search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Check for alarm in configure.ac.
[pwmd.git] / src / pwmd.c
blob4a2da86bf7f1a7d31addbc6a0e89ceaee7cd8bcb
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2007 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <err.h>
23 #include <errno.h>
24 #include <ctype.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/un.h>
28 #include <signal.h>
29 #include <stdarg.h>
30 #include <string.h>
31 #include <sys/wait.h>
32 #include <fcntl.h>
33 #include <pwd.h>
34 #include <glib.h>
35 #include <glib/gprintf.h>
36 #include <gcrypt.h>
37 #include <sys/mman.h>
38 #include <termios.h>
39 #include <assert.h>
40
41 #ifdef HAVE_CONFIG_H
42 #include <config.h>
43 #endif
44
45 #ifdef HAVE_SETRLIMIT
46 #include <sys/time.h>
47 #include <sys/resource.h>
48 #endif
49
50 #include "xml.h"
51 #include "common.h"
52 #include "commands.h"
53 #include "pwmd_error.h"
54 #include "pwmd.h"
55
56 void send_to_client(struct client_s *client, const gchar *fmt, ...)
57 {
58 va_list ap;
59 gint n = 0;
60 gchar **p;
61
62 if (!client)
63 return;
64
65 va_start(ap, fmt);
66
67 if (client->outbuf)
68 for (p = client->outbuf, n = 0; *p; p++, n++);
69
70 if ((client->outbuf = g_realloc(client->outbuf, (n + 2) * sizeof(gchar *))) == NULL) {
71 warn("g_realloc()");
72 return;
73 }
74
75 client->outbuf[n++] = g_strdup_vprintf(fmt, ap);
76 client->outbuf[n] = NULL;
77 va_end(ap);
78 }
79
80 void send_error(struct client_s *client, int pwmd_errno)
81 {
82 send_to_client(client, "ERR %03i %s\n", pwmd_errno, pwmd_strerror(pwmd_errno));
83 }
84
85 void log_write(const gchar *fmt, ...)
86 {
87 gchar *args, *line;
88 va_list ap;
89 struct tm *tm;
90 time_t now;
91 gchar tbuf[21];
92 gint fd;
93 gint tofile = !isatty(STDOUT_FILENO);
94
95 if (!logfile || !fmt)
96 return;
97
98 if (tofile) {
99 if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
100 warn("logfile");
101 return;
102 }
103 }
104
105 va_start(ap, fmt);
106 g_vasprintf(&args, fmt, ap);
107 va_end(ap);
108
109 if (tofile) {
110 time(&now);
111 tm = localtime(&now);
112 strftime(tbuf, sizeof(tbuf), "%b %d %Y %H:%M:%S ", tm);
113 tbuf[sizeof(tbuf) - 1] = 0;
114 line = g_strdup_printf("%s %i %s\n", tbuf, getpid(), args);
115 write(fd, line, strlen(line));
116 fsync(fd);
117 close(fd);
118 g_free(line);
119 }
120 else
121 fprintf(stderr, "%s\n", args);
122
123 g_free(args);
124 }
125
126 static void cache_increment_elapsed()
127 {
128 file_cache_t f;
129 void *p;
130 glong len;
131
132 for (p = shm_data, len = 0; len <= cache_size;) {
133 memcpy(&f, p, sizeof(file_cache_t));
134
135 if (f.timeout >= 0) {
136 f.elapsed++;
137
138 if (f.elapsed >= f.when)
139 memset(&f.key, 0, sizeof(f.key));
140
141 memcpy(p, &f, sizeof(file_cache_t));
142 }
143
144 p += sizeof(file_cache_t);
145 len += sizeof(file_cache_t);
146
147 if (len + sizeof(file_cache_t) > cache_size)
148 break;
149 }
150 }
151
152 static void catchsig(gint sig)
153 {
154 gint status;
155
156 if (sig != SIGALRM)
157 log_write("caught signal %i (%s)", sig, strsignal(sig));
158
159 switch (sig) {
160 case SIGALRM:
161 cache_increment_elapsed();
162 alarm(1);
163 break;
164 case SIGCHLD:
165 waitpid(-1, &status, 0);
166 break;
167 case SIGHUP:
168 log_write("clearing file cache");
169 memset(shm_data, 0, cache_size);
170 break;
171 default:
172 quit = 1;
173 shutdown(sfd, SHUT_RDWR);
174 close(sfd);
175 break;
176 }
177 }
178
179 static void usage(gchar *pn)
180 {
181 g_printf(
182 "Usage: %s [-hv] [-f <rcfile>] [-I <filename>]\n"
183 " -f load the specified rcfile (~/.pwmdrc)\n"
184 " -I import an XML file and write the encrypted data to stdout\n"
185 " -v version\n"
186 " -h this help text\n",
187 pn);
188 exit(EXIT_SUCCESS);
189 }
190
191 gchar **split_input_line(gchar *str, gchar *delim, gint n)
192 {
193 if (!str || !*str)
194 return NULL;
195
196 return g_strsplit(str, delim, n);
197 }
198
199 static int gcry_SecureCheck(const void *ptr)
200 {
201 return 1;
202 }
203
204 static void setup_gcrypt()
205 {
206 gcry_check_version(NULL);
207
208 gcry_set_allocation_handler(xmalloc, xmalloc, gcry_SecureCheck, xrealloc,
209 xfree);
210
211 if (gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_TEST_ALGO, NULL,
212 NULL) != 0)
213 errx(EXIT_FAILURE, "AES cipher not supported");
214
215 gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_GET_KEYLEN, NULL, &gcrykeysize);
216 gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_GET_BLKLEN, NULL, &gcryblocksize);
217 }
218
219 static gint input_parser(gchar *str)
220 {
221 gchar *p, *t;
222 gchar **req = NULL;
223
224 if (str)
225 str = g_strchug(str);
226
227 if (!*str)
228 return P_OK;
229
230 while ((p = strsep(&str, "\n")) != NULL) {
231 if (g_ascii_strcasecmp(p, "QUIT") == 0)
232 return P_QUIT;
233 else if (g_ascii_strcasecmp(p, "HELP") == 0)
234 help_command(cl, NULL);
235 else if (g_ascii_strncasecmp(p, "HELP ", 5) == 0) {
236 t = p + 5;
237 t = g_strchug(t);
238 help_command(cl, t);
239 }
240 else if (g_ascii_strcasecmp(p, "LIST") == 0 ||
241 g_ascii_strncasecmp(p, "LIST ", 5) == 0) {
242 if (cl->state != STATE_OPEN)
243 send_error(cl, EPWMD_NO_FILE);
244 else
245 list_command(cl, p);
246 }
247 else if (g_ascii_strncasecmp(p, "STORE ", 6) == 0) {
248 t = p + 6;
249 t = g_strchug(t);
250
251 if (cl->state != STATE_OPEN)
252 send_error(cl, EPWMD_NO_FILE);
253 else {
254 if ((req = split_input_line(t, "\t", 0)) != NULL) {
255 if (store_command(cl, req) == TRUE)
256 send_to_client(cl, "OK \n");
257 }
258 else
259 send_error(cl, EPWMD_COMMAND_SYNTAX);
260 }
261 }
262 else if (g_ascii_strncasecmp(p, "DELETE ", 7) == 0) {
263 t = p + 7;
264
265 if (cl->state != STATE_OPEN)
266 send_error(cl, EPWMD_NO_FILE);
267 else {
268 if ((req = split_input_line(t, "\t", 0)) != NULL) {
269 if (delete_command(cl, req) == TRUE)
270 send_to_client(cl, "OK \n");
271 }
272 else
273 send_error(cl, EPWMD_COMMAND_SYNTAX);
274 }
275 }
276 else if (g_ascii_strncasecmp(p, "GET ", 4) == 0) {
277 t = p + 4;
278 t = g_strchug(t);
279
280 if (cl->state != STATE_OPEN)
281 send_error(cl, EPWMD_NO_FILE);
282 else {
283 if ((req = split_input_line(t, "\t", 0)) != NULL)
284 get_command(cl, &cl->reader, req, 0);
285 else
286 send_error(cl, EPWMD_COMMAND_SYNTAX);
287 }
288 }
289 else if (g_ascii_strncasecmp(p, "ATTR ", 5) == 0) {
290 t = p + 5;
291 t = g_strchug(t);
292
293 if (cl->state != STATE_OPEN)
294 send_error(cl, EPWMD_NO_FILE);
295 else {
296 if ((req = split_input_line(t, " ", 4)) != NULL) {
297 if (attr_command(cl, req) == TRUE)
298 send_to_client(cl, "OK \n");
299 }
300 else
301 send_error(cl, EPWMD_COMMAND_SYNTAX);
302 }
303 }
304 else if (g_ascii_strncasecmp(p, "OPEN ", 5) == 0) {
305 t = p + 5;
306 t = g_strchug(t);
307
308 if (cl->state == STATE_OPEN)
309 send_error(cl, EPWMD_FILE_OPENED);
310 else {
311 if ((req = split_input_line(t, " ", 2)) != NULL) {
312 if (open_command(cl, req) == TRUE) {
313 send_to_client(cl, "OK \n");
314 cl->state = STATE_OPEN;
315 }
316
317 /*
318 * The document has been parsed and is stored in cl->doc.
319 */
320 if (cl->xml) {
321 gcry_free(cl->xml);
322 cl->xml = NULL;
323 }
324 }
325 else
326 send_error(cl, EPWMD_COMMAND_SYNTAX);
327 }
328 }
329 else if (g_ascii_strncasecmp(p, "SAVE", 4) == 0) {
330 t = p + 4;
331
332 if (*t && *t != ' ')
333 send_error(cl, EPWMD_COMMAND_SYNTAX);
334 else {
335 t = g_strchug(t);
336
337 if (cl->state != STATE_OPEN)
338 send_error(cl, EPWMD_NO_FILE);
339 else {
340 req = split_input_line(t, " ", 1);
341
342 if (save_command(cl, cl->filename, (req) ? req[0] : NULL) == TRUE)
343 send_to_client(cl, "OK \n");
344 }
345 }
346 }
347 else if (g_ascii_strncasecmp(p, "CACHE ", 6) == 0) {
348 t = p + 6;
349 t = g_strchug(t);
350 req = split_input_line(t, " ", 0);
351
352 if (cache_command(cl, req) == TRUE)
353 send_to_client(cl, "OK \n");
354 }
355 else if (g_ascii_strncasecmp(p, "DUMP", 4) == 0) {
356 if (cl->state != STATE_OPEN)
357 send_error(cl, EPWMD_NO_FILE);
358 else {
359 if (dump_command(cl) == TRUE)
360 send_to_client(cl, "OK \n");
361 }
362 }
363 else
364 send_error(cl, EPWMD_COMMAND_SYNTAX);
365 }
366
367 if (req) {
368 g_strfreev(req);
369 req = NULL;
370 }
371
372 return P_OK;
373 }
374
375 static gboolean source_prepare(GSource *src, gint *to)
376 {
377 if (cl->gfd.revents & (G_IO_HUP|G_IO_NVAL|G_IO_ERR))
378 return TRUE;
379
380 return FALSE;
381 }
382
383 static gboolean source_check(GSource *src)
384 {
385 if (cl->gfd.revents & (G_IO_IN|G_IO_PRI))
386 return TRUE;
387
388 if (cl->outbuf && (cl->gfd.revents & (G_IO_OUT)))
389 return TRUE;
390
391 return FALSE;
392 }
393
394 static gboolean source_dispatch(GSource *src, GSourceFunc cb, gpointer data)
395 {
396 return (*cb)(data);
397 }
398
399 static gboolean source_cb(gpointer data)
400 {
401 GIOStatus ret;
402 gsize len;
403 gchar *line = NULL;
404 GError *gerror = NULL;
405 gchar **p;
406
407 if (cl->gfd.revents & (G_IO_HUP|G_IO_NVAL|G_IO_ERR))
408 goto quit;
409
410 if (cl->outbuf && (cl->gfd.revents & (G_IO_OUT))) {
411 for (p = cl->outbuf; *p; p++) {
412 ret = g_io_channel_write_chars(cl->ioc, *p, -1, &len, &gerror);
413
414 if (ret == G_IO_STATUS_NORMAL)
415 g_io_channel_flush(cl->ioc, &gerror);
416 else
417 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gerror->message);
418
419 g_clear_error(&gerror);
420
421 if (quit)
422 goto quit;
423 }
424
425 g_strfreev(cl->outbuf);
426 cl->outbuf = NULL;
427 }
428
429 if (!cl->gfd.revents & (G_IO_IN))
430 return TRUE;
431
432 ret = g_io_channel_read_line(cl->ioc, &line, &len, NULL, &gerror);
433
434 if (ret != G_IO_STATUS_NORMAL) {
435 if (ret == G_IO_STATUS_EOF)
436 goto quit;
437
438 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gerror->message);
439 g_clear_error(&gerror);
440 return TRUE;
441 }
442
443 line[g_utf8_strlen(line, -1) - 1] = 0;
444
445 switch (input_parser(line)) {
446 case P_QUIT:
447 quit:
448 if (line) {
449 memset(line, 0, len);
450 g_free(line);
451 }
452
453 g_clear_error(&gerror);
454
455 if (cl->xml)
456 gcry_free(cl->xml);
457
458 if (cl->gh)
459 gcry_cipher_close(cl->gh);
460
461 if (cl->doc)
462 xmlFreeDoc(cl->doc);
463
464 if (cl->reader)
465 xmlFreeTextReader(cl->reader);
466
467 if (cl->outbuf)
468 g_free(cl->outbuf);
469
470 if (cl->filename)
471 g_free(cl->filename);
472
473 #if 0
474 if (memlist)
475 g_slist_free(memlist);
476 #endif
477
478 g_main_loop_unref(gloop);
479 g_main_loop_quit(gloop);
480 return FALSE;
481 default:
482 break;
483 }
484
485 memset(line, 0, len);
486 g_free(line);
487 return TRUE;
488 }
489
490 static struct memlist_s *memlist_remove(struct memlist_s *list, struct memlist_s *r)
491 {
492 struct memlist_s *m, *last = NULL, *p;
493
494 for (m = list; m; m = m->next) {
495 if (m->ptr == r->ptr) {
496 memset(m->ptr, 0, m->size);
497 free(m->ptr);
498 p = m->next;
499 free(m);
500
501 if (last) {
502 if (p)
503 last->next = p;
504 else
505 last->next = NULL;
506 }
507 else if (p)
508 list = p;
509 else
510 list = NULL;
511
512 break;
513 }
514
515 last = m;
516 }
517
518 return list;
519 }
520
521 static struct memlist_s *memlist_append(struct memlist_s *list, struct memlist_s *new)
522 {
523 struct memlist_s *m;
524
525 if (!list) {
526 list = new;
527 list->next = NULL;
528 return list;
529 }
530
531 for (m = list; m; m = m->next) {
532 if (!m->next) {
533 m->next = new;
534 m = m->next;
535 m->next = NULL;
536 break;
537 }
538 }
539
540 return list;
541 }
542
543 void xfree(void *ptr)
544 {
545 struct memlist_s *m;
546
547 if (!ptr)
548 return;
549
550 for (m = memlist; m; m = m->next) {
551 if (m->ptr == ptr) {
552 #ifdef DEBUG
553 fprintf(stderr, "xfree(): %p %i\n", ptr, m->size);
554 #endif
555 memlist = memlist_remove(memlist, m);
556 return;
557 }
558 }
559
560 warnx("xfree(): %p not found", ptr);
561 assert(0);
562 }
563
564 void *xmalloc(size_t size)
565 {
566 void *p;
567 struct memlist_s *new;
568
569 if (size <= 0)
570 return NULL;
571
572 if ((new = malloc(sizeof(struct memlist_s))) == NULL)
573 return NULL;
574
575 if ((p = malloc(size)) == NULL) {
576 free(new);
577 return NULL;
578 }
579
580 new->ptr = p;
581 new->size = size;
582 memlist = memlist_append(memlist, new);
583 #ifdef DEBUG
584 fprintf(stderr, "xmalloc(): %p %i\n", p, size);
585 #endif
586 return new->ptr;
587 }
588
589 void *xcalloc(size_t nmemb, size_t size)
590 {
591 void *p;
592 struct memlist_s *new;
593
594 if (size <= 0)
595 return NULL;
596
597 if ((new = malloc(sizeof(struct memlist_s))) == NULL)
598 return NULL;
599
600 if ((p = calloc(nmemb, size)) == NULL) {
601 free(new);
602 return NULL;
603 }
604
605 new->ptr = p;
606 new->size = size;
607 memlist = memlist_append(memlist, new);
608 #ifdef DEBUG
609 fprintf(stderr, "xcalloc(): %p %i\n", p, size);
610 #endif
611 return new->ptr;
612 }
613
614 void *xrealloc(void *ptr, size_t size)
615 {
616 void *new;
617 struct memlist_s *m;
618
619 if (!ptr)
620 return xmalloc(size);
621
622 if (size <= 0)
623 return ptr;
624
625 for (m = memlist; m; m = m->next) {
626 if (m->ptr == ptr) {
627 if ((new = malloc(size)) == NULL)
628 return NULL;
629
630 memcpy(new, m->ptr, (size < m->size) ? size : m->size);
631 memset(m->ptr, 0, m->size);
632 free(m->ptr);
633 m->ptr = new;
634 m->size = size;
635 #ifdef DEBUG
636 fprintf(stderr, "xrealloc(): %p %i\n", new, size);
637 #endif
638 return m->ptr;
639 }
640 }
641
642 warnx("xrealloc(): %p not found", ptr);
643 assert(0);
644 return NULL;
645 }
646
647 char *xstrdup(const char *str)
648 {
649 char *new;
650 size_t len;
651 const char *p;
652 char *np;
653
654 if (!str)
655 return NULL;
656
657 len = strlen(str) + 1;
658
659 if ((new = xmalloc(len * sizeof(char))) == NULL)
660 return NULL;
661
662 for (p = str, np = new; *p; p++)
663 *np++ = *p;
664
665 *np = 0;
666 #ifdef DEBUG
667 fprintf(stderr, "xstrdup(): %p\n", new);
668 #endif
669 return new;
670 }
671
672 /*
673 * Called every time a connection is made.
674 */
675 static void doit(int fd)
676 {
677 static GSourceFuncs gsrcf = {
678 source_prepare, source_check, source_dispatch, NULL, 0, 0
679 };
680 GPollFD gfd = { fd, G_IO_IN|G_IO_OUT|G_IO_HUP|G_IO_ERR, 0 };
681 GMemVTable mtable = { xmalloc, xrealloc, xfree, xcalloc, NULL, NULL };
682
683 signal(SIGCHLD, SIG_DFL);
684 signal(SIGHUP, SIG_DFL);
685 signal(SIGINT, SIG_DFL);
686 signal(SIGALRM, SIG_DFL);
687 g_mem_set_vtable(&mtable);
688
689 #ifdef HAVE_MLOCKALL
690 if (use_mlock && mlockall(MCL_FUTURE) == -1) {
691 log_write("mlockall(): %s", strerror(errno));
692 exit(EXIT_FAILURE);
693 }
694 #endif
695
696 gloop = g_main_loop_new(NULL, TRUE);
697 cl = g_malloc0(sizeof(struct client_s));
698 cl->src = g_source_new(&gsrcf, sizeof(GSource));
699 cl->gfd = gfd;
700 cl->state = STATE_CONNECTED;
701 cl->ioc = g_io_channel_unix_new(fd);
702 g_source_add_poll(cl->src, &cl->gfd);
703 g_source_set_callback(cl->src, source_cb, NULL, NULL);
704 g_source_attach(cl->src, NULL);
705
706 xmlMemSetup(xfree, xmalloc, xrealloc, xstrdup);
707 xmlInitMemory();
708
709 if ((gcryerrno = gcry_cipher_open(&cl->gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0))) {
710 send_to_client(cl, "ERR %03i gcrypt: %s\n", EPWMD_ERROR, gcry_strerror(gcryerrno));
711 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
712 quit = 1;
713 }
714 else
715 // FIXME 100% CPU if removed (poll()).
716 send_to_client(cl, "OK \n");
717
718 g_main_loop_run(gloop);
719 g_io_channel_unref(cl->ioc);
720 g_free(cl);
721 shutdown(fd, SHUT_RDWR);
722 log_write("exiting");
723 _exit(EXIT_SUCCESS);
724 }
725
726 static void set_rcfile_defaults(GKeyFile *kf)
727 {
728 gchar buf[PATH_MAX];
729
730 snprintf(buf, sizeof(buf), "~/.pwmd/socket");
731 g_key_file_set_string(kf, "default", "socket_path", buf);
732 snprintf(buf, sizeof(buf), "~/.pwmd");
733 g_key_file_set_string(kf, "default", "data_directory", buf);
734 snprintf(buf, sizeof(buf), "~/.pwmd/.log");
735 g_key_file_set_string(kf, "default", "log_path", buf);
736 g_key_file_set_boolean(kf, "default", "enable_logging", FALSE);
737 g_key_file_set_integer(kf, "default", "cache_size", cache_size);
738 g_key_file_set_boolean(kf, "default", "disable_mlockall", FALSE);
739 g_key_file_set_integer(kf, "default", "cache_timeout", -1);
740 g_key_file_set_integer(kf, "default", "iterations", 0);
741 }
742
743 static GKeyFile *parse_rcfile(const gchar *filename)
744 {
745 GKeyFile *kf = g_key_file_new();
746 GError *error = NULL;
747
748 if (g_key_file_load_from_file(kf, filename, G_KEY_FILE_NONE, &error) == FALSE) {
749 if (error->code == G_FILE_ERROR_NOENT) {
750 g_clear_error(&error);
751 set_rcfile_defaults(kf);
752 return kf;
753 }
754 else {
755 warnx("%s: %s", filename, error->message);
756 g_clear_error(&error);
757 return NULL;
758 }
759 }
760
761 return kf;
762 }
763
764 static gboolean try_xml_decrypt(gint fd, struct stat st, guchar *key)
765 {
766 guchar *iv;
767 void *inbuf;
768 gcry_cipher_hd_t gh;
769 gsize insize;
770 guchar tkey[gcrykeysize];
771 gint iter;
772 struct file_header_s {
773 guint iter;
774 guchar iv[gcryblocksize];
775 } file_header;
776
777 if ((gcryerrno = gcry_cipher_open(&gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0))) {
778 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
779 return FALSE;
780 }
781
782 lseek(fd, 0, SEEK_SET);
783 insize = st.st_size - sizeof(struct file_header_s);
784 iv = gcry_malloc(gcryblocksize);
785 read(fd, &file_header, sizeof(struct file_header_s));
786 memcpy(iv, &file_header.iv, sizeof(file_header.iv));
787 inbuf = gcry_malloc(insize);
788 read(fd, inbuf, insize);
789 memcpy(tkey, key, sizeof(tkey));
790 tkey[0] ^= 1;
791
792 if ((gcryerrno = gcry_cipher_setiv(gh, iv, gcryblocksize))) {
793 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
794 gcry_cipher_close(gh);
795 gcry_free(inbuf);
796 gcry_free(iv);
797 return FALSE;
798 }
799
800 if ((gcryerrno = gcry_cipher_setkey(gh, key, gcrykeysize))) {
801 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
802 gcry_cipher_close(gh);
803 gcry_free(inbuf);
804 gcry_free(iv);
805 return FALSE;
806 }
807
808 if (decrypt_xml(gh, inbuf, insize, NULL, 0) == FALSE) {
809 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
810 gcry_cipher_close(gh);
811 gcry_free(inbuf);
812 gcry_free(iv);
813 return FALSE;
814 }
815
816 if ((gcryerrno = gcry_cipher_setkey(gh, tkey, gcrykeysize))) {
817 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
818 gcry_cipher_close(gh);
819 gcry_free(inbuf);
820 gcry_free(iv);
821 return FALSE;
822 }
823
824 iter = file_header.iter;
825
826 while (iter-- > 0) {
827 if ((gcryerrno = gcry_cipher_setiv(gh, iv, gcryblocksize))) {
828 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
829 gcry_cipher_close(gh);
830 gcry_free(inbuf);
831 gcry_free(iv);
832 return FALSE;
833 }
834
835 if (decrypt_xml(gh, inbuf, insize, NULL, 0) == FALSE) {
836 warnx("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
837 gcry_cipher_close(gh);
838 gcry_free(inbuf);
839 gcry_free(iv);
840 return FALSE;
841 }
842 }
843
844 gcry_cipher_close(gh);
845 gcry_free(iv);
846
847 if (g_strncasecmp(inbuf, "<?xml version=\"1.0\"?>", 21) != 0) {
848 gcry_free(inbuf);
849 return FALSE;
850 }
851
852 gcry_free(inbuf);
853 return TRUE;
854 }
855
856 static gchar *get_password(const gchar *prompt)
857 {
858 gchar buf[LINE_MAX], *p;
859 struct termios told, tnew;
860 gchar *key;
861
862 if (tcgetattr(STDIN_FILENO, &told) == -1)
863 err(EXIT_FAILURE, "tcgetattr()");
864
865 memcpy(&tnew, &told, sizeof(struct termios));
866 tnew.c_lflag &= ~(ECHO);
867 tnew.c_lflag |= ICANON|ECHONL;
868
869 if (tcsetattr(STDIN_FILENO, TCSANOW, &tnew) == -1) {
870 tcsetattr(STDIN_FILENO, TCSANOW, &told);
871 err(EXIT_FAILURE, "tcsetattr()");
872 }
873
874 fprintf(stderr, "%s", prompt);
875
876 if ((p = fgets(buf, sizeof(buf), stdin)) == NULL) {
877 tcsetattr(STDIN_FILENO, TCSANOW, &told);
878 return NULL;
879 }
880
881 tcsetattr(STDIN_FILENO, TCSANOW, &told);
882 p[strlen(p) - 1] = 0;
883
884 if (!p || !*p)
885 return NULL;
886
887 key = gcry_malloc(strlen(p) + 1);
888 sprintf(key, "%s", p);
889 return key;
890 }
891
892 static gboolean get_input(const gchar *filename, guchar *key)
893 {
894 gint fd;
895 struct stat st;
896 int try = 0;
897 gchar *password;
898 gchar *prompt;
899
900 if ((fd = open_file(filename, &st)) == -1) {
901 warn("%s", filename);
902 return FALSE;
903 }
904
905 if (st.st_size == 0) {
906 fprintf(stderr, "Skipping empty file '%s'.\n", filename);
907 close(fd);
908 return FALSE;
909 }
910
911 if ((prompt = xmalloc(strlen(filename) + strlen("Password for '") + 4)) == NULL) {
912 close(fd);
913 warn("malloc()");
914 return FALSE;
915 }
916
917 sprintf(prompt, "Password for '%s': ", filename);
918
919 again:
920 if ((password = get_password(prompt)) == NULL) {
921 fprintf(stderr, "Skipping.\n");
922 close(fd);
923 xfree(prompt);
924 return FALSE;
925 }
926
927 gcry_md_hash_buffer(GCRY_MD_SHA256, key, password, strlen(password));
928 xfree(password);
929
930 if (try_xml_decrypt(fd, st, key) == FALSE) {
931 if (try++ == 2) {
932 fprintf(stderr, "Invalid password. Skipping file.\n");
933 close(fd);
934 xfree(prompt);
935 return FALSE;
936 }
937 else {
938 fprintf(stderr, "Invalid password.\n");
939 goto again;
940 }
941 }
942
943 close(fd);
944 xfree(prompt);
945 return TRUE;
946 }
947
948 gint cache_file_count()
949 {
950 void *p;
951 gint n = 0;
952 glong len;
953 file_cache_t f;
954
955 for (p = shm_data, len = 0; len <= cache_size;) {
956 memcpy(&f, p, sizeof(file_cache_t));
957
958 if (f.used == TRUE)
959 n++;
960
961 p += sizeof(file_cache_t);
962 len += sizeof(file_cache_t);
963
964 if (len + sizeof(file_cache_t) > cache_size)
965 break;
966 }
967
968 return n;
969 }
970
971 gboolean cache_add_file(const guchar *md5file, const guchar *shakey)
972 {
973 void *p;
974 file_cache_t f;
975 gint nfiles = cache_file_count();
976 glong len;
977
978 /*
979 * Make sure there is enough secure memory.
980 */
981 if (!md5file || (nfiles + 1) * sizeof(file_cache_t) > cache_size)
982 return FALSE;
983
984 /*
985 * Find the first available "slot".
986 */
987 for (p = shm_data, len = 0; len <= cache_size;) {
988 memcpy(&f, p, sizeof(file_cache_t));
989
990 if (f.used == FALSE) {
991 memcpy(&f.filename, md5file, sizeof(f.filename));
992
993 if (shakey)
994 memcpy(&f.key, shakey, sizeof(f.key));
995
996 f.used = TRUE;
997 f.elapsed = f.when = 0;
998 f.timeout = -1;
999 memcpy(p, &f, sizeof(file_cache_t));
1000 return TRUE;
1001 }
1002
1003 p += sizeof(file_cache_t);
1004 len += sizeof(file_cache_t);
1005
1006 if (len + sizeof(file_cache_t) > cache_size)
1007 break;
1008 }
1009
1010 return FALSE;
1011 }
1012
1013 static gboolean xml_import(const gchar *filename, gint iter)
1014 {
1015 xmlDocPtr doc;
1016 gint fd;
1017 struct stat st;
1018 int len;
1019 xmlChar *xmlbuf;
1020 xmlChar *xml;
1021 gchar *key = NULL;
1022 gchar *key2 = NULL;
1023 guchar shakey[gcrykeysize];
1024 gcry_cipher_hd_t gh;
1025
1026 #ifdef HAVE_MLOCKALL
1027 if (use_mlock && mlockall(MCL_FUTURE) == -1)
1028 err(EXIT_FAILURE, "mlockall()");
1029 #endif
1030
1031 if (stat(filename, &st) == -1) {
1032 warn("%s", filename);
1033 return FALSE;
1034 }
1035
1036 xmlMemSetup(xfree, xmalloc, xrealloc, xstrdup);
1037 xmlInitMemory();
1038
1039 if ((gcryerrno = gcry_cipher_open(&gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0))) {
1040 send_to_client(NULL, "ERR %03i gcrypt: %s\n", EPWMD_ERROR, gcry_strerror(gcryerrno));
1041 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(gcryerrno));
1042 return FALSE;
1043 }
1044
1045 if ((key = get_password("New password: ")) == NULL) {
1046 fprintf(stderr, "Invalid password.\n");
1047 return FALSE;
1048 }
1049
1050 if ((key2 = get_password("Verify password: ")) == NULL) {
1051 fprintf(stderr, "Passwords do not match.\n");
1052 gcry_free(key);
1053 return FALSE;
1054 }
1055
1056 if (strcmp(key, key2) != 0) {
1057 fprintf(stderr, "Passwords do not match.\n");
1058 gcry_free(key);
1059 gcry_free(key2);
1060 return FALSE;
1061 }
1062
1063 gcry_free(key2);
1064
1065 if ((fd = open(filename, O_RDONLY)) == -1) {
1066 gcry_free(key);
1067 warn("%s", filename);
1068 return FALSE;
1069 }
1070
1071 if ((xmlbuf = gcry_malloc(st.st_size+1)) == NULL) {
1072 gcry_free(key);
1073 close(fd);
1074 warnx("gcry_malloc() failed");
1075 return FALSE;
1076 }
1077
1078 read(fd, xmlbuf, st.st_size);
1079 close(fd);
1080 xmlbuf[st.st_size] = 0;
1081
1082 /*
1083 * Make sure the document validates.
1084 */
1085 if ((doc = xmlReadDoc(xmlbuf, NULL, "UTF-8", XML_PARSE_NOBLANKS)) == NULL) {
1086 warnx("xmlReadDoc() failed");
1087 close(fd);
1088 gcry_free(key);
1089 gcry_free(xmlbuf);
1090 return FALSE;
1091 }
1092
1093 gcry_free(xmlbuf);
1094 xmlDocDumpMemory(doc, &xml, &len);
1095 xmlFreeDoc(doc);
1096 gcry_md_hash_buffer(GCRY_MD_SHA256, shakey, key, strlen(key));
1097 gcry_free(key);
1098
1099 if (do_xml_encrypt(NULL, gh, NULL, xml, len, shakey, iter) == FALSE) {
1100 memset(shakey, 0, sizeof(shakey));
1101 xmlFree(xml);
1102 return FALSE;
1103 }
1104
1105 memset(shakey, 0, sizeof(shakey));
1106 xmlFree(xml);
1107 return TRUE;
1108 }
1109
1110 gint get_key_file_integer(const gchar *section, const gchar *what)
1111 {
1112 gint val = -1;
1113 GError *gerror = NULL;
1114
1115 if (g_key_file_has_key(keyfileh, section, what, NULL) == TRUE) {
1116 val = g_key_file_get_integer(keyfileh, section, what, &gerror);
1117
1118 if (gerror) {
1119 log_write("%s(%i): %s", __FILE__, __LINE__, gerror->message);
1120 g_clear_error(&gerror);
1121 }
1122 }
1123 else {
1124 if (g_key_file_has_key(keyfileh, "default", what, NULL) == TRUE) {
1125 val = g_key_file_get_integer(keyfileh, "default", what, &gerror);
1126
1127 if (gerror) {
1128 log_write("%s(%i): %s", __FILE__, __LINE__, gerror->message);
1129 g_clear_error(&gerror);
1130 }
1131 }
1132 }
1133
1134 return val;
1135 }
1136
1137 int main(int argc, char *argv[])
1138 {
1139 gint opt;
1140 struct sockaddr_un addr;
1141 struct passwd *pw = getpwuid(getuid());
1142 gchar buf[PATH_MAX];
1143 gchar *socketpath = NULL, *socketdir, *socketname = NULL;
1144 gchar *socketarg = NULL;
1145 gchar *datadir = NULL;
1146 gint fd;
1147 gboolean n;
1148 gchar *p;
1149 gchar **cache_push = NULL;
1150 gchar *rcfile;
1151 gint iter = 0;
1152 gchar *import = NULL;
1153 gint default_timeout;
1154 #ifndef DEBUG
1155 #ifdef HAVE_SETRLIMIT
1156 struct rlimit rl;
1157
1158 rl.rlim_cur = rl.rlim_max = 0;
1159
1160 if (setrlimit(RLIMIT_CORE, &rl) != 0)
1161 err(EXIT_FAILURE, "setrlimit()");
1162 #endif
1163 #endif
1164
1165 rcfile = g_strdup_printf("%s/.pwmdrc", pw->pw_dir);
1166
1167 if ((page_size = sysconf(_SC_PAGESIZE)) == -1)
1168 err(EXIT_FAILURE, "sysconf()");
1169
1170 cache_size = page_size;
1171
1172 #ifdef HAVE_MLOCKALL
1173 /*
1174 * Default to using mlockall().
1175 */
1176 use_mlock = 1;
1177 #endif
1178
1179 while ((opt = getopt(argc, argv, "I:hvf:")) != EOF) {
1180 switch (opt) {
1181 case 'I':
1182 import = optarg;
1183 break;
1184 case 'f':
1185 g_free(rcfile);
1186 rcfile = g_strdup(optarg);
1187 break;
1188 case 'v':
1189 printf("%s\n%s\n", PACKAGE_STRING, PACKAGE_BUGREPORT);
1190 exit(EXIT_SUCCESS);
1191 case 'h':
1192 default:
1193 usage(argv[0]);
1194 }
1195 }
1196
1197 if ((keyfileh = parse_rcfile(rcfile)) == NULL)
1198 exit(EXIT_FAILURE);
1199
1200 g_key_file_set_list_separator(keyfileh, ',');
1201
1202 if ((p = g_key_file_get_string(keyfileh, "default", "socket_path", NULL)) == NULL)
1203 errx(EXIT_FAILURE, "%s: socket_path not defined", rcfile);
1204
1205 if (*p == '~') {
1206 p++;
1207 snprintf(buf, sizeof(buf), "%s%s", g_get_home_dir(), p--);
1208 g_free(p);
1209 socketarg = g_strdup(buf);
1210 }
1211 else
1212 socketarg = p;
1213
1214 if ((p = g_key_file_get_string(keyfileh, "default", "data_directory", NULL)) == NULL)
1215 errx(EXIT_FAILURE, "%s: data_directory not defined", rcfile);
1216
1217 if (*p == '~') {
1218 p++;
1219 snprintf(buf, sizeof(buf), "%s%s", g_get_home_dir(), p--);
1220 g_free(p);
1221 datadir = g_strdup(buf);
1222 }
1223 else
1224 datadir = p;
1225
1226 if (g_key_file_has_key(keyfileh, "default", "cache_timeout", NULL) == TRUE)
1227 default_timeout = g_key_file_get_integer(keyfileh, "default", "cache_timeout", NULL);
1228 else
1229 default_timeout = -1;
1230
1231 if (g_key_file_has_key(keyfileh, "default", "cache_size", NULL) == TRUE) {
1232 cache_size = g_key_file_get_integer(keyfileh, "default", "cache_size", NULL);
1233
1234 if (cache_size < page_size || cache_size % page_size)
1235 errx(EXIT_FAILURE, "cache size must be in multiples of %li.", page_size);
1236 }
1237
1238 if (g_key_file_has_key(keyfileh, "default", "iterations", NULL) == TRUE)
1239 iter = g_key_file_get_integer(keyfileh, "default", "iterations", NULL);
1240
1241 #ifdef HAVE_MLOCKALL
1242 if (g_key_file_has_key(keyfileh, "default", "disable_mlockall", NULL) == TRUE)
1243 use_mlock = g_key_file_get_integer(keyfileh, "default", "disable_mlockall", NULL);
1244 #endif
1245
1246 if (g_key_file_has_key(keyfileh, "default", "log_path", NULL) == TRUE) {
1247 if (g_key_file_has_key(keyfileh, "default", "enable_logging", NULL) == TRUE) {
1248 n = g_key_file_get_boolean(keyfileh, "default", "enable_logging", NULL);
1249
1250 if (n == TRUE) {
1251 p = g_key_file_get_string(keyfileh, "default", "log_path", NULL);
1252
1253 if (*p == '~') {
1254 p++;
1255 snprintf(buf, sizeof(buf), "%s%s", g_get_home_dir(), p--);
1256 g_free(p);
1257 logfile = g_strdup(buf);
1258 }
1259 else
1260 logfile = p;
1261 }
1262 }
1263 }
1264
1265 if (g_key_file_has_key(keyfileh, "default", "cache_push", NULL) == TRUE)
1266 cache_push = g_key_file_get_string_list(keyfileh, "default", "cache_push", NULL, NULL);
1267
1268 if (strchr(socketarg, '/') == NULL) {
1269 socketdir = g_get_current_dir();
1270 socketname = g_strdup(socketarg);
1271 socketpath = g_strdup_printf("%s/%s", socketdir, socketname);
1272 }
1273 else {
1274 socketname = g_strdup(strrchr(socketarg, '/'));
1275 socketname++;
1276 socketarg[strlen(socketarg) - strlen(socketname) -1] = 0;
1277 socketdir = g_strdup(socketarg);
1278 socketpath = g_strdup_printf("%s/%s", socketdir, socketname);
1279 }
1280
1281 snprintf(buf, sizeof(buf), "%s", datadir);
1282
1283 if (mkdir(buf, 0700) == -1 && errno != EEXIST)
1284 err(EXIT_FAILURE, "%s", buf);
1285
1286 #ifdef MMAP_ANONYMOUS_SHARED
1287 if ((shm_data = mmap(NULL, cache_size, PROT_READ|PROT_WRITE,
1288 MAP_SHARED|MAP_ANONYMOUS, -1, 0)) == NULL) {
1289 err(EXIT_FAILURE, "mmap()");
1290 }
1291 #else
1292 snprintf(buf, sizeof(buf), "pwmd.%i", pw->pw_uid);
1293
1294 if ((fd = shm_open(buf, O_CREAT|O_RDWR|O_EXCL, 0600)) == -1)
1295 err(EXIT_FAILURE, "shm_open(): %s", buf);
1296
1297 /*
1298 * Should be enough for the file cache.
1299 */
1300 if (ftruncate(fd, cache_size) == -1)
1301 err(EXIT_FAILURE, "ftruncate()");
1302
1303 if ((shm_data = mmap(NULL, cache_size, PROT_READ|PROT_WRITE, MAP_SHARED,
1304 fd, 0)) == NULL) {
1305 shm_unlink(buf);
1306 err(EXIT_FAILURE, "mmap()");
1307 }
1308
1309 close(fd);
1310 #endif
1311
1312 if (mlock(shm_data, cache_size) == -1)
1313 warn("mlock()");
1314
1315 memset(shm_data, 0, cache_size);
1316 setup_gcrypt();
1317
1318 if (import) {
1319 opt = xml_import(import, iter);
1320 g_free(socketpath);
1321
1322 if (munmap(shm_data, cache_size) == -1)
1323 log_write("munmap(): %s", strerror(errno));
1324
1325 #ifndef MMAP_ANONYMOUS_SHARED
1326 if (shm_unlink(buf) == -1)
1327 log_write("shm_unlink(): %s: %s", buf, strerror(errno));
1328 #endif
1329
1330 exit((opt) == FALSE ? EXIT_FAILURE : EXIT_SUCCESS);
1331 }
1332
1333 /*
1334 * bind() doesn't like the full pathname of the socket or any non alphanum
1335 * characters so change to the directory where the socket is wanted then
1336 * create it then change to datadir.
1337 */
1338 if (chdir(socketdir))
1339 err(EXIT_FAILURE, "%s", socketdir);
1340
1341 g_free(socketdir);
1342
1343 if ((sfd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
1344 err(EXIT_FAILURE, "socket()");
1345
1346 addr.sun_family = AF_UNIX;
1347 snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", socketname);
1348 g_free(--socketname);
1349
1350 if (bind(sfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) == -1)
1351 err(EXIT_FAILURE, "bind()");
1352
1353 if (chdir(datadir)) {
1354 close(sfd);
1355 unlink(socketpath);
1356 err(EXIT_FAILURE, "%s", datadir);
1357 }
1358
1359 g_free(datadir);
1360
1361 /*
1362 * Set the cache entry for a file. Prompts for the password.
1363 */
1364 if (cache_push) {
1365 guchar *md5file;
1366 guchar *key;
1367 gint timeout = default_timeout;
1368
1369 for (opt = 0; cache_push[opt]; opt++) {
1370 p = cache_push[opt];
1371
1372 while (isspace(*p))
1373 p++;
1374
1375 if (!*p)
1376 continue;
1377
1378 md5file = gcry_malloc(16);
1379 key = gcry_malloc(gcrykeysize);
1380 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, p, strlen(p));
1381
1382 if (access(p, R_OK|W_OK) != 0) {
1383 if (errno != ENOENT) {
1384 unlink(socketpath);
1385 err(EXIT_FAILURE, "%s", p);
1386 }
1387
1388 warn("%s", p);
1389 continue;
1390 }
1391
1392 if (get_input(p, key) == FALSE) {
1393 gcry_free(key);
1394 gcry_free(md5file);
1395 continue;
1396 }
1397
1398 if (cache_add_file(md5file, key) == FALSE) {
1399 gcry_free(key);
1400 errx(EXIT_FAILURE, "%s: couldn't add file (cache_size?)", p);
1401 }
1402
1403 timeout = get_key_file_integer(p, "cache_timeout");
1404 cache_set_timeout(md5file, timeout);
1405 fprintf(stderr, "Added.\n");
1406 gcry_free(key);
1407 gcry_free(md5file);
1408 }
1409
1410 g_strfreev(cache_push);
1411 fprintf(stderr, "Done! Daemonizing...\n");
1412 }
1413
1414 //g_key_file_free(kf);
1415 g_free(rcfile);
1416
1417 if (listen(sfd, 0) == -1)
1418 err(EXIT_FAILURE, "listen()");
1419
1420 signal(SIGCHLD, catchsig);
1421 signal(SIGTERM, catchsig);
1422 signal(SIGINT, catchsig);
1423 signal(SIGHUP, catchsig);
1424 signal(SIGALRM, catchsig);
1425 alarm(1);
1426
1427 #ifndef DEBUG
1428 close(0);
1429 close(1);
1430 close(2);
1431 #endif
1432
1433 log_write("%s starting: %li slots available", PACKAGE_STRING, cache_size / sizeof(file_cache_t));
1434
1435 while (!quit) {
1436 socklen_t slen = sizeof(struct sockaddr_un);
1437 struct sockaddr_un raddr;
1438 pid_t pid;
1439
1440 if ((fd = accept(sfd, (struct sockaddr_un *)&raddr, &slen)) == -1) {
1441 if (errno == EAGAIN)
1442 continue;
1443
1444 if (!quit)
1445 log_write("accept(): %s", strerror(errno));
1446
1447 continue;
1448 }
1449
1450 switch ((pid = fork())) {
1451 case -1:
1452 log_write("fork(): %s", strerror(errno));
1453 break;
1454 case 0:
1455 doit(fd);
1456 break;
1457 default:
1458 break;
1459 }
1460
1461 log_write("new connection: fd=%i, pid=%i", fd, pid);
1462 }
1463
1464 unlink(socketpath);
1465 g_free(socketpath);
1466
1467 if (munmap(shm_data, cache_size) == -1)
1468 log_write("munmap(): %s", strerror(errno));
1469
1470 #ifndef MMAP_ANONYMOUS_SHARED
1471 if (shm_unlink(buf) == -1)
1472 log_write("shm_unlink(): %s: %s", buf, strerror(errno));
1473 #endif
1474
1475 log_write("pwmd exiting normally");
1476 exit(EXIT_SUCCESS);
1477 }
A server for managing passphrases and anything else.