1 /* ldap-wrapper.c - LDAP access via a wrapper process
2 * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
3 * Copyright (C) 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
22 We can't use LDAP directly for these reasons:
24 1. On some systems the LDAP library uses (indirectly) pthreads and
25 that is not compatible with PTh.
27 2. It is huge library in particular if TLS comes into play. So
28 problems with unfreed memory might turn up and we don't want
29 this in a long running daemon.
31 3. There is no easy way for timeouts. In particular the timeout
32 value does not work for DNS lookups (well, this is usual) and it
33 seems not to work while loading a large attribute like a
34 CRL. Having a separate process allows us to either tell the
35 process to commit suicide or have our own housekepping function
36 kill it after some time. The latter also allows proper
37 cancellation of a query at any point of time.
39 4. Given that we are going out to the network and usually get back
40 a long response, the fork/exec overhead is acceptable.
42 Note that under WindowsCE the number of processes is strongly
43 limited (32 processes including the kernel processes) and thus we
44 don't use the process approach but implement a different wrapper in
63 #include "ldap-wrapper.h"
66 #ifdef HAVE_W32_SYSTEM
67 #define setenv(a,b,c) SetEnvironmentVariable ((a),(b))
69 #define pth_close(fd) close(fd)
72 #ifndef USE_LDAPWRAPPER
73 # error This module is not expected to be build.
76 /* In case sysconf does not return a value we need to have a limit. */
77 #ifdef _POSIX_OPEN_MAX
78 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
80 #define MAX_OPEN_FDS 20
83 #define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5) /* seconds */
85 #define TIMERTICK_INTERVAL 2
87 /* To keep track of the LDAP wrapper state we use this structure. */
88 struct wrapper_context_s
90 struct wrapper_context_s *next;
92 pid_t pid; /* The pid of the wrapper process. */
93 int printable_pid; /* Helper to print diagnostics after the process has
95 int fd; /* Connected with stdout of the ldap wrapper. */
96 gpg_error_t fd_error; /* Set to the gpg_error of the last read error
98 int log_fd; /* Connected with stderr of the ldap wrapper. */
99 ctrl_t ctrl; /* Connection data. */
100 int ready; /* Internally used to mark to be removed contexts. */
101 ksba_reader_t reader; /* The ksba reader object or NULL. */
102 char *line; /* Used to print the log lines (malloced). */
103 size_t linesize;/* Allocated size of LINE. */
104 size_t linelen; /* Use size of LINE. */
105 time_t stamp; /* The last time we noticed ativity. */
110 /* We keep a global list of spawed wrapper process. A separate thread
111 makes use of this list to log error messages and to watch out for
112 finished processes. */
113 static struct wrapper_context_s *wrapper_list;
115 /* We need to know whether we are shutting down the process. */
116 static int shutting_down;
118 /* Close the pth file descriptor FD and set it to -1. */
119 #define SAFE_CLOSE(fd) \
120 do { int _fd = fd; if (_fd != -1) { close (_fd); fd = -1;} } while (0)
125 /* Read a fixed amount of data from READER into BUFFER. */
127 read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
134 err = ksba_reader_read (reader, buffer, count, &nread);
144 /* Release the wrapper context and kill a running wrapper process. */
146 destroy_wrapper (struct wrapper_context_s *ctx)
148 if (ctx->pid != (pid_t)(-1))
150 gnupg_kill_process (ctx->pid);
151 gnupg_release_process (ctx->pid);
153 ksba_reader_release (ctx->reader);
154 SAFE_CLOSE (ctx->fd);
155 SAFE_CLOSE (ctx->log_fd);
161 /* Print the content of LINE to thye log stream but make sure to only
162 print complete lines. Using NULL for LINE will flush any pending
163 output. LINE may be modified by this function. */
165 print_log_line (struct wrapper_context_s *ctx, char *line)
172 if (ctx->line && ctx->linelen)
175 log_info ("%s\n", ctx->line);
181 while ((s = strchr (line, '\n')))
184 if (ctx->line && ctx->linelen)
186 log_info ("%s", ctx->line);
188 log_printf ("%s\n", line);
191 log_info ("%s\n", line);
197 if (ctx->linelen + n + 1 >= ctx->linesize)
202 newsize = ctx->linesize + ((n + 255) & ~255) + 1;
203 tmp = (ctx->line ? xtryrealloc (ctx->line, newsize)
204 : xtrymalloc (newsize));
207 log_error (_("error printing log line: %s\n"), strerror (errno));
211 ctx->linesize = newsize;
213 memcpy (ctx->line + ctx->linelen, line, n);
215 ctx->line[ctx->linelen] = 0;
220 /* Read data from the log stream. Returns true if the log stream
221 indicated EOF or error. */
223 read_log_data (struct wrapper_context_s *ctx)
228 /* We must use the npth_read function for pipes, always. */
230 n = npth_read (ctx->log_fd, line, sizeof line - 1);
231 while (n < 0 && errno == EINTR);
233 if (n <= 0) /* EOF or error. */
236 log_error (_("error reading log from ldap wrapper %d: %s\n"),
237 (int)ctx->pid, strerror (errno));
238 print_log_line (ctx, NULL);
239 SAFE_CLOSE (ctx->log_fd);
244 print_log_line (ctx, line);
245 if (ctx->stamp != (time_t)(-1))
246 ctx->stamp = time (NULL);
251 /* This function is run by a separate thread to maintain the list of
252 wrappers and to log error messages from these wrappers. */
254 ldap_wrapper_thread (void *dummy)
257 struct wrapper_context_s *ctx;
258 struct wrapper_context_s *ctx_prev;
259 struct timespec abstime;
260 struct timespec curtime;
261 struct timespec timeout;
268 npth_clock_gettime (&abstime);
269 abstime.tv_sec += TIMERTICK_INTERVAL;
275 npth_clock_gettime (&curtime);
276 if (!(npth_timercmp (&curtime, &abstime, <)))
278 /* Inactivity is checked below. Nothing else to do. */
279 npth_clock_gettime (&abstime);
280 abstime.tv_sec += TIMERTICK_INTERVAL;
282 npth_timersub (&abstime, &curtime, &timeout);
286 for (ctx = wrapper_list; ctx; ctx = ctx->next)
288 if (ctx->log_fd != -1)
290 FD_SET (ctx->log_fd, &fdset);
291 if (ctx->log_fd > nfds)
297 /* FIXME: For Windows, we have to use a reader thread on the
298 pipe that signals an event (and a npth_select_ev variant). */
299 ret = npth_pselect (nfds + 1, &fdset, NULL, NULL, &timeout, NULL);
304 log_error (_("npth_select failed: %s - waiting 1s\n"),
311 /* All timestamps before exptime should be considered expired. */
312 exptime = time (NULL);
313 if (exptime > INACTIVITY_TIMEOUT)
314 exptime -= INACTIVITY_TIMEOUT;
316 /* Note that there is no need to lock the list because we always
317 add entries at the head (with a pending event status) and
318 thus traversing the list will even work if we have a context
319 switch in waitpid (which should anyway only happen with Pth's
320 hard system call mapping). */
321 for (ctx = wrapper_list; ctx; ctx = ctx->next)
323 /* Check whether there is any logging to be done. */
324 if (nfds && ctx->log_fd != -1 && FD_ISSET (ctx->log_fd, &fdset))
326 if (read_log_data (ctx))
328 SAFE_CLOSE (ctx->log_fd);
333 /* Check whether the process is still running. */
334 if (ctx->pid != (pid_t)(-1))
339 err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
343 log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
345 gnupg_release_process (ctx->pid);
346 ctx->pid = (pid_t)(-1);
349 else if (gpg_err_code (err) == GPG_ERR_GENERAL)
352 log_info (_("ldap wrapper %d ready: timeout\n"),
355 log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
356 (int)ctx->pid, status);
358 gnupg_release_process (ctx->pid);
359 ctx->pid = (pid_t)(-1);
362 else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
364 log_error (_("waiting for ldap wrapper %d failed: %s\n"),
365 (int)ctx->pid, gpg_strerror (err));
370 /* Check whether we should terminate the process. */
371 if (ctx->pid != (pid_t)(-1)
372 && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
374 gnupg_kill_process (ctx->pid);
375 ctx->stamp = (time_t)(-1);
376 log_info (_("ldap wrapper %d stalled - killing\n"),
378 /* We need to close the log fd because the cleanup loop
380 SAFE_CLOSE (ctx->log_fd);
385 /* If something has been printed to the log file or we got an
386 EOF from a wrapper, we now print the list of active
388 if (any_action && DBG_LOOKUP)
390 log_info ("ldap worker stati:\n");
391 for (ctx = wrapper_list; ctx; ctx = ctx->next)
392 log_info (" c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n",
394 (int)ctx->pid, (int)ctx->printable_pid,
396 ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
397 (unsigned long)ctx->stamp, ctx->ready);
401 /* Use a separate loop to check whether ready marked wrappers
402 may be removed. We may only do so if the ksba reader object
403 is not anymore in use or we are in shutdown state. */
405 for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
407 && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
410 ctx_prev->next = ctx->next;
412 wrapper_list = ctx->next;
413 destroy_wrapper (ctx);
414 /* We need to restart because destroy_wrapper might have
415 done a context switch. */
420 return NULL; /* Make the compiler happy. */
425 /* Start the reaper thread for the ldap wrapper. */
427 ldap_wrapper_launch_thread (void)
438 npth_attr_init (&tattr);
439 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
441 err = npth_create (&thread, &tattr, ldap_wrapper_thread, NULL);
444 log_error (_("error spawning ldap wrapper reaper thread: %s\n"),
448 npth_setname_np (thread, "ldap-reaper");
449 npth_attr_destroy (&tattr);
456 /* Wait until all ldap wrappers have terminated. We assume that the
457 kill has already been sent to all of them. */
459 ldap_wrapper_wait_connections ()
462 /* FIXME: This is a busy wait. */
468 /* This function is to be used to release a context associated with the
469 given reader object. */
471 ldap_wrapper_release_context (ksba_reader_t reader)
473 struct wrapper_context_s *ctx;
478 for (ctx=wrapper_list; ctx; ctx=ctx->next)
479 if (ctx->reader == reader)
482 log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
484 (int)ctx->pid, (int)ctx->printable_pid,
486 ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
489 SAFE_CLOSE (ctx->fd);
492 ctx->ctrl->refcount--;
496 log_info (_("reading from ldap wrapper %d failed: %s\n"),
497 ctx->printable_pid, gpg_strerror (ctx->fd_error));
502 /* Cleanup all resources held by the connection associated with
503 CTRL. This is used after a cancel to kill running wrappers. */
505 ldap_wrapper_connection_cleanup (ctrl_t ctrl)
507 struct wrapper_context_s *ctx;
509 for (ctx=wrapper_list; ctx; ctx=ctx->next)
510 if (ctx->ctrl && ctx->ctrl == ctrl)
512 ctx->ctrl->refcount--;
514 if (ctx->pid != (pid_t)(-1))
515 gnupg_kill_process (ctx->pid);
517 log_info (_("reading from ldap wrapper %d failed: %s\n"),
518 ctx->printable_pid, gpg_strerror (ctx->fd_error));
523 /* This is the callback used by the ldap wrapper to feed the ksba
524 reader with the wrappers stdout. See the description of
525 ksba_reader_set_cb for details. */
527 reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
529 struct wrapper_context_s *ctx = cb_value;
530 size_t nleft = count;
532 struct timespec abstime;
533 struct timespec curtime;
534 struct timespec timeout;
536 fd_set fdset, read_fdset;
539 /* FIXME: We might want to add some internal buffering because the
540 ksba code does not do any buffering for itself (because a ksba
541 reader may be detached from another stream to read other data and
542 the it would be cumbersome to get back already buffered
545 if (!buffer && !count && !nread)
546 return -1; /* Rewind is not supported. */
548 /* If we ever encountered a read error, don't continue (we don't want to
549 possibly overwrite the last error cause). Bail out also if the
550 file descriptor has been closed. */
551 if (ctx->fd_error || ctx->fd == -1)
558 FD_SET (ctx->fd, &fdset);
561 npth_clock_gettime (&abstime);
562 abstime.tv_sec += TIMERTICK_INTERVAL;
569 npth_clock_gettime (&curtime);
570 if (!(npth_timercmp (&curtime, &abstime, <)))
572 err = dirmngr_tick (ctx->ctrl);
576 SAFE_CLOSE (ctx->fd);
579 npth_clock_gettime (&abstime);
580 abstime.tv_sec += TIMERTICK_INTERVAL;
582 npth_timersub (&abstime, &curtime, &timeout);
585 ret = npth_pselect (nfds, &read_fdset, NULL, NULL, &timeout, NULL);
588 if (ret == -1 && saved_errno != EINTR)
590 ctx->fd_error = gpg_error_from_errno (errno);
591 SAFE_CLOSE (ctx->fd);
595 /* Timeout. Will be handled when calculating the next timeout. */
598 /* This should not block now that select returned with a file
599 descriptor. So it shouldn't be necessary to use npth_read
600 (and it is slightly dangerous in the sense that a concurrent
601 thread might (accidentially?) change the status of ctx->fd
602 before we read. FIXME: Set ctx->fd to nonblocking? */
603 n = read (ctx->fd, buffer, nleft);
606 ctx->fd_error = gpg_error_from_errno (errno);
607 SAFE_CLOSE (ctx->fd);
613 return -1; /* EOF. */
618 if (n > 0 && ctx->stamp != (time_t)(-1))
619 ctx->stamp = time (NULL);
621 *nread = count - nleft;
626 /* Fork and exec the LDAP wrapper and return a new libksba reader
627 object at READER. ARGV is a NULL terminated list of arguments for
628 the wrapper. The function returns 0 on success or an error code.
630 Special hack to avoid passing a password through the command line
631 which is globally visible: If the first element of ARGV is "--pass"
632 it will be removed and instead the environment variable
633 DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern
634 OSes the environment is not visible to other users. For those old
635 systems where it can't be avoided, we don't want to go into the
636 hassle of passing the password via stdin; it's just too complicated
637 and an LDAP password used for public directory lookups should not
638 be that confidential. */
640 ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
644 struct wrapper_context_s *ctx;
647 const char **arg_list;
649 int outpipe[2], errpipe[2];
651 /* It would be too simple to connect stderr just to our logging
652 stream. The problem is that if we are running multi-threaded
653 everything gets intermixed. Clearly we don't want this. So the
654 only viable solutions are either to have another thread
655 responsible for logging the messages or to add an option to the
656 wrapper module to do the logging on its own. Given that we anyway
657 need a way to reap the child process and this is best done using a
658 general reaping thread, that thread can do the logging too. */
659 ldap_wrapper_launch_thread ();
663 /* Files: We need to prepare stdin and stdout. We get stderr from
665 if (!opt.ldap_wrapper_program || !*opt.ldap_wrapper_program)
666 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR_LDAP);
668 pgmname = opt.ldap_wrapper_program;
670 /* Create command line argument array. */
671 for (i = 0; argv[i]; i++)
673 arg_list = xtrycalloc (i + 2, sizeof *arg_list);
676 err = gpg_error_from_syserror ();
677 log_error (_("error allocating memory: %s\n"), strerror (errno));
680 for (i = j = 0; argv[i]; i++, j++)
681 if (!i && argv[i + 1] && !strcmp (*argv, "--pass"))
683 arg_list[j] = "--env-pass";
684 setenv ("DIRMNGR_LDAP_PASS", argv[1], 1);
688 arg_list[j] = (char*) argv[i];
690 ctx = xtrycalloc (1, sizeof *ctx);
693 err = gpg_error_from_syserror ();
694 log_error (_("error allocating memory: %s\n"), strerror (errno));
699 err = gnupg_create_inbound_pipe (outpipe, NULL, 0);
702 err = gnupg_create_inbound_pipe (errpipe, NULL, 0);
711 log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
717 err = gnupg_spawn_process_fd (pgmname, arg_list,
718 -1, outpipe[1], errpipe[1], &pid);
731 ctx->printable_pid = (int) pid;
732 ctx->fd = outpipe[0];
733 ctx->log_fd = errpipe[0];
736 ctx->stamp = time (NULL);
738 err = ksba_reader_new (reader);
740 err = ksba_reader_set_cb (*reader, reader_callback, ctx);
743 log_error (_("error initializing reader object: %s\n"),
745 destroy_wrapper (ctx);
746 ksba_reader_release (*reader);
751 /* Hook the context into our list of running wrappers. */
752 ctx->reader = *reader;
753 ctx->next = wrapper_list;
756 log_info ("ldap wrapper %d started (reader %p)\n",
757 (int)ctx->pid, ctx->reader);
759 /* Need to wait for the first byte so we are able to detect an empty
760 output and not let the consumer see an EOF without further error
761 indications. The CRL loading logic assumes that after return
762 from this function, a failed search (e.g. host not found ) is
763 indicated right away. */
767 err = read_buffer (*reader, &c, 1);
770 ldap_wrapper_release_context (*reader);
771 ksba_reader_release (*reader);
773 if (gpg_err_code (err) == GPG_ERR_EOF)
774 return gpg_error (GPG_ERR_NO_DATA);
778 ksba_reader_unread (*reader, &c, 1);