search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
If the client thread terminates while a pinentry is running, terminate
[pwmd.git] / src / pwmd.c
blob680f58afa7eab2d318c139d0a0d67ad4140533d2
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
18 */
19 #ifdef HAVE_CONFIG_H
20 #include <config.h>
21 #endif
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <unistd.h>
26 #include <err.h>
27 #include <errno.h>
28 #include <ctype.h>
29 #include <string.h>
30 #include <sys/un.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/wait.h>
35 #include <fcntl.h>
36 #include <pwd.h>
37 #include <glib.h>
38 #include <glib/gprintf.h>
39 #include <sys/mman.h>
40 #include <termios.h>
41 #include <assert.h>
42 #include <syslog.h>
43 #include <zlib.h>
44 #include <gcrypt.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47 #include <netdb.h>
48 #include <sys/time.h>
49 #include <sys/resource.h>
50
51 #ifdef TM_IN_SYS_TIME
52 #include <sys/time.h>
53 #else
54 #include <time.h>
55 #endif
56
57 #include "mem.h"
58 #include "xml.h"
59 #include "common.h"
60
61 #ifdef WITH_PINENTRY
62 #include "pinentry.h"
63 #endif
64
65 #ifdef WITH_GNUTLS
66 #include "tls.h"
67 #endif
68 #include "commands.h"
69 #include "pwmd_error.h"
70 #include "cache.h"
71 #include "misc.h"
72 #include "pwmd.h"
73 #include "lock.h"
74
75 GCRY_THREAD_OPTION_PTHREAD_IMPL;
76
77 static void clear_rcfile_keys()
78 {
79 gsize n;
80 gchar **groups;
81 gchar **p;
82
83 groups = g_key_file_get_groups(keyfileh, &n);
84
85 for (p = groups; *p; p++) {
86 GError *rc = NULL;
87
88 if (g_key_file_has_key(keyfileh, *p, "key", &rc) == TRUE)
89 g_key_file_set_string(keyfileh, *p, "key", "");
90 }
91
92 g_strfreev(groups);
93 }
94
95 static void reload_rcfile()
96 {
97 gboolean b = disable_list_and_dump;
98 GKeyFile *k;
99
100 log_write(N_("reloading configuration file '%s'"), rcfile);
101 k = parse_rcfile(FALSE);
102
103 if (!k)
104 return;
105
106 g_key_file_free(keyfileh);
107 keyfileh = k;
108 parse_rcfile_keys();
109 clear_rcfile_keys();
110 disable_list_and_dump = b;
111 #ifdef WITH_GNUTLS
112 startStopTcp(FALSE);
113 #endif
114 startStopKeepAlive(FALSE);
115 send_status_all(STATUS_CONFIG);
116 }
117
118 gpg_error_t send_syserror(assuan_context_t ctx, gint e)
119 {
120 gpg_error_t n = gpg_error_from_errno(e);
121
122 return assuan_process_done(ctx, assuan_set_error(ctx, n, gpg_strerror(n)));
123 }
124
125 gpg_error_t send_error(assuan_context_t ctx, gpg_error_t e)
126 {
127 gpg_err_code_t n = gpg_err_code(e);
128 gpg_error_t code = gpg_err_make(PWMD_ERR_SOURCE, n);
129 struct client_s *client = assuan_get_pointer(ctx);
130
131 if (!e)
132 return assuan_process_done(ctx, 0);
133
134 if (!ctx) {
135 log_write("%s", pwmd_strerror(e));
136 return e;
137 }
138
139 if (n == EPWMD_LIBXML_ERROR) {
140 xmlErrorPtr xe = client->xml_error;
141
142 if (!xe)
143 xe = xmlGetLastError();
144
145 e = assuan_process_done(ctx, assuan_set_error(ctx, code, xe->message));
146 log_write("%s", xe->message);
147
148 if (xe == client->xml_error)
149 xmlResetError(xe);
150 else
151 xmlResetLastError();
152
153 client->xml_error = NULL;
154 return e;
155 }
156
157 return assuan_process_done(ctx, assuan_set_error(ctx, code, pwmd_strerror(e)));
158 }
159
160 static struct client_thread_s *find_cn(pthread_t tid)
161 {
162 guint t, i;
163
164 if (!cn_thread_list)
165 return NULL;
166
167 pthread_mutex_lock(&cn_mutex);
168
169 for (t = g_slist_length(cn_thread_list), i = 0; i < t; i++) {
170 struct client_thread_s *cn = g_slist_nth_data(cn_thread_list, i);
171
172 if (cn->tid == tid) {
173 pthread_mutex_unlock(&cn_mutex);
174 return cn;
175 }
176 }
177
178 pthread_mutex_unlock(&cn_mutex);
179 return NULL;
180 }
181
182 void log_write(const gchar *fmt, ...)
183 {
184 gchar *args, *line;
185 va_list ap;
186 struct tm *tm;
187 time_t now;
188 gchar tbuf[21];
189 gint fd = -1;
190 struct client_thread_s *cn;
191 gchar *name = "";
192 gchar buf[255];
193
194 if ((!logfile && !isatty(STDERR_FILENO) && log_syslog == FALSE) || !fmt)
195 return;
196
197 if (!cmdline && logfile) {
198 if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
199 warn("%s", logfile);
200 return;
201 }
202 }
203
204 va_start(ap, fmt);
205
206 if (g_vasprintf(&args, fmt, ap) == -1) {
207 if (logfile)
208 close(fd);
209
210 va_end(ap);
211 return;
212 }
213
214 va_end(ap);
215
216 if (cmdline) {
217 fprintf(stderr, "%s\n", args);
218 fflush(stderr);
219 g_free(args);
220 return;
221 }
222
223 cn = find_cn(pthread_self());
224
225 if (cn) {
226 if (!cn->name)
227 name = print_fmt(buf, sizeof(buf), "%i: ", cn->fd);
228 else
229 name = print_fmt(buf, sizeof(buf), "%s(%i): ", cn->name, cn->fd);
230 }
231
232 if (!cmdline && log_syslog == TRUE)
233 syslog(LOG_INFO, "%s%s", name, args);
234
235 time(&now);
236 tm = localtime(&now);
237 strftime(tbuf, sizeof(tbuf), "%b %d %Y %H:%M:%S ", tm);
238 tbuf[sizeof(tbuf) - 1] = 0;
239
240 if (args[strlen(args)-1] == '\n')
241 args[strlen(args)-1] = 0;
242
243 line = g_strdup_printf("%s %i %s%s\n", tbuf, getpid(), name, args);
244 g_free(args);
245
246 if (!line) {
247 if (logfile)
248 close(fd);
249
250 return;
251 }
252
253 if (logfile) {
254 write(fd, line, strlen(line));
255 fsync(fd);
256 close(fd);
257 }
258
259 if (isatty(STDERR_FILENO)) {
260 fprintf(stderr, "%s", line);
261 fflush(stderr);
262 }
263
264 g_free(line);
265 }
266
267 static void usage(gchar *pn)
268 {
269 g_fprintf(stderr, N_(
270 "Usage: %s [-hvDnP] [-f <rcfile>] [-C <filename>] "
271 "[-I <filename> [-i <iter>]]\n "
272 "[-k <keyfile>] [-o <outfile>] [file1] [...]\n"
273 " -n run as a foreground process\n"
274 " -f load the specified rcfile (~/.pwmd/config)\n"
275 " -C convert a version 1 data file to version 2\n"
276 " -I import an XML file\n"
277 " -i encrypt with the specified number of iterations when importing\n"
278 " (config default in the \"global\" section)\n"
279 " -k obtain the key from the specified file\n"
280 " -o output file for use with the -C and -I options\n"
281 " -D disable use of the LIST and DUMP commands\n"
282 " -P disable pinentry\n"
283 " -v version\n"
284 " -h this help text\n"
285 ), pn);
286 exit(EXIT_FAILURE);
287 }
288
289 static int gcry_SecureCheck(const void *ptr)
290 {
291 return 1;
292 }
293
294 static void setup_gcrypt()
295 {
296 gcry_check_version(NULL);
297
298 gcry_set_allocation_handler(xmalloc, xmalloc, gcry_SecureCheck, xrealloc,
299 xfree);
300
301 if (gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_TEST_ALGO, NULL,
302 NULL) != 0)
303 errx(EXIT_FAILURE, N_("Required AES cipher not supported by libgcrypt."));
304
305 gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_GET_KEYLEN, NULL, &gcrykeysize);
306 gcry_cipher_algo_info(GCRY_CIPHER_AES256, GCRYCTL_GET_BLKLEN, NULL, &gcryblocksize);
307 }
308
309 static gint new_connection(struct client_s *cl)
310 {
311 gpg_error_t rc;
312 gchar ver[ASSUAN_LINELENGTH];
313
314 rc = assuan_init_socket_server_ext(&cl->ctx, cl->thd->fd, 2);
315
316 if (rc)
317 goto fail;
318
319 assuan_set_pointer(cl->ctx, cl);
320 g_snprintf(ver, sizeof(ver), "%s", PACKAGE_STRING);
321 assuan_set_hello_line(cl->ctx, ver);
322 rc = register_commands(cl->ctx);
323
324 if (rc)
325 goto fail;
326
327 rc = assuan_accept(cl->ctx);
328
329 if (rc)
330 goto fail;
331
332 return 0;
333
334 fail:
335 log_write("%s", gpg_strerror(rc));
336 return 1;
337 }
338
339 gpg_error_t send_status(assuan_context_t ctx, status_msg_t which,
340 const gchar *fmt, ...)
341 {
342 gchar *line = NULL;
343 struct client_s *client = assuan_get_pointer(ctx);
344 gchar buf[ASSUAN_LINELENGTH];
345 gchar *status = NULL;
346 va_list ap;
347
348 if (fmt) {
349 va_start(ap, fmt);
350 g_vsnprintf(buf, sizeof(buf), fmt, ap);
351 va_end(ap);
352 line = buf;
353 }
354
355 switch (which) {
356 case STATUS_CACHE:
357 CACHE_LOCK(client->ctx);
358 line = print_fmt(buf, sizeof(buf), "%i", cache_file_count());
359 CACHE_UNLOCK;
360 status = "CACHE";
361 break;
362 case STATUS_CLIENTS:
363 MUTEX_LOCK(&cn_mutex);
364 line = print_fmt(buf, sizeof(buf), "%i", g_slist_length(cn_thread_list));
365 MUTEX_UNLOCK(&cn_mutex);
366 status = "CLIENTS";
367 break;
368 case STATUS_CONFIG:
369 status = "CONFIG";
370 break;
371 case STATUS_KEEPALIVE:
372 status = "KEEPALIVE";
373 break;
374 case STATUS_LOCKED:
375 status = "LOCKED";
376 line = N_("Waiting for lock");
377 break;
378 case STATUS_ENCRYPT:
379 status = "ENCRYPT";
380 break;
381 case STATUS_DECRYPT:
382 status = "DECRYPT";
383 break;
384 case STATUS_DECOMPRESS:
385 status = "DECOMPRESS";
386 break;
387 case STATUS_COMPRESS:
388 status = "COMPRESS";
389 break;
390 }
391
392 if (!ctx) {
393 log_write("%s %s", status, line);
394 return 0;
395 }
396
397 return assuan_write_status(ctx, status, line);
398 }
399
400 /* This is needed for FreeBSD systems (and maybe others). I'm guessing here,
401 * but I think it lets the scheduler let other threads do their work. If we
402 * were to do the write() in send_status_all() then write() would return
403 * before the signal was actually sent to client_msg_thread(). This is only
404 * called from send_status_all().
405 */
406 static void *write_status_msg(void *arg)
407 {
408 struct client_thread_s *cn =arg;
409 size_t len;
410
411 pthread_cond_signal(&cn->msg_cond);
412 len = write(cn->msg_fd[1], &cn->msg, sizeof(status_msg_t));
413
414 if (len != sizeof(status_msg_t))
415 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(errno));
416
417 return NULL;
418 }
419
420 void send_status_all(status_msg_t which)
421 {
422 guint i, t;
423
424 MUTEX_LOCK(&cn_mutex);
425
426 for (t = g_slist_length(cn_thread_list), i = 0; i < t; i++) {
427 struct client_thread_s *cn = g_slist_nth_data(cn_thread_list, i);
428 pthread_t tid;
429
430 cn->msg = which;
431 pthread_create(&tid, NULL, write_status_msg, cn);
432 pthread_join(tid, NULL);
433 }
434
435 MUTEX_UNLOCK(&cn_mutex);
436 }
437
438 static void xml_error_cb(void *data, xmlErrorPtr e)
439 {
440 struct client_s *client = data;
441
442 /*
443 * Keep the first reported error as the one to show in the error
444 * description. Reset in send_error().
445 */
446 if (client->xml_error)
447 return;
448
449 xmlCopyError(e, client->xml_error);
450 }
451
452 static void cleanup_crypto_handler(void *arg)
453 {
454 struct client_crypto_s **a = (struct client_crypto_s **)arg;
455 struct client_crypto_s *cr = *a;
456
457 if (cr->fh) {
458 if (cr->fh->fd != -1 ||
459 (cmdline == TRUE && cr->fh->fd != STDOUT_FILENO))
460 close(cr->fh->fd);
461
462 if (cr->fh->doc)
463 gcry_free(cr->fh->doc);
464
465 g_free(cr->fh);
466 }
467
468 if (cr->gh)
469 gcry_cipher_close(cr->gh);
470
471 g_free(cr);
472 *a = NULL;
473 }
474
475 void cleanup_crypto(struct client_crypto_s **c)
476 {
477 struct client_crypto_s *cr = *c;
478
479 if (!cr)
480 return;
481
482 if (cr->iv)
483 gcry_free(cr->iv);
484
485 if (cr->key)
486 gcry_free(cr->key);
487
488 if (cr->tkey)
489 gcry_free(cr->tkey);
490
491 if (cr->tkey2)
492 gcry_free(cr->tkey2);
493
494 if (cr->inbuf)
495 gcry_free(cr->inbuf);
496
497 if (cr->outbuf)
498 gcry_free(cr->outbuf);
499
500 pthread_cleanup_push(cleanup_crypto_handler, c);
501 pthread_testcancel();
502 pthread_cleanup_pop(1);
503 }
504
505 /*
506 * This is called after a child_thread terminates. Set with
507 * pthread_cleanup_push().
508 */
509 static void cleanup_cb(void *arg)
510 {
511 struct client_thread_s *cn = arg;
512 struct client_s *cl = cn->cl;
513
514 MUTEX_LOCK(&cn_mutex);
515 log_write(N_("exiting, fd=%i"), cn->fd);
516
517 if (cl->thd) {
518 pthread_cancel(cn->msg_tid);
519 pthread_join(cn->msg_tid, NULL);
520 pthread_cancel(cn->msg_sender_tid);
521 pthread_join(cn->msg_sender_tid, NULL);
522 close(cl->thd->msg_fd[0]);
523 close(cl->thd->msg_fd[1]);
524 }
525
526 pthread_join(cn->tid, NULL);
527
528 if (pthread_mutex_trylock(&cn->msg_mutex) == EBUSY) {
529 MUTEX_UNLOCK(&cn->msg_mutex);
530 }
531 else
532 pthread_mutex_unlock(&cn->msg_mutex);
533
534 pthread_mutex_destroy(&cn->msg_mutex);
535 pthread_cond_destroy(&cn->msg_cond);
536
537 if (pthread_mutex_trylock(&cn->msg_sender_mutex) == EBUSY) {
538 MUTEX_UNLOCK(&cn->msg_sender_mutex);
539 }
540 else
541 pthread_mutex_unlock(&cn->msg_sender_mutex);
542
543 pthread_mutex_destroy(&cn->msg_sender_mutex);
544 pthread_cond_destroy(&cn->msg_sender_cond);
545
546 for (;;) {
547 struct status_msg_s *m = g_slist_nth_data(cn->msg_queue, 0);
548
549 if (!m)
550 break;
551
552 cn->msg_queue = g_slist_remove(cn->msg_queue, m);
553 g_free(m);
554 }
555
556 if (cl && cl->freed == FALSE)
557 cleanup_client(cl);
558
559 #ifdef WITH_GNUTLS
560 if (cn->tls) {
561 gnutls_deinit(cn->tls->ses);
562
563 if (cn->tls->fp)
564 g_free(cn->tls->fp);
565
566 g_free(cn->tls);
567 }
568 #endif
569
570 if (cl && cl->ctx)
571 assuan_deinit_server(cl->ctx);
572
573 #ifdef WITH_PINENTRY
574 if (cl && cl->pinentry)
575 cleanup_pinentry(cl->pinentry);
576 #endif
577
578 if (cl->crypto)
579 cleanup_crypto(&cl->crypto);
580
581 g_free(cl);
582
583 if (cn->name)
584 g_free(cn->name);
585
586 cn_thread_list = g_slist_remove(cn_thread_list, cn);
587 g_free(cn);
588 MUTEX_UNLOCK(&cn_mutex);
589 send_status_all(STATUS_CLIENTS);
590 }
591
592 static void *client_msg_sender_thread(void *arg)
593 {
594 struct client_thread_s *thd = arg;
595
596 MUTEX_LOCK(&thd->msg_sender_mutex);
597
598 for (;;) {
599 struct status_msg_s *msg;
600 gpg_error_t rc;
601
602 pthread_cond_wait(&thd->msg_sender_cond, &thd->msg_sender_mutex);
603 pthread_testcancel();
604
605 /* The messages may have been stacked while waiting for send_status()
606 * to return. Send what's in the queue. */
607 for (;;) {
608 msg = g_slist_nth_data(thd->msg_queue, 0);
609
610 if (!msg)
611 break;
612
613 /* Unlock to prevent blocking in client_msg_thread(). */
614 MUTEX_UNLOCK(&thd->msg_sender_mutex);
615 rc = send_status(thd->cl->ctx, msg->msg, NULL);
616 MUTEX_LOCK(&thd->msg_sender_mutex);
617 thd->msg_queue = g_slist_remove(thd->msg_queue, msg);
618 g_free(msg);
619 pthread_testcancel();
620
621 if (rc) {
622 log_write(N_("msg for %i failed: %s"), thd->fd,
623 pwmd_strerror(rc));
624 pthread_cancel(thd->tid);
625 }
626 }
627 }
628
629 return NULL;
630 }
631
632 /*
633 * This function waits for a signal from send_status_all() then appends a
634 * message read from a pipe to the clients message queue. The actual sending
635 * of the message is done in client_msg_sender_thread() which waits for a
636 * signal from this function. This prevents blocking in assuan_send_status()
637 * when sending to remote clients. This also avoids duplicate status messages.
638 * If an existing status message in the message queue has the same type as the
639 * current message the the current one will be skipped. This avoids flooding
640 * the client with old status messages.
641 */
642 static void *client_msg_thread(void *arg)
643 {
644 struct client_thread_s *thd = arg;
645
646 MUTEX_LOCK(&thd->msg_mutex);
647
648 for (;;) {
649 fd_set rfds;
650 int n;
651 status_msg_t m;
652 size_t len;
653 struct status_msg_s *msg;
654
655 pthread_cond_wait(&thd->msg_cond, &thd->msg_mutex);
656 pthread_testcancel();
657 FD_ZERO(&rfds);
658 FD_SET(thd->msg_fd[0], &rfds);
659 n = select(thd->msg_fd[0]+1, &rfds, NULL, NULL, NULL);
660
661 if (n <= 0 || !FD_ISSET(thd->msg_fd[0], &rfds))
662 continue;
663
664 len = read(thd->msg_fd[0], &m, sizeof(status_msg_t));
665 pthread_testcancel();
666
667 if (len != sizeof(status_msg_t)) {
668 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(errno));
669 continue;
670 }
671
672 MUTEX_LOCK(&thd->msg_sender_mutex);
673
674 for (n = 0; n < g_slist_length(thd->msg_queue); n++) {
675 msg = g_slist_nth_data(thd->msg_queue, n);
676
677 if (msg->msg == m)
678 goto done;
679 }
680
681 msg = g_malloc(sizeof(struct status_msg_s));
682
683 if (!msg) {
684 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
685 MUTEX_UNLOCK(&thd->msg_sender_mutex);
686 continue;
687 }
688
689 msg->msg = m;
690 thd->msg_queue = g_slist_append(thd->msg_queue, msg);
691 done:
692 MUTEX_UNLOCK(&thd->msg_sender_mutex);
693 pthread_cond_signal(&thd->msg_sender_cond);
694 }
695
696 return NULL;
697 }
698
699 /*
700 * Called every time a connection is made from init_new_connection(). This is
701 * the thread entry point.
702 */
703 static void *client_thread(void *data)
704 {
705 struct client_thread_s *thd = data;
706 struct client_s *cl = g_malloc0(sizeof(struct client_s));
707 gpg_error_t rc;
708 pthread_attr_t attr;
709
710 /*
711 * Prevent a race condition with init_new_connection() if this thread
712 * fails (returns) for some reason before init_new_connection() releases
713 * the cn_mutex.
714 */
715 MUTEX_LOCK(&cn_mutex);
716 MUTEX_UNLOCK(&cn_mutex);
717 pthread_cleanup_push(cleanup_cb, thd);
718
719 if (!cl) {
720 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
721 goto fail;
722 }
723
724 thd->cl = cl;
725
726 #ifdef WITH_GNUTLS
727 /*
728 * Do the TLS handshake before anything else.
729 */
730 if (thd->remote) {
731 gchar *prio = get_key_file_string("global", "cipher_suite");
732
733 thd->tls = tls_init(thd->fd, prio);
734 g_free(prio);
735
736 if (!thd->tls) {
737 close(thd->fd);
738 goto fail;
739 }
740 }
741 #endif
742
743 cl->thd = thd;
744
745 if (new_connection(cl))
746 goto fail;
747
748 #ifdef WITH_PINENTRY
749 cl->pinentry = pinentry_init();
750
751 if (!cl->pinentry) {
752 g_free(cl);
753 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
754 goto fail;
755 }
756
757 #ifdef WITH_GNUTLS
758 /* Require the client to explicity set OPTION PINENTRY since the DISPLAY
759 * might be automatically set from the client. Connections to the X11
760 * server usually aren't encrypted and the client might unintentionally
761 * send the passphrase in the clear.
762 */
763 if (thd->remote)
764 cl->pinentry->enable = FALSE;
765 #endif
766 #endif
767
768 #ifdef HAVE_MLOCKALL
769 if (disable_mlock == FALSE && mlockall(MCL_FUTURE) == -1) {
770 log_write("mlockall(): %s", strerror(errno));
771 goto fail;
772 }
773 #endif
774
775 if (pipe(thd->msg_fd) == -1) {
776 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(errno));
777 goto fail;
778 }
779
780 pthread_cond_init(&thd->msg_cond, NULL);
781 pthread_mutex_init(&thd->msg_mutex, NULL);
782 pthread_attr_init(&attr);
783 pthread_create(&thd->msg_tid, &attr, client_msg_thread, thd);
784
785 pthread_cond_init(&thd->msg_sender_cond, NULL);
786 pthread_mutex_init(&thd->msg_sender_mutex, NULL);
787 pthread_create(&thd->msg_sender_tid, &attr, client_msg_sender_thread, thd);
788 pthread_attr_destroy(&attr);
789 rc = send_status(cl->ctx, STATUS_CACHE, NULL);
790
791 if (rc) {
792 log_write("%s", gpg_strerror(rc));
793 goto fail;
794 }
795
796 send_status_all(STATUS_CLIENTS);
797 xmlSetStructuredErrorFunc(cl, xml_error_cb);
798
799 for (;;) {
800 fd_set rfds;
801 int n;
802
803 FD_ZERO(&rfds);
804 FD_SET(cl->thd->fd, &rfds);
805
806 #ifdef WITH_PINENTRY
807 if (cl->pinentry->status == PINENTRY_RUNNING)
808 FD_SET(cl->pinentry->fd, &rfds);
809
810 n = cl->thd->fd > cl->pinentry->fd ? cl->thd->fd : cl->pinentry->fd;
811 #else
812 n = cl->thd->fd;
813 #endif
814 n = select(n+1, &rfds, NULL, NULL, NULL);
815 pthread_testcancel();
816
817 if (n <= 0)
818 continue;
819
820 if (FD_ISSET(cl->thd->fd, &rfds)) {
821 rc = assuan_process_next(cl->ctx);
822 pthread_testcancel();
823
824 if (rc) {
825 cl->inquire_status = INQUIRE_INIT;
826
827 if (gpg_err_code(rc) == GPG_ERR_EOF)
828 goto done;
829
830 log_write("assuan_process_next(): %s", gpg_strerror(rc));
831 rc = send_error(cl->ctx, gpg_err_make(PWMD_ERR_SOURCE, rc));
832
833 if (rc) {
834 log_write("assuan_process_done(): %s", gpg_strerror(rc));
835 goto done;
836 }
837 }
838 else {
839 #ifdef WITH_PINENTRY
840 if (cl->pinentry->pid && cl->pinentry->status == PINENTRY_INIT)
841 cl->pinentry->status = PINENTRY_RUNNING;
842 #endif
843
844 switch (cl->inquire_status) {
845 case INQUIRE_BUSY:
846 case INQUIRE_INIT:
847 break;
848 case INQUIRE_DONE:
849 cl->inquire_status = INQUIRE_INIT;
850 rc = assuan_process_done(cl->ctx, 0);
851 pthread_testcancel();
852 break;
853 }
854 }
855 }
856
857 #ifdef WITH_PINENTRY
858 pinentry_iterate(cl,
859 cl->pinentry->fd != -1 && FD_ISSET(cl->pinentry->fd, &rfds));
860 #endif
861 }
862
863 /*
864 * Client cleanup (including XML data) is done in cleanup_cb() from
865 * the cleanup thread.
866 */
867 done:
868 fail:
869 if (1) {} // Fixes compile time error with pthread_cleanup_push().
870 pthread_cleanup_pop(1);
871 pthread_exit(PTHREAD_CANCELED);
872 return NULL;
873 }
874
875 static void setup_logging(GKeyFile *kf)
876 {
877 gboolean n = g_key_file_get_boolean(kf, "global", "enable_logging", NULL);
878
879 if (n == TRUE) {
880 gchar *p = g_key_file_get_string(kf, "global", "log_path", NULL);
881
882 if (*p == '~') {
883 gchar buf[PATH_MAX];
884
885 p++;
886 g_snprintf(buf, sizeof(buf), "%s%s", g_get_home_dir(), p--);
887 g_free(p);
888
889 if (logfile)
890 g_free(logfile);
891
892 logfile = g_strdup(buf);
893 }
894 else {
895 if (logfile)
896 g_free(logfile);
897
898 logfile = p;
899 }
900 }
901
902 log_syslog = g_key_file_get_boolean(kf, "global", "syslog", NULL);
903 }
904
905 /*
906 * Make sure all settings are set to either the specified setting or a
907 * default.
908 */
909 static void set_rcfile_defaults(GKeyFile *kf)
910 {
911 gchar buf[PATH_MAX];
912
913 if (g_key_file_has_key(kf, "global", "socket_path", NULL) == FALSE) {
914 g_snprintf(buf, sizeof(buf), "~/.pwmd/socket");
915 g_key_file_set_string(kf, "global", "socket_path", buf);
916 }
917
918 if (g_key_file_has_key(kf, "global", "data_directory", NULL) == FALSE) {
919 g_snprintf(buf, sizeof(buf), "~/.pwmd/data");
920 g_key_file_set_string(kf, "global", "data_directory", buf);
921 }
922
923 if (g_key_file_has_key(kf, "global", "backup", NULL) == FALSE)
924 g_key_file_set_boolean(kf, "global", "backup", TRUE);
925
926 if (g_key_file_has_key(kf, "global", "log_path", NULL) == FALSE) {
927 g_snprintf(buf, sizeof(buf), "~/.pwmd/log");
928 g_key_file_set_string(kf, "global", "log_path", buf);
929 }
930
931 if (g_key_file_has_key(kf, "global", "enable_logging", NULL) == FALSE)
932 g_key_file_set_boolean(kf, "global", "enable_logging", FALSE);
933
934 #ifdef HAVE_MLOCKALL
935 if (g_key_file_has_key(kf, "global", "disable_mlockall", NULL) == FALSE)
936 g_key_file_set_boolean(kf, "global", "disable_mlockall", TRUE);
937 #endif
938
939 if (g_key_file_has_key(kf, "global", "cache_timeout", NULL) == FALSE)
940 g_key_file_set_integer(kf, "global", "cache_timeout", -1);
941
942 if (g_key_file_has_key(kf, "global", "iterations", NULL) == FALSE ||
943 g_key_file_get_integer(kf, "global", "iterations", 0) < 0)
944 g_key_file_set_integer(kf, "global", "iterations", 1);
945
946 if (g_key_file_has_key(kf, "global", "disable_list_and_dump", NULL) == FALSE)
947 g_key_file_set_boolean(kf, "global", "disable_list_and_dump", FALSE);
948
949 if (g_key_file_has_key(kf, "global", "iteration_progress", NULL) == FALSE)
950 g_key_file_set_integer(kf, "global", "iteration_progress", 0);
951
952 if (g_key_file_has_key(kf, "global", "compression_level", NULL) == FALSE)
953 g_key_file_set_integer(kf, "global", "compression_level", 6);
954
955 if (g_key_file_has_key(kf, "global", "recursion_depth", NULL) == FALSE)
956 g_key_file_set_integer(kf, "global", "recursion_depth", DEFAULT_RECURSION_DEPTH);
957
958 if (g_key_file_has_key(kf, "global", "zlib_bufsize", NULL) == FALSE)
959 g_key_file_set_integer(kf, "global", "zlib_bufsize", DEFAULT_ZLIB_BUFSIZE);
960
961 zlib_bufsize = (uInt)g_key_file_get_integer(kf, "global", "zlib_bufsize", NULL);
962
963 max_recursion_depth = g_key_file_get_integer(kf, "global", "recursion_depth", NULL);
964 disable_list_and_dump = g_key_file_get_boolean(kf, "global", "disable_list_and_dump", NULL);
965
966 #ifdef HAVE_MLOCKALL
967 disable_mlock = g_key_file_get_boolean(kf, "global", "disable_mlockall", NULL);
968 #endif
969
970 if (g_key_file_has_key(kf, "global", "syslog", NULL) == FALSE)
971 g_key_file_set_boolean(kf, "global", "syslog", FALSE);
972
973 if (g_key_file_has_key(kf, "global", "keepalive", NULL) == FALSE)
974 g_key_file_set_integer(kf, "global", "keepalive", 30);
975
976 #ifdef WITH_PINENTRY
977 if (g_key_file_has_key(kf, "global", "enable_pinentry", NULL) == FALSE)
978 g_key_file_set_boolean(kf, "global", "enable_pinentry", TRUE);
979
980 if (g_key_file_has_key(kf, "global", "pinentry_timeout", NULL) == FALSE)
981 g_key_file_set_integer(kf, "global", "pinentry_timeout", 20);
982 #endif
983
984 #ifdef WITH_GNUTLS
985 if (g_key_file_has_key(kf, "global", "tcp_port", NULL) == FALSE)
986 g_key_file_set_integer(kf, "global", "tcp_port", 6466);
987
988 if (g_key_file_has_key(kf, "global", "enable_tcp", NULL) == FALSE)
989 g_key_file_set_boolean(kf, "global", "enable_tcp", FALSE);
990
991 if (g_key_file_has_key(kf, "global", "tcp_require_key", NULL) == FALSE)
992 g_key_file_set_boolean(kf, "global", "tcp_require_key", FALSE);
993
994 if (g_key_file_has_key(kf, "global", "tcp_wait", NULL) == FALSE)
995 g_key_file_set_boolean(kf, "global", "tcp_wait", 3);
996
997 if (g_key_file_has_key(kf, "global", "cipher_suite", NULL) == FALSE)
998 g_key_file_set_string(kf, "global", "cipher_suite", "SECURE256");
999
1000 if (g_key_file_has_key(kf, "global", "tcp_use_crl", NULL) == FALSE)
1001 g_key_file_set_boolean(kf, "global", "tcp_use_crl", FALSE);
1002 #endif
1003
1004 setup_logging(kf);
1005 }
1006
1007 static GKeyFile *parse_rcfile(gboolean specified)
1008 {
1009 GKeyFile *kf = g_key_file_new();
1010 GError *rc = NULL;
1011
1012 if (g_key_file_load_from_file(kf, rcfile, G_KEY_FILE_NONE, &rc) == FALSE) {
1013 log_write("%s: %s", rcfile, rc->message);
1014
1015 if (cmdline && specified) {
1016 g_clear_error(&rc);
1017 return NULL;
1018 }
1019
1020 if (rc->code == G_FILE_ERROR_NOENT) {
1021 g_clear_error(&rc);
1022 set_rcfile_defaults(kf);
1023 return kf;
1024 }
1025
1026 g_clear_error(&rc);
1027 return NULL;
1028 }
1029
1030 set_rcfile_defaults(kf);
1031 return kf;
1032 }
1033
1034 static gchar *do_get_password(const gchar *prompt)
1035 {
1036 gchar buf[LINE_MAX] = {0}, *p;
1037 struct termios told, tnew;
1038 gchar *key;
1039
1040 if (tcgetattr(STDIN_FILENO, &told) == -1) {
1041 log_write("tcgetattr(): %s", strerror(errno));
1042 return NULL;
1043 }
1044
1045 memcpy(&tnew, &told, sizeof(struct termios));
1046 tnew.c_lflag &= ~(ECHO);
1047 tnew.c_lflag |= ICANON|ECHONL;
1048
1049 if (tcsetattr(STDIN_FILENO, TCSANOW, &tnew) == -1) {
1050 log_write("tcsetattr(): %s", strerror(errno));
1051 tcsetattr(STDIN_FILENO, TCSANOW, &told);
1052 return NULL;
1053 }
1054
1055 fprintf(stderr, "%s", prompt);
1056
1057 if ((p = fgets(buf, sizeof(buf), stdin)) == NULL) {
1058 tcsetattr(STDIN_FILENO, TCSANOW, &told);
1059 return NULL;
1060 }
1061
1062 tcsetattr(STDIN_FILENO, TCSANOW, &told);
1063 p[strlen(p) - 1] = 0;
1064
1065 if (!buf[0]) {
1066 key = gcry_malloc(1);
1067 key[0] = 0;
1068 }
1069 else {
1070 key = gcry_malloc(strlen(p) + 1);
1071 sprintf(key, "%s", p);
1072 }
1073
1074 memset(&buf, 0, sizeof(buf));
1075 return key;
1076 }
1077
1078 /* Only used when "enable_pinentry" is "false" or -P. */
1079 static gpg_error_t get_input(const gchar *filename,
1080 struct client_crypto_s *crypto, guchar *key, pinentry_cmd_t which)
1081 {
1082 gchar *prompt;
1083
1084 if (which == PINENTRY_SAVE) {
1085 prompt = g_strdup_printf(N_("New passphrase for file %s: "), filename);
1086 crypto->tkey = do_get_password(prompt);
1087 g_free(prompt);
1088
1089 if (!crypto->tkey) {
1090 log_write(N_("%s: Skipping file"), filename);
1091 return GPG_ERR_BAD_PASSPHRASE;
1092 }
1093
1094 prompt = g_strdup_printf(N_("Repeat passphrase: "));
1095 crypto->tkey2 = do_get_password(prompt);
1096 g_free(prompt);
1097
1098 if (!crypto->tkey2) {
1099 log_write(N_("%s: Skipping file"), filename);
1100 return GPG_ERR_BAD_PASSPHRASE;
1101 }
1102
1103 if (strcmp(crypto->tkey, crypto->tkey2)) {
1104 log_write(N_("%s: Passphrase mismatch"), filename);
1105 return EPWMD_BADKEY;
1106 }
1107
1108 gcry_md_hash_buffer(GCRY_MD_SHA256, key, crypto->tkey,
1109 strlen(crypto->tkey) ? strlen(crypto->tkey) : 1);
1110 return 0;
1111 }
1112
1113 prompt = g_strdup_printf(N_("Passphrase required for %s: "), filename);
1114
1115 if ((crypto->tkey = do_get_password(prompt)) == NULL) {
1116 log_write(N_("%s: Skipping file"), filename);
1117 g_free(prompt);
1118 return GPG_ERR_BAD_PASSPHRASE;
1119 }
1120
1121 gcry_md_hash_buffer(GCRY_MD_SHA256, key, crypto->tkey,
1122 strlen(crypto->tkey) ? strlen(crypto->tkey) : 1);
1123 g_free(prompt);
1124 return 0;
1125 }
1126
1127 /*
1128 * inbuf must have been allocated with gcry_malloc().
1129 */
1130 gpg_error_t export_common(const gchar *filename, struct client_crypto_s *crypto,
1131 gpointer inbuf, gulong insize)
1132 {
1133 gpg_error_t rc;
1134 gint level, zrc;
1135 gulong outsize;
1136 gpointer outbuf;
1137
1138 level = get_key_file_integer(filename, "compression_level");
1139
1140 if (level < 0)
1141 level = 0;
1142
1143 if (do_compress(NULL, level, inbuf, insize, &outbuf, &outsize, &zrc)
1144 == FALSE) {
1145 return zrc == Z_MEM_ERROR ? GPG_ERR_ENOMEM : GPG_ERR_COMPR_ALGO;
1146 }
1147
1148 crypto->inbuf = outbuf;
1149 crypto->insize = outsize;
1150 rc = do_xml_encrypt(NULL, crypto, filename);
1151 return rc;
1152 }
1153
1154 static gpg_error_t get_password(const gchar *filename,
1155 struct client_crypto_s *crypto, guchar *md5file, guchar *key,
1156 pinentry_cmd_t which)
1157 {
1158 #ifdef WITH_PINENTRY
1159 gpg_error_t rc = 0;
1160
1161 if (g_key_file_get_boolean(keyfileh, "global", "enable_pinentry", NULL)
1162 == FALSE) {
1163 #endif
1164 return get_input(filename, crypto, key, which);
1165 #ifdef WITH_PINENTRY
1166 }
1167 else {
1168 gchar *result = NULL;
1169 struct pinentry_s *pin = g_malloc0(sizeof(struct pinentry_s));
1170
1171 set_pinentry_defaults(pin);
1172 pin->which = which;
1173 pin->filename = g_strdup(filename);
1174 rc = pinentry_getpin(pin, &result);
1175
1176 if (rc) {
1177 xfree(result);
1178 goto done;
1179 }
1180
1181 gcry_md_hash_buffer(GCRY_MD_SHA256, key, result, strlen(result) ? strlen(result) : 1);
1182 xfree(result);
1183 cleanup_pinentry(pin);
1184 }
1185
1186 done:
1187 return rc;
1188 #endif
1189 }
1190
1191 static gboolean _getline(const gchar *file, gchar **result, gpg_error_t *rc)
1192 {
1193 FILE *fp;
1194 gchar buf[LINE_MAX] = {0}, *p;
1195 gchar *str = NULL;
1196 gint len;
1197
1198 *rc = 0;
1199
1200 if ((fp = fopen(file, "r")) == NULL) {
1201 *rc = gpg_error_from_syserror();
1202 return FALSE;
1203 }
1204
1205 p = fgets(buf, sizeof(buf), fp);
1206 fclose(fp);
1207 len = strlen(buf);
1208
1209 if (len && buf[len - 1] == '\n')
1210 buf[--len] = 0;
1211
1212 str = gcry_malloc(len + 1);
1213
1214 if (!str) {
1215 *rc = gpg_error_from_errno(ENOMEM);
1216 return FALSE;
1217 }
1218
1219 memcpy(str, buf, len ? len : 1);
1220 str[len] = 0;
1221 memset(&buf, 0, sizeof(buf));
1222 *result = str;
1223 return TRUE;
1224 }
1225
1226 static gchar *parse_rcfile_keyfile(const gchar *filename, gboolean import,
1227 gpg_error_t *rc)
1228 {
1229 GError *rv = NULL;
1230 gchar *t, *file = NULL, *str;
1231
1232 *rc = GPG_ERR_UNKNOWN_ERRNO;
1233
1234 if (import == FALSE) {
1235 if (g_key_file_has_key(keyfileh, filename, "key_file", &rv) == TRUE) {
1236 file = g_key_file_get_string(keyfileh, filename, "key_file", &rv);
1237
1238 if (!file) {
1239 if (rv) {
1240 log_write("%s: key_file: %s", rcfile, rv->message);
1241 g_clear_error(&rv);
1242 }
1243
1244 return NULL;
1245 }
1246
1247 t = expand_homedir(file);
1248
1249 if (!t) {
1250 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1251 *rc = gpg_error_from_errno(ENOMEM);
1252 return NULL;
1253 }
1254
1255 g_free(file);
1256 file = t;
1257 }
1258 }
1259 else {
1260 /* -I or -C. The filename is a key file. */
1261 file = g_strdup(filename);
1262
1263 if (!file) {
1264 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1265 *rc = gpg_error_from_errno(ENOMEM);
1266 return NULL;
1267 }
1268 }
1269
1270 if (rv) {
1271 log_write("%s: key_file: %s", rcfile, rv->message);
1272 g_clear_error(&rv);
1273 return NULL;
1274 }
1275
1276 if (!file)
1277 return NULL;
1278
1279 if (_getline(file, &str, rc) == FALSE) {
1280 log_write("%s: %s: %s", filename, file, pwmd_strerror(*rc));
1281 g_free(file);
1282 return NULL;
1283 }
1284
1285 g_free(file);
1286 *rc = 0;
1287 return str;
1288 }
1289
1290 static gboolean xml_import(const gchar *filename, const gchar *outfile,
1291 const gchar *keyfile, gulong iter)
1292 {
1293 xmlDocPtr doc;
1294 gint fd;
1295 struct stat st;
1296 gint len;
1297 xmlChar *xmlbuf;
1298 xmlChar *xml;
1299 gpg_error_t rc;
1300 struct client_crypto_s *crypto;
1301
1302 if (stat(filename, &st) == -1) {
1303 log_write("%s: %s", filename, strerror(errno));
1304 return FALSE;
1305 }
1306
1307 crypto = init_client_crypto();
1308
1309 if (!crypto)
1310 return FALSE;
1311
1312 crypto->key = gcry_malloc(gcrykeysize);
1313 memset(crypto->key, 0, gcrykeysize);
1314
1315 if (!crypto->key) {
1316 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1317 goto fail;
1318 }
1319
1320 log_write(N_("Importing XML from '%s'. Output will be written to '%s' ..."),
1321 filename, outfile);
1322
1323 if (iter && keyfile) {
1324 crypto->tkey = parse_rcfile_keyfile(keyfile, TRUE, &rc);
1325
1326 if (!crypto->tkey)
1327 goto fail;
1328
1329 gcry_md_hash_buffer(GCRY_MD_SHA256, crypto->key, crypto->tkey,
1330 strlen(crypto->tkey) ? strlen(crypto->tkey) : 1);
1331 }
1332 else if (iter) {
1333 rc = get_password(outfile, crypto, NULL, crypto->key, PINENTRY_SAVE);
1334
1335 if (rc)
1336 goto fail;
1337 }
1338
1339 if ((fd = open(filename, O_RDONLY)) == -1) {
1340 log_write("%s: %s", filename, strerror(errno));
1341 goto fail;
1342 }
1343
1344 if ((xmlbuf = gcry_malloc(st.st_size+1)) == NULL) {
1345 close(fd);
1346 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1347 goto fail;
1348 }
1349
1350 if (read(fd, xmlbuf, st.st_size) == -1) {
1351 rc = errno;
1352 close(fd);
1353 errno = rc;
1354 log_write("%s: %s", filename, strerror(errno));
1355 goto fail;
1356 }
1357
1358 close(fd);
1359 xmlbuf[st.st_size] = 0;
1360
1361 /*
1362 * Make sure the document validates.
1363 */
1364 if ((doc = xmlReadDoc(xmlbuf, NULL, "UTF-8", XML_PARSE_NOBLANKS)) == NULL) {
1365 log_write("xmlReadDoc() failed");
1366 gcry_free(xmlbuf);
1367 goto fail;
1368 }
1369
1370 gcry_free(xmlbuf);
1371 xmlDocDumpMemory(doc, &xml, &len);
1372 xmlFreeDoc(doc);
1373
1374 if (!iter)
1375 memset(crypto->key, '!', gcrykeysize);
1376
1377 crypto->fh = g_malloc0(sizeof(file_header_internal_t));
1378
1379 if (!crypto->fh) {
1380 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1381 goto fail;
1382 }
1383
1384 crypto->fh->fh2.iter = iter;
1385 rc = export_common(outfile, crypto, xml, len);
1386 xmlFree(xml);
1387
1388 if (rc) {
1389 send_error(NULL, rc);
1390 goto fail;
1391 }
1392
1393 cleanup_crypto(&crypto);
1394 return TRUE;
1395
1396 fail:
1397 cleanup_crypto(&crypto);
1398 return FALSE;
1399 }
1400
1401 gchar *get_key_file_string(const gchar *section, const gchar *what)
1402 {
1403 gchar *val = NULL;
1404 GError *grc = NULL;
1405
1406 if (g_key_file_has_key(keyfileh, section, what, NULL) == TRUE) {
1407 val = g_key_file_get_string(keyfileh, section, what, &grc);
1408
1409 if (grc) {
1410 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1411 g_clear_error(&grc);
1412 }
1413 }
1414 else {
1415 if (g_key_file_has_key(keyfileh, "global", what, NULL) == TRUE) {
1416 val = g_key_file_get_string(keyfileh, "global", what, &grc);
1417
1418 if (grc) {
1419 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1420 g_clear_error(&grc);
1421 }
1422 }
1423 }
1424
1425 return val;
1426 }
1427
1428 gint get_key_file_integer(const gchar *section, const gchar *what)
1429 {
1430 gint val = -1;
1431 GError *grc = NULL;
1432
1433 if (g_key_file_has_key(keyfileh, section ? section : "global", what, NULL) == TRUE) {
1434 val = g_key_file_get_integer(keyfileh, section ? section : "global", what, &grc);
1435
1436 if (grc) {
1437 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1438 g_clear_error(&grc);
1439 }
1440 }
1441 else {
1442 if (g_key_file_has_key(keyfileh, "global", what, NULL) == TRUE) {
1443 val = g_key_file_get_integer(keyfileh, "global", what, &grc);
1444
1445 if (grc) {
1446 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1447 g_clear_error(&grc);
1448 }
1449 }
1450 }
1451
1452 return val;
1453 }
1454
1455 gboolean get_key_file_boolean(const gchar *section, const gchar *what)
1456 {
1457 gboolean val = FALSE;
1458 GError *grc = NULL;
1459
1460 if (g_key_file_has_key(keyfileh, section, what, NULL) == TRUE) {
1461 val = g_key_file_get_boolean(keyfileh, section, what, &grc);
1462
1463 if (grc) {
1464 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1465 g_clear_error(&grc);
1466 }
1467 }
1468 else {
1469 if (g_key_file_has_key(keyfileh, "global", what, NULL) == TRUE) {
1470 val = g_key_file_get_boolean(keyfileh, "global", what, &grc);
1471
1472 if (grc) {
1473 log_write("%s(%i): %s", __FILE__, __LINE__, grc->message);
1474 g_clear_error(&grc);
1475 }
1476 }
1477 }
1478
1479 return val;
1480 }
1481
1482 static gboolean parse_rcfile_keys()
1483 {
1484 gsize n;
1485 gchar **groups;
1486 gchar **p;
1487 gchar *str;
1488
1489 groups = g_key_file_get_groups(keyfileh, &n);
1490
1491 for (p = groups; *p; p++) {
1492 GError *rc = NULL;
1493
1494 if (g_key_file_has_key(keyfileh, *p, "key", &rc) == TRUE) {
1495 str = g_key_file_get_string(keyfileh, *p, "key", &rc);
1496
1497 if (!str) {
1498 if (rc) {
1499 log_write("%s: key: %s", rcfile, rc->message);
1500 g_clear_error(&rc);
1501 }
1502 continue;
1503 }
1504
1505 do_cache_push(*p, str);
1506 g_free(str);
1507 continue;
1508 }
1509
1510 if (rc) {
1511 log_write("%s: key: %s", rcfile, rc->message);
1512 g_clear_error(&rc);
1513 continue;
1514 }
1515
1516 gpg_error_t ret;
1517 str = parse_rcfile_keyfile(*p, FALSE, &ret);
1518
1519 if (!str)
1520 continue;
1521
1522 do_cache_push(*p, str);
1523 gcry_free(str);
1524 }
1525
1526 g_strfreev(groups);
1527 return TRUE;
1528 }
1529
1530 static gboolean do_cache_push(const gchar *filename, const gchar *password)
1531 {
1532 guchar md5file[16];
1533 gint timeout;
1534 const gchar *p = filename;
1535 struct client_crypto_s *crypto;
1536 gpg_error_t rc;
1537
1538 while (isspace(*p))
1539 p++;
1540
1541 if (!*p)
1542 return FALSE;
1543
1544 if (valid_filename(p) == FALSE) {
1545 log_write(N_("%s: Invalid characters in filename"), p);
1546 return FALSE;
1547 }
1548
1549 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, p, strlen(p));
1550
1551 if (access(p, R_OK|W_OK) != 0) {
1552 log_write("%s: %s", p, strerror(errno));
1553 return FALSE;
1554 }
1555
1556 crypto = init_client_crypto();
1557
1558 if (!crypto)
1559 return FALSE;
1560
1561 crypto->fh = read_file_header(filename, FALSE, &rc);
1562
1563 if (!crypto->fh) {
1564 log_write("%s: %s", p, pwmd_strerror(rc));
1565 cleanup_crypto(&crypto);
1566 return FALSE;
1567 }
1568
1569 crypto->key = gcry_malloc(gcrykeysize);
1570
1571 if (!crypto->key) {
1572 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1573 cleanup_crypto(&crypto);
1574 return FALSE;
1575 }
1576
1577 log_write(N_("Adding '%s' to the file cache ..."), filename);
1578
1579 if (crypto->fh->fh2.iter <= 0) {
1580 memset(crypto->key, '!', gcrykeysize);
1581 goto try_decrypt;
1582 }
1583
1584 if (!password) {
1585 rc = get_password(p, crypto, md5file, crypto->key, PINENTRY_OPEN);
1586
1587 if (rc) {
1588 send_error(NULL, rc);
1589 cleanup_crypto(&crypto);
1590 return FALSE;
1591 }
1592
1593 gcry_free(crypto->fh->doc);
1594 crypto->fh->doc = NULL;
1595 }
1596 else
1597 gcry_md_hash_buffer(GCRY_MD_SHA256, crypto->key, password,
1598 strlen(password) ? strlen(password) : 1);
1599
1600 try_decrypt:
1601 rc = try_xml_decrypt(NULL, crypto->key, crypto, NULL, NULL);
1602
1603 if (rc) {
1604 log_write("%s: %s", filename, pwmd_strerror(rc));
1605 cleanup_crypto(&crypto);
1606 return FALSE;
1607 }
1608
1609 if (cache_update_key(md5file, crypto->key) == FALSE) {
1610 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1611 cleanup_crypto(&crypto);
1612 return FALSE;
1613 }
1614
1615 timeout = get_key_file_integer(p, "cache_timeout");
1616 cache_set_timeout(md5file, timeout);
1617 log_write(N_("File '%s' now cached"), filename);
1618 cleanup_crypto(&crypto);
1619 return TRUE;
1620 }
1621
1622 static void init_new_connection(gint fd, gchar *addr)
1623 {
1624 pthread_t tid;
1625 pthread_attr_t attr;
1626 struct client_thread_s *new;
1627 int n;
1628
1629 new = g_malloc0(sizeof(struct client_thread_s));
1630
1631 if (!new) {
1632 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1633 return;
1634 }
1635
1636 MUTEX_LOCK(&cn_mutex);
1637 new->fd = fd;
1638
1639 #ifdef WITH_GNUTLS
1640 if (addr)
1641 new->remote = TRUE;
1642 #endif
1643
1644 pthread_attr_init(&attr);
1645 pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
1646 n = pthread_create(&tid, &attr, client_thread, new);
1647 pthread_attr_destroy(&attr);
1648
1649 if (n) {
1650 g_free(new);
1651 log_write("pthread_create(): %s", strerror(n));
1652 MUTEX_UNLOCK(&cn_mutex);
1653 return;
1654 }
1655
1656 new->tid = tid;
1657 cn_thread_list = g_slist_append(cn_thread_list, new);
1658 MUTEX_UNLOCK(&cn_mutex);
1659
1660 if (addr)
1661 log_write(N_("new connection: fd=%i, addr=%s"), fd, addr);
1662 else
1663 log_write(N_("new connection: fd=%i"), fd);
1664 }
1665
1666 #ifdef WITH_GNUTLS
1667 /* From Beej's Guide to Network Programming. It's a good tutorial. */
1668 static void *get_in_addr(struct sockaddr *sa)
1669 {
1670 if (sa->sa_family == AF_INET)
1671 return &(((struct sockaddr_in*)sa)->sin_addr);
1672
1673 return &(((struct sockaddr_in6*)sa)->sin6_addr);
1674 }
1675
1676 static void *tcp_accept_thread(void *arg)
1677 {
1678 gint sockfd = (gint)arg;
1679
1680 for (;;) {
1681 struct sockaddr_storage raddr;
1682 socklen_t slen = sizeof(raddr);
1683 gint fd = -1;
1684 gulong n;
1685 gchar *t;
1686
1687 if ((fd = accept(sockfd, (struct sockaddr *)&raddr, &slen)) == -1) {
1688 if (errno != EAGAIN) {
1689 if (!quit) // probably EBADF
1690 log_write("accept(): %s", strerror(errno));
1691
1692 break;
1693 }
1694 }
1695
1696 if (quit)
1697 break;
1698
1699 if (fd >= 0) {
1700 gchar s[INET6_ADDRSTRLEN];
1701
1702 inet_ntop(raddr.ss_family, get_in_addr((struct sockaddr *)&raddr),
1703 s, sizeof s);
1704 init_new_connection(fd, s);
1705 }
1706
1707 t = get_key_file_string("global", "tcp_wait");
1708 n = strtol(t, NULL, 10);
1709 g_free(t);
1710
1711 if (n < 0)
1712 n = 0;
1713
1714 usleep(n*100000);
1715 }
1716
1717 /* Just in case accept() failed for some reason other than EBADF */
1718 quit = 1;
1719 pthread_exit(PTHREAD_CANCELED);
1720 return NULL;
1721 }
1722 #endif
1723
1724 static void *accept_thread(void *arg)
1725 {
1726 gint sockfd = (gint)arg;
1727
1728 for (;;) {
1729 socklen_t slen = sizeof(struct sockaddr_un);
1730 struct sockaddr_un raddr;
1731 gint fd = -1;
1732
1733 if ((fd = accept(sockfd, (struct sockaddr *)&raddr, &slen)) == -1) {
1734 if (errno != EAGAIN) {
1735 if (!quit) // probably EBADF
1736 log_write("accept(): %s", strerror(errno));
1737
1738 break;
1739 }
1740 }
1741
1742 if (fd >= 0)
1743 init_new_connection(fd, NULL);
1744 }
1745
1746 /* Just in case accept() failed for some reason other than EBADF */
1747 quit = 1;
1748 pthread_exit(PTHREAD_CANCELED);
1749 return NULL;
1750 }
1751
1752 static void *adjust_cache_timer_thread(void *arg)
1753 {
1754 for (;;) {
1755 sleep(1);
1756 pthread_testcancel();
1757 CACHE_LOCK(NULL);
1758 cache_adjust_timer();
1759 CACHE_UNLOCK;
1760 }
1761
1762 return NULL;
1763 }
1764
1765 static void *keepalive_thread(void *arg)
1766 {
1767 struct timespec ts;
1768 gint to = (gint)arg;
1769
1770 for (;;) {
1771 clock_gettime(CLOCK_REALTIME, &ts);
1772 ts.tv_sec += to;
1773 pthread_cond_timedwait(&keepalive_cond, &keepalive_cond_mutex, &ts);
1774 pthread_testcancel();
1775 send_status_all(STATUS_KEEPALIVE);
1776 }
1777
1778 return NULL;
1779 }
1780
1781 static void startStopKeepAlive(gboolean term)
1782 {
1783 pthread_attr_t attr;
1784 gint n = get_key_file_integer("global", "keepalive");
1785
1786 if (keepalive_tid)
1787 pthread_cancel(keepalive_tid);
1788
1789 keepalive_tid = 0;
1790 pthread_mutex_trylock(&keepalive_cond_mutex);
1791
1792 if (term)
1793 return;
1794
1795 if (n > 0) {
1796 pthread_attr_init(&attr);
1797 pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
1798 pthread_create(&keepalive_tid, &attr, keepalive_thread, (void *)n);
1799 pthread_attr_destroy(&attr);
1800 }
1801 }
1802
1803 static void server_loop(gint sockfd, gchar **socketpath)
1804 {
1805 pthread_t accept_tid;
1806 guint n;
1807 sigset_t sigset;
1808 gint n_clients = 0;
1809 pthread_attr_t attr;
1810 pthread_t cache_timeout_tid;
1811 pthread_mutexattr_t mattr;
1812
1813 sigemptyset(&sigset);
1814
1815 /* Termination */
1816 sigaddset(&sigset, SIGTERM);
1817 sigaddset(&sigset, SIGINT);
1818
1819 /* Clears the file cache. */
1820 sigaddset(&sigset, SIGUSR1);
1821
1822 /* Configuration file reloading. */
1823 sigaddset(&sigset, SIGHUP);
1824
1825 /* Caught in client_thread(). Sends a cache status message. */
1826 sigaddset(&sigset, SIGUSR2);
1827
1828 /* Ignored everywhere. When a client disconnects abnormally this signal
1829 * gets raised. It isn't needed though because client_thread() will check
1830 * for rcs even after the client disconnects. */
1831 signal(SIGPIPE, SIG_IGN);
1832 sigprocmask(SIG_BLOCK, &sigset, NULL);
1833
1834 pthread_mutexattr_init(&mattr);
1835 pthread_mutexattr_settype(&mattr, PTHREAD_MUTEX_RECURSIVE);
1836 pthread_mutex_init(&cn_mutex, &mattr);
1837 pthread_mutexattr_destroy(&mattr);
1838 log_write(N_("%s started for user %s"), PACKAGE_STRING, g_get_user_name());
1839 pthread_attr_init(&attr);
1840 pthread_create(&accept_tid, &attr, accept_thread, (void *)sockfd);
1841 startStopKeepAlive(FALSE);
1842 pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
1843 pthread_create(&cache_timeout_tid, &attr, adjust_cache_timer_thread, NULL);
1844
1845 do {
1846 gint sig;
1847
1848 sigwait(&sigset, &sig);
1849 log_write(N_("caught signal %i (%s)"), sig, strsignal(sig));
1850
1851 /* Caught a signal. */
1852 switch (sig) {
1853 case SIGHUP:
1854 reload_rcfile();
1855 break;
1856 case SIGABRT:
1857 CACHE_LOCK(NULL);
1858 cache_clear(NULL, 2);
1859 CACHE_UNLOCK;
1860 #ifndef MEM_DEBUG
1861 xpanic();
1862 #endif
1863 exit(EXIT_FAILURE);
1864 case SIGUSR1:
1865 CACHE_LOCK(NULL);
1866 log_write(N_("clearing file cache"));
1867 cache_clear(NULL, 2);
1868 CACHE_UNLOCK;
1869 break;
1870 default:
1871 quit = 1;
1872 shutdown(sockfd, SHUT_RDWR);
1873 close(sockfd);
1874
1875 #ifdef WITH_GNUTLS
1876 if (tcpSockFd != -1) {
1877 shutdown(tcpSockFd, SHUT_RDWR);
1878 close(tcpSockFd);
1879 }
1880 #endif
1881 break;
1882 }
1883 } while (!quit);
1884
1885 /*
1886 * We're out of the main server loop. This happens when a signal was sent
1887 * to terminate the daemon. We'll wait for all clients to disconnect
1888 * before exiting and ignore any following signals.
1889 */
1890 pthread_join(accept_tid, NULL);
1891 pthread_attr_destroy(&attr);
1892 #ifdef WITH_GNUTLS
1893 startStopTcp(TRUE);
1894 #endif
1895 unlink(*socketpath);
1896 g_free(*socketpath);
1897 *socketpath = NULL;
1898 MUTEX_LOCK(&cn_mutex);
1899 n = g_slist_length(cn_thread_list);
1900 MUTEX_UNLOCK(&cn_mutex);
1901
1902 if (n)
1903 log_write(N_("waiting for all clients to disconnect"));
1904
1905 while (n) {
1906 if (n != n_clients) {
1907 log_write(N_("%i clients remain"), n);
1908 n_clients = n;
1909 }
1910
1911 sleep(1);
1912 MUTEX_LOCK(&cn_mutex);
1913 n = g_slist_length(cn_thread_list);
1914 MUTEX_UNLOCK(&cn_mutex);
1915 }
1916
1917 startStopKeepAlive(TRUE);
1918 pthread_cancel(cache_timeout_tid);
1919 cache_free();
1920 }
1921
1922 /*
1923 * Called from pinentry_fork() in the child process.
1924 */
1925 void free_client_list()
1926 {
1927 gint i, t = g_slist_length(cn_thread_list);
1928
1929 for (i = 0; i < t; i++) {
1930 struct client_thread_s *cn = g_slist_nth_data(cn_thread_list, i);
1931
1932 free_client(cn->cl);
1933 }
1934
1935 cache_free();
1936 }
1937
1938 struct client_crypto_s *init_client_crypto()
1939 {
1940 struct client_crypto_s *new = g_malloc0(sizeof(struct client_crypto_s));
1941 gpg_error_t rc;
1942
1943 if (!new) {
1944 log_write("%s(%i): %s", __FILE__, __LINE__, strerror(ENOMEM));
1945 return NULL;
1946 }
1947
1948 rc = gcry_cipher_open(&new->gh, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 0);
1949
1950 if (rc) {
1951 log_write("%s(%i): %s", __FUNCTION__, __LINE__, gcry_strerror(rc));
1952 g_free(new);
1953 return NULL;
1954 }
1955
1956 return new;
1957 }
1958
1959 static gpg_error_t convert_file(const gchar *filename, const gchar *keyfile,
1960 const gchar *outfile)
1961 {
1962 gpg_error_t rc;
1963 guchar md5file[16];
1964 guint iter;
1965 struct client_crypto_s *crypto = init_client_crypto();
1966
1967 if (!crypto)
1968 return GPG_ERR_ENOMEM;
1969
1970 crypto->key = gcry_malloc(gcrykeysize);
1971
1972 if (!crypto->key) {
1973 cleanup_crypto(&crypto);
1974 return GPG_ERR_ENOMEM;
1975 }
1976
1977 log_write(N_("Converting version 1 data file '%s' to version 2 ..."),
1978 filename);
1979 crypto->fh = read_file_header(filename, TRUE, &rc);
1980
1981 if (!crypto->fh)
1982 goto done;
1983
1984 gcry_md_hash_buffer(GCRY_MD_MD5, md5file, filename, strlen(filename));
1985
1986 /* The header in version 1 had a bug where the iterations were off-by-one.
1987 * So 0 iterations was really -1 in the header. This is fixed in v2 of the
1988 * header.
1989 */
1990 if (crypto->fh->fh1.iter >= 0) {
1991 if (keyfile) {
1992 crypto->tkey = parse_rcfile_keyfile(keyfile, TRUE, &rc);
1993
1994 if (!crypto->tkey)
1995 goto done;
1996
1997 gcry_md_hash_buffer(GCRY_MD_SHA256, crypto->key, crypto->tkey,
1998 strlen(crypto->tkey) ? strlen(crypto->tkey) : 1);
1999 }
2000 else {
2001 rc = get_password(filename, crypto, md5file, crypto->key,
2002 PINENTRY_OPEN);
2003
2004 if (rc)
2005 goto done;
2006 }
2007 }
2008
2009 rc = try_xml_decrypt(NULL, crypto->key, crypto, &crypto->fh->doc,
2010 &crypto->fh->len);
2011
2012 if (rc)
2013 goto done;
2014
2015 rc = convert_xml((gchar **)&crypto->fh->doc, &crypto->fh->len);
2016
2017 if (rc) {
2018 log_write("%s: %s", filename, pwmd_strerror(rc));
2019 goto done;
2020 }
2021
2022 crypto->fh->v1 = FALSE;
2023 iter = crypto->fh->fh1.iter;
2024 memset(&crypto->fh->fh2, 0, sizeof(crypto->fh->fh2));
2025 /* Keep the iterations and key from the original file. */
2026 crypto->fh->fh2.iter = iter+1; // Bugfix for v1 data files.
2027 rc = export_common(outfile, crypto, crypto->fh->doc, crypto->fh->len);
2028
2029 done:
2030 if (rc)
2031 send_error(NULL, rc);
2032
2033 /* fh->doc is freed from do_xml_decrypt() via the inbuf pointer. */
2034 cleanup_crypto(&crypto);
2035 return rc;
2036 }
2037
2038 #ifdef WITH_GNUTLS
2039 static gboolean startStopTcp(gboolean term)
2040 {
2041 struct addrinfo hints, *servinfo, *p;
2042 gint port = get_key_file_integer("global", "tcp_port");
2043 char buf[7];
2044 int n;
2045 pthread_attr_t attr;
2046
2047 if (term || get_key_file_boolean("global", "enable_tcp") == FALSE) {
2048 if (tcpSockFd != -1) {
2049 pthread_cancel(tcpAcceptTid);
2050 pthread_join(tcpAcceptTid, NULL);
2051 close(tcpSockFd);
2052 tcpSockFd = -1;
2053
2054 /* A client may still be connected. */
2055 if (!quit)
2056 deinitTlsParams();
2057 }
2058
2059 return TRUE;
2060 }
2061
2062 if (tcpSockFd != -1)
2063 return TRUE;
2064
2065 memset(&hints, 0, sizeof(hints));
2066 hints.ai_family = AF_UNSPEC;
2067 hints.ai_socktype = SOCK_STREAM;
2068 hints.ai_flags = AI_PASSIVE;
2069
2070 if ((n = getaddrinfo(NULL, print_fmt(buf, sizeof(buf), "%i", port),
2071 &hints, &servinfo)) == -1) {
2072 log_write("getaddrinfo(): %s", gai_strerror(n));
2073 return FALSE;
2074 }
2075
2076 for(p = servinfo; p != NULL; p = p->ai_next) {
2077 if ((tcpSockFd = socket(p->ai_family, p->ai_socktype,
2078 p->ai_protocol)) == -1) {
2079 log_write("socket(): %s", strerror(errno));
2080 continue;
2081 }
2082
2083 n = 1;
2084
2085 if (setsockopt(tcpSockFd, SOL_SOCKET, SO_REUSEADDR, &n,
2086 sizeof(int)) == -1) {
2087 log_write("setsockopt(): %s", strerror(errno));
2088 freeaddrinfo(servinfo);
2089 goto fail;
2090 }
2091
2092 if (bind(tcpSockFd, p->ai_addr, p->ai_addrlen) == -1) {
2093 close(tcpSockFd);
2094 log_write("bind(): %s", strerror(errno));
2095 continue;
2096 }
2097
2098 n++;
2099 break;
2100 }
2101
2102 freeaddrinfo(servinfo);
2103
2104 if (!p) {
2105 log_write("%s", N_("could not bind"));
2106 goto fail;
2107 }
2108
2109 if (g_key_file_has_key(keyfileh, "global", "tcp_interface", NULL)) {
2110 gchar *tmp = get_key_file_string("global", "tcp_interface");
2111
2112 if (setsockopt(tcpSockFd, SOL_SOCKET, SO_BINDTODEVICE, tmp, 1)
2113 == -1) {
2114 log_write("setsockopt(): %s", strerror(errno));
2115 g_free(tmp);
2116 goto fail;
2117 }
2118
2119 g_free(tmp);
2120 }
2121
2122 if (!initTlsParams())
2123 goto fail;
2124
2125 if (listen(tcpSockFd, 0) == -1) {
2126 log_write("listen(): %s", strerror(errno));
2127 goto fail;
2128 }
2129
2130 pthread_attr_init(&attr);
2131 pthread_create(&tcpAcceptTid, &attr, tcp_accept_thread, (void *)tcpSockFd);
2132 pthread_attr_destroy(&attr);
2133 return TRUE;
2134
2135 fail:
2136 deinitTlsParams();
2137
2138 if (tcpSockFd != -1)
2139 close(tcpSockFd);
2140
2141 tcpSockFd = -1;
2142 return FALSE;
2143 }
2144 #endif
2145
2146 int main(int argc, char *argv[])
2147 {
2148 gint opt;
2149 struct sockaddr_un addr;
2150 struct passwd *pw = getpwuid(getuid());
2151 gchar buf[PATH_MAX];
2152 gchar *socketpath = NULL, *socketdir, *socketname = NULL;
2153 gchar *socketarg = NULL;
2154 gchar *datadir = NULL;
2155 gboolean n;
2156 gchar *p;
2157 gchar **cache_push = NULL;
2158 gint iter = 0;
2159 gchar *import = NULL, *keyfile = NULL;
2160 gulong cmd_iterations = -1;
2161 gint default_timeout;
2162 gboolean rcfile_spec = FALSE;
2163 gint estatus = EXIT_FAILURE;
2164 gint sockfd;
2165 gchar *outfile = NULL;
2166 GMemVTable mtable = { xmalloc, xrealloc, xfree, xcalloc, NULL, NULL };
2167 gint do_unlink = 1;
2168 gboolean secure = FALSE;
2169 guint ptotal = 0;
2170 gint background = 1;
2171 gchar *convert = NULL;
2172 pthread_mutexattr_t mattr;
2173 #ifdef WITH_PINENTRY
2174 gboolean disable_pinentry = FALSE;
2175 #endif
2176 #ifdef WITH_GNUTLS
2177 struct assuan_io_hooks io_hooks = {read_hook, write_hook};
2178 #endif
2179 #if 0
2180 #ifndef DEBUG
2181 #ifdef HAVE_SETRLIMIT
2182 struct rlimit rl;
2183
2184 rl.rlim_cur = rl.rlim_max = 0;
2185
2186 if (setrlimit(RLIMIT_CORE, &rl) != 0)
2187 err(EXIT_FAILURE, "setrlimit()");
2188 #endif
2189 #endif
2190 #endif
2191
2192 #ifdef ENABLE_NLS
2193 setlocale(LC_ALL, "");
2194 bindtextdomain("pwmd", LOCALEDIR);
2195 textdomain("pwmd");
2196 #endif
2197
2198 gpg_err_init();
2199 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT);
2200 g_mem_set_vtable(&mtable);
2201 assuan_set_malloc_hooks(xmalloc, xrealloc, xfree);
2202 xmlMemSetup(xfree, xmalloc, xrealloc, xstrdup);
2203 xmlInitMemory();
2204 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
2205 gcry_check_version(GCRYPT_VERSION);
2206 #ifdef WITH_GNUTLS
2207 gnutls_global_set_mem_functions(xmalloc, xmalloc, gcry_SecureCheck,
2208 xrealloc, xfree);
2209 gnutls_global_init();
2210 gnutls_global_set_log_function(tls_log);
2211 gnutls_global_set_log_level(1);
2212 assuan_set_io_hooks(&io_hooks);
2213 #endif
2214 xmlInitGlobals();
2215 xmlInitParser();
2216 xmlXPathInit();
2217 g_snprintf(buf, sizeof(buf), "%s/.pwmd", pw->pw_dir);
2218
2219 if (mkdir(buf, 0700) == -1 && errno != EEXIST)
2220 err(EXIT_FAILURE, "%s", buf);
2221
2222 g_snprintf(buf, sizeof(buf), "%s/.pwmd/data", pw->pw_dir);
2223
2224 if (mkdir(buf, 0700) == -1 && errno != EEXIST)
2225 err(EXIT_FAILURE, "%s", buf);
2226
2227 rcfile = g_strdup_printf("%s/.pwmd/config", pw->pw_dir);
2228 cmdline = TRUE;
2229 #ifdef WITH_GNUTLS
2230 tcpSockFd = -1;
2231 #endif
2232
2233 while ((opt = getopt(argc, argv, "Po:C:nI:i:k:hvf:D")) != EOF) {
2234 switch (opt) {
2235 #ifdef WITH_PINENTRY
2236 case 'P':
2237 disable_pinentry = TRUE;
2238 break;
2239 #endif
2240 case 'o':
2241 outfile = optarg;
2242 break;
2243 case 'C':
2244 convert = optarg;
2245 break;
2246 case 'n':
2247 background = 0;
2248 break;
2249 case 'D':
2250 secure = TRUE;
2251 break;
2252 case 'I':
2253 import = optarg;
2254 break;
2255 case 'i':
2256 cmd_iterations = strtol(optarg, NULL, 10);
2257 break;
2258 case 'k':
2259 keyfile = optarg;
2260 break;
2261 case 'f':
2262 g_free(rcfile);
2263 rcfile = g_strdup(optarg);
2264 rcfile_spec = TRUE;
2265 break;
2266 case 'v':
2267 printf(N_("%s\nCopyright (c) %s\nReleased under the terms of the GPL v2. Use at your own risk.\n\nCompile time features:\n%s"), PACKAGE_STRING,
2268 PACKAGE_BUGREPORT,
2269 #ifdef WITH_PINENTRY
2270 "+WITH_PINENTRY\n"
2271 #else
2272 "-WITH_PINENTRY\n"
2273 #endif
2274 #ifdef WITH_QUALITY
2275 "+WITH_QUALITY\n"
2276 #else
2277 "-WITH_QUALITY\n"
2278 #endif
2279 #ifdef WITH_GNUTLS
2280 "+WITH_GNUTLS\n"
2281 #else
2282 "-WITH_GNUTLS\n"
2283 #endif
2284 #ifdef DEBUG
2285 "+DEBUG\n"
2286 #else
2287 "-DEBUG\n"
2288 #endif
2289 #ifdef MEM_DEBUG
2290 "+MEM_DEBUG\n"
2291 #else
2292 "-MEM_DEBUG\n"
2293 #endif
2294 );
2295 exit(EXIT_SUCCESS);
2296 case 'h':
2297 default:
2298 usage(argv[0]);
2299 }
2300 }
2301
2302 if ((keyfileh = parse_rcfile(rcfile_spec)) == NULL)
2303 exit(EXIT_FAILURE);
2304
2305 #ifdef WITH_PINENTRY
2306 if (disable_pinentry == TRUE)
2307 g_key_file_set_boolean(keyfileh, "global", "enable_pinentry", FALSE);
2308 #endif
2309
2310 if (g_key_file_has_key(keyfileh, "global", "syslog", NULL) == TRUE)
2311 log_syslog = g_key_file_get_boolean(keyfileh, "global", "syslog", NULL);
2312
2313 if (log_syslog == TRUE)
2314 openlog("pwmd", LOG_NDELAY|LOG_PID, LOG_DAEMON);
2315
2316 if (g_key_file_has_key(keyfileh, "global", "priority", NULL)) {
2317 iter = g_key_file_get_integer(keyfileh, "global", "priority", NULL);
2318 errno = 0;
2319
2320 if (setpriority(PRIO_PROCESS, 0, iter) == -1) {
2321 log_write("setpriority(): %s", strerror(errno));
2322 goto do_exit;
2323 }
2324 }
2325
2326 #ifdef HAVE_MLOCKALL
2327 if (disable_mlock == FALSE && mlockall(MCL_FUTURE) == -1) {
2328 log_write("mlockall(): %s", strerror(errno));
2329 goto do_exit;
2330 }
2331 #endif
2332
2333 setup_gcrypt();
2334
2335 if (convert) {
2336 if (!outfile)
2337 usage(argv[0]);
2338
2339 opt = convert_file(convert, keyfile, outfile);
2340 g_key_file_free(keyfileh);
2341 g_free(rcfile);
2342 exit(opt ? EXIT_FAILURE : EXIT_SUCCESS);
2343 }
2344
2345 if (import) {
2346 if (!outfile)
2347 usage(argv[0]);
2348
2349 if (cmd_iterations == -1)
2350 cmd_iterations = get_key_file_integer("global", "iterations");
2351
2352 opt = xml_import(import, outfile, keyfile, cmd_iterations);
2353 g_key_file_free(keyfileh);
2354 g_free(rcfile);
2355 exit(opt == FALSE ? EXIT_FAILURE : EXIT_SUCCESS);
2356 }
2357
2358 g_key_file_set_list_separator(keyfileh, ',');
2359
2360 if ((p = g_key_file_get_string(keyfileh, "global", "socket_path", NULL)) == NULL)
2361 errx(EXIT_FAILURE, N_("%s: socket_path not defined"), rcfile);
2362
2363 if (*p == '~') {
2364 p++;
2365 g_snprintf(buf, sizeof(buf), "%s%s", g_get_home_dir(), p--);
2366 g_free(p);
2367 socketarg = g_strdup(buf);
2368 }
2369 else
2370 socketarg = p;
2371
2372 if ((p = g_key_file_get_string(keyfileh, "global", "data_directory", NULL)) == NULL)
2373 errx(EXIT_FAILURE, N_("%s: data_directory not defined"), rcfile);
2374
2375 datadir = expand_homedir(p);
2376 g_free(p);
2377
2378 if (secure == FALSE && g_key_file_has_key(keyfileh, "global", "disable_list_and_dump", NULL) == TRUE) {
2379 n = g_key_file_get_boolean(keyfileh, "global", "disable_list_and_dump", NULL);
2380 disable_list_and_dump = n;
2381 }
2382 else
2383 disable_list_and_dump = secure;
2384
2385 if (g_key_file_has_key(keyfileh, "global", "cache_timeout", NULL) == TRUE)
2386 default_timeout = g_key_file_get_integer(keyfileh, "global", "cache_timeout", NULL);
2387 else
2388 default_timeout = -1;
2389
2390 setup_logging(keyfileh);
2391
2392 if (g_key_file_has_key(keyfileh, "global", "cache_push", NULL) == TRUE)
2393 cache_push = g_key_file_get_string_list(keyfileh, "global", "cache_push", NULL, NULL);
2394
2395 if (argc != optind) {
2396 if (cache_push)
2397 ptotal = g_strv_length(cache_push);
2398
2399 for (; optind < argc; optind++) {
2400 if (strv_printf(&cache_push, "%s", argv[optind]) == FALSE)
2401 errx(EXIT_FAILURE, "%s", strerror(ENOMEM));
2402 }
2403 }
2404
2405 if (strchr(socketarg, '/') == NULL) {
2406 socketdir = g_get_current_dir();
2407 socketname = g_strdup(socketarg);
2408 socketpath = g_strdup_printf("%s/%s", socketdir, socketname);
2409 }
2410 else {
2411 socketname = g_strdup(strrchr(socketarg, '/'));
2412 socketname++;
2413 socketarg[strlen(socketarg) - strlen(socketname) -1] = 0;
2414 socketdir = g_strdup(socketarg);
2415 socketpath = g_strdup_printf("%s/%s", socketdir, socketname);
2416 }
2417
2418 if (chdir(datadir)) {
2419 log_write("%s: %s", datadir, strerror(errno));
2420 unlink(socketpath);
2421 goto do_exit;
2422 }
2423
2424 if (parse_rcfile_keys() == FALSE)
2425 goto do_exit;
2426
2427 clear_rcfile_keys();
2428
2429 /*
2430 * Set the cache entry for a file. Prompts for the password.
2431 */
2432 if (cache_push) {
2433 for (opt = 0; cache_push[opt]; opt++)
2434 do_cache_push(cache_push[opt], NULL);
2435
2436 g_strfreev(cache_push);
2437 log_write(background ? N_("Done. Daemonizing...") : N_("Done. Waiting for connections..."));
2438 }
2439
2440 /*
2441 * bind() doesn't like the full pathname of the socket or any non alphanum
2442 * characters so change to the directory where the socket is wanted then
2443 * create it then change to datadir.
2444 */
2445 if (chdir(socketdir)) {
2446 log_write("%s: %s", socketdir, strerror(errno));
2447 goto do_exit;
2448 }
2449
2450 g_free(socketdir);
2451
2452 if ((sockfd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) {
2453 log_write("socket(): %s", strerror(errno));
2454 goto do_exit;
2455 }
2456
2457 addr.sun_family = AF_UNIX;
2458 g_snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", socketname);
2459
2460 if (bind(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) == -1) {
2461 log_write("bind(): %s", strerror(errno));
2462
2463 if (errno == EADDRINUSE)
2464 log_write(N_("Either there is another pwmd running or '%s' is a \n"
2465 "stale socket. Please remove it manually."), socketpath);
2466
2467 do_unlink = 0;
2468 goto do_exit;
2469 }
2470
2471 if (g_key_file_has_key(keyfileh, "global", "socket_perms", NULL) == TRUE) {
2472 gchar *t = g_key_file_get_string(keyfileh, "global", "socket_perms", NULL);
2473 mode_t mode = strtol(t, NULL, 8);
2474 mode_t mask = umask(0);
2475
2476 g_free(t);
2477
2478 if (chmod(socketname, mode) == -1) {
2479 log_write("%s: %s", socketname, strerror(errno));
2480 close(sockfd);
2481 unlink(socketpath);
2482 umask(mask);
2483 goto do_exit;
2484 }
2485
2486 umask(mask);
2487 }
2488
2489 g_free(--socketname);
2490
2491 if (chdir(datadir)) {
2492 log_write("%s: %s", datadir, strerror(errno));
2493 close(sockfd);
2494 unlink(socketpath);
2495 goto do_exit;
2496 }
2497
2498 g_free(datadir);
2499 pthread_mutexattr_init(&mattr);
2500 pthread_mutexattr_settype(&mattr, PTHREAD_MUTEX_RECURSIVE);
2501 pthread_mutex_init(&cache_mutex, &mattr);
2502 pthread_mutexattr_destroy(&mattr);
2503 pthread_mutex_init(&keepalive_cond_mutex, NULL);
2504 pthread_cond_init(&keepalive_cond, NULL);
2505 #ifdef WITH_PINENTRY
2506 pthread_mutex_init(&pin_mutex, NULL);
2507 #endif
2508
2509 if (listen(sockfd, 0) == -1) {
2510 log_write("listen(): %s", strerror(errno));
2511 goto do_exit;
2512 }
2513
2514 cmdline = FALSE;
2515
2516 #ifdef WITH_GNUTLS
2517 if (startStopTcp(FALSE) == FALSE)
2518 goto do_exit;
2519 #endif
2520
2521 if (background) {
2522 switch (fork()) {
2523 case -1:
2524 log_write("fork(): %s", strerror(errno));
2525 goto do_exit;
2526 case 0:
2527 close(0);
2528 close(1);
2529 close(2);
2530 setsid();
2531 break;
2532 default:
2533 exit(EXIT_SUCCESS);
2534 }
2535 }
2536
2537 server_loop(sockfd, &socketpath);
2538 estatus = EXIT_SUCCESS;
2539
2540 do_exit:
2541 if (socketpath && do_unlink) {
2542 unlink(socketpath);
2543 g_free(socketpath);
2544 }
2545
2546 #ifdef WITH_GNUTLS
2547 startStopTcp(TRUE);
2548 gnutls_global_deinit();
2549 #endif
2550
2551 g_key_file_free(keyfileh);
2552 g_free(rcfile);
2553 xmlCleanupParser();
2554 xmlCleanupGlobals();
2555
2556 if (estatus == EXIT_SUCCESS)
2557 log_write(N_("pwmd exiting normally"));
2558
2559 #if defined(DEBUG) && !defined(MEM_DEBUG)
2560 xdump();
2561 #endif
2562 exit(estatus);
2563 }
A server for managing passphrases and anything else.