search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix ACL crash for non-existing user.
[pwmd.git] / src / rcfile.c
blob1e8f7a118c8f734c85dc46f6212b50037b5cbd3a
1 /*
2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
4
5 This file is part of pwmd.
6
7 Pwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
11
12 Pwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with Pwmd. If not, see <http://www.gnu.org/licenses/>.
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <fcntl.h>
29 #include <errno.h>
30 #include <ctype.h>
31 #include <pwd.h>
32 #include <grp.h>
33
34 #include "pwmd-error.h"
35 #include <gcrypt.h>
36 #include "mutex.h"
37 #include "rcfile.h"
38 #include "util-misc.h"
39 #include "common.h"
40 #include "util-slist.h"
41 #include "util-string.h"
42 #include "mem.h"
43
44 #define DEFAULT_PINENTRY_TIMEOUT "30"
45 #define DEFAULT_CACHE_TIMEOUT "600"
46 #define DEFAULT_KEEPALIVE_INTERVAL "60"
47 #define DEFAULT_LOCK_TIMEOUT "50" // MUTEX_TRYLOCK in tenths of a second
48
49 #define INVALID_VALUE(file, line) do { \
50 if (file) \
51 log_write(_("%s(%i): invalid value for parameter."), file, line); \
52 } while (0);
53
54 enum
55 {
56 PARAM_INT, PARAM_CHARP, PARAM_LONG, PARAM_LONGLONG, PARAM_CHARPP,
57 PARAM_BOOL, PARAM_ULONG, PARAM_ULONGLONG
58 };
59
60 static struct config_params_s
61 {
62 char *name;
63 int type;
64 char *value;
65 } config_params[] = {
66 { "backup", PARAM_BOOL, "true"},
67 { "socket_path", PARAM_CHARP, NULL},
68 { "socket_perms", PARAM_CHARP, NULL},
69 { "passphrase", PARAM_CHARP, NULL},
70 { "passphrase_file", PARAM_CHARP, NULL},
71 { "gpg_agent_socket", PARAM_CHARP, NULL},
72 { "log_path", PARAM_CHARP, "~/.pwmd/log"},
73 { "enable_logging", PARAM_BOOL, "0"},
74 { "log_keepopen", PARAM_BOOL, "true"},
75 { "log_level", PARAM_INT, "0"},
76 { "disable_mlockall", PARAM_BOOL, "true"},
77 { "cache_timeout", PARAM_INT, DEFAULT_CACHE_TIMEOUT},
78 { "cache_push", PARAM_CHARPP, NULL},
79 { "disable_list_and_dump", PARAM_BOOL, "false"},
80 { "recursion_depth", PARAM_INT, "100"},
81 { "syslog", PARAM_BOOL, "false"},
82 { "xfer_progress", PARAM_INT, "8196"},
83 { "allowed", PARAM_CHARPP, NULL},
84 { "allowed_file", PARAM_CHARP, NULL},
85 { "keyparam", PARAM_CHARP, "(genkey (rsa (nbits 4:2048)))"},
86 { "cipher", PARAM_CHARP, "aes256"},
87 { "kill_scd", PARAM_BOOL, "false"},
88 { "cipher_iterations", PARAM_ULONGLONG, "0"},
89 { "cipher_progress", PARAM_LONG, DEFAULT_ITERATION_PROGRESS},
90 { "priority", PARAM_INT, INVALID_PRIORITY},
91 { "keepalive_interval", PARAM_INT, DEFAULT_KEEPALIVE_INTERVAL},
92 { "tcp_port", PARAM_INT, "6466"},
93 { "enable_tcp", PARAM_BOOL, "false"},
94 { "tcp_require_key", PARAM_BOOL, "false"},
95 { "tcp_wait", PARAM_INT, "0"},
96 { "tcp_bind", PARAM_CHARP, "any"},
97 { "tcp_interface", PARAM_CHARP, NULL},
98 { "tls_timeout", PARAM_INT, "300"},
99 { "tls_cipher_suite", PARAM_CHARP, "SECURE256:SECURE192:SECURE128:-VERS-SSL3.0"},
100 { "tls_dh_level", PARAM_CHARP, "medium"},
101 { "pinentry_path", PARAM_CHARP, PINENTRY_PATH},
102 { "pinentry_timeout", PARAM_INT, DEFAULT_PINENTRY_TIMEOUT},
103 { "use_agent", PARAM_BOOL, "false"},
104 { "require_save_key", PARAM_BOOL, "true"},
105 { "invoking_user", PARAM_CHARPP, NULL},
106 { "invoking_file", PARAM_CHARP, NULL},
107 { "invoking_tls", PARAM_CHARP, NULL},
108 { "lock_timeout", PARAM_INT, DEFAULT_LOCK_TIMEOUT},
109 { "send_state", PARAM_INT, "2"},
110 { NULL, 0, NULL},
111 };
112
113 struct config_param_s
114 {
115 char *name;
116 int type;
117 union
118 {
119 int itype;
120 char *cptype;
121 char **cpptype;
122 long ltype;
123 long long lltype;
124 unsigned long ultype;
125 unsigned long long ulltype;
126 } value;
127 };
128
129 static struct config_section_s *config_find_section (struct slist_s *config,
130 const char *name);
131 static int new_param (struct config_section_s *section, const char *filename,
132 int lineno, const char *name, const char *value,
133 int type);
134 static void free_section (struct config_section_s *s);
135 static int set_defaults (struct slist_s **config, int reload);
136
137 static void
138 section_remove_param (struct config_section_s *section, const char *name)
139 {
140 unsigned i, t = slist_length (section->params);
141
142 for (i = 0; i < t; i++)
143 {
144 struct config_param_s *p = slist_nth_data (section->params, i);
145
146 if (!p)
147 continue;
148
149 if (!strcmp (p->name, name))
150 {
151 switch (p->type)
152 {
153 case PARAM_CHARP:
154 xfree (p->value.cptype);
155 break;
156 case PARAM_CHARPP:
157 strv_free (p->value.cpptype);
158 break;
159 }
160
161 section->params = slist_remove (section->params, p);
162 xfree (p->name);
163 xfree (p);
164 break;
165 }
166 }
167 }
168
169 void
170 config_clear_keys ()
171 {
172 MUTEX_LOCK (&rcfile_mutex);
173 unsigned i, t = slist_length (global_config);
174
175 for (i = 0; i < t; i++)
176 {
177 struct config_section_s *s = slist_nth_data (global_config, i);
178 if (!s)
179 continue;
180
181 section_remove_param (s, "passphrase");
182 }
183
184 MUTEX_UNLOCK (&rcfile_mutex);
185 }
186
187 static struct config_param_s *
188 config_has_param (struct config_section_s *s, const char *what)
189 {
190 unsigned i, t = slist_length (s->params);
191
192 for (i = 0; i < t; i++)
193 {
194 struct config_param_s *p = slist_nth_data (s->params, i);
195 if (!p)
196 break;
197
198 if (!strcmp (p->name, what))
199 return p;
200 }
201
202 return NULL;
203 }
204
205 static struct config_param_s *
206 config_get_param (struct slist_s *config,
207 const char *section, const char *what, int *exists)
208 {
209 unsigned i, t = slist_length (config);
210
211 *exists = 0;
212
213 for (i = 0; i < t; i++)
214 {
215 struct config_param_s *p;
216 struct config_section_s *s = slist_nth_data (config, i);
217
218 if (!s)
219 break;
220
221 if (strcmp (s->name, section))
222 continue;
223
224 p = config_has_param (s, what);
225 if (!p)
226 return NULL;
227
228 *exists = 1;
229 return p;
230 }
231
232 return NULL;
233 }
234
235 static struct config_section_s *
236 new_section (struct slist_s **config, const char *name)
237 {
238 struct slist_s *tmp;
239 struct config_section_s *s = xcalloc (1, sizeof (struct config_section_s));
240
241 if (!s)
242 return NULL;
243
244 s->name = str_dup (name);
245 if (!s->name)
246 {
247 log_write ("%s", pwmd_strerror (ENOMEM));
248 xfree (s);
249 return NULL;
250 }
251
252 tmp = slist_append (*config, s);
253 if (!tmp)
254 {
255 log_write ("%s", pwmd_strerror (ENOMEM));
256 xfree (s->name);
257 xfree (s);
258 return NULL;
259 }
260
261 *config = tmp;
262 return s;
263 }
264
265 int
266 config_set_string_param (struct slist_s **config, const char *section,
267 const char *name, const char *value)
268 {
269 struct config_section_s *s = config_find_section (*config, section);
270
271 if (!s)
272 {
273 s = new_section (config, section);
274 if (!s)
275 return 1;
276 }
277
278 return new_param (s, NULL, 0, name, value, PARAM_CHARP);
279 }
280
281 char *
282 config_get_string_param (struct slist_s *config, const char *section,
283 const char *what, int *exists)
284 {
285 struct config_param_s *p = config_get_param (config, section, what, exists);
286 return *exists && p->value.cptype ? str_dup (p->value.cptype) : NULL;
287 }
288
289 int
290 config_set_int_param (struct slist_s **config, const char *section,
291 const char *name, const char *value)
292 {
293 struct config_section_s *s = config_find_section (*config, section);
294
295 if (!s)
296 {
297 s = new_section (config, section);
298 if (!s)
299 return 1;
300 }
301
302 return new_param (s, NULL, 0, name, value, PARAM_INT);
303 }
304
305 int
306 config_get_int_param (struct slist_s *config, const char *section,
307 const char *what, int *exists)
308 {
309 struct config_param_s *p = config_get_param (config, section, what, exists);
310 return *exists ? p->value.itype : -1;
311 }
312
313 int
314 config_set_bool_param (struct slist_s **config, const char *section,
315 const char *name, const char *value)
316 {
317 struct config_section_s *s = config_find_section (*config, section);
318
319 if (!s)
320 {
321 s = new_section (config, section);
322 if (!s)
323 return 1;
324 }
325
326 return new_param (s, NULL, 0, name, value, PARAM_BOOL);
327 }
328
329 int
330 config_get_bool_param (struct slist_s *config, const char *section,
331 const char *what, int *exists)
332 {
333 return config_get_int_param (config, section, what, exists);
334 }
335
336 int
337 config_set_long_param (struct slist_s **config, const char *section,
338 const char *name, const char *value)
339 {
340 struct config_section_s *s = config_find_section (*config, section);
341
342 if (!s)
343 {
344 s = new_section (config, section);
345 if (!s)
346 return 1;
347 }
348
349 return new_param (s, NULL, 0, name, value, PARAM_LONG);
350 }
351
352 unsigned long
353 config_get_ulong_param (struct slist_s *config, const char *section,
354 const char *what, int *exists)
355 {
356 struct config_param_s *p = config_get_param (config, section, what, exists);
357 return *exists ? p->value.ultype : 0;
358 }
359
360 long
361 config_get_long_param (struct slist_s *config, const char *section,
362 const char *what, int *exists)
363 {
364 struct config_param_s *p = config_get_param (config, section, what, exists);
365 return *exists ? p->value.ltype : -1;
366 }
367
368 int
369 config_set_longlong_param (struct slist_s **config, const char *section,
370 const char *name, const char *value)
371 {
372 struct config_section_s *s = config_find_section (*config, section);
373
374 if (!s)
375 {
376 s = new_section (config, section);
377 if (!s)
378 return 1;
379 }
380
381 return new_param (s, NULL, 0, name, value, PARAM_LONGLONG);
382 }
383
384 long long
385 config_get_longlong_param (struct slist_s *config,
386 const char *section, const char *what, int *exists)
387 {
388 struct config_param_s *p = config_get_param (config, section, what, exists);
389 return *exists ? p->value.lltype : -1;
390 }
391
392 unsigned long long
393 config_get_ulonglong_param (struct slist_s *config,
394 const char *section,
395 const char *what, int *exists)
396 {
397 struct config_param_s *p = config_get_param (config, section, what, exists);
398 return *exists ? p->value.ulltype : 0;
399 }
400
401 int
402 config_set_list_param (struct slist_s **config, const char *section,
403 const char *name, const char *value)
404 {
405 struct config_section_s *s = config_find_section (*config, section);
406
407 if (!s)
408 {
409 s = new_section (config, section);
410 if (!s)
411 return 1;
412 }
413
414 return new_param (s, NULL, 0, name, value, PARAM_CHARPP);
415 }
416
417 char **
418 config_get_list_param (struct slist_s *config, const char *section,
419 const char *what, int *exists)
420 {
421 struct config_param_s *p = config_get_param (config, section, what, exists);
422 return *exists && p->value.cpptype ? strv_dup (p->value.cpptype) : NULL;
423 }
424
425 char *
426 config_get_string (const char *section, const char *what)
427 {
428 char *val = NULL;
429 const char *where = section ? section : "global";
430 int exists = 0;
431
432 MUTEX_LOCK (&rcfile_mutex);
433 val = config_get_string_param (global_config, where, what, &exists);
434 if (!exists && strcmp (section ? section : "", "global"))
435 val = config_get_string_param (global_config, "global", what, &exists);
436
437 MUTEX_UNLOCK (&rcfile_mutex);
438 return val;
439 }
440
441 char **
442 config_get_list (const char *section, const char *what)
443 {
444 char **val = NULL;
445 const char *where = section ? section : "global";
446 int exists = 0;
447
448 MUTEX_LOCK (&rcfile_mutex);
449 val = config_get_list_param (global_config, where, what, &exists);
450 if (!exists && strcmp (section ? section : "", "global"))
451 val = config_get_list_param (global_config, "global", what, &exists);
452
453 MUTEX_UNLOCK (&rcfile_mutex);
454 return val;
455 }
456
457 int
458 config_get_integer (const char *section, const char *what)
459 {
460 int val = 0;
461 const char *where = section ? section : "global";
462 int exists = 0;
463
464 MUTEX_LOCK (&rcfile_mutex);
465 val = config_get_int_param (global_config, where, what, &exists);
466 if (!exists && strcmp (section ? section : "", "global"))
467 val = config_get_int_param (global_config, "global", what, &exists);
468
469 MUTEX_UNLOCK (&rcfile_mutex);
470 return val;
471 }
472
473 long long
474 config_get_longlong (const char *section, const char *what)
475 {
476 long long val = 0;
477 const char *where = section ? section : "global";
478 int exists = 0;
479
480 MUTEX_LOCK (&rcfile_mutex);
481 val = config_get_longlong_param (global_config, where, what, &exists);
482 if (!exists && strcmp (section ? section : "", "global"))
483 val = config_get_longlong_param (global_config, "global", what, &exists);
484
485 MUTEX_UNLOCK (&rcfile_mutex);
486 return val;
487 }
488
489 unsigned long long
490 config_get_ulonglong (const char *section, const char *what)
491 {
492 unsigned long long val = 0;
493 const char *where = section ? section : "global";
494 int exists = 0;
495
496 MUTEX_LOCK (&rcfile_mutex);
497 val = config_get_ulonglong_param (global_config, where, what, &exists);
498 if (!exists && strcmp (section ? section : "", "global"))
499 val = config_get_ulonglong_param (global_config, "global", what, &exists);
500
501 MUTEX_UNLOCK (&rcfile_mutex);
502 return val;
503 }
504
505 long
506 config_get_long (const char *section, const char *what)
507 {
508 long val = 0;
509 const char *where = section ? section : "global";
510 int exists = 0;
511
512 MUTEX_LOCK (&rcfile_mutex);
513 val = config_get_long_param (global_config, where, what, &exists);
514 if (!exists && strcmp (section ? section : "", "global"))
515 val = config_get_long_param (global_config, "global", what, &exists);
516
517 MUTEX_UNLOCK (&rcfile_mutex);
518 return val;
519 }
520
521 unsigned long
522 config_get_ulong (const char *section, const char *what)
523 {
524 unsigned long val = 0;
525 const char *where = section ? section : "global";
526 int exists = 0;
527
528 MUTEX_LOCK (&rcfile_mutex);
529 val = config_get_ulong_param (global_config, where, what, &exists);
530 if (!exists && strcmp (section ? section : "", "global"))
531 val = config_get_ulong_param (global_config, "global", what, &exists);
532
533 MUTEX_UNLOCK (&rcfile_mutex);
534 return val;
535 }
536
537 int
538 config_get_boolean (const char *section, const char *what)
539 {
540 return config_get_integer (section, what);
541 }
542
543 char *
544 config_get_value (const char *section, const char *what)
545 {
546 const char *where = section ? section : "global";
547 int exists = 0;
548 int i;
549 int ival;
550 long lval;
551 long long llval;
552 unsigned long ulval;
553 unsigned long long ullval;
554 char *cpval;
555 char **cppval;
556 char *result = NULL;
557
558 MUTEX_LOCK (&rcfile_mutex);
559
560 for (i = 0; config_params[i].name; i++)
561 {
562 if (!strcmp (config_params[i].name, what))
563 {
564 switch (config_params[i].type)
565 {
566 case PARAM_BOOL:
567 case PARAM_INT:
568 ival = config_get_int_param (global_config, where, what,
569 &exists);
570 if (!exists && strcmp (section ? section : "", "global"))
571 ival = config_get_int_param (global_config, "global", what,
572 &exists);
573 result = str_asprintf ("%i", ival);
574 break;
575 case PARAM_CHARP:
576 cpval = config_get_string_param (global_config, where, what,
577 &exists);
578 if (!exists && strcmp (section ? section : "", "global"))
579 cpval =
580 config_get_string_param (global_config, "global", what,
581 &exists);
582 result = cpval;
583 break;
584 case PARAM_LONG:
585 lval = config_get_long_param (global_config, where, what,
586 &exists);
587 if (!exists && strcmp (section ? section : "", "global"))
588 lval = config_get_long_param (global_config, "global", what,
589 &exists);
590 result = str_asprintf ("%li", lval);
591 break;
592 case PARAM_ULONG:
593 ulval = config_get_ulong_param (global_config, where, what,
594 &exists);
595 if (!exists && strcmp (section ? section : "", "global"))
596 ulval = config_get_ulong_param (global_config, "global", what,
597 &exists);
598 result = str_asprintf ("%lu", ulval);
599 break;
600 case PARAM_LONGLONG:
601 llval = config_get_longlong_param (global_config, where, what,
602 &exists);
603 if (!exists && strcmp (section ? section : "", "global"))
604 llval = config_get_longlong_param (global_config, "global",
605 what, &exists);
606 result = str_asprintf ("%lli", llval);
607 break;
608 case PARAM_ULONGLONG:
609 ullval = config_get_ulonglong_param (global_config, where, what,
610 &exists);
611 if (!exists && strcmp (section ? section : "", "global"))
612 ullval = config_get_ulonglong_param (global_config, "global",
613 what, &exists);
614 result = str_asprintf ("%llu", ullval);
615 break;
616 case PARAM_CHARPP:
617 cppval = config_get_list_param (global_config, where, what,
618 &exists);
619 if (!exists && strcmp (section ? section : "", "global"))
620 cppval = config_get_list_param (global_config, "global", what,
621 &exists);
622
623 if (cppval)
624 result = strv_join (",", cppval);
625
626 strv_free (cppval);
627 break;
628 }
629 }
630 }
631
632 MUTEX_UNLOCK (&rcfile_mutex);
633 return result;
634 }
635
636 /* 'file' is the list parameter file to load into the list parameter 'what'.
637 * The parsing of the parameter is not done here. */
638 static gpg_error_t
639 parse_list_file (struct slist_s *config, const char *section,
640 const char *file, const char *what)
641 {
642 FILE *fp;
643 char buf[LINE_MAX];
644 int exists;
645 char **list = NULL;
646 char *tmp;
647 char *p = config_get_string_param (config, section, file, &exists);
648 gpg_error_t rc;
649
650 if (!p || !*p)
651 {
652 xfree (p);
653 return 0;
654 }
655
656 tmp = expand_homedir (p);
657 xfree (p);
658 p = tmp;
659 fp = fopen (p, "r");
660 if (!fp)
661 {
662 rc = gpg_error_from_errno (errno);
663 log_write ("%s: %s", p, pwmd_strerror (rc));
664 xfree (p);
665 return rc;
666 }
667
668 xfree (p);
669 list = config_get_list_param (config, section, what, &exists);
670 if (!list && exists)
671 {
672 fclose (fp);
673 log_write ("%s", pwmd_strerror (ENOMEM));
674 return gpg_error (ENOMEM);
675 }
676
677 while ((p = fgets (buf, sizeof (buf), fp)))
678 {
679 char **pp = NULL;
680
681 if (p[strlen(p)-1] == '\n')
682 p[strlen(p)-1] = 0;
683
684 while (*p && isspace (*p))
685 p++;
686
687 if (!*p)
688 continue;
689
690 tmp = str_dup (p);
691 if (tmp)
692 pp = strv_cat (list, str_dup (p));
693
694 if (!pp || !tmp)
695 {
696 xfree (tmp);
697 strv_free (list);
698 fclose (fp);
699 log_write ("%s", strerror (ENOMEM));
700 return gpg_error (ENOMEM);
701 }
702
703 xfree (tmp);
704 list = pp;
705 }
706
707 fclose(fp);
708 if (!list)
709 return 0;
710
711 p = strv_join (",", list);
712 strv_free (list);
713
714 if (!p)
715 {
716 log_write ("%s", pwmd_strerror (ENOMEM));
717 return gpg_error (ENOMEM);
718 }
719
720 config_set_list_param (&config, section, what, p);
721 xfree (p);
722 return 0;
723 }
724
725 static int
726 fixup_allowed_once (struct slist_s **config, const char *section)
727 {
728 char **list, **pp, *p;
729 int exists;
730 gpg_error_t rc;
731
732 rc = parse_list_file (*config, section, "allowed_file", "allowed");
733 if (rc)
734 return 1;
735
736 list = config_get_list_param (*config, section, "allowed", &exists);
737 for (pp = list; pp && *pp; pp++)
738 {
739 if (*(*pp) == '#')
740 {
741 for (p = *pp; p && *p; p++)
742 *p = toupper(*p);
743 }
744 }
745
746 strv_free (list);
747 if (!exists)
748 {
749 if (!strcmp (section, "global"))
750 {
751 p = get_username (getuid());
752
753 if (config_set_list_param (config, section, "allowed", p))
754 {
755 xfree (p);
756 return 1;
757 }
758
759 xfree (p);
760 }
761 else
762 {
763 list = config_get_list_param (*config, "global", "allowed", &exists);
764 if (list)
765 {
766 p = strv_join (",", list);
767 strv_free (list);
768 if (config_set_list_param (config, section, "allowed", p))
769 {
770 xfree (p);
771 return 1;
772 }
773
774 xfree (p);
775 }
776 }
777 }
778
779 return 0;
780 }
781
782 static int
783 fixup_allowed (struct slist_s **config)
784 {
785 int n, t = slist_length (*config);
786
787 for (n = 0; n < t; n++)
788 {
789 struct config_section_s *section;
790
791 section = slist_nth_data (*config, n);
792 if (fixup_allowed_once (config, section->name))
793 return 1;
794 }
795
796 return 0;
797 }
798
799 static int
800 add_invoking_user (struct invoking_user_s **users, char *id,
801 struct slist_s **config)
802 {
803 struct passwd *pwd = NULL;
804 struct group *grp = NULL;
805 struct invoking_user_s *user, *p;
806 int not = 0;
807
808 if (id && (*id == '!' || *id == '-'))
809 {
810 not = 1;
811 id++;
812 }
813
814 errno = 0;
815 if (!id || !*id)
816 {
817 pwd = getpwuid (getuid ());
818 if (!pwd)
819 {
820 log_write (_("could not set any invoking user: %s"),
821 pwmd_strerror (errno));
822 return 1;
823 }
824 }
825 else if (*id == '@')
826 {
827 grp = getgrnam (id+1);
828 if (!grp)
829 {
830 log_write (_("could not parse group '%s': %s"), id+1,
831 pwmd_strerror (errno));
832 return 1;
833 }
834 }
835 else if (*id != '#')
836 pwd = getpwnam (id);
837
838 if (!grp && !pwd && id && *id != '#')
839 {
840 if (id && *id)
841 log_write (_("could not set invoking user '%s': %s"), id,
842 pwmd_strerror (errno));
843 else
844 log_write (_("could not set any invoking user!"));
845
846 return 1;
847 }
848
849 user = xcalloc (1, sizeof (struct invoking_user_s));
850 if (!user)
851 {
852 log_write ("%s", pwmd_strerror (ENOMEM));
853 return 1;
854 }
855
856 user->not = not;
857 user->type = pwd ? INVOKING_UID : grp ? INVOKING_GID : INVOKING_TLS;
858 if (pwd)
859 user->uid = pwd->pw_uid;
860 else if (grp)
861 user->id = str_dup (id+1);
862 else
863 {
864 char *s;
865
866 for (s = id; s && *s; s++)
867 *s = toupper(*s);
868
869 user->id = str_dup (id+1);
870 }
871
872 /* Set the default invoking_user since it doesn't exist. */
873 if (!id || !*id)
874 config_set_list_param (config, "global", "invoking_user", pwd->pw_name);
875
876 if (!*users)
877 {
878 *users = user;
879 return 0;
880 }
881
882 for (p = *users; p; p = p->next)
883 {
884 if (!p->next)
885 {
886 p->next = user;
887 break;
888 }
889 }
890
891 return 0;
892 }
893
894 static int
895 parse_invoking_users (struct slist_s **config)
896 {
897 struct invoking_user_s *users = NULL;
898 int exists;
899 char **list, **l;
900
901 if (parse_list_file (*config, "global", "invoking_file", "invoking_user"))
902 return 1;
903
904 list = config_get_list_param(*config, "global", "invoking_user", &exists);
905 for (l = list; l && *l; l++)
906 {
907 if (add_invoking_user (&users, *l, config))
908 {
909 strv_free (list);
910 free_invoking_users (users);
911 return 1;
912 }
913 }
914
915 if (!list || !*list)
916 {
917 if (add_invoking_user (&users, NULL, config))
918 {
919 strv_free (list);
920 return 1;
921 }
922
923 strv_free (list);
924 list = config_get_list_param(*config, "global", "invoking_user", &exists);
925 }
926
927 #ifdef WITH_GNUTLS
928 /* This option is deprecated. Parse it into invoking_user. */
929 char *tls = config_get_string_param(*config, "global", "invoking_tls",
930 &exists);
931 if (tls)
932 {
933 char *p;
934 char **pp;
935
936 if (add_invoking_user (&users, tls, config))
937 {
938 free_invoking_users (users);
939 return 1;
940 }
941
942 pp = strv_cat (list, tls);
943 if (!pp)
944 {
945 strv_free (list);
946 free_invoking_users (users);
947 log_write ("%s", pwmd_strerror (ENOMEM));
948 return 1;
949 }
950
951 list = pp;
952 p = strv_join (",", list);
953 strv_free (list);
954 config_set_list_param (config, "global", "invoking_user", p);
955 xfree (p);
956 }
957 #endif
958
959 free_invoking_users (invoking_users);
960 invoking_users = users;
961 return 0;
962 }
963
964 static int
965 set_defaults (struct slist_s **config, int reload)
966 {
967 char *s = NULL, *tmp;
968 char **list;
969 int exists;
970 int i;
971
972 for (i = 0; config_params[i].name; i++)
973 {
974 switch (config_params[i].type)
975 {
976 case PARAM_BOOL:
977 config_get_bool_param (*config, "global", config_params[i].name,
978 &exists);
979 if (!exists)
980 {
981 if (config_set_bool_param
982 (config, "global", config_params[i].name,
983 config_params[i].value))
984 goto fail;
985 }
986 break;
987 case PARAM_INT:
988 config_get_int_param (*config, "global", config_params[i].name,
989 &exists);
990 if (!exists)
991 {
992 if (config_set_int_param
993 (config, "global", config_params[i].name,
994 config_params[i].value))
995 goto fail;
996 }
997 break;
998 case PARAM_CHARP:
999 s = config_get_string_param (*config, "global",
1000 config_params[i].name, &exists);
1001 xfree (s);
1002 if (!exists && config_params[i].value)
1003 {
1004 if (config_set_string_param (config, "global",
1005 config_params[i].name,
1006 config_params[i].value))
1007 goto fail;
1008 }
1009 break;
1010 case PARAM_CHARPP:
1011 list = config_get_list_param (*config, "global",
1012 config_params[i].name, &exists);
1013 strv_free (list);
1014 if (!exists && config_params[i].value)
1015 {
1016 if (config_set_list_param (config, "global",
1017 config_params[i].name,
1018 config_params[i].value))
1019 goto fail;
1020 }
1021 break;
1022 case PARAM_LONG:
1023 config_get_long_param (*config, "global", config_params[i].name,
1024 &exists);
1025 if (!exists)
1026 {
1027 if (config_set_long_param
1028 (config, "global", config_params[i].name,
1029 config_params[i].value))
1030 goto fail;
1031 }
1032 break;
1033 case PARAM_LONGLONG:
1034 config_get_longlong_param (*config, "global", config_params[i].name,
1035 &exists);
1036 if (!exists)
1037 {
1038 if (config_set_longlong_param (config, "global",
1039 config_params[i].name,
1040 config_params[i].value))
1041 goto fail;
1042 }
1043 break;
1044 }
1045 }
1046
1047 s = NULL;
1048 if (!reload && fixup_allowed (config))
1049 goto fail;
1050
1051 max_recursion_depth = config_get_int_param (*config, "global",
1052 "recursion_depth", &exists);
1053 disable_list_and_dump = config_get_bool_param (*config, "global",
1054 "disable_list_and_dump",
1055 &exists);
1056 #ifdef HAVE_MLOCKALL
1057 disable_mlock =
1058 config_get_bool_param (*config, "global", "disable_mlockall", &exists);
1059 #endif
1060
1061 if (!reload && parse_invoking_users (config))
1062 goto fail;
1063
1064 s = config_get_string_param(*config, "global", "gpg_agent_socket", &exists);
1065 if (!s || !*s)
1066 {
1067 xfree (s);
1068 s = str_asprintf ("%s/.gnupg/S.gpg-agent", get_home_dir());
1069 config_set_string_param(config, "global", "gpg_agent_socket", s);
1070 }
1071 else
1072 {
1073 tmp = expand_homedir (s);
1074 config_set_string_param(config, "global", "gpg_agent_socket", tmp);
1075 xfree (tmp);
1076 }
1077
1078 xfree (s);
1079 return 0;
1080
1081 fail:
1082 xfree (s);
1083 return 1;
1084 }
1085
1086 static struct config_section_s *
1087 config_find_section (struct slist_s *config, const char *name)
1088 {
1089 unsigned i, t = slist_length (config);
1090
1091 for (i = 0; i < t; i++)
1092 {
1093 struct config_section_s *s = slist_nth_data (config, i);
1094
1095 if (!strcmp (s->name, name))
1096 return s;
1097 }
1098
1099 return NULL;
1100 }
1101
1102 /* Append a new parameter to the list of parameters for a file
1103 * section. When an existing parameter of the same name exists, its
1104 * value is updated.
1105 */
1106 static int
1107 new_param (struct config_section_s *section, const char *filename, int lineno,
1108 const char *name, const char *value, int type)
1109 {
1110 struct config_param_s *param = NULL;
1111 struct slist_s *tmp;
1112 char *e;
1113 unsigned i, t = slist_length (section->params);
1114 int dup = 0;
1115
1116 for (i = 0; i < t; i++)
1117 {
1118 struct config_param_s *p = slist_nth_data (section->params, i);
1119 if (!p)
1120 break;
1121
1122 if (!strcmp (name, p->name))
1123 {
1124 param = p;
1125 dup = 1;
1126 break;
1127 }
1128 }
1129
1130 if (!param)
1131 {
1132 param = xcalloc (1, sizeof (struct config_param_s));
1133 if (!param)
1134 {
1135 log_write ("%s", pwmd_strerror (ENOMEM));
1136 return 1;
1137 }
1138
1139 param->name = str_dup (name);
1140 if (!param->name)
1141 {
1142 xfree (param);
1143 log_write ("%s", pwmd_strerror (ENOMEM));
1144 return 1;
1145 }
1146 }
1147
1148 param->type = type;
1149
1150 switch (type)
1151 {
1152 case PARAM_BOOL:
1153 if (!strcasecmp (value, "no") || !strcasecmp (value, "0")
1154 || !strcasecmp (value, "false"))
1155 param->value.itype = 0;
1156 else if (!strcasecmp (value, "yes") || !strcasecmp (value, "1")
1157 || !strcasecmp (value, "true"))
1158 param->value.itype = 1;
1159 else
1160 {
1161 INVALID_VALUE (filename, lineno);
1162 goto fail;
1163 }
1164 param->type = PARAM_INT;
1165 break;
1166 case PARAM_CHARP:
1167 xfree (param->value.cptype);
1168 param->value.cptype = NULL;
1169 param->value.cptype = value && *value ? str_dup (value) : NULL;
1170 if (value && *value && !param->value.cptype)
1171 {
1172 log_write ("%s", pwmd_strerror (ENOMEM));
1173 goto fail;
1174 }
1175 break;
1176 case PARAM_CHARPP:
1177 strv_free (param->value.cpptype);
1178 param->value.cpptype = NULL;
1179 param->value.cpptype = value && *value ? str_split (value, ",", 0) : NULL;
1180 if (value && *value && !param->value.cpptype)
1181 {
1182 log_write ("%s", pwmd_strerror (ENOMEM));
1183 goto fail;
1184 }
1185 break;
1186 case PARAM_INT:
1187 param->value.itype = strtol (value, &e, 10);
1188 if (e && *e)
1189 {
1190 INVALID_VALUE (filename, lineno);
1191 goto fail;
1192 }
1193 break;
1194 case PARAM_LONG:
1195 param->value.ltype = strtol (value, &e, 10);
1196 if (e && *e)
1197 {
1198 INVALID_VALUE (filename, lineno);
1199 goto fail;
1200 }
1201 break;
1202 case PARAM_LONGLONG:
1203 param->value.lltype = strtoll (value, &e, 10);
1204 if (e && *e)
1205 {
1206 INVALID_VALUE (filename, lineno);
1207 goto fail;
1208 }
1209 break;
1210 case PARAM_ULONGLONG:
1211 param->value.ulltype = strtoull (value, &e, 10);
1212 if (e && *e)
1213 {
1214 INVALID_VALUE (filename, lineno);
1215 goto fail;
1216 }
1217 break;
1218 case PARAM_ULONG:
1219 param->value.ultype = strtoul (value, &e, 10);
1220 if (e && *e)
1221 {
1222 INVALID_VALUE (filename, lineno);
1223 goto fail;
1224 }
1225 break;
1226 }
1227
1228 if (dup)
1229 return 0;
1230
1231 tmp = slist_append (section->params, param);
1232 if (!tmp)
1233 {
1234 log_write ("%s", pwmd_strerror (ENOMEM));
1235 goto fail;
1236 }
1237
1238 section->params = tmp;
1239 return 0;
1240
1241 fail:
1242 xfree (param->name);
1243 xfree (param);
1244 return 1;
1245 }
1246
1247 struct slist_s *
1248 config_parse (const char *filename, int reload)
1249 {
1250 struct slist_s *tmpconfig = NULL, *tmp;
1251 struct config_section_s *cur_section = NULL;
1252 char buf[LINE_MAX];
1253 char *s;
1254 int lineno = 1;
1255 int have_global = 0;
1256 FILE *fp = fopen (filename, "r");
1257
1258 if (!fp)
1259 {
1260 log_write ("%s: %s", filename,
1261 pwmd_strerror (gpg_error_from_errno (errno)));
1262
1263 if (errno != ENOENT)
1264 return NULL;
1265
1266 log_write (_("Using defaults!"));
1267 goto defaults;
1268 }
1269
1270 for (; (s = fgets (buf, sizeof (buf), fp)); lineno++)
1271 {
1272 char line[LINE_MAX] = { 0 };
1273 size_t len = 0;
1274
1275 if (*s == '#')
1276 continue;
1277
1278 s = str_chomp (s);
1279 for (; s && *s; s++)
1280 {
1281 int match = 0;
1282
1283 /* New file section. */
1284 if (*s == '[')
1285 {
1286 struct config_section_s *section;
1287 char *p = strchr (++s, ']');
1288
1289 if (!p)
1290 {
1291 log_write (_("%s(%i): unbalanced braces"), filename,
1292 lineno);
1293 goto fail;
1294 }
1295
1296 len = strlen (s) - strlen (p);
1297 memcpy (line, s, len);
1298 line[len] = 0;
1299
1300 section = config_find_section (tmpconfig, line);
1301 if (section)
1302 {
1303 log_write (_("%s(%i): section '%s' already exists!"),
1304 filename, lineno, line);
1305 goto fail;
1306 }
1307
1308 if (!strcmp (line, "global"))
1309 have_global = 1;
1310
1311 section = xcalloc (1, sizeof (struct config_section_s));
1312 section->name = str_dup (line);
1313
1314 if (cur_section)
1315 {
1316 tmp = slist_append (tmpconfig, cur_section);
1317 if (!tmp)
1318 {
1319 log_write ("%s", pwmd_strerror (ENOMEM));
1320 goto fail;
1321 }
1322
1323 tmpconfig = tmp;
1324 }
1325
1326 cur_section = section;
1327 break;
1328 }
1329
1330 if (!cur_section)
1331 {
1332 log_write (_("%s(%i): parameter outside of section!"), filename,
1333 lineno);
1334 goto fail;
1335 }
1336
1337 /* Parameters for each section. */
1338 for (int m = 0; config_params[m].name; m++)
1339 {
1340 size_t len = strlen (config_params[m].name);
1341
1342 if (!strncmp (s, config_params[m].name, len))
1343 {
1344 char *p = s + len;
1345
1346 while (*p && *p == ' ')
1347 p++;
1348
1349 if (!*p || *p != '=')
1350 continue;
1351
1352 p++;
1353 while (*p && isspace (*p))
1354 p++;
1355
1356 s[len] = 0;
1357 if (new_param (cur_section, filename, lineno, s, p,
1358 config_params[m].type))
1359 goto fail;
1360
1361 match = 1;
1362 break;
1363 }
1364 }
1365
1366 if (!match)
1367 {
1368 log_write (_("%s(%i): unknown parameter"), filename, lineno);
1369 goto fail;
1370 }
1371
1372 break;
1373 }
1374 }
1375
1376 if (cur_section)
1377 {
1378 tmp = slist_append (tmpconfig, cur_section);
1379 if (!tmp)
1380 {
1381 log_write ("%s", pwmd_strerror (ENOMEM));
1382 goto fail;
1383 }
1384
1385 cur_section = NULL;
1386 tmpconfig = tmp;
1387 }
1388
1389 if (!have_global)
1390 log_write (_
1391 ("WARNING: %s: could not find a [global] configuration section!"),
1392 filename);
1393 else
1394 {
1395 int exists;
1396 char *tmp = config_get_string_param (tmpconfig, "global", "tls_dh_level",
1397 &exists);
1398 if (tmp)
1399 {
1400 if (strcasecmp (tmp, "low") && strcasecmp (tmp, "medium")
1401 && strcasecmp (tmp, "high"))
1402 {
1403 xfree (tmp);
1404 log_write (_("invalid tls_dh_level value"));
1405 goto fail;
1406 }
1407
1408 xfree (tmp);
1409 }
1410 }
1411
1412 defaults:
1413 if (set_defaults (&tmpconfig, reload))
1414 goto fail;
1415
1416 if (fp)
1417 fclose(fp);
1418
1419 return tmpconfig;
1420
1421 fail:
1422 if (fp)
1423 fclose (fp);
1424
1425 config_free (tmpconfig);
1426 free_section (cur_section);
1427 return NULL;
1428 }
1429
1430 static void
1431 free_section (struct config_section_s *s)
1432 {
1433 if (!s)
1434 return;
1435
1436 for (;;)
1437 {
1438 struct config_param_s *p = slist_nth_data (s->params, 0);
1439
1440 if (!p)
1441 break;
1442
1443 section_remove_param (s, p->name);
1444 }
1445
1446 s->params = NULL;
1447 xfree (s->name);
1448 s->name = NULL;
1449 }
1450
1451 void
1452 config_free (struct slist_s *config)
1453 {
1454 for (;;)
1455 {
1456 struct config_section_s *s = slist_nth_data (config, 0);
1457 if (!s)
1458 break;
1459
1460 free_section (s);
1461 config = slist_remove (config, s);
1462 xfree (s);
1463 }
1464 }
1465
1466 void
1467 free_invoking_users (struct invoking_user_s *users)
1468 {
1469 struct invoking_user_s *p;
1470
1471 for (p = users; p;)
1472 {
1473 struct invoking_user_s *next = p->next;
1474
1475 if (p->type == INVOKING_TLS || p->type == INVOKING_GID)
1476 xfree (p->id);
1477
1478 xfree (p);
1479 p = next;
1480 }
1481 }
A server for managing passphrases and anything else.