1 /*
2  * Copyright (c) 2019 Balabit
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
17  *
18  * As an additional exemption you are allowed to compile & link against the
19  * OpenSSL libraries as published by the OpenSSL project. See the file
20  * COPYING for details.
21  *
22  */
23 
24 #include "credentials.h"
25 
26 #include <termios.h>
27 #include <unistd.h>
28 #include <string.h>
29 #include <errno.h>
30 
31 static gchar *credentials_key;
32 static gchar *credentials_secret;
33 static gchar **credentials_remaining;
34 
35 static gchar *
consume_next_from_remaining(gchar ** remaining,gint * available_index)36 consume_next_from_remaining(gchar **remaining, gint *available_index)
37 {
38   if (!remaining)
39     return NULL;
40 
41   return remaining[(*available_index)++];
42 }
43 
44 static void
set_console_echo(gboolean new_state)45 set_console_echo(gboolean new_state)
46 {
47   if (!isatty(STDIN_FILENO))
48     return;
49 
50   struct termios t;
51 
52   if (tcgetattr(STDIN_FILENO, &t))
53     {
54       fprintf(stderr, "syslog-ng-ctl: error while tcgetattr: %s\n", strerror(errno));
55       return;
56     }
57 
58   if (new_state)
59     t.c_lflag |= ECHO;
60   else
61     t.c_lflag &= ~((tcflag_t) ECHO);
62 
63   if (tcsetattr(STDIN_FILENO, TCSANOW, &t))
64     fprintf(stderr, "syslog-ng-ctl: error while tcsetattr: %s\n", strerror(errno));
65 }
66 
67 static void
read_password_from_stdin(gchar * buffer,gsize * length)68 read_password_from_stdin(gchar *buffer, gsize *length)
69 {
70   printf("enter password:");
71   set_console_echo(FALSE);
72   if (-1 == getline(&buffer, length, stdin))
73     {
74       set_console_echo(TRUE);
75       fprintf(stderr, "error while reading password from terminal: %s", strerror(errno));
76       g_assert_not_reached();
77     }
78   set_console_echo(TRUE);
79   printf("\n");
80 }
81 
82 static gint
slng_passwd_add(int argc,char * argv[],const gchar * mode,GOptionContext * ctx)83 slng_passwd_add(int argc, char *argv[], const gchar *mode, GOptionContext *ctx)
84 {
85   gchar *answer;
86   gint remaining_unused_index = 0;
87 
88 
89   if (!credentials_key)
90     credentials_key = consume_next_from_remaining(credentials_remaining, &remaining_unused_index);
91 
92   if (!credentials_key)
93     {
94       gchar *usage = g_option_context_get_help(ctx, TRUE, NULL);
95       fprintf(stderr, "Error: missing arguments!\n%s\n", usage);
96       g_free(usage);
97       return 1;
98     }
99 
100   if (!is_syslog_ng_running())
101     return 1;
102 
103   if (!credentials_secret)
104     credentials_secret = consume_next_from_remaining(credentials_remaining, &remaining_unused_index);
105 
106   gchar *secret_to_store;
107   if (credentials_secret)
108     {
109       secret_to_store = g_strdup(credentials_secret);
110       if (!secret_to_store)
111         g_assert_not_reached();
112     }
113   else
114     {
115       gsize buff_size = 256;
116       secret_to_store = g_malloc0(buff_size);
117       if (!secret_to_store)
118         g_assert_not_reached();
119 
120       read_password_from_stdin(secret_to_store, &buff_size);
121     }
122 
123   gint retval = asprintf(&answer, "PWD %s %s %s", "add", credentials_key, secret_to_store);
124   if (retval == -1)
125     g_assert_not_reached();
126 
127   secret_storage_wipe(secret_to_store, strlen(secret_to_store));
128   g_free(secret_to_store);
129 
130   if (credentials_secret)
131     secret_storage_wipe(credentials_secret, strlen(credentials_secret));
132 
133   gint result = dispatch_command(answer);
134 
135   secret_storage_wipe(answer, strlen(answer));
136   g_free(answer);
137 
138   return result;
139 }
140 
141 static gint
slng_passwd_status(int argc,char * argv[],const gchar * mode,GOptionContext * ctx)142 slng_passwd_status(int argc, char *argv[], const gchar *mode, GOptionContext *ctx)
143 {
144   gchar *answer;
145 
146   gint retval = asprintf(&answer, "PWD %s", "status");
147   if (retval == -1)
148     g_assert_not_reached();
149 
150   return dispatch_command(answer);
151 }
152 
153 static GOptionEntry credentials_options_add[] =
154 {
155   { "id", 'i', 0, G_OPTION_ARG_STRING, &credentials_key, "ID of the credential", "<id>" },
156   { "secret", 's', 0, G_OPTION_ARG_STRING, &credentials_secret, "Secret part of the credential", "<secret>" },
157   { G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_STRING_ARRAY, &credentials_remaining, NULL, NULL },
158   { NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL }
159 };
160 
161 CommandDescriptor credentials_commands[] =
162 {
163   { "add", credentials_options_add, "Add credentials to credential store", slng_passwd_add },
164   { "status", no_options, "Query stored credential status", slng_passwd_status },
165   { NULL }
166 };
167