#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/fdflags.h>
+#include <mLib/macros.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#define F_SYSLOG 1u
#define F_FETCH 2u
+#define F_REPLACE 4u
/*----- Event logging -----------------------------------------------------*/
* Use: Writes out a timestamped log message.
*/
-static void pxlog(const char *p, ...)
+static void PRINTF_LIKE(1, 2) pxlog(const char *p, ...)
{
dstr d = DSTR_INIT;
va_list ap;
/* --- Data structures --- */
typedef struct phrase {
- struct phrase *next;
- struct phrase *prev;
+ struct phrase *next, *prev;
char *tag;
char *p;
unsigned long t;
/* --- Variables --- */
-#define P_ROOT ((phrase *)&p_root)
-static struct { phrase *next; phrase *prev; } p_root = { P_ROOT, P_ROOT };
+static phrase *p_head = 0, *p_tail = 0;
+
+/* --- Utility macros --- */
+
+#define P_LINKTAIL(p) do { \
+ (p)->next = 0; \
+ (p)->prev = p_tail; \
+ *(p_tail ? &p_tail->next : &p_head) = (p); \
+ p_tail = (p); \
+} while (0)
+
+#define P_UNLINK(p) do { \
+ *((p)->next ? &(p)->next->prev : &p_tail) = (p)->prev; \
+ *((p)->prev ? &(p)->prev->next : &p_head) = (p)->next; \
+} while (0)
/* --- @p_free@ --- *
*
sel_rmtimer(&p->timer);
xfree(p->tag);
l_free(&lm, p->p);
- p->next->prev = p->prev;
- p->prev->next = p->next;
+ P_UNLINK(p);
DESTROY(p);
}
char *p;
if ((p = l_alloc(&lm, sz)) != 0)
return (p);
- if (P_ROOT->next == P_ROOT)
+ if (!p_head)
return (0);
if (verbose) {
pxlog("flushing passphrase `%s' to free up needed space",
p_head->tag);
}
- p_free(P_ROOT->next);
+ p_free(p_head);
}
}
{
phrase *p;
- for (p = P_ROOT->next; p != P_ROOT; p = p->next) {
- if (strcmp(p->tag, tag) == 0) {
+ for (p = p_head; p; p = p->next) {
+ if (STRCMP(p->tag, ==, tag)) {
if (p->t) {
struct timeval tv;
sel_rmtimer(&p->timer);
tv.tv_sec += p->t;
sel_addtimer(&sel, &p->timer, &tv, p_timer, p);
}
- p->next->prev = p->prev;
- p->prev->next = p->next;
- p->next = P_ROOT;
- p->prev = P_ROOT->prev;
- P_ROOT->prev->next = p;
- P_ROOT->prev = p;
+ P_UNLINK(p);
+ P_LINKTAIL(p);
return (p);
}
}
/* --- Link the block into the chain --- */
- pp->next = P_ROOT;
- pp->prev = P_ROOT->prev;
- P_ROOT->prev->next = pp;
- P_ROOT->prev = pp;
+ P_LINKTAIL(pp);
return (pp);
}
if (!tag && verbose > 1)
pxlog("flushing all passphrases");
- p = P_ROOT->next;
- while (p != P_ROOT) {
+ p = p_head;
+ while (p) {
phrase *pp = p->next;
if (!tag)
p_free(p);
- else if (strcmp(p->tag, tag) == 0) {
+ else if (STRCMP(p->tag, ==, tag)) {
if (verbose > 1)
pxlog("flushing passphrase `%s'", tag);
p_free(p);
ok: {
char *p = buf;
size_t len;
- while (isspace((unsigned char)*p))
+ while (ISSPACE(*p))
p++;
len = strlen(p);
memmove(buf, p, len);
goto fail;
if (p_request("Verify passphrase", tag, pp, LBUFSZ) < 0)
goto fail;
- if (strcmp(pp, p->p) != 0) {
+ if (STRCMP(pp, !=, p->p)) {
if (verbose)
pxlog("passphrases for `%s' don't match", tag);
p_free(p);
* @const char *p@ = pointer to skeleton string
* @...@ = other arguments to fill in
*
- * Returns: ---
+ * Returns: Zero on success, @-1@ on error.
*
* Use: Formats a string and emits it to the output file.
*/
-static void pixserv_write(pixserv *px, const char *p, ...)
+static int PRINTF_LIKE(2, 3) pixserv_write(pixserv *px, const char *p, ...)
{
dstr d = DSTR_INIT;
va_list ap;
+ int rc;
va_start(ap, p);
dstr_vputf(&d, p, &ap);
- write(px->fd, d.buf, d.len);
+ rc = write(px->fd, d.buf, d.len);
va_end(ap);
dstr_destroy(&d);
+ if (rc < 0) {
+ pxlog("failed to write to client: %s (closing)", strerror(errno));
+ return (-1);
+ }
+ return (0);
}
/* --- @pixserv_timeout@ --- *
if (!(px->f & px_stdin))
sel_rmtimer(&px->timer);
- if (!s) {
- if (px->fd != px->b.reader.fd)
- close(px->fd);
- selbuf_destroy(&px->b);
- close(px->b.reader.fd);
- return;
- }
+ if (!s) goto close;
/* --- Fiddle the timeout --- */
if ((q = str_getword(&s)) == 0)
return;
for (qq = q; *qq; qq++)
- *qq = tolower((unsigned char)*qq);
+ *qq = TOLOWER(*qq);
/* --- Handle a help request --- */
- if (strcmp(q, "help") == 0) {
- pixserv_write(px, "\
+ if (STRCMP(q, ==, "help")) {
+ if (pixserv_write(px, "\
INFO Commands supported:\n\
-INFO HELP\n\
-INFO LIST\n\
-INFO PASS tag [expire]\n\
-INFO VERIFY tag [expire]\n\
-INFO FLUSH [tag]\n\
-INFO SET tag [expire] -- phrase\n\
-INFO QUIT\n\
+INFO flush [TAG]\n\
+INFO help\n\
+INFO list\n\
+INFO pass TAG [EXPIRE]\n\
+INFO quit\n\
+INFO set TAG [EXPIRE] -- PHRASE\n\
+INFO verify TAG [EXPIRE]\n\
OK\n\
-");
+"))
+ goto close;
}
/* --- List the passphrases --- */
- else if (strcmp(q, "list") == 0) {
+ else if (STRCMP(q, ==, "list")) {
phrase *p;
- for (p = P_ROOT->next; p != P_ROOT; p = p->next) {
- if (!p->t)
- pixserv_write(px, "ITEM %s no-expire\n", p->tag);
- else {
+ for (p = p_head; p; p = p->next) {
+ if (!p->t) {
+ if (pixserv_write(px, "ITEM %s no-expire\n", p->tag)) goto close;
+ } else {
struct timeval tv;
gettimeofday(&tv, 0);
TV_SUB(&tv, &p->timer.tv, &tv);
- pixserv_write(px, "ITEM %s %i\n", p->tag, tv.tv_sec);
+ if (pixserv_write(px, "ITEM %s %lu\n",
+ p->tag, (unsigned long)tv.tv_sec))
+ goto close;
}
}
- pixserv_write(px, "OK\n");
+ if (pixserv_write(px, "OK\n")) goto close;
}
/* --- Request a passphrase --- */
- else if ((mode = PMODE_READ, strcmp(q, "pass") == 0) ||
- (mode = PMODE_VERIFY, strcmp(q, "verify") == 0)) {
+ else if ((mode = PMODE_READ, STRCMP(q, ==, "pass")) ||
+ (mode = PMODE_VERIFY, STRCMP(q, ==, "verify"))) {
unsigned long t;
const char *p;
int rc;
rc = p_get(&p, q, mode, t > timeout ? timeout : t);
switch (rc) {
case 0:
- pixserv_write(px, "OK %s\n", p);
+ if (pixserv_write(px, "OK %s\n", p)) goto close;
break;
case -1:
- pixserv_write(px, "FAIL error reading passphrase\n");
+ if (pixserv_write(px, "FAIL error reading passphrase\n"))
+ goto close;
break;
case +1:
- pixserv_write(px, "MISSING\n");
+ if (pixserv_write(px, "MISSING\n")) goto close;
break;
}
}
/* --- Flush existing passphrases --- */
- else if (strcmp(q, "flush") == 0) {
+ else if (STRCMP(q, ==, "flush")) {
q = str_getword(&s);
p_flush(q);
- pixserv_write(px, "OK\n");
+ if (pixserv_write(px, "OK\n")) goto close;
}
/* --- Set a passphrase --- */
- else if (strcmp(q, "set") == 0) {
+ else if (STRCMP(q, ==, "set")) {
char *tag;
unsigned long t;
- if ((tag = str_getword(&s)) == 0)
- pixserv_write(px, "FAIL missing tag\n");
- else if ((q = str_getword(&s)) == 0)
- pixserv_write(px, "FAIL no passphrase\n");
- else {
- if (strcmp(q, "--") != 0) {
+ if ((tag = str_getword(&s)) == 0) {
+ if (pixserv_write(px, "FAIL missing tag\n")) goto close;
+ } else if ((q = str_getword(&s)) == 0) {
+ if (pixserv_write(px, "FAIL no passphrase\n")) goto close;
+ } else {
+ if (STRCMP(q, !=, "--")) {
t = pixserv_timeout(q);
q = str_getword(&s);
} else
t = pixserv_timeout(0);
- if (!q)
- pixserv_write(px, "FAIL no passphrase\n");
- else if (strcmp(q, "--") != 0)
- pixserv_write(px, "FAIL rubbish found before passphrase\n");
- else {
+ if (!q) {
+ if (pixserv_write(px, "FAIL no passphrase\n")) goto close;
+ } else if (STRCMP(q, !=, "--")) {
+ if (pixserv_write(px, "FAIL rubbish found before passphrase\n"))
+ goto close;
+ } else {
p_flush(tag);
- p_add(tag, s, t);
- pixserv_write(px, "OK\n");
+ p_add(tag, s ? s : "", t);
+ if (pixserv_write(px, "OK\n")) goto close;
}
}
}
/* --- Shut the server down --- */
- else if (strcmp(q, "quit") == 0) {
- if (verbose)
+ else if (STRCMP(q, ==, "quit")) {
+ if (verbose) {
pxlog("%s client requested shutdown",
px->f & px_stdin ? "local" : "remote");
- pixserv_write(px, "OK\n");
+ }
+ if (pixserv_write(px, "OK\n")) goto close;
exit(0);
}
/* --- Report an error for other commands --- */
- else
- pixserv_write(px, "FAIL unknown command `%s'\n", q);
+ else {
+ if (pixserv_write(px, "FAIL unknown command `%s'\n", q)) goto close;
+ }
+ return;
+
+close:
+ if (px->fd != px->b.reader.fd)
+ close(px->fd);
+ selbuf_destroy(&px->b);
+ close(px->b.reader.fd);
}
/* --- @pixserv_create@ --- *
{
int nfd;
struct sockaddr_un sun;
- size_t sunsz = sizeof(sun);
+ socklen_t sunsz = sizeof(sun);
if (mode != SEL_READ)
return;
pxlog("stale socket found; removing it");
unlink(sun->sun_path);
close(fd);
- } else {
+ } else if (flags & F_REPLACE) {
if (verbose)
pxlog("server already running; shutting it down");
- write(fd, "QUIT\n", 5);
+ if (write(fd, "QUIT\n", 5) < 0) {
+ die(EXIT_FAILURE, "failed to shut down old server: %s",
+ strerror(errno));
+ }
sleep(1);
close(fd);
- }
+ } else
+ die(EXIT_FAILURE, "pixie already running; not starting");
goto again;
}
chmod(sun->sun_path, 0600);
c_flags |= cf_uclose;
} else {
s[len++] = '\n';
- write(c_server.reader.fd, s, len);
+ if (write(c_server.reader.fd, s, len) < 0)
+ die(EXIT_FAILURE, "failed to read from stdin: %s", strerror(errno));
}
}
puts(s);
else {
char *q = str_getword(&s);
- if (strcmp(q, "FAIL") == 0)
+ if (STRCMP(q, ==, "FAIL"))
die(1, "%s", s);
- else if (strcmp(q, "INFO") == 0 ||
- strcmp(q, "ITEM") == 0)
+ else if (STRCMP(q, ==, "INFO") ||
+ STRCMP(q, ==, "ITEM"))
puts(s);
- else if (strcmp(q, "OK") == 0) {
+ else if (STRCMP(q, ==, "OK")) {
if (s && *s) puts(s);
- } else if (strcmp(q, "MISSING") == 0)
+ } else if (STRCMP(q, ==, "MISSING"))
;
else
moan("unexpected output: %s %s", q, s);
DPUTS(&d, *argv++);
}
DPUTC(&d, '\n');
- write(fd, d.buf, d.len);
- shutdown(fd, 1);
+ if (write(fd, d.buf, d.len) < 0 || shutdown(fd, 1))
+ die(EXIT_FAILURE, "failed to write command: %s", strerror(errno));
c_flags |= cf_uclose | cf_cooked;
dstr_destroy(&d);
}
-q, --quiet Emit fewer log messages.\n\
-v, --version Emit more log messages.\n\
-s, --socket=FILE Name the pixie's socket.\n\
+-r, --replace Replace existing pixie, if one is running.\n\
-c, --command=COMMAND Shell command to read a passphrase.\n\
-f, --fetch Fetch passphrases from the terminal.\n\
-t, --timeout=TIMEOUT Length of time to retain a passphrase in memory.\n\
/* --- Set up the locked memory area --- */
l_init(&lm, 16384);
- setuid(getuid());
+ if (setuid(getuid())) _exit(125);
/* --- Parse command line arguments --- */
{ "passphrase", 0, 0, 'P' },
{ "verify-passphrase", 0, 0, '+' },
{ "socket", OPTF_ARGREQ, 0, 's' },
+ { "replace", 0, 0, 'r' },
{ "command", OPTF_ARGREQ, 0, 'c' },
{ "fetch", 0, 0, 'f' },
{ "timeout", OPTF_ARGREQ, 0, 't' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVuqvCPs:c:ft:idl", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVuqvCPs:rc:ft:idl", opts, 0, 0, 0);
if (i < 0)
break;
case 's':
path = optarg;
break;
+ case 'r':
+ flags |= F_REPLACE;
+ break;
case 't':
if ((timeout = pixserv_timeout(optarg)) == 0)
die(1, "bad timeout `%s'", optarg);
dstr d = DSTR_INIT;
int rc = l_report(&lm, &d);
if (rc < 0)
- die(EXIT_FAILURE, d.buf);
+ die(EXIT_FAILURE, "%s", d.buf);
else if (rc && verbose) {
- pxlog(d.buf);
+ pxlog("%s", d.buf);
pxlog("couldn't lock passphrase buffer");
}
dstr_destroy(&d);
}
}
#endif
- chdir("/");
+ DISCARD(chdir("/"));
setsid();
if (fork() != 0)
~mdw / catacomb / blobdiff