tls_scache.c

/*++
 * NAME
 *	tls_scache 3
 * SUMMARY
 *	TLS session cache manager
 * SYNOPSIS
 *	#include <tls_scache.h>
 *
 *	TLS_SCACHE *tls_scache_open(dbname, cache_label, verbose, timeout)
 *	const char *dbname
 *	const char *cache_label;
 *	int	verbose;
 *	int	timeout;
 *
 *	void	tls_scache_close(cache)
 *	TLS_SCACHE *cache;
 *
 *	int	tls_scache_lookup(cache, cache_id, out_session)
 *	TLS_SCACHE *cache;
 *	const char *cache_id;
 *	ACL_VSTRING	*out_session;
 *
 *	int	tls_scache_update(cache, cache_id, session, session_len)
 *	TLS_SCACHE *cache;
 *	const char *cache_id;
 *	const char *session;
 *	ssize_t	session_len;
 *
 *	int	tls_scache_sequence(cache, first_next, out_cache_id,
 *				ACL_VSTRING *out_session)
 *	TLS_SCACHE *cache;
 *	int	first_next;
 *	char	**out_cache_id;
 *	ACL_VSTRING	*out_session;
 *
 *	int	tls_scache_delete(cache, cache_id)
 *	TLS_SCACHE *cache;
 *	const char *cache_id;
 * DESCRIPTION
 *	This module maintains Postfix TLS session cache files.
 *	each session is stored under a lookup key (hostname or
 *	session ID).
 *
 *	tls_scache_open() opens the specified TLS session cache
 *	and returns a handle that must be used for subsequent
 *	access.
 *
 *	tls_scache_close() closes the specified TLS session cache
 *	and releases memory that was allocated by tls_scache_open().
 *
 *	tls_scache_lookup() looks up the specified session in the
 *	specified cache, and applies session timeout restrictions.
 *	Entries that are too old are silently deleted.
 *
 *	tls_scache_update() updates the specified TLS session cache
 *	with the specified session information.
 *
 *	tls_scache_sequence() iterates over the specified TLS session
 *	cache and either returns the first or next entry that has not
 *	timed out, or returns no data. Entries that are too old are
 *	silently deleted. Specify TLS_SCACHE_SEQUENCE_NOTHING as the
 *	third and last argument to disable saving of cache entry
 *	content or cache entry ID information. This is useful when
 *	purging expired entries. A result value of zero means that
 *	the end of the cache was reached.
 *
 *	tls_scache_delete() removes the specified cache entry from
 *	the specified TLS session cache.
 *
 *	Arguments:
 * .IP dbname
 *	The base name of the session cache file.
 * .IP cache_label
 *	A string that is used in logging and error messages.
 * .IP verbose
 *	Do verbose logging of cache operations? (zero == no)
 * .IP timeout
 *	The time after wich a session cache entry is considered too old.
 * .IP first_next
 *	One of DICT_SEQ_FUN_FIRST (first cache element) or DICT_SEQ_FUN_NEXT
 *	(next cache element).
 * .IP cache_id
 *	Session cache lookup key.
 * .IP session
 *	Storage for session information.
 * .IP session_len
 *	The size of the session information in bytes.
 * .IP out_cache_id
 * .IP out_session
 *	Storage for saving the cache_id or session information of the
 *	current cache entry.
 *
 *	Specify TLS_SCACHE_DONT_NEED_CACHE_ID to avoid saving
 *	the session cache ID of the cache entry.
 *
 *	Specify TLS_SCACHE_DONT_NEED_SESSION to avoid
 *	saving the session information in the cache entry.
 * DIAGNOSTICS
 *	These routines terminate with a fatal run-time error
 *	for unrecoverable database errors. This allows the
 *	program to restart and reset the database to an
 *	empty initial state.
 *
 *	tls_scache_open() never returns on failure. All other
 *	functions return non-zero on success, zero when the
 *	operation could not be completed.
 * LICENSE
 * .ad
 * .fi
 *	The Secure Mailer license must be distributed with this software.
 * AUTHOR(S)
 *	Wietse Venema
 *	IBM T.J. Watson Research
 *	P.O. Box 704
 *	Yorktown Heights, NY 10598, USA
 *--*/

#include "StdAfx.h"

#ifdef USE_TLS

#include <string.h>
#include <stddef.h>

#include "dict.h"

/* Global library. */

/* TLS library. */

#include "tls_scache.h"

/* Application-specific. */

 /*
  * Session cache entry format.
  */
typedef struct {
    time_t  timestamp;			/* time when saved */
    char    session[1];			/* actually a bunch of bytes */
} TLS_SCACHE_ENTRY;

 /*
  * SLMs.
  */
#define STR(x)		acl_vstring_str(x)
#define LEN(x)		ACL_VSTRING_LEN(x)

/* tls_scache_encode - encode TLS session cache entry */

static ACL_VSTRING *tls_scache_encode(TLS_SCACHE *cp, const char *cache_id,
	const char *session, ssize_t session_len)
{
    TLS_SCACHE_ENTRY *entry;
    ACL_VSTRING *hex_data;
    ssize_t binary_data_len;

    /*
     * Assemble the TLS session cache entry.
     * 
     * We could eliminate some copying by using incremental encoding, but
     * sessions are so small that it really does not matter.
     */
    binary_data_len = session_len + offsetof(TLS_SCACHE_ENTRY, session);
    entry = (TLS_SCACHE_ENTRY *) acl_mymalloc(binary_data_len);
    entry->timestamp = time((time_t *) 0);
    memcpy(entry->session, session, session_len);

    /*
     * Encode the TLS session cache entry.
     */
    hex_data = acl_vstring_alloc(2 * binary_data_len + 1);
    acl_hex_encode(hex_data, (char *) entry, binary_data_len);

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("write %s TLS cache entry %s: time=%ld [data %ld bytes]",
		cp->cache_label, cache_id, (long) entry->timestamp,
		(long) session_len);

    /*
     * Clean up.
     */
    acl_myfree(entry);

    return (hex_data);
}

/* tls_scache_decode - decode TLS session cache entry */

static int tls_scache_decode(TLS_SCACHE *cp, const char *cache_id,
	const char *hex_data, ssize_t hex_data_len, ACL_VSTRING *out_session)
{
    const char *myname = "tls+scache_decode";
    TLS_SCACHE_ENTRY *entry;
    ACL_VSTRING *bin_data;

    /*
     * Sanity check.
     */
    if (hex_data_len < (ssize_t) (2 * (offsetof(TLS_SCACHE_ENTRY, session)))) {
	acl_msg_warn("%s: %s TLS cache: truncated entry for %s: %.100s",
		 myname, cp->cache_label, cache_id, hex_data);
	return (0);
    }

    /*
     * Disassemble the TLS session cache entry.
     * 
     * No early returns or we have a memory leak.
     */
#define FREE_AND_RETURN(ptr, x) { acl_vstring_free(ptr); return (x); }

    bin_data = acl_vstring_alloc(hex_data_len / 2 + 1);
    if (acl_hex_decode(bin_data, hex_data, hex_data_len) == 0) {
	acl_msg_warn("%s: %s TLS cache: malformed entry for %s: %.100s",
		 myname, cp->cache_label, cache_id, hex_data);
	FREE_AND_RETURN(bin_data, 0);
    }
    entry = (TLS_SCACHE_ENTRY *) STR(bin_data);

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("read %s TLS cache entry %s: time=%ld [data %ld bytes]",
		 cp->cache_label, cache_id, (long) entry->timestamp,
	      (long) (LEN(bin_data) - offsetof(TLS_SCACHE_ENTRY, session)));

    /*
     * Other mandatory restrictions.
     */
    if (entry->timestamp + cp->timeout < time((time_t *) 0))
	FREE_AND_RETURN(bin_data, 0);

    /*
     * Optional output.
     */
    if (out_session != 0)
	acl_vstring_memcpy(out_session, entry->session,
	       LEN(bin_data) - offsetof(TLS_SCACHE_ENTRY, session));

    /*
     * Clean up.
     */
    FREE_AND_RETURN(bin_data, 1);
}

/* tls_scache_lookup - load session from cache */

int     tls_scache_lookup(TLS_SCACHE *cp, char *cache_id, ACL_VSTRING *session)
{
    char *hex_data;
    size_t size;

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("lookup %s session id=%s", cp->cache_label, cache_id);

    /*
     * Initialize. Don't leak data.
     */
    if (session)
	ACL_VSTRING_RESET(session);

    /*
     * Search the cache database.
     */
    if ((DICT_GET(cp->db, cache_id, strlen(cache_id), &hex_data, &size)) == 0)
	return (0);

    /*
     * Decode entry and delete if expired or malformed.
     */
    if (tls_scache_decode(cp, cache_id, hex_data, (int) strlen(hex_data), session) == 0) {
	tls_scache_delete(cp, cache_id);
	acl_myfree(hex_data);
	return (0);
    } else {
	acl_myfree(hex_data);
	return (1);
    }
}

/* tls_scache_update - save session to cache */

int     tls_scache_update(TLS_SCACHE *cp, char *cache_id, const char *buf, ssize_t len)
{
    ACL_VSTRING *hex_data;

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("put %s session id=%s [data %ld bytes]",
		 cp->cache_label, cache_id, (long) len);

    /*
     * Encode the cache entry.
     */
    hex_data = tls_scache_encode(cp, cache_id, buf, len);

    /*
     * Store the cache entry.
     * 
     * XXX Berkeley DB supports huge database keys and values. SDBM seems to
     * have a finite limit, and DBM simply can't be used at all.
     */
    DICT_PUT(cp->db, cache_id, strlen(cache_id), STR(hex_data), LEN(hex_data));

    /*
     * Clean up.
     */
    acl_vstring_free(hex_data);

    return (1);
}

/* tls_scache_sequence - get first/next TLS session cache entry */

int     tls_scache_sequence(TLS_SCACHE *cp, int first_next,
	char **out_cache_id, ACL_VSTRING *out_session)
{
    char *member;
    char *value;
    char   *saved_cursor;
    int     found_entry;
    int     keep_entry = 0;
    char   *saved_member = 0;
    size_t  key_size, val_size;

    /*
     * XXX Deleting entries while enumerating a map can he tricky. Some map
     * types have a concept of cursor and support a "delete the current
     * element" operation. Some map types without cursors don't behave well
     * when the current first/next entry is deleted (example: with Berkeley
     * DB < 2, the "next" operation produces garbage). To avoid trouble, we
     * delete an expired entry after advancing the current first/next
     * position beyond it, and ignore client requests to delete the current
     * entry.
     */

    /*
     * Find the first or next database entry. Activate the passivated entry
     * and check the time stamp. Schedule the entry for deletion if it is too
     * old.
     * 
     * Save the member (cache id) so that it will not be clobbered by the
     * tls_scache_lookup() call below.
     */
    found_entry = (DICT_SEQ(cp->db, first_next, &member, &key_size, &value, &val_size) == 0);
    if (found_entry) {
	keep_entry = tls_scache_decode(cp, member, value, (int) strlen(value),
				       out_session);
	if (keep_entry && out_cache_id)
	    *out_cache_id = acl_mystrdup(member);
	saved_member = acl_mystrdup(member);
	acl_myfree(member);
	acl_myfree(value);
    }

    /*
     * Delete behind. This is a no-op if an expired cache entry was updated
     * in the mean time. Use the saved lookup criteria so that the "delete
     * behind" operation works as promised.
     */
    if (cp->flags & TLS_SCACHE_FLAG_DEL_SAVED_CURSOR) {
	cp->flags &= ~TLS_SCACHE_FLAG_DEL_SAVED_CURSOR;
	saved_cursor = cp->saved_cursor;
	cp->saved_cursor = 0;
	tls_scache_lookup(cp, saved_cursor, (ACL_VSTRING *) 0);
	acl_myfree(saved_cursor);
    }

    /*
     * Otherwise, clean up if this is not the first iteration.
     */
    else {
	if (cp->saved_cursor)
	    acl_myfree(cp->saved_cursor);
	cp->saved_cursor = 0;
    }

    /*
     * Protect the current first/next entry against explicit or implied
     * client delete requests, and schedule a bad or expired entry for
     * deletion. Save the lookup criteria so that the "delete behind"
     * operation will work as promised.
     */
    if (found_entry) {
	cp->saved_cursor = saved_member;
	if (keep_entry == 0)
	    cp->flags |= TLS_SCACHE_FLAG_DEL_SAVED_CURSOR;
    }
    return (found_entry);
}

/* tls_scache_delete - delete session from cache */

int     tls_scache_delete(TLS_SCACHE *cp, char *cache_id)
{

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("delete %s session id=%s", cp->cache_label, cache_id);

    /*
     * Do it, unless we would delete the current first/next entry. Some map
     * types don't have cursors, and some of those don't behave when the
     * "current" entry is deleted.
     */
    return ((cp->saved_cursor != 0 && strcmp(cp->saved_cursor, cache_id) == 0)
	    || DICT_DEL(cp->db, cache_id, strlen(cache_id)) == 0);
}

/* tls_scache_init - init dict */

void tls_scache_init()
{
    dict_open_init();
}

/* tls_scache_open - open TLS session cache file */

TLS_SCACHE *tls_scache_open(const char *dbname, const char *cache_label,
	int verbose, int timeout)
{
    const char *myname = "tls_scache_open";
    TLS_SCACHE *cp;
    DICT   *dict;

    /*
     * Logging.
     */
    if (verbose)
	acl_msg_info("open %s TLS cache %s", cache_label, dbname);

    /*
     * Open the dictionary with O_TRUNC, so that we never have to worry about
     * opening a damaged file after some process terminated abnormally.
     */
#ifdef SINGLE_UPDATER
#define DICT_FLAGS (DICT_FLAG_DUP_REPLACE)
#elif defined(ACL_UNIX)
#define DICT_FLAGS \
	(DICT_FLAG_DUP_REPLACE | DICT_FLAG_LOCK | DICT_FLAG_SYNC_UPDATE)
#elif defined(WIN32)
#define DICT_FLAGS \
	(DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
#endif

    dict = dict_open(dbname, O_RDWR | O_CREAT | O_TRUNC, DICT_FLAGS);

    /*
     * Sanity checks.
     */
    if (dict->lock_fd < 0)
	acl_msg_fatal("%s: dictionary %s is not a regular file", myname, dbname);
#ifdef SINGLE_UPDATER
    if (acl_myflock(dict->lock_fd, INTERNAL_LOCK,
		MYFLOCK_OP_EXCLUSIVE | MYFLOCK_OP_NOWAIT) < 0)
	acl_msg_fatal("%s: cannot lock dictionary %s for exclusive use: %s",
		myname, dbname, acl_last_serror());
#endif
    if (dict->update == 0)
	acl_msg_fatal("%s: dictionary %s does not support update operations", myname, dbname);
    if (dict->delete_it == 0)
	acl_msg_fatal("%s: dictionary %s does not support delete operations", myname, dbname);
    if (dict->sequence == 0)
	acl_msg_fatal("%s: dictionary %s does not support sequence operations", myname, dbname);

    /*
     * Create the TLS_SCACHE object.
     */
    cp = (TLS_SCACHE *) acl_mymalloc(sizeof(*cp));
    cp->flags = 0;
    cp->db = dict;
    cp->cache_label = acl_mystrdup(cache_label);
    cp->verbose = verbose;
    cp->timeout = timeout;
    cp->saved_cursor = 0;

    return (cp);
}

/* tls_scache_close - close TLS session cache file */

void    tls_scache_close(TLS_SCACHE *cp)
{
    const char *myname = "tls_scache_close";

    /*
     * Logging.
     */
    if (cp->verbose)
	acl_msg_info("%s: close %s TLS cache %s",
		myname, cp->cache_label, cp->db->name);

    /*
     * Destroy the TLS_SCACHE object.
     */
    DICT_CLOSE(cp->db);
    acl_myfree(cp->cache_label);
    if (cp->saved_cursor)
	acl_myfree(cp->saved_cursor);
    acl_myfree(cp);
}

#endif