src/moonshot-server.vala

   1 /*
   2  * Copyright (c) 2011-2016, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32 #if IPC_DBUS
  33
  34 [DBus (name = "org.janet.Moonshot")]
  35 public class MoonshotServer : Object {
  36
  37     static MoonshotLogger logger = get_logger("MoonshotServer");
  38
  39     private string app_name = "Moonshot";
  40
  41     private IdentityManagerApp parent_app;
  42
  43     public MoonshotServer(IdentityManagerApp app)
  44     {
  45         logger.trace("MoonshotServer.<constructor>; app=" + (app == null ? "null" : "non-null"));
  46         this.parent_app = app;
  47     }
  48
  49     public bool show_ui()
  50     {
  51         logger.trace("MoonshotServer.show_ui");
  52
  53         if (parent_app.view == null) {
  54             stderr.printf(app_name, "show_ui: parent_app.view is null!\n");
  55             logger.warn("show_ui: parent_app.view is null!");
  56             return false;
  57         }
  58         parent_app.show();
  59         parent_app.explicitly_launched = true;
  60         logger.trace("MoonshotServer.show_ui: returning true");
  61         return true;
  62     }
  63
  64     public async bool get_identity(string nai,
  65                                    string password,
  66                                    string service,
  67                                    out string nai_out,
  68                                    out string password_out,
  69                                    out string server_certificate_hash,
  70                                    out string ca_certificate,
  71                                    out string subject_name_constraint,
  72                                    out string subject_alt_name_constraint)
  73     {
  74         logger.trace(@"MoonshotServer.get_identity: nai='$nai'; service='$service'");
  75         var request = new IdentityRequest(parent_app,
  76                                           nai,
  77                                           password,
  78                                           service);
  79         logger.trace(@"MoonshotServer.get_identity: Calling request.execute()");
  80         request.set_callback((IdentityRequest) => get_identity.callback());
  81         request.execute();
  82         logger.trace(@"MoonshotServer.get_identity: Back from request.execute()");
  83         yield;
  84         logger.trace(@"MoonshotServer.get_identity: back from yield");
  85
  86         nai_out = "";
  87         password_out = "";
  88         server_certificate_hash = "";
  89         ca_certificate = "";
  90         subject_name_constraint = "";
  91         subject_alt_name_constraint = "";
  92
  93         var id_card = request.id_card;
  94
  95         if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) {
  96             nai_out = id_card.nai;
  97             if ((request.password != null) && (request.password != ""))
  98                 password_out = request.password;
  99             else
 100                 password_out = id_card.password;
 101
 102             server_certificate_hash = id_card.trust_anchor.server_cert;
 103             ca_certificate = id_card.trust_anchor.ca_cert;
 104             subject_name_constraint = id_card.trust_anchor.subject;
 105             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 106
 107             if (nai_out == null)
 108                 nai_out = "";
 109             if (password_out == null)
 110                 password_out = "";
 111             if (server_certificate_hash == null)
 112                 server_certificate_hash = "";
 113             if (ca_certificate == null)
 114                 ca_certificate = "";
 115             if (subject_name_constraint == null)
 116                 subject_name_constraint = "";
 117             if (subject_alt_name_constraint == null)
 118                 subject_alt_name_constraint = "";
 119
 120             logger.trace(@"MoonshotServer.get_identity: returning with nai_out=$nai_out");
 121
 122             return true;
 123         }
 124
 125         logger.trace("MoonshotServer.get_identity: returning false");
 126         return false;
 127     }
 128
 129     public async bool get_default_identity(out string nai_out,
 130                                            out string password_out,
 131                                            out string server_certificate_hash,
 132                                            out string ca_certificate,
 133                                            out string subject_name_constraint,
 134                                            out string subject_alt_name_constraint)
 135     {
 136         logger.trace("MoonshotServer.get_default_identity");
 137         var request = new IdentityRequest.default(parent_app);
 138         request.set_callback((IdentityRequest) => get_default_identity.callback());
 139         request.execute();
 140         yield;
 141
 142         nai_out = "";
 143         password_out = "";
 144         server_certificate_hash = "";
 145         ca_certificate = "";
 146         subject_name_constraint = "";
 147         subject_alt_name_constraint = "";
 148
 149         if (request.id_card != null)
 150         {
 151             nai_out = request.id_card.nai;
 152             password_out = request.id_card.password;
 153
 154             server_certificate_hash = request.id_card.trust_anchor.server_cert;
 155             ca_certificate = request.id_card.trust_anchor.ca_cert;
 156             subject_name_constraint = request.id_card.trust_anchor.subject;
 157             subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
 158
 159             if (nai_out == null)
 160                 nai_out = "";
 161             if (password_out == null)
 162                 password_out = "";
 163             if (server_certificate_hash == null)
 164                 server_certificate_hash = "";
 165             if (ca_certificate == null)
 166                 ca_certificate = "";
 167             if (subject_name_constraint == null)
 168                 subject_name_constraint = "";
 169             if (subject_alt_name_constraint == null)
 170                 subject_alt_name_constraint = "";
 171
 172             logger.trace("MoonshotServer.get_default_identity: returning true");
 173             return true;
 174         }
 175
 176         return false;
 177     }
 178
 179     public bool install_id_card(string   display_name,
 180                                 string   user_name,
 181                                 string   ?password,
 182                                 string   ?realm,
 183                                 string[] ?rules_patterns,
 184                                 string[] ?rules_always_confirm,
 185                                 string[] ?services,
 186                                 string   ?ca_cert,
 187                                 string   ?subject,
 188                                 string   ?subject_alt,
 189                                 string   ?server_cert,
 190                                 int      force_flat_file_store)
 191     {
 192         IdCard idcard = new IdCard();
 193
 194         idcard.display_name = display_name;
 195         idcard.username = user_name;
 196         idcard.password = password;
 197         if ((password != null) && (password != ""))
 198             idcard.store_password = true;
 199         idcard.issuer = realm;
 200         idcard.update_services(services);
 201         var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, false);
 202
 203         logger.trace("install_id_card: Card '%s' has services: '%s'"
 204                      .printf(idcard.display_name, idcard.get_services_string("; ")));
 205
 206         if (rules_patterns.length == rules_always_confirm.length)
 207         {
 208             /* workaround Centos vala array property bug: use temp array */
 209             Rule[] rules = new Rule[rules_patterns.length];
 210
 211             for (int i = 0; i < rules.length; i++)
 212             {
 213                 rules[i].pattern = rules_patterns[i];
 214                 rules[i].always_confirm = rules_always_confirm[i];
 215             }
 216             idcard.rules = rules;
 217         }
 218
 219         return parent_app.add_identity(idcard, force_flat_file_store!=0);
 220     }
 221
 222
 223     public int install_from_file(string file_name)
 224     {
 225         var webp = new WebProvisioning.Parser(file_name);
 226
 227         webp.parse();
 228         bool result = false;
 229         int installed_cards = 0;
 230         foreach (IdCard card in webp.cards)
 231         {
 232             string[] rules_patterns = {};
 233             string[] rules_always_confirm = {};
 234
 235             if (card.rules.length > 0)
 236             {
 237                 int i = 0;
 238                 rules_patterns = new string[card.rules.length];
 239                 rules_always_confirm = new string[card.rules.length];
 240                 foreach (Rule r in card.rules)
 241                 {
 242                     rules_patterns[i] = r.pattern;
 243                     rules_always_confirm[i] = r.always_confirm;
 244                     i++;
 245                 }
 246             }
 247
 248
 249             // prevent a crash by holding the reference to otherwise
 250             // unowned array(?)
 251
 252             // string[] svcs = card.services.to_array();
 253             // string[] svcs = card.services.to_array()[:];
 254             string[] svcs = new string[card.services.size];
 255             for (int i = 0; i < card.services.size; i++) {
 256                 svcs[i] = card.services[i];
 257             }
 258
 259             logger.trace(@"install_from_file: Adding card with display name '$(card.display_name)'");
 260             result = install_id_card(card.display_name,
 261                                      card.username,
 262                                      card.password,
 263                                      card.issuer,
 264                                      rules_patterns,
 265                                      rules_always_confirm,
 266                                      svcs,
 267                                      card.trust_anchor.ca_cert,
 268                                      card.trust_anchor.subject,
 269                                      card.trust_anchor.subject_alt,
 270                                      card.trust_anchor.server_cert,
 271                                      0);
 272             if (result) {
 273                 installed_cards++;
 274             }
 275         }
 276         return installed_cards;
 277     }
 278 }
 279
 280
 281 #elif IPC_MSRPC
 282
 283 using Rpc;
 284 using MoonshotRpcInterface;
 285
 286 /* This class must be a singleton, because we use a global RPC
 287  * binding handle. I cannot picture a situation where more than
 288  * one instance of the same interface would be needed so this
 289  * shouldn't be a problem.
 290  *
 291  * Shutdown is automatically done by the RPC runtime when the
 292  * process ends
 293  */
 294 public class MoonshotServer : Object {
 295     private static IdentityManagerApp parent_app;
 296
 297     private static MoonshotServer instance = null;
 298
 299     public static void start(IdentityManagerApp app)
 300     {
 301         parent_app = app;
 302         Rpc.server_start(MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER);
 303     }
 304
 305     public static MoonshotServer get_instance()
 306     {
 307         if (instance == null)
 308             instance = new MoonshotServer();
 309         return instance;
 310     }
 311
 312     [CCode (cname = "moonshot_get_identity_rpc")]
 313     public static void get_identity(Rpc.AsyncCall call,
 314                                     string nai,
 315                                     string password,
 316                                     string service,
 317                                     ref string nai_out,
 318                                     ref string password_out,
 319                                     ref string server_certificate_hash,
 320                                     ref string ca_certificate,
 321                                     ref string subject_name_constraint,
 322                                     ref string subject_alt_name_constraint)
 323     {
 324         logger.trace("(static) get_identity");
 325
 326         bool result = false;
 327
 328         var request = new IdentityRequest(parent_app,
 329                                           nai,
 330                                           password,
 331                                           service);
 332
 333         // Pass execution to the main loop and block the RPC thread
 334         request.mutex = new Mutex();
 335         request.cond = new Cond();
 336         request.set_callback(return_identity_cb);
 337
 338         request.mutex.lock();
 339         Idle.add(request.execute);
 340
 341         while (request.complete == false)
 342             request.cond.wait(request.mutex);
 343
 344         nai_out = "";
 345         password_out = "";
 346         server_certificate_hash = "";
 347         ca_certificate = "";
 348         subject_name_constraint = "";
 349         subject_alt_name_constraint = "";
 350
 351         var id_card = request.id_card;
 352
 353         if (id_card != null) {
 354             // The strings are freed by the RPC runtime
 355             nai_out = id_card.nai;
 356             password_out = id_card.password;
 357             server_certificate_hash = id_card.trust_anchor.server_cert;
 358             ca_certificate = id_card.trust_anchor.ca_cert;
 359             subject_name_constraint = id_card.trust_anchor.subject;
 360             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 361
 362             return_if_fail(nai_out != null);
 363             return_if_fail(password_out != null);
 364             return_if_fail(server_certificate_hash != null);
 365             return_if_fail(ca_certificate != null);
 366             return_if_fail(subject_name_constraint != null);
 367             return_if_fail(subject_alt_name_constraint != null);
 368
 369             result = true;
 370         }
 371
 372         // The outputs must be set before this function is called. For this
 373         // reason they are 'ref' not 'out' parameters - Vala assigns to the
 374         // 'out' parameters only at the end of the function, which is too
 375         // late.
 376         call.return(&result);
 377
 378         request.cond.signal();
 379         request.mutex.unlock();
 380     }
 381
 382     [CCode (cname = "moonshot_get_default_identity_rpc")]
 383     public static void get_default_identity(Rpc.AsyncCall call,
 384                                             ref string nai_out,
 385                                             ref string password_out,
 386                                             ref string server_certificate_hash,
 387                                             ref string ca_certificate,
 388                                             ref string subject_name_constraint,
 389                                             ref string subject_alt_name_constraint)
 390     {
 391         logger.trace("(static) get_default_identity");
 392
 393         bool result;
 394
 395         var request = new IdentityRequest.default(parent_app);
 396         request.mutex = new Mutex();
 397         request.cond = new Cond();
 398         request.set_callback(return_identity_cb);
 399
 400         request.mutex.lock();
 401         Idle.add(request.execute);
 402
 403         while (request.complete == false)
 404             request.cond.wait(request.mutex);
 405
 406         nai_out = "";
 407         password_out = "";
 408         server_certificate_hash = "";
 409         ca_certificate = "";
 410         subject_name_constraint = "";
 411         subject_alt_name_constraint = "";
 412
 413         if (request.id_card != null)
 414         {
 415             nai_out = request.id_card.nai;
 416             password_out = request.id_card.password;
 417             server_certificate_hash = "certificate";
 418
 419             return_if_fail(nai_out != null);
 420             return_if_fail(password_out != null);
 421             return_if_fail(server_certificate_hash != null);
 422             return_if_fail(ca_certificate != null);
 423             return_if_fail(subject_name_constraint != null);
 424             return_if_fail(subject_alt_name_constraint != null);
 425
 426             result = true;
 427         }
 428         else
 429         {
 430             result = false;
 431         }
 432
 433         call.return(&result);
 434
 435         request.cond.signal();
 436         request.mutex.unlock();
 437     }
 438
 439     // Called from the main loop thread when an identity has
 440     // been selected
 441     static void return_identity_cb(IdentityRequest request) {
 442         // Notify the RPC thread that the request is complete
 443         request.mutex.lock();
 444         request.cond.signal();
 445
 446         // Block the main loop until the RPC call has returned
 447         // to avoid any races
 448         request.cond.wait(request.mutex);
 449         request.mutex.unlock();
 450     }
 451
 452     [CCode (cname = "moonshot_install_id_card_rpc")]
 453     public static bool install_id_card(string     display_name,
 454                                        string     user_name,
 455                                        string     password,
 456                                        string     realm,
 457                                        string[]   rules_patterns,
 458                                        string[]   rules_always_confirm,
 459                                        string[]   services,
 460                                        string     ca_cert,
 461                                        string     subject,
 462                                        string     subject_alt,
 463                                        string     server_cert,
 464                                        bool       force_flat_file_store)
 465     {
 466         logger.trace("(static) install_id_card");
 467         IdCard idcard = new IdCard();
 468
 469         bool success = false;
 470         Mutex mutex = new Mutex();
 471         Cond cond = new Cond();
 472
 473         idcard.display_name = display_name;
 474         idcard.username = user_name;
 475         idcard.password = password;
 476         idcard.issuer = realm;
 477         idcard.services = services;
 478         idcard.trust_anchor.ca_cert = ca_cert;
 479         idcard.trust_anchor.subject = subject;
 480         idcard.trust_anchor.subject_alt = subject_alt;
 481         idcard.trust_anchor.server_cert = server_cert;
 482
 483         if (rules_patterns.length == rules_always_confirm.length)
 484         {
 485             idcard.rules = new Rule[rules_patterns.length];
 486
 487             for (int i = 0; i < idcard.rules.length; i++)
 488             {
 489                 idcard.rules[i].pattern = rules_patterns[i];
 490                 idcard.rules[i].always_confirm = rules_always_confirm[i];
 491             }
 492         }
 493
 494         mutex.lock();
 495
 496         // Defer addition to the main loop thread.
 497         Idle.add(() => {
 498                 mutex.lock();
 499                 success = parent_app.add_identity(idcard, force_flat_file_store);
 500                 cond.signal();
 501                 mutex.unlock();
 502                 return false;
 503             });
 504
 505         cond.wait(mutex);
 506         mutex.unlock();
 507
 508         return success;
 509     }
 510
 511 }
 512
 513
 514 #endif