src/moonshot-server.vala

   1 /*
   2  * Copyright (c) 2011-2014, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32 #if IPC_DBUS
  33
  34 [DBus (name = "org.janet.Moonshot")]
  35 public class MoonshotServer : Object {
  36
  37     static MoonshotLogger logger = get_logger("MoonshotServer");
  38
  39     private string app_name = "Moonshot";
  40
  41     private IdentityManagerApp parent_app;
  42
  43     public MoonshotServer(IdentityManagerApp app)
  44     {
  45         logger.trace("MoonshotServer.<constructor>; app=" + (app == null ? "null" : "non-null"));
  46         this.parent_app = app;
  47     }
  48
  49     public bool show_ui()
  50     {
  51         logger.trace("MoonshotServer.show_ui");
  52
  53         if (parent_app.view == null) {
  54             stderr.printf(app_name, "show_ui: parent_app.view is null!\n");
  55             logger.warn("show_ui: parent_app.view is null!");
  56             return false;
  57         }
  58         parent_app.show();
  59         parent_app.explicitly_launched = true;
  60         logger.trace("MoonshotServer.show_ui: returning true");
  61         return true;
  62     }
  63
  64     public async bool get_identity(string nai,
  65                                    string password,
  66                                    string service,
  67                                    out string nai_out,
  68                                    out string password_out,
  69                                    out string server_certificate_hash,
  70                                    out string ca_certificate,
  71                                    out string subject_name_constraint,
  72                                    out string subject_alt_name_constraint)
  73     {
  74         logger.trace(@"MoonshotServer.get_identity: nai='$nai'; service='$service'");
  75         var request = new IdentityRequest(parent_app,
  76                                           nai,
  77                                           password,
  78                                           service);
  79         logger.trace(@"MoonshotServer.get_identity: Calling request.execute()");
  80         request.set_callback((IdentityRequest) => get_identity.callback());
  81         request.execute();
  82         logger.trace(@"MoonshotServer.get_identity: Back from request.execute()");
  83         yield;
  84         logger.trace(@"MoonshotServer.get_identity: back from yield");
  85
  86         nai_out = "";
  87         password_out = "";
  88         server_certificate_hash = "";
  89         ca_certificate = "";
  90         subject_name_constraint = "";
  91         subject_alt_name_constraint = "";
  92
  93         var id_card = request.id_card;
  94
  95         if ((id_card != null) && (id_card.display_name != IdCard.NO_IDENTITY)) {
  96             nai_out = id_card.nai;
  97             if ((request.password != null) && (request.password != ""))
  98                 password_out = request.password;
  99             else
 100                 password_out = id_card.password;
 101
 102             server_certificate_hash = id_card.trust_anchor.server_cert;
 103             ca_certificate = id_card.trust_anchor.ca_cert;
 104             subject_name_constraint = id_card.trust_anchor.subject;
 105             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 106
 107             if (nai_out == null)
 108                 nai_out = "";
 109             if (password_out == null)
 110                 password_out = "";
 111             if (server_certificate_hash == null)
 112                 server_certificate_hash = "";
 113             if (ca_certificate == null)
 114                 ca_certificate = "";
 115             if (subject_name_constraint == null)
 116                 subject_name_constraint = "";
 117             if (subject_alt_name_constraint == null)
 118                 subject_alt_name_constraint = "";
 119
 120             logger.trace("MoonshotServer.get_identity: returning true");
 121
 122             return true;
 123         }
 124
 125         logger.trace("MoonshotServer.get_identity: returning false");
 126         return false;
 127     }
 128
 129     public async bool get_default_identity(out string nai_out,
 130                                            out string password_out,
 131                                            out string server_certificate_hash,
 132                                            out string ca_certificate,
 133                                            out string subject_name_constraint,
 134                                            out string subject_alt_name_constraint)
 135     {
 136         logger.trace("MoonshotServer.get_default_identity");
 137         var request = new IdentityRequest.default(parent_app);
 138         request.set_callback((IdentityRequest) => get_default_identity.callback());
 139         request.execute();
 140         yield;
 141
 142         nai_out = "";
 143         password_out = "";
 144         server_certificate_hash = "";
 145         ca_certificate = "";
 146         subject_name_constraint = "";
 147         subject_alt_name_constraint = "";
 148
 149         if (request.id_card != null)
 150         {
 151             nai_out = request.id_card.nai;
 152             password_out = request.id_card.password;
 153
 154             server_certificate_hash = request.id_card.trust_anchor.server_cert;
 155             ca_certificate = request.id_card.trust_anchor.ca_cert;
 156             subject_name_constraint = request.id_card.trust_anchor.subject;
 157             subject_alt_name_constraint = request.id_card.trust_anchor.subject_alt;
 158
 159             if (nai_out == null)
 160                 nai_out = "";
 161             if (password_out == null)
 162                 password_out = "";
 163             if (server_certificate_hash == null)
 164                 server_certificate_hash = "";
 165             if (ca_certificate == null)
 166                 ca_certificate = "";
 167             if (subject_name_constraint == null)
 168                 subject_name_constraint = "";
 169             if (subject_alt_name_constraint == null)
 170                 subject_alt_name_constraint = "";
 171
 172             logger.trace("MoonshotServer.get_default_identity: returning true");
 173             return true;
 174         }
 175
 176         return false;
 177     }
 178
 179     public bool install_id_card(string   display_name,
 180                                 string   user_name,
 181                                 string   ?password,
 182                                 string   ?realm,
 183                                 string[] ?rules_patterns,
 184                                 string[] ?rules_always_confirm,
 185                                 string[] ?services,
 186                                 string   ?ca_cert,
 187                                 string   ?subject,
 188                                 string   ?subject_alt,
 189                                 string   ?server_cert,
 190                                 int      force_flat_file_store)
 191     {
 192         IdCard idcard = new IdCard();
 193
 194         idcard.display_name = display_name;
 195         idcard.username = user_name;
 196         idcard.password = password;
 197         if ((password != null) && (password != ""))
 198             idcard.store_password = true;
 199         idcard.issuer = realm;
 200         idcard.update_services(services);
 201         idcard.trust_anchor.ca_cert = ca_cert;
 202         idcard.trust_anchor.subject = subject;
 203         idcard.trust_anchor.subject_alt = subject_alt;
 204         idcard.trust_anchor.server_cert = server_cert;
 205
 206         logger.trace("install_id_card: Card '%s' has services: '%s'"
 207                      .printf(idcard.display_name, idcard.get_services_string("; ")));
 208
 209         if (rules_patterns.length == rules_always_confirm.length)
 210         {
 211             /* workaround Centos vala array property bug: use temp array */
 212             Rule[] rules = new Rule[rules_patterns.length];
 213
 214             for (int i = 0; i < rules.length; i++)
 215             {
 216                 rules[i].pattern = rules_patterns[i];
 217                 rules[i].always_confirm = rules_always_confirm[i];
 218             }
 219             idcard.rules = rules;
 220         }
 221
 222         return parent_app.add_identity(idcard, force_flat_file_store!=0);
 223     }
 224
 225
 226     public int install_from_file(string file_name)
 227     {
 228         var webp = new WebProvisioning.Parser(file_name);
 229
 230         webp.parse();
 231         bool result = false;
 232         int installed_cards = 0;
 233         foreach (IdCard card in webp.cards)
 234         {
 235             string[] rules_patterns = {};
 236             string[] rules_always_confirm = {};
 237
 238             if (card.rules.length > 0)
 239             {
 240                 int i = 0;
 241                 rules_patterns = new string[card.rules.length];
 242                 rules_always_confirm = new string[card.rules.length];
 243                 foreach (Rule r in card.rules)
 244                 {
 245                     rules_patterns[i] = r.pattern;
 246                     rules_always_confirm[i] = r.always_confirm;
 247                     i++;
 248                 }
 249             }
 250
 251
 252             // prevent a crash by holding the reference to otherwise
 253             // unowned array(?)
 254
 255             // string[] svcs = card.services.to_array();
 256             // string[] svcs = card.services.to_array()[:];
 257             string[] svcs = new string[card.services.size];
 258             for (int i = 0; i < card.services.size; i++) {
 259                 svcs[i] = card.services[i];
 260             }
 261
 262             logger.trace(@"install_from_file: Adding card with display name '$(card.display_name)'");
 263             result = install_id_card(card.display_name,
 264                                      card.username,
 265                                      card.password,
 266                                      card.issuer,
 267                                      rules_patterns,
 268                                      rules_always_confirm,
 269                                      svcs,
 270                                      card.trust_anchor.ca_cert,
 271                                      card.trust_anchor.subject,
 272                                      card.trust_anchor.subject_alt,
 273                                      card.trust_anchor.server_cert,
 274                                      0);
 275             if (result) {
 276                 installed_cards++;
 277             }
 278         }
 279         return installed_cards;
 280     }
 281 }
 282
 283
 284 #elif IPC_MSRPC
 285
 286 using Rpc;
 287 using MoonshotRpcInterface;
 288
 289 /* This class must be a singleton, because we use a global RPC
 290  * binding handle. I cannot picture a situation where more than
 291  * one instance of the same interface would be needed so this
 292  * shouldn't be a problem.
 293  *
 294  * Shutdown is automatically done by the RPC runtime when the
 295  * process ends
 296  */
 297 public class MoonshotServer : Object {
 298     private static IdentityManagerApp parent_app;
 299
 300     private static MoonshotServer instance = null;
 301
 302     public static void start(IdentityManagerApp app)
 303     {
 304         parent_app = app;
 305         Rpc.server_start(MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER);
 306     }
 307
 308     public static MoonshotServer get_instance()
 309     {
 310         if (instance == null)
 311             instance = new MoonshotServer();
 312         return instance;
 313     }
 314
 315     [CCode (cname = "moonshot_get_identity_rpc")]
 316     public static void get_identity(Rpc.AsyncCall call,
 317                                     string nai,
 318                                     string password,
 319                                     string service,
 320                                     ref string nai_out,
 321                                     ref string password_out,
 322                                     ref string server_certificate_hash,
 323                                     ref string ca_certificate,
 324                                     ref string subject_name_constraint,
 325                                     ref string subject_alt_name_constraint)
 326     {
 327         logger.trace("(static) get_identity");
 328
 329         bool result = false;
 330
 331         var request = new IdentityRequest(parent_app,
 332                                           nai,
 333                                           password,
 334                                           service);
 335
 336         // Pass execution to the main loop and block the RPC thread
 337         request.mutex = new Mutex();
 338         request.cond = new Cond();
 339         request.set_callback(return_identity_cb);
 340
 341         request.mutex.lock();
 342         Idle.add(request.execute);
 343
 344         while (request.complete == false)
 345             request.cond.wait(request.mutex);
 346
 347         nai_out = "";
 348         password_out = "";
 349         server_certificate_hash = "";
 350         ca_certificate = "";
 351         subject_name_constraint = "";
 352         subject_alt_name_constraint = "";
 353
 354         var id_card = request.id_card;
 355
 356         if (id_card != null) {
 357             // The strings are freed by the RPC runtime
 358             nai_out = id_card.nai;
 359             password_out = id_card.password;
 360             server_certificate_hash = id_card.trust_anchor.server_cert;
 361             ca_certificate = id_card.trust_anchor.ca_cert;
 362             subject_name_constraint = id_card.trust_anchor.subject;
 363             subject_alt_name_constraint = id_card.trust_anchor.subject_alt;
 364
 365             return_if_fail(nai_out != null);
 366             return_if_fail(password_out != null);
 367             return_if_fail(server_certificate_hash != null);
 368             return_if_fail(ca_certificate != null);
 369             return_if_fail(subject_name_constraint != null);
 370             return_if_fail(subject_alt_name_constraint != null);
 371
 372             result = true;
 373         }
 374
 375         // The outputs must be set before this function is called. For this
 376         // reason they are 'ref' not 'out' parameters - Vala assigns to the
 377         // 'out' parameters only at the end of the function, which is too
 378         // late.
 379         call.return(&result);
 380
 381         request.cond.signal();
 382         request.mutex.unlock();
 383     }
 384
 385     [CCode (cname = "moonshot_get_default_identity_rpc")]
 386     public static void get_default_identity(Rpc.AsyncCall call,
 387                                             ref string nai_out,
 388                                             ref string password_out,
 389                                             ref string server_certificate_hash,
 390                                             ref string ca_certificate,
 391                                             ref string subject_name_constraint,
 392                                             ref string subject_alt_name_constraint)
 393     {
 394         logger.trace("(static) get_default_identity");
 395
 396         bool result;
 397
 398         var request = new IdentityRequest.default(parent_app);
 399         request.mutex = new Mutex();
 400         request.cond = new Cond();
 401         request.set_callback(return_identity_cb);
 402
 403         request.mutex.lock();
 404         Idle.add(request.execute);
 405
 406         while (request.complete == false)
 407             request.cond.wait(request.mutex);
 408
 409         nai_out = "";
 410         password_out = "";
 411         server_certificate_hash = "";
 412         ca_certificate = "";
 413         subject_name_constraint = "";
 414         subject_alt_name_constraint = "";
 415
 416         if (request.id_card != null)
 417         {
 418             nai_out = request.id_card.nai;
 419             password_out = request.id_card.password;
 420             server_certificate_hash = "certificate";
 421
 422             return_if_fail(nai_out != null);
 423             return_if_fail(password_out != null);
 424             return_if_fail(server_certificate_hash != null);
 425             return_if_fail(ca_certificate != null);
 426             return_if_fail(subject_name_constraint != null);
 427             return_if_fail(subject_alt_name_constraint != null);
 428
 429             result = true;
 430         }
 431         else
 432         {
 433             result = false;
 434         }
 435
 436         call.return(&result);
 437
 438         request.cond.signal();
 439         request.mutex.unlock();
 440     }
 441
 442     // Called from the main loop thread when an identity has
 443     // been selected
 444     static void return_identity_cb(IdentityRequest request) {
 445         // Notify the RPC thread that the request is complete
 446         request.mutex.lock();
 447         request.cond.signal();
 448
 449         // Block the main loop until the RPC call has returned
 450         // to avoid any races
 451         request.cond.wait(request.mutex);
 452         request.mutex.unlock();
 453     }
 454
 455     [CCode (cname = "moonshot_install_id_card_rpc")]
 456     public static bool install_id_card(string     display_name,
 457                                        string     user_name,
 458                                        string     password,
 459                                        string     realm,
 460                                        string[]   rules_patterns,
 461                                        string[]   rules_always_confirm,
 462                                        string[]   services,
 463                                        string     ca_cert,
 464                                        string     subject,
 465                                        string     subject_alt,
 466                                        string     server_cert,
 467                                        bool       force_flat_file_store)
 468     {
 469         logger.trace("(static) install_id_card");
 470         IdCard idcard = new IdCard();
 471
 472         bool success = false;
 473         Mutex mutex = new Mutex();
 474         Cond cond = new Cond();
 475
 476         idcard.display_name = display_name;
 477         idcard.username = user_name;
 478         idcard.password = password;
 479         idcard.issuer = realm;
 480         idcard.services = services;
 481         idcard.trust_anchor.ca_cert = ca_cert;
 482         idcard.trust_anchor.subject = subject;
 483         idcard.trust_anchor.subject_alt = subject_alt;
 484         idcard.trust_anchor.server_cert = server_cert;
 485
 486         if (rules_patterns.length == rules_always_confirm.length)
 487         {
 488             idcard.rules = new Rule[rules_patterns.length];
 489
 490             for (int i = 0; i < idcard.rules.length; i++)
 491             {
 492                 idcard.rules[i].pattern = rules_patterns[i];
 493                 idcard.rules[i].always_confirm = rules_always_confirm[i];
 494             }
 495         }
 496
 497         mutex.lock();
 498
 499         // Defer addition to the main loop thread.
 500         Idle.add(() => {
 501                 mutex.lock();
 502                 success = parent_app.add_identity(idcard, force_flat_file_store);
 503                 cond.signal();
 504                 mutex.unlock();
 505                 return false;
 506             });
 507
 508         cond.wait(mutex);
 509         mutex.unlock();
 510
 511         return success;
 512     }
 513
 514 }
 515
 516
 517 #endif