/* sh-cmd.c - The Assuan server for g13-syshelp * Copyright (C) 2015 Werner Koch * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include #include #include "g13-syshelp.h" #include #include "i18n.h" #include "keyblob.h" /* Local data for this server module. A pointer to this is stored in the CTRL object of each connection. */ struct server_local_s { /* The Assuan contect we are working on. */ assuan_context_t assuan_ctx; /* The malloced name of the device. */ char *devicename; /* A stream open for read of the device set by the DEVICE command or NULL if no DEVICE command has been used. */ estream_t devicefp; }; /* Local prototypes. */ /* Helper functions. */ /* Set an error and a description. */ #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) #define set_error_fail_cmd() set_error (GPG_ERR_NOT_INITIALIZED, \ "not called via userv or unknown user") /* Skip over options. Blanks after the options are also removed. */ static char * skip_options (const char *line) { while (spacep (line)) line++; while ( *line == '-' && line[1] == '-' ) { while (*line && !spacep (line)) line++; while (spacep (line)) line++; } return (char*)line; } /* Check whether the option NAME appears in LINE. */ /* static int */ /* has_option (const char *line, const char *name) */ /* { */ /* const char *s; */ /* int n = strlen (name); */ /* s = strstr (line, name); */ /* if (s && s >= skip_options (line)) */ /* return 0; */ /* return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); */ /* } */ /* Helper to print a message while leaving a command. */ static gpg_error_t leave_cmd (assuan_context_t ctx, gpg_error_t err) { if (err) { const char *name = assuan_get_command_name (ctx); if (!name) name = "?"; if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT) log_error ("command '%s' failed: %s\n", name, gpg_strerror (err)); else log_error ("command '%s' failed: %s <%s>\n", name, gpg_strerror (err), gpg_strsource (err)); } return err; } /* The handler for Assuan OPTION commands. */ static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; (void)ctrl; (void)key; (void)value; if (ctrl->fail_all_cmds) err = set_error_fail_cmd (); else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); return err; } /* The handler for an Assuan RESET command. */ static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; xfree (ctrl->server_local->devicename); ctrl->server_local->devicename = NULL; es_fclose (ctrl->server_local->devicefp); ctrl->server_local->devicefp = NULL; ctrl->devti = NULL; assuan_close_input_fd (ctx); assuan_close_output_fd (ctx); return 0; } static const char hlp_device[] = "DEVICE \n" "\n" "Set the device used by further commands.\n" "A device name or a PARTUUID string may be used.\n" "Access to that device (by the g13 system) is locked\n" "until a new DEVICE command or end of this process\n"; static gpg_error_t cmd_device (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; tab_item_t ti; estream_t fp = NULL; /* strcpy (line, "/dev/sdb1"); /\* FIXME *\/ */ line = skip_options (line); /* Always close an open device stream of this session. */ xfree (ctrl->server_local->devicename); ctrl->server_local->devicename = NULL; es_fclose (ctrl->server_local->devicefp); ctrl->server_local->devicefp = NULL; /* Are we allowed to use the given device? */ for (ti=ctrl->client.tab; ti; ti = ti->next) if (!strcmp (line, ti->blockdev)) break; if (!ti) { err = set_error (GPG_ERR_EACCES, "device not configured for user"); goto leave; } ctrl->server_local->devicename = xtrystrdup (line); if (!ctrl->server_local->devicename) { err = gpg_error_from_syserror (); goto leave; } /* Check whether we have permissions to open the device and keep an FD open. */ fp = es_fopen (ctrl->server_local->devicename, "rb"); if (!fp) { err = gpg_error_from_syserror (); log_error ("error opening '%s': %s\n", ctrl->server_local->devicename, gpg_strerror (err)); goto leave; } es_fclose (ctrl->server_local->devicefp); ctrl->server_local->devicefp = fp; fp = NULL; ctrl->devti = ti; /* Fixme: Take some kind of lock. */ leave: es_fclose (fp); if (err) { xfree (ctrl->server_local->devicename); ctrl->server_local->devicename = NULL; ctrl->devti = NULL; } return leave_cmd (ctx, err); } static const char hlp_create[] = "CREATE \n" "\n" "Create a new encrypted partition on the current device.\n" " must be \"dm-crypt\" for now."; static gpg_error_t cmd_create (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; line = skip_options (line); if (strcmp (line, "dm-crypt")) { err = set_error (GPG_ERR_INV_ARG, "Type must be \"dm-crypt\""); goto leave; } if (!ctrl->server_local->devicename || !ctrl->server_local->devicefp || !ctrl->devti) { err = set_error (GPG_ERR_ENOENT, "No device has been set"); goto leave; } err = sh_is_empty_partition (ctrl->server_local->devicename); if (err) { err = assuan_set_error (ctx, err, "Partition is not empty"); goto leave; } err = sh_dmcrypt_create_container (ctrl, ctrl->server_local->devicename, ctrl->server_local->devicefp); leave: return leave_cmd (ctx, err); } static const char hlp_getinfo[] = "GETINFO \n" "\n" "Multipurpose function to return a variety of information.\n" "Supported values for WHAT are:\n" "\n" " version - Return the version of the program.\n" " pid - Return the process id of the server.\n" " showtab - Show the table for the user."; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; char *buf; if (!strcmp (line, "version")) { const char *s = PACKAGE_VERSION; err = assuan_send_data (ctx, s, strlen (s)); } else if (!strcmp (line, "pid")) { char numbuf[50]; snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ()); err = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strncmp (line, "getsz", 5)) { unsigned long long nblocks; err = sh_blockdev_getsz (line+6, &nblocks); if (!err) log_debug ("getsz=%llu\n", nblocks); } else if (!strcmp (line, "showtab")) { tab_item_t ti; for (ti=ctrl->client.tab; !err && ti; ti = ti->next) { buf = es_bsprintf ("%s %s%s %s %s%s\n", ctrl->client.uname, *ti->blockdev=='/'? "":"partuuid=", ti->blockdev, ti->label? ti->label : "-", ti->mountpoint? " ":"", ti->mountpoint? ti->mountpoint:""); if (!buf) err = gpg_error_from_syserror (); else { err = assuan_send_data (ctx, buf, strlen (buf)); if (!err) err = assuan_send_data (ctx, NULL, 0); /* Flush */ } xfree (buf); } } else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return leave_cmd (ctx, err); } /* This command handler is used for all commands if this process has not been started as expected. */ static gpg_error_t fail_command (assuan_context_t ctx, char *line) { gpg_error_t err; const char *name = assuan_get_command_name (ctx); (void)line; if (!name) name = "?"; err = set_error_fail_cmd (); log_error ("command '%s' failed: %s\n", name, gpg_strerror (err)); return err; } /* Tell the Assuan library about our commands. */ static int register_commands (assuan_context_t ctx, int fail_all) { static struct { const char *name; assuan_handler_t handler; const char * const help; } table[] = { { "DEVICE", cmd_device, hlp_device }, { "CREATE", cmd_create, hlp_create }, { "INPUT", NULL }, { "OUTPUT", NULL }, { "GETINFO", cmd_getinfo, hlp_getinfo }, { NULL } }; gpg_error_t err; int i; for (i=0; table[i].name; i++) { err = assuan_register_command (ctx, table[i].name, fail_all ? fail_command : table[i].handler, table[i].help); if (err) return err; } return 0; } /* Startup the server. */ gpg_error_t syshelp_server (ctrl_t ctrl) { gpg_error_t err; assuan_fd_t filedes[2]; assuan_context_t ctx = NULL; /* We use a pipe based server so that we can work from scripts. assuan_init_pipe_server will automagically detect when we are called with a socketpair and ignore FILEDES in this case. */ filedes[0] = assuan_fdopen (0); filedes[1] = assuan_fdopen (1); err = assuan_new (&ctx); if (err) { log_error ("failed to allocate an Assuan context: %s\n", gpg_strerror (err)); goto leave; } err = assuan_init_pipe_server (ctx, filedes); if (err) { log_error ("failed to initialize the server: %s\n", gpg_strerror (err)); goto leave; } err = register_commands (ctx, 0 /*FIXME:ctrl->fail_all_cmds*/); if (err) { log_error ("failed to the register commands with Assuan: %s\n", gpg_strerror (err)); goto leave; } assuan_set_pointer (ctx, ctrl); { char *tmp = xtryasprintf ("G13-syshelp %s ready to serve requests " "from %lu(%s)", PACKAGE_VERSION, (unsigned long)ctrl->client.uid, ctrl->client.uname); if (tmp) { assuan_set_hello_line (ctx, tmp); xfree (tmp); } } assuan_register_reset_notify (ctx, reset_notify); assuan_register_option_handler (ctx, option_handler); ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local); if (!ctrl->server_local) { err = gpg_error_from_syserror (); goto leave; } ctrl->server_local->assuan_ctx = ctx; while ( !(err = assuan_accept (ctx)) ) { err = assuan_process (ctx); if (err) log_info ("Assuan processing failed: %s\n", gpg_strerror (err)); } if (err == -1) err = 0; else log_info ("Assuan accept problem: %s\n", gpg_strerror (err)); leave: reset_notify (ctx, NULL); /* Release all items hold by SERVER_LOCAL. */ if (ctrl->server_local) { xfree (ctrl->server_local); ctrl->server_local = NULL; } assuan_release (ctx); return err; } gpg_error_t sh_encrypt_keyblob (ctrl_t ctrl, const void *keyblob, size_t keybloblen, char **r_enckeyblob, size_t *r_enckeybloblen) { assuan_context_t ctx = ctrl->server_local->assuan_ctx; gpg_error_t err; unsigned char *enckeyblob; size_t enckeybloblen; *r_enckeyblob = NULL; /* Send the plaintext. */ err = g13_status (ctrl, STATUS_PLAINTEXT_FOLLOWS, NULL); if (err) return err; assuan_begin_confidential (ctx); err = assuan_send_data (ctx, keyblob, keybloblen); if (!err) err = assuan_send_data (ctx, NULL, 0); assuan_end_confidential (ctx); if (!err) err = assuan_write_line (ctx, "END"); if (err) { log_error (_("error sending data: %s\n"), gpg_strerror (err)); return err; } /* Inquire the ciphertext. */ err = assuan_inquire (ctx, "ENCKEYBLOB", &enckeyblob, &enckeybloblen, 16 * 1024); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); return err; } *r_enckeyblob = enckeyblob; *r_enckeybloblen = enckeybloblen; return 0; } /* Send a status line with status ID NO. The arguments are a list of strings terminated by a NULL argument. */ gpg_error_t g13_status (ctrl_t ctrl, int no, ...) { gpg_error_t err = 0; va_list arg_ptr; const char *text; va_start (arg_ptr, no); if (1) { assuan_context_t ctx = ctrl->server_local->assuan_ctx; char buf[950], *p; size_t n; p = buf; n = 0; while ( (text = va_arg (arg_ptr, const char *)) ) { if (n) { *p++ = ' '; n++; } for ( ; *text && n < DIM (buf)-2; n++) *p++ = *text++; } *p = 0; err = assuan_write_status (ctx, get_status_string (no), buf); } va_end (arg_ptr); return err; }