diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 51ce9027..8dcbe686 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -314,3 +314,16 @@ endif() target_link_libraries(pgagroal-admin-bin pgagroal) install(TARGETS pgagroal-admin-bin DESTINATION ${CMAKE_INSTALL_BINDIR}) + +# +# Build pgagroal-vault +# +add_executable(pgagroal-vault-bin vault.c ${RESOURCE_OBJECT}) +if (CMAKE_C_LINK_PIE_SUPPORTED) + set_target_properties(pgagroal-vault-bin PROPERTIES LINKER_LANGUAGE C POSITION_INDEPENDENT_CODE TRUE OUTPUT_NAME pgagroal-vault) +else() + set_target_properties(pgagroal-vault-bin PROPERTIES LINKER_LANGUAGE C POSITION_INDEPENDENT_CODE FALSE OUTPUT_NAME pgagroal-vault) +endif() +target_link_libraries(pgagroal-vault-bin pgagroal) + +install(TARGETS pgagroal-vault-bin DESTINATION ${CMAKE_INSTALL_BINDIR}) \ No newline at end of file diff --git a/src/admin.c b/src/admin.c index 43a0073d..453629c8 100644 --- a/src/admin.c +++ b/src/admin.c @@ -45,9 +45,6 @@ #include #include -#define DEFAULT_PASSWORD_LENGTH 64 -#define MIN_PASSWORD_LENGTH 8 - #define ACTION_UNKNOWN 0 #define ACTION_MASTER_KEY 1 #define ACTION_ADD_USER 2 @@ -55,18 +52,11 @@ #define ACTION_REMOVE_USER 4 #define ACTION_LIST_USERS 5 -static char CHARS[] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', - 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_', '=', '+', '[', '{', ']', '}', '\\', '|', ';', ':', - '\'', '\"', ',', '<', '.', '>', '/', '?'}; - static int master_key(char* password, bool generate_pwd, int pwd_length); static int add_user(char* users_path, char* username, char* password, bool generate_pwd, int pwd_length); static int update_user(char* users_path, char* username, char* password, bool generate_pwd, int pwd_length); static int remove_user(char* users_path, char* username); static int list_users(char* users_path); -static char* generate_password(int pwd_length); static void version(void) @@ -906,30 +896,3 @@ list_users(char* users_path) return 1; } - -static char* -generate_password(int pwd_length) -{ - char* pwd; - size_t s; - time_t t; - - s = pwd_length + 1; - - pwd = calloc(1, s); - if (pwd == NULL) - { - pgagroal_log_fatal("Couldn't allocate memory while generating password"); - return NULL; - } - - srand((unsigned)time(&t)); - - for (int i = 0; i < s; i++) - { - *((char*)(pwd + i)) = CHARS[rand() % sizeof(CHARS)]; - } - *((char*)(pwd + pwd_length)) = '\0'; - - return pwd; -} diff --git a/src/include/message.h b/src/include/message.h index 985b8111..558b55e1 100644 --- a/src/include/message.h +++ b/src/include/message.h @@ -368,9 +368,32 @@ pgagroal_create_startup_message(char* username, char* database, struct message** * @param msg The resulting message * @return 0 upon success, otherwise 1 */ + int pgagroal_create_cancel_request_message(int pid, int secret, struct message** msg); +/** + * @brief + * + * @param ssl + * @param socket + * @param username + * @return int + */ +int +pgagroal_write_frontend_password_request(SSL* ssl, int socket, char* username); + +/** + * @brief + * + * @param ssl + * @param socket + * @param password + * @return int + */ +int +pgagroal_write_frontend_password_response(SSL* ssl, int socket, char* password); + /** * Is the connection valid * @param socket The socket descriptor diff --git a/src/include/pgagroal.h b/src/include/pgagroal.h index ede1bde0..085d694b 100644 --- a/src/include/pgagroal.h +++ b/src/include/pgagroal.h @@ -73,6 +73,8 @@ extern "C" { #define MAX_DATABASE_LENGTH 256 #define MAX_TYPE_LENGTH 16 #define MAX_ADDRESS_LENGTH 64 +#define DEFAULT_PASSWORD_LENGTH 64 +#define MIN_PASSWORD_LENGTH 8 #define MAX_PASSWORD_LENGTH 1024 #define MAX_APPLICATION_NAME 64 @@ -493,6 +495,8 @@ struct configuration struct user admins[NUMBER_OF_ADMINS]; /**< The admins */ struct user superuser; /**< The superuser */ struct connection connections[]; /**< The connections (FMA) */ + + } __attribute__ ((aligned (64))); #ifdef __cplusplus diff --git a/src/include/security.h b/src/include/security.h index 33da1f84..4ae8bdb2 100644 --- a/src/include/security.h +++ b/src/include/security.h @@ -138,6 +138,19 @@ pgagroal_user_known(char* user); int pgagroal_tls_valid(void); +/** + * @brief Generate a random ASCII password have size of pwd_length + * @param pwd_length length of the password + * @return Generated password + */ +char* +generate_password(int pwd_length); + +/** + * @brief Initialize RNG + * + */ +void initialize_random(void); #ifdef __cplusplus } #endif diff --git a/src/include/uthash.h b/src/include/uthash.h new file mode 100644 index 00000000..070f7b44 --- /dev/null +++ b/src/include/uthash.h @@ -0,0 +1,1140 @@ +/* +Copyright (c) 2003-2022, Troy D. Hanson https://troydhanson.github.io/uthash/ +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef UTHASH_H +#define UTHASH_H + +#define UTHASH_VERSION 2.3.0 + +#include /* memcmp, memset, strlen */ +#include /* ptrdiff_t */ +#include /* exit */ + +#if defined(HASH_DEFINE_OWN_STDINT) && HASH_DEFINE_OWN_STDINT +/* This codepath is provided for backward compatibility, but I plan to remove it. */ +#warning "HASH_DEFINE_OWN_STDINT is deprecated; please use HASH_NO_STDINT instead" +typedef unsigned int uint32_t; +typedef unsigned char uint8_t; +#elif defined(HASH_NO_STDINT) && HASH_NO_STDINT +#else +#include /* uint8_t, uint32_t */ +#endif + +/* These macros use decltype or the earlier __typeof GNU extension. + As decltype is only available in newer compilers (VS2010 or gcc 4.3+ + when compiling c++ source) this code uses whatever method is needed + or, for VS2008 where neither is available, uses casting workarounds. */ +#if !defined(DECLTYPE) && !defined(NO_DECLTYPE) +#if defined(_MSC_VER) /* MS compiler */ +#if _MSC_VER >= 1600 && defined(__cplusplus) /* VS2010 or newer in C++ mode */ +#define DECLTYPE(x) (decltype(x)) +#else /* VS2008 or older (or VS2010 in C mode) */ +#define NO_DECLTYPE +#endif +#elif defined(__MCST__) /* Elbrus C Compiler */ +#define DECLTYPE(x) (__typeof(x)) +#elif defined(__BORLANDC__) || defined(__ICCARM__) || defined(__LCC__) || defined(__WATCOMC__) +#define NO_DECLTYPE +#else /* GNU, Sun and other compilers */ +#define DECLTYPE(x) (__typeof(x)) +#endif +#endif + +#ifdef NO_DECLTYPE +#define DECLTYPE(x) +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + char **_da_dst = (char**)(&(dst)); \ + *_da_dst = (char*)(src); \ +} while (0) +#else +#define DECLTYPE_ASSIGN(dst,src) \ +do { \ + (dst) = DECLTYPE(dst)(src); \ +} while (0) +#endif + +#ifndef uthash_malloc +#define uthash_malloc(sz) malloc(sz) /* malloc fcn */ +#endif +#ifndef uthash_free +#define uthash_free(ptr,sz) free(ptr) /* free fcn */ +#endif +#ifndef uthash_bzero +#define uthash_bzero(a,n) memset(a,'\0',n) +#endif +#ifndef uthash_strlen +#define uthash_strlen(s) strlen(s) +#endif + +#ifndef HASH_FUNCTION +#define HASH_FUNCTION(keyptr,keylen,hashv) HASH_JEN(keyptr, keylen, hashv) +#endif + +#ifndef HASH_KEYCMP +#define HASH_KEYCMP(a,b,n) memcmp(a,b,n) +#endif + +#ifndef uthash_noexpand_fyi +#define uthash_noexpand_fyi(tbl) /* can be defined to log noexpand */ +#endif +#ifndef uthash_expand_fyi +#define uthash_expand_fyi(tbl) /* can be defined to log expands */ +#endif + +#ifndef HASH_NONFATAL_OOM +#define HASH_NONFATAL_OOM 0 +#endif + +#if HASH_NONFATAL_OOM +/* malloc failures can be recovered from */ + +#ifndef uthash_nonfatal_oom +#define uthash_nonfatal_oom(obj) do {} while (0) /* non-fatal OOM error */ +#endif + +#define HASH_RECORD_OOM(oomed) do { (oomed) = 1; } while (0) +#define IF_HASH_NONFATAL_OOM(x) x + +#else +/* malloc failures result in lost memory, hash tables are unusable */ + +#ifndef uthash_fatal +#define uthash_fatal(msg) exit(-1) /* fatal OOM error */ +#endif + +#define HASH_RECORD_OOM(oomed) uthash_fatal("out of memory") +#define IF_HASH_NONFATAL_OOM(x) + +#endif + +/* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS 32U /* initial number of buckets */ +#define HASH_INITIAL_NUM_BUCKETS_LOG2 5U /* lg2 of initial number of buckets */ +#define HASH_BKT_CAPACITY_THRESH 10U /* expand when bucket count reaches */ + +/* calculate the element whose hash handle address is hhp */ +#define ELMT_FROM_HH(tbl,hhp) ((void*)(((char*)(hhp)) - ((tbl)->hho))) +/* calculate the hash handle from element address elp */ +#define HH_FROM_ELMT(tbl,elp) ((UT_hash_handle*)(void*)(((char*)(elp)) + ((tbl)->hho))) + +#define HASH_ROLLBACK_BKT(hh, head, itemptrhh) \ +do { \ + struct UT_hash_handle *_hd_hh_item = (itemptrhh); \ + unsigned _hd_bkt; \ + HASH_TO_BKT(_hd_hh_item->hashv, (head)->hh.tbl->num_buckets, _hd_bkt); \ + (head)->hh.tbl->buckets[_hd_bkt].count++; \ + _hd_hh_item->hh_next = NULL; \ + _hd_hh_item->hh_prev = NULL; \ +} while (0) + +#define HASH_VALUE(keyptr,keylen,hashv) \ +do { \ + HASH_FUNCTION(keyptr, keylen, hashv); \ +} while (0) + +#define HASH_FIND_BYHASHVALUE(hh,head,keyptr,keylen,hashval,out) \ +do { \ + (out) = NULL; \ + if (head) { \ + unsigned _hf_bkt; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _hf_bkt); \ + if (HASH_BLOOM_TEST((head)->hh.tbl, hashval) != 0) { \ + HASH_FIND_IN_BKT((head)->hh.tbl, hh, (head)->hh.tbl->buckets[ _hf_bkt ], keyptr, keylen, hashval, out); \ + } \ + } \ +} while (0) + +#define HASH_FIND(hh,head,keyptr,keylen,out) \ +do { \ + (out) = NULL; \ + if (head) { \ + unsigned _hf_hashv; \ + HASH_VALUE(keyptr, keylen, _hf_hashv); \ + HASH_FIND_BYHASHVALUE(hh, head, keyptr, keylen, _hf_hashv, out); \ + } \ +} while (0) + +#ifdef HASH_BLOOM +#define HASH_BLOOM_BITLEN (1UL << HASH_BLOOM) +#define HASH_BLOOM_BYTELEN (HASH_BLOOM_BITLEN/8UL) + (((HASH_BLOOM_BITLEN%8UL)!=0UL) ? 1UL : 0UL) +#define HASH_BLOOM_MAKE(tbl,oomed) \ +do { \ + (tbl)->bloom_nbits = HASH_BLOOM; \ + (tbl)->bloom_bv = (uint8_t*)uthash_malloc(HASH_BLOOM_BYTELEN); \ + if (!(tbl)->bloom_bv) { \ + HASH_RECORD_OOM(oomed); \ + } else { \ + uthash_bzero((tbl)->bloom_bv, HASH_BLOOM_BYTELEN); \ + (tbl)->bloom_sig = HASH_BLOOM_SIGNATURE; \ + } \ +} while (0) + +#define HASH_BLOOM_FREE(tbl) \ +do { \ + uthash_free((tbl)->bloom_bv, HASH_BLOOM_BYTELEN); \ +} while (0) + +#define HASH_BLOOM_BITSET(bv,idx) (bv[(idx)/8U] |= (1U << ((idx)%8U))) +#define HASH_BLOOM_BITTEST(bv,idx) (bv[(idx)/8U] & (1U << ((idx)%8U))) + +#define HASH_BLOOM_ADD(tbl,hashv) \ + HASH_BLOOM_BITSET((tbl)->bloom_bv, ((hashv) & (uint32_t)((1UL << (tbl)->bloom_nbits) - 1U))) + +#define HASH_BLOOM_TEST(tbl,hashv) \ + HASH_BLOOM_BITTEST((tbl)->bloom_bv, ((hashv) & (uint32_t)((1UL << (tbl)->bloom_nbits) - 1U))) + +#else +#define HASH_BLOOM_MAKE(tbl,oomed) +#define HASH_BLOOM_FREE(tbl) +#define HASH_BLOOM_ADD(tbl,hashv) +#define HASH_BLOOM_TEST(tbl,hashv) (1) +#define HASH_BLOOM_BYTELEN 0U +#endif + +#define HASH_MAKE_TABLE(hh,head,oomed) \ +do { \ + (head)->hh.tbl = (UT_hash_table*)uthash_malloc(sizeof(UT_hash_table)); \ + if (!(head)->hh.tbl) { \ + HASH_RECORD_OOM(oomed); \ + } else { \ + uthash_bzero((head)->hh.tbl, sizeof(UT_hash_table)); \ + (head)->hh.tbl->tail = &((head)->hh); \ + (head)->hh.tbl->num_buckets = HASH_INITIAL_NUM_BUCKETS; \ + (head)->hh.tbl->log2_num_buckets = HASH_INITIAL_NUM_BUCKETS_LOG2; \ + (head)->hh.tbl->hho = (char*)(&(head)->hh) - (char*)(head); \ + (head)->hh.tbl->buckets = (UT_hash_bucket*)uthash_malloc( \ + HASH_INITIAL_NUM_BUCKETS * sizeof(struct UT_hash_bucket)); \ + (head)->hh.tbl->signature = HASH_SIGNATURE; \ + if (!(head)->hh.tbl->buckets) { \ + HASH_RECORD_OOM(oomed); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + } else { \ + uthash_bzero((head)->hh.tbl->buckets, \ + HASH_INITIAL_NUM_BUCKETS * sizeof(struct UT_hash_bucket)); \ + HASH_BLOOM_MAKE((head)->hh.tbl, oomed); \ + IF_HASH_NONFATAL_OOM( \ + if (oomed) { \ + uthash_free((head)->hh.tbl->buckets, \ + HASH_INITIAL_NUM_BUCKETS*sizeof(struct UT_hash_bucket)); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + } \ + ) \ + } \ + } \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,replaced,cmpfcn) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn); \ +} while (0) + +#define HASH_REPLACE_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add,replaced) \ +do { \ + (replaced) = NULL; \ + HASH_FIND_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, replaced); \ + if (replaced) { \ + HASH_DELETE(hh, head, replaced); \ + } \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add); \ +} while (0) + +#define HASH_REPLACE(hh,head,fieldname,keylen_in,add,replaced) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced); \ +} while (0) + +#define HASH_REPLACE_INORDER(hh,head,fieldname,keylen_in,add,replaced,cmpfcn) \ +do { \ + unsigned _hr_hashv; \ + HASH_VALUE(&((add)->fieldname), keylen_in, _hr_hashv); \ + HASH_REPLACE_BYHASHVALUE_INORDER(hh, head, fieldname, keylen_in, _hr_hashv, add, replaced, cmpfcn); \ +} while (0) + +#define HASH_APPEND_LIST(hh, head, add) \ +do { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = ELMT_FROM_HH((head)->hh.tbl, (head)->hh.tbl->tail); \ + (head)->hh.tbl->tail->next = (add); \ + (head)->hh.tbl->tail = &((add)->hh); \ +} while (0) + +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + do { \ + if (cmpfcn(DECLTYPE(head)(_hs_iter), add) > 0) { \ + break; \ + } \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) + +#ifdef NO_DECLTYPE +#undef HASH_AKBI_INNER_LOOP +#define HASH_AKBI_INNER_LOOP(hh,head,add,cmpfcn) \ +do { \ + char *_hs_saved_head = (char*)(head); \ + do { \ + DECLTYPE_ASSIGN(head, _hs_iter); \ + if (cmpfcn(head, add) > 0) { \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + break; \ + } \ + DECLTYPE_ASSIGN(head, _hs_saved_head); \ + } while ((_hs_iter = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->next)); \ +} while (0) +#endif + +#if HASH_NONFATAL_OOM + +#define HASH_ADD_TO_TABLE(hh,head,keyptr,keylen_in,hashval,add,oomed) \ +do { \ + if (!(oomed)) { \ + unsigned _ha_bkt; \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], hh, &(add)->hh, oomed); \ + if (oomed) { \ + HASH_ROLLBACK_BKT(hh, head, &(add)->hh); \ + HASH_DELETE_HH(hh, head, &(add)->hh); \ + (add)->hh.tbl = NULL; \ + uthash_nonfatal_oom(add); \ + } else { \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ + } \ + } else { \ + (add)->hh.tbl = NULL; \ + uthash_nonfatal_oom(add); \ + } \ +} while (0) + +#else + +#define HASH_ADD_TO_TABLE(hh,head,keyptr,keylen_in,hashval,add,oomed) \ +do { \ + unsigned _ha_bkt; \ + (head)->hh.tbl->num_items++; \ + HASH_TO_BKT(hashval, (head)->hh.tbl->num_buckets, _ha_bkt); \ + HASH_ADD_TO_BKT((head)->hh.tbl->buckets[_ha_bkt], hh, &(add)->hh, oomed); \ + HASH_BLOOM_ADD((head)->hh.tbl, hashval); \ + HASH_EMIT_KEY(hh, head, keyptr, keylen_in); \ +} while (0) + +#endif + + +#define HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh,head,keyptr,keylen_in,hashval,add,cmpfcn) \ +do { \ + IF_HASH_NONFATAL_OOM( int _ha_oomed = 0; ) \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (char*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + HASH_MAKE_TABLE(hh, add, _ha_oomed); \ + IF_HASH_NONFATAL_OOM( if (!_ha_oomed) { ) \ + (head) = (add); \ + IF_HASH_NONFATAL_OOM( } ) \ + } else { \ + void *_hs_iter = (head); \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_AKBI_INNER_LOOP(hh, head, add, cmpfcn); \ + if (_hs_iter) { \ + (add)->hh.next = _hs_iter; \ + if (((add)->hh.prev = HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev)) { \ + HH_FROM_ELMT((head)->hh.tbl, (add)->hh.prev)->next = (add); \ + } else { \ + (head) = (add); \ + } \ + HH_FROM_ELMT((head)->hh.tbl, _hs_iter)->prev = (add); \ + } else { \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + } \ + HASH_ADD_TO_TABLE(hh, head, keyptr, keylen_in, hashval, add, _ha_oomed); \ + HASH_FSCK(hh, head, "HASH_ADD_KEYPTR_BYHASHVALUE_INORDER"); \ +} while (0) + +#define HASH_ADD_KEYPTR_INORDER(hh,head,keyptr,keylen_in,add,cmpfcn) \ +do { \ + unsigned _hs_hashv; \ + HASH_VALUE(keyptr, keylen_in, _hs_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, keyptr, keylen_in, _hs_hashv, add, cmpfcn); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE_INORDER(hh,head,fieldname,keylen_in,hashval,add,cmpfcn) \ + HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, head, &((add)->fieldname), keylen_in, hashval, add, cmpfcn) + +#define HASH_ADD_INORDER(hh,head,fieldname,keylen_in,add,cmpfcn) \ + HASH_ADD_KEYPTR_INORDER(hh, head, &((add)->fieldname), keylen_in, add, cmpfcn) + +#define HASH_ADD_KEYPTR_BYHASHVALUE(hh,head,keyptr,keylen_in,hashval,add) \ +do { \ + IF_HASH_NONFATAL_OOM( int _ha_oomed = 0; ) \ + (add)->hh.hashv = (hashval); \ + (add)->hh.key = (const void*) (keyptr); \ + (add)->hh.keylen = (unsigned) (keylen_in); \ + if (!(head)) { \ + (add)->hh.next = NULL; \ + (add)->hh.prev = NULL; \ + HASH_MAKE_TABLE(hh, add, _ha_oomed); \ + IF_HASH_NONFATAL_OOM( if (!_ha_oomed) { ) \ + (head) = (add); \ + IF_HASH_NONFATAL_OOM( } ) \ + } else { \ + (add)->hh.tbl = (head)->hh.tbl; \ + HASH_APPEND_LIST(hh, head, add); \ + } \ + HASH_ADD_TO_TABLE(hh, head, keyptr, keylen_in, hashval, add, _ha_oomed); \ + HASH_FSCK(hh, head, "HASH_ADD_KEYPTR_BYHASHVALUE"); \ +} while (0) + +#define HASH_ADD_KEYPTR(hh,head,keyptr,keylen_in,add) \ +do { \ + unsigned _ha_hashv; \ + HASH_VALUE(keyptr, keylen_in, _ha_hashv); \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, keyptr, keylen_in, _ha_hashv, add); \ +} while (0) + +#define HASH_ADD_BYHASHVALUE(hh,head,fieldname,keylen_in,hashval,add) \ + HASH_ADD_KEYPTR_BYHASHVALUE(hh, head, &((add)->fieldname), keylen_in, hashval, add) + +#define HASH_ADD(hh,head,fieldname,keylen_in,add) \ + HASH_ADD_KEYPTR(hh, head, &((add)->fieldname), keylen_in, add) + +#define HASH_TO_BKT(hashv,num_bkts,bkt) \ +do { \ + bkt = ((hashv) & ((num_bkts) - 1U)); \ +} while (0) + +/* delete "delptr" from the hash table. + * "the usual" patch-up process for the app-order doubly-linked-list. + * The use of _hd_hh_del below deserves special explanation. + * These used to be expressed using (delptr) but that led to a bug + * if someone used the same symbol for the head and deletee, like + * HASH_DELETE(hh,users,users); + * We want that to work, but by changing the head (users) below + * we were forfeiting our ability to further refer to the deletee (users) + * in the patch-up process. Solution: use scratch space to + * copy the deletee pointer, then the latter references are via that + * scratch pointer rather than through the repointed (users) symbol. + */ +#define HASH_DELETE(hh,head,delptr) \ + HASH_DELETE_HH(hh, head, &(delptr)->hh) + +#define HASH_DELETE_HH(hh,head,delptrhh) \ +do { \ + const struct UT_hash_handle *_hd_hh_del = (delptrhh); \ + if ((_hd_hh_del->prev == NULL) && (_hd_hh_del->next == NULL)) { \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets * sizeof(struct UT_hash_bucket)); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + (head) = NULL; \ + } else { \ + unsigned _hd_bkt; \ + if (_hd_hh_del == (head)->hh.tbl->tail) { \ + (head)->hh.tbl->tail = HH_FROM_ELMT((head)->hh.tbl, _hd_hh_del->prev); \ + } \ + if (_hd_hh_del->prev != NULL) { \ + HH_FROM_ELMT((head)->hh.tbl, _hd_hh_del->prev)->next = _hd_hh_del->next; \ + } else { \ + DECLTYPE_ASSIGN(head, _hd_hh_del->next); \ + } \ + if (_hd_hh_del->next != NULL) { \ + HH_FROM_ELMT((head)->hh.tbl, _hd_hh_del->next)->prev = _hd_hh_del->prev; \ + } \ + HASH_TO_BKT(_hd_hh_del->hashv, (head)->hh.tbl->num_buckets, _hd_bkt); \ + HASH_DEL_IN_BKT((head)->hh.tbl->buckets[_hd_bkt], _hd_hh_del); \ + (head)->hh.tbl->num_items--; \ + } \ + HASH_FSCK(hh, head, "HASH_DELETE_HH"); \ +} while (0) + +/* convenience forms of HASH_FIND/HASH_ADD/HASH_DEL */ +#define HASH_FIND_STR(head,findstr,out) \ +do { \ + unsigned _uthash_hfstr_keylen = (unsigned)uthash_strlen(findstr); \ + HASH_FIND(hh, head, findstr, _uthash_hfstr_keylen, out); \ +} while (0) +#define HASH_ADD_STR(head,strfield,add) \ +do { \ + unsigned _uthash_hastr_keylen = (unsigned)uthash_strlen((add)->strfield); \ + HASH_ADD(hh, head, strfield[0], _uthash_hastr_keylen, add); \ +} while (0) +#define HASH_REPLACE_STR(head,strfield,add,replaced) \ +do { \ + unsigned _uthash_hrstr_keylen = (unsigned)uthash_strlen((add)->strfield); \ + HASH_REPLACE(hh, head, strfield[0], _uthash_hrstr_keylen, add, replaced); \ +} while (0) +#define HASH_FIND_INT(head,findint,out) \ + HASH_FIND(hh,head,findint,sizeof(int),out) +#define HASH_ADD_INT(head,intfield,add) \ + HASH_ADD(hh,head,intfield,sizeof(int),add) +#define HASH_REPLACE_INT(head,intfield,add,replaced) \ + HASH_REPLACE(hh,head,intfield,sizeof(int),add,replaced) +#define HASH_FIND_PTR(head,findptr,out) \ + HASH_FIND(hh,head,findptr,sizeof(void *),out) +#define HASH_ADD_PTR(head,ptrfield,add) \ + HASH_ADD(hh,head,ptrfield,sizeof(void *),add) +#define HASH_REPLACE_PTR(head,ptrfield,add,replaced) \ + HASH_REPLACE(hh,head,ptrfield,sizeof(void *),add,replaced) +#define HASH_DEL(head,delptr) \ + HASH_DELETE(hh,head,delptr) + +/* HASH_FSCK checks hash integrity on every add/delete when HASH_DEBUG is defined. + * This is for uthash developer only; it compiles away if HASH_DEBUG isn't defined. + */ +#ifdef HASH_DEBUG +#include /* fprintf, stderr */ +#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); exit(-1); } while (0) +#define HASH_FSCK(hh,head,where) \ +do { \ + struct UT_hash_handle *_thh; \ + if (head) { \ + unsigned _bkt_i; \ + unsigned _count = 0; \ + char *_prev; \ + for (_bkt_i = 0; _bkt_i < (head)->hh.tbl->num_buckets; ++_bkt_i) { \ + unsigned _bkt_count = 0; \ + _thh = (head)->hh.tbl->buckets[_bkt_i].hh_head; \ + _prev = NULL; \ + while (_thh) { \ + if (_prev != (char*)(_thh->hh_prev)) { \ + HASH_OOPS("%s: invalid hh_prev %p, actual %p\n", \ + (where), (void*)_thh->hh_prev, (void*)_prev); \ + } \ + _bkt_count++; \ + _prev = (char*)(_thh); \ + _thh = _thh->hh_next; \ + } \ + _count += _bkt_count; \ + if ((head)->hh.tbl->buckets[_bkt_i].count != _bkt_count) { \ + HASH_OOPS("%s: invalid bucket count %u, actual %u\n", \ + (where), (head)->hh.tbl->buckets[_bkt_i].count, _bkt_count); \ + } \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("%s: invalid hh item count %u, actual %u\n", \ + (where), (head)->hh.tbl->num_items, _count); \ + } \ + _count = 0; \ + _prev = NULL; \ + _thh = &(head)->hh; \ + while (_thh) { \ + _count++; \ + if (_prev != (char*)_thh->prev) { \ + HASH_OOPS("%s: invalid prev %p, actual %p\n", \ + (where), (void*)_thh->prev, (void*)_prev); \ + } \ + _prev = (char*)ELMT_FROM_HH((head)->hh.tbl, _thh); \ + _thh = (_thh->next ? HH_FROM_ELMT((head)->hh.tbl, _thh->next) : NULL); \ + } \ + if (_count != (head)->hh.tbl->num_items) { \ + HASH_OOPS("%s: invalid app item count %u, actual %u\n", \ + (where), (head)->hh.tbl->num_items, _count); \ + } \ + } \ +} while (0) +#else +#define HASH_FSCK(hh,head,where) +#endif + +/* When compiled with -DHASH_EMIT_KEYS, length-prefixed keys are emitted to + * the descriptor to which this macro is defined for tuning the hash function. + * The app can #include to get the prototype for write(2). */ +#ifdef HASH_EMIT_KEYS +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) \ +do { \ + unsigned _klen = fieldlen; \ + write(HASH_EMIT_KEYS, &_klen, sizeof(_klen)); \ + write(HASH_EMIT_KEYS, keyptr, (unsigned long)fieldlen); \ +} while (0) +#else +#define HASH_EMIT_KEY(hh,head,keyptr,fieldlen) +#endif + +/* The Bernstein hash function, used in Perl prior to v5.6. Note (x<<5+x)=x*33. */ +#define HASH_BER(key,keylen,hashv) \ +do { \ + unsigned _hb_keylen = (unsigned)keylen; \ + const unsigned char *_hb_key = (const unsigned char*)(key); \ + (hashv) = 0; \ + while (_hb_keylen-- != 0U) { \ + (hashv) = (((hashv) << 5) + (hashv)) + *_hb_key++; \ + } \ +} while (0) + + +/* SAX/FNV/OAT/JEN hash functions are macro variants of those listed at + * http://eternallyconfuzzled.com/tuts/algorithms/jsw_tut_hashing.aspx + * (archive link: https://archive.is/Ivcan ) + */ +#define HASH_SAX(key,keylen,hashv) \ +do { \ + unsigned _sx_i; \ + const unsigned char *_hs_key = (const unsigned char*)(key); \ + hashv = 0; \ + for (_sx_i=0; _sx_i < keylen; _sx_i++) { \ + hashv ^= (hashv << 5) + (hashv >> 2) + _hs_key[_sx_i]; \ + } \ +} while (0) +/* FNV-1a variation */ +#define HASH_FNV(key,keylen,hashv) \ +do { \ + unsigned _fn_i; \ + const unsigned char *_hf_key = (const unsigned char*)(key); \ + (hashv) = 2166136261U; \ + for (_fn_i=0; _fn_i < keylen; _fn_i++) { \ + hashv = hashv ^ _hf_key[_fn_i]; \ + hashv = hashv * 16777619U; \ + } \ +} while (0) + +#define HASH_OAT(key,keylen,hashv) \ +do { \ + unsigned _ho_i; \ + const unsigned char *_ho_key=(const unsigned char*)(key); \ + hashv = 0; \ + for(_ho_i=0; _ho_i < keylen; _ho_i++) { \ + hashv += _ho_key[_ho_i]; \ + hashv += (hashv << 10); \ + hashv ^= (hashv >> 6); \ + } \ + hashv += (hashv << 3); \ + hashv ^= (hashv >> 11); \ + hashv += (hashv << 15); \ +} while (0) + +#define HASH_JEN_MIX(a,b,c) \ +do { \ + a -= b; a -= c; a ^= ( c >> 13 ); \ + b -= c; b -= a; b ^= ( a << 8 ); \ + c -= a; c -= b; c ^= ( b >> 13 ); \ + a -= b; a -= c; a ^= ( c >> 12 ); \ + b -= c; b -= a; b ^= ( a << 16 ); \ + c -= a; c -= b; c ^= ( b >> 5 ); \ + a -= b; a -= c; a ^= ( c >> 3 ); \ + b -= c; b -= a; b ^= ( a << 10 ); \ + c -= a; c -= b; c ^= ( b >> 15 ); \ +} while (0) + +#define HASH_JEN(key,keylen,hashv) \ +do { \ + unsigned _hj_i,_hj_j,_hj_k; \ + unsigned const char *_hj_key=(unsigned const char*)(key); \ + hashv = 0xfeedbeefu; \ + _hj_i = _hj_j = 0x9e3779b9u; \ + _hj_k = (unsigned)(keylen); \ + while (_hj_k >= 12U) { \ + _hj_i += (_hj_key[0] + ( (unsigned)_hj_key[1] << 8 ) \ + + ( (unsigned)_hj_key[2] << 16 ) \ + + ( (unsigned)_hj_key[3] << 24 ) ); \ + _hj_j += (_hj_key[4] + ( (unsigned)_hj_key[5] << 8 ) \ + + ( (unsigned)_hj_key[6] << 16 ) \ + + ( (unsigned)_hj_key[7] << 24 ) ); \ + hashv += (_hj_key[8] + ( (unsigned)_hj_key[9] << 8 ) \ + + ( (unsigned)_hj_key[10] << 16 ) \ + + ( (unsigned)_hj_key[11] << 24 ) ); \ + \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ + \ + _hj_key += 12; \ + _hj_k -= 12U; \ + } \ + hashv += (unsigned)(keylen); \ + switch ( _hj_k ) { \ + case 11: hashv += ( (unsigned)_hj_key[10] << 24 ); /* FALLTHROUGH */ \ + case 10: hashv += ( (unsigned)_hj_key[9] << 16 ); /* FALLTHROUGH */ \ + case 9: hashv += ( (unsigned)_hj_key[8] << 8 ); /* FALLTHROUGH */ \ + case 8: _hj_j += ( (unsigned)_hj_key[7] << 24 ); /* FALLTHROUGH */ \ + case 7: _hj_j += ( (unsigned)_hj_key[6] << 16 ); /* FALLTHROUGH */ \ + case 6: _hj_j += ( (unsigned)_hj_key[5] << 8 ); /* FALLTHROUGH */ \ + case 5: _hj_j += _hj_key[4]; /* FALLTHROUGH */ \ + case 4: _hj_i += ( (unsigned)_hj_key[3] << 24 ); /* FALLTHROUGH */ \ + case 3: _hj_i += ( (unsigned)_hj_key[2] << 16 ); /* FALLTHROUGH */ \ + case 2: _hj_i += ( (unsigned)_hj_key[1] << 8 ); /* FALLTHROUGH */ \ + case 1: _hj_i += _hj_key[0]; /* FALLTHROUGH */ \ + default: ; \ + } \ + HASH_JEN_MIX(_hj_i, _hj_j, hashv); \ +} while (0) + +/* The Paul Hsieh hash function */ +#undef get16bits +#if (defined(__GNUC__) && defined(__i386__)) || defined(__WATCOMC__) \ + || defined(_MSC_VER) || defined (__BORLANDC__) || defined (__TURBOC__) +#define get16bits(d) (*((const uint16_t *) (d))) +#endif + +#if !defined (get16bits) +#define get16bits(d) ((((uint32_t)(((const uint8_t *)(d))[1])) << 8) \ + +(uint32_t)(((const uint8_t *)(d))[0]) ) +#endif +#define HASH_SFH(key,keylen,hashv) \ +do { \ + unsigned const char *_sfh_key=(unsigned const char*)(key); \ + uint32_t _sfh_tmp, _sfh_len = (uint32_t)keylen; \ + \ + unsigned _sfh_rem = _sfh_len & 3U; \ + _sfh_len >>= 2; \ + hashv = 0xcafebabeu; \ + \ + /* Main loop */ \ + for (;_sfh_len > 0U; _sfh_len--) { \ + hashv += get16bits (_sfh_key); \ + _sfh_tmp = ((uint32_t)(get16bits (_sfh_key+2)) << 11) ^ hashv; \ + hashv = (hashv << 16) ^ _sfh_tmp; \ + _sfh_key += 2U*sizeof (uint16_t); \ + hashv += hashv >> 11; \ + } \ + \ + /* Handle end cases */ \ + switch (_sfh_rem) { \ + case 3: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 16; \ + hashv ^= (uint32_t)(_sfh_key[sizeof (uint16_t)]) << 18; \ + hashv += hashv >> 11; \ + break; \ + case 2: hashv += get16bits (_sfh_key); \ + hashv ^= hashv << 11; \ + hashv += hashv >> 17; \ + break; \ + case 1: hashv += *_sfh_key; \ + hashv ^= hashv << 10; \ + hashv += hashv >> 1; \ + break; \ + default: ; \ + } \ + \ + /* Force "avalanching" of final 127 bits */ \ + hashv ^= hashv << 3; \ + hashv += hashv >> 5; \ + hashv ^= hashv << 4; \ + hashv += hashv >> 17; \ + hashv ^= hashv << 25; \ + hashv += hashv >> 6; \ +} while (0) + +/* iterate over items in a known bucket to find desired item */ +#define HASH_FIND_IN_BKT(tbl,hh,head,keyptr,keylen_in,hashval,out) \ +do { \ + if ((head).hh_head != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (head).hh_head)); \ + } else { \ + (out) = NULL; \ + } \ + while ((out) != NULL) { \ + if ((out)->hh.hashv == (hashval) && (out)->hh.keylen == (keylen_in)) { \ + if (HASH_KEYCMP((out)->hh.key, keyptr, keylen_in) == 0) { \ + break; \ + } \ + } \ + if ((out)->hh.hh_next != NULL) { \ + DECLTYPE_ASSIGN(out, ELMT_FROM_HH(tbl, (out)->hh.hh_next)); \ + } else { \ + (out) = NULL; \ + } \ + } \ +} while (0) + +/* add an item to a bucket */ +#define HASH_ADD_TO_BKT(head,hh,addhh,oomed) \ +do { \ + UT_hash_bucket *_ha_head = &(head); \ + _ha_head->count++; \ + (addhh)->hh_next = _ha_head->hh_head; \ + (addhh)->hh_prev = NULL; \ + if (_ha_head->hh_head != NULL) { \ + _ha_head->hh_head->hh_prev = (addhh); \ + } \ + _ha_head->hh_head = (addhh); \ + if ((_ha_head->count >= ((_ha_head->expand_mult + 1U) * HASH_BKT_CAPACITY_THRESH)) \ + && !(addhh)->tbl->noexpand) { \ + HASH_EXPAND_BUCKETS(addhh,(addhh)->tbl, oomed); \ + IF_HASH_NONFATAL_OOM( \ + if (oomed) { \ + HASH_DEL_IN_BKT(head,addhh); \ + } \ + ) \ + } \ +} while (0) + +/* remove an item from a given bucket */ +#define HASH_DEL_IN_BKT(head,delhh) \ +do { \ + UT_hash_bucket *_hd_head = &(head); \ + _hd_head->count--; \ + if (_hd_head->hh_head == (delhh)) { \ + _hd_head->hh_head = (delhh)->hh_next; \ + } \ + if ((delhh)->hh_prev) { \ + (delhh)->hh_prev->hh_next = (delhh)->hh_next; \ + } \ + if ((delhh)->hh_next) { \ + (delhh)->hh_next->hh_prev = (delhh)->hh_prev; \ + } \ +} while (0) + +/* Bucket expansion has the effect of doubling the number of buckets + * and redistributing the items into the new buckets. Ideally the + * items will distribute more or less evenly into the new buckets + * (the extent to which this is true is a measure of the quality of + * the hash function as it applies to the key domain). + * + * With the items distributed into more buckets, the chain length + * (item count) in each bucket is reduced. Thus by expanding buckets + * the hash keeps a bound on the chain length. This bounded chain + * length is the essence of how a hash provides constant time lookup. + * + * The calculation of tbl->ideal_chain_maxlen below deserves some + * explanation. First, keep in mind that we're calculating the ideal + * maximum chain length based on the *new* (doubled) bucket count. + * In fractions this is just n/b (n=number of items,b=new num buckets). + * Since the ideal chain length is an integer, we want to calculate + * ceil(n/b). We don't depend on floating point arithmetic in this + * hash, so to calculate ceil(n/b) with integers we could write + * + * ceil(n/b) = (n/b) + ((n%b)?1:0) + * + * and in fact a previous version of this hash did just that. + * But now we have improved things a bit by recognizing that b is + * always a power of two. We keep its base 2 log handy (call it lb), + * so now we can write this with a bit shift and logical AND: + * + * ceil(n/b) = (n>>lb) + ( (n & (b-1)) ? 1:0) + * + */ +#define HASH_EXPAND_BUCKETS(hh,tbl,oomed) \ +do { \ + unsigned _he_bkt; \ + unsigned _he_bkt_i; \ + struct UT_hash_handle *_he_thh, *_he_hh_nxt; \ + UT_hash_bucket *_he_new_buckets, *_he_newbkt; \ + _he_new_buckets = (UT_hash_bucket*)uthash_malloc( \ + sizeof(struct UT_hash_bucket) * (tbl)->num_buckets * 2U); \ + if (!_he_new_buckets) { \ + HASH_RECORD_OOM(oomed); \ + } else { \ + uthash_bzero(_he_new_buckets, \ + sizeof(struct UT_hash_bucket) * (tbl)->num_buckets * 2U); \ + (tbl)->ideal_chain_maxlen = \ + ((tbl)->num_items >> ((tbl)->log2_num_buckets+1U)) + \ + ((((tbl)->num_items & (((tbl)->num_buckets*2U)-1U)) != 0U) ? 1U : 0U); \ + (tbl)->nonideal_items = 0; \ + for (_he_bkt_i = 0; _he_bkt_i < (tbl)->num_buckets; _he_bkt_i++) { \ + _he_thh = (tbl)->buckets[ _he_bkt_i ].hh_head; \ + while (_he_thh != NULL) { \ + _he_hh_nxt = _he_thh->hh_next; \ + HASH_TO_BKT(_he_thh->hashv, (tbl)->num_buckets * 2U, _he_bkt); \ + _he_newbkt = &(_he_new_buckets[_he_bkt]); \ + if (++(_he_newbkt->count) > (tbl)->ideal_chain_maxlen) { \ + (tbl)->nonideal_items++; \ + if (_he_newbkt->count > _he_newbkt->expand_mult * (tbl)->ideal_chain_maxlen) { \ + _he_newbkt->expand_mult++; \ + } \ + } \ + _he_thh->hh_prev = NULL; \ + _he_thh->hh_next = _he_newbkt->hh_head; \ + if (_he_newbkt->hh_head != NULL) { \ + _he_newbkt->hh_head->hh_prev = _he_thh; \ + } \ + _he_newbkt->hh_head = _he_thh; \ + _he_thh = _he_hh_nxt; \ + } \ + } \ + uthash_free((tbl)->buckets, (tbl)->num_buckets * sizeof(struct UT_hash_bucket)); \ + (tbl)->num_buckets *= 2U; \ + (tbl)->log2_num_buckets++; \ + (tbl)->buckets = _he_new_buckets; \ + (tbl)->ineff_expands = ((tbl)->nonideal_items > ((tbl)->num_items >> 1)) ? \ + ((tbl)->ineff_expands+1U) : 0U; \ + if ((tbl)->ineff_expands > 1U) { \ + (tbl)->noexpand = 1; \ + uthash_noexpand_fyi(tbl); \ + } \ + uthash_expand_fyi(tbl); \ + } \ +} while (0) + + +/* This is an adaptation of Simon Tatham's O(n log(n)) mergesort */ +/* Note that HASH_SORT assumes the hash handle name to be hh. + * HASH_SRT was added to allow the hash handle name to be passed in. */ +#define HASH_SORT(head,cmpfcn) HASH_SRT(hh,head,cmpfcn) +#define HASH_SRT(hh,head,cmpfcn) \ +do { \ + unsigned _hs_i; \ + unsigned _hs_looping,_hs_nmerges,_hs_insize,_hs_psize,_hs_qsize; \ + struct UT_hash_handle *_hs_p, *_hs_q, *_hs_e, *_hs_list, *_hs_tail; \ + if (head != NULL) { \ + _hs_insize = 1; \ + _hs_looping = 1; \ + _hs_list = &((head)->hh); \ + while (_hs_looping != 0U) { \ + _hs_p = _hs_list; \ + _hs_list = NULL; \ + _hs_tail = NULL; \ + _hs_nmerges = 0; \ + while (_hs_p != NULL) { \ + _hs_nmerges++; \ + _hs_q = _hs_p; \ + _hs_psize = 0; \ + for (_hs_i = 0; _hs_i < _hs_insize; ++_hs_i) { \ + _hs_psize++; \ + _hs_q = ((_hs_q->next != NULL) ? \ + HH_FROM_ELMT((head)->hh.tbl, _hs_q->next) : NULL); \ + if (_hs_q == NULL) { \ + break; \ + } \ + } \ + _hs_qsize = _hs_insize; \ + while ((_hs_psize != 0U) || ((_hs_qsize != 0U) && (_hs_q != NULL))) { \ + if (_hs_psize == 0U) { \ + _hs_e = _hs_q; \ + _hs_q = ((_hs_q->next != NULL) ? \ + HH_FROM_ELMT((head)->hh.tbl, _hs_q->next) : NULL); \ + _hs_qsize--; \ + } else if ((_hs_qsize == 0U) || (_hs_q == NULL)) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL) { \ + _hs_p = ((_hs_p->next != NULL) ? \ + HH_FROM_ELMT((head)->hh.tbl, _hs_p->next) : NULL); \ + } \ + _hs_psize--; \ + } else if ((cmpfcn( \ + DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl, _hs_p)), \ + DECLTYPE(head)(ELMT_FROM_HH((head)->hh.tbl, _hs_q)) \ + )) <= 0) { \ + _hs_e = _hs_p; \ + if (_hs_p != NULL) { \ + _hs_p = ((_hs_p->next != NULL) ? \ + HH_FROM_ELMT((head)->hh.tbl, _hs_p->next) : NULL); \ + } \ + _hs_psize--; \ + } else { \ + _hs_e = _hs_q; \ + _hs_q = ((_hs_q->next != NULL) ? \ + HH_FROM_ELMT((head)->hh.tbl, _hs_q->next) : NULL); \ + _hs_qsize--; \ + } \ + if ( _hs_tail != NULL ) { \ + _hs_tail->next = ((_hs_e != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl, _hs_e) : NULL); \ + } else { \ + _hs_list = _hs_e; \ + } \ + if (_hs_e != NULL) { \ + _hs_e->prev = ((_hs_tail != NULL) ? \ + ELMT_FROM_HH((head)->hh.tbl, _hs_tail) : NULL); \ + } \ + _hs_tail = _hs_e; \ + } \ + _hs_p = _hs_q; \ + } \ + if (_hs_tail != NULL) { \ + _hs_tail->next = NULL; \ + } \ + if (_hs_nmerges <= 1U) { \ + _hs_looping = 0; \ + (head)->hh.tbl->tail = _hs_tail; \ + DECLTYPE_ASSIGN(head, ELMT_FROM_HH((head)->hh.tbl, _hs_list)); \ + } \ + _hs_insize *= 2U; \ + } \ + HASH_FSCK(hh, head, "HASH_SRT"); \ + } \ +} while (0) + +/* This function selects items from one hash into another hash. + * The end result is that the selected items have dual presence + * in both hashes. There is no copy of the items made; rather + * they are added into the new hash through a secondary hash + * hash handle that must be present in the structure. */ +#define HASH_SELECT(hh_dst, dst, hh_src, src, cond) \ +do { \ + unsigned _src_bkt, _dst_bkt; \ + void *_last_elt = NULL, *_elt; \ + UT_hash_handle *_src_hh, *_dst_hh, *_last_elt_hh=NULL; \ + ptrdiff_t _dst_hho = ((char*)(&(dst)->hh_dst) - (char*)(dst)); \ + if ((src) != NULL) { \ + for (_src_bkt=0; _src_bkt < (src)->hh_src.tbl->num_buckets; _src_bkt++) { \ + for (_src_hh = (src)->hh_src.tbl->buckets[_src_bkt].hh_head; \ + _src_hh != NULL; \ + _src_hh = _src_hh->hh_next) { \ + _elt = ELMT_FROM_HH((src)->hh_src.tbl, _src_hh); \ + if (cond(_elt)) { \ + IF_HASH_NONFATAL_OOM( int _hs_oomed = 0; ) \ + _dst_hh = (UT_hash_handle*)(void*)(((char*)_elt) + _dst_hho); \ + _dst_hh->key = _src_hh->key; \ + _dst_hh->keylen = _src_hh->keylen; \ + _dst_hh->hashv = _src_hh->hashv; \ + _dst_hh->prev = _last_elt; \ + _dst_hh->next = NULL; \ + if (_last_elt_hh != NULL) { \ + _last_elt_hh->next = _elt; \ + } \ + if ((dst) == NULL) { \ + DECLTYPE_ASSIGN(dst, _elt); \ + HASH_MAKE_TABLE(hh_dst, dst, _hs_oomed); \ + IF_HASH_NONFATAL_OOM( \ + if (_hs_oomed) { \ + uthash_nonfatal_oom(_elt); \ + (dst) = NULL; \ + continue; \ + } \ + ) \ + } else { \ + _dst_hh->tbl = (dst)->hh_dst.tbl; \ + } \ + HASH_TO_BKT(_dst_hh->hashv, _dst_hh->tbl->num_buckets, _dst_bkt); \ + HASH_ADD_TO_BKT(_dst_hh->tbl->buckets[_dst_bkt], hh_dst, _dst_hh, _hs_oomed); \ + (dst)->hh_dst.tbl->num_items++; \ + IF_HASH_NONFATAL_OOM( \ + if (_hs_oomed) { \ + HASH_ROLLBACK_BKT(hh_dst, dst, _dst_hh); \ + HASH_DELETE_HH(hh_dst, dst, _dst_hh); \ + _dst_hh->tbl = NULL; \ + uthash_nonfatal_oom(_elt); \ + continue; \ + } \ + ) \ + HASH_BLOOM_ADD(_dst_hh->tbl, _dst_hh->hashv); \ + _last_elt = _elt; \ + _last_elt_hh = _dst_hh; \ + } \ + } \ + } \ + } \ + HASH_FSCK(hh_dst, dst, "HASH_SELECT"); \ +} while (0) + +#define HASH_CLEAR(hh,head) \ +do { \ + if ((head) != NULL) { \ + HASH_BLOOM_FREE((head)->hh.tbl); \ + uthash_free((head)->hh.tbl->buckets, \ + (head)->hh.tbl->num_buckets*sizeof(struct UT_hash_bucket)); \ + uthash_free((head)->hh.tbl, sizeof(UT_hash_table)); \ + (head) = NULL; \ + } \ +} while (0) + +#define HASH_OVERHEAD(hh,head) \ + (((head) != NULL) ? ( \ + (size_t)(((head)->hh.tbl->num_items * sizeof(UT_hash_handle)) + \ + ((head)->hh.tbl->num_buckets * sizeof(UT_hash_bucket)) + \ + sizeof(UT_hash_table) + \ + (HASH_BLOOM_BYTELEN))) : 0U) + +#ifdef NO_DECLTYPE +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((*(char**)(&(tmp)))=(char*)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((*(char**)(&(tmp)))=(char*)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#else +#define HASH_ITER(hh,head,el,tmp) \ +for(((el)=(head)), ((tmp)=DECLTYPE(el)((head!=NULL)?(head)->hh.next:NULL)); \ + (el) != NULL; ((el)=(tmp)), ((tmp)=DECLTYPE(el)((tmp!=NULL)?(tmp)->hh.next:NULL))) +#endif + +/* obtain a count of items in the hash */ +#define HASH_COUNT(head) HASH_CNT(hh,head) +#define HASH_CNT(hh,head) ((head != NULL)?((head)->hh.tbl->num_items):0U) + +typedef struct UT_hash_bucket { + struct UT_hash_handle *hh_head; + unsigned count; + + /* expand_mult is normally set to 0. In this situation, the max chain length + * threshold is enforced at its default value, HASH_BKT_CAPACITY_THRESH. (If + * the bucket's chain exceeds this length, bucket expansion is triggered). + * However, setting expand_mult to a non-zero value delays bucket expansion + * (that would be triggered by additions to this particular bucket) + * until its chain length reaches a *multiple* of HASH_BKT_CAPACITY_THRESH. + * (The multiplier is simply expand_mult+1). The whole idea of this + * multiplier is to reduce bucket expansions, since they are expensive, in + * situations where we know that a particular bucket tends to be overused. + * It is better to let its chain length grow to a longer yet-still-bounded + * value, than to do an O(n) bucket expansion too often. + */ + unsigned expand_mult; + +} UT_hash_bucket; + +/* random signature used only to find hash tables in external analysis */ +#define HASH_SIGNATURE 0xa0111fe1u +#define HASH_BLOOM_SIGNATURE 0xb12220f2u + +typedef struct UT_hash_table { + UT_hash_bucket *buckets; + unsigned num_buckets, log2_num_buckets; + unsigned num_items; + struct UT_hash_handle *tail; /* tail hh in app order, for fast append */ + ptrdiff_t hho; /* hash handle offset (byte pos of hash handle in element */ + + /* in an ideal situation (all buckets used equally), no bucket would have + * more than ceil(#items/#buckets) items. that's the ideal chain length. */ + unsigned ideal_chain_maxlen; + + /* nonideal_items is the number of items in the hash whose chain position + * exceeds the ideal chain maxlen. these items pay the penalty for an uneven + * hash distribution; reaching them in a chain traversal takes >ideal steps */ + unsigned nonideal_items; + + /* ineffective expands occur when a bucket doubling was performed, but + * afterward, more than half the items in the hash had nonideal chain + * positions. If this happens on two consecutive expansions we inhibit any + * further expansion, as it's not helping; this happens when the hash + * function isn't a good fit for the key domain. When expansion is inhibited + * the hash will still work, albeit no longer in constant time. */ + unsigned ineff_expands, noexpand; + + uint32_t signature; /* used only to find hash tables in external analysis */ +#ifdef HASH_BLOOM + uint32_t bloom_sig; /* used only to test bloom exists in external analysis */ + uint8_t *bloom_bv; + uint8_t bloom_nbits; +#endif + +} UT_hash_table; + +typedef struct UT_hash_handle { + struct UT_hash_table *tbl; + void *prev; /* prev element in app order */ + void *next; /* next element in app order */ + struct UT_hash_handle *hh_prev; /* previous hh in bucket order */ + struct UT_hash_handle *hh_next; /* next hh in bucket order */ + const void *key; /* ptr to enclosing struct's key */ + unsigned keylen; /* enclosing struct's key len */ + unsigned hashv; /* result of hash-fcn(key) */ +} UT_hash_handle; + +#endif /* UTHASH_H */ \ No newline at end of file diff --git a/src/libpgagroal/message.c b/src/libpgagroal/message.c index 548bf29d..f4bdbf39 100644 --- a/src/libpgagroal/message.c +++ b/src/libpgagroal/message.c @@ -1188,6 +1188,70 @@ pgagroal_connection_isvalid(int socket) return false; } +int +pgagroal_write_frontend_password_request(SSL* ssl, int socket, char* username) +{ + struct message msg; + char* payload = NULL; + size_t size; + int status; + + memset(&msg, 0, sizeof(struct message)); + /* Identifies the message as a function call */ + msg.kind = 'F'; + size = strlen(username) + 1; + payload = malloc(size); + if (payload == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating frontend_password_request_message"); + return MESSAGE_STATUS_ERROR; + } + memcpy(payload, username, size); + msg.length = size; + msg.data = payload; + + if (ssl == NULL) + status = write_message(socket, &msg); + else + status = ssl_write_message(ssl, &msg); + + free(payload); + return status; +} + +int +pgagroal_write_frontend_password_response(SSL* ssl, int socket, char* password) +{ + struct message msg; + char* payload = NULL; + size_t size; + int status; + + memset(&msg, 0, sizeof(struct message)); + + /* Identifies the message as a function call result */ + msg.kind = 'V'; + + size = strlen(password) + 1; + payload = malloc(size); + if (payload == NULL) + { + pgagroal_log_fatal("Couldn't allocate memory while creating frontend_password_response_message"); + return MESSAGE_STATUS_ERROR; + } + memcpy(payload, password, size); + msg.length = size; + msg.data = payload; + + if (ssl == NULL) + status = write_message(socket, &msg); + else + status = ssl_write_message(ssl, &msg); + + free(payload); + return status; +} + void pgagroal_log_message(struct message* msg) { diff --git a/src/libpgagroal/security.c b/src/libpgagroal/security.c index 5859c848..fd162173 100644 --- a/src/libpgagroal/security.c +++ b/src/libpgagroal/security.c @@ -5829,3 +5829,36 @@ create_client_tls_connection(int fd, SSL** ssl) return AUTH_ERROR; } + +void initialize_random() { + time_t t; + srand((unsigned)time(&t)); +} + +char* +generate_password(int pwd_length) +{ + char* pwd; + + pwd = (char*) malloc((pwd_length + 1) * sizeof(char)); + if (!pwd) + { + pgagroal_log_fatal("Couldn't allocate memory while generating password"); + return NULL; + } + + for (int i = 0; i < pwd_length; i++) { + pwd[i] = (char) (32 + rand() % (126 - 32 + 1)); + } + pwd[pwd_length] = '\0'; + + // avoid leading/trailing/consecutive spaces. + if (pwd[0] == ' ') pwd[0] = (char) (33 + rand() % (126 - 33 + 1)); + if (pwd[pwd_length - 1] == ' ') pwd[pwd_length - 1] = (char) (33 + rand() % (126 - 33 + 1)); + for (int i = 2; i < pwd_length - 1; i++) { + if (pwd[i] == ' ' && pwd[i-1] == ' ') { + pwd[i] = (char) (33 + rand() % (126 - 33 + 1)); + } + } + return pwd; +} diff --git a/src/main.c b/src/main.c index eeacc2e6..50a17ff6 100644 --- a/src/main.c +++ b/src/main.c @@ -41,6 +41,7 @@ #include #include #include +#include /* system */ #include @@ -88,6 +89,9 @@ static void create_pidfile_or_exit(void); static void remove_pidfile(void); static void shutdown_ports(void); +static void handle_vault_cb(struct ev_loop* loop, struct ev_io* watcher, int revents); +static void rotate_frontend_password_cb(struct ev_loop* loop, ev_periodic* w, int revents); +static void accept_vault_cb(struct ev_loop* loop, struct ev_io* watcher, int revents); struct accept_io { struct ev_io io; @@ -107,10 +111,12 @@ static struct ev_loop* main_loop = NULL; static struct accept_io io_main[MAX_FDS]; static struct accept_io io_mgt; static struct accept_io io_uds; +static struct accept_io io_vault; static int* main_fds = NULL; static int main_fds_length = -1; static int unix_management_socket = -1; static int unix_pgsql_socket = -1; +static int unix_vault_socket = -1; static struct accept_io io_metrics[MAX_FDS]; static int* metrics_fds = NULL; static int metrics_fds_length = -1; @@ -314,6 +320,7 @@ main(int argc, char** argv) struct ev_periodic max_connection_age; struct ev_periodic validation; struct ev_periodic disconnect_client; + struct ev_periodic rotate_frontend_password; struct rlimit flimit; size_t shmem_size; size_t pipeline_shmem_size = 0; @@ -326,6 +333,7 @@ main(int argc, char** argv) bool conf_file_mandatory; char message[MISC_LENGTH]; // a generic message used for errors + bool enable_vault = false; argv_ptr = argv; while (1) @@ -341,11 +349,12 @@ main(int argc, char** argv) {"superuser", required_argument, 0, 'S'}, {"daemon", no_argument, 0, 'd'}, {"version", no_argument, 0, 'V'}, - {"help", no_argument, 0, '?'} + {"help", no_argument, 0, '?'}, + {"vault", no_argument, 0, 'v'} }; int option_index = 0; - c = getopt_long (argc, argv, "dV?a:c:l:u:F:A:S:", + c = getopt_long (argc, argv, "dV?va:c:l:u:F:A:S:", long_options, &option_index); if (c == -1) @@ -379,6 +388,9 @@ main(int argc, char** argv) case 'd': daemon = true; break; + case 'v': + enable_vault = true; + break; case 'V': version(); break; @@ -1043,6 +1055,55 @@ main(int argc, char** argv) ev_periodic_start (main_loop, &disconnect_client); } + if (enable_vault) { + /* TODO: + * 1. start rotate cb + * 2. start async vault accept cb + * 3. fork exec vault + */ + pid_t pid; + + initialize_random(); + ev_periodic_init(&rotate_frontend_password, rotate_frontend_password_cb, 0., 60, 0); + ev_periodic_start (main_loop, &rotate_frontend_password); + + unix_vault_socket = socket(AF_INET, SOCK_STREAM, 0); + struct sockaddr_in server_addr; + + server_addr.sin_family = AF_INET; + server_addr.sin_port = htons(6789); + server_addr.sin_addr.s_addr = INADDR_ANY; + + // set_nonblock(unix_vault_socket); + + bind(unix_vault_socket, (struct sockaddr *)&server_addr, sizeof(server_addr)); + if(listen(unix_vault_socket, 10) < 0) { + pgagroal_log_error("error in listen"); + goto error; + } + + memset(&io_vault, 0, sizeof(struct accept_io)); + ev_io_init((struct ev_io*)&io_vault, accept_vault_cb, unix_vault_socket, EV_READ); + io_vault.socket = unix_vault_socket; + io_vault.argv = argv_ptr; + ev_io_start(main_loop, (struct ev_io*)&io_vault); + + pid = fork(); + + if (pid == -1) + { + /* No process */ + pgagroal_log_error("Cannot create process"); + } + else if(pid == 0) { + // exec + execlp("/home/pgmoneta/pgagroal/build/src/pgagroal-vault", "pgagroal-vault", NULL); + } else { + + } + + } + if (config->metrics > 0) { /* Bind metrics socket */ @@ -1845,6 +1906,96 @@ disconnect_client_cb(struct ev_loop* loop, ev_periodic* w, int revents) } } +static void +rotate_frontend_password_cb(struct ev_loop* loop, ev_periodic* w, int revents) +{ + char* pwd; + + if (EV_ERROR & revents) + { + pgagroal_log_trace("rotate_frontend_password_cb: got invalid event: %s", strerror(errno)); + return; + } + + struct configuration* config; + + config = (struct configuration*)shmem; + // TODO: get pwd length from config or random length + for (int i = 0; i < config->number_of_frontend_users; i++) + { + // if (!strcmp(&config->frontend_users[i].username[0], "test")) + // { + pwd = generate_password(MIN_PASSWORD_LENGTH); + memcpy(&config->frontend_users[i].password, pwd, strlen(pwd)+1); + pgagroal_log_info("rotate_pass: current pass for username=%s:%s",config->frontend_users[i].username, config->frontend_users[i].password); + // } + } +} + +static void +accept_vault_cb(struct ev_loop* loop, struct ev_io* watcher, int revents) +{ + struct sockaddr_in6 client_addr; + socklen_t client_addr_length; + int client_fd; + char address[INET6_ADDRSTRLEN]; + + if (EV_ERROR & revents) + { + pgagroal_log_debug("accept_vault_cb: invalid event: %s", strerror(errno)); + errno = 0; + return; + } + + memset(&address, 0, sizeof(address)); + + client_addr_length = sizeof(client_addr); + client_fd = accept(watcher->fd, (struct sockaddr*)&client_addr, &client_addr_length); + + if (client_fd == -1) + { + //TODO: error handling + } + + ev_io *vault_watcher = (ev_io*) malloc(sizeof(ev_io)); + ev_io_init(vault_watcher, handle_vault_cb, client_fd, EV_READ); + ev_io_start(main_loop, vault_watcher); +} + +static void +handle_vault_cb(struct ev_loop* loop, struct ev_io* watcher, int revents) +{ + struct configuration* config; + struct message* msg; + + if (EV_ERROR & revents) + { + pgagroal_log_debug("accept_vault_cb: invalid event: %s", strerror(errno)); + errno = 0; + return; + } + + config = (struct configuration*)shmem; + + pgagroal_memory_init(); + if (pgagroal_read_socket_message(watcher->fd, &msg) == MESSAGE_STATUS_OK) + { + for (int i = 0; i < config->number_of_frontend_users; i++) + { + if (!strcmp(&config->frontend_users[i].username[0], (char *)msg->data)) + { + pgagroal_write_frontend_password_response(0, watcher->fd, config->frontend_users[i].password); + pgagroal_memory_destroy(); + return; + } + } + } + + // No such username + pgagroal_write_frontend_password_response(0, watcher->fd, ""); + pgagroal_memory_destroy(); +} + static bool accept_fatal(int error) { diff --git a/src/vault.c b/src/vault.c new file mode 100644 index 00000000..13a05224 --- /dev/null +++ b/src/vault.c @@ -0,0 +1,620 @@ +#include +#include +#include +#include +#include +#include +#include +#include "uthash.h" +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LINUX +#include +#endif + + +#include +#include +#include +#include +#include +#include +#include + +#define HTTP_PORT 80 +#define HTTPS_PORT 443 +#define BUFFER_SIZE 1024 + +struct KV +{ + char *key; + char *value; + UT_hash_handle hh; +}; + +static void initialize_ssl(void); +static SSL_CTX *create_ssl_context(void); +static void configure_ssl_context(SSL_CTX *ctx); +static void parse_query_string(const char *query_string, struct KV **hash_map); +static void free_hash_map(struct KV **hash_map); +static void handle(int client_fd, SSL *ssl, int is_http); +static void handle_url(const char *buffer, int client_fd, SSL *ssl, int is_http); +static void *http_thread_func(void *arg); +static void *https_thread_func(void *arg); +static void handle_users(const char *method, char *username, struct KV *params, char *response, size_t response_size); +static void handle_info(const char *method, const char *contents, char *response, size_t response_size); +static void handle_default(char *response, size_t response_size); + +static SSL_CTX *ssl_ctx; +static int client_socket; + +static void initialize_ssl(void) +{ + SSL_library_init(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); +} + +static SSL_CTX *create_ssl_context() +{ + const SSL_METHOD *method; + SSL_CTX *ctx; + + method = SSLv23_server_method(); + ctx = SSL_CTX_new(method); + if (ctx == NULL) + { + pgagroal_log_error("pgagroal_vault: failed to create ssl context"); + exit(EXIT_FAILURE); + } + + return ctx; +} + +static void configure_ssl_context(SSL_CTX *ctx) +{ + char crt[100]; + char key[100]; + sprintf(crt, "%s/.pgagroal/server.crt", pgagroal_get_home_directory()); + sprintf(key, "%s/.pgagroal/server.key", pgagroal_get_home_directory()); + if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0) + { + pgagroal_log_error("pgagroal_vault: failed to use cert file %s", "server.crt"); + exit(EXIT_FAILURE); + } + + if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0) + { + pgagroal_log_error("pgagroal_vault: failed to use cert file %s", "server.key"); + exit(EXIT_FAILURE); + } +} + +static void parse_query_string(const char *path, struct KV **map) +{ + char *token, *key, *value, *saveptr1, *saveptr2, *query; + query = strchr(path, '?'); + if (query) + { + *query = '\0'; + token = strtok_r(query + 1, "&", &saveptr1); + while (token) + { + key = strtok_r(token, "=", &saveptr2); + value = strtok_r(NULL, "=", &saveptr2); + struct KV *kv = malloc(sizeof(struct KV)); + kv->key = strcpy(malloc(strlen(key)), key); + kv->value = strcpy(malloc(strlen(value)), value); + HASH_ADD_STR(*map, key, kv); + token = strtok_r(NULL, "&", &saveptr1); + } + } +} + +static void free_hash_map(struct KV **hash_map) +{ + struct KV *entry, *tmp; + HASH_ITER(hh, *hash_map, entry, tmp) + { + HASH_DEL(*hash_map, entry); + free((void *)entry->key); + free((void *)entry->value); + free(entry); + } +} + +static void handle(int client_fd, SSL *ssl, int is_http) +{ + char buffer[BUFFER_SIZE]; + ssize_t bytes_read; + if (is_http) + { + bytes_read = read(client_fd, buffer, sizeof(buffer) - 1); + } + else + { + bytes_read = SSL_read(ssl, buffer, sizeof(buffer) - 1); + } + if (bytes_read <= 0) + { + if (!is_http) + { + SSL_free(ssl); + } + close(client_fd); + return; + } + buffer[bytes_read] = '\0'; + handle_url(buffer, client_fd, ssl, is_http); +} + +static void handle_url(const char *buffer, int client_fd, SSL *ssl, int is_http) +{ + char method[8]; + char path[128]; + char contents[BUFFER_SIZE]; + char response[BUFFER_SIZE]; + char format_string[BUFFER_SIZE]; + + sscanf(buffer, "%7s %127s", method, path); + + // Extract the POST data + char *body = strstr(buffer, "\r\n\r\n"); + if (body) + { + strcpy(contents, body + 4); + } + + struct KV *map = NULL; + + // Parse URL parameters for GET requests + if (strcmp(method, "GET") == 0) + { + parse_query_string(path, &map); + } + + // Call the appropriate handler function for the URL path + if (strncmp(path, "/users/", 7) == 0 && strcmp(method, "GET") == 0) + { + // Extract the username from the path + char username[MAX_USERNAME_LENGTH + 1]; // Assuming username is less than 120 characters + snprintf(format_string, sizeof(format_string), "/users/%%%ds", MAX_USERNAME_LENGTH); + sscanf(path, "/users/%128s", username); + + // Call the appropriate handler function with the username + // handle_users(username, response, sizeof(response)); + handle_users(method, username, map, response, sizeof(response)); + } + else if (strcmp(path, "/info") == 0) + { + handle_info(method, contents, response, sizeof(response)); + } + else + { + handle_default(response, sizeof(response)); + } + + // Send the response + if (is_http) + { + write(client_fd, response, strlen(response)); + } + else + { + SSL_write(ssl, response, strlen(response)); + SSL_shutdown(ssl); + SSL_free(ssl); + } + + close(client_fd); + free_hash_map(&map); +} + +static void handle_users(const char *method, char *username, struct KV *params, char *response, size_t response_size) +{ + if (strcmp(method, "GET") == 0) + { + struct KV *kv; + HASH_FIND_STR(params, "username", kv); + struct message *msg; + pgagroal_write_frontend_password_request(NULL, client_socket, username); + pgagroal_memory_init(); + pgagroal_read_socket_message(client_socket, &msg); + if(strcmp((char *)msg->data, "") != 0) { + snprintf(response, response_size, "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "\r\n" + "Your temporary password is: %s\r\n", + (char *)msg->data); + } else { + snprintf(response, response_size, "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "\r\n" + "No such user\r\n"); + } + pgagroal_memory_destroy(); + } + else + { + snprintf(response, response_size, "HTTP/1.1 405 Method Not Allowed\r\n\r\n"); + } +} + +static void handle_info(const char *method, const char *contents, char *response, size_t response_size) +{ + snprintf(response, response_size, "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "\r\n" + "vault is good\r\n"); +} + +static void handle_default(char *response, size_t response_size) +{ + snprintf(response, response_size, "HTTP/1.1 404 Not Found\r\n\r\n"); +} + +static void *http_thread_func(void *arg) +{ + int server_fd, client_fd; + struct sockaddr_in server_addr, client_addr; + socklen_t client_len = sizeof(client_addr); + + server_fd = socket(AF_INET, SOCK_STREAM, 0); + if (server_fd < 0) + { + pgagroal_log_error("Cannot create socket"); + return NULL; + } + + memset(&server_addr, 0, sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_addr.s_addr = INADDR_ANY; + server_addr.sin_port = htons(HTTP_PORT); + + if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) + { + pgagroal_log_error("Bind failed"); + return NULL; + } + // TODO: ? connection requests will be queued + if (listen(server_fd, 10) < 0) + { + pgagroal_log_error("Listen failed"); + return NULL; + } + + printf("HTTP server is listening on port %d...\n", HTTP_PORT); + + while (1) + { + client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_len); + if (client_fd < 0) + { + pgagroal_log_error("Accept failed"); + continue; + } + + handle(client_fd, NULL, 1); // 1 indicates HTTP + } + + close(server_fd); + return NULL; +} + +static void *https_thread_func(void *arg) +{ + int server_fd, client_fd; + struct sockaddr_in server_addr, client_addr; + socklen_t client_len = sizeof(client_addr); + + server_fd = socket(AF_INET, SOCK_STREAM, 0); + if (server_fd < 0) + { + pgagroal_log_error("Cannot create socket"); + return NULL; + } + + memset(&server_addr, 0, sizeof(server_addr)); + server_addr.sin_family = AF_INET; + server_addr.sin_addr.s_addr = INADDR_ANY; + server_addr.sin_port = htons(HTTPS_PORT); + + if (bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) + { + pgagroal_log_error("Bind failed"); + return NULL; + } + + if (listen(server_fd, 10) < 0) + { + pgagroal_log_error("Listen failed"); + return NULL; + } + + printf("HTTPS server is listening on port %d...\n", HTTPS_PORT); + + while (1) + { + client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &client_len); + if (client_fd < 0) + { + pgagroal_log_error("Accept failed"); + continue; + } + + SSL *ssl = SSL_new(ssl_ctx); + SSL_set_fd(ssl, client_fd); + + if (SSL_accept(ssl) <= 0) + { + pgagroal_log_error("pgagroal_vault: ssl filed to accept"); + } + else + { + handle(client_fd, ssl, 0); // 0 indicates HTTPS + } + + // SSL_free(ssl); + } + + close(server_fd); + return NULL; +} + +int main(int argc, char **argv) +{ + // int socket = -1; + // SSL* s_ssl = NULL; + int ret; + // int exit_code = 0; + char* configuration_path = NULL; + char* host = NULL; + char* port = NULL; + char* username = NULL; + char* password = NULL; + // bool verbose = false; + char* logfile = NULL; + // bool do_free = true; + int c; + int option_index = 0; + size_t size; + // int32_t mode = FLUSH_IDLE; + // char* database = NULL; + // char un[MAX_USERNAME_LENGTH]; + // char* server = NULL; + struct configuration* config = NULL; + bool remote_connection = false; + // long l_port; + // char* config_key = NULL; /* key for a configuration setting */ + // char* config_value = NULL; /* value for a configuration setting */ + + while (1) + { + static struct option long_options[] = + { + {"config", required_argument, 0, 'c'}, + {"host", required_argument, 0, 'h'}, + {"port", required_argument, 0, 'p'}, + {"user", required_argument, 0, 'U'}, + {"password", required_argument, 0, 'P'}, + {"logfile", required_argument, 0, 'L'}, + {"verbose", no_argument, 0, 'v'}, + {"version", no_argument, 0, 'V'}, + {"help", no_argument, 0, '?'} + }; + + c = getopt_long(argc, argv, "vV?c:h:p:U:P:L:", + long_options, &option_index); + + if (c == -1) + { + break; + } + + switch (c) + { + case 'c': + configuration_path = optarg; + break; + case 'h': + host = optarg; + break; + case 'p': + port = optarg; + break; + case 'U': + username = optarg; + break; + case 'P': + password = optarg; + break; + case 'L': + logfile = optarg; + break; + // case 'v': + // verbose = true; + // break; + // case 'V': + // version(); + // break; + // case '?': + // usage(); + // exit(1); + // break; + default: + break; + } + } + + if (getuid() == 0) + { + errx(1, "Using the root account is not allowed"); + } + + // if the user has specified the host and port + // options, she wants a remote connection + // but both remote connection parameters have to be set + if (host != NULL || port != NULL) + { + remote_connection = host != NULL && port != NULL; + if (!remote_connection) + { + printf("pgagroal-cli: you need both -h and -p options to perform a remote connection\n"); + exit(1); + } + } + + // if the user has specified either a username or a password + // there must be all the other pieces for a remote connection + if ((username != NULL || password != NULL) && !remote_connection) + { + errx(1, "you need also -h and -p options to perform a remote connection"); + } + + // and she cannot use "local" and "remote" connections at the same time + if (configuration_path != NULL && remote_connection) + { + errx(1, "Use either -c or -h/-p to define endpoint"); + } + + // if (argc <= 1) + // { + // usage(); + // exit(1); + // } + + size = sizeof(struct configuration); + if (pgagroal_create_shared_memory(size, HUGEPAGE_OFF, &shmem)) + { + errx(1, "Error creating shared memory"); + } + pgagroal_init_configuration(shmem); + + if (configuration_path != NULL) + { + ret = pgagroal_read_configuration(shmem, configuration_path, false); + if (ret == PGAGROAL_CONFIGURATION_STATUS_FILE_NOT_FOUND) + { + errx(1, "Configuration not found: <%s>", configuration_path); + } + else if (ret == PGAGROAL_CONFIGURATION_STATUS_FILE_TOO_BIG) + { + errx(1, "Too many sections in the configuration file <%s>", configuration_path); + } + + if (logfile) + { + config = (struct configuration*)shmem; + + config->log_type = PGAGROAL_LOGGING_TYPE_FILE; + memset(&config->log_path[0], 0, MISC_LENGTH); + memcpy(&config->log_path[0], logfile, MIN(MISC_LENGTH - 1, strlen(logfile))); + } + + if (pgagroal_start_logging()) + { + errx(1, "Cannot start the logging subsystem"); + } + + config = (struct configuration*)shmem; + } + else + { + ret = pgagroal_read_configuration(shmem, PGAGROAL_DEFAULT_CONF_FILE, false); + if (ret != PGAGROAL_CONFIGURATION_STATUS_OK) + { + if (!remote_connection) + { + errx(1, "Host (-h) and port (-p) must be specified to connect to the remote host"); + } + } + else + { + configuration_path = PGAGROAL_DEFAULT_CONF_FILE; + + if (logfile) + { + config = (struct configuration*)shmem; + + config->log_type = PGAGROAL_LOGGING_TYPE_FILE; + memset(&config->log_path[0], 0, MISC_LENGTH); + memcpy(&config->log_path[0], logfile, MIN(MISC_LENGTH - 1, strlen(logfile))); + } + + if (pgagroal_start_logging()) + { + errx(1, "Cannot start the logging subsystem"); + } + + config = (struct configuration*)shmem; + } + } + + // sock + int reuse = 1; + initialize_ssl(); + ssl_ctx = create_ssl_context(); + configure_ssl_context(ssl_ctx); + + client_socket = socket(AF_INET, SOCK_STREAM, 0); + if (client_socket == -1) + { + perror("Socket creation error"); + exit(EXIT_FAILURE); + } + + setsockopt(client_socket, SOL_SOCKET, SO_REUSEADDR, &reuse, sizeof(reuse)); + + struct sockaddr_in serverAddress; + serverAddress.sin_family = AF_INET; + serverAddress.sin_port = htons(6789); + serverAddress.sin_addr.s_addr = inet_addr("127.0.0.1"); + + if (connect(client_socket, (struct sockaddr *)&serverAddress, sizeof(serverAddress)) == -1) + { + perror("Connection error"); + close(client_socket); + exit(EXIT_FAILURE); + } + + pid_t http_pid, https_pid; + + http_pid = fork(); + if (http_pid == 0) + { + // This is the HTTP child process + http_thread_func(NULL); + exit(0); // Terminate child process + } + else if (http_pid < 0) + { + // Handle fork failure + perror("Failed to fork HTTP process"); + exit(EXIT_FAILURE); + } + + https_pid = fork(); + if (https_pid == 0) + { + // This is the HTTPS child process + https_thread_func(NULL); + exit(0); // Terminate child process + } + else if (https_pid < 0) + { + // Handle fork failure + perror("Failed to fork HTTPS process"); + exit(EXIT_FAILURE); + } + + // Parent process waits for both HTTP and HTTPS child processes + int status; + waitpid(http_pid, &status, 0); + waitpid(https_pid, &status, 0); + SSL_CTX_free(ssl_ctx); + return 0; +}