src/moonshot-server.vala

   1 /*
   2  * Copyright (c) 2011-2014, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32 #if IPC_DBUS
  33
  34 [DBus (name = "org.janet.Moonshot")]
  35 public class MoonshotServer : Object {
  36
  37     static MoonshotLogger logger = get_logger("MoonshotServer");
  38
  39     private string app_name = "Moonshot";
  40
  41     private IdentityManagerApp parent_app;
  42
  43     public MoonshotServer(IdentityManagerApp app)
  44     {
  45         logger.trace("MoonshotServer.<constructor>; app=" + (app == null ? "null" : "non-null"));
  46         this.parent_app = app;
  47     }
  48
  49     public bool show_ui()
  50     {
  51         logger.trace("MoonshotServer.show_ui");
  52
  53         if (parent_app.view == null) {
  54             stderr.printf(app_name, "show_ui: parent_app.view is null!\n");
  55             logger.warn("show_ui: parent_app.view is null!");
  56             return false;
  57         }
  58         parent_app.show();
  59         parent_app.explicitly_launched = true;
  60         logger.trace("MoonshotServer.show_ui: returning true");
  61         return true;
  62     }
  63
  64     public async bool get_identity(string nai,
  65                                    string password,
  66                                    string service,
  67                                    out string nai_out,
  68                                    out string password_out,
  69                                    out string server_certificate_hash,
  70                                    out string ca_certificate,
  71                                    out string subject_name_constraint,
  72                                    out string subject_alt_name_constraint)
  73     {
  74         logger.trace(@"MoonshotServer.get_identity: nai='$nai'; service='$service'");
  75         var request = new IdentityRequest(parent_app,
  76                                           nai,
  77                                           password,
  78                                           service);
  79         logger.trace(@"MoonshotServer.get_identity: Calling request.execute()");
  80         request.set_callback((IdentityRequest) => get_identity.callback());
  81         request.execute();
  82         logger.trace(@"MoonshotServer.get_identity: Back from request.execute()");
  83         yield;
  84         logger.trace(@"MoonshotServer.get_identity: back from yield");
  85
  86         nai_out = "";
  87         password_out = "";
  88         server_certificate_hash = "";
  89         ca_certificate = "";
  90         subject_name_constraint = "";
  91         subject_alt_name_constraint = "";
  92
  93         var id_card = request.id_card;
  94
  95         if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) {
  96             nai_out = id_card.nai;
  97             if ((request.password != null) && (request.password != ""))
  98                 password_out = request.password;
  99             else
 100                 password_out = id_card.password;
 101
 102             server_certificate_hash = id_card.trust_anchor.server_cert;
 103             ca_certificate = id_card.trust_anchor.ca_cert;
 104             subject_name_constraint = id_card.trust_anchor.subject;
 105             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 106
 107             if (nai_out == null)
 108                 nai_out = "";
 109             if (password_out == null)
 110                 password_out = "";
 111             if (server_certificate_hash == null)
 112                 server_certificate_hash = "";
 113             if (ca_certificate == null)
 114                 ca_certificate = "";
 115             if (subject_name_constraint == null)
 116                 subject_name_constraint = "";
 117             if (subject_alt_name_constraint == null)
 118                 subject_alt_name_constraint = "";
 119
 120             logger.trace(@"MoonshotServer.get_identity: returning with nai_out=$nai_out");
 121
 122             return true;
 123         }
 124
 125         logger.trace("MoonshotServer.get_identity: returning false");
 126         return false;
 127     }
 128
 129     public async bool get_default_identity(out string nai_out,
 130                                            out string password_out,
 131                                            out string server_certificate_hash,
 132                                            out string ca_certificate,
 133                                            out string subject_name_constraint,
 134                                            out string subject_alt_name_constraint)
 135     {
 136         logger.trace("MoonshotServer.get_default_identity");
 137         var request = new IdentityRequest.default(parent_app);
 138         request.set_callback((IdentityRequest) => get_default_identity.callback());
 139         request.execute();
 140         yield;
 141
 142         nai_out = "";
 143         password_out = "";
 144         server_certificate_hash = "";
 145         ca_certificate = "";
 146         subject_name_constraint = "";
 147         subject_alt_name_constraint = "";
 148
 149         if (request.id_card != null)
 150         {
 151             nai_out = request.id_card.nai;
 152             password_out = request.id_card.password;
 153
 154             server_certificate_hash = request.id_card.trust_anchor.server_cert;
 155             ca_certificate = request.id_card.trust_anchor.ca_cert;
 156             subject_name_constraint = request.id_card.trust_anchor.subject;
 157             subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
 158
 159             if (nai_out == null)
 160                 nai_out = "";
 161             if (password_out == null)
 162                 password_out = "";
 163             if (server_certificate_hash == null)
 164                 server_certificate_hash = "";
 165             if (ca_certificate == null)
 166                 ca_certificate = "";
 167             if (subject_name_constraint == null)
 168                 subject_name_constraint = "";
 169             if (subject_alt_name_constraint == null)
 170                 subject_alt_name_constraint = "";
 171
 172             logger.trace("MoonshotServer.get_default_identity: returning true");
 173             return true;
 174         }
 175
 176         return false;
 177     }
 178
 179     public bool install_id_card(string   display_name,
 180                                 string   user_name,
 181                                 string   ?password,
 182                                 string   ?realm,
 183                                 string[] ?rules_patterns,
 184                                 string[] ?rules_always_confirm,
 185                                 string[] ?services,
 186                                 string   ?ca_cert,
 187                                 string   ?subject,
 188                                 string   ?subject_alt,
 189                                 string   ?server_cert,
 190                                 int      force_flat_file_store)
 191     {
 192         IdCard idcard = new IdCard();
 193
 194         idcard.display_name = display_name;
 195         idcard.username = user_name;
 196         idcard.password = password;
 197         if ((password != null) && (password != ""))
 198             idcard.store_password = true;
 199         idcard.issuer = realm;
 200         idcard.update_services(services);
 201         var ta = new TrustAnchor(ca_cert, server_cert, subject, subject_alt, false);
 202         idcard.set_trust_anchor_from_store(ta);
 203
 204         logger.trace("install_id_card: Card '%s' has services: '%s'"
 205                      .printf(idcard.display_name, idcard.get_services_string("; ")));
 206
 207         if (rules_patterns.length == rules_always_confirm.length)
 208         {
 209             /* workaround Centos vala array property bug: use temp array */
 210             Rule[] rules = new Rule[rules_patterns.length];
 211
 212             for (int i = 0; i < rules.length; i++)
 213             {
 214                 rules[i].pattern = rules_patterns[i];
 215                 rules[i].always_confirm = rules_always_confirm[i];
 216             }
 217             idcard.rules = rules;
 218         }
 219
 220         return parent_app.add_identity(idcard, force_flat_file_store!=0);
 221     }
 222
 223
 224     public int install_from_file(string file_name)
 225     {
 226         var webp = new WebProvisioning.Parser(file_name);
 227
 228         webp.parse();
 229         bool result = false;
 230         int installed_cards = 0;
 231         foreach (IdCard card in webp.cards)
 232         {
 233             string[] rules_patterns = {};
 234             string[] rules_always_confirm = {};
 235
 236             if (card.rules.length > 0)
 237             {
 238                 int i = 0;
 239                 rules_patterns = new string[card.rules.length];
 240                 rules_always_confirm = new string[card.rules.length];
 241                 foreach (Rule r in card.rules)
 242                 {
 243                     rules_patterns[i] = r.pattern;
 244                     rules_always_confirm[i] = r.always_confirm;
 245                     i++;
 246                 }
 247             }
 248
 249
 250             // prevent a crash by holding the reference to otherwise
 251             // unowned array(?)
 252
 253             // string[] svcs = card.services.to_array();
 254             // string[] svcs = card.services.to_array()[:];
 255             string[] svcs = new string[card.services.size];
 256             for (int i = 0; i < card.services.size; i++) {
 257                 svcs[i] = card.services[i];
 258             }
 259
 260             logger.trace(@"install_from_file: Adding card with display name '$(card.display_name)'");
 261             result = install_id_card(card.display_name,
 262                                      card.username,
 263                                      card.password,
 264                                      card.issuer,
 265                                      rules_patterns,
 266                                      rules_always_confirm,
 267                                      svcs,
 268                                      card.trust_anchor.ca_cert,
 269                                      card.trust_anchor.subject,
 270                                      card.trust_anchor.subject_alt,
 271                                      card.trust_anchor.server_cert,
 272                                      0);
 273             if (result) {
 274                 installed_cards++;
 275             }
 276         }
 277         return installed_cards;
 278     }
 279 }
 280
 281
 282 #elif IPC_MSRPC
 283
 284 using Rpc;
 285 using MoonshotRpcInterface;
 286
 287 /* This class must be a singleton, because we use a global RPC
 288  * binding handle. I cannot picture a situation where more than
 289  * one instance of the same interface would be needed so this
 290  * shouldn't be a problem.
 291  *
 292  * Shutdown is automatically done by the RPC runtime when the
 293  * process ends
 294  */
 295 public class MoonshotServer : Object {
 296     private static IdentityManagerApp parent_app;
 297
 298     private static MoonshotServer instance = null;
 299
 300     public static void start(IdentityManagerApp app)
 301     {
 302         parent_app = app;
 303         Rpc.server_start(MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER);
 304     }
 305
 306     public static MoonshotServer get_instance()
 307     {
 308         if (instance == null)
 309             instance = new MoonshotServer();
 310         return instance;
 311     }
 312
 313     [CCode (cname = "moonshot_get_identity_rpc")]
 314     public static void get_identity(Rpc.AsyncCall call,
 315                                     string nai,
 316                                     string password,
 317                                     string service,
 318                                     ref string nai_out,
 319                                     ref string password_out,
 320                                     ref string server_certificate_hash,
 321                                     ref string ca_certificate,
 322                                     ref string subject_name_constraint,
 323                                     ref string subject_alt_name_constraint)
 324     {
 325         logger.trace("(static) get_identity");
 326
 327         bool result = false;
 328
 329         var request = new IdentityRequest(parent_app,
 330                                           nai,
 331                                           password,
 332                                           service);
 333
 334         // Pass execution to the main loop and block the RPC thread
 335         request.mutex = new Mutex();
 336         request.cond = new Cond();
 337         request.set_callback(return_identity_cb);
 338
 339         request.mutex.lock();
 340         Idle.add(request.execute);
 341
 342         while (request.complete == false)
 343             request.cond.wait(request.mutex);
 344
 345         nai_out = "";
 346         password_out = "";
 347         server_certificate_hash = "";
 348         ca_certificate = "";
 349         subject_name_constraint = "";
 350         subject_alt_name_constraint = "";
 351
 352         var id_card = request.id_card;
 353
 354         if (id_card != null) {
 355             // The strings are freed by the RPC runtime
 356             nai_out = id_card.nai;
 357             password_out = id_card.password;
 358             server_certificate_hash = id_card.trust_anchor.server_cert;
 359             ca_certificate = id_card.trust_anchor.ca_cert;
 360             subject_name_constraint = id_card.trust_anchor.subject;
 361             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 362
 363             return_if_fail(nai_out != null);
 364             return_if_fail(password_out != null);
 365             return_if_fail(server_certificate_hash != null);
 366             return_if_fail(ca_certificate != null);
 367             return_if_fail(subject_name_constraint != null);
 368             return_if_fail(subject_alt_name_constraint != null);
 369
 370             result = true;
 371         }
 372
 373         // The outputs must be set before this function is called. For this
 374         // reason they are 'ref' not 'out' parameters - Vala assigns to the
 375         // 'out' parameters only at the end of the function, which is too
 376         // late.
 377         call.return(&result);
 378
 379         request.cond.signal();
 380         request.mutex.unlock();
 381     }
 382
 383     [CCode (cname = "moonshot_get_default_identity_rpc")]
 384     public static void get_default_identity(Rpc.AsyncCall call,
 385                                             ref string nai_out,
 386                                             ref string password_out,
 387                                             ref string server_certificate_hash,
 388                                             ref string ca_certificate,
 389                                             ref string subject_name_constraint,
 390                                             ref string subject_alt_name_constraint)
 391     {
 392         logger.trace("(static) get_default_identity");
 393
 394         bool result;
 395
 396         var request = new IdentityRequest.default(parent_app);
 397         request.mutex = new Mutex();
 398         request.cond = new Cond();
 399         request.set_callback(return_identity_cb);
 400
 401         request.mutex.lock();
 402         Idle.add(request.execute);
 403
 404         while (request.complete == false)
 405             request.cond.wait(request.mutex);
 406
 407         nai_out = "";
 408         password_out = "";
 409         server_certificate_hash = "";
 410         ca_certificate = "";
 411         subject_name_constraint = "";
 412         subject_alt_name_constraint = "";
 413
 414         if (request.id_card != null)
 415         {
 416             nai_out = request.id_card.nai;
 417             password_out = request.id_card.password;
 418             server_certificate_hash = "certificate";
 419
 420             return_if_fail(nai_out != null);
 421             return_if_fail(password_out != null);
 422             return_if_fail(server_certificate_hash != null);
 423             return_if_fail(ca_certificate != null);
 424             return_if_fail(subject_name_constraint != null);
 425             return_if_fail(subject_alt_name_constraint != null);
 426
 427             result = true;
 428         }
 429         else
 430         {
 431             result = false;
 432         }
 433
 434         call.return(&result);
 435
 436         request.cond.signal();
 437         request.mutex.unlock();
 438     }
 439
 440     // Called from the main loop thread when an identity has
 441     // been selected
 442     static void return_identity_cb(IdentityRequest request) {
 443         // Notify the RPC thread that the request is complete
 444         request.mutex.lock();
 445         request.cond.signal();
 446
 447         // Block the main loop until the RPC call has returned
 448         // to avoid any races
 449         request.cond.wait(request.mutex);
 450         request.mutex.unlock();
 451     }
 452
 453     [CCode (cname = "moonshot_install_id_card_rpc")]
 454     public static bool install_id_card(string     display_name,
 455                                        string     user_name,
 456                                        string     password,
 457                                        string     realm,
 458                                        string[]   rules_patterns,
 459                                        string[]   rules_always_confirm,
 460                                        string[]   services,
 461                                        string     ca_cert,
 462                                        string     subject,
 463                                        string     subject_alt,
 464                                        string     server_cert,
 465                                        bool       force_flat_file_store)
 466     {
 467         logger.trace("(static) install_id_card");
 468         IdCard idcard = new IdCard();
 469
 470         bool success = false;
 471         Mutex mutex = new Mutex();
 472         Cond cond = new Cond();
 473
 474         idcard.display_name = display_name;
 475         idcard.username = user_name;
 476         idcard.password = password;
 477         idcard.issuer = realm;
 478         idcard.services = services;
 479         idcard.trust_anchor.ca_cert = ca_cert;
 480         idcard.trust_anchor.subject = subject;
 481         idcard.trust_anchor.subject_alt = subject_alt;
 482         idcard.trust_anchor.server_cert = server_cert;
 483
 484         if (rules_patterns.length == rules_always_confirm.length)
 485         {
 486             idcard.rules = new Rule[rules_patterns.length];
 487
 488             for (int i = 0; i < idcard.rules.length; i++)
 489             {
 490                 idcard.rules[i].pattern = rules_patterns[i];
 491                 idcard.rules[i].always_confirm = rules_always_confirm[i];
 492             }
 493         }
 494
 495         mutex.lock();
 496
 497         // Defer addition to the main loop thread.
 498         Idle.add(() => {
 499                 mutex.lock();
 500                 success = parent_app.add_identity(idcard, force_flat_file_store);
 501                 cond.signal();
 502                 mutex.unlock();
 503                 return false;
 504             });
 505
 506         cond.wait(mutex);
 507         mutex.unlock();
 508
 509         return success;
 510     }
 511
 512 }
 513
 514
 515 #endif