1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#include <assert.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <inttypes.h>
#include <stdlib.h>
#include <time.h>
#include <limits.h>
#include "authkey.h"
#include "util.h"
#define RANDOM_DEVICE "/dev/urandom"
static int load(const char *fn, void *data, size_t length) {
int fd = -1, ret = -1;
ssize_t r;
assert(fn && data && length);
if ((fd = open(fn, O_RDONLY)) < 0)
goto finish;
if ((r = pa_loop_read(fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
ret = 0;
finish:
if (fd >= 0)
close(fd);
return ret;
}
static int generate(const char *fn, void *data, size_t length) {
int fd = -1, random_fd = -1, ret = -1;
ssize_t r;
assert(fn && data && length);
if ((fd = open(fn, O_WRONLY|O_EXCL|O_CREAT, S_IRUSR | S_IWUSR)) < 0)
goto finish;
if ((random_fd = open(RANDOM_DEVICE, O_RDONLY)) >= 0) {
if ((r = pa_loop_read(random_fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
} else {
uint8_t *p;
size_t l;
fprintf(stderr, "WARNING: Failed to open entropy device '"RANDOM_DEVICE"': %s, falling back to unsecure pseudo RNG.\n", strerror(errno));
srandom(time(NULL));
for (p = data, l = length; l > 0; p++, l--)
*p = (uint8_t) random();
}
if ((r = pa_loop_write(fd, data, length)) < 0 || (size_t) r != length) {
ret = -2;
goto finish;
}
ret = 0;
finish:
if (fd >= 0) {
if (ret != 0)
unlink(fn);
close(fd);
}
if (random_fd >= 0)
close(random_fd);
return ret;
}
int pa_authkey_load(const char *path, void *data, size_t length) {
int ret, i;
assert(path && data && length);
for (i = 0; i < 10; i++) {
if ((ret = load(path, data, length)) < 0)
if (ret == -1 && errno == ENOENT)
if ((ret = generate(path, data, length)) < 0)
if (ret == -1 && errno == EEXIST)
continue;
break;
}
if (ret < 0)
fprintf(stderr, "Failed to load authorization key '%s': %s\n", path, (ret == -1) ? strerror(errno) : "file corrupt");
return ret;
}
int pa_authkey_load_from_home(const char *fn, void *data, size_t length) {
char *home;
char path[PATH_MAX];
if (!(home = getenv("HOME")))
return -2;
snprintf(path, sizeof(path), "%s/%s", home, fn);
return pa_authkey_load(path, data, length);
}
|