/* * Copyright (c) 2011-2016, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ using Gee; using Rpc; using MoonshotRpcInterface; /* This class must be a singleton, because we use a global RPC * binding handle. I cannot picture a situation where more than * one instance of the same interface would be needed so this * shouldn't be a problem. * * Shutdown is automatically done by the RPC runtime when the * process ends */ public class MoonshotServer : Object { private static IdentityManagerApp parent_app; private static MoonshotServer instance = null; public static void start(IdentityManagerApp app) { parent_app = app; Rpc.server_start(MoonshotRpcInterface.spec, "/org/janet/Moonshot", Rpc.Flags.PER_USER); } public static MoonshotServer get_instance() { if (instance == null) instance = new MoonshotServer(); return instance; } [CCode (cname = "moonshot_get_identity_rpc")] public static void get_identity(Rpc.AsyncCall call, string nai, string password, string service, ref string nai_out, ref string password_out, ref string server_certificate_hash, ref string ca_certificate, ref string subject_name_constraint, ref string subject_alt_name_constraint) { logger.trace("(static) get_identity"); bool result = false; var request = new IdentityRequest(parent_app, nai, password, service); // Pass execution to the main loop and block the RPC thread request.mutex = new Mutex(); request.cond = new Cond(); request.set_callback(return_identity_cb); request.mutex.lock(); Idle.add(request.execute); while (request.complete == false) request.cond.wait(request.mutex); nai_out = ""; password_out = ""; server_certificate_hash = ""; ca_certificate = ""; subject_name_constraint = ""; subject_alt_name_constraint = ""; var id_card = request.id_card; if (id_card != null) { // The strings are freed by the RPC runtime nai_out = id_card.nai; password_out = id_card.password; server_certificate_hash = id_card.trust_anchor.server_cert; ca_certificate = id_card.trust_anchor.ca_cert; subject_name_constraint = id_card.trust_anchor.subject; subject_alt_name_constraint = id_card.trust_anchor.subject_alt; return_if_fail(nai_out != null); return_if_fail(password_out != null); return_if_fail(server_certificate_hash != null); return_if_fail(ca_certificate != null); return_if_fail(subject_name_constraint != null); return_if_fail(subject_alt_name_constraint != null); result = true; } // The outputs must be set before this function is called. For this // reason they are 'ref' not 'out' parameters - Vala assigns to the // 'out' parameters only at the end of the function, which is too // late. call.return(&result); request.cond.signal(); request.mutex.unlock(); } [CCode (cname = "moonshot_get_default_identity_rpc")] public static void get_default_identity(Rpc.AsyncCall call, ref string nai_out, ref string password_out, ref string server_certificate_hash, ref string ca_certificate, ref string subject_name_constraint, ref string subject_alt_name_constraint) { logger.trace("(static) get_default_identity"); bool result; var request = new IdentityRequest.default(parent_app); request.mutex = new Mutex(); request.cond = new Cond(); request.set_callback(return_identity_cb); request.mutex.lock(); Idle.add(request.execute); while (request.complete == false) request.cond.wait(request.mutex); nai_out = ""; password_out = ""; server_certificate_hash = ""; ca_certificate = ""; subject_name_constraint = ""; subject_alt_name_constraint = ""; if (request.id_card != null) { nai_out = request.id_card.nai; password_out = request.id_card.password; server_certificate_hash = "certificate"; return_if_fail(nai_out != null); return_if_fail(password_out != null); return_if_fail(server_certificate_hash != null); return_if_fail(ca_certificate != null); return_if_fail(subject_name_constraint != null); return_if_fail(subject_alt_name_constraint != null); result = true; } else { result = false; } call.return(&result); request.cond.signal(); request.mutex.unlock(); } // Called from the main loop thread when an identity has // been selected static void return_identity_cb(IdentityRequest request) { // Notify the RPC thread that the request is complete request.mutex.lock(); request.cond.signal(); // Block the main loop until the RPC call has returned // to avoid any races request.cond.wait(request.mutex); request.mutex.unlock(); } [CCode (cname = "moonshot_install_id_card_rpc")] public static bool install_id_card(string display_name, string user_name, string password, string realm, string[] rules_patterns, string[] rules_always_confirm, string[] services, string ca_cert, string subject, string subject_alt, string server_cert, bool force_flat_file_store) { logger.trace("(static) install_id_card"); IdCard idcard = new IdCard(); bool success = false; Mutex mutex = new Mutex(); Cond cond = new Cond(); idcard.display_name = display_name; idcard.username = user_name; idcard.password = password; idcard.issuer = realm; idcard.services = services; idcard.trust_anchor.ca_cert = ca_cert; idcard.trust_anchor.subject = subject; idcard.trust_anchor.subject_alt = subject_alt; idcard.trust_anchor.server_cert = server_cert; if (rules_patterns.length == rules_always_confirm.length) { idcard.rules = new Rule[rules_patterns.length]; for (int i = 0; i < idcard.rules.length; i++) { idcard.rules[i].pattern = rules_patterns[i]; idcard.rules[i].always_confirm = rules_always_confirm[i]; } } mutex.lock(); ArrayList? old_duplicates = null; // Defer addition to the main loop thread. Idle.add(() => { mutex.lock(); success = parent_app.add_identity(idcard, force_flat_file_store, out old_duplicates); foreach (IdCard id_card in old_duplicates) { stdout.printf("removing duplicate id for '%s'\n", new_card.nai); } cond.signal(); mutex.unlock(); return false; }); cond.wait(mutex); mutex.unlock(); return success; } }