1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <assert.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <inttypes.h>
#include <stdlib.h>
#include <time.h>
#include <limits.h>
#include "authkey.h"
#include "util.h"
#define RANDOM_DEVICE "/dev/urandom"
static int load(const char *fn, void *data, size_t length) {
int fd = -1, ret = -1;
ssize_t r;
assert(fn && data && length);
if ((fd = open(fn, O_RDONLY)) < 0)
goto finish;
if ((r = pa_loop_read(fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
ret = 0;
finish:
if (fd >= 0)
close(fd);
return ret;
}
static int generate(const char *fn, void *data, size_t length) {
int fd = -1, random_fd = -1, ret = -1;
ssize_t r;
assert(fn && data && length);
if ((fd = open(fn, O_WRONLY|O_EXCL|O_CREAT, S_IRUSR | S_IWUSR)) < 0)
goto finish;
if ((random_fd = open(RANDOM_DEVICE, O_RDONLY)) >= 0) {
if ((r = pa_loop_read(random_fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
} else {
uint8_t *p;
size_t l;
fprintf(stderr, "WARNING: Failed to open entropy device '"RANDOM_DEVICE"': %s, falling back to unsecure pseudo RNG.\n", strerror(errno));
srandom(time(NULL));
for (p = data, l = length; l > 0; p++, l--)
*p = (uint8_t) random();
}
if ((r = pa_loop_write(fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
ret = 0;
finish:
if (fd >= 0) {
if (ret != 0)
unlink(fn);
close(fd);
}
if (random_fd >= 0)
close(random_fd);
return ret;
}
int pa_authkey_load(const char *path, void *data, size_t length) {
int ret, i;
assert(path && data && length);
for (i = 0; i < 10; i++) {
if ((ret = load(path, data, length)) < 0)
if (ret == -1 && errno == ENOENT)
if ((ret = generate(path, data, length)) < 0)
if (ret == -1 && errno == EEXIST)
continue;
break;
}
if (ret < 0)
fprintf(stderr, "Failed to load authorization key '%s': %s\n", path, (ret == -1) ? strerror(errno) : "file corrupt");
return ret;
}
int pa_authkey_load_from_home(const char *fn, void *data, size_t length) {
char *home;
char path[PATH_MAX];
assert(fn && data && length);
if (!(home = getenv("HOME")))
return -2;
snprintf(path, sizeof(path), "%s/%s", home, fn);
return pa_authkey_load(path, data, length);
}
int pa_authkey_load_auto(const char *fn, void *data, size_t length) {
assert(fn && data && length);
if (*fn == '/')
return pa_authkey_load(fn, data, length);
else
return pa_authkey_load_from_home(fn, data, length);
}
|
