1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
38 #include <glib/gprintf.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
49 #include <sys/resource.h>
69 #include "pwmd_error.h"
75 GCRY_THREAD_OPTION_PTH_IMPL
;
77 static void clear_rcfile_keys()
83 groups
= g_key_file_get_groups(keyfileh
, &n
);
85 for (p
= groups
; *p
; p
++) {
88 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
)
89 g_key_file_set_string(keyfileh
, *p
, "key", "");
95 static void *reload_rcfile_thread(void *arg
)
97 gboolean b
= disable_list_and_dump
;
99 pth_attr_t attr
= pth_attr_of(pth_self());
101 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
102 pth_attr_destroy(attr
);
103 MUTEX_LOCK(&rcfile_mutex
);
104 log_write(N_("reloading configuration file '%s'"), rcfile
);
105 k
= parse_rcfile(FALSE
);
110 g_key_file_free(keyfileh
);
114 disable_list_and_dump
= b
;
118 startStopKeepAlive(FALSE
);
119 send_status_all(STATUS_CONFIG
);
121 MUTEX_UNLOCK(&rcfile_mutex
);
125 static void reload_rcfile()
128 pth_attr_t attr
= pth_attr_new();
132 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, 0);
133 tid
= pth_spawn(attr
, reload_rcfile_thread
, NULL
);
135 pth_attr_destroy(attr
);
138 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
139 _gpg_strerror(gpg_error_from_errno(n
)));
142 gpg_error_t
send_syserror(assuan_context_t ctx
, gint e
)
144 gpg_error_t n
= gpg_error_from_errno(e
);
147 return assuan_process_done(ctx
, assuan_set_error(ctx
, n
, _gpg_strerror(n
)));
150 gpg_error_t
send_error(assuan_context_t ctx
, gpg_error_t e
)
152 gpg_err_code_t n
= gpg_err_code(e
);
153 gpg_error_t code
= gpg_err_make(PWMD_ERR_SOURCE
, n
);
154 struct client_s
*client
= assuan_get_pointer(ctx
);
159 return assuan_process_done(ctx
, 0);
162 log_write("%s", pwmd_strerror(e
));
166 if (n
== EPWMD_LIBXML_ERROR
) {
167 xmlErrorPtr xe
= client
->xml_error
;
170 xe
= xmlGetLastError();
172 e
= assuan_process_done(ctx
, assuan_set_error(ctx
, code
, xe
->message
));
173 log_write("%s", xe
->message
);
175 if (xe
== client
->xml_error
)
180 client
->xml_error
= NULL
;
184 return assuan_process_done(ctx
, assuan_set_error(ctx
, code
, pwmd_strerror(e
)));
187 void log_write(const gchar
*fmt
, ...)
197 pth_t tid
= pth_self();
200 if ((!logfile
&& !isatty(STDERR_FILENO
) && log_syslog
== FALSE
) || !fmt
)
203 if (!cmdline
&& logfile
) {
204 if ((fd
= open(logfile
, O_WRONLY
|O_CREAT
|O_APPEND
, 0600)) == -1) {
212 if (g_vasprintf(&args
, fmt
, ap
) == -1) {
223 fprintf(stderr
, "%s\n", args
);
229 attr
= pth_attr_of(tid
);
231 if (pth_attr_get(attr
, PTH_ATTR_NAME
, &name
) == FALSE
)
234 pth_attr_destroy(attr
);
235 name
= print_fmt(buf
, sizeof(buf
), "%s(%p): ", name
, tid
);
237 if (!cmdline
&& log_syslog
== TRUE
)
238 syslog(LOG_INFO
, "%s%s", name
, args
);
241 tm
= localtime(&now
);
242 strftime(tbuf
, sizeof(tbuf
), "%b %d %Y %H:%M:%S ", tm
);
243 tbuf
[sizeof(tbuf
) - 1] = 0;
245 if (args
[strlen(args
)-1] == '\n')
246 args
[strlen(args
)-1] = 0;
248 line
= g_strdup_printf("%s %i %s%s\n", tbuf
, getpid(), name
, args
);
259 write(fd
, line
, strlen(line
));
264 if (isatty(STDERR_FILENO
)) {
265 fprintf(stderr
, "%s", line
);
272 static void usage(gchar
*pn
)
274 g_fprintf(stderr
, N_(
275 "Usage: %s [-hvDnP] [-f <rcfile>] [-C <filename>] "
276 "[-I <filename> [-i <iter>]]\n "
277 "[-k <keyfile>] [-o <outfile>] [file1] [...]\n"
278 " -n run as a foreground process\n"
279 " -f load the specified rcfile (~/.pwmd/config)\n"
280 " -C convert a version 1 data file to version 2\n"
281 " -I import an XML file\n"
282 " -i encrypt with the specified number of iterations when importing\n"
283 " (config default in the \"global\" section)\n"
284 " -k obtain the key from the specified file\n"
285 " -o output file for use with the -C and -I options\n"
286 " -D disable use of the LIST and DUMP commands\n"
287 " -P disable pinentry\n"
289 " -h this help text\n"
294 static int gcry_SecureCheck(const void *ptr
)
299 static void setup_gcrypt()
301 gcry_control(GCRYCTL_SET_THREAD_CBS
, &gcry_threads_pth
);
302 gcry_check_version(GCRYPT_VERSION
);
304 gcry_set_allocation_handler(xmalloc
, xmalloc
, gcry_SecureCheck
, xrealloc
,
307 if (gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_TEST_ALGO
, NULL
,
309 errx(EXIT_FAILURE
, N_("Required AES cipher not supported by libgcrypt."));
311 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_KEYLEN
, NULL
, &gcrykeysize
);
312 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_BLKLEN
, NULL
, &gcryblocksize
);
315 static gint
new_connection(struct client_s
*cl
)
320 rc
= assuan_init_socket_server_ext(&cl
->ctx
, cl
->thd
->fd
, 2);
325 assuan_set_pointer(cl
->ctx
, cl
);
326 ver
= g_strdup_printf("%s", PACKAGE_STRING
);
327 assuan_set_hello_line(cl
->ctx
, ver
);
329 rc
= register_commands(cl
->ctx
);
334 rc
= assuan_accept(cl
->ctx
);
342 log_write("%s", _gpg_strerror(rc
));
348 static void xml_error_cb(void *data
, xmlErrorPtr e
)
350 struct client_s
*client
= data
;
353 * Keep the first reported error as the one to show in the error
354 * description. Reset in send_error().
356 if (client
->xml_error
)
359 xmlCopyError(e
, client
->xml_error
);
362 static void cleanup_crypto_handler(void *arg
)
364 struct client_crypto_s
**a
= (struct client_crypto_s
**)arg
;
365 struct client_crypto_s
*cr
= *a
;
368 if (cr
->fh
->fd
!= -1 ||
369 (cmdline
== TRUE
&& cr
->fh
->fd
!= STDOUT_FILENO
))
373 gcry_free(cr
->fh
->doc
);
379 gcry_cipher_close(cr
->gh
);
385 void cleanup_crypto(struct client_crypto_s
**c
)
387 struct client_crypto_s
*cr
= *c
;
402 gcry_free(cr
->tkey2
);
405 gcry_free(cr
->inbuf
);
408 gcry_free(cr
->outbuf
);
410 cleanup_crypto_handler(c
);
414 * This is called after a child_thread terminates. Set with
415 * pth_cleanup_push().
417 static void cleanup_cb(void *arg
)
419 struct client_thread_s
*cn
= arg
;
420 struct client_s
*cl
= cn
->cl
;
422 MUTEX_LOCK(&cn_mutex
);
423 cn_thread_list
= g_slist_remove(cn_thread_list
, cn
);
424 MUTEX_UNLOCK(&cn_mutex
);
427 pth_cancel(cn
->msg_tid
);
428 pth_join(cn
->msg_tid
, NULL
);
432 struct status_msg_s
*m
= g_slist_nth_data(cn
->msg_list
, 0);
437 cn
->msg_list
= g_slist_remove(cn
->msg_list
, m
);
441 if (cl
&& cl
->freed
== FALSE
)
446 gnutls_deinit(cn
->tls
->ses
);
456 assuan_deinit_server(cl
->ctx
);
457 else if (cl
&& cl
->thd
&& cl
->thd
->fd
!= -1)
461 if (cl
&& cl
->pinentry
)
462 cleanup_pinentry(cl
->pinentry
);
466 cleanup_crypto(&cl
->crypto
);
469 log_write(N_("exiting, fd=%i"), cn
->fd
);
471 send_status_all(STATUS_CLIENTS
);
475 * Called every time a connection is made from init_new_connection(). This is
476 * the thread entry point.
478 static void *client_thread(void *data
)
480 struct client_thread_s
*thd
= data
;
481 struct client_s
*cl
= g_malloc0(sizeof(struct client_s
));
483 pth_attr_t attr
= pth_attr_of(pth_self());
486 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
487 pth_attr_destroy(attr
);
490 * Prevent a race condition with init_new_connection() if this thread
491 * fails (returns) for some reason before init_new_connection() releases
494 MUTEX_LOCK(&cn_mutex
);
495 MUTEX_UNLOCK(&cn_mutex
);
496 pth_cleanup_push(cleanup_cb
, thd
);
499 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
507 * Do the TLS handshake before anything else.
510 gchar
*prio
= get_key_file_string("global", "cipher_suite");
512 thd
->tls
= tls_init(thd
->fd
, prio
);
527 if (new_connection(cl
))
531 cl
->pinentry
= pinentry_init();
534 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
539 /* Require the client to explicity set OPTION PINENTRY since the DISPLAY
540 * might be automatically set from the client. Connections to the X11
541 * server usually aren't encrypted and the client might unintentionally
542 * send the passphrase in the clear.
545 cl
->pinentry
->enable
= FALSE
;
550 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
551 log_write("mlockall(): %s", strerror(errno
));
556 pth_mutex_init(&thd
->msg_list_mutex
);
557 attr
= pth_attr_new();
559 thd
->msg_tid
= pth_spawn(attr
, client_msg_thread
, thd
);
561 pth_attr_destroy(attr
);
564 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
565 _gpg_strerror(gpg_error_from_errno(n
)));
569 pth_yield(thd
->msg_tid
);
570 rc
= send_status(cl
->ctx
, STATUS_CACHE
, NULL
);
573 log_write("%s", _gpg_strerror(rc
));
577 send_status_all(STATUS_CLIENTS
);
578 xmlSetStructuredErrorFunc(cl
, xml_error_cb
);
582 pth_event_t pev
= NULL
;
585 pth_event_t ev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
,
589 if (cl
->pinentry
->status
== PINENTRY_RUNNING
) {
590 pev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
, cl
->pinentry
->fd
);
591 ev
= pth_event_concat(ev
, pev
, NULL
);
596 pth_event_isolate(ev
);
597 st
= pth_event_status(ev
);
599 if (st
== PTH_STATUS_OCCURRED
) {
600 rc
= assuan_process_next(cl
->ctx
);
604 cl
->inquire_status
= INQUIRE_INIT
;
606 if (gpg_err_code(rc
) == GPG_ERR_EOF
)
609 log_write("assuan_process_next(): %s", _gpg_strerror(rc
));
610 rc
= send_error(cl
->ctx
, gpg_err_make(PWMD_ERR_SOURCE
, rc
));
613 log_write("assuan_process_done(): %s", _gpg_strerror(rc
));
619 if (cl
->pinentry
->pid
&& cl
->pinentry
->status
== PINENTRY_INIT
)
620 cl
->pinentry
->status
= PINENTRY_RUNNING
;
623 switch (cl
->inquire_status
) {
628 cl
->inquire_status
= INQUIRE_INIT
;
629 rc
= assuan_process_done(cl
->ctx
, 0);
636 pth_event_free(ev
, PTH_FREE_THIS
);
640 pth_event_isolate(pev
);
641 st
= pth_event_status(pev
);
642 pth_event_free(pev
, PTH_FREE_THIS
);
645 rc
= pinentry_iterate(cl
,
646 pev
&& cl
->pinentry
->fd
!= -1 && st
== PTH_STATUS_OCCURRED
);
651 * Client cleanup (including XML data) is done in cleanup_cb() from
652 * the cleanup thread.
657 pth_exit(PTH_CANCELED
);
661 static void setup_logging(GKeyFile
*kf
)
663 gboolean n
= g_key_file_get_boolean(kf
, "global", "enable_logging", NULL
);
666 gchar
*p
= g_key_file_get_string(kf
, "global", "log_path", NULL
);
672 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
678 logfile
= g_strdup(buf
);
688 log_syslog
= g_key_file_get_boolean(kf
, "global", "syslog", NULL
);
692 * Make sure all settings are set to either the specified setting or a
695 static void set_rcfile_defaults(GKeyFile
*kf
)
699 if (g_key_file_has_key(kf
, "global", "socket_path", NULL
) == FALSE
) {
700 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/socket");
701 g_key_file_set_string(kf
, "global", "socket_path", buf
);
704 if (g_key_file_has_key(kf
, "global", "data_directory", NULL
) == FALSE
) {
705 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/data");
706 g_key_file_set_string(kf
, "global", "data_directory", buf
);
709 if (g_key_file_has_key(kf
, "global", "backup", NULL
) == FALSE
)
710 g_key_file_set_boolean(kf
, "global", "backup", TRUE
);
712 if (g_key_file_has_key(kf
, "global", "log_path", NULL
) == FALSE
) {
713 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/log");
714 g_key_file_set_string(kf
, "global", "log_path", buf
);
717 if (g_key_file_has_key(kf
, "global", "enable_logging", NULL
) == FALSE
)
718 g_key_file_set_boolean(kf
, "global", "enable_logging", FALSE
);
721 if (g_key_file_has_key(kf
, "global", "disable_mlockall", NULL
) == FALSE
)
722 g_key_file_set_boolean(kf
, "global", "disable_mlockall", TRUE
);
725 if (g_key_file_has_key(kf
, "global", "cache_timeout", NULL
) == FALSE
)
726 g_key_file_set_integer(kf
, "global", "cache_timeout", -1);
728 if (g_key_file_has_key(kf
, "global", "iterations", NULL
) == FALSE
||
729 g_key_file_get_integer(kf
, "global", "iterations", 0) < 0)
730 g_key_file_set_integer(kf
, "global", "iterations", 1);
732 if (g_key_file_has_key(kf
, "global", "disable_list_and_dump", NULL
) == FALSE
)
733 g_key_file_set_boolean(kf
, "global", "disable_list_and_dump", FALSE
);
735 if (g_key_file_has_key(kf
, "global", "iteration_progress", NULL
) == FALSE
)
736 g_key_file_set_integer(kf
, "global", "iteration_progress", 0);
738 if (g_key_file_has_key(kf
, "global", "compression_level", NULL
) == FALSE
)
739 g_key_file_set_integer(kf
, "global", "compression_level", 6);
741 if (g_key_file_has_key(kf
, "global", "recursion_depth", NULL
) == FALSE
)
742 g_key_file_set_integer(kf
, "global", "recursion_depth", DEFAULT_RECURSION_DEPTH
);
744 if (g_key_file_has_key(kf
, "global", "zlib_bufsize", NULL
) == FALSE
)
745 g_key_file_set_integer(kf
, "global", "zlib_bufsize", DEFAULT_ZLIB_BUFSIZE
);
747 zlib_bufsize
= (uInt
)g_key_file_get_integer(kf
, "global", "zlib_bufsize", NULL
);
749 max_recursion_depth
= g_key_file_get_integer(kf
, "global", "recursion_depth", NULL
);
750 disable_list_and_dump
= g_key_file_get_boolean(kf
, "global", "disable_list_and_dump", NULL
);
753 disable_mlock
= g_key_file_get_boolean(kf
, "global", "disable_mlockall", NULL
);
756 if (g_key_file_has_key(kf
, "global", "syslog", NULL
) == FALSE
)
757 g_key_file_set_boolean(kf
, "global", "syslog", FALSE
);
759 if (g_key_file_has_key(kf
, "global", "keepalive", NULL
) == FALSE
)
760 g_key_file_set_integer(kf
, "global", "keepalive", DEFAULT_KEEPALIVE_TO
);
763 if (g_key_file_has_key(kf
, "global", "enable_pinentry", NULL
) == FALSE
)
764 g_key_file_set_boolean(kf
, "global", "enable_pinentry", TRUE
);
766 if (g_key_file_has_key(kf
, "global", "pinentry_timeout", NULL
) == FALSE
)
767 g_key_file_set_integer(kf
, "global", "pinentry_timeout", 20);
771 if (g_key_file_has_key(kf
, "global", "tcp_port", NULL
) == FALSE
)
772 g_key_file_set_integer(kf
, "global", "tcp_port", 6466);
774 if (g_key_file_has_key(kf
, "global", "enable_tcp", NULL
) == FALSE
)
775 g_key_file_set_boolean(kf
, "global", "enable_tcp", FALSE
);
777 if (g_key_file_has_key(kf
, "global", "tcp_require_key", NULL
) == FALSE
)
778 g_key_file_set_boolean(kf
, "global", "tcp_require_key", FALSE
);
780 if (g_key_file_has_key(kf
, "global", "tcp_wait", NULL
) == FALSE
)
781 g_key_file_set_boolean(kf
, "global", "tcp_wait", 3);
783 if (g_key_file_has_key(kf
, "global", "cipher_suite", NULL
) == FALSE
)
784 g_key_file_set_string(kf
, "global", "cipher_suite", "SECURE256");
786 if (g_key_file_has_key(kf
, "global", "tcp_use_crl", NULL
) == FALSE
)
787 g_key_file_set_boolean(kf
, "global", "tcp_use_crl", FALSE
);
793 static GKeyFile
*parse_rcfile(gboolean specified
)
795 GKeyFile
*kf
= g_key_file_new();
798 if (g_key_file_load_from_file(kf
, rcfile
, G_KEY_FILE_NONE
, &rc
) == FALSE
) {
799 log_write("%s: %s", rcfile
, rc
->message
);
801 if (cmdline
&& specified
) {
806 if (rc
->code
== G_FILE_ERROR_NOENT
) {
808 set_rcfile_defaults(kf
);
816 set_rcfile_defaults(kf
);
820 static gchar
*do_get_password(const gchar
*prompt
)
822 gchar buf
[LINE_MAX
] = {0}, *p
;
823 struct termios told
, tnew
;
826 if (tcgetattr(STDIN_FILENO
, &told
) == -1) {
827 log_write("tcgetattr(): %s", strerror(errno
));
831 memcpy(&tnew
, &told
, sizeof(struct termios
));
832 tnew
.c_lflag
&= ~(ECHO
);
833 tnew
.c_lflag
|= ICANON
|ECHONL
;
835 if (tcsetattr(STDIN_FILENO
, TCSANOW
, &tnew
) == -1) {
836 log_write("tcsetattr(): %s", strerror(errno
));
837 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
841 fprintf(stderr
, "%s", prompt
);
843 if ((p
= fgets(buf
, sizeof(buf
), stdin
)) == NULL
) {
844 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
848 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
849 p
[strlen(p
) - 1] = 0;
852 key
= gcry_malloc(1);
856 key
= gcry_malloc(strlen(p
) + 1);
857 sprintf(key
, "%s", p
);
860 memset(&buf
, 0, sizeof(buf
));
864 /* Only used when "enable_pinentry" is "false" or -P. */
865 static gpg_error_t
get_input(const gchar
*filename
,
866 struct client_crypto_s
*crypto
, guchar
*key
, pinentry_cmd_t which
)
870 if (which
== PINENTRY_SAVE
) {
871 prompt
= g_strdup_printf(N_("New passphrase for file %s: "), filename
);
872 crypto
->tkey
= do_get_password(prompt
);
876 log_write(N_("%s: Skipping file"), filename
);
877 return GPG_ERR_BAD_PASSPHRASE
;
880 prompt
= g_strdup_printf(N_("Repeat passphrase: "));
881 crypto
->tkey2
= do_get_password(prompt
);
884 if (!crypto
->tkey2
) {
885 log_write(N_("%s: Skipping file"), filename
);
886 return GPG_ERR_BAD_PASSPHRASE
;
889 if (strcmp(crypto
->tkey
, crypto
->tkey2
)) {
890 log_write(N_("%s: Passphrase mismatch"), filename
);
894 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, crypto
->tkey
,
895 strlen(crypto
->tkey
) ? strlen(crypto
->tkey
) : 1);
899 prompt
= g_strdup_printf(N_("Passphrase required for %s: "), filename
);
901 if ((crypto
->tkey
= do_get_password(prompt
)) == NULL
) {
902 log_write(N_("%s: Skipping file"), filename
);
904 return GPG_ERR_BAD_PASSPHRASE
;
907 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, crypto
->tkey
,
908 strlen(crypto
->tkey
) ? strlen(crypto
->tkey
) : 1);
914 * inbuf must have been allocated with gcry_malloc().
916 gpg_error_t
export_common(const gchar
*filename
, struct client_crypto_s
*crypto
,
917 gpointer inbuf
, gulong insize
)
924 level
= get_key_file_integer(filename
, "compression_level");
929 if (do_compress(NULL
, level
, inbuf
, insize
, &outbuf
, &outsize
, &zrc
)
931 return zrc
== Z_MEM_ERROR
? GPG_ERR_ENOMEM
: GPG_ERR_COMPR_ALGO
;
934 crypto
->inbuf
= outbuf
;
935 crypto
->insize
= outsize
;
936 rc
= do_xml_encrypt(NULL
, crypto
, filename
);
940 static gpg_error_t
get_password(const gchar
*filename
,
941 struct client_crypto_s
*crypto
, guchar
*md5file
, guchar
*key
,
942 pinentry_cmd_t which
)
947 if (g_key_file_get_boolean(keyfileh
, "global", "enable_pinentry", NULL
)
950 return get_input(filename
, crypto
, key
, which
);
954 gchar
*result
= NULL
;
955 struct pinentry_s
*pin
= g_malloc0(sizeof(struct pinentry_s
));
957 set_pinentry_defaults(pin
);
959 pin
->filename
= g_strdup(filename
);
960 rc
= pinentry_getpin(pin
, &result
);
967 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, result
, strlen(result
) ? strlen(result
) : 1);
969 cleanup_pinentry(pin
);
977 static gboolean
_getline(const gchar
*file
, gchar
**result
, gpg_error_t
*rc
)
980 gchar buf
[LINE_MAX
] = {0}, *p
;
986 if ((fp
= fopen(file
, "r")) == NULL
) {
987 *rc
= gpg_error_from_syserror();
991 p
= fgets(buf
, sizeof(buf
), fp
);
995 if (len
&& buf
[len
- 1] == '\n')
998 str
= gcry_malloc(len
+ 1);
1001 *rc
= gpg_error_from_errno(ENOMEM
);
1005 memcpy(str
, buf
, len
? len
: 1);
1007 memset(&buf
, 0, sizeof(buf
));
1012 static gchar
*parse_rcfile_keyfile(const gchar
*filename
, gboolean import
,
1016 gchar
*t
, *file
= NULL
, *str
;
1018 *rc
= GPG_ERR_UNKNOWN_ERRNO
;
1020 if (import
== FALSE
) {
1021 if (g_key_file_has_key(keyfileh
, filename
, "key_file", &rv
) == TRUE
) {
1022 file
= g_key_file_get_string(keyfileh
, filename
, "key_file", &rv
);
1026 log_write("%s: key_file: %s", rcfile
, rv
->message
);
1033 t
= expand_homedir(file
);
1036 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1037 *rc
= gpg_error_from_errno(ENOMEM
);
1046 /* -I or -C. The filename is a key file. */
1047 file
= g_strdup(filename
);
1050 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1051 *rc
= gpg_error_from_errno(ENOMEM
);
1057 log_write("%s: key_file: %s", rcfile
, rv
->message
);
1065 if (_getline(file
, &str
, rc
) == FALSE
) {
1066 log_write("%s: %s: %s", filename
, file
, pwmd_strerror(*rc
));
1076 static gboolean
xml_import(const gchar
*filename
, const gchar
*outfile
,
1077 const gchar
*keyfile
, guint64 iter
)
1086 struct client_crypto_s
*crypto
;
1088 if (stat(filename
, &st
) == -1) {
1089 log_write("%s: %s", filename
, strerror(errno
));
1093 crypto
= init_client_crypto();
1098 crypto
->key
= gcry_malloc(gcrykeysize
);
1099 memset(crypto
->key
, 0, gcrykeysize
);
1102 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1106 log_write(N_("Importing XML from '%s'. Output will be written to '%s' ..."),
1109 if (iter
&& keyfile
) {
1110 crypto
->tkey
= parse_rcfile_keyfile(keyfile
, TRUE
, &rc
);
1115 gcry_md_hash_buffer(GCRY_MD_SHA256
, crypto
->key
, crypto
->tkey
,
1116 strlen(crypto
->tkey
) ? strlen(crypto
->tkey
) : 1);
1119 rc
= get_password(outfile
, crypto
, NULL
, crypto
->key
, PINENTRY_SAVE
);
1125 if ((fd
= open(filename
, O_RDONLY
)) == -1) {
1126 log_write("%s: %s", filename
, strerror(errno
));
1130 if ((xmlbuf
= gcry_malloc(st
.st_size
+1)) == NULL
) {
1132 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1136 if (pth_read(fd
, xmlbuf
, st
.st_size
) == -1) {
1140 log_write("%s: %s", filename
, strerror(errno
));
1145 xmlbuf
[st
.st_size
] = 0;
1148 * Make sure the document validates.
1150 if ((doc
= xmlReadDoc(xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
)) == NULL
) {
1151 log_write("xmlReadDoc() failed");
1157 xmlDocDumpMemory(doc
, &xml
, &len
);
1161 memset(crypto
->key
, '!', gcrykeysize
);
1163 crypto
->fh
= g_malloc0(sizeof(file_header_internal_t
));
1166 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1170 crypto
->fh
->fh2
.iter
= iter
;
1171 rc
= export_common(outfile
, crypto
, xml
, len
);
1175 send_error(NULL
, rc
);
1179 cleanup_crypto(&crypto
);
1183 cleanup_crypto(&crypto
);
1187 gchar
*get_key_file_string(const gchar
*section
, const gchar
*what
)
1192 MUTEX_LOCK(&rcfile_mutex
);
1194 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
1195 val
= g_key_file_get_string(keyfileh
, section
, what
, &grc
);
1198 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1199 g_clear_error(&grc
);
1203 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1204 val
= g_key_file_get_string(keyfileh
, "global", what
, &grc
);
1207 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1208 g_clear_error(&grc
);
1213 MUTEX_UNLOCK(&rcfile_mutex
);
1217 gint
get_key_file_integer(const gchar
*section
, const gchar
*what
)
1222 MUTEX_LOCK(&rcfile_mutex
);
1224 if (g_key_file_has_key(keyfileh
, section
? section
: "global", what
, NULL
) == TRUE
) {
1225 val
= g_key_file_get_integer(keyfileh
, section
? section
: "global", what
, &grc
);
1228 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1229 g_clear_error(&grc
);
1233 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1234 val
= g_key_file_get_integer(keyfileh
, "global", what
, &grc
);
1237 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1238 g_clear_error(&grc
);
1243 MUTEX_UNLOCK(&rcfile_mutex
);
1247 gboolean
get_key_file_boolean(const gchar
*section
, const gchar
*what
)
1249 gboolean val
= FALSE
;
1252 MUTEX_LOCK(&rcfile_mutex
);
1254 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
1255 val
= g_key_file_get_boolean(keyfileh
, section
, what
, &grc
);
1258 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1259 g_clear_error(&grc
);
1263 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1264 val
= g_key_file_get_boolean(keyfileh
, "global", what
, &grc
);
1267 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1268 g_clear_error(&grc
);
1273 MUTEX_UNLOCK(&rcfile_mutex
);
1277 static gboolean
parse_rcfile_keys()
1284 groups
= g_key_file_get_groups(keyfileh
, &n
);
1286 for (p
= groups
; *p
; p
++) {
1289 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
) {
1290 str
= g_key_file_get_string(keyfileh
, *p
, "key", &rc
);
1294 log_write("%s: key: %s", rcfile
, rc
->message
);
1300 do_cache_push(*p
, str
);
1306 log_write("%s: key: %s", rcfile
, rc
->message
);
1312 str
= parse_rcfile_keyfile(*p
, FALSE
, &ret
);
1317 do_cache_push(*p
, str
);
1325 static gboolean
do_cache_push(const gchar
*filename
, const gchar
*password
)
1329 const gchar
*p
= filename
;
1330 struct client_crypto_s
*crypto
;
1339 if (valid_filename(p
) == FALSE
) {
1340 log_write(N_("%s: Invalid characters in filename"), p
);
1344 gcry_md_hash_buffer(GCRY_MD_MD5
, md5file
, p
, strlen(p
));
1346 if (access(p
, R_OK
|W_OK
) != 0) {
1347 log_write("%s: %s", p
, strerror(errno
));
1351 crypto
= init_client_crypto();
1356 crypto
->fh
= read_file_header(filename
, FALSE
, &rc
);
1359 log_write("%s: %s", p
, pwmd_strerror(rc
));
1360 cleanup_crypto(&crypto
);
1364 crypto
->key
= gcry_malloc(gcrykeysize
);
1367 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1368 cleanup_crypto(&crypto
);
1372 log_write(N_("Adding '%s' to the file cache ..."), filename
);
1374 if (crypto
->fh
->fh2
.iter
<= 0) {
1375 memset(crypto
->key
, '!', gcrykeysize
);
1380 rc
= get_password(p
, crypto
, md5file
, crypto
->key
, PINENTRY_OPEN
);
1383 send_error(NULL
, rc
);
1384 cleanup_crypto(&crypto
);
1388 gcry_free(crypto
->fh
->doc
);
1389 crypto
->fh
->doc
= NULL
;
1392 gcry_md_hash_buffer(GCRY_MD_SHA256
, crypto
->key
, password
,
1393 strlen(password
) ? strlen(password
) : 1);
1396 rc
= try_xml_decrypt(NULL
, crypto
->key
, crypto
, NULL
, NULL
);
1399 log_write("%s: %s", filename
, pwmd_strerror(rc
));
1400 cleanup_crypto(&crypto
);
1404 if (cache_update_key(md5file
, crypto
->key
) == FALSE
) {
1405 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1406 cleanup_crypto(&crypto
);
1410 timeout
= get_key_file_integer(p
, "cache_timeout");
1411 cache_set_timeout(md5file
, timeout
);
1412 log_write(N_("File '%s' now cached"), filename
);
1413 cleanup_crypto(&crypto
);
1417 static void init_new_connection(gint fd
, gchar
*addr
)
1420 struct client_thread_s
*new;
1423 new = g_malloc0(sizeof(struct client_thread_s
));
1426 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1431 MUTEX_LOCK(&cn_mutex
);
1439 attr
= pth_attr_new();
1440 pth_attr_init(attr
);
1441 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1442 new->tid
= pth_spawn(attr
, client_thread
, new);
1444 pth_attr_destroy(attr
);
1449 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
1450 _gpg_strerror(gpg_error_from_errno(n
)));
1451 MUTEX_UNLOCK(&cn_mutex
);
1455 cn_thread_list
= g_slist_append(cn_thread_list
, new);
1456 MUTEX_UNLOCK(&cn_mutex
);
1459 log_write(N_("new connection: tid=%p, fd=%i, addr=%s"), new->tid
, fd
,
1462 log_write(N_("new connection: tid=%p, fd=%i"), new->tid
, fd
);
1466 /* From Beej's Guide to Network Programming. It's a good tutorial. */
1467 static void *get_in_addr(struct sockaddr
*sa
)
1469 if (sa
->sa_family
== AF_INET
)
1470 return &(((struct sockaddr_in
*)sa
)->sin_addr
);
1472 return &(((struct sockaddr_in6
*)sa
)->sin6_addr
);
1475 static void *tcp_accept_thread(void *arg
)
1477 gint sockfd
= (gint
)arg
;
1478 pth_attr_t attr
= pth_attr_of(pth_self());
1480 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
1481 pth_attr_destroy(attr
);
1484 struct sockaddr_storage raddr
;
1485 socklen_t slen
= sizeof(raddr
);
1489 gchar s
[INET6_ADDRSTRLEN
];
1491 fd
= pth_accept(sockfd
, (struct sockaddr
*)&raddr
, &slen
);
1495 if (errno
!= EAGAIN
) {
1496 if (!quit
) // probably EBADF
1497 log_write("accept(): %s", strerror(errno
));
1508 inet_ntop(raddr
.ss_family
, get_in_addr((struct sockaddr
*)&raddr
),
1510 init_new_connection(fd
, s
);
1511 t
= get_key_file_string("global", "tcp_wait");
1512 n
= strtol(t
, NULL
, 10);
1518 pth_usleep(n
*100000);
1521 /* Just in case accept() failed for some reason other than EBADF */
1523 pth_exit(PTH_CANCELED
);
1528 static void *accept_thread(void *arg
)
1530 gint sockfd
= (gint
)arg
;
1531 pth_attr_t attr
= pth_attr_of(pth_self());
1533 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
1534 pth_attr_destroy(attr
);
1537 socklen_t slen
= sizeof(struct sockaddr_un
);
1538 struct sockaddr_un raddr
;
1541 fd
= pth_accept(sockfd
, (struct sockaddr
*)&raddr
, &slen
);
1545 if (errno
!= EAGAIN
) {
1546 if (!quit
) // probably EBADF
1547 log_write("accept(): %s", strerror(errno
));
1555 init_new_connection(fd
, NULL
);
1558 /* Just in case accept() failed for some reason other than EBADF */
1560 pth_exit(PTH_CANCELED
);
1564 static void *adjust_cache_timer_thread(void *arg
)
1566 pth_attr_t attr
= pth_attr_of(pth_self());
1568 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
1569 pth_attr_destroy(attr
);
1575 cache_adjust_timer();
1582 static void keepalive_cleanup(void *arg
)
1584 pth_event_t ev
= arg
;
1586 pth_event_free(ev
, PTH_FREE_ALL
);
1589 static void *keepalive_thread(void *arg
)
1591 gint to
= (gint
)arg
;
1594 pth_attr_t attr
= pth_attr_of(pth_self());
1596 pth_attr_set(attr
, PTH_ATTR_NAME
, __FUNCTION__
);
1597 pth_attr_destroy(attr
);
1598 pth_cond_init(&cond
);
1600 pth_mutex_acquire(&m
, FALSE
, NULL
);
1603 pth_event_t ev
= pth_event(PTH_EVENT_TIME
, pth_timeout(to
, 0));
1604 pth_cleanup_push(keepalive_cleanup
, ev
);
1605 pth_cond_await(&cond
, &m
, ev
);
1607 send_status_all(STATUS_KEEPALIVE
);
1614 static void startStopKeepAlive(gboolean term
)
1616 gint n
= get_key_file_integer("global", "keepalive");
1619 pth_cancel(keepalive_tid
);
1621 keepalive_tid
= NULL
;
1628 pth_attr_t attr
= pth_attr_new();
1629 pth_attr_init(attr
);
1630 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1631 keepalive_tid
= pth_spawn(attr
, keepalive_thread
, (void *)n
);
1633 pth_attr_destroy(attr
);
1635 if (!keepalive_tid
) {
1636 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
1637 _gpg_strerror(gpg_error_from_errno(e
)));
1641 pth_yield(keepalive_tid
);
1645 static gboolean
waiting_for_exit()
1648 pth_event_t evs
= NULL
;
1650 MUTEX_LOCK(&cn_mutex
);
1652 for (t
= g_slist_length(cn_thread_list
), i
= 0; i
< t
; i
++) {
1653 struct client_thread_s
*thd
= g_slist_nth_data(cn_thread_list
, i
);
1654 pth_event_t ev
= pth_event(PTH_EVENT_TID
|PTH_UNTIL_TID_DEAD
, thd
->tid
);
1657 evs
= pth_event_concat(evs
, ev
, NULL
);
1662 MUTEX_UNLOCK(&cn_mutex
);
1668 MUTEX_LOCK(&cn_mutex
);
1669 i
= g_slist_length(cn_thread_list
);
1670 MUTEX_UNLOCK(&cn_mutex
);
1671 return i
? TRUE
: FALSE
;
1674 static void server_loop(gint sockfd
, gchar
**socketpath
)
1680 pth_t cache_timeout_tid
;
1682 sigemptyset(&sigset
);
1685 sigaddset(&sigset
, SIGTERM
);
1686 sigaddset(&sigset
, SIGINT
);
1688 /* Clears the file cache. */
1689 sigaddset(&sigset
, SIGUSR1
);
1691 /* Configuration file reloading. */
1692 sigaddset(&sigset
, SIGHUP
);
1694 /* Clears the cache and exits when something bad happens. */
1695 sigaddset(&sigset
, SIGABRT
);
1697 /* Ignored everywhere. When a client disconnects abnormally this signal
1698 * gets raised. It isn't needed though because client_thread() will check
1699 * for rcs even after the client disconnects. */
1700 signal(SIGPIPE
, SIG_IGN
);
1701 sigprocmask(SIG_BLOCK
, &sigset
, NULL
);
1703 log_write(N_("%s started for user %s"), PACKAGE_STRING
, g_get_user_name());
1704 attr
= pth_attr_new();
1705 pth_attr_init(attr
);
1706 accept_tid
= pth_spawn(attr
, accept_thread
, (void *)sockfd
);
1709 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
1710 _gpg_strerror(gpg_error_from_errno(errno
)));
1714 pth_yield(accept_tid
);
1715 startStopKeepAlive(FALSE
);
1716 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1717 cache_timeout_tid
= pth_spawn(attr
, adjust_cache_timer_thread
, NULL
);
1719 if (!cache_timeout_tid
) {
1720 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
1721 _gpg_strerror(gpg_error_from_errno(errno
)));
1725 pth_yield(cache_timeout_tid
);
1726 pth_attr_destroy(attr
);
1731 pth_sigwait(&sigset
, &sig
);
1732 log_write(N_("caught signal %i (%s)"), sig
, strsignal(sig
));
1734 /* Caught a signal. */
1740 cache_clear(NULL
, 2);
1747 log_write(N_("clearing file cache"));
1748 cache_clear(NULL
, 2);
1759 * We're out of the main server loop. This happens when a signal was sent
1760 * to terminate the daemon. We'll wait for all clients to disconnect
1761 * before exiting and ignore any following signals.
1763 shutdown(sockfd
, SHUT_RDWR
);
1765 pth_cancel(accept_tid
);
1766 pth_join(accept_tid
, NULL
);
1770 unlink(*socketpath
);
1771 g_free(*socketpath
);
1773 MUTEX_LOCK(&cn_mutex
);
1774 n
= g_slist_length(cn_thread_list
);
1775 MUTEX_UNLOCK(&cn_mutex
);
1778 log_write(N_("waiting for all clients to disconnect"));
1781 MUTEX_LOCK(&cn_mutex
);
1782 n
= g_slist_length(cn_thread_list
);
1783 MUTEX_UNLOCK(&cn_mutex
);
1784 log_write(N_("%i clients remain"), n
);
1785 } while (waiting_for_exit());
1788 startStopKeepAlive(TRUE
);
1789 pth_cancel(cache_timeout_tid
);
1794 * Called from pinentry_fork() in the child process.
1796 void free_client_list()
1798 gint i
, t
= g_slist_length(cn_thread_list
);
1800 for (i
= 0; i
< t
; i
++) {
1801 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
1803 free_client(cn
->cl
);
1809 struct client_crypto_s
*init_client_crypto()
1811 struct client_crypto_s
*new = g_malloc0(sizeof(struct client_crypto_s
));
1815 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
1819 rc
= gcry_cipher_open(&new->gh
, GCRY_CIPHER_AES256
, GCRY_CIPHER_MODE_CBC
, 0);
1822 log_write("%s(%i): %s", __FUNCTION__
, __LINE__
, _gpg_strerror(rc
));
1830 static gpg_error_t
convert_file(const gchar
*filename
, const gchar
*keyfile
,
1831 const gchar
*outfile
)
1836 struct client_crypto_s
*crypto
= init_client_crypto();
1839 return GPG_ERR_ENOMEM
;
1841 crypto
->key
= gcry_malloc(gcrykeysize
);
1844 cleanup_crypto(&crypto
);
1845 return GPG_ERR_ENOMEM
;
1848 log_write(N_("Converting version 1 data file '%s' to version 2 ..."),
1850 crypto
->fh
= read_file_header(filename
, TRUE
, &rc
);
1855 gcry_md_hash_buffer(GCRY_MD_MD5
, md5file
, filename
, strlen(filename
));
1857 /* The header in version 1 had a bug where the iterations were off-by-one.
1858 * So 0 iterations was really -1 in the header. This is fixed in v2 of the
1861 if (crypto
->fh
->fh1
.iter
>= 0) {
1863 crypto
->tkey
= parse_rcfile_keyfile(keyfile
, TRUE
, &rc
);
1868 gcry_md_hash_buffer(GCRY_MD_SHA256
, crypto
->key
, crypto
->tkey
,
1869 strlen(crypto
->tkey
) ? strlen(crypto
->tkey
) : 1);
1872 rc
= get_password(filename
, crypto
, md5file
, crypto
->key
,
1880 rc
= try_xml_decrypt(NULL
, crypto
->key
, crypto
, &crypto
->fh
->doc
,
1886 rc
= convert_xml((gchar
**)&crypto
->fh
->doc
, &crypto
->fh
->len
);
1889 log_write("%s: %s", filename
, pwmd_strerror(rc
));
1893 crypto
->fh
->v1
= FALSE
;
1894 iter
= crypto
->fh
->fh1
.iter
;
1895 memset(&crypto
->fh
->fh2
, 0, sizeof(crypto
->fh
->fh2
));
1896 /* Keep the iterations and key from the original file. */
1897 crypto
->fh
->fh2
.iter
= iter
+1; // Bugfix for v1 data files.
1898 rc
= export_common(outfile
, crypto
, crypto
->fh
->doc
, crypto
->fh
->len
);
1902 send_error(NULL
, rc
);
1904 /* fh->doc is freed from do_xml_decrypt() via the inbuf pointer. */
1905 cleanup_crypto(&crypto
);
1910 static gboolean
startStopTcp(gboolean term
)
1912 struct addrinfo hints
, *servinfo
, *p
;
1913 gint port
= get_key_file_integer("global", "tcp_port");
1917 if (term
|| get_key_file_boolean("global", "enable_tcp") == FALSE
) {
1918 if (tcpSockFd
!= -1) {
1919 pth_cancel(tcpAcceptTid
);
1920 pth_join(tcpAcceptTid
, NULL
);
1921 shutdown(tcpSockFd
, SHUT_RDWR
);
1925 /* A client may still be connected. */
1933 if (tcpSockFd
!= -1)
1936 memset(&hints
, 0, sizeof(hints
));
1937 hints
.ai_family
= AF_UNSPEC
;
1938 hints
.ai_socktype
= SOCK_STREAM
;
1939 hints
.ai_flags
= AI_PASSIVE
;
1941 if ((n
= getaddrinfo(NULL
, print_fmt(buf
, sizeof(buf
), "%i", port
),
1942 &hints
, &servinfo
)) == -1) {
1943 log_write("getaddrinfo(): %s", gai_strerror(n
));
1947 for(p
= servinfo
; p
!= NULL
; p
= p
->ai_next
) {
1948 if ((tcpSockFd
= socket(p
->ai_family
, p
->ai_socktype
,
1949 p
->ai_protocol
)) == -1) {
1950 log_write("socket(): %s", strerror(errno
));
1956 if (setsockopt(tcpSockFd
, SOL_SOCKET
, SO_REUSEADDR
, &n
,
1957 sizeof(int)) == -1) {
1958 log_write("setsockopt(): %s", strerror(errno
));
1959 freeaddrinfo(servinfo
);
1963 if (bind(tcpSockFd
, p
->ai_addr
, p
->ai_addrlen
) == -1) {
1965 log_write("bind(): %s", strerror(errno
));
1973 freeaddrinfo(servinfo
);
1976 log_write("%s", N_("could not bind"));
1980 if (g_key_file_has_key(keyfileh
, "global", "tcp_interface", NULL
)) {
1981 gchar
*tmp
= get_key_file_string("global", "tcp_interface");
1983 if (setsockopt(tcpSockFd
, SOL_SOCKET
, SO_BINDTODEVICE
, tmp
, 1)
1985 log_write("setsockopt(): %s", strerror(errno
));
1993 if (!initTlsParams())
1996 if (listen(tcpSockFd
, 0) == -1) {
1997 log_write("listen(): %s", strerror(errno
));
2001 tcpAcceptTid
= pth_spawn(NULL
, tcp_accept_thread
, (void *)tcpSockFd
);
2003 if (!tcpAcceptTid
) {
2004 log_write("%s(%i): pth_spawn(): %s", __FILE__
, __LINE__
,
2005 _gpg_strerror(gpg_error_from_errno(errno
)));
2009 pth_yield(tcpAcceptTid
);
2015 if (tcpSockFd
!= -1)
2023 int main(int argc
, char *argv
[])
2026 struct sockaddr_un addr
;
2027 struct passwd
*pw
= getpwuid(getuid());
2028 gchar buf
[PATH_MAX
];
2029 gchar
*socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
2030 gchar
*socketarg
= NULL
;
2031 gchar
*datadir
= NULL
;
2034 gchar
**cache_push
= NULL
;
2036 gchar
*import
= NULL
, *keyfile
= NULL
;
2037 guint64 cmd_iterations
= -1;
2038 gint default_timeout
;
2039 gboolean rcfile_spec
= FALSE
;
2040 gint estatus
= EXIT_FAILURE
;
2042 gchar
*outfile
= NULL
;
2043 GMemVTable mtable
= { xmalloc
, xrealloc
, xfree
, xcalloc
, NULL
, NULL
};
2045 gboolean secure
= FALSE
;
2047 gint background
= 1;
2048 gchar
*convert
= NULL
;
2049 #ifdef WITH_PINENTRY
2050 gboolean disable_pinentry
= FALSE
;
2053 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
2057 #ifdef HAVE_SETRLIMIT
2060 rl
.rlim_cur
= rl
.rlim_max
= 0;
2062 if (setrlimit(RLIMIT_CORE
, &rl
) != 0)
2063 err(EXIT_FAILURE
, "setrlimit()");
2069 setlocale(LC_ALL
, "");
2070 bindtextdomain("pwmd", LOCALEDIR
);
2079 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
2080 g_mem_set_vtable(&mtable
);
2081 assuan_set_malloc_hooks(xmalloc
, xrealloc
, xfree
);
2082 xmlMemSetup(xfree
, xmalloc
, xrealloc
, xstrdup
);
2085 gnutls_global_set_mem_functions(xmalloc
, xmalloc
, gcry_SecureCheck
,
2087 gnutls_global_init();
2088 gnutls_global_set_log_function(tls_log
);
2089 gnutls_global_set_log_level(1);
2090 assuan_set_io_hooks(&io_hooks
);
2095 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd", pw
->pw_dir
);
2097 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
2098 err(EXIT_FAILURE
, "%s", buf
);
2100 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd/data", pw
->pw_dir
);
2102 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
2103 err(EXIT_FAILURE
, "%s", buf
);
2105 rcfile
= g_strdup_printf("%s/.pwmd/config", pw
->pw_dir
);
2111 while ((opt
= getopt(argc
, argv
, "Po:C:nI:i:k:hvf:D")) != EOF
) {
2113 #ifdef WITH_PINENTRY
2115 disable_pinentry
= TRUE
;
2134 cmd_iterations
= strtol(optarg
, NULL
, 10);
2141 rcfile
= g_strdup(optarg
);
2145 printf(N_("%s\nCopyright (c) %s\nReleased under the terms of the GPL v2. Use at your own risk.\n\nCompile time features:\n%s"), PACKAGE_STRING
,
2147 #ifdef WITH_PINENTRY
2180 pth_mutex_init(&cn_mutex
);
2181 pth_mutex_init(&cache_mutex
);
2182 pth_mutex_init(&rcfile_mutex
);
2183 #ifdef WITH_PINENTRY
2184 pth_mutex_init(&pin_mutex
);
2187 if ((keyfileh
= parse_rcfile(rcfile_spec
)) == NULL
)
2190 #ifdef WITH_PINENTRY
2191 if (disable_pinentry
== TRUE
)
2192 g_key_file_set_boolean(keyfileh
, "global", "enable_pinentry", FALSE
);
2195 if (g_key_file_has_key(keyfileh
, "global", "syslog", NULL
) == TRUE
)
2196 log_syslog
= g_key_file_get_boolean(keyfileh
, "global", "syslog", NULL
);
2198 if (log_syslog
== TRUE
)
2199 openlog("pwmd", LOG_NDELAY
|LOG_PID
, LOG_DAEMON
);
2201 if (g_key_file_has_key(keyfileh
, "global", "priority", NULL
)) {
2202 iter
= g_key_file_get_integer(keyfileh
, "global", "priority", NULL
);
2205 if (setpriority(PRIO_PROCESS
, 0, iter
) == -1) {
2206 log_write("setpriority(): %s", strerror(errno
));
2211 #ifdef HAVE_MLOCKALL
2212 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
2213 log_write("mlockall(): %s", strerror(errno
));
2222 opt
= convert_file(convert
, keyfile
, outfile
);
2223 g_key_file_free(keyfileh
);
2225 exit(opt
? EXIT_FAILURE
: EXIT_SUCCESS
);
2232 if (cmd_iterations
== -1)
2233 cmd_iterations
= (guint64
)get_key_file_integer("global", "iterations");
2235 opt
= xml_import(import
, outfile
, keyfile
, cmd_iterations
);
2236 g_key_file_free(keyfileh
);
2238 exit(opt
== FALSE
? EXIT_FAILURE
: EXIT_SUCCESS
);
2241 g_key_file_set_list_separator(keyfileh
, ',');
2243 if ((p
= g_key_file_get_string(keyfileh
, "global", "socket_path", NULL
)) == NULL
)
2244 errx(EXIT_FAILURE
, N_("%s: socket_path not defined"), rcfile
);
2248 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
2250 socketarg
= g_strdup(buf
);
2255 if ((p
= g_key_file_get_string(keyfileh
, "global", "data_directory", NULL
)) == NULL
)
2256 errx(EXIT_FAILURE
, N_("%s: data_directory not defined"), rcfile
);
2258 datadir
= expand_homedir(p
);
2261 if (secure
== FALSE
&& g_key_file_has_key(keyfileh
, "global", "disable_list_and_dump", NULL
) == TRUE
) {
2262 n
= g_key_file_get_boolean(keyfileh
, "global", "disable_list_and_dump", NULL
);
2263 disable_list_and_dump
= n
;
2266 disable_list_and_dump
= secure
;
2268 if (g_key_file_has_key(keyfileh
, "global", "cache_timeout", NULL
) == TRUE
)
2269 default_timeout
= g_key_file_get_integer(keyfileh
, "global", "cache_timeout", NULL
);
2271 default_timeout
= -1;
2273 setup_logging(keyfileh
);
2275 if (g_key_file_has_key(keyfileh
, "global", "cache_push", NULL
) == TRUE
)
2276 cache_push
= g_key_file_get_string_list(keyfileh
, "global", "cache_push", NULL
, NULL
);
2278 if (argc
!= optind
) {
2280 ptotal
= g_strv_length(cache_push
);
2282 for (; optind
< argc
; optind
++) {
2283 if (strv_printf(&cache_push
, "%s", argv
[optind
]) == FALSE
)
2284 errx(EXIT_FAILURE
, "%s", strerror(ENOMEM
));
2288 if (strchr(socketarg
, '/') == NULL
) {
2289 socketdir
= g_get_current_dir();
2290 socketname
= g_strdup(socketarg
);
2291 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
2294 socketname
= g_strdup(strrchr(socketarg
, '/'));
2296 socketarg
[strlen(socketarg
) - strlen(socketname
) -1] = 0;
2297 socketdir
= g_strdup(socketarg
);
2298 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
2301 if (chdir(datadir
)) {
2302 log_write("%s: %s", datadir
, strerror(errno
));
2307 if (parse_rcfile_keys() == FALSE
)
2310 clear_rcfile_keys();
2313 * Set the cache entry for a file. Prompts for the password.
2316 for (opt
= 0; cache_push
[opt
]; opt
++)
2317 do_cache_push(cache_push
[opt
], NULL
);
2319 g_strfreev(cache_push
);
2320 log_write(background
? N_("Done. Daemonizing...") : N_("Done. Waiting for connections..."));
2324 * bind() doesn't like the full pathname of the socket or any non alphanum
2325 * characters so change to the directory where the socket is wanted then
2326 * create it then change to datadir.
2328 if (chdir(socketdir
)) {
2329 log_write("%s: %s", socketdir
, strerror(errno
));
2335 if ((sockfd
= socket(PF_UNIX
, SOCK_STREAM
, 0)) == -1) {
2336 log_write("socket(): %s", strerror(errno
));
2340 addr
.sun_family
= AF_UNIX
;
2341 g_snprintf(addr
.sun_path
, sizeof(addr
.sun_path
), "%s", socketname
);
2343 if (bind(sockfd
, (struct sockaddr
*)&addr
, sizeof(struct sockaddr
)) == -1) {
2344 log_write("bind(): %s", strerror(errno
));
2346 if (errno
== EADDRINUSE
)
2347 log_write(N_("Either there is another pwmd running or '%s' is a \n"
2348 "stale socket. Please remove it manually."), socketpath
);
2354 if (g_key_file_has_key(keyfileh
, "global", "socket_perms", NULL
) == TRUE
) {
2355 gchar
*t
= g_key_file_get_string(keyfileh
, "global", "socket_perms", NULL
);
2356 mode_t mode
= strtol(t
, NULL
, 8);
2357 mode_t mask
= umask(0);
2361 if (chmod(socketname
, mode
) == -1) {
2362 log_write("%s: %s", socketname
, strerror(errno
));
2372 g_free(--socketname
);
2374 if (chdir(datadir
)) {
2375 log_write("%s: %s", datadir
, strerror(errno
));
2383 if (listen(sockfd
, 0) == -1) {
2384 log_write("listen(): %s", strerror(errno
));
2391 if (startStopTcp(FALSE
) == FALSE
)
2398 log_write("fork(): %s", strerror(errno
));
2411 server_loop(sockfd
, &socketpath
);
2412 estatus
= EXIT_SUCCESS
;
2415 if (socketpath
&& do_unlink
) {
2422 gnutls_global_deinit();
2425 g_key_file_free(keyfileh
);
2428 xmlCleanupGlobals();
2430 if (estatus
== EXIT_SUCCESS
)
2431 log_write(N_("pwmd exiting normally"));
2433 #if defined(DEBUG) && !defined(MEM_DEBUG)