search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use glib's command line option parser.
[pwmd.git] / src / commands.c
blob28c5d8f8b619d6843c810b1050d4eb3859bf6dd5
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2011 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
18 */
19 #ifdef HAVE_CONFIG_H
20 #include <config.h>
21 #endif
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <unistd.h>
26 #include <err.h>
27 #include <errno.h>
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <fcntl.h>
31 #include <ctype.h>
32 #include <glib.h>
33 #include <gcrypt.h>
34 #include <zlib.h>
35 #include <dirent.h>
36
37 #ifdef WITH_LIBACL
38 #include <sys/acl.h>
39 #endif
40
41 #include "mem.h"
42 #include "xml.h"
43 #include "common.h"
44
45 #ifdef WITH_PINENTRY
46 #include "pinentry.h"
47 #endif
48
49 #include "pwmd_error.h"
50 #include "cache.h"
51 #include "misc.h"
52 #include "commands.h"
53 #include "mutex.h"
54 #include "rcfile.h"
55
56 struct gz_s {
57 z_stream z;
58 gpointer out;
59 gboolean done;
60 status_msg_t which;
61 };
62
63 struct command_table_s {
64 const gchar *name;
65 gint (*handler)(assuan_context_t, gchar *line);
66 const gchar *help;
67 gboolean ignore_startup;
68 };
69
70 static struct command_table_s **command_table;
71 static guchar crypto_magic[5] = "\177PWMD";
72
73 static gpg_error_t do_lock_command(struct client_s *client);
74
75 static void *z_alloc(void *data, unsigned items, unsigned size)
76 {
77 return gcry_calloc(items, size);
78 }
79
80 static void z_free(void *data, void *p)
81 {
82 gcry_free(p);
83 }
84
85 static gpg_error_t file_modified(struct client_s *client)
86 {
87 struct stat st;
88 gpg_error_t rc;
89
90 if (client->state != STATE_OPEN)
91 return EPWMD_NO_FILE;
92
93 rc = lock_file_mutex(client);
94
95 if (rc)
96 return rc;
97
98 if (lstat(client->filename, &st) == 0 && client->mtime) {
99 if (client->mtime != st.st_mtime)
100 return EPWMD_FILE_MODIFIED;
101 }
102
103 pth_cancel_point();
104 return 0;
105 }
106
107 static gpg_error_t parse_xml(assuan_context_t ctx)
108 {
109 struct client_s *client = assuan_get_pointer(ctx);
110
111 client->doc = xmlReadMemory(client->xml, client->len, NULL, "UTF-8", XML_PARSE_NOBLANKS);
112
113 if (!client->doc)
114 return EPWMD_LIBXML_ERROR;
115
116 if (!client->crypto->fh || client->crypto->fh->ver.fh2.version >= 0x212)
117 return 0;
118
119 return convert_elements(client->doc);
120 }
121
122 void unlock_file_mutex(struct client_s *client)
123 {
124 pth_mutex_t *m;
125
126 if (client->has_lock == FALSE)
127 return;
128
129 CACHE_LOCK(client->ctx);
130
131 if (cache_get_mutex(client->md5file, &m) == FALSE) {
132 CACHE_UNLOCK;
133 return;
134 }
135
136 CACHE_UNLOCK;
137 MUTEX_UNLOCK(m);
138 client->has_lock = client->is_lock_cmd = FALSE;
139 }
140
141 gpg_error_t lock_file_mutex(struct client_s *client)
142 {
143 pth_mutex_t *m;
144 gpg_error_t rc = 0;
145
146 if (client->has_lock == TRUE)
147 return 0;
148
149 CACHE_LOCK(client->ctx);
150
151 if (cache_get_mutex(client->md5file, &m) == FALSE) {
152 CACHE_UNLOCK;
153 return 0;
154 }
155
156 CACHE_UNLOCK;
157
158 if (client->rc_on_locked) {
159 if (!pth_mutex_acquire(m, TRUE, NULL))
160 return GPG_ERR_LOCKED;
161 #ifdef MUTEX_DEBUG
162 MUTEX_LOCK_DEBUG(m);
163 #endif
164 }
165 else
166 MUTEX_TRYLOCK(client, m, rc);
167
168 if (!rc)
169 client->has_lock = TRUE;
170
171 return rc;
172 }
173
174 void free_client(struct client_s *client)
175 {
176 if (client->doc)
177 xmlFreeDoc(client->doc);
178
179 if (client->xml)
180 gcry_free(client->xml);
181
182 if (client->filename)
183 g_free(client->filename);
184
185 if (client->crypto)
186 cleanup_crypto(&client->crypto);
187
188 if (client->xml_error)
189 xmlResetError(client->xml_error);
190 }
191
192 void cleanup_client(struct client_s *client)
193 {
194 assuan_context_t ctx = client->ctx;
195 struct client_thread_s *thd = client->thd;
196 gboolean rc_on_locked = client->rc_on_locked;
197 gboolean lock_on_open = client->lock_on_open;
198 #ifdef WITH_PINENTRY
199 struct pinentry_s *pin = client->pinentry;
200 #endif
201
202 unlock_file_mutex(client);
203 CACHE_LOCK(client->ctx);
204 cache_decr_refcount(client->md5file);
205
206 /*
207 * This may be a new file so don't use a cache slot. save_command() will
208 * set this to FALSE on success.
209 */
210 if (client->new == TRUE)
211 cache_clear(client->md5file, 1);
212
213 CACHE_UNLOCK;
214 free_client(client);
215 memset(client, 0, sizeof(struct client_s));
216 client->state = STATE_CONNECTED;
217 client->ctx = ctx;
218 client->thd = thd;
219 client->freed = TRUE;
220 #ifdef WITH_PINENTRY
221 client->pinentry = pin;
222 #endif
223 client->rc_on_locked = rc_on_locked;
224 client->lock_on_open = lock_on_open;
225 }
226
227 static void gz_cleanup(void *arg)
228 {
229 struct gz_s **gz = (struct gz_s **)arg;
230
231 if (!gz)
232 return;
233
234 if (!(*gz)->done && (*gz)->out)
235 gcry_free((*gz)->out);
236
237 if ((*gz)->which == STATUS_COMPRESS) {
238 if ((*gz)->z.zalloc)
239 deflateEnd(&(*gz)->z);
240 }
241 else {
242 if ((*gz)->z.zalloc)
243 inflateEnd(&(*gz)->z);
244 }
245
246 g_free(*gz);
247 *gz = NULL;
248 }
249
250 gpg_error_t do_decompress(assuan_context_t ctx, gpointer in, gulong insize,
251 gpointer *out, gulong *outsize)
252 {
253 struct gz_s *gz;
254 gz_header h;
255 gchar buf[17];
256 gpg_error_t rc;
257 gint zrc;
258
259 gz = g_malloc0(sizeof(struct gz_s));
260
261 if (!gz)
262 return GPG_ERR_ENOMEM;
263
264 pth_cleanup_push(gz_cleanup, &gz);
265 gz->which = STATUS_DECOMPRESS;
266 gz->z.zalloc = z_alloc;
267 gz->z.zfree = z_free;
268 gz->z.next_in = in;
269 gz->z.avail_in = (uInt)insize;
270 gz->z.avail_out = zlib_bufsize;
271 gz->z.next_out = gz->out = gcry_malloc(zlib_bufsize);
272
273 if (!gz->out) {
274 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
275 pth_cleanup_pop(1);
276 return GPG_ERR_ENOMEM;
277 }
278
279 zrc = inflateInit2(&gz->z, 47);
280
281 if (zrc != Z_OK) {
282 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
283 pth_cleanup_pop(1);
284 return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
285 }
286
287 memset(&h, 0, sizeof(gz_header));
288 h.comment = (guchar *)buf;
289 h.comm_max = sizeof(buf);
290 zrc = inflateGetHeader(&gz->z, &h);
291
292 if (zrc != Z_OK) {
293 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
294 pth_cleanup_pop(1);
295 return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
296 }
297
298 zrc = inflate(&gz->z, Z_BLOCK);
299
300 if (zrc != Z_OK) {
301 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
302 pth_cleanup_pop(1);
303 return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
304 }
305
306 if (h.comment)
307 insize = strtoul((gchar *)h.comment, NULL, 10);
308
309 do {
310 gpointer p;
311
312 zrc = inflate(&gz->z, Z_FINISH);
313
314 switch (zrc) {
315 case Z_OK:
316 break;
317 case Z_BUF_ERROR:
318 if (!gz->z.avail_out) {
319 p = gcry_realloc(gz->out, gz->z.total_out + zlib_bufsize);
320
321 if (!p) {
322 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
323 rc = GPG_ERR_ENOMEM;
324 goto fail;
325 }
326
327 gz->out = p;
328 gz->z.next_out = (guchar *)gz->out + gz->z.total_out;
329 gz->z.avail_out = zlib_bufsize;
330 rc = send_status(ctx, STATUS_DECOMPRESS, "%li %li",
331 gz->z.total_out, insize);
332
333 if (rc)
334 goto fail;
335 }
336 break;
337 case Z_STREAM_END:
338 break;
339 default:
340 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
341 rc = GPG_ERR_COMPR_ALGO;
342 goto fail;
343 break;
344 }
345 } while (zrc != Z_STREAM_END);
346
347 rc = send_status(ctx, STATUS_DECOMPRESS, "%li %li", gz->z.total_out,
348 insize);
349
350 if (rc)
351 goto fail;
352
353 *out = gz->out;
354 *outsize = gz->z.total_out;
355 gz->done = TRUE;
356 pth_cleanup_pop(1);
357 return 0;
358
359 fail:
360 pth_cleanup_pop(1);
361 return rc;
362 }
363
364 file_header_internal_t *read_file_header(const gchar *filename, gboolean v1,
365 gpg_error_t *rc)
366 {
367 gint fd;
368 gsize len;
369 file_header_internal_t *fh = g_malloc0(sizeof(file_header_internal_t));
370 gsize fh_size;
371 gpointer p;
372
373 *rc = 0;
374
375 if (!fh) {
376 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
377 *rc = GPG_ERR_ENOMEM;
378 return NULL;
379 }
380
381 pth_cleanup_push(g_free, fh);
382 fh_size = v1 ? sizeof(fh->ver.fh1) : sizeof(fh->ver.fh2);
383
384 if (lstat(filename, &fh->st) == -1) {
385 *rc = gpg_error_from_syserror();
386 pth_cleanup_pop(1);
387 return NULL;
388 }
389
390 if (!S_ISREG(fh->st.st_mode)) {
391 *rc = GPG_ERR_ENOANO;
392 pth_cleanup_pop(1);
393 return NULL;
394 }
395
396 fd = open(filename, O_RDONLY);
397
398 if (fd == -1) {
399 *rc = gpg_error_from_syserror();
400 pth_cleanup_pop(1);
401 return NULL;
402 }
403
404 pth_cleanup_push(cleanup_fd_cb, &fd);
405 p = v1 ? (void *)&fh->ver.fh1 : (void *)&fh->ver.fh2;
406 len = pth_read(fd, p, fh_size);
407
408 if (len != fh_size) {
409 *rc = gpg_error_from_syserror();
410 pth_cleanup_pop(1);
411 pth_cleanup_pop(1);
412 return NULL;
413 }
414
415 fh->v1 = v1;
416 fh->fd = fd;
417 pth_cleanup_pop(0);
418 pth_cleanup_pop(0);
419 return fh;
420 }
421
422 static gpg_error_t open_command_finalize(assuan_context_t ctx, guchar *unused,
423 gboolean cached)
424 {
425 struct client_s *client = assuan_get_pointer(ctx);
426 gpg_error_t rc;
427 gint timeout;
428 guchar *key = client->crypto->key;
429
430 /* New file. */
431 if (!client->crypto->fh) {
432 if (key[0])
433 goto update_cache;
434
435 goto done;
436 }
437
438 rc = init_client_crypto2(client->filename, client->crypto);
439
440 if (rc) {
441 cleanup_client(client);
442 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
443 }
444
445 rc = try_xml_decrypt(ctx, client->crypto, NULL, NULL);
446
447 if (rc) {
448 cleanup_client(client);
449 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
450 }
451
452 update_cache:
453 CACHE_LOCK(client->ctx);
454
455 if (cached == FALSE) {
456 if (cache_update_key(client->md5file, key) == FALSE) {
457 cleanup_client(client);
458 CACHE_UNLOCK;
459 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
460 }
461
462 timeout = get_key_file_integer(client->filename, "cache_timeout");
463 cache_reset_timeout(client->md5file, timeout);
464 }
465 else
466 cache_set_timeout(client->md5file, -2);
467
468 CACHE_UNLOCK;
469
470 done:
471 rc = parse_xml(ctx);
472
473 if (client->xml) {
474 gcry_free(client->xml);
475 client->xml = NULL;
476 }
477
478 if (!rc) {
479 if (client->new == FALSE)
480 send_status_all(STATUS_CACHE);
481
482 client->state = STATE_OPEN;
483 }
484
485 if (!rc && client->new == FALSE &&
486 client->crypto->fh->ver.fh2.iter != get_key_file_uint64(client->filename, "iterations")) {
487 gchar *s = g_strdup_printf("%llu", client->crypto->fh->ver.fh2.iter);
488
489 MUTEX_LOCK(&rcfile_mutex);
490 g_key_file_set_value(keyfileh, client->filename, "iterations", s);
491 g_free(s);
492 MUTEX_UNLOCK(&rcfile_mutex);
493 send_status_all(STATUS_CONFIG);
494 }
495
496 cleanup_crypto(&client->crypto);
497
498 if (!rc && client->lock_on_open)
499 return do_lock_command(client);
500
501 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
502 }
503
504 static void req_cleanup(void *arg)
505 {
506 if (!arg)
507 return;
508
509 g_strfreev((gchar **)arg);
510 }
511
512 static gpg_error_t parse_open_opt_lock(gpointer data, gpointer value)
513 {
514 struct client_s *client = data;
515 const gchar *p = value;
516
517 if (p && *p) {
518 gint n = atoi(p);
519
520 if (n < 0 || n > 1)
521 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
522
523 client->lock_on_open = n ? TRUE : FALSE;
524 }
525 else if ((!p || !*p) && (client->opts & OPT_LOCK))
526 client->lock_on_open = FALSE;
527 else
528 client->lock_on_open = TRUE;
529
530 return 0;
531 }
532
533 static gpg_error_t parse_opt_pinentry(gpointer data, gpointer value)
534 {
535 #ifdef WITH_PINENTRY
536 struct client_s *client = data;
537 gchar *p = NULL;
538 gchar *str = value;
539 gint n;
540
541 if (!str || !*str) {
542 client->pinentry->enable = -1;
543 client->opts &= ~(OPT_PINENTRY);
544 return 0;
545 }
546
547 n = atoi(str);
548
549 if (*p || n < 0 || n > 1)
550 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
551
552 client->pinentry->enable = n ? TRUE : FALSE;
553 client->opts |= OPT_PINENTRY;
554 return 0;
555 #else
556 return GPG_ERR_NOT_IMPLEMENTED;
557 #endif
558 }
559
560 static gpg_error_t parse_opt_inquire(gpointer data, gpointer value)
561 {
562 struct client_s *client = data;
563
564 (void)value;
565 client->opts |= OPT_INQUIRE;
566 return 0;
567 }
568
569 static gpg_error_t parse_opt_base64(gpointer data, gpointer value)
570 {
571 struct client_s *client = data;
572
573 (void)value;
574 client->opts |= OPT_BASE64;
575 return 0;
576 }
577
578 static gpg_error_t hash_key(struct client_s *client, const gchar *key)
579 {
580 guchar *tmp;
581 gsize len;
582
583 if (client->opts & OPT_BASE64)
584 tmp = g_base64_decode(key, &len);
585 else {
586 tmp = (guchar *)g_strdup(key);
587 len = strlen(key);
588 }
589
590 if (!tmp)
591 return GPG_ERR_ENOMEM;
592
593 gcry_md_hash_buffer(GCRY_MD_SHA256, client->crypto->key, tmp, len);
594 g_free(tmp);
595 return 0;
596 }
597
598 static gpg_error_t open_command_common(assuan_context_t ctx, gchar *line)
599 {
600 gboolean cached = FALSE;
601 gpg_error_t rc;
602 struct client_s *client = assuan_get_pointer(ctx);
603 gchar **req;
604 gchar *filename = NULL;
605 gsize hashlen = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
606
607 if ((req = split_input_line(line, " ", 2)) != NULL)
608 filename = req[0];
609
610 pth_cleanup_push(req_cleanup, req);
611
612 if (!filename || !*filename) {
613 pth_cleanup_pop(1);
614 return client->opts & OPT_INQUIRE ? GPG_ERR_SYNTAX : send_error(ctx, GPG_ERR_SYNTAX);
615 }
616
617 log_write2("ARGS=\"%s\" %s", filename, req[1] ? "<passphrase>" : "");
618
619 if (valid_filename(filename) == FALSE) {
620 pth_cleanup_pop(1);
621 return client->opts & OPT_INQUIRE ? GPG_ERR_INV_VALUE : send_error(ctx, GPG_ERR_INV_VALUE);
622 }
623
624 gcry_md_hash_buffer(GCRY_MD_MD5, client->md5file, filename, strlen(filename));
625 CACHE_LOCK(client->ctx);
626
627 if (cache_has_file(client->md5file) == FALSE) {
628 if (cache_add_file(client->md5file, NULL) == FALSE) {
629 pth_cleanup_pop(1);
630 CACHE_UNLOCK;
631 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
632 }
633 }
634
635 CACHE_UNLOCK;
636 rc = lock_file_mutex(client);
637
638 if (rc) {
639 pth_cleanup_pop(1);
640 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
641 }
642
643 client->freed = FALSE;
644 CACHE_LOCK(client->ctx);
645 cache_incr_refcount(client->md5file);
646 CACHE_UNLOCK;
647 client->crypto = init_client_crypto();
648
649 if (!client->crypto) {
650 pth_cleanup_pop(1);
651 cleanup_client(client);
652 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
653 }
654
655 client->crypto->key = gcry_malloc(hashlen);
656
657 if (!client->crypto->key) {
658 pth_cleanup_pop(1);
659 log_write("%s(%i): %s", __FUNCTION__, __LINE__,
660 GPG_ERR_ENOMEM);
661 cleanup_client(client);
662 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
663 }
664
665 memset(client->crypto->key, 0, hashlen);
666 client->crypto->fh = read_file_header(filename, FALSE, &rc);
667
668 if (!client->crypto->fh) {
669 if (gpg_err_code_to_errno(rc) != ENOENT) {
670 log_write("%s: %s", filename, pwmd_strerror(rc));
671 pth_cleanup_pop(1);
672 cleanup_client(client);
673 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
674 }
675
676 /*
677 * New files don't need a key.
678 */
679 if ((client->xml = new_document()) == NULL) {
680 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
681 pth_cleanup_pop(1);
682 cleanup_client(client);
683 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
684 }
685
686 client->len = xmlStrlen(client->xml);
687 client->new = TRUE;
688 client->filename = g_strdup(filename);
689
690 if (!client->filename) {
691 pth_cleanup_pop(1);
692 cleanup_client(client);
693 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
694 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
695 }
696
697 if (req[1] && *req[1]) {
698 rc = hash_key(client, req[1]);
699
700 if (rc) {
701 pth_cleanup_pop(1);
702 cleanup_client(client);
703 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
704 }
705 }
706
707 pth_cleanup_pop(1);
708 #ifdef WITH_PINENTRY
709 client->pinentry->filename = g_strdup(client->filename);
710
711 if (!client->pinentry->filename) {
712 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
713 cleanup_client(client);
714 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
715 }
716 #endif
717 return open_command_finalize(ctx, NULL, cached);
718 }
719 else {
720 if (!(client->opts & OPT_CIPHER))
721 g_key_file_set_string(keyfileh, filename, "cipher",
722 pwmd_cipher_to_str(client->crypto->fh->ver.fh2.flags));
723
724 client->mtime = client->crypto->fh->st.st_mtime;
725 }
726
727 client->filename = g_strdup(filename);
728
729 if (!client->filename) {
730 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
731 pth_cleanup_pop(1);
732 cleanup_client(client);
733 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
734 }
735
736 #ifdef WITH_PINENTRY
737 if (client->pinentry->filename)
738 g_free(client->pinentry->filename);
739
740 client->pinentry->filename = g_strdup(client->filename);
741
742 if (!client->pinentry->filename) {
743 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
744 pth_cleanup_pop(1);
745 cleanup_client(client);
746 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
747 }
748 #endif
749
750 if (client->crypto->fh->ver.fh2.iter <= 0ULL)
751 goto done;
752
753 CACHE_LOCK(client->ctx);
754 cached = cache_get_key(client->md5file, client->crypto->key);
755 CACHE_UNLOCK;
756
757 if (cached == FALSE) {
758 gchar *tmp = get_key_file_string(filename, "key_file");
759
760 if (tmp && !(client->opts & OPT_INQUIRE)) {
761 g_free(tmp);
762 pth_cleanup_pop(1);
763 cleanup_client(client);
764 return send_error(ctx, GPG_ERR_WRONG_KEY_USAGE);
765 }
766
767 if (tmp)
768 g_free(tmp);
769
770 /*
771 * No key specified and no matching filename found in the cache. Use
772 * pinentry to retrieve the key. Cannot return assuan_process_done()
773 * here otherwise the command will be interrupted. The event loop in
774 * client_thread() will poll the file descriptor waiting for it to
775 * become ready to read a pinentry_key_s which will contain the
776 * entered key or an error code. It will then call
777 * open_command_finalize() to to finish the command.
778 */
779 if (!req[1] || !*req[1]) {
780 #ifdef WITH_PINENTRY
781 gboolean b = get_key_file_boolean(filename, "enable_pinentry");
782
783 /* From set_pinentry_defaults(). */
784 if (client->opts & OPT_INQUIRE ||
785 client->pinentry->enable == FALSE ||
786 (client->pinentry->enable == -1 && b == FALSE)) {
787 gcry_md_hash_buffer(GCRY_MD_SHA256, client->crypto->key, "", 1);
788 goto done;
789 }
790
791 pth_cleanup_pop(1);
792 rc = lock_pin_mutex(client);
793
794 if (rc) {
795 unlock_pin_mutex(client->pinentry);
796 cleanup_client(client);
797 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
798 }
799
800 client->pinentry->which = PINENTRY_OPEN;
801 rc = pinentry_fork(ctx);
802
803 if (rc) {
804 unlock_pin_mutex(client->pinentry);
805 cleanup_client(client);
806 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
807 }
808
809 // Called from pinentry iterate.
810 client->pinentry->cb = open_command_finalize;
811 client->pinentry->status = PINENTRY_INIT;
812 return 0;
813 #else
814 gcry_md_hash_buffer(GCRY_MD_SHA256, client->crypto->key, "", 1);
815 goto done;
816 #endif
817 }
818
819 rc = hash_key(client, req[1]);
820
821 if (rc) {
822 pth_cleanup_pop(1);
823 cleanup_client(client);
824 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
825 }
826 }
827 else if (req && req[1] && *req[1]) {
828 rc = hash_key(client, req[1]);
829
830 if (rc) {
831 pth_cleanup_pop(1);
832 cleanup_client(client);
833 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
834 }
835 }
836
837 done:
838 pth_cleanup_pop(1);
839 return open_command_finalize(ctx, NULL, cached);
840 }
841
842 static gint open_command_inquire_finalize(gpointer data, gint assuan_rc,
843 guchar *line, gsize len)
844 {
845 assuan_context_t ctx = data;
846 struct client_s *client = assuan_get_pointer(ctx);
847 gpg_error_t rc = file_modified(client);
848
849 if (assuan_rc || (rc && rc != EPWMD_NO_FILE)) {
850 if (line)
851 xfree(line);
852
853 return assuan_rc ? assuan_rc : rc;
854 }
855
856 rc = open_command_common(ctx, (gchar *)line);
857
858 if (line)
859 xfree(line);
860
861 client->inquire_status = INQUIRE_DONE;
862 return rc;
863 }
864
865 static gint open_command(assuan_context_t ctx, gchar *line)
866 {
867 gpg_error_t rc;
868 struct client_s *client = assuan_get_pointer(ctx);
869 struct argv_s *args[] = {
870 &(struct argv_s) { "lock", OPTION_TYPE_NOARG, parse_open_opt_lock },
871 &(struct argv_s) { "pinentry", OPTION_TYPE_OPTARG, parse_opt_pinentry },
872 &(struct argv_s) { "inquire", OPTION_TYPE_NOARG, parse_opt_inquire },
873 &(struct argv_s) { "base64", OPTION_TYPE_NOARG, parse_opt_base64 },
874 NULL
875 };
876
877 if (client->state == STATE_OPEN)
878 cleanup_client(client);
879
880 if (!(client->opts & OPT_LOCK))
881 client->lock_on_open = FALSE;
882
883 rc = parse_options(&line, args, client);
884
885 if (rc)
886 return send_error(ctx, rc);
887
888 if ((client->opts & OPT_INQUIRE)) {
889 rc = assuan_inquire_ext(ctx, "OPEN", 0, open_command_inquire_finalize,
890 ctx);
891
892 if (rc)
893 return send_error(ctx, rc);
894
895 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
896 client->inquire_status = INQUIRE_BUSY;
897 return 0;
898 }
899
900 return open_command_common(ctx, line);
901 }
902
903 gpg_error_t do_compress(assuan_context_t ctx, gint level, gpointer data,
904 guint size, gpointer *out, gulong *outsize)
905 {
906 struct gz_s *gz;
907 gz_header h;
908 gchar buf[17];
909 gint cmd = Z_NO_FLUSH;
910 gint zrc;
911 gpg_error_t rc;
912
913 gz = g_malloc0(sizeof(struct gz_s));
914
915 if (!gz)
916 return GPG_ERR_ENOMEM;
917
918 pth_cleanup_push(gz_cleanup, &gz);
919 gz->which = STATUS_COMPRESS;
920 gz->z.zalloc = z_alloc;
921 gz->z.zfree = z_free;
922 gz->z.next_in = data;
923 gz->z.avail_in = size < zlib_bufsize ? (uInt)size : (uInt)zlib_bufsize;
924 gz->z.avail_out = (uInt)zlib_bufsize;
925 gz->z.next_out = gz->out = gcry_malloc(zlib_bufsize);
926
927 if (!gz->out) {
928 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
929 pth_cleanup_pop(1);
930 return GPG_ERR_ENOMEM;
931 }
932
933 zrc = deflateInit2(&gz->z, level, Z_DEFLATED, 31, 8, Z_DEFAULT_STRATEGY);
934
935 if (zrc != Z_OK) {
936 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
937 pth_cleanup_pop(1);
938 return GPG_ERR_COMPR_ALGO;
939 }
940
941 /* Rather than store the size of the uncompressed data in the file header,
942 * store it in the comment field of the gzip header. Don't give anyone too
943 * much information. Not sure why really, but it seems the right way. :)
944 */
945 memset(&h, 0, sizeof(gz_header));
946 g_snprintf(buf, sizeof(buf), "%u", size);
947 h.comment = (guchar *)buf;
948 zrc = deflateSetHeader(&gz->z, &h);
949
950 if (zrc != Z_OK) {
951 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
952 pth_cleanup_pop(1);
953 return GPG_ERR_COMPR_ALGO;
954 }
955
956 do {
957 gpointer p;
958
959 zrc = deflate(&gz->z, cmd);
960
961 switch (zrc) {
962 case Z_OK:
963 break;
964 case Z_BUF_ERROR:
965 if (!gz->z.avail_out) {
966 p = gcry_realloc(gz->out, gz->z.total_out + zlib_bufsize);
967
968 if (!p) {
969 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
970 rc = GPG_ERR_ENOMEM;
971 goto fail;
972 }
973
974 gz->out = p;
975 gz->z.next_out = (guchar *)gz->out + gz->z.total_out;
976 gz->z.avail_out = zlib_bufsize;
977 }
978
979 if (!gz->z.avail_in && gz->z.total_in < size) {
980 if (gz->z.total_in + zlib_bufsize > size)
981 gz->z.avail_in = size - gz->z.total_in;
982 else
983 gz->z.avail_in = zlib_bufsize;
984
985 rc = send_status(ctx, STATUS_COMPRESS, "%li %u",
986 gz->z.total_in, size);
987
988 if (rc)
989 goto fail;
990 }
991
992 if (gz->z.total_in >= size)
993 cmd = Z_FINISH;
994
995 break;
996 case Z_STREAM_END:
997 break;
998 default:
999 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gz->z.msg);
1000 rc = GPG_ERR_COMPR_ALGO;
1001 goto fail;
1002 }
1003 } while (zrc != Z_STREAM_END);
1004
1005 rc = send_status(ctx, STATUS_COMPRESS, "%li %u", gz->z.total_in, size);
1006
1007 if (rc)
1008 goto fail;
1009
1010 *out = gz->out;
1011 *outsize = gz->z.total_out;
1012 gz->done = TRUE;
1013 pth_cleanup_pop(1);
1014 return 0;
1015
1016 fail:
1017 pth_cleanup_pop(1);
1018 return rc;
1019 }
1020
1021 #define CRYPTO_BLOCKSIZE(c) (c->blocksize * 1024)
1022
1023 /*
1024 * Useful for a large amount of data. Rather than doing all of the data in one
1025 * iteration do it in chunks. This lets the command be cancelable rather than
1026 * waiting for it to complete.
1027 */
1028 static gpg_error_t iterate_crypto_once(struct client_s *client,
1029 struct crypto_s *crypto, status_msg_t which)
1030 {
1031 gpg_error_t rc = 0;
1032 goffset len = CRYPTO_BLOCKSIZE(crypto);
1033 gpointer p = gcry_malloc(len);
1034 goffset total = 0;
1035 gpointer inbuf;
1036
1037 if (!p)
1038 return GPG_ERR_ENOMEM;
1039
1040 if (crypto->insize < CRYPTO_BLOCKSIZE(crypto))
1041 len = crypto->insize;
1042
1043 pth_cleanup_push(gcry_free, p);
1044
1045 for (;;) {
1046 inbuf = (guchar *)crypto->inbuf + total;
1047 guchar *tmp;
1048
1049 if (len + total > crypto->insize)
1050 len = crypto->blocksize;
1051
1052 if (which == STATUS_ENCRYPT)
1053 rc = gcry_cipher_encrypt(crypto->gh, p, len, inbuf, len);
1054 else
1055 rc = gcry_cipher_decrypt(crypto->gh, p, len, inbuf, len);
1056
1057 if (rc)
1058 goto done;
1059
1060 tmp = (guchar *)crypto->inbuf + total;
1061 memmove(tmp, p, len);
1062 total += len;
1063
1064 if (total >= crypto->insize)
1065 break;
1066
1067 pth_cancel_point();
1068 }
1069
1070 done:
1071 pth_cleanup_pop(1);
1072 return rc;
1073 }
1074
1075 /* The crypto struct must be setup for iterations and .key. */
1076 gpg_error_t do_xml_encrypt(struct client_s *client,
1077 struct crypto_s *crypto, const gchar *filename)
1078 {
1079 goffset len = crypto->insize;
1080 gpointer inbuf;
1081 gchar *p;
1082 gpg_error_t rc;
1083 guint64 iter_progress = 0, n_iter = 0, xiter = 0;
1084 gchar tmp[FILENAME_MAX];
1085 struct stat st;
1086 mode_t mode = 0;
1087 gsize hashlen = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
1088
1089 if (!crypto->fh->ver.fh2.iter) {
1090 /*
1091 * cache_file_count() needs both .used == TRUE and a valid key in
1092 * order for it to count as a used cache entry. Fixes CACHE status
1093 * messages.
1094 */
1095 memset(crypto->key, '!', hashlen);
1096 goto write_file;
1097 }
1098
1099 /*
1100 * Resize the existing xml buffer to the block size required by gcrypt
1101 * rather than duplicating it and wasting memory.
1102 */
1103 crypto->insize += sizeof(crypto_magic);
1104 len = (crypto->insize / crypto->blocksize) * crypto->blocksize;
1105
1106 if (crypto->insize % crypto->blocksize)
1107 len += crypto->blocksize;
1108
1109 inbuf = gcry_realloc(crypto->inbuf, len);
1110
1111 if (!inbuf) {
1112 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
1113 return GPG_ERR_ENOMEM;
1114 }
1115
1116 guchar *tmpbuf = inbuf;
1117 memmove(&tmpbuf[sizeof(crypto_magic)], tmpbuf, len-sizeof(crypto_magic));
1118 memcpy(tmpbuf, crypto_magic, sizeof(crypto_magic));
1119 crypto->inbuf = tmpbuf;
1120 crypto->insize = len;
1121 gcry_create_nonce(crypto->fh->ver.fh2.iv, crypto->blocksize);
1122
1123 if (crypto->tkey)
1124 gcry_free(crypto->tkey);
1125
1126 crypto->tkey = gcry_malloc(hashlen);
1127
1128 if (!crypto->tkey) {
1129 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
1130 return GPG_ERR_ENOMEM;
1131 }
1132
1133 memcpy(crypto->tkey, crypto->key, hashlen);
1134 guchar *tkey = crypto->tkey;
1135 tkey[0] ^= 1;
1136
1137 if ((rc = gcry_cipher_setkey(crypto->gh, crypto->tkey, crypto->keysize))) {
1138 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
1139 return rc;
1140 }
1141
1142 iter_progress = get_key_file_uint64(
1143 client ? client->filename : "global", "iteration_progress");
1144
1145 if (iter_progress && crypto->fh->ver.fh2.iter >= iter_progress) {
1146 rc = send_status(client ? client->ctx : NULL, STATUS_ENCRYPT,
1147 "0 %llu", crypto->fh->ver.fh2.iter);
1148
1149 if (rc)
1150 return rc;
1151 }
1152
1153 while (xiter < crypto->fh->ver.fh2.iter-1) {
1154 if (iter_progress > 0ULL && xiter >= iter_progress) {
1155 if (!(xiter % iter_progress)) {
1156 rc = send_status(client ? client->ctx : NULL, STATUS_ENCRYPT,
1157 "%llu %llu", ++n_iter * iter_progress,
1158 crypto->fh->ver.fh2.iter);
1159
1160 if (rc)
1161 return rc;
1162 }
1163 }
1164
1165 if ((rc = gcry_cipher_setiv(crypto->gh, crypto->fh->ver.fh2.iv,
1166 crypto->blocksize))) {
1167 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
1168 return rc;
1169 }
1170
1171 rc = iterate_crypto_once(client, crypto, STATUS_ENCRYPT);
1172
1173 if (rc) {
1174 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
1175 return rc;
1176 }
1177
1178 xiter++;
1179 }
1180
1181 if ((rc = gcry_cipher_setiv(crypto->gh, crypto->fh->ver.fh2.iv,
1182 crypto->blocksize))) {
1183 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
1184 return rc;
1185 }
1186
1187 if ((rc = gcry_cipher_setkey(crypto->gh, crypto->key, crypto->keysize))) {
1188 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
1189 return rc;
1190 }
1191
1192 rc = iterate_crypto_once(client, crypto, STATUS_ENCRYPT);
1193
1194 if (rc)
1195 return rc;
1196
1197 if (iter_progress && crypto->fh->ver.fh2.iter >= iter_progress) {
1198 rc = send_status(client ? client->ctx : NULL, STATUS_ENCRYPT,
1199 "%llu %llu", crypto->fh->ver.fh2.iter, crypto->fh->ver.fh2.iter);
1200
1201 if (rc)
1202 return rc;
1203 }
1204
1205 write_file:
1206 tmp[0] = 0;
1207
1208 if (filename) {
1209 if (!client && !g_ascii_strcasecmp(filename, "-")) {
1210 crypto->fh->fd = STDOUT_FILENO;
1211 goto do_write_file;
1212 }
1213
1214 if (lstat(filename, &st) == 0) {
1215 mode = st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);
1216
1217 if (!(mode & S_IWUSR))
1218 return GPG_ERR_EACCES;
1219 }
1220 else if (errno != ENOENT)
1221 return gpg_error_from_syserror();
1222
1223 g_snprintf(tmp, sizeof(tmp), "%s.XXXXXX", filename);
1224 #if GLIB_CHECK_VERSION(2, 22, 0)
1225 crypto->fh->fd = g_mkstemp_full(tmp, O_WRONLY, 0600);
1226 #else
1227 crypto->fh->fd = mkstemp(tmp);
1228 #endif
1229
1230 if (crypto->fh->fd == -1) {
1231 rc = gpg_error_from_syserror();
1232 p = strrchr(tmp, '/');
1233 p++;
1234 log_write("%s: %s", p, pwmd_strerror(rc));
1235 return rc;
1236 }
1237
1238 pth_cleanup_push(cleanup_unlink_cb, tmp);
1239 }
1240 else
1241 /*
1242 * xml_import() or convert_file() from command line.
1243 */
1244 crypto->fh->fd = STDOUT_FILENO;
1245
1246 do_write_file:
1247 crypto->fh->ver.fh2.magic[0] = '\177';
1248 crypto->fh->ver.fh2.magic[1] = 'P';
1249 crypto->fh->ver.fh2.magic[2] = 'W';
1250 crypto->fh->ver.fh2.magic[3] = 'M';
1251 crypto->fh->ver.fh2.magic[4] = 'D';
1252 crypto->fh->ver.fh2.version = VERSION_HEX;
1253 len = pth_write(crypto->fh->fd, &crypto->fh->ver.fh2, sizeof(crypto->fh->ver.fh2));
1254
1255 if (len != sizeof(crypto->fh->ver.fh2)) {
1256 rc = gpg_error_from_syserror();
1257
1258 if (tmp[0])
1259 pth_cleanup_pop(1);
1260
1261 return rc;
1262 }
1263
1264 len = pth_write(crypto->fh->fd, crypto->inbuf, crypto->insize);
1265
1266 if (len != crypto->insize) {
1267 rc = gpg_error_from_syserror();
1268
1269 if (tmp[0])
1270 pth_cleanup_pop(1);
1271
1272 return rc;
1273 }
1274
1275 if (fsync(crypto->fh->fd) == -1) {
1276 rc = gpg_error_from_syserror();
1277
1278 if (tmp[0])
1279 pth_cleanup_pop(1);
1280
1281 return rc;
1282 }
1283
1284 if (tmp[0]) {
1285 #ifdef WITH_LIBACL
1286 acl_t acl;
1287 #endif
1288 if (mode && get_key_file_boolean(filename, "backup") == TRUE) {
1289 gchar tmp2[FILENAME_MAX];
1290
1291 g_snprintf(tmp2, sizeof(tmp2), "%s.backup", filename);
1292 #ifdef WITH_LIBACL
1293 acl = acl_get_file(filename, ACL_TYPE_ACCESS);
1294
1295 if (!acl)
1296 log_write("ACL: %s: %s", filename, pwmd_strerror(gpg_error_from_syserror()));
1297 #endif
1298
1299 if (rename(filename, tmp2) == -1) {
1300 rc = gpg_error_from_syserror();
1301 pth_cleanup_pop(1);
1302 #ifdef WITH_LIBACL
1303 if (acl)
1304 acl_free(acl);
1305 #endif
1306 return rc;
1307 }
1308 }
1309 #ifdef WITH_LIBACL
1310 else {
1311 acl = acl_get_file(".", ACL_TYPE_DEFAULT);
1312
1313 if (!acl)
1314 log_write("ACL: %s: %s", filename, pwmd_strerror(gpg_error_from_syserror()));
1315 }
1316 #endif
1317
1318 if (rename(tmp, filename) == -1) {
1319 rc = gpg_error_from_syserror();
1320 pth_cleanup_pop(1);
1321 #ifdef WITH_LIBACL
1322 if (acl)
1323 acl_free(acl);
1324 #endif
1325 return rc;
1326 }
1327
1328 pth_cleanup_pop(0);
1329
1330 if (mode)
1331 chmod(filename, mode);
1332
1333 #ifdef WITH_LIBACL
1334 if (acl && acl_set_file(filename, ACL_TYPE_ACCESS, acl))
1335 log_write("ACL: %s: %s", filename, pwmd_strerror(gpg_error_from_syserror()));
1336
1337 if (acl)
1338 acl_free(acl);
1339 #endif
1340 }
1341
1342 if (client && lstat(filename, &st) == 0)
1343 client->mtime = st.st_mtime;
1344
1345 return 0;
1346 }
1347
1348 gpg_error_t update_save_flags(const gchar *filename,
1349 struct crypto_s *crypto)
1350 {
1351 gpg_error_t rc;
1352
1353 /* New file? */
1354 if (!crypto->fh) {
1355 crypto->fh = g_malloc0(sizeof(file_header_internal_t));
1356
1357 if (!crypto->fh)
1358 return GPG_ERR_ENOMEM;
1359 }
1360
1361 rc = init_client_crypto2(filename, crypto);
1362
1363 if (rc)
1364 return rc;
1365
1366 if (filename && !crypto->fh->v1)
1367 crypto->fh->ver.fh2.iter = get_key_file_uint64(filename, "iterations");
1368
1369 return 0;
1370 }
1371
1372 static gpg_error_t save_command_finalize(assuan_context_t ctx, guchar *key,
1373 gboolean cached)
1374 {
1375 struct client_s *client = assuan_get_pointer(ctx);
1376 gpointer xmlbuf;
1377 gulong outsize = 0;
1378 guint len;
1379 gint clevel;
1380 gint timeout;
1381 gpointer outbuf;
1382 gpg_error_t rc;
1383
1384 if (client->crypto->key && client->crypto->key != key)
1385 gcry_free(client->crypto->key);
1386
1387 client->crypto->key = key;
1388 rc = update_element_mtime(xmlDocGetRootElement(client->doc));
1389
1390 if (rc) {
1391 cleanup_crypto(&client->crypto);
1392 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1393 }
1394
1395 xmlDocDumpFormatMemory(client->doc, (xmlChar **)&xmlbuf, (gint *)&len, 0);
1396 pth_cleanup_push(xmlFree, xmlbuf);
1397 clevel = get_key_file_integer(client->filename, "compression_level");
1398
1399 if (clevel < 0)
1400 clevel = 0;
1401
1402 rc = do_compress(ctx, clevel, xmlbuf, len, &outbuf, &outsize);
1403
1404 if (rc) {
1405 pth_cleanup_pop(1);
1406 cleanup_crypto(&client->crypto);
1407
1408 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1409 }
1410 else {
1411 pth_cleanup_pop(1);
1412 xmlbuf = outbuf;
1413 len = outsize;
1414 }
1415
1416 client->crypto->inbuf = xmlbuf;
1417 client->crypto->insize = len;
1418 rc = update_save_flags(client->filename, client->crypto);
1419
1420 if (rc) {
1421 cleanup_crypto(&client->crypto);
1422 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(rc));
1423 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1424 }
1425
1426 rc = do_xml_encrypt(client, client->crypto, client->filename);
1427
1428 if (rc) {
1429 cleanup_crypto(&client->crypto);
1430 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1431 }
1432
1433 timeout = get_key_file_integer(client->filename, "cache_timeout");
1434 CACHE_LOCK(client->ctx);
1435
1436 if (cached) {
1437 cache_reset_timeout(client->md5file, timeout);
1438 CACHE_UNLOCK;
1439
1440 if (client->new == TRUE)
1441 send_status_all(STATUS_CACHE);
1442
1443 client->new = FALSE;
1444 cleanup_crypto(&client->crypto);
1445 return client->opts & OPT_INQUIRE ? 0 : send_error(ctx, 0);
1446 }
1447
1448 if (cache_update_key(client->md5file, client->crypto->key) == FALSE) {
1449 CACHE_UNLOCK;
1450 cleanup_crypto(&client->crypto);
1451 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
1452 }
1453
1454 client->new = FALSE;
1455 cache_reset_timeout(client->md5file, timeout);
1456 CACHE_UNLOCK;
1457 send_status_all(STATUS_CACHE);
1458 cleanup_crypto(&client->crypto);
1459 return client->opts & OPT_INQUIRE ? 0 : send_error(ctx, 0);
1460 }
1461
1462 static gpg_error_t parse_save_opt_iterations(gpointer data, gpointer v)
1463 {
1464 struct client_s *client = data;
1465 guint64 n;
1466 gchar *value = v;
1467 gchar *p = NULL;
1468
1469 if (!client->filename)
1470 return EPWMD_NO_FILE;
1471
1472 if (!value || !*value)
1473 return 0;
1474
1475 errno = 0;
1476 n = g_ascii_strtoull(value, &p, 10);
1477
1478 if (errno || (p && *p) || n == G_MAXUINT64)
1479 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_ERANGE);
1480
1481 MUTEX_LOCK(&rcfile_mutex);
1482 p = g_strdup_printf("%llu", n);
1483 g_key_file_set_value(keyfileh,
1484 client->filename ? client->filename : "global", "iterations", p);
1485 g_free(p);
1486 MUTEX_UNLOCK(&rcfile_mutex);
1487
1488 if (client->filename)
1489 client->opts |= OPT_ITERATIONS;
1490
1491 return 0;
1492 }
1493
1494 static gpg_error_t parse_save_opt_cipher(gpointer data, gpointer value)
1495 {
1496 struct client_s *client = data;
1497 const gchar *p = value;
1498 guint64 flags;
1499
1500 if (!client->filename)
1501 return EPWMD_NO_FILE;
1502
1503 if (!p || !*p)
1504 return 0;
1505
1506 flags = pwmd_cipher_str_to_cipher(p);
1507
1508 if (!flags)
1509 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
1510
1511 MUTEX_LOCK(&rcfile_mutex);
1512 g_key_file_set_string(keyfileh, client->filename, "cipher", p);
1513 MUTEX_UNLOCK(&rcfile_mutex);
1514
1515 if (!value)
1516 g_free((gchar *)p);
1517
1518 return 0;
1519 }
1520
1521 static gpg_error_t parse_save_opt_reset(gpointer data, gpointer value)
1522 {
1523 struct client_s *client = data;
1524
1525 CACHE_LOCK(client->ctx);
1526 cache_clear(client->md5file, 1);
1527 CACHE_UNLOCK;
1528 return 0;
1529 }
1530
1531 static gpg_error_t save_command_common(assuan_context_t ctx, gchar *line)
1532 {
1533 struct client_s *client = assuan_get_pointer(ctx);
1534 gboolean cached = FALSE;
1535 guint hashlen = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
1536
1537 CACHE_LOCK(ctx);
1538 cached = cache_iscached(client->md5file);
1539 CACHE_UNLOCK;
1540
1541 /*
1542 * If a cache entry doesn't exist for this file and the file has a
1543 * "key_file" or "key" parameter, then it's an error. The reason is that
1544 * cache expiration would be useless. Unless this is an inquire, then its
1545 * fine.
1546 */
1547 if (cached == FALSE) {
1548 gchar *tmp = get_key_file_string(client->filename, "key_file");
1549
1550 if (tmp && !(client->opts & OPT_INQUIRE)) {
1551 g_free(tmp);
1552 return send_error(ctx, GPG_ERR_WRONG_KEY_USAGE);
1553 }
1554
1555 if (tmp)
1556 g_free(tmp);
1557 }
1558
1559 cached = FALSE;
1560
1561 /* New file? */
1562 if (!client->crypto) {
1563 client->crypto = init_client_crypto();
1564
1565 if (!client->crypto) {
1566 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
1567 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
1568 }
1569 }
1570
1571 client->crypto->key = gcry_malloc(hashlen);
1572
1573 if (!client->crypto->key) {
1574 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
1575 cleanup_crypto(&client->crypto);
1576 return client->opts & OPT_INQUIRE ? GPG_ERR_ENOMEM : send_error(ctx, GPG_ERR_ENOMEM);
1577 }
1578
1579 memset(client->crypto->key, '!', hashlen);
1580
1581 if (!get_key_file_uint64(client->filename, "iterations") &&
1582 (!line || !*line))
1583 goto done;
1584
1585 if (!line || !*line) {
1586 /* It doesn't make sense to use an --inquire with an empty
1587 * passphrase. This will prevent a pinentry dialog. */
1588 if (client->opts & OPT_INQUIRE) {
1589 cleanup_crypto(&client->crypto);
1590 return GPG_ERR_WRONG_KEY_USAGE;
1591 }
1592
1593 client->crypto->tkey = gcry_malloc(hashlen);
1594
1595 if (!client->crypto->tkey) {
1596 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
1597 cleanup_crypto(&client->crypto);
1598 return send_error(ctx, GPG_ERR_ENOMEM);
1599 }
1600
1601 memset(client->crypto->tkey, '!', hashlen);
1602 CACHE_LOCK(ctx);
1603
1604 if (cache_get_key(client->md5file, client->crypto->key) == FALSE ||
1605 !memcmp(client->crypto->key, client->crypto->tkey, hashlen)) {
1606 CACHE_UNLOCK;
1607
1608 #ifdef WITH_PINENTRY
1609 gpg_error_t rc;
1610
1611 if (client->pinentry->enable == FALSE ||
1612 get_key_file_boolean(client->filename, "enable_pinentry") == FALSE) {
1613 /* Empty keys are allowed. */
1614 gcry_md_hash_buffer(GCRY_MD_SHA256, client->crypto->key, "", 1);
1615 goto done;
1616 }
1617
1618 lock_pin_mutex(client);
1619 client->pinentry->which = PINENTRY_SAVE;
1620 rc = pinentry_fork(ctx);
1621
1622 if (rc) {
1623 unlock_pin_mutex(client->pinentry);
1624 cleanup_crypto(&client->crypto);
1625 return send_error(ctx, rc);
1626 }
1627
1628 client->pinentry->cb = save_command_finalize;
1629 client->pinentry->status = PINENTRY_INIT;
1630 return 0;
1631 #else
1632 /* Empty keys are allowed. */
1633 gcry_md_hash_buffer(GCRY_MD_SHA256, client->crypto->key, "", 1);
1634 goto done;
1635 #endif
1636 }
1637 else {
1638 CACHE_UNLOCK;
1639 cached = TRUE;
1640 }
1641 }
1642 else {
1643 gpg_error_t rc;
1644
1645 if (!get_key_file_uint64(client->filename, "iterations")) {
1646 guint64 iter = get_key_file_uint64(NULL, "iterations");
1647 gchar *p;
1648
1649 if (!iter)
1650 iter = 1; // default? what about the "global" section?
1651
1652 MUTEX_LOCK(&rcfile_mutex);
1653 p = g_strdup_printf("%llu", iter);
1654 g_key_file_set_value(keyfileh, client->filename, "iterations", p);
1655 g_free(p);
1656 MUTEX_UNLOCK(&rcfile_mutex);
1657 client->opts |= OPT_ITERATIONS;
1658 rc = send_status(ctx, STATUS_CONFIG, NULL);
1659
1660 if (rc) {
1661 cleanup_crypto(&client->crypto);
1662 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1663 }
1664 }
1665
1666 rc = hash_key(client, line);
1667
1668 if (rc) {
1669 cleanup_crypto(&client->crypto);
1670 return client->opts & OPT_INQUIRE ? rc : send_error(ctx, rc);
1671 }
1672 }
1673
1674 done:
1675 return save_command_finalize(ctx, client->crypto->key, cached);
1676 }
1677
1678 static gint save_command_inquire_finalize(gpointer data, gint assuan_rc,
1679 guchar *line, gsize len)
1680 {
1681 assuan_context_t ctx = data;
1682 struct client_s *client = assuan_get_pointer(ctx);
1683 gpg_error_t rc = file_modified(client);
1684
1685 if (assuan_rc || rc) {
1686 if (line)
1687 xfree(line);
1688
1689 return assuan_rc ? assuan_rc : rc;
1690 }
1691
1692 rc = save_command_common(ctx, (gchar *)line);
1693
1694 if (line)
1695 xfree(line);
1696
1697 client->inquire_status = INQUIRE_DONE;
1698 return rc;
1699 }
1700
1701 static gint save_command(assuan_context_t ctx, gchar *line)
1702 {
1703 struct stat st;
1704 struct client_s *client = assuan_get_pointer(ctx);
1705 gpg_error_t rc;
1706 struct argv_s *args[] = {
1707 &(struct argv_s) { "iterations", OPTION_TYPE_OPTARG, parse_save_opt_iterations },
1708 &(struct argv_s) { "cipher", OPTION_TYPE_OPTARG, parse_save_opt_cipher },
1709 &(struct argv_s) { "pinentry", OPTION_TYPE_OPTARG, parse_opt_pinentry },
1710 &(struct argv_s) { "reset", OPTION_TYPE_NOARG, parse_save_opt_reset },
1711 &(struct argv_s) { "inquire", OPTION_TYPE_NOARG, parse_opt_inquire },
1712 &(struct argv_s) { "base64", OPTION_TYPE_NOARG, parse_opt_base64 },
1713 NULL
1714 };
1715
1716 rc = parse_options(&line, args, client);
1717
1718 if (rc)
1719 return send_error(ctx, rc);
1720
1721 if (lstat(client->filename, &st) == -1 && errno != ENOENT)
1722 return send_error(ctx, gpg_error_from_syserror());
1723
1724 if (errno != ENOENT && !S_ISREG(st.st_mode)) {
1725 log_write("%s: %s", client->filename, pwmd_strerror(GPG_ERR_ENOANO));
1726 return send_error(ctx, GPG_ERR_ENOANO);
1727 }
1728
1729 if ((client->opts & OPT_INQUIRE)) {
1730 rc = assuan_inquire_ext(ctx, "SAVE", 0, save_command_inquire_finalize,
1731 ctx);
1732
1733 if (rc)
1734 return send_error(ctx, rc);
1735
1736 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
1737 client->inquire_status = INQUIRE_BUSY;
1738 return 0;
1739 }
1740
1741 if (line && *line)
1742 log_write2("ARGS=%s", "<passphrase>");
1743
1744 return save_command_common(ctx, line);
1745 }
1746
1747 static gint delete_command(assuan_context_t ctx, gchar *line)
1748 {
1749 struct client_s *client = assuan_get_pointer(ctx);
1750 gchar **req;
1751 gpg_error_t rc;
1752 xmlNodePtr n;
1753
1754 log_write2("ARGS=\"%s\"", line);
1755
1756 if (strchr(line, '\t'))
1757 req = split_input_line(line, "\t", -1);
1758 else
1759 req = split_input_line(line, " ", -1);
1760
1761 if (!req || !*req)
1762 return send_error(ctx, GPG_ERR_SYNTAX);
1763
1764 n = find_root_element(client->doc, &req, &rc, NULL, 0, FALSE);
1765
1766 if (!n) {
1767 g_strfreev(req);
1768 return send_error(ctx, rc);
1769 }
1770
1771 /*
1772 * No sub-node defined. Remove the entire node (root element).
1773 */
1774 if (!req[1]) {
1775 if (n) {
1776 rc = unlink_node(n);
1777 xmlFreeNode(n);
1778 }
1779
1780 g_strfreev(req);
1781 return send_error(ctx, rc);
1782 }
1783
1784 n = find_elements(client->doc, n->children, req+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
1785 g_strfreev(req);
1786
1787 if (!n)
1788 return send_error(ctx, rc);
1789
1790 if (n) {
1791 rc = unlink_node(n);
1792 xmlFreeNode(n);
1793 }
1794
1795 return send_error(ctx, rc);
1796 }
1797
1798 /*
1799 * Don't return with assuan_process_done() here. This has been called from
1800 * assuan_process_next() and the command should be finished in
1801 * client_thread().
1802 */
1803 static gint store_command_finalize(gpointer data, gint assuan_rc, guchar *line,
1804 gsize len)
1805 {
1806 assuan_context_t ctx = data;
1807 struct client_s *client = assuan_get_pointer(ctx);
1808 gchar **req;
1809 xmlNodePtr n;
1810 gpg_error_t rc = file_modified(client);
1811
1812 if (assuan_rc || rc) {
1813 if (line)
1814 xfree(line);
1815 return assuan_rc ? assuan_rc : rc;
1816 }
1817
1818 req = split_input_line((gchar *)line, "\t", 0);
1819 xfree(line);
1820
1821 if (!req || !*req)
1822 return GPG_ERR_SYNTAX;
1823
1824 again:
1825 n = find_root_element(client->doc, &req, &rc, NULL, 0, FALSE);
1826
1827 if (rc && rc == GPG_ERR_ELEMENT_NOT_FOUND) {
1828 rc = new_root_element(client->doc, *req);
1829
1830 if (rc) {
1831 g_strfreev(req);
1832 return rc;
1833 }
1834
1835 goto again;
1836 }
1837
1838 if (!n) {
1839 g_strfreev(req);
1840 return rc;
1841 }
1842
1843 if (req[1]) {
1844 if (!n->children)
1845 n = create_elements_cb(n, req+1, &rc, NULL);
1846 else
1847 n = find_elements(client->doc, n->children, req+1, &rc,
1848 NULL, NULL, create_elements_cb, FALSE, 0, NULL, FALSE);
1849 }
1850
1851 g_strfreev(req);
1852 client->inquire_status = INQUIRE_DONE;
1853
1854 if (!rc)
1855 rc = update_element_mtime(n);
1856
1857 return rc;
1858 }
1859
1860 static gint store_command(assuan_context_t ctx, gchar *line)
1861 {
1862 struct client_s *client = assuan_get_pointer(ctx);
1863 gpg_error_t rc;
1864
1865 rc = assuan_inquire_ext(ctx, "STORE", 0, store_command_finalize, ctx);
1866
1867 if (rc)
1868 return send_error(ctx, rc);
1869
1870 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
1871 client->inquire_status = INQUIRE_BUSY;
1872 return 0;
1873 }
1874
1875 static void *send_data_cb(void *arg)
1876 {
1877 struct assuan_cmd_s *data = arg;
1878 gint old;
1879 gpg_error_t *rc;
1880
1881 pth_cancel_state(PTH_CANCEL_ENABLE|PTH_CANCEL_ASYNCHRONOUS, &old);
1882 rc = g_malloc(sizeof(gpg_error_t));
1883 *rc = assuan_send_data(data->ctx, data->line, data->line_len);
1884 pth_cancel_state(old, NULL);
1885 pth_exit(rc);
1886 return NULL;
1887 }
1888
1889 /* For every assuan command that needs to be sent to the client, a timeout is
1890 * needed to determine if the client lost the connection. The timeout is the
1891 * same as the "keepalive" configuration parameter or a default if unset.
1892 */
1893 gpg_error_t do_assuan_command(assuan_context_t ctx,
1894 void *(*cb)(void *data), void *data)
1895 {
1896 pth_attr_t attr = pth_attr_new();
1897 pth_t tid;
1898 gint to = get_key_file_integer("global", "keepalive");
1899 pth_event_t ev, tev;
1900 pth_status_t st;
1901 gpg_error_t rc = 0;
1902 void *p;
1903
1904 pth_attr_init(attr);
1905 pth_attr_set(attr, PTH_ATTR_JOINABLE, TRUE);
1906 tid = pth_spawn(attr, cb, data);
1907 rc = gpg_error_from_syserror();
1908 pth_attr_destroy(attr);
1909
1910 if (!tid) {
1911 log_write("%s(%i): pth_spawn(): %s", __FILE__, __LINE__, pwmd_strerror(rc));
1912 return rc;
1913 }
1914
1915 pth_cleanup_push(cleanup_cancel_cb, tid);
1916 to = to <= 0 ? DEFAULT_KEEPALIVE_TO : to;
1917 ev = pth_event(PTH_EVENT_TID|PTH_UNTIL_TID_DEAD, tid);
1918 tev = to ? pth_event(PTH_EVENT_TIME, pth_timeout(to, 0)) : NULL;
1919 ev = pth_event_concat(ev, tev, NULL);
1920 pth_cleanup_push(cleanup_ev_cb, ev);
1921 pth_yield(tid);
1922 pth_wait(ev);
1923
1924 if (tev) {
1925 st = pth_event_status(tev);
1926
1927 if (st == PTH_STATUS_OCCURRED) {
1928 pth_cleanup_pop(1);
1929 pth_cleanup_pop(1);
1930 return GPG_ERR_TIMEOUT;
1931 }
1932 }
1933
1934 st = pth_event_status(ev);
1935
1936 if (st == PTH_STATUS_FAILED) {
1937 pth_cancel(tid);
1938 pth_join(tid, &p);
1939 g_free(p);
1940 rc = GPG_ERR_ASS_WRITE_ERROR;
1941 }
1942 else if (st == PTH_STATUS_OCCURRED) {
1943 pth_join(tid, &p);
1944 rc = *(gpg_error_t *)p;
1945 g_free(p);
1946 }
1947
1948 pth_cleanup_pop(1);
1949 pth_cleanup_pop(0);
1950 return rc;
1951 }
1952
1953 static gpg_error_t xfer_data(assuan_context_t ctx, const gchar *line,
1954 gint total)
1955 {
1956 gint to_send;
1957 gint sent = 0;
1958 gpg_error_t rc;
1959 struct assuan_cmd_s data;
1960 gint progress = get_key_file_integer("global", "xfer_progress");
1961 gint flush = 0;
1962
1963 progress = progress>0 ? (progress/ASSUAN_LINELENGTH)*ASSUAN_LINELENGTH : 0;
1964 to_send = total < ASSUAN_LINELENGTH ? total : ASSUAN_LINELENGTH;
1965 data.ctx = ctx;
1966 rc = send_status(ctx, STATUS_XFER, "%li %li", sent, total);
1967
1968 if (rc)
1969 return rc;
1970
1971 again:
1972 do {
1973 if (sent + to_send > total)
1974 to_send = total - sent;
1975
1976 data.line = flush ? NULL : (gchar *)line+sent;
1977 data.line_len = flush ? 0 : to_send;
1978 rc = do_assuan_command(ctx, send_data_cb, &data);
1979
1980 if (!rc) {
1981 sent += flush ? 0 : to_send;
1982
1983 if ((progress && !(sent % progress) && sent != total) ||
1984 (sent == total && flush))
1985 rc = send_status(ctx, STATUS_XFER, "%li %li", sent, total);
1986
1987 if (!flush && !rc && sent == total) {
1988 flush = 1;
1989 goto again;
1990 }
1991 }
1992 } while (!rc && sent < total);
1993
1994 return rc;
1995 }
1996
1997 static gint get_command(assuan_context_t ctx, gchar *line)
1998 {
1999 struct client_s *client = assuan_get_pointer(ctx);
2000 gchar **req;
2001 gpg_error_t rc;
2002 xmlNodePtr n;
2003
2004 log_write2("ARGS=\"%s\"", line);
2005 req = split_input_line(line, "\t", -1);
2006
2007 if (!req || !*req) {
2008 g_strfreev(req);
2009 return send_error(ctx, GPG_ERR_SYNTAX);
2010 }
2011
2012 n = find_root_element(client->doc, &req, &rc, NULL, 0, FALSE);
2013
2014 if (!n) {
2015 g_strfreev(req);
2016 return send_error(ctx, rc);
2017 }
2018
2019 if (req[1])
2020 n = find_elements(client->doc, n->children, req+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2021
2022 g_strfreev(req);
2023
2024 if (rc)
2025 return send_error(ctx, rc);
2026
2027 if (!n || !n->children)
2028 return send_error(ctx, GPG_ERR_NO_VALUE);
2029
2030 n = find_text_node(n->children);
2031
2032 if (!n || !n->content || !*n->content)
2033 return send_error(ctx, GPG_ERR_NO_VALUE);
2034
2035 rc = xfer_data(ctx, (gchar *)n->content, xmlStrlen(n->content));
2036 return send_error(ctx, rc);
2037 }
2038
2039 static xmlNodePtr realpath_elements_cb(xmlNodePtr node, gchar **target,
2040 gpg_error_t *rc, gchar **req_orig, void *data)
2041 {
2042 gchar *path = *(gchar **)data;
2043 gchar *tmp = NULL, *result;
2044
2045 if (path) {
2046 g_free(path);
2047 *(gchar **)data = NULL;
2048 }
2049
2050 path = g_strjoinv("\t", target);
2051
2052 if (!path) {
2053 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2054 *rc = GPG_ERR_ENOMEM;
2055 return NULL;
2056 }
2057
2058 if (req_orig) {
2059 tmp = g_strjoinv("\t", req_orig);
2060
2061 if (!tmp) {
2062 g_free(path);
2063 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2064 *rc = GPG_ERR_ENOMEM;
2065 return NULL;
2066 }
2067 }
2068
2069 if (tmp && *tmp)
2070 result = g_strdup_printf("%s\t%s", path, tmp);
2071 else
2072 result = g_strdup(path);
2073
2074 if (!result) {
2075 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2076 *rc = GPG_ERR_ENOMEM;
2077 g_free(path);
2078 g_free(tmp);
2079 return NULL;
2080 }
2081
2082 g_free(path);
2083 g_free(tmp);
2084 *(gchar **)data = result;
2085 return node;
2086 }
2087
2088 static void list_command_cleanup1(void *arg);
2089 static gint realpath_command(assuan_context_t ctx, gchar *line)
2090 {
2091 gpg_error_t rc;
2092 struct client_s *client = assuan_get_pointer(ctx);
2093 gchar **req;
2094 gchar *t;
2095 gint i;
2096 xmlNodePtr n;
2097 GString *string;
2098 gchar *rp = NULL;
2099
2100 log_write2("ARGS=\"%s\"", line);
2101
2102 if (strchr(line, '\t') != NULL) {
2103 if ((req = split_input_line(line, "\t", 0)) == NULL)
2104 return send_error(ctx, GPG_ERR_SYNTAX);
2105 }
2106 else {
2107 if ((req = split_input_line(line, " ", 0)) == NULL)
2108 return send_error(ctx, GPG_ERR_SYNTAX);
2109 }
2110
2111 n = find_root_element(client->doc, &req, &rc, NULL, 0, FALSE);
2112
2113 if (!n) {
2114 g_strfreev(req);
2115 return send_error(ctx, rc);
2116 }
2117
2118 rp = g_strjoinv("\t", req);
2119
2120 if (!rp) {
2121 g_strfreev(req);
2122 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2123 return send_error(ctx, GPG_ERR_ENOMEM);
2124 }
2125
2126 if (req[1]) {
2127 n = find_elements(client->doc, n->children, req+1, &rc,
2128 NULL, realpath_elements_cb, NULL, FALSE, 0, &rp, FALSE);
2129
2130 if (!n) {
2131 g_free(rp);
2132 g_strfreev(req);
2133 return send_error(ctx, rc);
2134 }
2135 }
2136
2137 string = g_string_new(rp);
2138 g_free(rp);
2139 g_strfreev(req);
2140
2141 if (!string) {
2142 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2143 return send_error(ctx, GPG_ERR_ENOMEM);
2144 }
2145
2146 again:
2147 for (i = 0, t = string->str + i; *t; t++, i++) {
2148 if ((!i && *t != '!') || (*t == '\t' && *(t+1) && *(t+1) != '!')) {
2149 string = g_string_insert_c(string, !i ? i++ : ++i, '!');
2150 goto again;
2151 }
2152 }
2153
2154 pth_cleanup_push(list_command_cleanup1, string);
2155 rc = xfer_data(ctx, string->str, string->len);
2156 pth_cleanup_pop(1);
2157 return send_error(ctx, rc);
2158 }
2159
2160 static void list_command_cleanup1(void *arg)
2161 {
2162 g_string_free((GString *)arg, TRUE);
2163 }
2164
2165 static void list_command_cleanup2(void *arg)
2166 {
2167 struct element_list_s *elements = arg;
2168
2169 if (elements) {
2170 if (elements->list) {
2171 gint total = g_slist_length(elements->list);
2172 gint i;
2173
2174 for (i = 0; i < total; i++) {
2175 gchar *tmp = g_slist_nth_data(elements->list, i);
2176 g_free(tmp);
2177 }
2178
2179 g_slist_free(elements->list);
2180 }
2181
2182 if (elements->prefix)
2183 g_free(elements->prefix);
2184
2185 if (elements->req)
2186 g_strfreev(elements->req);
2187
2188 g_free(elements);
2189 }
2190 }
2191
2192 static gpg_error_t parse_list_opt_norecurse(gpointer data, gpointer value)
2193 {
2194 struct element_list_s *elements = data;
2195
2196 elements->recurse = FALSE;
2197 return 0;
2198 }
2199
2200 static gpg_error_t parse_list_opt_verbose(gpointer data, gpointer value)
2201 {
2202 struct element_list_s *elements = data;
2203
2204 elements->verbose = TRUE;
2205 return 0;
2206 }
2207
2208 static gint list_command(assuan_context_t ctx, gchar *line)
2209 {
2210 struct client_s *client = assuan_get_pointer(ctx);
2211 gpg_error_t rc;
2212 struct element_list_s *elements = NULL;
2213 gchar *tmp;
2214 struct argv_s *args[] = {
2215 &(struct argv_s) { "no-recurse", OPTION_TYPE_NOARG, parse_list_opt_norecurse },
2216 &(struct argv_s) { "verbose", OPTION_TYPE_NOARG, parse_list_opt_verbose },
2217 NULL
2218 };
2219
2220 if (disable_list_and_dump == TRUE)
2221 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
2222
2223 elements = g_malloc0(sizeof(struct element_list_s));
2224
2225 if (!elements) {
2226 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2227 return GPG_ERR_ENOMEM;
2228 }
2229
2230 elements->recurse = TRUE; // default
2231 pth_cleanup_push(list_command_cleanup2, elements);
2232 rc = parse_options(&line, args, elements);
2233
2234 if (rc)
2235 goto fail;
2236
2237 if (!*line) {
2238 GString *str;
2239
2240 rc = list_root_elements(client->doc, &str, elements->verbose);
2241
2242 if (rc) {
2243 pth_cleanup_pop(1);
2244 return send_error(ctx, rc);
2245 }
2246
2247 pth_cleanup_push(list_command_cleanup1, str);
2248 rc = xfer_data(ctx, str->str, str->len);
2249 pth_cleanup_pop(1);
2250 pth_cleanup_pop(1);
2251 return send_error(ctx, rc);
2252 }
2253
2254 elements->req = split_input_line(line, " ", 0);
2255
2256 if (!elements->req)
2257 strv_printf(&elements->req, "%s", line);
2258
2259 rc = create_path_list(client->doc, elements, *elements->req);
2260
2261 if (rc)
2262 goto fail;
2263
2264 if (elements) {
2265 gint total = g_slist_length(elements->list);
2266 gint i;
2267 GString *str;
2268
2269 if (!total) {
2270 rc = GPG_ERR_NO_VALUE;
2271 goto fail;
2272 }
2273
2274 str = g_string_new(NULL);
2275
2276 if (!str) {
2277 rc = GPG_ERR_ENOMEM;
2278 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2279 goto fail;
2280 }
2281
2282 for (i = 0; i < total; i++) {
2283 tmp = g_slist_nth_data(elements->list, i);
2284 g_string_append_printf(str, "%s%s", tmp, i+1 == total ? "" : "\n");
2285 }
2286
2287 pth_cleanup_push(list_command_cleanup1, str);
2288 rc = xfer_data(ctx, str->str, str->len);
2289 pth_cleanup_pop(1);
2290 }
2291 else
2292 rc = GPG_ERR_NO_VALUE;
2293
2294 fail:
2295 pth_cleanup_pop(1);
2296 return send_error(ctx, rc);
2297 }
2298
2299 /*
2300 * req[0] - element path
2301 */
2302 static gpg_error_t attribute_list(assuan_context_t ctx, gchar **req)
2303 {
2304 struct client_s *client = assuan_get_pointer(ctx);
2305 gchar **attrlist = NULL;
2306 gint i = 0;
2307 gchar **path = NULL;
2308 xmlAttrPtr a;
2309 xmlNodePtr n, an;
2310 gchar *line;
2311 gpg_error_t rc;
2312
2313 if (!req || !req[0])
2314 return GPG_ERR_SYNTAX;
2315
2316 if ((path = split_input_line(req[0], "\t", 0)) == NULL) {
2317 /*
2318 * The first argument may be only a root element.
2319 */
2320 if ((path = split_input_line(req[0], " ", 0)) == NULL)
2321 return GPG_ERR_SYNTAX;
2322 }
2323
2324 n = find_root_element(client->doc, &path, &rc, NULL, 0, FALSE);
2325
2326 if (!n) {
2327 g_strfreev(path);
2328 return rc;
2329 }
2330
2331 if (path[1]) {
2332 n = find_elements(client->doc, n->children, path+1, &rc,
2333 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2334
2335 if (!n) {
2336 g_strfreev(path);
2337 return rc;
2338 }
2339 }
2340
2341 g_strfreev(path);
2342
2343 for (a = n->properties; a; a = a->next) {
2344 gchar **pa;
2345
2346 if ((pa = g_realloc(attrlist, (i + 2) * sizeof(gchar *))) == NULL) {
2347 if (attrlist)
2348 g_strfreev(attrlist);
2349
2350 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2351 return GPG_ERR_ENOMEM;
2352 }
2353
2354 attrlist = pa;
2355 an = a->children;
2356 attrlist[i] = g_strdup_printf("%s %s", (gchar *)a->name,
2357 an && an->content ? (gchar *)an->content : "");
2358
2359 if (!attrlist[i]) {
2360 g_strfreev(attrlist);
2361 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2362 return GPG_ERR_ENOMEM;
2363 }
2364
2365 attrlist[++i] = NULL;
2366 }
2367
2368 if (!attrlist)
2369 return GPG_ERR_NO_VALUE;
2370
2371 line = g_strjoinv("\n", attrlist);
2372
2373 if (!line) {
2374 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2375 g_strfreev(attrlist);
2376 return GPG_ERR_ENOMEM;
2377 }
2378
2379 pth_cleanup_push(g_free, line);
2380 pth_cleanup_push(req_cleanup, attrlist);
2381 rc = xfer_data(ctx, line, strlen(line));
2382 pth_cleanup_pop(1);
2383 pth_cleanup_pop(1);
2384 return rc;
2385 }
2386
2387 /*
2388 * req[0] - attribute
2389 * req[1] - element path
2390 */
2391 static gpg_error_t attribute_delete(struct client_s *client, gchar **req)
2392 {
2393 xmlNodePtr n;
2394 gchar **path = NULL;
2395 gpg_error_t rc;
2396
2397 if (!req || !req[0] || !req[1])
2398 return GPG_ERR_SYNTAX;
2399
2400 if ((path = split_input_line(req[1], "\t", 0)) == NULL) {
2401 /*
2402 * The first argument may be only a root element.
2403 */
2404 if ((path = split_input_line(req[1], " ", 0)) == NULL)
2405 return GPG_ERR_SYNTAX;
2406 }
2407
2408 /*
2409 * Don't remove the "_name" attribute for the root element. To remove an
2410 * root element use DELETE <name>.
2411 */
2412 if (!path[1] && xmlStrEqual((xmlChar *)req[0], (xmlChar *)"_name")) {
2413 rc = GPG_ERR_SYNTAX;
2414 goto fail;
2415 }
2416
2417 n = find_root_element(client->doc, &path, &rc, NULL, 0, FALSE);
2418
2419 if (!n)
2420 goto fail;
2421
2422 if (path[1]) {
2423 n = find_elements(client->doc, n->children, path+1, &rc,
2424 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2425
2426 if (!n)
2427 goto fail;
2428 }
2429
2430 rc = delete_attribute(n, (xmlChar *)req[0]);
2431
2432 fail:
2433 g_strfreev(path);
2434 return rc;
2435 }
2436
2437 static xmlNodePtr create_element_path(struct client_s *client, gchar ***path,
2438 gpg_error_t *rc)
2439 {
2440 gchar **src = *path;
2441 gchar **src_orig = g_strdupv(src);
2442 xmlNodePtr n = NULL;
2443
2444 *rc = 0;
2445
2446 if (!src_orig) {
2447 *rc = GPG_ERR_ENOMEM;
2448 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2449 goto fail;
2450 }
2451
2452 again:
2453 n = find_root_element(client->doc, &src, rc, NULL, 0, FALSE);
2454
2455 if (!n) {
2456 if (*rc == GPG_ERR_ELEMENT_NOT_FOUND) {
2457 *rc = new_root_element(client->doc, src[0]);
2458
2459 if (*rc)
2460 goto fail;
2461
2462 goto again;
2463 }
2464 else
2465 goto fail;
2466 }
2467
2468 if (src[1]) {
2469 if (!n->children)
2470 n = create_target_elements_cb(n, src+1, rc, NULL);
2471 else
2472 n = find_elements(client->doc, n->children, src+1, rc,
2473 NULL, NULL, create_target_elements_cb, FALSE, 0, NULL, FALSE);
2474
2475 if (!n)
2476 goto fail;
2477
2478 /*
2479 * Reset the position of the element tree now that the elements
2480 * have been created.
2481 */
2482 g_strfreev(src);
2483 src = src_orig;
2484 src_orig = NULL;
2485 n = find_root_element(client->doc, &src, rc, NULL, 0, FALSE);
2486
2487 if (!n)
2488 goto fail;
2489
2490 n = find_elements(client->doc, n->children, src+1, rc,
2491 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2492
2493 if (!n)
2494 goto fail;
2495 }
2496
2497 fail:
2498 if (src_orig)
2499 g_strfreev(src_orig);
2500
2501 *path = src;
2502 return n;
2503 }
2504
2505 /*
2506 * Creates a "target" attribute. When other commands encounter an element with
2507 * this attribute, the element path is modified to the target value. If the
2508 * source element path doesn't exist when using 'ATTR SET target', it is
2509 * created, but the destination element path must exist.
2510 *
2511 * req[0] - source element path
2512 * req[1] - destination element path
2513 */
2514 static gpg_error_t target_attribute(struct client_s *client, gchar **req)
2515 {
2516 gchar **src, **dst, *line = NULL, **odst = NULL;
2517 gpg_error_t rc;
2518 xmlNodePtr n;
2519
2520 if (!req || !req[0] || !req[1])
2521 return GPG_ERR_SYNTAX;
2522
2523 if ((src = split_input_line(req[0], "\t", 0)) == NULL) {
2524 /*
2525 * The first argument may be only a root element.
2526 */
2527 if ((src = split_input_line(req[0], " ", 0)) == NULL)
2528 return GPG_ERR_SYNTAX;
2529 }
2530
2531 if ((dst = split_input_line(req[1], "\t", 0)) == NULL) {
2532 /*
2533 * The first argument may be only a root element.
2534 */
2535 if ((dst = split_input_line(req[1], " ", 0)) == NULL) {
2536 rc = GPG_ERR_SYNTAX;
2537 goto fail;
2538 }
2539 }
2540
2541 odst = g_strdupv(dst);
2542
2543 if (!odst) {
2544 rc = GPG_ERR_ENOMEM;
2545 goto fail;
2546 }
2547
2548 n = find_root_element(client->doc, &dst, &rc, NULL, 0, FALSE);
2549
2550 /*
2551 * Make sure the destination element path exists.
2552 */
2553 if (!n)
2554 goto fail;
2555
2556 if (dst[1]) {
2557 n = find_elements(client->doc, n->children, dst+1, &rc,
2558 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2559
2560 if (!n)
2561 goto fail;
2562 }
2563
2564 n = create_element_path(client, &src, &rc);
2565
2566 if (rc)
2567 goto fail;
2568
2569 line = g_strjoinv("\t", odst);
2570
2571 if (!line) {
2572 rc = GPG_ERR_ENOMEM;
2573 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2574 goto fail;
2575 }
2576
2577 rc = add_attribute(n, "target", line);
2578
2579 fail:
2580 g_free(line);
2581 g_strfreev(src);
2582 g_strfreev(dst);
2583 g_strfreev(odst);
2584 return rc;
2585 }
2586
2587 /*
2588 * req[0] - name
2589 * req[1] - new name
2590 */
2591 static gpg_error_t name_attribute(struct client_s *client, gchar **req)
2592 {
2593 gpg_error_t rc;
2594 gchar **tmp;
2595 xmlNodePtr n;
2596
2597 tmp = g_strdupv(req);
2598
2599 if (!tmp) {
2600 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2601 return GPG_ERR_ENOMEM;
2602 }
2603
2604 n = find_root_element(client->doc, &tmp, &rc, NULL, 0, FALSE);
2605 g_strfreev(tmp);
2606
2607 if (!n)
2608 return rc;
2609
2610 if (g_utf8_collate(req[0], req[1]) == 0)
2611 return 0;
2612
2613 /*
2614 * Will not overwrite an existing root.
2615 */
2616 tmp = g_strdupv(req+1);
2617
2618 if (!tmp) {
2619 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2620 return GPG_ERR_ENOMEM;
2621 }
2622
2623 n = find_root_element(client->doc, &tmp, &rc, NULL, 0, FALSE);
2624 g_strfreev(tmp);
2625
2626 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND)
2627 return rc;
2628
2629 if (n)
2630 return GPG_ERR_AMBIGUOUS_NAME;
2631
2632 if (!valid_xml_element((xmlChar *)req[1]))
2633 return GPG_ERR_SYNTAX;
2634
2635 tmp = g_strdupv(req);
2636
2637 if (!tmp) {
2638 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2639 return GPG_ERR_ENOMEM;
2640 }
2641
2642 n = find_root_element(client->doc, &tmp, &rc, NULL, 0, FALSE);
2643 g_strfreev(tmp);
2644
2645 if (!n)
2646 return GPG_ERR_ELEMENT_NOT_FOUND;
2647
2648 return add_attribute(n, "_name", req[1]);
2649 }
2650
2651 /*
2652 * req[0] - attribute
2653 * req[1] - element path
2654 */
2655 static gpg_error_t attribute_get(assuan_context_t ctx, gchar **req)
2656 {
2657 struct client_s *client = assuan_get_pointer(ctx);
2658 xmlNodePtr n;
2659 xmlChar *a;
2660 gchar **path= NULL;
2661 gpg_error_t rc;
2662
2663 if (!req || !req[0] || !req[1])
2664 return GPG_ERR_SYNTAX;
2665
2666 if (strchr(req[1], '\t')) {
2667 if ((path = split_input_line(req[1], "\t", 0)) == NULL)
2668 return GPG_ERR_SYNTAX;
2669 }
2670 else {
2671 if ((path = split_input_line(req[1], " ", 0)) == NULL)
2672 return GPG_ERR_SYNTAX;
2673 }
2674
2675 n = find_root_element(client->doc, &path, &rc, NULL, 0, FALSE);
2676
2677 if (!n)
2678 goto fail;
2679
2680 if (path[1]) {
2681 n = find_elements(client->doc, n->children, path+1, &rc,
2682 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2683
2684 if (!n)
2685 goto fail;
2686 }
2687
2688 g_strfreev(path);
2689
2690 if ((a = xmlGetProp(n, (xmlChar *)req[0])) == NULL)
2691 return GPG_ERR_NOT_FOUND;
2692
2693 pth_cleanup_push(xmlFree, a);
2694
2695 if (*a)
2696 rc = xfer_data(ctx, (gchar *)a, xmlStrlen(a));
2697 else
2698 rc = GPG_ERR_NO_VALUE;
2699
2700 pth_cleanup_pop(1);
2701 return rc;
2702
2703 fail:
2704 g_strfreev(path);
2705 return rc;
2706 }
2707
2708 /*
2709 * req[0] - attribute
2710 * req[1] - element path
2711 * req[2] - value
2712 */
2713 static gpg_error_t attribute_set(struct client_s *client, gchar **req)
2714 {
2715 gchar **path = NULL;
2716 gpg_error_t rc;
2717 xmlNodePtr n;
2718
2719 if (!req || !req[0] || !req[1])
2720 return GPG_ERR_SYNTAX;
2721
2722 /*
2723 * Reserved attribute names.
2724 */
2725 if (!strcmp(req[0], "_name")) {
2726 /*
2727 * Only reserved for the root element. Not the rest of the
2728 * document.
2729 */
2730 if (strchr(req[1], '\t') == NULL)
2731 return name_attribute(client, req + 1);
2732 }
2733 else if (!strcmp(req[0], "target"))
2734 return target_attribute(client, req + 1);
2735
2736 if ((path = split_input_line(req[1], "\t", 0)) == NULL) {
2737 /*
2738 * The first argument may be only a root element.
2739 */
2740 if ((path = split_input_line(req[1], " ", 0)) == NULL)
2741 return GPG_ERR_SYNTAX;
2742 }
2743
2744 n = find_root_element(client->doc, &path, &rc, NULL, 0, FALSE);
2745
2746 if (!n)
2747 goto fail;
2748
2749 if (path[1]) {
2750 n = find_elements(client->doc, n->children, path+1, &rc,
2751 NULL, NULL, NULL, FALSE, 0, NULL, FALSE);
2752
2753 if (!n)
2754 goto fail;
2755 }
2756
2757 rc = add_attribute(n, req[0], req[2]);
2758
2759 fail:
2760 g_strfreev(path);
2761 return rc;
2762 }
2763
2764 /*
2765 * req[0] - command
2766 * req[1] - attribute name or element path if command is LIST
2767 * req[2] - element path
2768 * req[2] - element path or value
2769 */
2770 static gint attr_command(assuan_context_t ctx, gchar *line)
2771 {
2772 struct client_s *client = assuan_get_pointer(ctx);
2773 gchar **req;
2774 gpg_error_t rc = 0;
2775
2776 log_write2("ARGS=\"%s\"", line);
2777 req = split_input_line(line, " ", 4);
2778
2779 if (!req || !req[0] || !req[1]) {
2780 g_strfreev(req);
2781 return send_error(ctx, GPG_ERR_SYNTAX);
2782 }
2783
2784 pth_cleanup_push(req_cleanup, req);
2785
2786 if (g_ascii_strcasecmp(req[0], "SET") == 0)
2787 rc = attribute_set(client, req+1);
2788 else if (g_ascii_strcasecmp(req[0], "GET") == 0)
2789 rc = attribute_get(ctx, req+1);
2790 else if (g_ascii_strcasecmp(req[0], "DELETE") == 0)
2791 rc = attribute_delete(client, req+1);
2792 else if (g_ascii_strcasecmp(req[0], "LIST") == 0)
2793 rc = attribute_list(ctx, req+1);
2794 else
2795 rc = GPG_ERR_SYNTAX;
2796
2797 pth_cleanup_pop(1);
2798 return send_error(ctx, rc);
2799 }
2800
2801 static gint iscached_command(assuan_context_t ctx, gchar *line)
2802 {
2803 gchar **req = split_input_line(line, " ", 0);
2804 guchar md5file[16];
2805 gchar *path, *tmp;
2806
2807 if (!req || !*req) {
2808 g_strfreev(req);
2809 return send_error(ctx, GPG_ERR_SYNTAX);
2810 }
2811
2812 log_write2("ARGS=\"%s\"", line);
2813
2814 if (!valid_filename(req[0])) {
2815 g_strfreev(req);
2816 return GPG_ERR_INV_VALUE;
2817 }
2818
2819 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[0], strlen(req[0]));
2820 CACHE_LOCK(ctx);
2821
2822 if (cache_iscached(md5file)) {
2823 g_strfreev(req);
2824 CACHE_UNLOCK;
2825 return send_error(ctx, 0);
2826 }
2827
2828 CACHE_UNLOCK;
2829 tmp = get_key_file_string("global", "data_directory");
2830
2831 if (!tmp) {
2832 g_strfreev(req);
2833 return GPG_ERR_ENOMEM;
2834 }
2835
2836 path = expand_homedir(tmp);
2837
2838 if (!path) {
2839 g_strfreev(req);
2840 g_free(tmp);
2841 return GPG_ERR_ENOMEM;
2842 }
2843
2844 g_free(tmp);
2845 tmp = path;
2846 path = g_strdup_printf("%s/%s", tmp, req[0]);
2847 g_free(tmp);
2848
2849 if (!path) {
2850 g_strfreev(req);
2851 return GPG_ERR_ENOMEM;
2852 }
2853
2854 if (access(path, R_OK) == -1) {
2855 gpg_error_t rc = gpg_error_from_syserror();
2856
2857 g_free(path);
2858 g_strfreev(req);
2859 return send_error(ctx, rc);
2860 }
2861
2862 g_free(path);
2863 return send_error(ctx, GPG_ERR_NOT_FOUND);
2864 }
2865
2866 static gint clearcache_command(assuan_context_t ctx, gchar *line)
2867 {
2868 gchar **req = split_input_line(line, " ", 0);
2869 guchar md5file[16];
2870
2871 log_write2("ARGS=\"%s\"", line);
2872 CACHE_LOCK(ctx);
2873
2874 if (!req || !*req) {
2875 g_strfreev(req);
2876 cache_clear(NULL, 2);
2877 CACHE_UNLOCK;
2878 return send_error(ctx, 0);
2879 }
2880
2881 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[0], strlen(req[0]));
2882 g_strfreev(req);
2883 (void)cache_clear(md5file, 1);
2884 CACHE_UNLOCK;
2885 return send_error(ctx, 0);
2886 }
2887
2888 static gint cachetimeout_command(assuan_context_t ctx, gchar *line)
2889 {
2890 guchar md5file[16];
2891 glong timeout;
2892 gchar **req = split_input_line(line, " ", 0);
2893 gchar *p;
2894
2895 if (!req || !*req || !req[1]) {
2896 g_strfreev(req);
2897 return send_error(ctx, GPG_ERR_SYNTAX);
2898 }
2899
2900 errno = 0;
2901 timeout = strtol(req[1], &p, 10);
2902
2903 if (errno != 0 || *p != 0 || timeout < -1) {
2904 g_strfreev(req);
2905 return send_error(ctx, GPG_ERR_SYNTAX);
2906 }
2907
2908 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, req[0], strlen(req[0]));
2909 CACHE_LOCK(client->ctx);
2910
2911 if (cache_set_timeout(md5file, timeout) == FALSE) {
2912 CACHE_UNLOCK;
2913 return send_error(ctx, GPG_ERR_NOT_FOUND);
2914 }
2915
2916 CACHE_UNLOCK;
2917 return send_error(ctx, 0);
2918 }
2919
2920 static gint dump_command(assuan_context_t ctx, gchar *line)
2921 {
2922 xmlChar *xml;
2923 gint len;
2924 struct client_s *client = assuan_get_pointer(ctx);
2925 gpg_error_t rc;
2926
2927 if (disable_list_and_dump == TRUE)
2928 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
2929
2930 xmlDocDumpFormatMemory(client->doc, &xml, &len, 1);
2931
2932 if (!xml) {
2933 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2934 return send_error(ctx, GPG_ERR_ENOMEM);
2935 }
2936
2937 pth_cleanup_push(xmlFree, xml);
2938 rc = xfer_data(ctx, (gchar *)xml, len);
2939 pth_cleanup_pop(1);
2940 return send_error(ctx, rc);
2941 }
2942
2943 static gint getconfig_command(assuan_context_t ctx, gchar *line)
2944 {
2945 struct client_s *client = assuan_get_pointer(ctx);
2946 gpg_error_t rc = 0;
2947 gchar filename[255]={0}, param[747]={0};
2948 gchar *p, *tmp, *fp = client->filename, *paramp = line;
2949
2950 log_write2("ARGS=\"%s\"", line);
2951
2952 if (!line || !*line)
2953 return send_error(ctx, GPG_ERR_SYNTAX);
2954
2955 if (strchr(line, ' ')) {
2956 sscanf(line, " %254[^ ] %746c", filename, param);
2957 paramp = param;
2958 fp = filename;
2959 }
2960
2961 if (fp && !valid_filename(fp))
2962 return send_error(ctx, GPG_ERR_INV_VALUE);
2963
2964 paramp = g_ascii_strdown(paramp, -1);
2965
2966 if (!paramp) {
2967 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
2968 return send_error(ctx, GPG_ERR_ENOMEM);
2969 }
2970
2971 if (fp && !g_ascii_strcasecmp(paramp, "iterations")) {
2972 if (!(client->opts & OPT_ITERATIONS) || fp != client->filename) {
2973 file_header_internal_t *fh = read_file_header(fp, FALSE, &rc);
2974
2975 if (!fh && rc != GPG_ERR_ENOENT)
2976 return send_error(ctx, rc);
2977
2978 if (!rc) {
2979 g_free(paramp);
2980 p = g_strdup_printf("%llu", fh->ver.fh2.iter);
2981 close_file_header(fh);
2982
2983 if (!p) {
2984 log_write("%s(%i): %s", __FILE__, __LINE__,
2985 pwmd_strerror(GPG_ERR_ENOMEM));
2986 return send_error(ctx, GPG_ERR_ENOMEM);
2987 }
2988
2989 goto done;
2990 }
2991 }
2992 }
2993 else if (!g_ascii_strcasecmp(paramp, "enable_pinentry")) {
2994 #ifdef WITH_PINENTRY
2995 gboolean n;
2996
2997 if (fp == client->filename && (client->opts & OPT_PINENTRY))
2998 n = client->pinentry->enable;
2999 else
3000 n = get_key_file_boolean(fp, "enable_pinentry");
3001
3002 p = g_strdup_printf("%s", n ? "true" : "false");
3003
3004 if (!p) {
3005 log_write("%s(%i): %s", __FILE__, __LINE__,
3006 pwmd_strerror(GPG_ERR_ENOMEM));
3007 return send_error(ctx, GPG_ERR_ENOMEM);
3008 }
3009
3010 goto done;
3011 #else
3012 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
3013 #endif
3014 }
3015 else if (!g_ascii_strcasecmp(paramp, "pinentry_timeout")) {
3016 #ifdef WITH_PINENTRY
3017 p = g_strdup_printf("%i", get_key_file_integer(fp, "pinentry_timeout"));
3018
3019 if (!p) {
3020 log_write("%s(%i): %s", __FILE__, __LINE__,
3021 pwmd_strerror(GPG_ERR_ENOMEM));
3022 return send_error(ctx, GPG_ERR_ENOMEM);
3023 }
3024
3025 goto done;
3026 #else
3027 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
3028 #endif
3029 }
3030
3031 p = get_key_file_string(fp ? fp : "global", paramp);
3032 g_free(paramp);
3033
3034 if (!p)
3035 return send_error(ctx, GPG_ERR_UNKNOWN_OPTION);
3036
3037 tmp = expand_homedir(p);
3038 g_free(p);
3039
3040 if (!tmp) {
3041 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
3042 return send_error(ctx, GPG_ERR_ENOMEM);
3043 }
3044
3045 p = tmp;
3046 done:
3047 pth_cleanup_push(g_free, p);
3048 rc = xfer_data(ctx, p, strlen(p));
3049 pth_cleanup_pop(1);
3050 return send_error(ctx, rc);
3051 }
3052
3053 struct xpath_s {
3054 xmlXPathContextPtr xp;
3055 xmlXPathObjectPtr result;
3056 xmlBufferPtr buf;
3057 gchar **req;
3058 };
3059
3060 static void xpath_command_cleanup(void *arg)
3061 {
3062 struct xpath_s *xpath = arg;
3063
3064 req_cleanup(xpath->req);
3065
3066 if (xpath->buf)
3067 xmlBufferFree(xpath->buf);
3068
3069 if (xpath->result)
3070 xmlXPathFreeObject(xpath->result);
3071
3072 if (xpath->xp)
3073 xmlXPathFreeContext(xpath->xp);
3074 }
3075
3076 static gint xpath_command(assuan_context_t ctx, gchar *line)
3077 {
3078 struct client_s *client = assuan_get_pointer(ctx);
3079 gpg_error_t rc;
3080 struct xpath_s xpath;
3081
3082 log_write2("ARGS=\"%s\"", line);
3083
3084 if (disable_list_and_dump == TRUE)
3085 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
3086
3087 if (!line || !*line)
3088 return send_error(ctx, GPG_ERR_SYNTAX);
3089
3090 memset(&xpath, 0, sizeof(struct xpath_s));
3091
3092 if ((xpath.req = split_input_line(line, "\t", 2)) == NULL) {
3093 if (strv_printf(&xpath.req, "%s", line) == FALSE)
3094 return send_error(ctx, GPG_ERR_ENOMEM);
3095 }
3096
3097 xpath.xp = xmlXPathNewContext(client->doc);
3098
3099 if (!xpath.xp) {
3100 xpath_command_cleanup(&xpath);
3101 return send_error(ctx, EPWMD_LIBXML_ERROR);
3102 }
3103
3104 xpath.result = xmlXPathEvalExpression((xmlChar *)xpath.req[0], xpath.xp);
3105
3106 if (!xpath.result) {
3107 xpath_command_cleanup(&xpath);
3108 return send_error(ctx, EPWMD_LIBXML_ERROR);
3109 }
3110
3111 if (xmlXPathNodeSetIsEmpty(xpath.result->nodesetval)) {
3112 rc = GPG_ERR_ELEMENT_NOT_FOUND;
3113 goto fail;
3114 }
3115
3116 rc = recurse_xpath_nodeset(client->doc, xpath.result->nodesetval,
3117 (xmlChar *)xpath.req[1], &xpath.buf, 0, NULL);
3118
3119 if (rc)
3120 goto fail;
3121 else if (!xpath.req[1] && !xmlBufferLength(xpath.buf)) {
3122 rc = GPG_ERR_NO_VALUE;
3123 goto fail;
3124 }
3125 else if (xpath.req[1])
3126 goto fail;
3127
3128 pth_cleanup_push(xpath_command_cleanup, &xpath);
3129 rc = xfer_data(ctx, (gchar *)xmlBufferContent(xpath.buf),
3130 xmlBufferLength(xpath.buf));
3131 pth_cleanup_pop(0);
3132
3133 fail:
3134 xpath_command_cleanup(&xpath);
3135 return send_error(ctx, rc);
3136 }
3137
3138 /* XPATHATTR SET|DELETE <name> <expression>[<TAB>[value]] */
3139 static gint xpathattr_command(assuan_context_t ctx, gchar *line)
3140 {
3141 struct client_s *client = assuan_get_pointer(ctx);
3142 gpg_error_t rc;
3143 struct xpath_s xpath;
3144 gchar **req = NULL;
3145 gboolean cmd = FALSE; //SET
3146
3147 log_write2("ARGS=\"%s\"", line);
3148
3149 if (disable_list_and_dump == TRUE)
3150 return send_error(ctx, GPG_ERR_NOT_IMPLEMENTED);
3151
3152 if (!line || !*line)
3153 return send_error(ctx, GPG_ERR_SYNTAX);
3154
3155 memset(&xpath, 0, sizeof(struct xpath_s));
3156
3157 if ((req = split_input_line(line, " ", 3)) == NULL)
3158 return send_error(ctx, GPG_ERR_ENOMEM);
3159
3160 if (!req[0]) {
3161 rc = GPG_ERR_SYNTAX;
3162 goto fail;
3163 }
3164
3165 if (!g_ascii_strcasecmp(req[0], "SET"))
3166 cmd = FALSE;
3167 else if (!g_ascii_strcasecmp(req[0], "DELETE"))
3168 cmd = TRUE;
3169 else {
3170 rc = GPG_ERR_SYNTAX;
3171 goto fail;
3172 }
3173
3174 if (!req[1] || !req[2]) {
3175 rc = GPG_ERR_SYNTAX;
3176 goto fail;
3177 }
3178
3179 if ((xpath.req = split_input_line(req[2], "\t", 3)) == NULL) {
3180 rc = GPG_ERR_ENOMEM;
3181 goto fail;
3182 }
3183
3184 if (!xpath.req[0] || (!xpath.req[1] && !cmd) || (xpath.req[1] && cmd)) {
3185 rc = GPG_ERR_SYNTAX;
3186 goto fail;
3187 }
3188
3189 xpath.xp = xmlXPathNewContext(client->doc);
3190
3191 if (!xpath.xp) {
3192 rc = EPWMD_LIBXML_ERROR;
3193 goto fail;
3194 }
3195
3196 xpath.result = xmlXPathEvalExpression((xmlChar *)xpath.req[0], xpath.xp);
3197
3198 if (!xpath.result) {
3199 rc = EPWMD_LIBXML_ERROR;
3200 goto fail;
3201 }
3202
3203 if (xmlXPathNodeSetIsEmpty(xpath.result->nodesetval)) {
3204 rc = GPG_ERR_ELEMENT_NOT_FOUND;
3205 goto fail;
3206 }
3207
3208 rc = recurse_xpath_nodeset(client->doc, xpath.result->nodesetval,
3209 (xmlChar *)xpath.req[1], &xpath.buf, cmd, (xmlChar *)req[1]);
3210
3211 fail:
3212 g_strfreev(req);
3213 xpath_command_cleanup(&xpath);
3214 return send_error(ctx, rc);
3215 }
3216
3217 static gint import_command_finalize(gpointer data, gint assuan_rc, guchar *line,
3218 gsize len)
3219 {
3220 struct client_s *client = assuan_get_pointer((assuan_context_t)data);
3221 gpg_error_t rc = file_modified(client);
3222 gchar **req, **path = NULL, **path_orig = NULL, *content;
3223 xmlDocPtr doc = NULL;
3224 xmlNodePtr n, root, copy;
3225
3226 if (assuan_rc || rc) {
3227 if (line)
3228 xfree(line);
3229 return assuan_rc ? assuan_rc : rc;
3230 }
3231
3232 req = split_input_line((gchar *)line, "\t", 2);
3233 xfree(line);
3234
3235 if (!req || !*req)
3236 return GPG_ERR_SYNTAX;
3237
3238 content = req[0];
3239 path = split_input_line(req[1], "\t", 0);
3240
3241 if (!content || !*content) {
3242 rc = GPG_ERR_SYNTAX;
3243 goto fail;
3244 }
3245
3246 doc = xmlReadDoc((xmlChar *)content, NULL, "UTF-8", XML_PARSE_NOBLANKS);
3247
3248 if (!doc) {
3249 rc = EPWMD_LIBXML_ERROR;
3250 goto fail;
3251 }
3252
3253 root = xmlDocGetRootElement(doc);
3254 rc = validate_import(root);
3255
3256 if (rc)
3257 goto fail;
3258
3259 if (path) {
3260 path_orig = g_strdupv(path);
3261
3262 if (!path_orig) {
3263 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
3264 rc = GPG_ERR_ENOMEM;
3265 goto fail;
3266 }
3267
3268 xmlChar *a = xmlGetProp(root, (xmlChar *)"_name");
3269
3270 if (!a) {
3271 g_strfreev(path_orig);
3272 rc = GPG_ERR_ENOMEM;
3273 goto fail;
3274 }
3275
3276 if (strv_printf(&path, "%s", (gchar *)a) == FALSE) {
3277 xmlFree(a);
3278 g_strfreev(path_orig);
3279 rc = GPG_ERR_ENOMEM;
3280 goto fail;
3281 }
3282
3283 xmlFree(a);
3284 n = find_root_element(client->doc, &path, &rc, NULL, 0, FALSE);
3285
3286 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND) {
3287 g_strfreev(path_orig);
3288 goto fail;
3289 }
3290
3291 if (!rc) {
3292 n = find_elements(client->doc, n->children, path+1, &rc, NULL, NULL, NULL, FALSE, 0, NULL, TRUE);
3293
3294 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND) {
3295 g_strfreev(path_orig);
3296 goto fail;
3297 }
3298 else if (!rc) {
3299 xmlNodePtr parent = n->parent;
3300
3301 xmlUnlinkNode(n);
3302 xmlFreeNode(n);
3303 n = parent;
3304 }
3305 }
3306
3307 g_strfreev(path);
3308 path = path_orig;
3309
3310 if (rc == GPG_ERR_ELEMENT_NOT_FOUND) {
3311 n = create_element_path(client, &path, &rc);
3312
3313 if (rc)
3314 goto fail;
3315 }
3316
3317 copy = xmlCopyNodeList(root);
3318 n = xmlAddChildList(n, copy);
3319
3320 if (!n)
3321 rc = EPWMD_LIBXML_ERROR;
3322 }
3323 else {
3324 /* Check if the content root element can create a DTD root element. */
3325 if (!xmlStrEqual((xmlChar *)"element", root->name)) {
3326 rc = GPG_ERR_SYNTAX;
3327 goto fail;
3328 }
3329
3330 xmlChar *a;
3331
3332 if ((a = xmlGetProp(root, (xmlChar *)"_name")) == NULL) {
3333 rc = GPG_ERR_SYNTAX;
3334 goto fail;
3335 }
3336
3337 gchar *tmp = g_strdup((gchar *)a);
3338 xmlFree(a);
3339 gboolean literal = is_literal_element(&tmp);
3340
3341 if (!valid_xml_element((xmlChar *)tmp) || literal) {
3342 g_free(tmp);
3343 rc = GPG_ERR_INV_VALUE;
3344 goto fail;
3345 }
3346
3347 if (strv_printf(&path, "%s", tmp) == FALSE) {
3348 g_free(tmp);
3349 rc = GPG_ERR_ENOMEM;
3350 goto fail;
3351 }
3352
3353 g_free(tmp);
3354 n = find_root_element(client->doc, &path, &rc, NULL, 0, TRUE);
3355
3356 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND) {
3357 rc = EPWMD_LIBXML_ERROR;
3358 goto fail;
3359 }
3360
3361 /* Overwriting the existing tree. */
3362 if (!rc) {
3363 xmlUnlinkNode(n);
3364 xmlFreeNodeList(n);
3365 }
3366
3367 rc = 0;
3368 xmlSetProp(root, (xmlChar *)"_name", (xmlChar *)path[0]);
3369 n = xmlCopyNode(root, 1);
3370 n = xmlAddChildList(xmlDocGetRootElement(client->doc), n);
3371 }
3372
3373 if (n && !rc)
3374 rc = update_element_mtime(n->parent);
3375
3376 fail:
3377 if (doc)
3378 xmlFreeDoc(doc);
3379
3380 if (path)
3381 g_strfreev(path);
3382
3383 g_strfreev(req);
3384 client->inquire_status = INQUIRE_DONE;
3385 return rc;
3386 }
3387
3388 static gint import_command(assuan_context_t ctx, gchar *line)
3389 {
3390 gpg_error_t rc;
3391 struct client_s *client = assuan_get_pointer(ctx);
3392
3393 rc = assuan_inquire_ext(ctx, "IMPORT", 0, import_command_finalize, ctx);
3394
3395 if (rc)
3396 return send_error(ctx, rc);
3397
3398 /* Don't return with assuan_process_done() here. This is an INQUIRE. */
3399 client->inquire_status = INQUIRE_BUSY;
3400 return 0;
3401 }
3402
3403 static gpg_error_t do_lock_command(struct client_s *client)
3404 {
3405 gpg_error_t rc = lock_file_mutex(client);
3406
3407 if (!rc)
3408 client->is_lock_cmd = TRUE;
3409
3410 return client->opts & OPT_INQUIRE ? rc : send_error(client->ctx, rc);
3411 }
3412
3413 static gint lock_command(assuan_context_t ctx, gchar *line)
3414 {
3415 struct client_s *client = assuan_get_pointer(ctx);
3416
3417 return do_lock_command(client);
3418 }
3419
3420 static gint unlock_command(assuan_context_t ctx, gchar *line)
3421 {
3422 struct client_s *client = assuan_get_pointer(ctx);
3423
3424 unlock_file_mutex(client);
3425 return send_error(ctx, 0);
3426 }
3427
3428 static gint getpid_command(assuan_context_t ctx, gchar *line)
3429 {
3430 gpg_error_t rc;
3431 gchar buf[32];
3432 pid_t pid = getpid();
3433
3434 print_fmt(buf, sizeof(buf), "%i", pid);
3435 rc = xfer_data(ctx, buf, strlen(buf));
3436 return send_error(ctx, rc);
3437 }
3438
3439 static gint version_command(assuan_context_t ctx, gchar *line)
3440 {
3441 gpg_error_t rc;
3442 gchar *buf;
3443
3444 buf = g_strdup_printf("0x%X %s", VERSION_HEX,
3445 #ifdef WITH_PINENTRY
3446 "PINENTRY "
3447 #endif
3448 #ifdef WITH_QUALITY
3449 "QUALITY "
3450 #endif
3451 #ifdef WITH_LIBACL
3452 "ACL "
3453 #endif
3454 "");
3455 rc = xfer_data(ctx, buf, strlen(buf));
3456 g_free(buf);
3457 return send_error(ctx, rc);
3458 }
3459
3460 #ifdef WITH_PINENTRY
3461 static void set_option_value(gchar **opt, const gchar *value)
3462 {
3463 if (opt)
3464 g_free(*opt);
3465
3466 *opt = NULL;
3467
3468 if (value)
3469 *opt = g_strdup(value);
3470 }
3471 #endif
3472
3473 static gint set_unset_common(assuan_context_t ctx, const gchar *name,
3474 const gchar *value)
3475 {
3476 struct client_s *client = assuan_get_pointer(ctx);
3477 gpg_error_t rc;
3478
3479 if (g_ascii_strcasecmp(name, (gchar *)"log_level") == 0) {
3480 gint n = 0;
3481
3482 if (value) {
3483 n = atoi(value);
3484
3485 if (n < 0 || n > 2)
3486 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
3487 }
3488
3489 MUTEX_LOCK(&rcfile_mutex);
3490 g_key_file_set_integer(keyfileh, "global", "log_level", n);
3491 MUTEX_UNLOCK(&rcfile_mutex);
3492 goto done;
3493 }
3494 else if (g_ascii_strcasecmp(name, (gchar *)"rc_on_locked") == 0) {
3495 gint n = 0;
3496
3497 if (value) {
3498 n = atoi(value);
3499
3500 if (n < 0 || n > 1)
3501 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
3502 }
3503
3504 client->rc_on_locked = n ? TRUE : FALSE;
3505 goto done;
3506 }
3507 else if (g_ascii_strcasecmp(name, (gchar *)"lock_on_open") == 0) {
3508 rc = parse_open_opt_lock(client, (gpointer)value);
3509
3510 if (rc)
3511 return rc;
3512
3513 client->opts |= OPT_LOCK;
3514 }
3515 else if (g_ascii_strcasecmp(name, (gchar *)"cipher") == 0) {
3516 if (!value) {
3517 client->opts &= ~(OPT_CIPHER);
3518 goto done;
3519 }
3520
3521 rc = parse_save_opt_cipher(client, (gpointer)value);
3522
3523 if (rc)
3524 return rc;
3525
3526 client->opts |= OPT_CIPHER;
3527 goto done;
3528 }
3529 else if (g_ascii_strcasecmp(name, (gchar *)"iterations") == 0) {
3530 rc = parse_save_opt_iterations(client, (gpointer)value);
3531
3532 if (rc)
3533 return rc;
3534
3535 goto done;
3536 }
3537 else if (g_ascii_strcasecmp(name, (gchar *)"NAME") == 0) {
3538 pth_attr_t attr = pth_attr_of(pth_self());
3539 gchar buf[41];
3540
3541 if (!value) {
3542 pth_attr_destroy(attr);
3543 goto done;
3544 }
3545
3546 print_fmt(buf, sizeof(buf), "%s", value);
3547 pth_attr_set(attr, PTH_ATTR_NAME, buf);
3548 pth_attr_destroy(attr);
3549 #ifdef WITH_PINENTRY
3550 if (client->pinentry->name)
3551 g_free(client->pinentry->name);
3552
3553 client->pinentry->name = g_strdup(buf);
3554
3555 if (!client->pinentry->name)
3556 return GPG_ERR_ENOMEM;
3557 #endif
3558
3559 goto done;
3560 }
3561 #ifdef WITH_PINENTRY
3562 else if (g_ascii_strcasecmp(name, (gchar *)"lc_messages") == 0)
3563 set_option_value(&client->pinentry->lcmessages, value);
3564 else if (g_ascii_strcasecmp(name, (gchar *)"lc_ctype") == 0)
3565 set_option_value(&client->pinentry->lcctype, value);
3566 else if (g_ascii_strcasecmp(name, (gchar *)"ttyname") == 0)
3567 set_option_value(&client->pinentry->ttyname, value);
3568 else if (g_ascii_strcasecmp(name, (gchar *)"ttytype") == 0)
3569 set_option_value(&client->pinentry->ttytype, value);
3570 else if (g_ascii_strcasecmp(name, (gchar *)"display") == 0)
3571 set_option_value(&client->pinentry->display, value);
3572 else if (g_ascii_strcasecmp(name, (gchar *)"pinentry_path") == 0)
3573 set_option_value(&client->pinentry->path, value);
3574 else if (g_ascii_strcasecmp(name, (gchar *)"title") == 0)
3575 set_option_value(&client->pinentry->title, value);
3576 else if (g_ascii_strcasecmp(name, (gchar *)"prompt") == 0)
3577 set_option_value(&client->pinentry->prompt, value);
3578 else if (g_ascii_strcasecmp(name, (gchar *)"desc") == 0)
3579 set_option_value(&client->pinentry->desc, value);
3580 else if (g_ascii_strcasecmp(name, "pinentry_timeout") == 0) {
3581 gchar *p = NULL;
3582 gint n;
3583
3584 if (!value)
3585 goto done;
3586
3587 n = atoi(value);
3588
3589 if (*p || n < 0)
3590 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_INV_VALUE);
3591
3592 MUTEX_LOCK(&rcfile_mutex);
3593 g_key_file_set_integer(keyfileh, client->filename ? client->filename :
3594 "global", "pinentry_timeout", n);
3595 MUTEX_UNLOCK(&rcfile_mutex);
3596 goto done;
3597 }
3598 else if (g_ascii_strcasecmp(name, "enable_pinentry") == 0) {
3599 rc = parse_opt_pinentry(client, (gpointer)value);
3600
3601 if (rc)
3602 return rc;
3603
3604 goto done;
3605 }
3606 #else
3607 else if (g_ascii_strcasecmp(name, (gchar *)"lc_messages") == 0)
3608 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3609 else if (g_ascii_strcasecmp(name, (gchar *)"lc_ctype") == 0)
3610 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3611 else if (g_ascii_strcasecmp(name, (gchar *)"ttyname") == 0)
3612 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3613 else if (g_ascii_strcasecmp(name, (gchar *)"ttytype") == 0)
3614 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3615 else if (g_ascii_strcasecmp(name, (gchar *)"display") == 0)
3616 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3617 else if (g_ascii_strcasecmp(name, (gchar *)"pinentry_path") == 0)
3618 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3619 else if (g_ascii_strcasecmp(name, (gchar *)"title") == 0)
3620 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3621 else if (g_ascii_strcasecmp(name, (gchar *)"prompt") == 0)
3622 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3623 else if (g_ascii_strcasecmp(name, (gchar *)"desc") == 0)
3624 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3625 else if (g_ascii_strcasecmp(name, "pinentry_timeout") == 0)
3626 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3627 else if (g_ascii_strcasecmp(name, "enable_pinentry") == 0)
3628 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_NOT_IMPLEMENTED);
3629 #endif
3630 else
3631 return gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_UNKNOWN_OPTION);
3632
3633 done:
3634 return 0;
3635 }
3636
3637 static gint unset_command(assuan_context_t ctx, gchar *line)
3638 {
3639 log_write2("ARGS=\"%s\"", line);
3640 return send_error(ctx, set_unset_common(ctx, line, NULL));
3641 }
3642
3643 static gint set_command(assuan_context_t ctx, gchar *line)
3644 {
3645 gchar name[64] = {0}, value[256] = {0};
3646
3647 log_write2("ARGS=\"%s\"", line);
3648
3649 if (sscanf(line, " %63[_a-zA-Z] = %255c", name, value) != 2)
3650 return send_error(ctx, gpg_err_make(PWMD_ERR_SOURCE, GPG_ERR_SYNTAX));
3651
3652 return send_error(ctx, set_unset_common(ctx, name, value));
3653 }
3654
3655 static gint rename_command(assuan_context_t ctx, gchar *line)
3656 {
3657 struct client_s *client = assuan_get_pointer(ctx);
3658 gpg_error_t rc;
3659 gchar **req, **src, *dst;
3660 xmlNodePtr n, ndst;
3661
3662 log_write2("ARGS=\"%s\"", line);
3663 req = split_input_line(line, " ", -1);
3664
3665 if (!req || !req[0] || !req[1]) {
3666 g_strfreev(req);
3667 return send_error(ctx, GPG_ERR_SYNTAX);
3668 }
3669
3670 dst = req[1];
3671 is_literal_element(&dst);
3672
3673 if (!valid_xml_element((xmlChar *)dst)) {
3674 g_strfreev(req);
3675 return GPG_ERR_INV_VALUE;
3676 }
3677
3678 if (strchr(req[0], '\t'))
3679 src = split_input_line(req[0], "\t", -1);
3680 else
3681 src = split_input_line(req[0], " ", -1);
3682
3683 if (!src || !*src) {
3684 rc = GPG_ERR_SYNTAX;
3685 goto fail;
3686 }
3687
3688 n = find_root_element(client->doc, &src, &rc, NULL, 0, FALSE);
3689
3690 if (src[1] && n)
3691 n = find_elements(client->doc, n->children, src+1, &rc, NULL, NULL,
3692 NULL, FALSE, 0, NULL, FALSE);
3693
3694 if (!n)
3695 goto fail;
3696
3697
3698 xmlChar *a = xmlGetProp(n, (xmlChar *)"_name");
3699
3700 if (!a) {
3701 rc = GPG_ERR_ENOMEM;
3702 goto fail;
3703 }
3704
3705 /* To prevent unwanted effects:
3706 *
3707 * <root name="a"><b/></root>
3708 *
3709 * RENAME a<TAB>b b
3710 */
3711 if (xmlStrEqual(a, (xmlChar *)dst)) {
3712 xmlFree(a);
3713 rc = GPG_ERR_AMBIGUOUS_NAME;
3714 goto fail;
3715 }
3716
3717 xmlFree(a);
3718 gchar **tmp = NULL;
3719
3720 if (src[1]) {
3721 gchar **p;
3722
3723 for (p = src; *p; p++) {
3724 if (!*(p+1))
3725 break;
3726
3727 strv_printf(&tmp, "%s", *p);
3728 }
3729 }
3730
3731 strv_printf(&tmp, "!%s", dst);
3732 ndst = find_root_element(client->doc, &tmp, &rc, NULL, 0, FALSE);
3733
3734 if (!ndst && rc && rc != GPG_ERR_ELEMENT_NOT_FOUND) {
3735 g_strfreev(tmp);
3736 goto fail;
3737 }
3738
3739 if (tmp[1] && ndst)
3740 ndst = find_elements(client->doc, ndst->children, tmp+1, &rc, NULL,
3741 NULL, NULL, FALSE, 0, NULL, FALSE);
3742
3743 g_strfreev(tmp);
3744
3745 if (!ndst && rc && rc != GPG_ERR_ELEMENT_NOT_FOUND)
3746 goto fail;
3747
3748 rc = 0;
3749
3750 /* Target may exist:
3751 *
3752 * <root name="a"/>
3753 * <root name="b" target="a"/>
3754 *
3755 * RENAME b a
3756 *
3757 * Would need to do:
3758 * RENAME !b a
3759 */
3760 if (ndst == n) {
3761 rc = GPG_ERR_AMBIGUOUS_NAME;
3762 goto fail;
3763 }
3764
3765 if (ndst) {
3766 unlink_node(ndst);
3767 xmlFreeNodeList(ndst);
3768 }
3769
3770 rc = add_attribute(n, "_name", dst);
3771
3772 fail:
3773 g_strfreev(req);
3774 g_strfreev(src);
3775 return send_error(ctx, rc);
3776 }
3777
3778 static gint copy_command(assuan_context_t ctx, gchar *line)
3779 {
3780 struct client_s *client = assuan_get_pointer(ctx);
3781 gpg_error_t rc;
3782 gchar **req, **src = NULL, **dst = NULL;
3783 xmlNodePtr nsrc, ndst, new;
3784
3785 log_write2("ARGS=\"%s\"", line);
3786 req = split_input_line(line, " ", -1);
3787
3788 if (!req || !req[0] || !req[1]) {
3789 g_strfreev(req);
3790 return send_error(ctx, GPG_ERR_SYNTAX);
3791 }
3792
3793 if (strchr(req[0], '\t'))
3794 src = split_input_line(req[0], "\t", -1);
3795 else
3796 src = split_input_line(req[0], " ", -1);
3797
3798 if (!src || !*src) {
3799 rc = GPG_ERR_SYNTAX;
3800 goto fail;
3801 }
3802
3803 if (strchr(req[1], '\t'))
3804 dst = split_input_line(req[1], "\t", -1);
3805 else
3806 dst = split_input_line(req[1], " ", -1);
3807
3808 if (!dst || !*dst) {
3809 rc = GPG_ERR_SYNTAX;
3810 goto fail;
3811 }
3812
3813 nsrc = find_root_element(client->doc, &src, &rc, NULL, 0, FALSE);
3814
3815 if (nsrc && src[1])
3816 nsrc = find_elements(client->doc, nsrc->children, src+1, &rc, NULL,
3817 NULL, NULL, FALSE, 0, NULL, FALSE);
3818
3819 if (!nsrc)
3820 goto fail;
3821
3822 ndst = find_root_element(client->doc, &dst, &rc, NULL, 0, FALSE);
3823
3824 if (ndst && dst[1])
3825 ndst = find_elements(client->doc, ndst->children, dst+1, &rc, NULL,
3826 NULL, NULL, FALSE, 0, NULL, FALSE);
3827
3828 if (!ndst && rc != GPG_ERR_ELEMENT_NOT_FOUND)
3829 goto fail;
3830
3831 new = xmlCopyNodeList(nsrc);
3832
3833 if (!new) {
3834 rc = GPG_ERR_ENOMEM;
3835 goto fail;
3836 }
3837
3838 if (!ndst)
3839 ndst = create_element_path(client, &dst, &rc);
3840
3841 if (!ndst) {
3842 xmlUnlinkNode(new);
3843 xmlFreeNodeList(new);
3844 goto fail;
3845 }
3846
3847 /* Merge any attributes from the src node to the initial dst node. */
3848 for (xmlAttrPtr attr = new->properties; attr; attr = attr->next) {
3849 if (xmlStrEqual(attr->name, (xmlChar *)"_name"))
3850 continue;
3851
3852 xmlAttrPtr a = xmlHasProp(ndst, attr->name);
3853
3854 if (a)
3855 xmlRemoveProp(a);
3856
3857 xmlChar *tmp = xmlNodeGetContent(attr->children);
3858 xmlNewProp(ndst, attr->name, tmp);
3859 xmlFree(tmp);
3860 rc = add_attribute(ndst, NULL, NULL);
3861 }
3862
3863 xmlNodePtr n = ndst->children;
3864 xmlUnlinkNode(n);
3865 xmlFreeNodeList(n);
3866 ndst->children = NULL;
3867
3868 if (!new->children) {
3869 xmlUnlinkNode(new);
3870 xmlFreeNodeList(new);
3871 goto fail;
3872 }
3873
3874 n = xmlCopyNodeList(new->children);
3875
3876 if (!n) {
3877 rc = GPG_ERR_ENOMEM;
3878 goto fail;
3879 }
3880
3881 xmlUnlinkNode(new);
3882 xmlFreeNodeList(new);
3883 n = xmlAddChildList(ndst, n);
3884
3885 if (!n) {
3886 rc = GPG_ERR_ENOMEM;
3887 goto fail;
3888 }
3889
3890 rc = update_element_mtime(xmlDocGetRootElement(client->doc) == ndst->parent ? ndst : ndst->parent);
3891
3892 fail:
3893 if (req)
3894 g_strfreev(req);
3895
3896 if (src)
3897 g_strfreev(src);
3898
3899 if (dst)
3900 g_strfreev(dst);
3901
3902 return send_error(ctx, rc);
3903 }
3904
3905 static gint move_command(assuan_context_t ctx, gchar *line)
3906 {
3907 struct client_s *client = assuan_get_pointer(ctx);
3908 gpg_error_t rc;
3909 gchar **req, **src = NULL, **dst = NULL;
3910 xmlNodePtr nsrc, ndst = NULL;
3911
3912 log_write2("ARGS=\"%s\"", line);
3913 req = split_input_line(line, " ", -1);
3914
3915 if (!req || !req[0] || !req[1]) {
3916 g_strfreev(req);
3917 return send_error(ctx, GPG_ERR_SYNTAX);
3918 }
3919
3920 if (strchr(req[0], '\t'))
3921 src = split_input_line(req[0], "\t", -1);
3922 else
3923 src = split_input_line(req[0], " ", -1);
3924
3925 if (!src || !*src) {
3926 rc = GPG_ERR_SYNTAX;
3927 goto fail;
3928 }
3929
3930 if (strchr(req[1], '\t'))
3931 dst = split_input_line(req[1], "\t", -1);
3932 else
3933 dst = split_input_line(req[1], " ", -1);
3934
3935 nsrc = find_root_element(client->doc, &src, &rc, NULL, 0, FALSE);
3936
3937 if (nsrc && src[1])
3938 nsrc = find_elements(client->doc, nsrc->children, src+1, &rc, NULL,
3939 NULL, NULL, FALSE, 0, NULL, FALSE);
3940
3941 if (!nsrc)
3942 goto fail;
3943
3944 if (dst) {
3945 ndst = find_root_element(client->doc, &dst, &rc, NULL, 0, FALSE);
3946
3947 if (ndst && dst[1])
3948 ndst = find_elements(client->doc, ndst->children, dst+1, &rc, NULL,
3949 NULL, NULL, FALSE, 0, NULL, FALSE);
3950 }
3951 else
3952 ndst = xmlDocGetRootElement(client->doc);
3953
3954 for (xmlNodePtr n = ndst; n; n = n->parent) {
3955 if (n == nsrc) {
3956 rc = GPG_ERR_CONFLICT;
3957 goto fail;
3958 }
3959 }
3960
3961 if (rc && rc != GPG_ERR_ELEMENT_NOT_FOUND)
3962 goto fail;
3963
3964 rc = 0;
3965
3966 if (ndst) {
3967 xmlChar *a = node_has_attribute(nsrc, (xmlChar *)"_name");
3968 xmlNodePtr dup = find_element(ndst->children, (gchar *)a, NULL);
3969
3970 xmlFree(a);
3971
3972 if (dup) {
3973 if (dup == nsrc)
3974 goto fail;
3975
3976 if (ndst == xmlDocGetRootElement(client->doc)) {
3977 xmlNodePtr n = nsrc;
3978 gboolean match = FALSE;
3979
3980 while (n->parent && n->parent != ndst)
3981 n = n->parent;
3982
3983 xmlChar *a = node_has_attribute(n, (xmlChar *)"_name");
3984 xmlChar *b = node_has_attribute(nsrc, (xmlChar *)"_name");
3985
3986 if (xmlStrEqual(a, b)) {
3987 match = TRUE;
3988 xmlUnlinkNode(nsrc);
3989 xmlUnlinkNode(n);
3990 xmlFreeNodeList(n);
3991 }
3992
3993 xmlFree(a);
3994 xmlFree(b);
3995
3996 if (!match) {
3997 xmlUnlinkNode(dup);
3998 xmlFreeNodeList(dup);
3999 }
4000 }
4001 else
4002 xmlUnlinkNode(dup);
4003 }
4004 }
4005
4006 if (!ndst && dst)
4007 ndst = create_element_path(client, &dst, &rc);
4008
4009 if (!ndst)
4010 goto fail;
4011
4012 update_element_mtime(nsrc->parent);
4013 xmlUnlinkNode(nsrc);
4014 ndst = xmlAddChildList(ndst, nsrc);
4015
4016 if (!ndst)
4017 rc = GPG_ERR_ENOMEM;
4018
4019 update_element_mtime(ndst->parent);
4020
4021 fail:
4022 if (req)
4023 g_strfreev(req);
4024
4025 if (src)
4026 g_strfreev(src);
4027
4028 if (dst)
4029 g_strfreev(dst);
4030
4031 return send_error(ctx, rc);
4032 }
4033
4034 static int ls_command(assuan_context_t ctx, gchar *line)
4035 {
4036 log_write2("ARGS=\"%s\"", line);
4037 gpg_error_t rc;
4038 gchar *tmp = g_key_file_get_string(keyfileh, "global", "data_directory", NULL);
4039 gchar *dir = expand_homedir(tmp);
4040 DIR *d = opendir(dir);
4041
4042 rc = gpg_error_from_syserror();
4043 g_free(tmp);
4044
4045 if (!d) {
4046 g_free(dir);
4047 return send_error(ctx, rc);
4048 }
4049
4050 size_t len = offsetof(struct dirent, d_name)+pathconf(dir, _PC_NAME_MAX)+1;
4051 struct dirent *p = g_malloc(len), *cur = NULL;
4052 gchar *list = NULL;
4053
4054 g_free(dir);
4055 rc = 0;
4056
4057 while (!readdir_r(d, p, &cur) && cur) {
4058 if (cur->d_name[0] == '.' && cur->d_name[1] == '\0')
4059 continue;
4060 else if (cur->d_name[0] == '.' && cur->d_name[1] == '.' && cur->d_name[2] == '\0')
4061 continue;
4062
4063 tmp = g_strdup_printf("%s%s\n", list ? list : "", cur->d_name);
4064
4065 if (!tmp) {
4066 if (list)
4067 g_free(list);
4068
4069 rc = GPG_ERR_ENOMEM;
4070 break;
4071 }
4072
4073 g_free(list);
4074 list = tmp;
4075 }
4076
4077 closedir(d);
4078 g_free(p);
4079
4080 if (rc)
4081 return send_error(ctx, rc);
4082
4083 if (!list)
4084 return send_error(ctx, GPG_ERR_NO_VALUE);
4085
4086 list[strlen(list)-1] = 0;
4087 rc = xfer_data(ctx, list, strlen(list));
4088 g_free(list);
4089 return send_error(ctx, rc);
4090 }
4091
4092 static void bye_notify(assuan_context_t ctx)
4093 {
4094 struct client_s *cl = assuan_get_pointer(ctx);
4095
4096 /* This will let assuan_process_next() return. */
4097 fcntl(cl->thd->fd, F_SETFL, O_NONBLOCK);
4098 cl->last_rc = 0; // BYE command result
4099 }
4100
4101 static void reset_notify(assuan_context_t ctx)
4102 {
4103 struct client_s *cl = assuan_get_pointer(ctx);
4104
4105 if (cl)
4106 cleanup_client(cl);
4107 }
4108
4109 /*
4110 * This is called before every Assuan command.
4111 */
4112 gint command_startup(assuan_context_t ctx, const gchar *name)
4113 {
4114 struct client_s *cl = assuan_get_pointer(ctx);
4115 gpg_error_t rc;
4116
4117 log_write1("%s", name);
4118
4119 for (int i = 0; command_table[i]; i++) {
4120 if (!g_ascii_strcasecmp(name, command_table[i]->name) &&
4121 command_table[i]->ignore_startup)
4122 return 0;
4123 }
4124
4125 #ifdef WITH_PINENTRY
4126 if (!(cl->opts & OPT_PINENTRY))
4127 reset_pin_defaults(cl->pinentry);
4128 #endif
4129
4130 cl->last_rc = rc = file_modified(cl);
4131
4132 if (rc) {
4133 if ((rc == EPWMD_NO_FILE || rc == EPWMD_FILE_MODIFIED) &&
4134 !g_ascii_strcasecmp(name, "OPEN"))
4135 rc = 0;
4136 }
4137
4138 return rc;
4139 }
4140
4141 /*
4142 * This is called after every Assuan command.
4143 */
4144 void command_finalize(assuan_context_t ctx, gint rc)
4145 {
4146 struct client_s *client = assuan_get_pointer(ctx);
4147
4148 if (!client->is_lock_cmd)
4149 unlock_file_mutex(client);
4150
4151 log_write1(N_("command completed (rc=%u)"), client->last_rc);
4152 client->opts &= ~(OPT_INQUIRE);
4153 client->opts &= ~(OPT_BASE64);
4154 }
4155
4156 static gint help_command(assuan_context_t ctx, gchar *line)
4157 {
4158 gpg_error_t rc;
4159 gint i;
4160
4161 if (!line || !*line) {
4162 gchar *tmp;
4163 gchar *buf = g_strdup(N_(
4164 "Usage: HELP [<COMMAND>]\n"
4165 " For commands that take an element path as an argument, each element is\n"
4166 " separated with an ASCII tab character (ASCII 0x09).\n"
4167 "\n"
4168 " Each element may contain a \"target\" attribute whose value is also an\n"
4169 " element path. Think of a \"target\" attribute like a symbolic link on a\n"
4170 " filesystem. When found, the element path of the \"target\" attribute will\n"
4171 " be used as a prefix for further elements in the current element path. To\n"
4172 " ignore any \"target\" attribute for the current element, prefix the element\n"
4173 " with an ! (ASCII 0x21).\n"
4174 "\n"
4175 " See pwmd(1) for configuration file options which may also set default\n"
4176 " options for specific data files.\n"
4177 "\n"
4178 "COMMANDS:"));
4179
4180 for (i = 0; command_table[i]; i++) {
4181 gchar *p = strrchr(buf, '\n');
4182 gboolean newline = FALSE;
4183
4184 if (!command_table[i]->help)
4185 continue;
4186
4187 if (p && strlen(p)+strlen(command_table[i]->name) > 79) {
4188 tmp = g_strdup_printf("%s\n", buf);
4189 g_free(buf);
4190 buf = tmp;
4191 newline = TRUE;
4192 }
4193
4194 tmp = g_strdup_printf("%s%s%s", buf, !newline ? " " : "",
4195 command_table[i]->name);
4196 g_free(buf);
4197 buf = tmp;
4198 }
4199
4200 tmp = g_strdup_printf("%s\n", buf);
4201 g_free(buf);
4202 buf = tmp;
4203 rc = xfer_data(ctx, buf, strlen(buf));
4204 g_free(buf);
4205 return send_error(ctx, rc);
4206 }
4207
4208 for (i = 0; command_table[i]; i++) {
4209 if (!g_strcasecmp(line, command_table[i]->name)) {
4210 if (!command_table[i]->help)
4211 break;
4212
4213 gchar *tmp = g_strdup_printf(N_("Usage: %s"), command_table[i]->help);
4214 rc = xfer_data(ctx, tmp, strlen(tmp));
4215 g_free(tmp);
4216 return send_error(ctx, rc);
4217 }
4218 }
4219
4220 return send_error(ctx, GPG_ERR_INV_NAME);
4221 }
4222
4223 void new_command(const gchar *name, gboolean ignore,
4224 gint (*handler)(assuan_context_t, gchar *), const gchar *help)
4225 {
4226 gint i = 0;
4227
4228 if (command_table)
4229 for (i = 0; command_table[i]; i++);
4230
4231 command_table = g_realloc(command_table, (i+2)*sizeof(struct command_table_s *));
4232 command_table[i] = g_malloc0(sizeof(struct command_table_s));
4233 command_table[i]->name = name;
4234 command_table[i]->handler = handler;
4235 command_table[i]->ignore_startup = ignore;
4236 command_table[i++]->help = help;
4237 command_table[i] = NULL;
4238 }
4239
4240 void deinit_commands()
4241 {
4242 gint i;
4243
4244 for (i = 0; command_table[i]; i++)
4245 g_free(command_table[i]);
4246
4247 g_free(command_table);
4248 }
4249
4250 static gint sort_commands(const void *arg1, const void *arg2)
4251 {
4252 struct command_table_s* const *a = arg1;
4253 struct command_table_s* const *b = arg2;
4254
4255 if (!*a || !*b)
4256 return 0;
4257 else if (*a && !*b)
4258 return 1;
4259 else if (!*a && *b)
4260 return -1;
4261
4262 return strcmp((*a)->name, (*b)->name);
4263 }
4264
4265 void init_commands()
4266 {
4267 /* !BEGIN-HELP-TEXT!
4268 *
4269 * This comment is used as a marker to generate the offline documentation
4270 * for commands found in doc/COMMANDS.
4271 */
4272 new_command("HELP", TRUE, help_command, N_(
4273 "HELP [<COMMAND>]\n"
4274 " Show available commands or command specific help text.\n"
4275 ));
4276
4277 new_command("OPEN", FALSE, open_command, N_(
4278 "OPEN [--lock] [--inquire | --pinentry=[0|1]] [--base64] <filename> [<key>]\n"
4279 " Opens <filename> using <key>. When the filename is not found on the\n"
4280 " file-system a new document will be created. If the file is found, it is\n"
4281 " looked for in the file cache for an existing key. When found and no key\n"
4282 " was specified, the cached key will be used for decryption (if encrypted).\n"
4283 " When not found, pinentry(1) will be used to retrieve the key (see the\n"
4284 " OPTIONS documentation).\n"
4285 "\n"
4286 " When the --lock option is passed then the file mutex will be locked as if\n"
4287 " the LOCK command had been sent after the file had been opened.\n"
4288 "\n"
4289 " The --inquire option disables pinentry usage and uses a server inquire to\n"
4290 " retrieve the filename and key arguments.\n"
4291 "\n"
4292 " Using pinentry for passphrase retrieval can be enabled or disabled by\n"
4293 " specifying the --pinentry option with the value 1 or 0 respectively. When\n"
4294 " no value is specified then the configuration file value will be used. If\n"
4295 " the passphrase is invalid then it is up to the client whether to retry or\n"
4296 " not. To decrypt an encrypted file with an empty passphrase and avoid the\n"
4297 " pinentry dialog, use --pinentry=0.\n"
4298 "\n"
4299 " When a \"key_file\" configuration parameter has been set for the current\n"
4300 " file and there is no cache entry, then an --inquire must be used to\n"
4301 " retrieve the key.\n"
4302 "\n"
4303 " The --base64 option specifies that the key is Base64 encoded. It will be\n"
4304 " decoded before doing decryption. This allows for binary keys and may also\n"
4305 " be used with --inquire. This option is ignored when a pinentry is used.\n"
4306 ));
4307
4308 new_command("SAVE", FALSE, save_command, N_(
4309 "SAVE [--reset] [--inquire | --pinentry=[0|1]] [--cipher=[<string>]]\n"
4310 " [--iterations=[N]] [--base64] [<key>]\n"
4311 " Writes the XML document to disk. The file written to is the file that was\n"
4312 " opened using the OPEN command. If <key> is not specified then the\n"
4313 " currently cached key will be used. If the file is a new file or the file\n"
4314 " is not found in the file cache then <key> will be used. If both <key> is\n"
4315 " not specified and the file is not cached then pinentry(1) will be used to\n"
4316 " retrieve the key (see below) unless the configured number of iterations is\n"
4317 " 0 in which case the file will be saved unencrypted.\n"
4318 "\n"
4319 " Note that when both <key> is specified and the configured number of\n"
4320 " iterations is 0 the iterations for the current filename will be reset to\n"
4321 " 1. This is to be on the safe side and prevent misuse.\n"
4322 "\n"
4323 " The --iterations option can be used to change the number of encryption\n"
4324 " iterations for the opened file. When 0 no encryption will be performed.\n"
4325 " When this option is either not passed or is specified without a value then\n"
4326 " the previous setting obtained from the file header will be used.\n"
4327 "\n"
4328 " You can specify an alternate cipher to encrypt with by specifying a cipher\n"
4329 " string with the --cipher option. Omitting the string uses the current\n"
4330 " cipher of the opened file or the default if the file is a new one. The\n"
4331 " default is specified in the configuration file. See pwmd(1) for available\n"
4332 " ciphers.\n"
4333 "\n"
4334 " Using pinentry for passphrase retrieval can be enabled or disabled by\n"
4335 " specifying the --pinentry option with the value 1 or 0, respectively. When\n"
4336 " no value is specified then the configuration file value will be used.\n"
4337 " When enabled and the passphrase confirmation fails, the pinentry process\n"
4338 " is started over again until either the passphrases match or until the\n"
4339 " input is canceled by the user. To save with encryption and with an empty\n"
4340 " passphrase, use --pinentry=0.\n"
4341 "\n"
4342 " When --reset is specified then the cached passphrase for the opened file\n"
4343 " will be cleared before doing the actual SAVE as if the CLEARCACHE command\n"
4344 " had been sent.\n"
4345 "\n"
4346 " The --inquire option disables pinentry usage and uses a server inquire to\n"
4347 " retrieve the key.\n"
4348 "\n"
4349 " When a \"key_file\" configuration parameter has been set for the current\n"
4350 " file and there is no cache entry, then an --inquire must be used to\n"
4351 " retrieve the key.\n"
4352 "\n"
4353 " The --base64 option specifies that the key is Base64 encoded. It will be\n"
4354 " decoded before doing encryption. This allows for binary keys and may also\n"
4355 " be used with --inquire. This option is ignored when a pinentry is used.\n"
4356 ));
4357
4358 new_command("ISCACHED", TRUE, iscached_command, N_(
4359 "ISCACHED <filename>\n"
4360 " An OK response is returned if the specified file is found in the file\n"
4361 " cache. If not found in the cache but exists on the filesystem,\n"
4362 " GPG_ERR_NOT_FOUND is returned. Otherwise a filesystem error is returned.\n"
4363 ));
4364
4365 new_command("CLEARCACHE", TRUE, clearcache_command, N_(
4366 "CLEARCACHE [<filename>]\n"
4367 " Clears a file cache entry. This will forget the timeout and key for all or\n"
4368 " the specified file. Always returns an OK response.\n"
4369 ));
4370
4371 new_command("CACHETIMEOUT", TRUE, cachetimeout_command, N_(
4372 "CACHETIMEOUT <filename> <seconds>\n"
4373 " Specify the number of seconds the specified file will be cached. -1 will\n"
4374 " keep the cache entry forever, 0 will require the key each time the OPEN or\n"
4375 " SAVE commands are used. Also see the \"cache_timeout\" configuration\n"
4376 " parameter. Returns ERR if the filename is not cached or if the timeout is\n"
4377 " invalid. OK otherwise.\n"
4378 ));
4379
4380 new_command("LIST", FALSE, list_command, N_(
4381 "LIST [--no-recurse] [--verbose] [[!]element[<TAB>[!]element[...]]]\n"
4382 " If no element path is given then a newline separated list of root elements\n"
4383 " is returned with the data response. If given, then all reachable elements\n"
4384 " for the specified element path are returned unless the --no-recurse option\n"
4385 " is specified. If specified, only the child elements of the element path\n"
4386 " are returned without recursing into grandchildren. Each element in the\n"
4387 " path is prefixed with the literal '!' character when the element contains\n"
4388 " no \"target\" attribute. Refer to THE TARGET ATTRIBUTE for more information.\n"
4389 "\n"
4390 " When the --verbose option is passed then each element path returned in the\n"
4391 " list will have a single space character followed by either a 0 or 1\n"
4392 " appended to it. When 0, the element path has no children, otherwise it\n"
4393 " does have children. When used with the --no-recurse option this may be\n"
4394 " useful to limit the amount of data transferred to the client.\n"
4395 ));
4396
4397 new_command("REALPATH", FALSE, realpath_command, N_(
4398 "REALPATH [!]element[<TAB>[!]element[...]]\n"
4399 " Resolves all \"target\" attributes of the specified element path and returns\n"
4400 " the result with a data response.\n"
4401 ));
4402
4403 new_command("STORE", FALSE, store_command, N_(
4404 "STORE [!]element[[<TAB>[!]element[...]]<TAB>[content]]\n"
4405 " Creates a new element path or modifies the content of an existing element\n"
4406 " path. If only a single element is specified, a new root element is\n"
4407 " created. Otherwise, elements are TAB delimited and the content will be set\n"
4408 " to the last TAB delimited argument. If no content is specified after the\n"
4409 " last TAB then the content for the last specified element will be removed,\n"
4410 " or empty when creating a new element.\n"
4411 "\n"
4412 " The only restriction of an element name is that it not contain whitespace\n"
4413 " or begin with the literal element character '!' unless specifying a\n"
4414 " literal element. There is no whitespace between the TAB delimited\n"
4415 " elements. It is recommended that the value or content be base 64 encoded\n"
4416 " when it contains control or TAB characters to prevent XML and pwmd parsing\n"
4417 " errors.\n"
4418 "\n"
4419 " This command uses a server INQUIRE to retrieve the data from the client.\n"
4420 ));
4421
4422 new_command("RENAME", FALSE, rename_command, N_(
4423 "RENAME [!]element[<TAB>[!]element[...]] <value>\n"
4424 " Renames the specified element to the new value. If an element of the same\n"
4425 " name as the value exists then it will be overwritten.\n"
4426 ));
4427
4428 new_command("COPY", FALSE, copy_command, N_(
4429 "COPY [!]element[<TAB>[!]element[...]] [!]element[<TAB>[!]element[...]]\n"
4430 " Copies the entire element tree starting from the child node of the source\n"
4431 " element path, to the destination element path. If the destination element\n"
4432 " path does not exist then it will be created; otherwise it is overwritten.\n"
4433 "\n"
4434 " Note that attributes from the source element path are merged into the\n"
4435 " destination element path when the destination element path exists. When an\n"
4436 " attribute of the same name exists in both the source and destination\n"
4437 " element paths then the destination attribute will be updated to the source\n"
4438 " attribute value.\n"
4439 ));
4440
4441 new_command("MOVE", FALSE, move_command, N_(
4442 "MOVE [!]element[<TAB>[!]element[...]] [[!]element[<TAB>[!]element[...]]]\n"
4443 " Moves the source element path to the destination element path. If the\n"
4444 " destination is not specified then it will be moved to the root of the\n"
4445 " document. If the destination is specified and exists then it will be\n"
4446 " overwritten; otherwise it will be created.\n"
4447 ));
4448
4449 new_command("DELETE", FALSE, delete_command, N_(
4450 "DELETE [!]element[<TAB>[!]element[...]]\n"
4451 " Removes the specified element path and any children from the XML document.\n"
4452 ));
4453
4454 new_command("GET", FALSE, get_command, N_(
4455 "GET [!]element[<TAB>[!]element[...]]\n"
4456 " Retrieves the content or XML text node of the specified element path. The\n"
4457 " content is returned with a data response.\n"
4458 ));
4459
4460 new_command("ATTR", FALSE, attr_command, N_(
4461 "ATTR SET|GET|DELETE|LIST [<attribute>] [!]<arg1> [!][arg2]\n"
4462 " ATTR SET attribute [!]element[<TAB>[!]element[...]] [attribute_value]\n"
4463 " Stores or updates an attribute name and optional value of an element\n"
4464 " path.\n"
4465 "\n"
4466 " ATTR DELETE attribute [!]element[<TAB>[!]element[...]]\n"
4467 " Removes an attribute from an element path.\n"
4468 "\n"
4469 " ATTR LIST [!]element[<TAB>[!]element[...]]\n"
4470 " Retrieves a newline separated list of attributes names and values from\n"
4471 " the specified element path. The attribute names and values are space\n"
4472 " delimited.\n"
4473 "\n"
4474 " ATTR GET attribute [!]element[<TAB>[!]element[...]]\n"
4475 " Retrieves the value of an attribute from an element path.\n"
4476 "\n"
4477 " The \"_name\" attribute (case sensitive) cannot be removed with ATTR DELETE\n"
4478 " if the element path is the root element. Although it can be SET to change\n"
4479 " the element name but only if the destination element name doesn't exist.\n"
4480 " Use the RENAME command for that instead.\n"
4481 "\n"
4482 " The \"_mtime\" attribute is updated each time an element is modified by\n"
4483 " either storing content, editing attributes or by deleting a child element.\n"
4484 "\n"
4485 " Also see THE TARGET ATTRIBUTE.\n"
4486 ));
4487
4488 new_command("XPATH", FALSE, xpath_command, N_(
4489 "XPATH <expression>[<TAB>[value]]\n"
4490 " Evaluates an XPath expression. If no value argument is specified, it is\n"
4491 " assumed the expression is a request to return a result. Otherwise, the\n"
4492 " result is set to the value argument and the document is updated. If there\n"
4493 " is no value after the <TAB> character, the value is assumed to be empty\n"
4494 " and the document is updated.\n"
4495 ));
4496
4497 new_command("XPATHATTR", FALSE, xpathattr_command, N_(
4498 "XPATHATTR SET|DELETE <name> <expression>[<TAB>[<value>]]\n"
4499 " Like the XPATH command but operates on element attributes and won't return\n"
4500 " a result. For the SET operation the <value> is optional but the field is\n"
4501 " required in which case the value will be empty.\n"
4502 ));
4503
4504 new_command("IMPORT", FALSE, import_command, N_(
4505 "IMPORT <content>[<TAB>[!]element[<TAB>[!]element[...]]]\n"
4506 " Like the STORE command (an INQUIRE), but the content argument is raw XML\n"
4507 " data. The content is created as a child of the specified element path. If\n"
4508 " an element of the element path does not exist then it is created. If no\n"
4509 " element path is specified then the content must begin with an pwmd DTD\n"
4510 " root element.\n"
4511 "\n"
4512 " Note that the new content must begin with an XML element node. Also note\n"
4513 " that an existing child node of the same element name as the root node of\n"
4514 " the imported content will be overwritten.\n"
4515 ));
4516
4517 new_command("DUMP", FALSE, dump_command, N_(
4518 "DUMP\n"
4519 " Shows the in memory XML document with indenting. To dump a specific\n"
4520 " element tree, use the XPATH command.\n"
4521 ));
4522
4523 new_command("LOCK", FALSE, lock_command, N_(
4524 "LOCK\n"
4525 " Locks the mutex associated with the opened file. This prevents other\n"
4526 " clients from sending commands to the same opened file until the client\n"
4527 " that sent this command either disconnects or sends the UNLOCK command.\n"
4528 ));
4529
4530 new_command("UNLOCK", FALSE, unlock_command, N_(
4531 "UNLOCK\n"
4532 " Unlocks the file mutex which was locked with the LOCK command.\n"
4533 ));
4534
4535 new_command("GETPID", TRUE, getpid_command, N_(
4536 "GETPID\n"
4537 " Retrieves the process id of the server.\n"
4538 ));
4539
4540 new_command("GETCONFIG", TRUE, getconfig_command, N_(
4541 "GETCONFIG [filename] <parameter>\n"
4542 " Returns the value of a pwmd configuration variable with a data response.\n"
4543 " If no file has been opened then the value for the specified file or the\n"
4544 " default from the \"global\" section will be returned. If a file has been\n"
4545 " opened and no filename is specified, the value previously set with the SET\n"
4546 " command, if any, will be returned.\n"
4547 "\n"
4548 " If there is no such configuration parameter defined, GPG_ERR_UNKNOWN_OPTION\n"
4549 " is returned.\n"
4550 ));
4551
4552 new_command("VERSION", TRUE, version_command, N_(
4553 "VERSION\n"
4554 " Returns the server version number and compile-time features with a data\n"
4555 " response with each being space delimited.\n"
4556 ));
4557
4558 new_command("SET", TRUE, set_command, N_(
4559 "SET <NAME>=<VALUE>\n"
4560 " Sets a client option NAME to VALUE. Use the UNSET command to reset an\n"
4561 " option to its default value.\n"
4562 "\n"
4563 " NAME |VALUE |Description\n"
4564 " -----------------|----------|----------------------------------------------\n"
4565 " ENABLE_PINENTRY 0|1 When 0, disable use of pinentry. The default\n"
4566 " is 1.\n"
4567 "\n"
4568 " * Deprecated. Pass --pinentry to the OPEN and\n"
4569 " SAVE commands instead.\n"
4570 "\n"
4571 " PINENTRY_TIMEOUT <integer> The number of seconds before the pinentry\n"
4572 " process will terminate while waiting for a\n"
4573 " passphrase. The default is 20, 0 disables.\n"
4574 "\n"
4575 " PINENTRTY_PATH <string> Full path to the pinentry binary. The default\n"
4576 " is specified at compile time.\n"
4577 "\n"
4578 " TTYNAME <string> Same as the --ttyname option to pinentry(1).\n"
4579 "\n"
4580 " TTYTYPE <string> Same as the --ttytype option to pinentry(1).\n"
4581 "\n"
4582 " DISPLAY <string> Same as the --display option to pinentry(1).\n"
4583 "\n"
4584 " TITLE <string> Sets the title string of the pinentry dialog.\n"
4585 "\n"
4586 " PROMPT <string> Sets the prompt string of the pinentry dialog.\n"
4587 "\n"
4588 " DESC <string> Sets the error or description string of the\n"
4589 " pinentry dialog.\n"
4590 "\n"
4591 " LC_CTYPE <string> Same as the --lc-ctype option to pinentry(1).\n"
4592 "\n"
4593 " LC_MESSAGES <string> Same as the --lc-messages option to\n"
4594 " pinentry(1).\n"
4595 "\n"
4596 " NAME <string> Associates the thread ID of the connection\n"
4597 " with the specified textual representation.\n"
4598 " Useful for debugging log messages.\n"
4599 "\n"
4600 " CIPHER <string> The cipher to use for the next SAVE.\n"
4601 "\n"
4602 " * Deprecated. Use --cipher instead.\n"
4603 "\n"
4604 " ITERATIONS <integer> The number of encryption iterations to do\n"
4605 " when the SAVE command is sent. An opened file\n"
4606 " is needed when setting this option. The\n"
4607 " CONFIG status message is sent after receiving\n"
4608 " this command.\n"
4609 "\n"
4610 " * Deprecated. Use --iterations instead.\n"
4611 "\n"
4612 " LOCK_ON_OPEN 0|1 If enabled then the file mutex will be locked\n"
4613 " after a successful OPEN as if the LOCK\n"
4614 " command had been sent.\n"
4615 "\n"
4616 " * Deprecated. Use --lock instead.\n"
4617 "\n"
4618 " RC_ON_LOCKED 0|1 If enabled then return an error code instead\n"
4619 " of a status message when the file mutex is\n"
4620 " locked by another client.\n"
4621 ));
4622
4623 new_command("UNSET", TRUE, unset_command, N_(
4624 "UNSET <NAME>\n"
4625 " Resets option NAME to the value specified in the server configuration\n"
4626 " file. Some options have no default and will be reset to NULL or 0\n"
4627 " depending on the value type. See the SET command for available options.\n"
4628 ));
4629
4630 new_command("LS", TRUE, ls_command, N_(
4631 "LS\n"
4632 " Lists the contents of the configured data_directory. The result is a\n"
4633 " newline separated list of filenames.\n"
4634 ));
4635
4636 new_command("RESET", TRUE, NULL, N_(
4637 "RESET\n"
4638 " Closes the currently opened file but keeps any previously set client\n"
4639 " options.\n"
4640 ));
4641
4642 new_command("BYE", TRUE, NULL, N_(
4643 "BYE\n"
4644 " Closes the connection discarding any unsaved changes.\n"
4645 ));
4646
4647 new_command("NOP", TRUE, NULL, N_(
4648 "NOP\n"
4649 " Does nothing. Always returns successfully.\n"
4650 ));
4651
4652 /* !END-HELP-TEXT! */
4653 new_command("CANCEL", TRUE, NULL, NULL);
4654 new_command("END", TRUE, NULL, NULL);
4655
4656 gint i;
4657 for (i = 0; command_table[i]; i++);
4658 qsort(command_table, i-1, sizeof(struct command_table_s *), sort_commands);
4659 }
4660
4661 gpg_error_t register_commands(assuan_context_t ctx)
4662 {
4663 gint i = 0, rc;
4664
4665 for (; command_table[i]; i++) {
4666 if (!command_table[i]->handler)
4667 continue;
4668
4669 rc = assuan_register_command (ctx, command_table[i]->name,
4670 command_table[i]->handler);
4671
4672 if (rc)
4673 return rc;
4674 }
4675
4676 rc = assuan_register_bye_notify(ctx, bye_notify);
4677
4678 if (rc)
4679 return rc;
4680
4681 rc = assuan_register_reset_notify(ctx, reset_notify);
4682
4683 if (rc)
4684 return rc;
4685
4686 rc = assuan_register_pre_cmd_notify(ctx, command_startup);
4687
4688 if (rc)
4689 return rc;
4690
4691 return assuan_register_post_cmd_notify(ctx, command_finalize);
4692 }
4693
4694 gpg_error_t try_xml_decrypt(assuan_context_t ctx,
4695 struct crypto_s *crypto, gpointer *dst, goffset *dst_len)
4696 {
4697 goffset insize, len;
4698 struct client_s *client = ctx ? assuan_get_pointer(ctx) : NULL;
4699 guint64 iter = 0, n_iter = 0, iter_progress = 0;
4700 gulong outsize = 0;
4701 gpg_error_t rc;
4702 gsize fh_size = crypto->fh->v1 ? sizeof(crypto->fh->ver.fh1) : sizeof(crypto->fh->ver.fh2);
4703 guint64 fh_iter = crypto->fh->v1 ? crypto->fh->ver.fh1.iter : crypto->fh->ver.fh2.iter;
4704 gsize hashlen = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
4705
4706 lseek(crypto->fh->fd, fh_size, SEEK_SET);
4707 insize = crypto->fh->st.st_size - fh_size;
4708 crypto->iv = gcry_malloc(crypto->blocksize);
4709
4710 if (!crypto->iv) {
4711 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
4712 return GPG_ERR_ENOMEM;
4713 }
4714
4715 if (crypto->fh->v1)
4716 memcpy(crypto->iv, crypto->fh->ver.fh1.iv, crypto->blocksize);
4717 else
4718 memcpy(crypto->iv, crypto->fh->ver.fh2.iv, crypto->blocksize);
4719
4720 crypto->inbuf = gcry_malloc(insize);
4721
4722 if (!crypto->inbuf) {
4723 log_write("%s(%i): %s", __FILE__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
4724 return GPG_ERR_ENOMEM;
4725 }
4726
4727 crypto->insize = insize;
4728 len = pth_read(crypto->fh->fd, crypto->inbuf, crypto->insize);
4729
4730 if (len != crypto->insize)
4731 return GPG_ERR_INV_LENGTH;
4732
4733 /* No encryption iterations. This is a plain (gzipped) file. */
4734 if ((crypto->fh->v1 && (long)fh_iter < 0L) ||
4735 (!crypto->fh->v1 && fh_iter <= 0L)) {
4736 /*
4737 * cache_file_count() needs both .used == TRUE and a valid key in
4738 * order for it to count as a used cache entry. Fixes CACHE status
4739 * messages.
4740 */
4741 memset(crypto->key, '!', hashlen);
4742 goto decompress;
4743 }
4744
4745 if ((rc = gcry_cipher_setiv(crypto->gh, crypto->iv, crypto->blocksize))) {
4746 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
4747 return rc;
4748 }
4749
4750 if ((rc = gcry_cipher_setkey(crypto->gh, crypto->key, crypto->keysize))) {
4751 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
4752 return rc;
4753 }
4754
4755 iter_progress = get_key_file_uint64(client && client->filename ?
4756 client->filename : "global", "iteration_progress");
4757
4758 if (iter_progress > 0 && fh_iter >= iter_progress) {
4759 rc = send_status(ctx, STATUS_DECRYPT, "0 %llu", fh_iter);
4760
4761 if (rc)
4762 return rc;
4763 }
4764
4765 rc = iterate_crypto_once(client, crypto, STATUS_DECRYPT);
4766
4767 if (rc)
4768 return rc;
4769
4770 crypto->tkey = gcry_malloc(hashlen);
4771
4772 if (!crypto->tkey) {
4773 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(GPG_ERR_ENOMEM));
4774 return GPG_ERR_ENOMEM;
4775 }
4776
4777 memcpy(crypto->tkey, crypto->key, hashlen);
4778 guchar *tkey = crypto->tkey;
4779 tkey[0] ^= 1;
4780
4781 if ((rc = gcry_cipher_setkey(crypto->gh, crypto->tkey, crypto->keysize))) {
4782 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
4783 return rc;
4784 }
4785
4786 while (iter < (crypto->fh->v1 ? fh_iter : fh_iter-1)) {
4787 if (iter_progress > 0ULL && iter >= iter_progress) {
4788 if (!(iter % iter_progress)) {
4789 rc = send_status(ctx, STATUS_DECRYPT, "%llu %llu",
4790 ++n_iter * iter_progress, fh_iter);
4791
4792 if (rc)
4793 return rc;
4794 }
4795 }
4796
4797 if ((rc = gcry_cipher_setiv(crypto->gh, crypto->iv, crypto->blocksize))) {
4798 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
4799 return rc;
4800 }
4801
4802 rc = iterate_crypto_once(client, crypto, STATUS_DECRYPT);
4803
4804 if (rc) {
4805 log_write("%s(%i): %s", __FUNCTION__, __LINE__, pwmd_strerror(rc));
4806 return rc;
4807 }
4808
4809 iter++;
4810 }
4811
4812 if (iter_progress && fh_iter >= iter_progress) {
4813 rc = send_status(ctx, STATUS_DECRYPT, "%llu %llu", fh_iter, fh_iter);
4814
4815 if (rc)
4816 return rc;
4817 }
4818
4819 decompress:
4820 if (!crypto->fh->v1 && crypto->fh->ver.fh2.version >= 0x218) {
4821 len = 0;
4822
4823 if (crypto->fh->ver.fh2.iter > 0ULL) {
4824 if (memcmp(crypto->inbuf, crypto_magic, sizeof(crypto_magic)))
4825 return GPG_ERR_INV_PASSPHRASE;
4826
4827 len = sizeof(crypto_magic);
4828 }
4829
4830 rc = do_decompress(ctx, (guchar *)crypto->inbuf+len, crypto->insize-len,
4831 (gpointer *)&crypto->outbuf, &outsize);
4832
4833 if (rc)
4834 return rc;
4835 }
4836 else {
4837 rc = do_decompress(ctx, crypto->inbuf, crypto->insize,
4838 (gpointer *)&crypto->outbuf, &outsize);
4839
4840 if (rc == GPG_ERR_ENOMEM)
4841 return rc;
4842 else if (rc)
4843 return GPG_ERR_INV_PASSPHRASE; // Not a valid gzip header. Must be a bad key.
4844
4845 if (g_strncasecmp(crypto->outbuf, "<?xml ", 6) != 0) {
4846 gcry_free(crypto->outbuf);
4847 crypto->outbuf = NULL;
4848 return GPG_ERR_INV_PASSPHRASE;
4849 }
4850 }
4851
4852 if (ctx) {
4853 client->xml = crypto->outbuf;
4854 client->len = outsize;
4855 crypto->outbuf = NULL;
4856 }
4857 else if (dst) {
4858 *dst = crypto->outbuf;
4859 *dst_len = outsize;
4860 crypto->outbuf = NULL;
4861 }
4862
4863 /* The calling function should free the crypto struct. */
4864 return 0;
4865 }
A server for managing passphrases and anything else.