1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2008 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
38 #include <glib/gprintf.h>
48 #include <sys/resource.h>
63 #include "pwmd_error.h"
68 static void clear_errorfile_key()
74 groups
= g_key_file_get_groups(keyfileh
, &n
);
76 for (p
= groups
; *p
; p
++) {
79 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
)
80 g_key_file_set_string(keyfileh
, *p
, "key", "");
86 static void reload_rcfile()
88 log_write(N_("reloading configuration file '%s'"), rcfile
);
89 g_key_file_free(keyfileh
);
90 keyfileh
= parse_rcfile(0);
91 clear_errorfile_key();
94 gpg_error_t
send_syserror(assuan_context_t ctx
, gint e
)
96 gpg_error_t n
= gpg_error_from_errno(e
);
98 return assuan_process_done(ctx
, assuan_set_error(ctx
, n
, gpg_strerror(n
)));
101 gpg_error_t
send_error(assuan_context_t ctx
, gpg_error_t e
)
103 gpg_err_code_t n
= gpg_err_code(e
);
104 gpg_error_t code
= gpg_err_make(PWMD_ERR_SOURCE
, n
);
107 return assuan_process_done(ctx
, 0);
110 log_write("%s\n", pwmd_strerror(e
));
114 if (n
== EPWMD_LIBXML_ERROR
) {
115 xmlErrorPtr xml_rc
= xmlGetLastError();
116 return assuan_process_done(ctx
, assuan_set_error(ctx
, code
, xml_rc
->message
));
119 return assuan_process_done(ctx
, assuan_set_error(ctx
, code
, pwmd_strerror(e
)));
122 void log_write(const gchar
*fmt
, ...)
133 if ((!logfile
&& !isatty(STDERR_FILENO
) && log_syslog
== FALSE
) || !fmt
)
137 if ((fd
= open(logfile
, O_WRONLY
|O_CREAT
|O_APPEND
, 0600)) == -1) {
145 if (g_vasprintf(&args
, fmt
, ap
) == -1) {
153 attr
= pth_attr_of(pth_self());
154 pth_attr_get(attr
, PTH_ATTR_NAME
, &name
);
155 pth_attr_destroy(attr
);
157 if (log_syslog
== TRUE
)
158 syslog(LOG_INFO
, "%s: %s", name
, args
);
162 tm
= localtime(&now
);
163 strftime(tbuf
, sizeof(tbuf
), "%b %d %Y %H:%M:%S ", tm
);
164 tbuf
[sizeof(tbuf
) - 1] = 0;
165 line
= g_strdup_printf("%s %i %s: %s\n", tbuf
, getpid(), name
, args
);
176 write(fd
, line
, strlen(line
));
181 if (isatty(STDERR_FILENO
)) {
182 fprintf(stderr
, "%s", line
);
189 static void usage(gchar
*pn
)
192 "Usage: %s [-hvDb] [-f <rcfile>] [-I <filename>] [file1] [...]\n"
193 " -b run as a background process\n"
194 " -f load the specified rcfile (~/.pwmd/config)\n"
195 " -I import an XML file and write the encrypted data to stdout\n"
196 " -D disable use of the LIST and DUMP commands\n"
198 " -h this help text\n"
204 static int gcry_SecureCheck(const void *ptr
)
210 static void setup_gcrypt()
212 gcry_check_version(NULL
);
215 gcry_set_allocation_handler(xmalloc
, xmalloc
, gcry_SecureCheck
, xrealloc
,
219 if (gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_TEST_ALGO
, NULL
,
221 errx(EXIT_FAILURE
, N_("Required AES cipher not supported by libgcrypt."));
223 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_KEYLEN
, NULL
, &gcrykeysize
);
224 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_BLKLEN
, NULL
, &gcryblocksize
);
227 static assuan_context_t
new_connection(gint fd
)
230 gchar ver
[ASSUAN_LINELENGTH
];
231 assuan_context_t ctx
;
233 rc
= assuan_init_socket_server_ext(&ctx
, fd
, 2);
238 g_snprintf(ver
, sizeof(ver
), "%s", PACKAGE_STRING
);
239 assuan_set_hello_line(ctx
, ver
);
240 assuan_register_post_cmd_notify(ctx
, command_finalize
);
241 rc
= register_commands(ctx
);
246 rc
= assuan_accept(ctx
);
254 assuan_deinit_server(ctx
);
255 log_write("%s", gpg_strerror(rc
));
259 void send_cache_status_all()
263 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
265 for (t
= g_slist_length(cn_thread_list
), i
= 0; i
< t
; i
++) {
266 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
268 if (cn
->tid
== pth_self()) {
269 send_cache_status(cn
->cl
->ctx
);
273 pth_raise(cn
->tid
, SIGUSR2
);
276 pth_mutex_release(&cn_mutex
);
279 static void *keepalive_thread(void *arg
)
281 struct client_thread_s
*thd
= arg
;
286 gint k
= get_key_file_integer("global", "keepalive");
288 ev
= pth_event(PTH_EVENT_TIME
, pth_timeout(k
<= 0 ? 1 : k
, 0));
290 pth_event_free(ev
, PTH_FREE_THIS
);
296 rc
= assuan_write_status(thd
->cl
->ctx
, "KEEPALIVE", NULL
);
299 log_write("%s", gpg_strerror(rc
));
300 pth_raise(thd
->tid
, SIGQUIT
);
309 * Called every time a connection is made via pth_spawn(). This is the thread
312 static void *client_thread(void *data
)
314 struct client_thread_s
*thd
= data
;
318 pth_event_t pinentry_ev
= NULL
;
320 struct client_s
*cl
= g_malloc0(sizeof(struct client_s
));
326 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
331 cl
->pinentry
= g_malloc0(sizeof(struct pinentry_s
));
335 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
339 set_pinentry_defaults(cl
->pinentry
);
345 * This is a "child" thread. Don't catch any signals. Let the master
346 * thread take care of signals in server_loop().
349 pth_sigmask(SIG_BLOCK
, &set
, NULL
);
351 /* Sends a cache status message to the client. */
352 sigaddset(&set
, SIGUSR2
);
353 /* Terminates this thread. Raised from keepalive_thread(). */
354 sigaddset(&set
, SIGQUIT
);
356 cl
->ctx
= new_connection(fd
);
362 assuan_set_pointer(cl
->ctx
, cl
);
365 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
366 log_write("mlockall(): %s", strerror(errno
));
371 rc
= send_cache_status(cl
->ctx
);
374 log_write("%s", gpg_strerror(rc
));
378 ev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
, cl
->fd
);
379 attr
= pth_attr_new();
381 pth_attr_set(attr
, PTH_ATTR_NAME
, "keepalive");
382 thd
->keepalive_tid
= pth_spawn(attr
, keepalive_thread
, thd
);
383 pth_attr_destroy(attr
);
390 pth_sigwait_ev(&set
, &sig
, ev
);
395 rc
= send_cache_status(cl
->ctx
);
398 log_write("%s", gpg_strerror(rc
));
404 /* pth_raise() from keepalive_thread(). */
411 pth_event_isolate(ev
);
413 if (pth_event_occurred(ev
)) {
414 rc
= assuan_process_next(cl
->ctx
);
417 cl
->inquire_status
= INQUIRE_INIT
;
419 if (gpg_err_code(rc
) == GPG_ERR_EOF
)
422 log_write("assuan_process_next(): %s", gpg_strerror(rc
));
423 rc
= assuan_process_done(cl
->ctx
, gpg_err_make(PWMD_ERR_SOURCE
, rc
));
426 log_write("assuan_process_done(): %s", gpg_strerror(rc
));
432 if (cl
->pinentry
->pid
&& cl
->pinentry
->status
== PINENTRY_INIT
) {
433 pinentry_ev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
, cl
->pinentry
->fd
);
434 pth_event_concat(ev
, pinentry_ev
, NULL
);
435 cl
->pinentry
->status
= PINENTRY_RUNNING
;
439 switch (cl
->inquire_status
) {
444 cl
->inquire_status
= INQUIRE_INIT
;
445 rc
= assuan_process_done(cl
->ctx
, 0);
452 if (cl
->pinentry
->status
== PINENTRY_RUNNING
) {
453 pth_event_isolate(pinentry_ev
);
455 if (pth_event_occurred(pinentry_ev
)) {
456 guchar shakey
[gcrykeysize
];
458 gsize len
= pth_read(cl
->pinentry
->fd
, &pk
, sizeof(pk
));
461 pth_event_free(pinentry_ev
, PTH_FREE_THIS
);
463 cl
->pinentry
->status
= PINENTRY_NONE
;
465 if (len
== sizeof(pk
)) {
467 rc
= send_error(cl
->ctx
, pk
.error
);
469 gcry_md_hash_buffer(GCRY_MD_SHA256
, shakey
, pk
.key
,
470 strlen(pk
.key
) == 0 ? 1 : strlen(pk
.key
));
471 rc
= cl
->pinentry
->cb(cl
->ctx
, shakey
, FALSE
);
472 memset(shakey
, 0, sizeof(shakey
));
476 log_write("%s", strerror(errno
));
478 log_write("pth_read(): EOF");
480 log_write(N_("pth_read(): short byte count"));
482 pth_waitpid(cl
->pinentry
->pid
, &status
, 0);
483 close(cl
->pinentry
->fd
);
484 cl
->pinentry
->fd
= -1;
485 cl
->pinentry
->pid
= 0;
487 if (pk
.error
&& cl
->pinentry
->which
== PINENTRY_OPEN
)
490 unlock_file_mutex(cl
);
492 memset(&pk
, 0, sizeof(pk
));
493 unlock_pin_mutex(cl
->pinentry
);
496 pth_event_concat(ev
, pinentry_ev
, NULL
);
502 * Client cleanup (including XML data) is done in remove_connection() from
503 * the cleanup thread.
506 pth_event_free(ev
, PTH_FREE_ALL
);
509 log_write(N_("exiting, fd=%i"), thd
->fd
);
514 static void setup_logging(GKeyFile
*kf
)
516 gboolean n
= g_key_file_get_boolean(kf
, "global", "enable_logging", NULL
);
519 gchar
*p
= g_key_file_get_string(kf
, "global", "log_path", NULL
);
525 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
531 logfile
= g_strdup(buf
);
541 log_syslog
= g_key_file_get_boolean(kf
, "global", "syslog", NULL
);
545 * Make sure all settings are set to either the specified setting or a
548 static void set_rcfile_defaults(GKeyFile
*kf
)
552 if (g_key_file_has_key(kf
, "global", "socket_path", NULL
) == FALSE
) {
553 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/socket");
554 g_key_file_set_string(kf
, "global", "socket_path", buf
);
557 if (g_key_file_has_key(kf
, "global", "data_directory", NULL
) == FALSE
) {
558 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/data");
559 g_key_file_set_string(kf
, "global", "data_directory", buf
);
562 if (g_key_file_has_key(kf
, "global", "backup", NULL
) == FALSE
)
563 g_key_file_set_boolean(kf
, "global", "backup", TRUE
);
565 if (g_key_file_has_key(kf
, "global", "log_path", NULL
) == FALSE
) {
566 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/log");
567 g_key_file_set_string(kf
, "global", "log_path", buf
);
570 if (g_key_file_has_key(kf
, "global", "enable_logging", NULL
) == FALSE
)
571 g_key_file_set_boolean(kf
, "global", "enable_logging", FALSE
);
573 if (g_key_file_has_key(kf
, "global", "cache_size", NULL
) == FALSE
)
574 g_key_file_set_integer(kf
, "global", "cache_size", cache_size
);
577 if (g_key_file_has_key(kf
, "global", "disable_mlockall", NULL
) == FALSE
)
578 g_key_file_set_boolean(kf
, "global", "disable_mlockall", TRUE
);
581 if (g_key_file_has_key(kf
, "global", "cache_timeout", NULL
) == FALSE
)
582 g_key_file_set_integer(kf
, "global", "cache_timeout", -1);
584 if (g_key_file_has_key(kf
, "global", "iterations", NULL
) == FALSE
)
585 g_key_file_set_integer(kf
, "global", "iterations", 0);
587 if (g_key_file_has_key(kf
, "global", "disable_list_and_dump", NULL
) == FALSE
)
588 g_key_file_set_boolean(kf
, "global", "disable_list_and_dump", FALSE
);
590 if (g_key_file_has_key(kf
, "global", "iteration_progress", NULL
) == FALSE
)
591 g_key_file_set_integer(kf
, "global", "iteration_progress", 0);
593 if (g_key_file_has_key(kf
, "global", "compression_level", NULL
) == FALSE
)
594 g_key_file_set_integer(kf
, "global", "compression_level", 6);
596 if (g_key_file_has_key(kf
, "global", "recursion_depth", NULL
) == FALSE
)
597 g_key_file_set_integer(kf
, "global", "recursion_depth", DEFAULT_RECURSION_DEPTH
);
599 if (g_key_file_has_key(kf
, "global", "zlib_bufsize", NULL
) == FALSE
)
600 g_key_file_set_integer(kf
, "global", "zlib_bufsize", DEFAULT_ZLIB_BUFSIZE
);
602 zlib_bufsize
= g_key_file_get_integer(kf
, "global", "zlib_bufsize", NULL
);
604 max_recursion_depth
= g_key_file_get_integer(kf
, "global", "recursion_depth", NULL
);
605 disable_list_and_dump
= g_key_file_get_boolean(kf
, "global", "disable_list_and_dump", NULL
);
608 disable_mlock
= g_key_file_get_boolean(kf
, "global", "disable_mlockall", NULL
);
611 if (g_key_file_has_key(kf
, "global", "syslog", NULL
) == FALSE
)
612 g_key_file_set_boolean(kf
, "global", "syslog", FALSE
);
614 if (g_key_file_has_key(kf
, "global", "keepalive", NULL
) == FALSE
)
615 g_key_file_set_integer(kf
, "global", "keepalive", 5);
618 if (g_key_file_has_key(kf
, "global", "enable_pinentry", NULL
) == FALSE
)
619 g_key_file_set_boolean(kf
, "global", "enable_pinentry", TRUE
);
625 static GKeyFile
*parse_rcfile(int cmdline
)
627 GKeyFile
*kf
= g_key_file_new();
630 if (g_key_file_load_from_file(kf
, rcfile
, G_KEY_FILE_NONE
, &rc
) == FALSE
) {
631 log_write("%s: %s", rcfile
, rc
->message
);
636 if (rc
->code
== G_FILE_ERROR_NOENT
) {
638 set_rcfile_defaults(kf
);
646 set_rcfile_defaults(kf
);
651 static gchar
*get_password(const gchar
*prompt
)
653 gchar buf
[LINE_MAX
] = {0}, *p
;
654 struct termios told
, tnew
;
657 if (tcgetattr(STDIN_FILENO
, &told
) == -1)
658 err(EXIT_FAILURE
, "tcgetattr()");
660 memcpy(&tnew
, &told
, sizeof(struct termios
));
661 tnew
.c_lflag
&= ~(ECHO
);
662 tnew
.c_lflag
|= ICANON
|ECHONL
;
664 if (tcsetattr(STDIN_FILENO
, TCSANOW
, &tnew
) == -1) {
665 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
666 err(EXIT_FAILURE
, "tcsetattr()");
669 fprintf(stderr
, "%s", prompt
);
671 if ((p
= fgets(buf
, sizeof(buf
), stdin
)) == NULL
) {
672 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
676 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
677 p
[strlen(p
) - 1] = 0;
680 key
= gcry_malloc(1);
684 key
= gcry_malloc(strlen(p
) + 1);
685 sprintf(key
, "%s", p
);
688 memset(&buf
, 0, sizeof(buf
));
692 static gboolean
do_try_xml_decrypt(const gchar
*filename
, guchar
*key
)
698 if ((fd
= open_file(filename
, &st
)) == -1) {
699 warn("%s", filename
);
703 if (st
.st_size
== 0) {
704 warnx(N_("%s: skipping empty file"), filename
);
709 rc
= try_xml_decrypt(NULL
, fd
, st
, key
);
711 return rc
? FALSE
: TRUE
;
714 static gboolean
get_input(const gchar
*filename
, guchar
*key
)
720 prompt
= g_strdup_printf(N_("Password for '%s': "), filename
);
723 if ((password
= get_password(prompt
)) == NULL
) {
724 warnx(N_("%s: skipping file"), filename
);
729 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, password
, strlen(password
) ? strlen(password
) : 1);
732 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
734 warnx(N_("%s: invalid password, skipping"), filename
);
739 warnx(N_("%s: invalid password"), filename
);
748 static gboolean
xml_import(const gchar
*filename
, gint iter
)
758 guchar shakey
[gcrykeysize
];
766 if (stat(filename
, &st
) == -1) {
767 warn("%s", filename
);
771 if ((rc
= gcry_cipher_open(&gh
, GCRY_CIPHER_AES256
, GCRY_CIPHER_MODE_CBC
, 0))) {
772 send_error(NULL
, rc
);
773 gcry_cipher_close(gh
);
774 log_write("%s(%i): %s", __FUNCTION__
, __LINE__
, gcry_strerror(rc
));
781 if ((key
= get_password(N_("New password: "))) == NULL
) {
782 fprintf(stderr
, "%s\n", N_("Invalid password."));
783 gcry_cipher_close(gh
);
787 if ((key2
= get_password(N_("Verify password: "))) == NULL
) {
788 fprintf(stderr
, "%s\n", N_("Passwords do not match."));
790 gcry_cipher_close(gh
);
794 if (g_utf8_collate(key
, key2
) != 0) {
795 fprintf(stderr
, "%s\n", N_("Passwords do not match."));
798 gcry_cipher_close(gh
);
805 if ((fd
= open(filename
, O_RDONLY
)) == -1) {
807 warn("%s", filename
);
808 gcry_cipher_close(gh
);
812 if ((xmlbuf
= gcry_malloc(st
.st_size
+1)) == NULL
) {
815 log_write("%s", strerror(ENOMEM
));
816 gcry_cipher_close(gh
);
820 if (read(fd
, xmlbuf
, st
.st_size
) == -1) {
824 gcry_cipher_close(gh
);
826 err(EXIT_FAILURE
, "read()");
830 xmlbuf
[st
.st_size
] = 0;
833 * Make sure the document validates.
835 if ((doc
= xmlReadDoc(xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
)) == NULL
) {
836 log_write("xmlReadDoc()");
840 gcry_cipher_close(gh
);
845 xmlDocDumpMemory(doc
, &xml
, &len
);
848 level
= get_key_file_integer(filename
, "compression_level");
853 if (do_compress(NULL
, level
, xml
, len
, &outbuf
, &outsize
, &zrc
) == FALSE
) {
854 memset(shakey
, 0, sizeof(shakey
));
857 if (zrc
== Z_MEM_ERROR
)
858 warnx("%s", strerror(ENOMEM
));
860 warnx("do_compress() failed");
862 gcry_cipher_close(gh
);
872 memset(shakey
, '!', sizeof(shakey
));
874 gcry_md_hash_buffer(GCRY_MD_SHA256
, shakey
, key
, strlen(key
) ? strlen(key
) : 1);
878 rc
= do_xml_encrypt(NULL
, gh
, NULL
, xml
, len
, shakey
, iter
);
879 gcry_cipher_close(gh
);
882 memset(shakey
, 0, sizeof(shakey
));
883 warnx("%s", gpg_strerror(rc
));
887 memset(shakey
, 0, sizeof(shakey
));
891 gchar
*get_key_file_string(const gchar
*section
, const gchar
*what
)
896 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
897 val
= g_key_file_get_string(keyfileh
, section
, what
, &grc
);
900 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
905 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
906 val
= g_key_file_get_string(keyfileh
, "global", what
, &grc
);
909 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
918 gint
get_key_file_integer(const gchar
*section
, const gchar
*what
)
923 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
924 val
= g_key_file_get_integer(keyfileh
, section
, what
, &grc
);
927 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
932 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
933 val
= g_key_file_get_integer(keyfileh
, "global", what
, &grc
);
936 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
945 gboolean
get_key_file_boolean(const gchar
*section
, const gchar
*what
)
947 gboolean val
= FALSE
;
950 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
951 val
= g_key_file_get_boolean(keyfileh
, section
, what
, &grc
);
954 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
959 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
960 val
= g_key_file_get_boolean(keyfileh
, "global", what
, &grc
);
963 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
972 static gboolean
_getline(const gchar
*file
, gchar
**result
)
975 gchar buf
[LINE_MAX
] = {0}, *p
;
979 if ((fp
= fopen(file
, "r")) == NULL
) {
984 p
= fgets(buf
, sizeof(buf
), fp
);
988 if (len
&& buf
[len
- 1] == '\n')
991 str
= gcry_malloc(len
+ 1);
992 memcpy(str
, buf
, len
? len
: 1);
994 memset(&buf
, 0, sizeof(buf
));
999 static gboolean
parse_keyfile_key()
1006 groups
= g_key_file_get_groups(keyfileh
, &n
);
1008 for (p
= groups
; *p
; p
++) {
1011 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
) {
1012 str
= g_key_file_get_string(keyfileh
, *p
, "key", &rc
);
1016 warnx("%s", rc
->message
);
1023 do_cache_push(*p
, str
);
1029 warnx("%s", rc
->message
);
1034 if (g_key_file_has_key(keyfileh
, *p
, "key_file", &rc
) == TRUE
) {
1036 gchar
*file
= g_key_file_get_string(keyfileh
, *p
, "key_file", &rc
);
1040 warnx("%s", rc
->message
);
1047 t
= expand_homedir(file
);
1051 if (_getline(file
, &str
) == FALSE
) {
1057 do_cache_push(*p
, str
);
1063 warnx("%s", rc
->message
);
1072 static gboolean
do_cache_push(const gchar
*filename
, const gchar
*password
)
1077 const gchar
*p
= filename
;
1078 file_header_t file_header
;
1087 if (valid_filename(p
) == FALSE
) {
1088 warnx(N_("%s: invalid characters in filename"), p
);
1092 md5file
= gcry_malloc(16);
1093 key
= gcry_malloc(gcrykeysize
);
1094 gcry_md_hash_buffer(GCRY_MD_MD5
, md5file
, p
, strlen(p
));
1096 if (cache_iscached(md5file
) == TRUE
) {
1097 warnx(N_("%s: file already cached, skipping"), p
);
1103 if (access(p
, R_OK
|W_OK
) != 0) {
1107 if (errno
!= ENOENT
) {
1116 rc
= read_file_header(filename
, &file_header
);
1121 warnx("%s", pwmd_strerror(rc
));
1125 if (file_header
.iter
== -1) {
1126 memset(key
, '!', gcrykeysize
);
1131 #ifdef WITH_PINENTRY
1132 if (g_key_file_get_boolean(keyfileh
, "global", "enable_pinentry", NULL
) == FALSE
) {
1134 if (get_input(p
, key
) == FALSE
) {
1139 #ifdef WITH_PINENTRY
1142 gchar
*result
= NULL
;
1143 struct pinentry_s
*pin
= g_malloc0(sizeof(struct pinentry_s
));
1146 pin
->which
= PINENTRY_OPEN
;
1147 pin
->filename
= g_strdup(filename
);
1149 rc
= pinentry_getpin(pin
, &result
);
1152 warnx("%s: %s", filename
, gpg_strerror(rc
));
1153 cleanup_pinentry(pin
);
1160 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, result
, strlen(result
) ? strlen(result
) : 1);
1163 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
1165 cleanup_pinentry(pin
);
1168 warnx(N_("%s: invalid password, skipping"), filename
);
1173 pin
->title
= g_strdup(N_("Incorrect password. Please try again."));
1178 cleanup_pinentry(pin
);
1183 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, password
, strlen(password
) ? strlen(password
) : 1);
1186 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
1187 warnx(N_("%s: invalid password, skipping"), filename
);
1194 if (cache_add_file(md5file
, key
) == FALSE
) {
1195 warnx("%s: %s", p
, pwmd_strerror(EPWMD_MAX_SLOTS
));
1201 timeout
= get_key_file_integer(p
, "cache_timeout");
1202 cache_set_timeout(md5file
, timeout
);
1203 warnx(N_("%s: file added to the cache"), filename
);
1209 static GSList
*remove_connection(GSList
*list
, struct client_thread_s
*cn
)
1212 struct client_s
*cl
= cn
->cl
;
1214 if (cn
->keepalive_tid
) {
1215 pth_cancel(cn
->keepalive_tid
);
1216 pth_join(cn
->keepalive_tid
, &value
);
1219 log_write("%p", cn
->tid
);
1220 pth_join(cn
->tid
, &value
);
1222 if (cl
->freed
== FALSE
)
1223 cleanup_assuan(cl
->ctx
);
1226 assuan_deinit_server(cl
->ctx
);
1228 #ifdef WITH_PINENTRY
1230 cleanup_pinentry(cl
->pinentry
);
1234 pth_event_isolate(cn
->ev
);
1235 pth_event_free(cn
->ev
, PTH_FREE_THIS
);
1236 list
= g_slist_remove(list
, cn
);
1242 * Can't pth_event_concat() to an empty event.
1244 static int event_ring_hack(void *data
)
1250 * See if any thread has entered the DEAD queue and remove it.
1252 static GSList
*cleanup_dead_queue(GSList
*threads
, pth_event_t tid_events
)
1256 for (n
= g_slist_length(threads
), i
= 0; i
< n
; i
++) {
1257 struct client_thread_s
*cn
= g_slist_nth_data(threads
, i
);
1259 if (pth_event_occurred(cn
->ev
)) {
1260 threads
= remove_connection(threads
, cn
);
1261 return cleanup_dead_queue(threads
, tid_events
);
1264 pth_event_concat(tid_events
, cn
->ev
, NULL
);
1270 static void *accept_thread(void *arg
)
1272 gint sockfd
= (gint
)arg
;
1275 socklen_t slen
= sizeof(struct sockaddr_un
);
1276 struct sockaddr_un raddr
;
1280 if ((fd
= pth_accept(sockfd
, (struct sockaddr
*)&raddr
, &slen
)) == -1) {
1281 if (errno
!= EAGAIN
) {
1282 if (!quit
) // probably EBADF
1283 log_write("accept(): %s", strerror(errno
));
1291 struct client_thread_s
*new;
1294 new = g_malloc0(sizeof(struct client_thread_s
));
1297 log_write("%s", strerror(ENOMEM
));
1302 * Thread priority is inherited from the calling thread. This
1303 * thread is PTH_PRIO_MAX. Keep the "child" threads at standard
1307 attr
= pth_attr_new();
1308 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_STD
);
1309 tid
= pth_spawn(attr
, client_thread
, new);
1310 pth_attr_destroy(attr
);
1314 log_write(N_("pth_spawn() failed"));
1318 g_snprintf(buf
, sizeof(buf
), "%p", tid
);
1319 log_write(N_("new tid=%s, fd=%i"), buf
, fd
);
1320 attr
= pth_attr_of(tid
);
1321 pth_attr_set(attr
, PTH_ATTR_NAME
, buf
);
1322 pth_attr_destroy(attr
);
1324 new->ev
= pth_event(PTH_EVENT_TID
|PTH_UNTIL_TID_DEAD
, tid
);
1325 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
1326 pth_event_concat(cn_events
, new->ev
, NULL
);
1327 cn_thread_list
= g_slist_append(cn_thread_list
, new);
1328 pth_mutex_release(&cn_mutex
);
1332 /* Just in case pth_accept() failed for some reason other than EBADF */
1334 pth_exit(PTH_CANCELED
);
1339 * There needs to be a pth_timeout() here so pth_wait() can wait for new
1340 * cn_events which is updated from cleanup_dead_queue().
1342 static void *cleanup_thread(void *arg
)
1344 cn_events
= pth_event(PTH_EVENT_TIME
, pth_timeout(0, 500000));
1347 if (pth_wait(cn_events
) && pth_event_occurred(cn_events
)) {
1348 pth_event_isolate(cn_events
);
1349 pth_event_free(cn_events
, PTH_FREE_THIS
);
1351 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
1352 cn_events
= pth_event(PTH_EVENT_TIME
, pth_timeout(0, 500000));
1353 cn_thread_list
= cleanup_dead_queue(cn_thread_list
, cn_events
);
1354 pth_mutex_release(&cn_mutex
);
1362 * This thread isn't joinable. For operations that block, these threads will
1365 static void *adjust_timer_thread(void *arg
)
1368 cache_adjust_timer();
1373 static void server_loop(gint sockfd
, gchar
**socketpath
)
1375 pth_t accept_tid
, cleanup_tid
;
1380 pth_event_t timeout_event
;
1383 pth_mutex_init(&cn_mutex
);
1384 log_write(N_("%s started for user %s"), PACKAGE_STRING
, g_get_user_name());
1387 sigaddset(&set
, SIGTERM
);
1388 sigaddset(&set
, SIGINT
);
1389 sigaddset(&set
, SIGUSR1
);
1390 sigaddset(&set
, SIGHUP
);
1391 sigaddset(&set
, SIGABRT
);
1393 attr
= pth_attr_new();
1394 pth_attr_init(attr
);
1395 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_MAX
);
1396 pth_attr_set(attr
, PTH_ATTR_NAME
, "accept");
1397 accept_tid
= pth_spawn(attr
, accept_thread
, (void *)sockfd
);
1398 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1399 pth_attr_set(attr
, PTH_ATTR_CANCEL_STATE
, PTH_CANCEL_ASYNCHRONOUS
);
1400 pth_attr_set(attr
, PTH_ATTR_NAME
, "cleanup");
1401 cleanup_tid
= pth_spawn(attr
, cleanup_thread
, NULL
);
1404 * For the cache_timeout configuration parameter. This replaces the old
1405 * SIGALRM stuff and is safer.
1407 timeout_event
= pth_event(PTH_EVENT_TIME
, pth_timeout(1, 0));
1408 pth_attr_init(attr
);
1409 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1410 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_MAX
);
1415 pth_sigwait_ev(&set
, &sig
, timeout_event
);
1417 if (pth_event_occurred(timeout_event
)) {
1419 * The timer event has expired. Update the file cache. When the
1420 * cache mutex is locked and the timer expires again, the threads
1423 pth_spawn(attr
, adjust_timer_thread
, NULL
);
1424 pth_event_free(timeout_event
, PTH_FREE_THIS
);
1425 timeout_event
= pth_event(PTH_EVENT_TIME
, pth_timeout(1, 0));
1429 log_write(N_("caught signal %i (%s)"), sig
, strsignal(sig
));
1431 /* Caught a signal. */
1438 cache_clear(NULL
, 2);
1446 log_write(N_("clearing file cache"));
1447 cache_clear(NULL
, 2);
1452 shutdown(sockfd
, SHUT_RDWR
);
1460 * We're out of the main server loop. This happens when a signal was sent
1461 * to terminate the daemon. We'll wait for all clients to disconnect
1462 * before exiting and ignore any following signals.
1464 pth_join(accept_tid
, &value
);
1465 pth_attr_destroy(attr
);
1466 pth_event_free(timeout_event
, PTH_FREE_THIS
);
1467 n
= pth_ctrl(PTH_CTRL_GETTHREADS
);
1468 unlink(*socketpath
);
1469 g_free(*socketpath
);
1472 /* 2 because the cleanup thread still exists, plus self. */
1474 log_write(N_("waiting for all threads to terminate"));
1480 if (n
!= n_clients
) {
1481 log_write(N_("%i threads remain"), n
-2);
1485 events
= pth_event(PTH_EVENT_FUNC
, event_ring_hack
, NULL
, pth_timeout(1, 0));
1486 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
1488 for (t
= g_slist_length(cn_thread_list
), i
= 0; i
< t
; i
++) {
1489 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
1491 pth_event_concat(events
, cn
->ev
, NULL
);
1494 pth_mutex_release(&cn_mutex
);
1500 pth_yield(cleanup_tid
);
1502 pth_event_isolate(events
);
1503 pth_event_free(events
, PTH_FREE_THIS
);
1504 n
= pth_ctrl(PTH_CTRL_GETTHREADS
);
1507 pth_cancel(cleanup_tid
);
1511 * Called from pinentry_fork() in the child process.
1513 void free_client_list()
1515 gint i
, t
= g_slist_length(cn_thread_list
);
1517 for (i
= 0; i
< t
; i
++) {
1518 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
1520 free_client(cn
->cl
);
1523 memset(key_cache
, 0, cache_size
);
1526 int main(int argc
, char *argv
[])
1529 struct sockaddr_un addr
;
1530 struct passwd
*pw
= getpwuid(getuid());
1531 gchar buf
[PATH_MAX
];
1532 gchar
*socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
1533 gchar
*socketarg
= NULL
;
1534 gchar
*datadir
= NULL
;
1537 gchar
**cache_push
= NULL
;
1539 gchar
*import
= NULL
;
1540 gint default_timeout
;
1541 gint rcfile_spec
= 0;
1542 gint estatus
= EXIT_FAILURE
;
1545 GMemVTable mtable
= { xmalloc
, xrealloc
, xfree
, xcalloc
, NULL
, NULL
};
1548 gboolean secure
= FALSE
;
1550 gint background
= 0;
1553 #ifdef HAVE_SETRLIMIT
1556 rl
.rlim_cur
= rl
.rlim_max
= 0;
1558 if (setrlimit(RLIMIT_CORE
, &rl
) != 0)
1559 err(EXIT_FAILURE
, "setrlimit()");
1564 setlocale(LC_ALL
, "");
1565 bindtextdomain("pwmd", LOCALEDIR
);
1570 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
1572 g_mem_set_vtable(&mtable
);
1573 assuan_set_malloc_hooks(xmalloc
, xrealloc
, xfree
);
1574 xmlMemSetup(xfree
, xmalloc
, xrealloc
, xstrdup
);
1578 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd", pw
->pw_dir
);
1580 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
1581 err(EXIT_FAILURE
, "%s", buf
);
1583 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd/data", pw
->pw_dir
);
1585 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
1586 err(EXIT_FAILURE
, "%s", buf
);
1588 rcfile
= g_strdup_printf("%s/.pwmd/config", pw
->pw_dir
);
1590 if ((page_size
= sysconf(_SC_PAGESIZE
)) == -1)
1591 err(EXIT_FAILURE
, "sysconf()");
1593 cache_size
= page_size
;
1595 while ((opt
= getopt(argc
, argv
, "bI:hvf:D")) != EOF
) {
1608 rcfile
= g_strdup(optarg
);
1612 printf("%s\n%s\n", PACKAGE_STRING
, PACKAGE_BUGREPORT
);
1620 if ((keyfileh
= parse_rcfile(rcfile_spec
)) == NULL
)
1623 if (g_key_file_has_key(keyfileh
, "global", "syslog", NULL
) == TRUE
)
1624 log_syslog
= g_key_file_get_boolean(keyfileh
, "global", "syslog", NULL
);
1626 if (log_syslog
== TRUE
)
1627 openlog("pwmd", LOG_NDELAY
|LOG_PID
, LOG_DAEMON
);
1629 if (g_key_file_has_key(keyfileh
, "global", "iterations", NULL
) == TRUE
)
1630 iter
= g_key_file_get_integer(keyfileh
, "global", "iterations", NULL
);
1632 #ifdef HAVE_MLOCKALL
1633 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
1642 opt
= xml_import(import
, iter
);
1643 g_key_file_free(keyfileh
);
1645 exit(opt
== FALSE
? EXIT_FAILURE
: EXIT_SUCCESS
);
1648 g_key_file_set_list_separator(keyfileh
, ',');
1650 if ((p
= g_key_file_get_string(keyfileh
, "global", "socket_path", NULL
)) == NULL
)
1651 errx(EXIT_FAILURE
, N_("%s: socket_path not defined"), rcfile
);
1655 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
1657 socketarg
= g_strdup(buf
);
1662 if ((p
= g_key_file_get_string(keyfileh
, "global", "data_directory", NULL
)) == NULL
)
1663 errx(EXIT_FAILURE
, N_("%s: data_directory not defined"), rcfile
);
1665 datadir
= expand_homedir(p
);
1668 if (secure
== FALSE
&& g_key_file_has_key(keyfileh
, "global", "disable_list_and_dump", NULL
) == TRUE
) {
1669 n
= g_key_file_get_boolean(keyfileh
, "global", "disable_list_and_dump", NULL
);
1670 disable_list_and_dump
= n
;
1673 disable_list_and_dump
= secure
;
1675 if (g_key_file_has_key(keyfileh
, "global", "cache_timeout", NULL
) == TRUE
)
1676 default_timeout
= g_key_file_get_integer(keyfileh
, "global", "cache_timeout", NULL
);
1678 default_timeout
= -1;
1680 if (g_key_file_has_key(keyfileh
, "global", "cache_size", NULL
) == TRUE
) {
1681 cache_size
= g_key_file_get_integer(keyfileh
, "global", "cache_size", NULL
);
1683 if (cache_size
< page_size
|| cache_size
% page_size
)
1684 errx(EXIT_FAILURE
, N_("cache size must be in multiples of %li"), page_size
);
1687 setup_logging(keyfileh
);
1689 if (g_key_file_has_key(keyfileh
, "global", "cache_push", NULL
) == TRUE
)
1690 cache_push
= g_key_file_get_string_list(keyfileh
, "global", "cache_push", NULL
, NULL
);
1692 if (argc
!= optind
) {
1694 ptotal
= g_strv_length(cache_push
);
1696 for (; optind
< argc
; optind
++) {
1697 if (strv_printf(&cache_push
, "%s", argv
[optind
]) == FALSE
)
1698 errx(EXIT_FAILURE
, "%s", strerror(ENOMEM
));
1702 if (strchr(socketarg
, '/') == NULL
) {
1703 socketdir
= g_get_current_dir();
1704 socketname
= g_strdup(socketarg
);
1705 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
1708 socketname
= g_strdup(strrchr(socketarg
, '/'));
1710 socketarg
[strlen(socketarg
) - strlen(socketname
) -1] = 0;
1711 socketdir
= g_strdup(socketarg
);
1712 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
1715 if ((key_cache
= mmap(NULL
, cache_size
, PROT_READ
|PROT_WRITE
,
1716 #ifdef MMAP_ANONYMOUS
1717 MAP_PRIVATE
|MAP_ANONYMOUS
, -1, 0)) == MAP_FAILED
) {
1719 MAP_PRIVATE
|MAP_ANON
, -1, 0)) == MAP_FAILED
) {
1721 err(EXIT_FAILURE
, "mmap()");
1724 if (mlock(key_cache
, cache_size
) == -1)
1725 log_write("mlock(): %s", strerror(errno
));
1727 memset(key_cache
, 0, cache_size
);
1729 if (chdir(datadir
)) {
1730 warn("%s", datadir
);
1735 if (parse_keyfile_key() == FALSE
)
1738 clear_errorfile_key();
1741 * Set the cache entry for a file. Prompts for the password.
1744 for (opt
= 0; cache_push
[opt
]; opt
++)
1745 do_cache_push(cache_push
[opt
], NULL
);
1747 g_strfreev(cache_push
);
1748 warnx(background
? N_("Done. Daemonizing...") : N_("Done. Waiting for connections..."));
1752 * bind() doesn't like the full pathname of the socket or any non alphanum
1753 * characters so change to the directory where the socket is wanted then
1754 * create it then change to datadir.
1756 if (chdir(socketdir
)) {
1757 warn("%s", socketdir
);
1763 if ((sockfd
= socket(PF_UNIX
, SOCK_STREAM
, 0)) == -1) {
1768 addr
.sun_family
= AF_UNIX
;
1769 g_snprintf(addr
.sun_path
, sizeof(addr
.sun_path
), "%s", socketname
);
1771 if (bind(sockfd
, (struct sockaddr
*)&addr
, sizeof(struct sockaddr
)) == -1) {
1774 if (errno
== EADDRINUSE
)
1775 warnx(N_("Either there is another pwmd running or '%s' is a \n"
1776 "stale socket. Please remove it manually."), socketpath
);
1782 if (g_key_file_has_key(keyfileh
, "global", "socket_perms", NULL
) == TRUE
) {
1783 gchar
*t
= g_key_file_get_string(keyfileh
, "global", "socket_perms", NULL
);
1784 mode_t mode
= strtol(t
, NULL
, 8);
1785 mode_t mask
= umask(0);
1789 if (chmod(socketname
, mode
) == -1) {
1790 warn("%s", socketname
);
1800 g_free(--socketname
);
1802 if (chdir(datadir
)) {
1803 warn("%s", datadir
);
1810 pth_mutex_init(&cache_mutex
);
1811 #ifdef WITH_PINENTRY
1812 pth_mutex_init(&pin_mutex
);
1815 if (listen(sockfd
, 0) == -1) {
1837 * These are the signals that we use in threads. libpth can catch signals
1838 * itself so ignore them everywhere else. Note that using
1839 * signal(N, SIG_IGN) doesn't work like you might think.
1844 sigaddset(&set
, SIGTERM
);
1845 sigaddset(&set
, SIGINT
);
1847 /* Configuration file reloading. */
1848 sigaddset(&set
, SIGUSR1
);
1850 /* Clears the file cache. */
1851 sigaddset(&set
, SIGHUP
);
1853 /* Caught in client_thread(). Sends a cache status message. */
1854 sigaddset(&set
, SIGUSR2
);
1856 /* Caught in client_thread(). When keepalive_thread() fails, this signal
1857 * is raised to terminate the client. More of a failsafe than anything. */
1858 sigaddset(&set
, SIGQUIT
);
1860 /* Ignored everywhere. When a client disconnects abnormally this signal
1861 * gets raised. It isn't needed though because client_thread() will check
1862 * for rcs even after the client disconnects. */
1863 signal(SIGPIPE
, SIG_IGN
);
1864 pth_sigmask(SIG_BLOCK
, &set
, NULL
);
1865 server_loop(sockfd
, &socketpath
);
1866 estatus
= EXIT_SUCCESS
;
1869 if (socketpath
&& do_unlink
) {
1874 g_key_file_free(keyfileh
);
1879 cache_clear(NULL
, 2);
1880 memset(key_cache
, 0, cache_size
);
1883 if (key_cache
&& munmap(key_cache
, cache_size
) == -1)
1884 log_write("munmap(): %s", strerror(errno
));
1886 if (estatus
== EXIT_SUCCESS
)
1887 log_write(N_("pwmd exiting normally"));
1890 #if defined(DEBUG) && !defined(MEM_DEBUG)