Blob

Date:
Message:
refactoring: imsg everywhere use imsg to handle ALL kinds of IPC in gmid. This simplifies and shorten the code, and makes everything more uniform too.
Actions:
History | Blame | Raw File
1 /*

2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>

3  *

4  * Permission to use, copy, modify, and distribute this software for any

5  * purpose with or without fee is hereby granted, provided that the above

6  * copyright notice and this permission notice appear in all copies.

7  *

8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15  */

17 #include "gmid.h"

19 #include <errno.h>

20 #include <string.h>

22 #include <openssl/bn.h>

23 #include <openssl/pem.h>

24 #include <openssl/x509_vfy.h>

25 #include <openssl/x509v3.h>

27 int

28 starts_with(const char *str, const char *prefix)

29 {

30 	size_t i;

32 	if (prefix == NULL)

33 		return 0;

35 	for (i = 0; prefix[i] != '\0'; ++i)

36 		if (str[i] != prefix[i])

37 			return 0;

38 	return 1;

39 }

41 int

42 ends_with(const char *str, const char *sufx)

43 {

44 	size_t i, j;

46 	i = strlen(str);

47 	j = strlen(sufx);

49 	if (j > i)

50 		return 0;

52 	i -= j;

53 	for (j = 0; str[i] != '\0'; i++, j++)

54 		if (str[i] != sufx[j])

55 			return 0;

56 	return 1;

57 }

59 ssize_t

60 filesize(int fd)

61 {

62 	ssize_t len;

64 	if ((len = lseek(fd, 0, SEEK_END)) == -1)

65 		return -1;

66 	if (lseek(fd, 0, SEEK_SET) == -1)

67 		return -1;

68 	return len;

69 }

71 char *

72 absolutify_path(const char *path)

73 {

74 	char *wd, *r;

76 	if (*path == '/') {

77 		if ((r = strdup(path)) == NULL)

78 			err(1, "strdup");

79 		return r;

80 	}

82 	wd = getcwd(NULL, 0);

83 	if (asprintf(&r, "%s/%s", wd, path) == -1)

84 		err(1, "asprintf");

85 	free(wd);

86 	return r;

87 }

89 char *

90 xstrdup(const char *s)

91 {

92 	char *d;

94 	if ((d = strdup(s)) == NULL)

95 		err(1, "strdup");

96 	return d;

97 }

99 void

100 gen_certificate(const char *hostname, const char *certpath, const char *keypath)

102 	BIGNUM		*e;

103 	EVP_PKEY	*pkey;

104 	RSA		*rsa;

105 	X509		*x509;

106 	X509_NAME	*name;

107 	FILE		*f;

108 	const unsigned char *org = (const unsigned char*)"gmid";

109 	const unsigned char *host = (const unsigned char*)hostname;

111 	log_notice(NULL,

112 	    "generating new certificate for %s (it could take a while)",

113 	    host);

115 	if ((pkey = EVP_PKEY_new()) == NULL)

116                 fatal("couldn't create a new private key");

118 	if ((rsa = RSA_new()) == NULL)

119 		fatal("couldn't generate rsa");

121 	if ((e = BN_new()) == NULL)

122 		fatal("couldn't allocate a bignum");

124 	BN_set_word(e, 17);

125 	if (!RSA_generate_key_ex(rsa, 4096, e, NULL))

126 		fatal("couldn't generate a rsa key");

128 	if (!EVP_PKEY_assign_RSA(pkey, rsa))

129 		fatal("couldn't assign the key");

131 	if ((x509 = X509_new()) == NULL)

132 		fatal("couldn't generate the X509 certificate");

134 	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);

135 	X509_gmtime_adj(X509_get_notBefore(x509), 0);

136 	X509_gmtime_adj(X509_get_notAfter(x509), 315360000L); /* 10 years */

138 	if (!X509_set_pubkey(x509, pkey))

139 		fatal("couldn't set the public key");

141 	name = X509_get_subject_name(x509);

142 	if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, org, -1, -1, 0))

143 		fatal("couldn't add N to cert");

144 	if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, host, -1, -1, 0))

145 		fatal("couldn't add CN to cert");

146 	X509_set_issuer_name(x509, name);

148 	if (!X509_sign(x509, pkey, EVP_sha256()))

149                 fatal("couldn't sign the certificate");

151 	if ((f = fopen(keypath, "w")) == NULL)

152 		fatal("fopen(%s): %s", keypath, strerror(errno));

153 	if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))

154 		fatal("couldn't write private key");

155 	fclose(f);

157 	if ((f = fopen(certpath, "w")) == NULL)

158 		fatal("fopen(%s): %s", certpath, strerror(errno));

159 	if (!PEM_write_X509(f, x509))

160 		fatal("couldn't write cert");

161 	fclose(f);

163 	BN_free(e);

164 	X509_free(x509);

165 	RSA_free(rsa);

168 X509_STORE *

169 load_ca(const char *path)

171 	FILE		*f = NULL;

172 	X509		*x = NULL;

173 	X509_STORE	*store;

175 	if ((store = X509_STORE_new()) == NULL)

176 		return NULL;

178 	if ((f = fopen(path, "r")) == NULL)

179 		goto err;

181 	if ((x = PEM_read_X509(f, NULL, NULL, NULL)) == NULL)

182 		goto err;

184 	if (X509_check_ca(x) == 0)

185 		goto err;

187 	if (!X509_STORE_add_cert(store, x))

188 		goto err;

190 	X509_free(x);

191 	fclose(f);

192 	return store;

194 err:

195 	X509_STORE_free(store);

196 	if (x != NULL)

197 		X509_free(x);

198 	if (f != NULL)

199 		fclose(f);

200 	return NULL;

203 int

204 validate_against_ca(X509_STORE *ca, const uint8_t *chain, size_t len)

206 	X509		*client;

207 	BIO		*m;

208 	X509_STORE_CTX	*ctx = NULL;

209 	int		 ret = 0;

211 	if ((m = BIO_new_mem_buf(chain, len)) == NULL)

212 		return 0;

214 	if ((client = PEM_read_bio_X509(m, NULL, NULL, NULL)) == NULL)

215 		goto end;

217 	if ((ctx = X509_STORE_CTX_new()) == NULL)

218 		goto end;

220 	if (!X509_STORE_CTX_init(ctx, ca, client, NULL))

221 		goto end;

223 	ret = X509_verify_cert(ctx);

225 end:

226 	BIO_free(m);

227 	if (client != NULL)

228 		X509_free(client);

229 	if (ctx != NULL)

230 		X509_STORE_CTX_free(ctx);

231 	return ret;

234 void

235 dispatch_imsg(struct imsgbuf *ibuf, imsg_handlerfn **handlers, size_t size)

237 	struct imsg	imsg;

238 	size_t		datalen, i;

239 	ssize_t		n;

241 	if ((n = imsg_read(ibuf)) == -1) {

242 		if (errno == EAGAIN || errno == EWOULDBLOCK)

243 			return;

244 		_exit(1);

247 	if (n == 0)

248 		_exit(1);

250 	for (;;) {

251 		if ((n = imsg_get(ibuf, &imsg)) == -1)

252 			_exit(1);

253 		if (n == 0)

254 			return;

255 		datalen = imsg.hdr.len - IMSG_HEADER_SIZE;

256 		i = imsg.hdr.type;

257 		if (i > (size / sizeof(imsg_handlerfn*)) || handlers[i] == NULL)

258 			abort();

259 		handlers[i](ibuf, &imsg, datalen);

260 		imsg_free(&imsg);