1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2008 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
38 #include <glib/gprintf.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
50 #include <sys/resource.h>
66 #include "pwmd_error.h"
71 GCRY_THREAD_OPTION_PTH_IMPL
;
73 static void clear_errorfile_key()
79 groups
= g_key_file_get_groups(keyfileh
, &n
);
81 for (p
= groups
; *p
; p
++) {
84 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
)
85 g_key_file_set_string(keyfileh
, *p
, "key", "");
91 static void reload_rcfile()
93 log_write(N_("reloading configuration file '%s'"), rcfile
);
94 g_key_file_free(keyfileh
);
95 keyfileh
= parse_rcfile(0);
96 clear_errorfile_key();
97 send_status_all(STATUS_CONFIG
);
100 gpg_error_t
send_syserror(assuan_context_t ctx
, gint e
)
102 gpg_error_t n
= gpg_error_from_errno(e
);
104 return assuan_process_done(ctx
, assuan_set_error(ctx
, n
, gpg_strerror(n
)));
107 gpg_error_t
send_error(assuan_context_t ctx
, gpg_error_t e
)
109 gpg_err_code_t n
= gpg_err_code(e
);
110 gpg_error_t code
= gpg_err_make(PWMD_ERR_SOURCE
, n
);
111 struct client_s
*client
= assuan_get_pointer(ctx
);
114 return assuan_process_done(ctx
, 0);
117 log_write("%s\n", pwmd_strerror(e
));
121 if (n
== EPWMD_LIBXML_ERROR
) {
122 xmlErrorPtr xe
= client
->xml_error
;
125 xe
= xmlGetLastError();
127 e
= assuan_process_done(ctx
, assuan_set_error(ctx
, code
, xe
->message
));
128 log_write("%s", xe
->message
);
130 if (xe
== client
->xml_error
)
135 client
->xml_error
= NULL
;
139 return assuan_process_done(ctx
, assuan_set_error(ctx
, code
, pwmd_strerror(e
)));
142 void log_write(const gchar
*fmt
, ...)
152 pth_t tid
= pth_self();
153 gchar tid_str
[12], *p
;
155 if ((!logfile
&& !isatty(STDERR_FILENO
) && log_syslog
== FALSE
) || !fmt
)
159 if ((fd
= open(logfile
, O_WRONLY
|O_CREAT
|O_APPEND
, 0600)) == -1) {
167 if (g_vasprintf(&args
, fmt
, ap
) == -1) {
175 attr
= pth_attr_of(tid
);
177 if (pth_attr_get(attr
, PTH_ATTR_NAME
, &name
) == FALSE
)
180 pth_attr_destroy(attr
);
181 g_snprintf(tid_str
, sizeof(tid_str
), "(%p)", tid
);
184 if (strncmp(p
+1, name
, 9) == 0)
187 if (log_syslog
== TRUE
)
188 syslog(LOG_INFO
, "%s%s: %s", name
, p
? p
: "", args
);
192 tm
= localtime(&now
);
193 strftime(tbuf
, sizeof(tbuf
), "%b %d %Y %H:%M:%S ", tm
);
194 tbuf
[sizeof(tbuf
) - 1] = 0;
196 if (args
[strlen(args
)-1] == '\n')
197 args
[strlen(args
)-1] = 0;
199 line
= g_strdup_printf("%s %i %s%s: %s\n", tbuf
, getpid(), name
,
211 write(fd
, line
, strlen(line
));
216 if (isatty(STDERR_FILENO
)) {
217 fprintf(stderr
, "%s", line
);
224 static void usage(gchar
*pn
)
227 "Usage: %s [-hvDn] [-f <rcfile>] [-I <filename> [-i <iter>]] [file1] [...]\n"
228 " -n run as a foreground process\n"
229 " -f load the specified rcfile (~/.pwmd/config)\n"
230 " -I import an XML file and write the encrypted data to stdout\n"
231 " -i encrypt with the specified number of iterations when importing\n"
232 " (config default in the \"global\" section)\n"
233 " -D disable use of the LIST and DUMP commands\n"
235 " -h this help text\n"
241 static int gcry_SecureCheck(const void *ptr
)
247 static void setup_gcrypt()
249 gcry_check_version(NULL
);
252 gcry_set_allocation_handler(xmalloc
, xmalloc
, gcry_SecureCheck
, xrealloc
,
256 if (gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_TEST_ALGO
, NULL
,
258 errx(EXIT_FAILURE
, N_("Required AES cipher not supported by libgcrypt."));
260 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_KEYLEN
, NULL
, &gcrykeysize
);
261 gcry_cipher_algo_info(GCRY_CIPHER_AES256
, GCRYCTL_GET_BLKLEN
, NULL
, &gcryblocksize
);
264 static gint
new_connection(struct client_s
*cl
)
267 gchar ver
[ASSUAN_LINELENGTH
];
269 rc
= assuan_init_socket_server_ext(&cl
->ctx
, cl
->thd
->fd
, 2);
274 assuan_set_pointer(cl
->ctx
, cl
);
275 g_snprintf(ver
, sizeof(ver
), "%s", PACKAGE_STRING
);
276 assuan_set_hello_line(cl
->ctx
, ver
);
277 rc
= register_commands(cl
->ctx
);
282 rc
= assuan_accept(cl
->ctx
);
290 assuan_deinit_server(cl
->ctx
);
291 log_write("%s", gpg_strerror(rc
));
295 gpg_error_t
send_status(assuan_context_t ctx
, status_msg_t which
)
298 struct client_s
*client
= assuan_get_pointer(ctx
);
299 gchar buf
[ASSUAN_LINELENGTH
];
300 gchar
*status
= NULL
;
304 CACHE_LOCK(client
->ctx
);
305 line
= print_fmt(buf
, sizeof(buf
), "%i %i",
307 (cache_size
/ sizeof(file_cache_t
)) - cache_file_count());
312 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
313 line
= print_fmt(buf
, sizeof(buf
), "%i", g_slist_length(cn_thread_list
));
314 pth_mutex_release(&cn_mutex
);
320 case STATUS_KEEPALIVE
:
321 status
= "KEEPALIVE";
325 line
= N_("Waiting for lock");
329 return assuan_write_status(ctx
, status
, line
);
332 void send_status_all(status_msg_t which
)
336 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
338 for (t
= g_slist_length(cn_thread_list
), i
= 0; i
< t
; i
++) {
339 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
340 pth_msgport_t m
= pth_msgport_find(cn
->msg_name
);
343 pth_message_t
*msg
= g_malloc0(sizeof(pth_message_t
));
345 msg
->m_data
= (status_msg_t
*)which
;
346 pth_msgport_put(m
, msg
);
350 pth_mutex_release(&cn_mutex
);
353 static void xml_error_cb(void *data
, xmlErrorPtr e
)
355 struct client_s
*client
= data
;
358 * Keep the first reported error as the one to show in the error
359 * description. Reset in send_error().
361 if (client
->xml_error
)
364 xmlCopyError(e
, client
->xml_error
);
368 * This is called after a child_thread terminates. Set with
369 * pth_cleanup_push().
371 static void cleanup_cb(void *arg
)
373 struct client_thread_s
*cn
= arg
;
375 struct client_s
*cl
= cn
->cl
;
377 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
378 log_write(N_("exiting, fd=%i"), cn
->fd
);
379 pth_join(cn
->tid
, &value
);
381 if (cl
&& cl
->freed
== FALSE
)
382 cleanup_assuan(cl
->ctx
);
385 assuan_deinit_server(cl
->ctx
);
388 if (cl
&& cl
->pinentry
)
389 cleanup_pinentry(cl
->pinentry
);
393 gnutls_deinit(cn
->tls
->ses
);
400 g_free(cn
->msg_name
);
403 while (pth_msgport_pending(cn
->msg
) > 0) {
404 pth_message_t
*m
= pth_msgport_get(cn
->msg
);
409 pth_msgport_destroy(cn
->msg
);
412 cn_thread_list
= g_slist_remove(cn_thread_list
, cn
);
414 pth_mutex_release(&cn_mutex
);
415 send_status_all(STATUS_CLIENTS
);
418 static int read_hook(assuan_context_t ctx
, assuan_fd_t fd
, void *data
,
419 size_t len
, ssize_t
*ret
)
421 struct client_s
*cl
= assuan_get_pointer(ctx
);
423 if (!cl
|| !cl
->thd
->remote
)
424 *ret
= pth_read((int)fd
, data
, len
);
427 *ret
= gnutls_record_recv(cl
->thd
->tls
->ses
, data
, len
);
429 if (*ret
== GNUTLS_E_REHANDSHAKE
) {
430 *ret
= gnutls_rehandshake(cl
->thd
->tls
->ses
);
432 if (*ret
== GNUTLS_E_WARNING_ALERT_RECEIVED
||
433 *ret
== GNUTLS_A_NO_RENEGOTIATION
) {
434 log_write("%s", gnutls_strerror(*ret
));
438 if (*ret
!= GNUTLS_E_SUCCESS
) {
439 log_write("%s", gnutls_strerror(*ret
));
444 *ret
= gnutls_handshake(cl
->thd
->tls
->ses
);
446 if (*ret
!= GNUTLS_E_SUCCESS
) {
447 log_write("%s", gnutls_strerror(*ret
));
454 } while (*ret
== GNUTLS_E_INTERRUPTED
|| *ret
== GNUTLS_E_AGAIN
);
457 return *ret
<= 0 ? 0 : 1;
460 static int write_hook(assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
461 size_t len
, ssize_t
*ret
)
463 struct client_s
*cl
= assuan_get_pointer(ctx
);
465 if (!cl
|| !cl
->thd
->remote
)
466 *ret
= pth_write((int)fd
, data
, len
);
469 *ret
= gnutls_record_send(cl
->thd
->tls
->ses
, data
, len
);
470 } while (*ret
== GNUTLS_E_INTERRUPTED
|| *ret
== GNUTLS_E_AGAIN
);
473 return *ret
<= 0 ? 0 : 1;
477 * Called every time a connection is made via pth_spawn(). This is the thread
480 static void *client_thread(void *data
)
482 struct client_thread_s
*thd
= data
;
484 pth_event_t ev
, msg_ev
;
485 struct client_s
*cl
= g_malloc0(sizeof(struct client_s
));
489 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
495 pth_cleanup_push(cleanup_cb
, thd
);
498 * Do the TLS handshake before anything else.
501 thd
->tls
= tls_init(fd
);
508 * This is a "child" thread. Don't catch any signals. Let the master
509 * thread take care of signals in accept_thread().
511 if (new_connection(cl
))
515 cl
->pinentry
= pinentry_init();
519 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
524 thd
->msg_name
= g_strdup_printf("%p", thd
->tid
);
526 if (!thd
->msg_name
) {
527 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
531 thd
->msg
= pth_msgport_create(thd
->msg_name
);
534 log_write("%s(%i): %s", __FILE__
, __LINE__
, strerror(ENOMEM
));
539 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
540 log_write("mlockall(): %s", strerror(errno
));
545 rc
= send_status(cl
->ctx
, STATUS_CACHE
);
548 log_write("%s", gpg_strerror(rc
));
552 send_status_all(STATUS_CLIENTS
);
553 ev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
, cl
->thd
->fd
);
554 msg_ev
= pth_event(PTH_EVENT_MSG
, thd
->msg
);
555 pth_event_concat(ev
, msg_ev
, NULL
);
558 xmlSetStructuredErrorFunc(cl
, xml_error_cb
);
561 pth_status_t ev_status
;
564 pth_event_isolate(ev
);
565 pth_event_isolate(msg_ev
);
566 ev_status
= pth_event_status(msg_ev
);
568 if (ev_status
== PTH_STATUS_FAILED
)
569 log_write("%s(%i): %s: PTH_STATUS_FAILED", __FILE__
, __LINE__
,
571 else if (ev_status
== PTH_STATUS_OCCURRED
) {
572 while (pth_msgport_pending(thd
->msg
) > 0) {
573 pth_message_t
*m
= pth_msgport_get(thd
->msg
);
574 status_msg_t n
= (status_msg_t
)m
->m_data
;
576 rc
= send_status(cl
->ctx
, n
);
580 log_write("%s", gpg_strerror(rc
));
586 ev_status
= pth_event_status(ev
);
587 pth_event_concat(ev
, msg_ev
, NULL
);
589 if (ev_status
== PTH_STATUS_FAILED
) {
590 log_write("%s(%i): %s: PTH_STATUS_FAILED", __FILE__
, __LINE__
,
594 else if (ev_status
== PTH_STATUS_OCCURRED
) {
595 rc
= assuan_process_next(cl
->ctx
);
598 cl
->inquire_status
= INQUIRE_INIT
;
600 if (gpg_err_code(rc
) == GPG_ERR_EOF
)
603 log_write("assuan_process_next(): %s", gpg_strerror(rc
));
604 rc
= send_error(cl
->ctx
, gpg_err_make(PWMD_ERR_SOURCE
, rc
));
607 log_write("assuan_process_done(): %s", gpg_strerror(rc
));
613 if (cl
->pinentry
->pid
&& cl
->pinentry
->status
== PINENTRY_INIT
) {
614 cl
->pinentry
->ev
= pth_event(PTH_EVENT_FD
|PTH_UNTIL_FD_READABLE
, cl
->pinentry
->fd
);
615 pth_event_concat(ev
, cl
->pinentry
->ev
, NULL
);
616 cl
->pinentry
->status
= PINENTRY_RUNNING
;
620 switch (cl
->inquire_status
) {
625 cl
->inquire_status
= INQUIRE_INIT
;
626 rc
= assuan_process_done(cl
->ctx
, 0);
633 ev
= pinentry_iterate(cl
, ev
);
638 * Client cleanup (including XML data) is done in cleanup_cb() from
639 * the cleanup thread.
642 pth_event_free(ev
, PTH_FREE_ALL
);
649 static void setup_logging(GKeyFile
*kf
)
651 gboolean n
= g_key_file_get_boolean(kf
, "global", "enable_logging", NULL
);
654 gchar
*p
= g_key_file_get_string(kf
, "global", "log_path", NULL
);
660 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
666 logfile
= g_strdup(buf
);
676 log_syslog
= g_key_file_get_boolean(kf
, "global", "syslog", NULL
);
680 * Make sure all settings are set to either the specified setting or a
683 static void set_rcfile_defaults(GKeyFile
*kf
)
687 if (g_key_file_has_key(kf
, "global", "socket_path", NULL
) == FALSE
) {
688 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/socket");
689 g_key_file_set_string(kf
, "global", "socket_path", buf
);
692 if (g_key_file_has_key(kf
, "global", "data_directory", NULL
) == FALSE
) {
693 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/data");
694 g_key_file_set_string(kf
, "global", "data_directory", buf
);
697 if (g_key_file_has_key(kf
, "global", "backup", NULL
) == FALSE
)
698 g_key_file_set_boolean(kf
, "global", "backup", TRUE
);
700 if (g_key_file_has_key(kf
, "global", "log_path", NULL
) == FALSE
) {
701 g_snprintf(buf
, sizeof(buf
), "~/.pwmd/log");
702 g_key_file_set_string(kf
, "global", "log_path", buf
);
705 if (g_key_file_has_key(kf
, "global", "enable_logging", NULL
) == FALSE
)
706 g_key_file_set_boolean(kf
, "global", "enable_logging", FALSE
);
708 if (g_key_file_has_key(kf
, "global", "cache_size", NULL
) == FALSE
)
709 g_key_file_set_integer(kf
, "global", "cache_size", cache_size
);
712 if (g_key_file_has_key(kf
, "global", "disable_mlockall", NULL
) == FALSE
)
713 g_key_file_set_boolean(kf
, "global", "disable_mlockall", TRUE
);
716 if (g_key_file_has_key(kf
, "global", "cache_timeout", NULL
) == FALSE
)
717 g_key_file_set_integer(kf
, "global", "cache_timeout", -1);
719 if (g_key_file_has_key(kf
, "global", "iterations", NULL
) == FALSE
)
720 g_key_file_set_integer(kf
, "global", "iterations", 0);
722 if (g_key_file_has_key(kf
, "global", "disable_list_and_dump", NULL
) == FALSE
)
723 g_key_file_set_boolean(kf
, "global", "disable_list_and_dump", FALSE
);
725 if (g_key_file_has_key(kf
, "global", "iteration_progress", NULL
) == FALSE
)
726 g_key_file_set_integer(kf
, "global", "iteration_progress", 0);
728 if (g_key_file_has_key(kf
, "global", "compression_level", NULL
) == FALSE
)
729 g_key_file_set_integer(kf
, "global", "compression_level", 6);
731 if (g_key_file_has_key(kf
, "global", "recursion_depth", NULL
) == FALSE
)
732 g_key_file_set_integer(kf
, "global", "recursion_depth", DEFAULT_RECURSION_DEPTH
);
734 if (g_key_file_has_key(kf
, "global", "zlib_bufsize", NULL
) == FALSE
)
735 g_key_file_set_integer(kf
, "global", "zlib_bufsize", DEFAULT_ZLIB_BUFSIZE
);
737 zlib_bufsize
= (uInt
)g_key_file_get_integer(kf
, "global", "zlib_bufsize", NULL
);
739 max_recursion_depth
= g_key_file_get_integer(kf
, "global", "recursion_depth", NULL
);
740 disable_list_and_dump
= g_key_file_get_boolean(kf
, "global", "disable_list_and_dump", NULL
);
743 disable_mlock
= g_key_file_get_boolean(kf
, "global", "disable_mlockall", NULL
);
746 if (g_key_file_has_key(kf
, "global", "syslog", NULL
) == FALSE
)
747 g_key_file_set_boolean(kf
, "global", "syslog", FALSE
);
749 if (g_key_file_has_key(kf
, "global", "keepalive", NULL
) == FALSE
)
750 g_key_file_set_integer(kf
, "global", "keepalive", 30);
753 if (g_key_file_has_key(kf
, "global", "enable_pinentry", NULL
) == FALSE
)
754 g_key_file_set_boolean(kf
, "global", "enable_pinentry", TRUE
);
756 if (g_key_file_has_key(kf
, "global", "pinentry_timeout", NULL
) == FALSE
)
757 g_key_file_set_integer(kf
, "global", "pinentry_timeout", 20);
760 if (g_key_file_has_key(kf
, "global", "tcp_port", NULL
) == FALSE
)
761 g_key_file_set_integer(kf
, "global", "tcp_port", 6466);
763 if (g_key_file_has_key(kf
, "global", "enable_tcp", NULL
) == FALSE
)
764 g_key_file_set_boolean(kf
, "global", "enable_tcp", FALSE
);
769 static GKeyFile
*parse_rcfile(int cmdline
)
771 GKeyFile
*kf
= g_key_file_new();
774 if (g_key_file_load_from_file(kf
, rcfile
, G_KEY_FILE_NONE
, &rc
) == FALSE
) {
775 log_write("%s: %s", rcfile
, rc
->message
);
780 if (rc
->code
== G_FILE_ERROR_NOENT
) {
782 set_rcfile_defaults(kf
);
790 set_rcfile_defaults(kf
);
795 static gchar
*get_password(const gchar
*prompt
)
797 gchar buf
[LINE_MAX
] = {0}, *p
;
798 struct termios told
, tnew
;
801 if (tcgetattr(STDIN_FILENO
, &told
) == -1)
802 err(EXIT_FAILURE
, "tcgetattr()");
804 memcpy(&tnew
, &told
, sizeof(struct termios
));
805 tnew
.c_lflag
&= ~(ECHO
);
806 tnew
.c_lflag
|= ICANON
|ECHONL
;
808 if (tcsetattr(STDIN_FILENO
, TCSANOW
, &tnew
) == -1) {
809 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
810 err(EXIT_FAILURE
, "tcsetattr()");
813 fprintf(stderr
, "%s", prompt
);
815 if ((p
= fgets(buf
, sizeof(buf
), stdin
)) == NULL
) {
816 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
820 tcsetattr(STDIN_FILENO
, TCSANOW
, &told
);
821 p
[strlen(p
) - 1] = 0;
824 key
= gcry_malloc(1);
828 key
= gcry_malloc(strlen(p
) + 1);
829 sprintf(key
, "%s", p
);
832 memset(&buf
, 0, sizeof(buf
));
836 static gboolean
do_try_xml_decrypt(const gchar
*filename
, guchar
*key
)
843 if ((fd
= open_file(filename
, &st
)) == -1) {
844 warn("%s", filename
);
848 if (st
.st_size
== 0) {
849 warnx(N_("%s: skipping empty file"), filename
);
854 rc
= try_xml_decrypt(NULL
, fd
, st
, key
, &iter
);
856 return rc
? FALSE
: TRUE
;
859 static gboolean
get_input(const gchar
*filename
, guchar
*key
)
865 prompt
= g_strdup_printf(N_("Password for '%s': "), filename
);
868 if ((password
= get_password(prompt
)) == NULL
) {
869 warnx(N_("%s: skipping file"), filename
);
874 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, password
, strlen(password
) ? strlen(password
) : 1);
877 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
879 warnx(N_("%s: invalid password, skipping"), filename
);
884 warnx(N_("%s: invalid password"), filename
);
893 static gboolean
xml_import(const gchar
*filename
, gint iter
)
903 guchar shakey
[gcrykeysize
];
911 if (stat(filename
, &st
) == -1) {
912 warn("%s", filename
);
916 if ((rc
= gcry_cipher_open(&gh
, GCRY_CIPHER_AES256
, GCRY_CIPHER_MODE_CBC
, 0))) {
917 send_error(NULL
, rc
);
918 gcry_cipher_close(gh
);
919 log_write("%s(%i): %s", __FUNCTION__
, __LINE__
, gcry_strerror(rc
));
926 if ((key
= get_password(N_("New password: "))) == NULL
) {
927 fprintf(stderr
, "%s\n", N_("Invalid password."));
928 gcry_cipher_close(gh
);
932 if ((key2
= get_password(N_("Verify password: "))) == NULL
) {
933 fprintf(stderr
, "%s\n", N_("Passwords do not match."));
935 gcry_cipher_close(gh
);
939 if (g_utf8_collate(key
, key2
) != 0) {
940 fprintf(stderr
, "%s\n", N_("Passwords do not match."));
943 gcry_cipher_close(gh
);
950 if ((fd
= open(filename
, O_RDONLY
)) == -1) {
952 warn("%s", filename
);
953 gcry_cipher_close(gh
);
957 if ((xmlbuf
= gcry_malloc(st
.st_size
+1)) == NULL
) {
960 log_write("%s", strerror(ENOMEM
));
961 gcry_cipher_close(gh
);
965 if (read(fd
, xmlbuf
, st
.st_size
) == -1) {
969 gcry_cipher_close(gh
);
971 err(EXIT_FAILURE
, "read()");
975 xmlbuf
[st
.st_size
] = 0;
978 * Make sure the document validates.
980 if ((doc
= xmlReadDoc(xmlbuf
, NULL
, "UTF-8", XML_PARSE_NOBLANKS
)) == NULL
) {
981 log_write("xmlReadDoc()");
985 gcry_cipher_close(gh
);
990 xmlDocDumpMemory(doc
, &xml
, &len
);
993 level
= get_key_file_integer(filename
, "compression_level");
998 if (do_compress(NULL
, level
, xml
, len
, &outbuf
, &outsize
, &zrc
) == FALSE
) {
999 memset(shakey
, 0, sizeof(shakey
));
1002 if (zrc
== Z_MEM_ERROR
)
1003 warnx("%s", strerror(ENOMEM
));
1005 warnx("do_compress() failed");
1007 gcry_cipher_close(gh
);
1017 memset(shakey
, '!', sizeof(shakey
));
1019 gcry_md_hash_buffer(GCRY_MD_SHA256
, shakey
, key
, strlen(key
) ? strlen(key
) : 1);
1023 rc
= do_xml_encrypt(NULL
, gh
, NULL
, xml
, len
, shakey
, iter
);
1024 gcry_cipher_close(gh
);
1027 memset(shakey
, 0, sizeof(shakey
));
1028 warnx("%s", gpg_strerror(rc
));
1032 memset(shakey
, 0, sizeof(shakey
));
1036 gchar
*get_key_file_string(const gchar
*section
, const gchar
*what
)
1041 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
1042 val
= g_key_file_get_string(keyfileh
, section
, what
, &grc
);
1045 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1046 g_clear_error(&grc
);
1050 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1051 val
= g_key_file_get_string(keyfileh
, "global", what
, &grc
);
1054 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1055 g_clear_error(&grc
);
1063 gint
get_key_file_integer(const gchar
*section
, const gchar
*what
)
1068 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
1069 val
= g_key_file_get_integer(keyfileh
, section
, what
, &grc
);
1072 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1073 g_clear_error(&grc
);
1077 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1078 val
= g_key_file_get_integer(keyfileh
, "global", what
, &grc
);
1081 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1082 g_clear_error(&grc
);
1090 gboolean
get_key_file_boolean(const gchar
*section
, const gchar
*what
)
1092 gboolean val
= FALSE
;
1095 if (g_key_file_has_key(keyfileh
, section
, what
, NULL
) == TRUE
) {
1096 val
= g_key_file_get_boolean(keyfileh
, section
, what
, &grc
);
1099 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1100 g_clear_error(&grc
);
1104 if (g_key_file_has_key(keyfileh
, "global", what
, NULL
) == TRUE
) {
1105 val
= g_key_file_get_boolean(keyfileh
, "global", what
, &grc
);
1108 log_write("%s(%i): %s", __FILE__
, __LINE__
, grc
->message
);
1109 g_clear_error(&grc
);
1117 static gboolean
_getline(const gchar
*file
, gchar
**result
)
1120 gchar buf
[LINE_MAX
] = {0}, *p
;
1124 if ((fp
= fopen(file
, "r")) == NULL
) {
1129 p
= fgets(buf
, sizeof(buf
), fp
);
1133 if (len
&& buf
[len
- 1] == '\n')
1136 str
= gcry_malloc(len
+ 1);
1137 memcpy(str
, buf
, len
? len
: 1);
1139 memset(&buf
, 0, sizeof(buf
));
1144 static gboolean
parse_keyfile_key()
1151 groups
= g_key_file_get_groups(keyfileh
, &n
);
1153 for (p
= groups
; *p
; p
++) {
1156 if (g_key_file_has_key(keyfileh
, *p
, "key", &rc
) == TRUE
) {
1157 str
= g_key_file_get_string(keyfileh
, *p
, "key", &rc
);
1161 warnx("%s", rc
->message
);
1168 do_cache_push(*p
, str
);
1174 warnx("%s", rc
->message
);
1179 if (g_key_file_has_key(keyfileh
, *p
, "key_file", &rc
) == TRUE
) {
1181 gchar
*file
= g_key_file_get_string(keyfileh
, *p
, "key_file", &rc
);
1185 warnx("%s", rc
->message
);
1192 t
= expand_homedir(file
);
1196 if (_getline(file
, &str
) == FALSE
) {
1202 do_cache_push(*p
, str
);
1208 warnx("%s", rc
->message
);
1217 static gboolean
do_cache_push(const gchar
*filename
, const gchar
*password
)
1222 const gchar
*p
= filename
;
1223 file_header_t file_header
;
1232 if (valid_filename(p
) == FALSE
) {
1233 warnx(N_("%s: invalid characters in filename"), p
);
1237 md5file
= gcry_malloc(16);
1238 key
= gcry_malloc(gcrykeysize
);
1239 gcry_md_hash_buffer(GCRY_MD_MD5
, md5file
, p
, strlen(p
));
1241 if (cache_iscached(md5file
) == TRUE
) {
1242 warnx(N_("%s: file already cached, skipping"), p
);
1248 if (access(p
, R_OK
|W_OK
) != 0) {
1252 if (errno
!= ENOENT
) {
1261 rc
= read_file_header(filename
, &file_header
);
1266 warnx("%s", pwmd_strerror(rc
));
1270 if (file_header
.iter
== -1) {
1271 memset(key
, '!', gcrykeysize
);
1276 #ifdef WITH_PINENTRY
1277 if (g_key_file_get_boolean(keyfileh
, "global", "enable_pinentry", NULL
) == FALSE
) {
1279 if (get_input(p
, key
) == FALSE
) {
1284 #ifdef WITH_PINENTRY
1287 gchar
*result
= NULL
;
1288 struct pinentry_s
*pin
= g_malloc0(sizeof(struct pinentry_s
));
1291 set_pinentry_defaults(pin
);
1292 pin
->which
= PINENTRY_OPEN
;
1293 pin
->filename
= g_strdup(filename
);
1295 rc
= pinentry_getpin(pin
, &result
);
1298 warnx("%s: %s", filename
, gpg_strerror(rc
));
1299 cleanup_pinentry(pin
);
1306 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, result
, strlen(result
) ? strlen(result
) : 1);
1309 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
1311 cleanup_pinentry(pin
);
1314 warnx(N_("%s: invalid password, skipping"), filename
);
1319 pin
->title
= g_strdup(N_("Incorrect password. Please try again."));
1324 cleanup_pinentry(pin
);
1329 gcry_md_hash_buffer(GCRY_MD_SHA256
, key
, password
, strlen(password
) ? strlen(password
) : 1);
1332 if (do_try_xml_decrypt(filename
, key
) == FALSE
) {
1333 warnx(N_("%s: invalid password, skipping"), filename
);
1340 if (cache_add_file(md5file
, key
) == FALSE
) {
1341 warnx("%s: %s", p
, pwmd_strerror(EPWMD_MAX_SLOTS
));
1347 timeout
= get_key_file_integer(p
, "cache_timeout");
1348 cache_set_timeout(md5file
, timeout
);
1349 warnx(N_("%s: file added to the cache"), filename
);
1355 static void init_new_connection(gint fd
, gchar
*addr
)
1359 struct client_thread_s
*new;
1362 new = g_malloc0(sizeof(struct client_thread_s
));
1365 log_write("%s", strerror(ENOMEM
));
1370 * Thread priority is inherited from the calling thread. This
1371 * thread is PTH_PRIO_MAX. Keep the "child" threads at standard
1374 pth_mutex_acquire(&cn_mutex
, FALSE
, NULL
);
1380 attr
= pth_attr_new();
1381 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_STD
);
1382 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1383 tid
= pth_spawn(attr
, client_thread
, new);
1384 pth_attr_destroy(attr
);
1388 log_write(N_("pth_spawn() failed"));
1389 pth_mutex_release(&cn_mutex
);
1393 g_snprintf(buf
, sizeof(buf
), "%p", tid
);
1396 log_write(N_("new tid=%s, fd=%i, addr=%s"), buf
, fd
, addr
);
1398 log_write(N_("new tid=%s, fd=%i"), buf
, fd
);
1400 attr
= pth_attr_of(tid
);
1401 pth_attr_set(attr
, PTH_ATTR_NAME
, buf
);
1402 pth_attr_destroy(attr
);
1404 cn_thread_list
= g_slist_append(cn_thread_list
, new);
1405 pth_mutex_release(&cn_mutex
);
1408 static void *tcp_accept_thread(void *arg
)
1410 gint sockfd
= (gint
)arg
;
1413 struct sockaddr_in raddr
;
1414 socklen_t slen
= sizeof(raddr
);
1417 if ((fd
= pth_accept(sockfd
, (struct sockaddr
*)&raddr
, &slen
)) == -1) {
1418 if (errno
!= EAGAIN
) {
1419 if (!quit
) // probably EBADF
1420 log_write("accept(): %s", strerror(errno
));
1427 init_new_connection(fd
, inet_ntoa(raddr
.sin_addr
));
1430 /* Just in case pth_accept() failed for some reason other than EBADF */
1432 pth_exit(PTH_CANCELED
);
1436 static void *accept_thread(void *arg
)
1438 gint sockfd
= (gint
)arg
;
1441 socklen_t slen
= sizeof(struct sockaddr_un
);
1442 struct sockaddr_un raddr
;
1445 if ((fd
= pth_accept(sockfd
, (struct sockaddr
*)&raddr
, &slen
)) == -1) {
1446 if (errno
!= EAGAIN
) {
1447 if (!quit
) // probably EBADF
1448 log_write("accept(): %s", strerror(errno
));
1455 init_new_connection(fd
, NULL
);
1458 /* Just in case pth_accept() failed for some reason other than EBADF */
1460 pth_exit(PTH_CANCELED
);
1465 * This thread isn't joinable. For operations that block, these threads will
1468 static void *adjust_timer_thread(void *arg
)
1471 cache_adjust_timer();
1476 static pth_event_t
timeout_event_iterate(pth_event_t timeout_ev
,
1479 pth_status_t ev_status
;
1483 pth_event_isolate(timeout_ev
);
1484 ev_status
= pth_event_status(timeout_ev
);
1485 pth_event_free(timeout_ev
, PTH_FREE_THIS
);
1487 if (ev_status
== PTH_STATUS_OCCURRED
) {
1489 * The timer event has expired. Update the file cache. When the
1490 * cache mutex is locked and the timer expires again, the threads
1493 pth_spawn(attr
, adjust_timer_thread
, NULL
);
1497 return pth_event(PTH_EVENT_TIME
, pth_timeout(1, 0));
1500 static pth_event_t
keepalive_event_iterate(pth_event_t keepalive_ev
,
1503 pth_event_t ev
= NULL
;
1504 pth_status_t ev_status
;
1507 pth_event_isolate(keepalive_ev
);
1508 ev_status
= pth_event_status(keepalive_ev
);
1510 if (ev_status
== PTH_STATUS_OCCURRED
|| ev_status
== PTH_STATUS_FAILED
) {
1511 if (ev_status
== PTH_STATUS_OCCURRED
)
1512 send_status_all(STATUS_KEEPALIVE
);
1514 pth_event_free(keepalive_ev
, PTH_FREE_THIS
);
1520 if (keepalive
> 0 && !ev
)
1521 ev
= pth_event(PTH_EVENT_TIME
, pth_timeout(keepalive
, 0));
1526 static void server_loop(gint sockfd
, gint sockfd_r
, gchar
**socketpath
)
1528 pth_t accept_tid
, tcp_accept_tid
;
1533 pth_event_t timeout_ev
, keepalive_ev
= NULL
, ev_quit
;
1534 gint keepalive
= get_key_file_integer("global", "keepalive");
1536 pth_status_t ev_status
;
1538 pth_mutex_init(&cn_mutex
);
1539 log_write(N_("%s started for user %s"), PACKAGE_STRING
, g_get_user_name());
1542 sigaddset(&set
, SIGTERM
);
1543 sigaddset(&set
, SIGINT
);
1544 sigaddset(&set
, SIGUSR1
);
1545 sigaddset(&set
, SIGHUP
);
1546 sigaddset(&set
, SIGABRT
);
1548 attr
= pth_attr_new();
1549 pth_attr_init(attr
);
1550 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_MAX
);
1551 pth_attr_set(attr
, PTH_ATTR_NAME
, "accept");
1552 accept_tid
= pth_spawn(attr
, accept_thread
, (void *)sockfd
);
1555 tcp_accept_tid
= pth_spawn(attr
, tcp_accept_thread
, (void *)sockfd_r
);
1557 pth_attr_init(attr
);
1558 pth_attr_set(attr
, PTH_ATTR_JOINABLE
, FALSE
);
1559 pth_attr_set(attr
, PTH_ATTR_PRIO
, PTH_PRIO_MAX
);
1562 * For the cache_timeout configuration parameter.
1564 timeout_ev
= timeout_event_iterate(NULL
, attr
);
1565 keepalive_ev
= keepalive_event_iterate(NULL
, keepalive
);
1566 timeout_ev
= pth_event_concat(timeout_ev
, keepalive_ev
, NULL
);
1571 pth_sigwait_ev(&set
, &sig
, timeout_ev
);
1572 timeout_ev
= timeout_event_iterate(timeout_ev
, attr
);
1573 keepalive_ev
= keepalive_event_iterate(keepalive_ev
, keepalive
);
1574 timeout_ev
= pth_event_concat(timeout_ev
, keepalive_ev
, NULL
);
1577 log_write(N_("caught signal %i (%s)"), sig
, strsignal(sig
));
1579 /* Caught a signal. */
1583 keepalive
= get_key_file_integer("global", "keepalive");
1587 cache_clear(NULL
, 2);
1595 log_write(N_("clearing file cache"));
1596 cache_clear(NULL
, 2);
1601 shutdown(sockfd
, SHUT_RDWR
);
1604 if (sockfd_r
!= -1) {
1605 shutdown(sockfd_r
, SHUT_RDWR
);
1614 * We're out of the main server loop. This happens when a signal was sent
1615 * to terminate the daemon. We'll wait for all clients to disconnect
1616 * before exiting and ignore any following signals.
1618 pth_join(accept_tid
, &value
);
1621 pth_join(tcp_accept_tid
, &value
);
1623 n
= pth_ctrl(PTH_CTRL_GETTHREADS
);
1624 unlink(*socketpath
);
1625 g_free(*socketpath
);
1629 log_write(N_("waiting for all threads to terminate"));
1631 ev_quit
= pth_event(PTH_EVENT_TIME
, pth_timeout(0, 500000));
1634 if (n
!= n_clients
) {
1635 log_write(N_("%i threads remain"), n
-1);
1640 pth_event_isolate(ev_quit
);
1641 timeout_ev
= timeout_event_iterate(timeout_ev
, attr
);
1642 keepalive_ev
= keepalive_event_iterate(keepalive_ev
, keepalive
);
1643 ev_quit
= pth_event_concat(ev_quit
, timeout_ev
, keepalive_ev
, NULL
);
1644 n
= pth_ctrl(PTH_CTRL_GETTHREADS
);
1647 pth_event_free(timeout_ev
, PTH_FREE_THIS
);
1648 pth_event_free(keepalive_ev
, PTH_FREE_THIS
);
1649 pth_event_free(ev_quit
, PTH_FREE_THIS
);
1650 pth_attr_destroy(attr
);
1654 * Called from pinentry_fork() in the child process.
1656 void free_client_list()
1658 gint i
, t
= g_slist_length(cn_thread_list
);
1660 for (i
= 0; i
< t
; i
++) {
1661 struct client_thread_s
*cn
= g_slist_nth_data(cn_thread_list
, i
);
1663 free_client(cn
->cl
);
1666 memset(key_cache
, 0, cache_size
);
1669 int main(int argc
, char *argv
[])
1672 struct sockaddr_un addr
;
1673 struct sockaddr_in my_addr
;
1674 struct passwd
*pw
= getpwuid(getuid());
1675 gchar buf
[PATH_MAX
];
1676 gchar
*socketpath
= NULL
, *socketdir
, *socketname
= NULL
;
1677 gchar
*socketarg
= NULL
;
1678 gchar
*datadir
= NULL
;
1681 gchar
**cache_push
= NULL
;
1683 gchar
*import
= NULL
;
1684 gint cmd_iterations
= -1;
1685 gint default_timeout
;
1686 gint rcfile_spec
= 0;
1687 gint estatus
= EXIT_FAILURE
;
1688 gint sockfd
, sockfd_r
= -1;
1690 GMemVTable mtable
= { xmalloc
, xrealloc
, xfree
, xcalloc
, NULL
, NULL
};
1693 gboolean secure
= FALSE
;
1695 gint background
= 1;
1697 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
1700 #ifdef HAVE_SETRLIMIT
1703 rl
.rlim_cur
= rl
.rlim_max
= 0;
1705 if (setrlimit(RLIMIT_CORE
, &rl
) != 0)
1706 err(EXIT_FAILURE
, "setrlimit()");
1712 setlocale(LC_ALL
, "");
1713 bindtextdomain("pwmd", LOCALEDIR
);
1718 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
1720 g_mem_set_vtable(&mtable
);
1721 assuan_set_malloc_hooks(xmalloc
, xrealloc
, xfree
);
1722 xmlMemSetup(xfree
, xmalloc
, xrealloc
, xstrdup
);
1724 gnutls_global_set_mem_functions(xmalloc
, xmalloc
, gcry_SecureCheck
,
1727 gcry_control(GCRYCTL_SET_THREAD_CBS
, &gcry_threads_pth
);
1728 gnutls_global_init();
1729 gnutls_global_set_log_function(tls_log
);
1730 gnutls_global_set_log_level(1);
1732 assuan_set_io_hooks(&io_hooks
);
1733 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd", pw
->pw_dir
);
1735 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
1736 err(EXIT_FAILURE
, "%s", buf
);
1738 g_snprintf(buf
, sizeof(buf
), "%s/.pwmd/data", pw
->pw_dir
);
1740 if (mkdir(buf
, 0700) == -1 && errno
!= EEXIST
)
1741 err(EXIT_FAILURE
, "%s", buf
);
1743 rcfile
= g_strdup_printf("%s/.pwmd/config", pw
->pw_dir
);
1745 if ((page_size
= sysconf(_SC_PAGESIZE
)) == -1)
1746 err(EXIT_FAILURE
, "sysconf()");
1748 cache_size
= page_size
;
1750 while ((opt
= getopt(argc
, argv
, "bnI:i:hvf:D")) != EOF
) {
1753 /* Compatibility for version < 1.11 */
1765 cmd_iterations
= atoi(optarg
);
1769 rcfile
= g_strdup(optarg
);
1773 printf("%s\n%s\n", PACKAGE_STRING
, PACKAGE_BUGREPORT
);
1781 if ((keyfileh
= parse_rcfile(rcfile_spec
)) == NULL
)
1784 if (g_key_file_has_key(keyfileh
, "global", "syslog", NULL
) == TRUE
)
1785 log_syslog
= g_key_file_get_boolean(keyfileh
, "global", "syslog", NULL
);
1787 if (log_syslog
== TRUE
)
1788 openlog("pwmd", LOG_NDELAY
|LOG_PID
, LOG_DAEMON
);
1790 if (g_key_file_has_key(keyfileh
, "global", "priority", NULL
)) {
1791 iter
= g_key_file_get_integer(keyfileh
, "global", "priority", NULL
);
1794 if (setpriority(PRIO_PROCESS
, 0, iter
) == -1) {
1795 warn("setpriority()");
1800 if (g_key_file_has_key(keyfileh
, "global", "iterations", NULL
) == TRUE
)
1801 iter
= g_key_file_get_integer(keyfileh
, "global", "iterations", NULL
);
1803 #ifdef HAVE_MLOCKALL
1804 if (disable_mlock
== FALSE
&& mlockall(MCL_FUTURE
) == -1) {
1813 opt
= xml_import(import
, cmd_iterations
< -1 ? iter
: cmd_iterations
);
1814 g_key_file_free(keyfileh
);
1816 exit(opt
== FALSE
? EXIT_FAILURE
: EXIT_SUCCESS
);
1819 g_key_file_set_list_separator(keyfileh
, ',');
1821 if ((p
= g_key_file_get_string(keyfileh
, "global", "socket_path", NULL
)) == NULL
)
1822 errx(EXIT_FAILURE
, N_("%s: socket_path not defined"), rcfile
);
1826 g_snprintf(buf
, sizeof(buf
), "%s%s", g_get_home_dir(), p
--);
1828 socketarg
= g_strdup(buf
);
1833 if ((p
= g_key_file_get_string(keyfileh
, "global", "data_directory", NULL
)) == NULL
)
1834 errx(EXIT_FAILURE
, N_("%s: data_directory not defined"), rcfile
);
1836 datadir
= expand_homedir(p
);
1839 if (secure
== FALSE
&& g_key_file_has_key(keyfileh
, "global", "disable_list_and_dump", NULL
) == TRUE
) {
1840 n
= g_key_file_get_boolean(keyfileh
, "global", "disable_list_and_dump", NULL
);
1841 disable_list_and_dump
= n
;
1844 disable_list_and_dump
= secure
;
1846 if (g_key_file_has_key(keyfileh
, "global", "cache_timeout", NULL
) == TRUE
)
1847 default_timeout
= g_key_file_get_integer(keyfileh
, "global", "cache_timeout", NULL
);
1849 default_timeout
= -1;
1851 if (g_key_file_has_key(keyfileh
, "global", "cache_size", NULL
) == TRUE
) {
1852 cache_size
= g_key_file_get_integer(keyfileh
, "global", "cache_size", NULL
);
1854 if (cache_size
< page_size
|| cache_size
% page_size
)
1855 errx(EXIT_FAILURE
, N_("cache size must be in multiples of %li"), page_size
);
1858 setup_logging(keyfileh
);
1860 if (g_key_file_has_key(keyfileh
, "global", "cache_push", NULL
) == TRUE
)
1861 cache_push
= g_key_file_get_string_list(keyfileh
, "global", "cache_push", NULL
, NULL
);
1863 if (argc
!= optind
) {
1865 ptotal
= g_strv_length(cache_push
);
1867 for (; optind
< argc
; optind
++) {
1868 if (strv_printf(&cache_push
, "%s", argv
[optind
]) == FALSE
)
1869 errx(EXIT_FAILURE
, "%s", strerror(ENOMEM
));
1873 if (strchr(socketarg
, '/') == NULL
) {
1874 socketdir
= g_get_current_dir();
1875 socketname
= g_strdup(socketarg
);
1876 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
1879 socketname
= g_strdup(strrchr(socketarg
, '/'));
1881 socketarg
[strlen(socketarg
) - strlen(socketname
) -1] = 0;
1882 socketdir
= g_strdup(socketarg
);
1883 socketpath
= g_strdup_printf("%s/%s", socketdir
, socketname
);
1886 if ((key_cache
= mmap(NULL
, cache_size
, PROT_READ
|PROT_WRITE
,
1887 #ifdef MMAP_ANONYMOUS
1888 MAP_PRIVATE
|MAP_ANONYMOUS
, -1, 0)) == MAP_FAILED
) {
1890 MAP_PRIVATE
|MAP_ANON
, -1, 0)) == MAP_FAILED
) {
1892 err(EXIT_FAILURE
, "mmap()");
1895 if (mlock(key_cache
, cache_size
) == -1)
1896 log_write("mlock(): %s", strerror(errno
));
1898 memset(key_cache
, 0, cache_size
);
1900 if (chdir(datadir
)) {
1901 warn("%s", datadir
);
1906 if (parse_keyfile_key() == FALSE
)
1909 clear_errorfile_key();
1912 * Set the cache entry for a file. Prompts for the password.
1915 for (opt
= 0; cache_push
[opt
]; opt
++)
1916 do_cache_push(cache_push
[opt
], NULL
);
1918 g_strfreev(cache_push
);
1919 warnx(background
? N_("Done. Daemonizing...") : N_("Done. Waiting for connections..."));
1923 * bind() doesn't like the full pathname of the socket or any non alphanum
1924 * characters so change to the directory where the socket is wanted then
1925 * create it then change to datadir.
1927 if (chdir(socketdir
)) {
1928 warn("%s", socketdir
);
1934 if ((sockfd
= socket(PF_UNIX
, SOCK_STREAM
, 0)) == -1) {
1939 addr
.sun_family
= AF_UNIX
;
1940 g_snprintf(addr
.sun_path
, sizeof(addr
.sun_path
), "%s", socketname
);
1942 if (bind(sockfd
, (struct sockaddr
*)&addr
, sizeof(struct sockaddr
)) == -1) {
1945 if (errno
== EADDRINUSE
)
1946 warnx(N_("Either there is another pwmd running or '%s' is a \n"
1947 "stale socket. Please remove it manually."), socketpath
);
1953 if (g_key_file_has_key(keyfileh
, "global", "socket_perms", NULL
) == TRUE
) {
1954 gchar
*t
= g_key_file_get_string(keyfileh
, "global", "socket_perms", NULL
);
1955 mode_t mode
= strtol(t
, NULL
, 8);
1956 mode_t mask
= umask(0);
1960 if (chmod(socketname
, mode
) == -1) {
1961 warn("%s", socketname
);
1971 g_free(--socketname
);
1973 if (chdir(datadir
)) {
1974 warn("%s", datadir
);
1981 pth_mutex_init(&cache_mutex
);
1982 #ifdef WITH_PINENTRY
1983 pth_mutex_init(&pin_mutex
);
1986 if (listen(sockfd
, 0) == -1) {
1991 if (get_key_file_boolean("global", "enable_tcp")) {
1995 if ((sockfd_r
= socket(PF_INET
, SOCK_STREAM
, 0)) == -1) {
2000 my_addr
.sin_family
= PF_INET
;
2001 my_addr
.sin_port
= htons(get_key_file_integer("global", "tcp_port"));
2002 my_addr
.sin_addr
.s_addr
= INADDR_ANY
;
2003 memset(my_addr
.sin_zero
, 0, sizeof(my_addr
.sin_zero
));
2005 if (setsockopt(sockfd_r
, SOL_SOCKET
, SO_REUSEADDR
, &iter
, sizeof(int)) == -1) {
2010 if (g_key_file_has_key(keyfileh
, "global", "tcp_interface", NULL
)) {
2011 gchar
*tmp
= get_key_file_string("global", "tcp_interface");
2013 if (setsockopt(sockfd_r
, SOL_SOCKET
, SO_BINDTODEVICE
, tmp
, 1) == -1) {
2021 if (bind(sockfd_r
, (struct sockaddr
*)&my_addr
, sizeof(my_addr
)) == -1) {
2027 tmp
= expand_homedir("~/.pwmd/ca-cert.pem");
2030 warnx("%s", strerror(ENOMEM
));
2034 tmp2
= expand_homedir("~/.pwmd/ca-key.pem");
2038 warnx("%s", strerror(ENOMEM
));
2042 ret
= gnutls_certificate_allocate_credentials(&x509_cred
);
2044 if (ret
!= GNUTLS_E_SUCCESS
) {
2047 warnx("%s", gnutls_strerror(ret
));
2051 ret
= gnutls_certificate_set_x509_trust_file(x509_cred
, tmp
,
2052 GNUTLS_X509_FMT_PEM
);
2057 warnx("%s", gnutls_strerror(ret
));
2061 ret
= gnutls_certificate_set_x509_key_file (x509_cred
, tmp
, tmp2
,
2062 GNUTLS_X509_FMT_PEM
);
2066 if (ret
!= GNUTLS_E_SUCCESS
) {
2067 warnx("%s", gnutls_strerror(ret
));
2071 log_write("%s", N_("Generating random data ..."));
2072 ret
= gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM
, 0);
2075 warnx("%s", gpg_strerror(ret
));
2079 ret
= gnutls_dh_params_init(&dh_params
);
2081 if (ret
!= GNUTLS_E_SUCCESS
) {
2082 warnx("%s", gnutls_strerror(ret
));
2086 ret
= gnutls_dh_params_generate2(dh_params
, 1024);
2088 if (ret
!= GNUTLS_E_SUCCESS
) {
2089 warnx("%s", gnutls_strerror(ret
));
2093 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
2094 gnutls_certificate_set_params_function(x509_cred
, tls_get_params
);
2096 if (listen(sockfd_r
, 0) == -1) {
2119 * These are the signals that we use in threads. libpth can catch signals
2120 * itself so ignore them everywhere else. Note that using
2121 * signal(N, SIG_IGN) doesn't work like you might think.
2126 sigaddset(&set
, SIGTERM
);
2127 sigaddset(&set
, SIGINT
);
2129 /* Configuration file reloading. */
2130 sigaddset(&set
, SIGUSR1
);
2132 /* Clears the file cache. */
2133 sigaddset(&set
, SIGHUP
);
2135 /* Caught in client_thread(). Sends a cache status message. */
2136 sigaddset(&set
, SIGUSR2
);
2138 /* Ignored everywhere. When a client disconnects abnormally this signal
2139 * gets raised. It isn't needed though because client_thread() will check
2140 * for rcs even after the client disconnects. */
2141 signal(SIGPIPE
, SIG_IGN
);
2142 pth_sigmask(SIG_BLOCK
, &set
, NULL
);
2143 server_loop(sockfd
, sockfd_r
, &socketpath
);
2144 estatus
= EXIT_SUCCESS
;
2147 if (socketpath
&& do_unlink
) {
2152 if (sockfd_r
!= -1) {
2153 gnutls_dh_params_deinit(dh_params
);
2154 gnutls_certificate_free_credentials(x509_cred
);
2155 gnutls_global_deinit();
2158 g_key_file_free(keyfileh
);
2163 cache_clear(NULL
, 2);
2164 memset(key_cache
, 0, cache_size
);
2167 if (key_cache
&& munmap(key_cache
, cache_size
) == -1)
2168 log_write("munmap(): %s", strerror(errno
));
2170 if (estatus
== EXIT_SUCCESS
)
2171 log_write(N_("pwmd exiting normally"));
2174 #if defined(DEBUG) && !defined(MEM_DEBUG)