buf
, O_RDONLY
);
2567 fd
= open (*pidfile
, O_CREAT
|O_WRONLY
|O_TRUNC
, mode
);
2571 if (!create
&& errno
!= ENOENT
)
2573 log_write ("%s: %s", buf
, pwmd_strerror (errno
));
2578 else if (!create
&& !terminate
)
2581 log_write ("%s: %s", *pidfile
, strerror (errno
));
2587 snprintf (buf
, buflen
, "%i", getpid ());
2588 write (fd
, buf
, strlen (buf
));
2593 len
= read (fd
, buf
, buflen
);
2597 unlink_stale_socket (path
, *pidfile
);
2601 if (sscanf (buf
, "%5i", &pid
) != 1 || pid
== 0)
2605 unlink_stale_socket (path
, *pidfile
);
2610 if (kill (pid
, 0) == -1)
2612 unlink_stale_socket (path
, *pidfile
);
2618 if (kill (pid
, SIGTERM
) == -1)
2619 log_write ("%s: %s", path
, pwmd_strerror (errno
));
2622 log_write (_ ("an instance for socket %s is already running"), path
);
2630 main (int argc
, char *argv
[])
2633 struct sockaddr_un addr
;
2635 char *socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
2636 char *socketarg
= NULL
;
2637 char *datadir
= NULL
;
2638 char *pidfile
= NULL
;
2642 char **cache_push
= NULL
;
2643 char *import
= NULL
, *keygrip
= NULL
, *sign_keygrip
= NULL
;
2644 char *keyparam
= NULL
;
2645 int estatus
= EXIT_FAILURE
;
2647 char *outfile
= NULL
;
2650 int show_version
= 0;
2652 int no_passphrase
= 0;
2654 char *convertfile
= NULL
;
2655 char *cipher
= NULL
;
2656 char *keyfile
= NULL
;
2657 uint64_t s2k_count
= 0;
2659 char *debug_level_opt
= NULL
;
2662 /* Must maintain the same order as longopts[] */
2665 OPT_VERSION
, OPT_HELP
,
2669 OPT_DEBUG_LEVEL
, OPT_HOMEDIR
, OPT_NO_FORK
, OPT_DISABLE_DUMP
,
2670 OPT_IGNORE
, OPT_FORCE
, OPT_RCFILE
, OPT_CONVERT
,
2671 OPT_PASSPHRASE_FILE
, OPT_IMPORT
, OPT_OUTFILE
,
2672 OPT_NO_PASSPHRASE_FILE
, OPT_KEYGRIP
, OPT_SIGN_KEYGRIP
,
2673 OPT_KEYPARAM
, OPT_CIPHER
, OPT_ITERATIONS
, OPT_S2K_COUNT
,
2674 OPT_NO_PASSPHRASE
, OPT_KILL
2676 const char *optstring
= "nf:C:k:I:o:";
2677 const struct option longopts
[] = {
2678 {"version", no_argument
, 0, 0},
2679 {"help", no_argument
, 0, 0},
2681 {"use-agent", optional_argument
, 0, 0},
2683 {"debug-level", required_argument
, 0, 0},
2684 {"homedir", required_argument
, 0, 0},
2685 {"no-fork", no_argument
, 0, 'n'},
2686 {"disable_dump", no_argument
, 0, 0},
2687 {"ignore", no_argument
, 0, 0},
2688 {"force", no_argument
, 0, 0},
2689 {"rcfile", required_argument
, 0, 'f'},
2690 {"convert", required_argument
, 0, 'C'},
2691 {"passphrase-file", required_argument
, 0, 'k'},
2692 {"import", required_argument
, 0, 'I'},
2693 {"outfile", required_argument
, 0, 'o'},
2694 {"no-passphrase-file", no_argument
, 0, 0},
2695 {"keygrip", required_argument
, 0, 0},
2696 {"sign-keygrip", required_argument
, 0, 0},
2697 {"keyparam", required_argument
, 0, 0},
2698 {"cipher", required_argument
, 0, 0},
2699 {"cipher-iterations", required_argument
, 0, 0},
2700 {"s2k-count", required_argument
, 0, 0},
2701 {"no-passphrase", no_argument
, 0, 0},
2702 {"kill", no_argument
, 0, 0},
2709 #ifdef HAVE_SETRLIMIT
2712 rl
.rlim_cur
= rl
.rlim_max
= 0;
2714 if (setrlimit (RLIMIT_CORE
, &rl
) != 0)
2715 err (EXIT_FAILURE
, "setrlimit()");
2718 #ifdef HAVE_PR_SET_DUMPABLE
2719 prctl (PR_SET_DUMPABLE
, 0);
2724 setlocale (LC_ALL
, "");
2725 bindtextdomain ("pwmd", LOCALEDIR
);
2726 textdomain ("pwmd");
2734 if (setup_crypto ())
2735 exit (EXIT_FAILURE
);
2738 gnutls_global_set_mem_functions (xmalloc
, xmalloc
, secure_mem_check
,
2740 gnutls_global_init ();
2741 gnutls_global_set_log_function (tls_log
);
2742 gnutls_global_set_log_level (1);
2746 xmlMemSetup (xfree
, xmalloc
, xrealloc
, str_dup
);
2754 while ((opt
= getopt_long (argc
, argv
, optstring
, longopts
, &optindex
))
2763 convertfile
= optarg
;
2778 rcfile
= str_dup (optarg
);
2781 usage (argv
[0], EXIT_FAILURE
);
2794 use_agent
= optarg
&& *optarg
? atoi (optarg
) : 1;
2795 if (use_agent
< 0 || use_agent
> 1)
2799 case OPT_DEBUG_LEVEL
:
2800 debug_level_opt
= optarg
;
2803 homedir
= str_dup (optarg
);
2808 case OPT_DISABLE_DUMP
:
2816 rcfile
= str_dup (optarg
);
2819 convertfile
= optarg
;
2821 case OPT_PASSPHRASE_FILE
:
2830 case OPT_NO_PASSPHRASE_FILE
:
2831 no_passphrase_file
= 1;
2836 case OPT_SIGN_KEYGRIP
:
2837 sign_keygrip
= optarg
;
2845 case OPT_ITERATIONS
:
2847 s2k_count
= strtoul (optarg
, NULL
, 10);
2849 case OPT_NO_PASSPHRASE
:
2864 "Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015\n"
2866 "Released under the terms of the GPL v2. Use at your own risk.\n\n"
2867 "Compile time features:\n%s"), PACKAGE_STRING
,
2870 "+PWMD_HOMEDIR=" PWMD_HOMEDIR
"\n"
2903 exit (EXIT_SUCCESS
);
2908 homedir
= str_dup(PWMD_HOMEDIR
);
2910 homedir
= str_asprintf ("%s/.pwmd", get_home_dir());
2913 if (mkdir (homedir
, 0700) == -1 && errno
!= EEXIST
)
2914 err (EXIT_FAILURE
, "%s", homedir
);
2916 snprintf (buf
, sizeof (buf
), "%s/data", homedir
);
2917 if (mkdir (buf
, 0700) == -1 && errno
!= EEXIST
)
2918 err (EXIT_FAILURE
, "%s", buf
);
2920 datadir
= str_dup (buf
);
2921 pthread_mutexattr_t attr
;
2922 pthread_mutexattr_init (&attr
);
2923 pthread_mutexattr_settype (&attr
, PTHREAD_MUTEX_RECURSIVE
);
2924 pthread_mutex_init (&rcfile_mutex
, &attr
);
2925 pthread_cond_init (&rcfile_cond
, NULL
);
2926 pthread_mutex_init (&cn_mutex
, &attr
);
2927 pthread_mutexattr_destroy (&attr
);
2928 pthread_key_create (&last_error_key
, free_key
);
2929 #ifndef HAVE_PTHREAD_CANCEL
2930 pthread_key_create (&signal_thread_key
, free_key
);
2934 rcfile
= str_asprintf ("%s/config", homedir
);
2936 global_config
= config_parse (rcfile
, 0);
2938 exit (EXIT_FAILURE
);
2941 if (use_agent
== -1)
2942 use_agent
= config_get_boolean ("global", "use_agent");
2947 if (debug_level_opt
)
2948 debug_level
= str_split (debug_level_opt
, ",", 0);
2950 x
= config_get_int_param (global_config
, "global", "priority", &exists
);
2951 if (exists
&& x
!= atoi(INVALID_PRIORITY
))
2954 if (setpriority (PRIO_PROCESS
, 0, x
) == -1)
2956 log_write ("setpriority(): %s",
2957 pwmd_strerror (gpg_error_from_errno (errno
)));
2961 #ifdef HAVE_MLOCKALL
2962 if (disable_mlock
== 0 && mlockall (MCL_CURRENT
| MCL_FUTURE
) == -1)
2964 log_write ("mlockall(): %s",
2965 pwmd_strerror (gpg_error_from_errno (errno
)));
2970 rc
= cache_init (free_cache_data
);
2973 log_write ("pwmd: ERR %i: %s", rc
,
2974 gpg_err_code (rc
) == GPG_ERR_UNKNOWN_VERSION
2975 ? _("incompatible gpg-agent version: 2.1.0 or later required")
2976 : pwmd_strerror (rc
));
2981 s2k_count
= config_get_ulong (NULL
, "s2k_count");
2985 if (!outfile
|| !*outfile
|| argc
!= optind
)
2986 usage (argv
[0], EXIT_FAILURE
);
2988 estatus
= convert_v2_datafile (convertfile
, cipher
, keyfile
, keygrip
,
2989 sign_keygrip
, no_passphrase
, outfile
,
2990 keyparam
, s2k_count
);
2991 config_free (global_config
);
2998 if (!outfile
|| !*outfile
|| argc
!= optind
)
2999 usage (argv
[0], EXIT_FAILURE
);
3001 if (outfile
&& outfile
[0] == '-' && outfile
[1] == 0)
3004 estatus
= xml_import (import
, outfile
, keygrip
, sign_keygrip
, keyfile
,
3005 no_passphrase
, cipher
, keyparam
, s2k_count
);
3006 config_free (global_config
);
3011 p
= config_get_string ("global", "socket_path");
3013 p
= str_asprintf ("%s/socket", homedir
);
3015 socketarg
= expand_homedir (p
);
3019 disable_list_and_dump
= config_get_boolean ("global",
3020 "disable_list_and_dump");
3022 disable_list_and_dump
= secure
;
3024 cache_push
= config_get_list ("global", "cache_push");
3026 while (optind
< argc
)
3028 if (strv_printf (&cache_push
, "%s", argv
[optind
++]) == 0)
3029 errx (EXIT_FAILURE
, "%s", pwmd_strerror (GPG_ERR_ENOMEM
));
3032 if (strchr (socketarg
, '/') == NULL
)
3034 socketdir
= getcwd (buf
, sizeof (buf
));
3035 socketname
= str_dup (socketarg
);
3036 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
3040 socketname
= str_dup (strrchr (socketarg
, '/'));
3042 socketarg
[strlen (socketarg
) - strlen (socketname
) - 1] = 0;
3043 socketdir
= str_dup (socketarg
);
3044 socketpath
= str_asprintf ("%s/%s", socketdir
, socketname
);
3047 if (chdir (datadir
))
3049 log_write ("%s: %s", datadir
,
3050 pwmd_strerror (gpg_error_from_errno (errno
)));
3051 unlink (socketpath
);
3055 x
= test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 0,
3057 if (!terminate
&& x
)
3061 estatus
= x
!= 1 ? EXIT_FAILURE
: EXIT_SUCCESS
;
3066 * bind() doesn't like the full pathname of the socket or any non alphanum
3067 * characters so change to the directory where the socket is wanted then
3068 * create it then change to datadir.
3070 if (chdir (socketdir
))
3072 log_write ("%s: %s", socketdir
,
3073 pwmd_strerror (gpg_error_from_errno (errno
)));
3079 if ((sockfd
= socket (PF_UNIX
, SOCK_STREAM
, 0)) == -1)
3081 log_write ("socket(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3085 addr
.sun_family
= AF_UNIX
;
3086 snprintf (addr
.sun_path
, sizeof (addr
.sun_path
), "%s", socketname
);
3088 if (bind (sockfd
, (struct sockaddr
*) &addr
, sizeof (struct sockaddr
)) ==
3091 log_write ("bind(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3093 if (errno
== EADDRINUSE
)
3096 log_write (_("Either there is another pwmd running or '%s' is a \n"
3097 "stale socket. Please remove it manually."), socketpath
);
3104 char *t
= config_get_string ("global", "socket_perms");
3109 mode
= strtol (t
, NULL
, 8);
3113 if (chmod (socketname
, mode
) == -1)
3115 log_write ("%s: %s", socketname
,
3116 pwmd_strerror (gpg_error_from_errno (errno
)));
3126 xfree (--socketname
);
3128 if (chdir (datadir
))
3130 log_write ("%s: %s", datadir
,
3131 pwmd_strerror (gpg_error_from_errno (errno
)));
3139 * Set the cache entry for a file. Prompts for the password.
3143 struct crypto_s
*crypto
= NULL
;
3144 gpg_error_t rc
= init_client_crypto (&crypto
);
3148 estatus
= EXIT_FAILURE
;
3155 rc
= agent_set_pinentry_options (crypto
->agent
);
3158 estatus
= EXIT_FAILURE
;
3164 for (opt
= 0; cache_push
[opt
]; opt
++)
3166 if (!do_cache_push (cache_push
[opt
], crypto
) && !force
)
3168 strv_free (cache_push
);
3170 estatus
= EXIT_FAILURE
;
3171 cleanup_crypto (&crypto
);
3175 cleanup_crypto_stage1 (crypto
);
3180 (void) kill_scd (crypto
->agent
);
3183 cleanup_crypto (&crypto
);
3184 strv_free (cache_push
);
3185 log_write (!nofork
? _("Done. Daemonizing...") :
3186 _("Done. Waiting for connections..."));
3189 config_clear_keys ();
3191 if (listen (sockfd
, 0) == -1)
3193 log_write ("listen(): %s", pwmd_strerror (gpg_error_from_errno (errno
)));
3202 log_write ("fork(): %s",
3203 pwmd_strerror (gpg_error_from_errno (errno
)));
3212 _exit (EXIT_SUCCESS
);
3216 (void)test_pidfile (socketpath
, socketname
, buf
, sizeof(buf
), &pidfile
, 1,
3219 pthread_key_create (&thread_name_key
, free_key
);
3220 pthread_setspecific (thread_name_key
, str_dup ("main"));
3221 estatus
= server_loop (sockfd
, &socketpath
);
3224 if (socketpath
&& do_unlink
)
3226 unlink (socketpath
);
3232 gnutls_global_deinit ();
3236 #ifdef HAVE_PTHREAD_CANCEL
3237 pthread_cancel (rcfile_tid
);
3239 pthread_kill (rcfile_tid
, SIGUSR2
);
3240 pthread_cond_signal (&rcfile_cond
);
3242 pthread_join (rcfile_tid
, NULL
);
3245 pthread_cond_destroy (&rcfile_cond
);
3246 pthread_mutex_destroy (&rcfile_mutex
);
3247 pthread_key_delete (last_error_key
);
3248 #ifndef HAVE_PTHREAD_CANCEL
3249 pthread_key_delete (signal_thread_key
);
3253 config_free (global_config
);
3255 free_invoking_users (invoking_users
);
3257 xfree (home_directory
);
3259 xmlCleanupParser ();
3260 xmlCleanupGlobals ();
3266 if (estatus
== EXIT_SUCCESS
&& !terminate
)
3267 log_write (_("pwmd exiting normally"));
3269 pthread_key_delete (thread_name_key
);
3271 #if defined(DEBUG) && !defined(MEM_DEBUG)