1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
26 #include <sys/socket.h>
35 #include <sys/types.h>
37 #include <sys/select.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
52 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
54 #include <arpa/nameser.h>
66 #define N_(msgid) dgettext("libpwmd", msgid)
71 static char *_getpwuid(struct passwd
*pwd
)
73 size_t size
= sysconf(_SC_GETPW_R_SIZE_MAX
);
74 struct passwd
*result
;
81 buf
= pwmd_malloc(size
);
86 n
= getpwuid_r(getuid(), pwd
, buf
, size
, &result
);
103 static const char *_pwmd_strerror(gpg_error_t e
)
105 gpg_err_code_t code
= gpg_err_code(e
);
107 if (code
>= GPG_ERR_USER_1
&& code
< gpg_err_code(EPWMD_MAX
)) {
112 return N_("Unknown error");
114 return N_("No cache slots available");
116 return N_("Recursion loop");
118 return N_("No file is open");
120 return N_("General LibXML error");
122 return N_("File modified");
129 const char *pwmd_strerror(gpg_error_t code
)
131 const char *p
= _pwmd_strerror(code
);
133 return p
? p
: gpg_strerror(code
);
136 int pwmd_strerror_r(gpg_error_t code
, char *buf
, size_t size
)
138 const char *p
= _pwmd_strerror(code
);
141 snprintf(buf
, size
, "%s", p
);
143 if (strlen(p
) > size
)
149 return gpg_strerror_r(code
, buf
, size
);
152 gpg_error_t
pwmd_init()
154 static int initialized
;
163 bindtextdomain("libpwmd", LOCALEDIR
);
166 assuan_set_malloc_hooks(pwmd_malloc
, pwmd_realloc
, pwmd_free
);
167 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
172 static gpg_error_t
_socket_connect_finalize(pwm_t
*pwm
)
175 int n
= assuan_get_active_fds(pwm
->ctx
, 0, active
, N_ARRAY(active
));
180 return GPG_ERR_EBADFD
;
186 assuan_set_pointer(pwm
->ctx
, pwm
);
189 // Until X11 forwarding is supported, disable the remote pwmd pinentry.
191 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
199 rc
= pwmd_command(pwm
, NULL
, "OPTION CLIENT NAME=%s", pwm
->name
);
205 rc
= pwmd_command(pwm
, &result
, "VERSION");
207 if (rc
&& rc
!= GPG_ERR_ASS_UNKNOWN_CMD
)
211 pwm
->version
= PWMD_V1
;
213 pwm
->version
= PWMD_V2
;
220 static int read_hook(assuan_context_t ctx
, assuan_fd_t fd
, void *data
,
221 size_t len
, ssize_t
*ret
)
223 pwm_t
*pwm
= assuan_get_pointer(ctx
);
225 if (!pwm
|| !pwm
->tcp_conn
)
227 *ret
= pth_read((int)fd
, data
, len
);
229 *ret
= read((int)fd
, data
, len
);
232 *ret
= libssh2_channel_read(pwm
->tcp_conn
->channel
, data
, len
);
234 return *ret
>= 0 ? 1 : 0;
237 static int write_hook(assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
238 size_t len
, ssize_t
*ret
)
240 pwm_t
*pwm
= assuan_get_pointer(ctx
);
242 if (!pwm
|| !pwm
->tcp_conn
)
244 *ret
= pth_write((int)fd
, data
, len
);
246 *ret
= write((int)fd
, data
, len
);
249 *ret
= libssh2_channel_write(pwm
->tcp_conn
->channel
, data
, len
);
251 return *ret
>= 0 ? 1 : 0;
254 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
);
255 static void free_tcp_conn(pwmd_tcp_conn_t
*conn
)
260 if (conn
->username
) {
261 pwmd_free(conn
->username
);
262 conn
->username
= NULL
;
265 if (conn
->known_hosts
) {
266 pwmd_free(conn
->known_hosts
);
267 conn
->known_hosts
= NULL
;
270 if (conn
->identity
) {
271 pwmd_free(conn
->identity
);
272 conn
->identity
= NULL
;
275 if (conn
->identity_pub
) {
276 pwmd_free(conn
->identity_pub
);
277 conn
->identity_pub
= NULL
;
281 pwmd_free(conn
->host
);
286 pwmd_free(conn
->hostkey
);
287 conn
->hostkey
= NULL
;
291 ares_destroy(conn
->chan
);
296 ares_free_hostent(conn
->he
);
300 if (!conn
->session
&& conn
->fd
>= 0) {
311 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
)
317 libssh2_channel_close(conn
->channel
);
318 libssh2_channel_free(conn
->channel
);
322 libssh2_session_disconnect(conn
->session
, "Bye!");
323 libssh2_session_free(conn
->session
);
326 conn
->session
= NULL
;
327 conn
->channel
= NULL
;
331 static void _ssh_assuan_deinit(assuan_context_t ctx
)
333 pwm_t
*pwm
= assuan_get_pointer(ctx
);
336 pwm
->tcp_conn
->fd
= -1;
337 _ssh_deinit(pwm
->tcp_conn
);
338 pwm
->tcp_conn
= NULL
;
343 * Sets common options from both pwmd_ssh_connect() and
344 * pwmd_ssh_connect_async().
346 static gpg_error_t
init_tcp_conn(pwmd_tcp_conn_t
**dst
, const char *host
,
347 int port
, const char *identity
, const char *user
,
348 const char *known_hosts
, int get
)
350 pwmd_tcp_conn_t
*conn
;
356 return GPG_ERR_INV_ARG
;
359 if (!host
|| !*host
|| !identity
|| !*identity
|| !known_hosts
||
361 return GPG_ERR_INV_ARG
;
364 conn
= pwmd_calloc(1, sizeof(pwmd_tcp_conn_t
));
367 return gpg_error_from_errno(ENOMEM
);
369 conn
->port
= port
== -1 ? 22 : port
;
370 conn
->host
= pwmd_strdup(host
);
373 rc
= gpg_error_from_errno(ENOMEM
);
380 pwbuf
= _getpwuid(&pw
);
383 rc
= gpg_error_from_errno(errno
);
387 conn
->username
= pwmd_strdup(user
? user
: pw
.pw_name
);
389 if (!conn
->username
) {
390 rc
= gpg_error_from_errno(ENOMEM
);
394 conn
->identity
= expand_homedir((char *)identity
, &pw
);
396 if (!conn
->identity
) {
397 rc
= gpg_error_from_errno(ENOMEM
);
401 conn
->identity_pub
= pwmd_malloc(strlen(conn
->identity
)+5);
403 if (!conn
->identity_pub
) {
404 rc
= gpg_error_from_errno(ENOMEM
);
408 sprintf(conn
->identity_pub
, "%s.pub", conn
->identity
);
409 conn
->known_hosts
= expand_homedir((char *)known_hosts
, &pw
);
411 if (!conn
->known_hosts
) {
412 rc
= gpg_error_from_errno(ENOMEM
);
430 static gpg_error_t
do_connect(pwm_t
*pwm
, int prot
, void *addr
)
432 struct sockaddr_in their_addr
;
434 pwm
->tcp_conn
->fd
= socket(prot
, SOCK_STREAM
, 0);
436 if (pwm
->tcp_conn
->fd
== -1)
437 return gpg_error_from_syserror();
439 if (pwm
->tcp_conn
->async
)
440 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, O_NONBLOCK
);
442 pwm
->cmd
= ASYNC_CMD_CONNECT
;
443 their_addr
.sin_family
= prot
;
444 their_addr
.sin_port
= htons(pwm
->tcp_conn
->port
);
445 their_addr
.sin_addr
= *((struct in_addr
*)addr
);
446 memset(their_addr
.sin_zero
, '\0', sizeof their_addr
.sin_zero
);
449 if (pth_connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
450 sizeof(their_addr
)) == -1)
452 if (connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
453 sizeof(their_addr
)) == -1)
455 return gpg_error_from_syserror();
460 static gpg_error_t
ares_error_to_pwmd(int status
)
462 if (status
!= ARES_SUCCESS
)
463 warnx("%s", ares_strerror(status
));
469 return GPG_ERR_UNKNOWN_HOST
;
471 return GPG_ERR_EHOSTDOWN
;
473 return GPG_ERR_TIMEOUT
;
475 return gpg_error_from_errno(ENOMEM
);
476 case ARES_ECONNREFUSED
:
477 return GPG_ERR_ECONNREFUSED
;
480 return GPG_ERR_EHOSTUNREACH
;
486 static void dns_resolve_cb(void *arg
, int status
, int timeouts
,
487 unsigned char *abuf
, int alen
)
493 if (status
== ARES_EDESTRUCTION
)
496 if (status
!= ARES_SUCCESS
) {
497 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
501 /* Check for an IPv6 address first. */
502 if (pwm
->prot
== PWMD_IP_ANY
|| pwm
->prot
== PWMD_IPV6
)
503 rc
= ares_parse_aaaa_reply(abuf
, alen
, &he
, NULL
, NULL
);
505 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
507 if (rc
!= ARES_SUCCESS
) {
508 if (pwm
->prot
!= PWMD_IP_ANY
|| rc
!= ARES_ENODATA
) {
509 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
513 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
515 if (rc
!= ARES_SUCCESS
) {
516 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
521 pwm
->tcp_conn
->he
= he
;
522 pwm
->tcp_conn
->rc
= do_connect(pwm
, he
->h_addrtype
, he
->h_addr
);
525 static gpg_error_t
_do_pwmd_tcp_connect_async(pwm_t
*pwm
, const char *host
,
526 int port
, const char *identity
, const char *user
,
527 const char *known_hosts
, pwmd_async_cmd_t which
)
529 pwmd_tcp_conn_t
*conn
;
533 return GPG_ERR_INV_ARG
;
535 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
,
536 which
== ASYNC_CMD_HOSTKEY
? 1 : 0);
542 pwm
->tcp_conn
= conn
;
543 pwm
->tcp_conn
->cmd
= which
;
545 if (pwm
->tcp_conn
->cmd
== ASYNC_CMD_HOSTKEY
)
546 pwm
->tcp_conn
->get_only
= 1;
548 pwm
->cmd
= ASYNC_CMD_DNS
;
549 pwm
->state
= ASYNC_PROCESS
;
550 ares_init(&pwm
->tcp_conn
->chan
);
551 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
552 dns_resolve_cb
, pwm
);
556 gpg_error_t
pwmd_ssh_connect_async(pwm_t
*pwm
, const char *host
, int port
,
557 const char *identity
, const char *user
, const char *known_hosts
)
559 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, identity
, user
,
560 known_hosts
, ASYNC_CMD_CONNECT
);
563 static void *_ssh_malloc(size_t size
, void **data
)
565 return pwmd_malloc(size
);
568 static void _ssh_free(void *ptr
, void **data
)
573 static void *_ssh_realloc(void *ptr
, size_t size
, void **data
)
575 return pwmd_realloc(ptr
, size
);
578 static char *to_hex(const char *str
, size_t slen
)
581 char *buf
= pwmd_malloc(slen
*2+1);
586 for (i
= 0, buf
[0] = 0; i
< slen
; i
++) {
589 sprintf(tmp
, "%02x", (unsigned char)str
[i
]);
596 static int verify_host_key(pwm_t
*pwm
)
598 FILE *fp
= fopen(pwm
->tcp_conn
->known_hosts
, "r");
604 buf
= pwmd_malloc(LINE_MAX
);
609 while ((p
= fgets(buf
, LINE_MAX
, fp
))) {
610 if (*p
== '#' || isspace(*p
))
613 if (p
[strlen(p
)-1] == '\n')
616 if (!strcmp(buf
, pwm
->tcp_conn
->hostkey
))
633 static gpg_error_t
authenticate_ssh(pwm_t
*pwm
)
635 const char *fp
= libssh2_hostkey_hash(pwm
->tcp_conn
->session
,
636 LIBSSH2_HOSTKEY_HASH_SHA1
);
639 pwm
->tcp_conn
->hostkey
= to_hex(fp
, 20);
641 if (!pwm
->tcp_conn
->hostkey
)
642 return gpg_error_from_errno(ENOMEM
);
644 if (pwm
->tcp_conn
->get_only
)
647 if (!fp
|| verify_host_key(pwm
))
648 return GPG_ERR_BAD_CERT
;
650 userauth
= libssh2_userauth_list(pwm
->tcp_conn
->session
,
651 pwm
->tcp_conn
->username
, strlen(pwm
->tcp_conn
->username
));
653 if (!userauth
|| !strstr(userauth
, "publickey"))
654 return GPG_ERR_BAD_PIN_METHOD
;
656 if (libssh2_userauth_publickey_fromfile(pwm
->tcp_conn
->session
,
657 pwm
->tcp_conn
->username
, pwm
->tcp_conn
->identity_pub
,
658 pwm
->tcp_conn
->identity
, NULL
))
659 return GPG_ERR_BAD_SECKEY
;
664 static gpg_error_t
setup_tcp_session(pwm_t
*pwm
)
666 assuan_context_t ctx
;
667 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
670 pwm
->tcp_conn
->session
= libssh2_session_init_ex(_ssh_malloc
, _ssh_free
,
673 if (!pwm
->tcp_conn
->session
) {
674 rc
= gpg_error_from_errno(ENOMEM
);
678 if (libssh2_session_startup(pwm
->tcp_conn
->session
, pwm
->tcp_conn
->fd
)) {
679 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
683 rc
= authenticate_ssh(pwm
);
688 /* pwmd_get_hostkey(). */
689 if (pwm
->tcp_conn
->get_only
) {
690 pwm
->result
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
693 rc
= gpg_error_from_errno(ENOMEM
);
700 pwm
->tcp_conn
->channel
= libssh2_channel_open_session(pwm
->tcp_conn
->session
);
702 if (!pwm
->tcp_conn
->channel
) {
703 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
707 if (libssh2_channel_shell(pwm
->tcp_conn
->channel
)) {
708 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
712 assuan_set_io_hooks(&io_hooks
);
713 rc
= assuan_socket_connect_fd(&ctx
, pwm
->tcp_conn
->fd
, 0, pwm
);
718 assuan_set_finish_handler(ctx
, _ssh_assuan_deinit
);
720 rc
= _socket_connect_finalize(pwm
);
728 free_tcp_conn(pwm
->tcp_conn
);
729 pwm
->tcp_conn
= NULL
;
733 static gpg_error_t
_do_pwmd_tcp_connect(pwm_t
*pwm
, const char *host
, int port
,
734 const char *identity
, const char *user
, const char *known_hosts
, int get
)
736 pwmd_tcp_conn_t
*conn
;
740 return GPG_ERR_INV_ARG
;
742 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
, get
);
747 pwm
->tcp_conn
= conn
;
748 pwm
->tcp_conn
->get_only
= get
;
749 pwm
->cmd
= ASYNC_CMD_DNS
;
750 ares_init(&pwm
->tcp_conn
->chan
);
751 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
752 dns_resolve_cb
, pwm
);
754 /* dns_resolve_cb() may have already been called. */
755 if (pwm
->tcp_conn
->rc
) {
756 rc
= pwm
->tcp_conn
->rc
;
761 * Fake a blocking DNS lookup. libcares does a better job than
771 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
772 ares_timeout(pwm
->tcp_conn
->chan
, NULL
, &tv
);
774 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
776 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
780 rc
= gpg_error_from_syserror();
784 rc
= GPG_ERR_TIMEOUT
;
788 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
790 if (pwm
->tcp_conn
->rc
)
792 } while (pwm
->cmd
== ASYNC_CMD_DNS
);
794 if (pwm
->tcp_conn
->rc
) {
795 rc
= pwm
->tcp_conn
->rc
;
799 rc
= setup_tcp_session(pwm
);
800 pwm
->cmd
= ASYNC_CMD_NONE
;
806 gpg_error_t
pwmd_ssh_connect(pwm_t
*pwm
, const char *host
, int port
,
807 const char *identity
, const char *user
, const char *known_hosts
)
809 return _do_pwmd_tcp_connect(pwm
, host
, port
, identity
, user
, known_hosts
, 0);
812 gpg_error_t
pwmd_get_hostkey(pwm_t
*pwm
, const char *host
, int port
,
818 rc
= _do_pwmd_tcp_connect(pwm
, host
, port
, NULL
, NULL
, NULL
, 1);
823 hostkey
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
826 rc
= gpg_error_from_errno(ENOMEM
);
832 gpg_error_t
pwmd_get_hostkey_async(pwm_t
*pwm
, const char *host
, int port
)
834 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, NULL
, NULL
, NULL
,
839 * ssh://[username@]hostname[:port],identity,known_hosts
841 * Any missing parameters are checked for in init_tcp_conn().
843 static int parse_ssh_url(char *str
, char **host
, int *port
, char **user
,
844 char **identity
, char **known_hosts
)
850 *host
= *user
= *identity
= *known_hosts
= NULL
;
852 p
= strrchr(str
, '@');
855 len
= strlen(str
)-strlen(p
)+1;
856 *user
= pwmd_malloc(len
);
857 snprintf(*user
, len
, "%s", str
);
866 len
= strlen(p
)-strlen(t
)+1;
867 *host
= pwmd_malloc(len
);
868 snprintf(*host
, len
, "%s", p
);
872 while (*t
&& isdigit(*t
))
884 len
= strlen(p
)-strlen(t
)+1;
885 *host
= pwmd_malloc(len
);
886 snprintf(*host
, len
, "%s", p
);
893 len
= strlen(t
)-strlen(t2
)+1;
897 *identity
= pwmd_malloc(len
);
898 snprintf(*identity
, len
, "%s", t
);
904 *known_hosts
= pwmd_malloc(len
);
905 snprintf(*known_hosts
, len
, "%s", t2
);
911 *host
= pwmd_malloc(len
);
912 snprintf(*host
, len
, "%s", p
);
920 static gpg_error_t
_pwmd_connect_url(pwm_t
*pwm
, const char *url
, int async
)
922 char *p
= (char *)url
;
926 return GPG_ERR_INV_ARG
;
928 if (!p
|| !strncmp(p
, "socket://", 9)) {
934 else if (!strncmp(p
, "ssh://", 6) || !strncmp(p
, "ssh6://", 7) ||
935 !strncmp(p
, "ssh4://", 7)) {
937 return GPG_ERR_NOT_IMPLEMENTED
;
941 char *identity
= NULL
;
942 char *known_hosts
= NULL
;
943 char *username
= NULL
;
945 if (!strncmp(p
, "ssh6://", 7)) {
946 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV6
);
949 else if (!strncmp(p
, "ssh4://", 7)) {
950 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV4
);
954 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IP_ANY
);
961 rc
= parse_ssh_url(p
, &host
, &port
, &username
, &identity
,
968 rc
= pwmd_ssh_connect_async(pwm
, host
, port
, identity
, username
,
971 rc
= pwmd_ssh_connect(pwm
, host
, port
, identity
, username
,
984 pwmd_free(known_hosts
);
991 rc
= pwmd_connect(pwm
, p
);
992 pwm
->state
= ASYNC_DONE
;
996 return GPG_ERR_UNSUPPORTED_PROTOCOL
;
999 gpg_error_t
pwmd_connect_url(pwm_t
*pwm
, const char *url
)
1001 return _pwmd_connect_url(pwm
, url
, 0);
1004 gpg_error_t
pwmd_connect_url_async(pwm_t
*pwm
, const char *url
)
1006 return _pwmd_connect_url(pwm
, url
, 1);
1009 static char *expand_homedir(char *str
, struct passwd
*pw
)
1015 if (*p
!= '~' || *(p
+1) != '/')
1016 return pwmd_strdup(p
);
1021 pwbuf
= _getpwuid(&t
);
1030 result
= pwmd_strdup_printf("%s/%s", pw
->pw_dir
, p
);
1038 gpg_error_t
pwmd_connect(pwm_t
*pwm
, const char *path
)
1040 char *socketpath
= NULL
;
1041 assuan_context_t ctx
;
1047 return GPG_ERR_INV_ARG
;
1049 pwbuf
= _getpwuid(&pw
);
1052 return gpg_error_from_errno(errno
);
1054 if (!path
|| !*path
) {
1055 socketpath
= (char *)pwmd_malloc(strlen(pw
.pw_dir
) + strlen("/.pwmd/socket") + 1);
1056 sprintf(socketpath
, "%s/.pwmd/socket", pw
.pw_dir
);
1059 socketpath
= expand_homedir((char *)path
, &pw
);
1063 return gpg_error_from_errno(ENOMEM
);
1068 rc
= assuan_socket_connect_ext(&ctx
, socketpath
, -1, 0);
1069 pwmd_free(socketpath
);
1075 return _socket_connect_finalize(pwm
);
1078 void pwmd_close(pwm_t
*pwm
)
1084 assuan_disconnect(pwm
->ctx
);
1087 pwmd_free(pwm
->password
);
1090 pwmd_free(pwm
->title
);
1093 pwmd_free(pwm
->desc
);
1096 pwmd_free(pwm
->prompt
);
1098 if (pwm
->pinentry_tty
)
1099 pwmd_free(pwm
->pinentry_tty
);
1101 if (pwm
->pinentry_display
)
1102 pwmd_free(pwm
->pinentry_display
);
1104 if (pwm
->pinentry_term
)
1105 pwmd_free(pwm
->pinentry_term
);
1108 pwmd_free(pwm
->lcctype
);
1110 if (pwm
->lcmessages
)
1111 pwmd_free(pwm
->lcmessages
);
1114 pwmd_free(pwm
->filename
);
1117 pwmd_free(pwm
->name
);
1121 free_tcp_conn(pwm
->tcp_conn
);
1127 static int mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
1129 membuf_t
*mem
= (membuf_t
*)data
;
1135 if ((p
= pwmd_realloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
1139 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
1144 static int _inquire_cb(void *data
, const char *keyword
)
1146 pwm_t
*pwm
= (pwm_t
*)data
;
1148 int flags
= fcntl(pwm
->fd
, F_GETFL
);
1150 /* Shouldn't get this far without a callback. */
1151 if (!pwm
->inquire_func
)
1152 return GPG_ERR_INV_ARG
;
1155 char *result
= NULL
;
1159 rc
= pwm
->inquire_func(pwm
->inquire_data
, keyword
, rc
, &result
, &len
);
1160 rc
= gpg_err_code(rc
);
1162 if (rc
== GPG_ERR_EOF
|| !rc
) {
1163 if (len
<= 0 || !result
) {
1168 arc
= assuan_send_data(pwm
->ctx
, result
, len
);
1170 if (rc
== GPG_ERR_EOF
) {
1181 /* Set to non-blocking so _pwmd_process() can return. */
1182 fcntl(pwm
->fd
, F_SETFL
, O_NONBLOCK
);
1183 rc
= _pwmd_process(pwm
);
1184 fcntl(pwm
->fd
, F_SETFL
, flags
);
1188 fcntl(pwm
->fd
, F_SETFL
, flags
);
1192 static gpg_error_t
do_nb_command(pwm_t
*pwm
, const char *cmd
, ...)
1198 if (pwm
->state
== ASYNC_DONE
)
1199 pwm
->state
= ASYNC_INIT
;
1201 if (pwm
->state
!= ASYNC_INIT
)
1202 return GPG_ERR_INV_STATE
;
1204 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1207 return gpg_error_from_errno(ENOMEM
);
1210 vsnprintf(buf
, ASSUAN_LINELENGTH
, cmd
, ap
);
1212 rc
= assuan_write_line(pwm
->ctx
, buf
);
1216 pwm
->state
= ASYNC_PROCESS
;
1221 gpg_error_t
pwmd_open_async(pwm_t
*pwm
, const char *filename
)
1223 if (!pwm
|| !filename
)
1224 return GPG_ERR_INV_ARG
;
1227 return GPG_ERR_INV_STATE
;
1229 if (pwm
->cmd
!= ASYNC_CMD_OPEN
) {
1235 pwmd_free(pwm
->filename
);
1237 pwm
->filename
= pwmd_strdup(filename
);
1239 rc
= send_pinentry_options(pwm
);
1245 pwm
->cmd
= ASYNC_CMD_OPEN
;
1246 return do_nb_command(pwm
, "OPEN %s %s", filename
,
1247 pwm
->password
? pwm
->password
: "");
1250 gpg_error_t
pwmd_save_async(pwm_t
*pwm
)
1255 return GPG_ERR_INV_ARG
;
1258 return GPG_ERR_INV_STATE
;
1260 rc
= send_pinentry_options(pwm
);
1265 pwm
->cmd
= ASYNC_CMD_SAVE
;
1266 return do_nb_command(pwm
, "SAVE %s", pwm
->password
? pwm
->password
: "");
1269 static gpg_error_t
parse_assuan_line(pwm_t
*pwm
)
1275 rc
= assuan_read_line(pwm
->ctx
, &line
, &len
);
1278 if (line
[0] == 'O' && line
[1] == 'K' &&
1279 (line
[2] == 0 || line
[2] == ' ')) {
1280 pwm
->state
= ASYNC_DONE
;
1282 else if (line
[0] == '#') {
1284 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' ')) {
1285 if (pwm
->status_func
) {
1286 rc
= pwm
->status_func(pwm
->status_data
,
1287 line
[1] == 0 ? line
+1 : line
+2);
1290 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
1291 (line
[3] == 0 || line
[3] == ' ')) {
1294 pwm
->state
= ASYNC_DONE
;
1301 gpg_error_t
pwmd_pending_line(pwm_t
*pwm
)
1304 return GPG_ERR_INV_ARG
;
1307 return GPG_ERR_INV_STATE
;
1309 return assuan_pending_line(pwm
->ctx
) ? 0 : GPG_ERR_NO_DATA
;
1312 static pwmd_async_t
reset_async(pwm_t
*pwm
, int done
)
1314 pwm
->state
= ASYNC_INIT
;
1315 pwm
->cmd
= ASYNC_CMD_NONE
;
1317 #ifdef WITH_PINENTRY
1318 if (pwm
->nb_fd
!= -1) {
1324 if (done
&& pwm
->tcp_conn
) {
1325 free_tcp_conn(pwm
->tcp_conn
);
1326 pwm
->tcp_conn
= NULL
;
1334 * Used for processing status messages when not in an async command and for
1335 * waiting for the result from pwmd_open_async() and pwmd_save_async().
1337 static gpg_error_t
_pwmd_process(pwm_t
*pwm
)
1341 struct timeval tv
= {0, 0};
1345 FD_SET(pwm
->fd
, &fds
);
1347 n
= pth_select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1349 n
= select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1353 return gpg_error_from_syserror();
1356 if (FD_ISSET(pwm
->fd
, &fds
))
1357 rc
= parse_assuan_line(pwm
);
1360 while (!rc
&& assuan_pending_line(pwm
->ctx
))
1361 rc
= parse_assuan_line(pwm
);
1366 pwmd_async_t
pwmd_process(pwm_t
*pwm
, gpg_error_t
*rc
, char **result
)
1370 struct timeval tv
= {0, 0};
1376 return GPG_ERR_INV_ARG
;
1381 *rc
= GPG_ERR_INV_ARG
;
1384 else if (!pwm
->ctx
) {
1387 *rc
= GPG_ERR_INV_STATE
;
1391 case ASYNC_CMD_CONNECT
:
1392 case ASYNC_CMD_HOSTKEY
:
1398 /* When not in a command, this will let libassuan process status messages
1399 * by calling PWMD_OPTION_STATUS_FUNC. The client can poll the file
1400 * descriptor returned by pwmd_get_fd() to determine when this should be
1401 * called or call pwmd_pending_line() to determine whether a buffered line
1402 * needs to be processed. */
1403 if (pwm
->cmd
== ASYNC_CMD_NONE
) {
1404 *rc
= _pwmd_process(pwm
);
1408 /* Fixes pwmd_open/save_async2() when there is a cached or new file. */
1409 if (pwm
->state
== ASYNC_DONE
) {
1410 reset_async(pwm
, 0);
1414 if (pwm
->state
!= ASYNC_PROCESS
) {
1415 *rc
= GPG_ERR_INV_STATE
;
1420 if (pwm
->cmd
== ASYNC_CMD_DNS
) {
1423 if (pwm
->tcp_conn
->rc
) {
1424 *rc
= pwm
->tcp_conn
->rc
;
1425 reset_async(pwm
, 1);
1431 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1433 /* Shouldn't happen. */
1438 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
1440 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
1444 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1448 else if (pwm
->cmd
== ASYNC_CMD_CONNECT
) {
1449 if (pwm
->tcp_conn
->rc
== GPG_ERR_EINPROGRESS
) {
1451 socklen_t len
= sizeof(int);
1454 FD_SET(pwm
->tcp_conn
->fd
, &fds
);
1456 n
= pth_select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1458 n
= select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1461 if (!n
|| !FD_ISSET(pwm
->tcp_conn
->fd
, &fds
))
1464 *rc
= gpg_error_from_syserror();
1465 reset_async(pwm
, 1);
1469 ret
= getsockopt(pwm
->tcp_conn
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
1472 *rc
= ret
? gpg_error_from_syserror() : gpg_error_from_errno(n
);
1473 reset_async(pwm
, 1);
1477 else if (pwm
->tcp_conn
->rc
) {
1478 *rc
= pwm
->tcp_conn
->rc
;
1479 reset_async(pwm
, 1);
1483 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, 0);
1484 *rc
= setup_tcp_session(pwm
);
1487 switch (pwm
->tcp_conn
->cmd
) {
1488 case ASYNC_CMD_HOSTKEY
:
1490 *result
= pwm
->result
;
1497 return reset_async(pwm
, *rc
? 1 : 0);
1501 #ifdef WITH_PINENTRY
1502 if (pwm
->cmd
== ASYNC_CMD_OPEN2
|| pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1505 if (pwm
->nb_fd
== -1) {
1506 *rc
= GPG_ERR_INV_STATE
;
1507 return reset_async(pwm
, 0);
1511 FD_SET(pwm
->nb_fd
, &fds
);
1512 FD_SET(pwm
->fd
, &fds
);
1514 n
= pth_select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1516 n
= select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1519 *rc
= gpg_error_from_syserror();
1520 return reset_async(pwm
, 0);
1523 if (n
> 0 && FD_ISSET(pwm
->nb_fd
, &fds
)) {
1524 pwmd_nb_status_t nb
;
1526 size_t len
= pth_read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1528 size_t len
= read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1530 waitpid(pwm
->nb_pid
, &status
, WNOHANG
);
1532 if (len
!= sizeof(nb
)) {
1533 *rc
= gpg_error_from_syserror();
1534 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1539 if (*rc
== GPG_ERR_INV_PASSPHRASE
&& pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1540 reset_async(pwm
, 0);
1541 *rc
= pwmd_save_async2(pwm
);
1542 return ASYNC_PROCESS
;
1545 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1547 if (pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1548 *rc
= do_save_command(pwm
, nb
.password
);
1549 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1550 return reset_async(pwm
, 0);
1553 if (pwm
->cmd
== ASYNC_CMD_OPEN2
) {
1554 *rc
= do_open_command(pwm
, pwm
->filename
, nb
.password
);
1555 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1557 if (*rc
== GPG_ERR_INV_PASSPHRASE
) {
1558 if (++pwm
->pin_try
< pwm
->pinentry_tries
) {
1559 int n
= pwm
->pin_try
;
1561 reset_async(pwm
, 0);
1563 pwm
->cmd
= ASYNC_CMD_OPEN2
;
1564 *rc
= pwmd_open_async2(pwm
, pwm
->filename
);
1567 return reset_async(pwm
, 1);
1573 return reset_async(pwm
, *rc
? 1 : 0);
1577 /* Fall through so status messages can be processed during the
1583 *rc
= GPG_ERR_INV_STATE
;
1584 return reset_async(pwm
, 0);
1587 /* This is for pwmd_open_async() and pwmd_save_async(). For pinentry
1589 *rc
= _pwmd_process(pwm
);
1591 if (*rc
&& gpg_err_code(*rc
) != GPG_ERR_INV_PASSPHRASE
) {
1592 reset_async(pwm
, 0);
1597 if (!pwm
->tcp_conn
&& pwm
->cmd
== ASYNC_CMD_OPEN
&&
1599 if (pwm
->cmd
== ASYNC_CMD_OPEN
&&
1601 gpg_err_code(*rc
) == GPG_ERR_INV_PASSPHRASE
&&
1602 ++pwm
->pin_try
< pwm
->pinentry_tries
) {
1603 pwm
->state
= ASYNC_INIT
;
1604 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
1608 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN
? 1 : 0);
1610 if (pwm
->state
== ASYNC_DONE
) {
1611 reset_async(pwm
, 0);
1618 static gpg_error_t
assuan_command(pwm_t
*pwm
, assuan_context_t ctx
,
1619 char **result
, const char *cmd
)
1627 rc
= assuan_transact(ctx
, cmd
, mem_realloc_cb
, &data
, _inquire_cb
, pwm
,
1628 pwm
->status_func
, pwm
->status_data
);
1632 pwmd_free(data
.buf
);
1638 mem_realloc_cb(&data
, "", 1);
1641 pwmd_free(data
.buf
);
1642 rc
= GPG_ERR_INV_ARG
;
1645 *result
= (char *)data
.buf
;
1649 return gpg_err_code(rc
);
1652 gpg_error_t
pwmd_inquire(pwm_t
*pwm
, const char *cmd
, pwmd_inquire_cb_t fn
,
1655 if (!pwm
|| !cmd
|| !fn
)
1656 return GPG_ERR_INV_ARG
;
1659 return GPG_ERR_INV_STATE
;
1661 pwm
->inquire_func
= fn
;
1662 pwm
->inquire_data
= data
;
1663 return assuan_command(pwm
, pwm
->ctx
, NULL
, cmd
);
1666 #ifdef WITH_PINENTRY
1667 static gpg_error_t
terminate_pinentry(pwm_t
*pwm
)
1669 pid_t pid
= pwm
->pid
;
1673 if (!pwm
|| pid
== -1)
1674 return GPG_ERR_INV_ARG
;
1676 if (kill(pid
, 0) == 0) {
1677 if (kill(pid
, SIGTERM
) == -1) {
1678 if (kill(pid
, SIGKILL
) == -1)
1679 return gpg_error_from_errno(errno
);
1683 return gpg_error_from_errno(errno
);
1688 static gpg_error_t
set_pinentry_strings(pwm_t
*pwm
, int which
)
1693 tmp
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1696 return gpg_error_from_errno(ENOMEM
);
1699 pwm
->title
= pwmd_strdup_printf(N_("Password Manager Daemon: %s"),
1700 pwm
->name
? pwm
->name
: "libpwmd");
1706 pwm
->prompt
= pwmd_strdup(N_("Passphrase:"));
1711 if (!pwm
->desc
&& (which
== PINENTRY_OPEN
|| which
== PINENTRY_SAVE
)) {
1712 if (which
== PINENTRY_OPEN
)
1713 desc
= pwmd_strdup_printf(N_("A passphrase is required to open the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1715 desc
= pwmd_strdup_printf(N_("A passphrase is required to save to the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1727 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s", desc
);
1729 if (pwm
->desc
!= desc
)
1732 case PINENTRY_OPEN_FAILED
:
1733 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1734 N_("Invalid passphrase, please try again."));
1736 case PINENTRY_SAVE_CONFIRM
:
1737 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1738 N_("Please type the passphrase again for confirmation."));
1742 error
= pinentry_command(pwm
, NULL
, tmp
);
1749 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETPROMPT %s", pwm
->prompt
);
1750 error
= pinentry_command(pwm
, NULL
, tmp
);
1757 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETDESC %s", pwm
->title
);
1758 error
= pinentry_command(pwm
, NULL
, tmp
);
1764 return gpg_error_from_errno(ENOMEM
);
1767 static void update_pinentry_settings(pwm_t
*pwm
)
1773 char *pwbuf
= _getpwuid(&pw
);
1778 snprintf(buf
, sizeof(buf
), "%s/.pwmd/pinentry.conf", pw
.pw_dir
);
1780 if ((fp
= fopen(buf
, "r")) == NULL
) {
1785 while ((p
= fgets(buf
, sizeof(buf
), fp
)) != NULL
) {
1786 char name
[32], val
[256];
1788 if (sscanf(p
, " %31[a-zA-Z] = %255s", name
, val
) != 2)
1791 if (strcasecmp(name
, "TTYNAME") == 0) {
1792 pwmd_free(pwm
->pinentry_tty
);
1793 pwm
->pinentry_tty
= pwmd_strdup(val
);
1795 else if (strcasecmp(name
, "TTYTYPE") == 0) {
1796 pwmd_free(pwm
->pinentry_term
);
1797 pwm
->pinentry_term
= pwmd_strdup(val
);
1799 else if (strcasecmp(name
, "DISPLAY") == 0) {
1800 pwmd_free(pwm
->pinentry_display
);
1801 pwm
->pinentry_display
= pwmd_strdup(val
);
1803 else if (strcasecmp(name
, "PATH") == 0) {
1804 pwmd_free(pwm
->pinentry_path
);
1805 pwm
->pinentry_path
= expand_homedir(val
, &pw
);
1813 static gpg_error_t
launch_pinentry(pwm_t
*pwm
)
1816 assuan_context_t ctx
;
1817 int child_list
[] = {-1};
1818 char *display
= getenv("DISPLAY");
1819 const char *argv
[10];
1820 const char **p
= argv
;
1821 int have_display
= 0;
1823 char *ttybuf
= NULL
;
1825 update_pinentry_settings(pwm
);
1827 if (pwm
->pinentry_display
|| display
)
1830 if (!pwm
->pinentry_tty
) {
1831 ttybuf
= pwmd_malloc(255);
1834 return gpg_error_from_errno(ENOMEM
);
1836 rc
= ttyname_r(STDOUT_FILENO
, ttybuf
, 255);
1840 return gpg_error_from_errno(rc
);
1846 tty
= pwm
->pinentry_tty
;
1849 if (!have_display
&& !tty
)
1850 return GPG_ERR_ENOTTY
;
1853 *p
++ = have_display
? "--display" : "--ttyname";
1854 *p
++ = have_display
? pwm
->pinentry_display
? pwm
->pinentry_display
: display
: tty
;
1857 *p
++ = "--lc-ctype";
1858 *p
++ = pwm
->lcctype
;
1861 if (pwm
->lcmessages
) {
1862 *p
++ = "--lc-messages";
1863 *p
++ = pwm
->lcmessages
;
1868 if (!have_display
) {
1870 *p
++ = pwm
->pinentry_term
? pwm
->pinentry_term
: getenv("TERM");
1874 rc
= assuan_pipe_connect(&ctx
, pwm
->pinentry_path
? pwm
->pinentry_path
: PINENTRY_PATH
, argv
, child_list
);
1882 pwm
->pid
= assuan_get_pid(ctx
);
1884 return set_pinentry_strings(pwm
, 0);
1887 static gpg_error_t
pinentry_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1892 n
= launch_pinentry(pwm
);
1898 return assuan_command(pwm
, pwm
->pctx
, result
, cmd
);
1901 static void pinentry_disconnect(pwm_t
*pwm
)
1904 assuan_disconnect(pwm
->pctx
);
1911 * Only called from a child process.
1913 static void catchsig(int sig
)
1917 if (gelapsed
++ >= gtimeout
) {
1918 terminate_pinentry(gpwm
);
1919 gerror
= GPG_ERR_TIMEOUT
;
1931 * Borrowed from libassuan.
1933 static char *percent_escape(const char *atext
)
1935 const unsigned char *s
;
1936 int len
= strlen(atext
) * 3 + 1;
1937 char *buf
= (char *)pwmd_malloc(len
), *p
= buf
;
1942 for (s
=(const unsigned char *)atext
; *s
; s
++) {
1944 sprintf (p
, "%%%02X", *s
);
1955 static gpg_error_t
send_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1958 return GPG_ERR_INV_ARG
;
1960 return assuan_command(pwm
, pwm
->ctx
, result
, cmd
);
1963 gpg_error_t
pwmd_command_ap(pwm_t
*pwm
, char **result
, const char *cmd
,
1972 return GPG_ERR_INV_ARG
;
1975 return GPG_ERR_INV_STATE
;
1978 * C99 allows the dst pointer to be null which will calculate the length
1979 * of the would-be result and return it.
1982 len
= vsnprintf(NULL
, 0, cmd
, ap
)+1;
1983 buf
= (char *)pwmd_malloc(len
);
1987 return gpg_error_from_errno(ENOMEM
);
1990 len
= vsnprintf(buf
, len
, cmd
, ap2
);
1993 if (buf
[strlen(buf
)-1] == '\n')
1994 buf
[strlen(buf
)-1] = 0;
1996 if (buf
[strlen(buf
)-1] == '\r')
1997 buf
[strlen(buf
)-1] = 0;
1999 error
= send_command(pwm
, result
, buf
);
2004 gpg_error_t
pwmd_command(pwm_t
*pwm
, char **result
, const char *cmd
, ...)
2010 return GPG_ERR_INV_ARG
;
2013 return GPG_ERR_INV_STATE
;
2019 error
= pwmd_command_ap(pwm
, result
, cmd
, ap
);
2024 #ifdef WITH_PINENTRY
2025 static gpg_error_t
do_getpin(pwm_t
*pwm
, char **result
)
2028 signal(SIGALRM
, catchsig
);
2033 return pinentry_command(pwm
, result
, "GETPIN");
2036 static gpg_error_t
getpin(pwm_t
*pwm
, char **result
, int which
)
2041 rc
= set_pinentry_strings(pwm
, which
);
2044 pinentry_disconnect(pwm
);
2048 rc
= do_getpin(pwm
, result
);
2051 * Since there was input cancel any timeout setting.
2054 signal(SIGALRM
, SIG_DFL
);
2058 pinentry_disconnect(pwm
);
2060 /* This lets pwmd_open2() with PWMD_OPTION_PINENTRY_TIMEOUT work. */
2061 if (rc
== GPG_ERR_EOF
&& gerror
== GPG_ERR_TIMEOUT
)
2071 static gpg_error_t
do_open_command(pwm_t
*pwm
, const char *filename
, char *password
)
2075 char *result
= NULL
;
2077 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2080 return gpg_error_from_errno(ENOMEM
);
2082 snprintf(buf
, ASSUAN_LINELENGTH
, "OPEN %s %s", filename
,
2083 password
? password
: "");
2084 error
= send_command(pwm
, &result
, buf
);
2087 if (error
&& result
)
2093 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
)
2097 if (pwm
->pinentry_path
) {
2098 rc
= pwmd_command(pwm
, NULL
, "OPTION PATH=%s", pwm
->pinentry_path
);
2104 if (pwm
->pinentry_tty
) {
2105 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYNAME=%s", pwm
->pinentry_tty
);
2111 if (pwm
->pinentry_term
) {
2112 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYTYPE=%s", pwm
->pinentry_term
);
2118 if (pwm
->pinentry_display
) {
2119 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->pinentry_display
);
2126 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->title
);
2133 rc
= pwmd_command(pwm
, NULL
, "OPTION DESC=%s", pwm
->desc
);
2140 rc
= pwmd_command(pwm
, NULL
, "OPTION PROMPT=%s", pwm
->prompt
);
2147 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_CTYPE=%s", pwm
->lcctype
);
2153 if (pwm
->lcmessages
) {
2154 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_MESSAGES=%s", pwm
->lcmessages
);
2160 if (pwm
->pinentry_timeout
>= 0) {
2161 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=%i", pwm
->pinentry_timeout
);
2170 gpg_error_t
pwmd_socket_type(pwm_t
*pwm
, pwmd_socket_t
*result
)
2173 return GPG_ERR_INV_ARG
;
2176 if (pwm
->fd
== -1 && pwm
->tcp_conn
&& pwm
->tcp_conn
->fd
== -1)
2180 return GPG_ERR_INV_STATE
;
2183 *result
= pwm
->tcp_conn
? PWMD_SOCKET_SSH
: PWMD_SOCKET_UDS
;
2185 *result
= PWMD_SOCKET_UDS
;
2190 static gpg_error_t
do_pwmd_open(pwm_t
*pwm
, const char *filename
, int nb
,
2193 char *result
= NULL
;
2194 char *password
= NULL
;
2199 if (!pwm
|| !filename
|| !*filename
)
2200 return GPG_ERR_INV_ARG
;
2203 return GPG_ERR_INV_STATE
;
2205 pin_try
= pwm
->pinentry_tries
- 1;
2208 * Avoid calling pinentry if the password is cached on the server or if
2209 * this is a new file. pwmd version 2 adds a VERSION command which is
2210 * determined in _socket_connect_finalize(). If the server is version 2,
2211 * ISCACHED can determine if a file exists.
2214 if (!pwm
->tcp_conn
&& pwm
->version
== PWMD_V1
) {
2216 if (pwm
->version
== PWMD_V1
) {
2218 rc
= pwmd_command(pwm
, &result
, "GETCONFIG data_directory");
2223 path
= pwmd_strdup_printf("%s/%s", result
, filename
);
2227 return gpg_error_from_errno(ENOMEM
);
2229 if (access(path
, R_OK
) == -1) {
2230 if (errno
== ENOENT
) {
2239 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", filename
);
2241 if (gpg_err_code(rc
) == GPG_ERR_ENOENT
)
2244 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2247 if (rc
== GPG_ERR_NOT_FOUND
) {
2248 if (pwm
->password
) {
2249 password
= pwm
->password
;
2253 if (pwm
->passfunc
) {
2254 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2263 #ifdef WITH_PINENTRY
2264 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2265 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
2271 pwm
->filename
= pwmd_strdup(filename
);
2274 return gpg_error_from_errno(ENOMEM
);
2276 /* Get the passphrase using the LOCAL pinentry. */
2280 pwmd_nb_status_t pw
;
2283 return gpg_error_from_syserror();
2296 if (pwm
->pinentry_timeout
!= 0) {
2298 gtimeout
= abs(pwm
->pinentry_timeout
);
2302 pw
.error
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2304 if (gtimeout
&& gelapsed
>= gtimeout
)
2305 pw
.error
= GPG_ERR_TIMEOUT
;
2308 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2311 pinentry_disconnect(pwm
);
2313 pth_write(p
[1], &pw
, sizeof(pw
));
2315 write(p
[1], &pw
, sizeof(pw
));
2317 memset(&pw
, 0, sizeof(pw
));
2322 rc
= gpg_error_from_syserror();
2336 if (pwm
->pinentry_timeout
!= 0) {
2338 gtimeout
= abs(pwm
->pinentry_timeout
);
2342 rc
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2344 /* Don't timeout when an invalid passphrase was entered. */
2353 pwm
->state
= ASYNC_DONE
;
2356 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2358 if (!local_pinentry
) {
2360 rc
= send_pinentry_options(pwm
);
2366 rc
= do_open_command(pwm
, filename
, password
);
2369 * Keep the user defined password set with pwmd_setopt(). The password may
2370 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
2372 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2373 pwmd_free(password
);
2376 if (rc
== GPG_ERR_INV_PASSPHRASE
&& !pwm
->tcp_conn
) {
2378 if (rc
== GPG_ERR_INV_PASSPHRASE
) {
2380 if (pin_try
-- > 0 && !nb
) {
2382 #ifdef WITH_PINENTRY
2384 rc
= getpin(pwm
, &password
, PINENTRY_OPEN_FAILED
);
2387 rc
= pwmd_command(pwm
, &result
, "OPTION TITLE=%s",
2388 N_("Invalid passphrase, please try again."));
2396 #ifdef WITH_PINENTRY
2398 pinentry_disconnect(pwm
);
2406 pwmd_free(pwm
->filename
);
2408 pwm
->filename
= pwmd_strdup(filename
);
2414 gpg_error_t
pwmd_open2(pwm_t
*pwm
, const char *filename
)
2416 #ifndef WITH_PINENTRY
2417 return GPG_ERR_NOT_IMPLEMENTED
;
2419 return do_pwmd_open(pwm
, filename
, 0, 1);
2423 gpg_error_t
pwmd_open(pwm_t
*pwm
, const char *filename
)
2425 return do_pwmd_open(pwm
, filename
, 0, 0);
2428 gpg_error_t
pwmd_open_async2(pwm_t
*pwm
, const char *filename
)
2430 #ifndef WITH_PINENTRY
2431 return GPG_ERR_NOT_IMPLEMENTED
;
2435 if (!pwm
|| !filename
)
2436 return GPG_ERR_INV_ARG
;
2439 return GPG_ERR_INV_STATE
;
2441 if (pwm
->cmd
!= ASYNC_CMD_OPEN2
)
2444 pwm
->cmd
= ASYNC_CMD_OPEN2
;
2445 pwm
->state
= ASYNC_PROCESS
;
2446 rc
= do_pwmd_open(pwm
, filename
, 1, 1);
2449 reset_async(pwm
, 1);
2455 #ifdef WITH_PINENTRY
2456 static gpg_error_t
do_save_getpin(pwm_t
*pwm
, char **password
)
2460 char *result
= NULL
;
2463 error
= getpin(pwm
, &result
, confirm
? PINENTRY_SAVE_CONFIRM
: PINENTRY_SAVE
);
2467 pinentry_disconnect(pwm
);
2470 pwmd_free(*password
);
2480 if (strcmp(*password
, result
)) {
2481 pwmd_free(*password
);
2489 pinentry_disconnect(pwm
);
2494 static gpg_error_t
do_save_command(pwm_t
*pwm
, char *password
)
2498 char *result
= NULL
;
2500 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2503 return gpg_error_from_errno(ENOMEM
);
2505 snprintf(buf
, ASSUAN_LINELENGTH
, "SAVE %s", password
? password
: "");
2506 error
= send_command(pwm
, &result
, buf
);
2509 if (error
&& result
)
2515 static gpg_error_t
do_pwmd_save(pwm_t
*pwm
, int nb
, int local_pinentry
)
2517 char *result
= NULL
;
2518 char *password
= NULL
;
2522 return GPG_ERR_INV_ARG
;
2525 return GPG_ERR_INV_STATE
;
2527 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", pwm
->filename
);
2529 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2532 if (rc
== GPG_ERR_NOT_FOUND
) {
2533 if (pwm
->password
) {
2534 password
= pwm
->password
;
2538 if (pwm
->passfunc
) {
2539 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2548 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2549 #ifdef WITH_PINENTRY
2550 /* Get the password using the LOCAL pinentry. */
2554 pwmd_nb_status_t pw
;
2557 return gpg_error_from_syserror();
2570 pw
.error
= do_save_getpin(pwm
, &password
);
2571 pinentry_disconnect(pwm
);
2572 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2575 pth_write(p
[1], &pw
, sizeof(pw
));
2577 write(p
[1], &pw
, sizeof(pw
));
2579 memset(&pw
, 0, sizeof(pw
));
2584 rc
= gpg_error_from_syserror();
2598 rc
= do_save_getpin(pwm
, &password
);
2605 pwm
->state
= ASYNC_DONE
;
2609 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2611 if (!local_pinentry
) {
2613 rc
= send_pinentry_options(pwm
);
2619 rc
= do_save_command(pwm
, password
);
2621 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2622 pwmd_free(password
);
2627 gpg_error_t
pwmd_save_async2(pwm_t
*pwm
)
2629 #ifndef WITH_PINENTRY
2630 return GPG_ERR_NOT_IMPLEMENTED
;
2635 return GPG_ERR_INV_ARG
;
2638 return GPG_ERR_INV_STATE
;
2640 pwm
->cmd
= ASYNC_CMD_SAVE2
;
2641 pwm
->state
= ASYNC_PROCESS
;
2642 rc
= do_pwmd_save(pwm
, 1, 1);
2645 reset_async(pwm
, 0);
2651 gpg_error_t
pwmd_save2(pwm_t
*pwm
)
2653 #ifndef WITH_PINENTRY
2654 return GPG_ERR_NOT_IMPLEMENTED
;
2656 return do_pwmd_save(pwm
, 0, 1);
2660 gpg_error_t
pwmd_save(pwm_t
*pwm
)
2662 return do_pwmd_save(pwm
, 0, 0);
2665 gpg_error_t
pwmd_setopt(pwm_t
*pwm
, pwmd_option_t opt
, ...)
2668 int n
= va_arg(ap
, int);
2670 gpg_error_t error
= 0;
2673 return GPG_ERR_INV_ARG
;
2678 case PWMD_OPTION_STATUS_CB
:
2679 pwm
->status_func
= va_arg(ap
, pwmd_status_cb_t
);
2681 case PWMD_OPTION_STATUS_DATA
:
2682 pwm
->status_data
= va_arg(ap
, void *);
2684 case PWMD_OPTION_PASSPHRASE_CB
:
2685 pwm
->passfunc
= va_arg(ap
, pwmd_passphrase_cb_t
);
2687 case PWMD_OPTION_PASSPHRASE_DATA
:
2688 pwm
->passdata
= va_arg(ap
, void *);
2690 case PWMD_OPTION_PASSPHRASE
:
2691 arg1
= va_arg(ap
, char *);
2694 pwmd_free(pwm
->password
);
2696 pwm
->password
= pwmd_strdup(arg1
);
2698 case PWMD_OPTION_PINENTRY_TRIES
:
2699 n
= va_arg(ap
, int);
2703 error
= GPG_ERR_INV_VALUE
;
2706 pwm
->pinentry_tries
= n
;
2708 case PWMD_OPTION_PINENTRY_TIMEOUT
:
2709 n
= va_arg(ap
, int);
2713 error
= GPG_ERR_INV_VALUE
;
2716 pwm
->pinentry_timeout
= n
;
2718 case PWMD_OPTION_PINENTRY_PATH
:
2719 if (pwm
->pinentry_path
)
2720 pwmd_free(pwm
->pinentry_path
);
2722 pwm
->pinentry_path
= expand_homedir(va_arg(ap
, char *), NULL
);
2724 case PWMD_OPTION_PINENTRY_TTY
:
2725 if (pwm
->pinentry_tty
)
2726 pwmd_free(pwm
->pinentry_tty
);
2728 pwm
->pinentry_tty
= pwmd_strdup(va_arg(ap
, char *));
2730 case PWMD_OPTION_PINENTRY_DISPLAY
:
2731 if (pwm
->pinentry_display
)
2732 pwmd_free(pwm
->pinentry_display
);
2734 pwm
->pinentry_display
= pwmd_strdup(va_arg(ap
, char *));
2736 case PWMD_OPTION_PINENTRY_TERM
:
2737 if (pwm
->pinentry_term
)
2738 pwmd_free(pwm
->pinentry_term
);
2740 pwm
->pinentry_term
= pwmd_strdup(va_arg(ap
, char *));
2742 case PWMD_OPTION_PINENTRY_TITLE
:
2744 pwmd_free(pwm
->title
);
2746 pwm
->title
= percent_escape(va_arg(ap
, char *));
2748 case PWMD_OPTION_PINENTRY_PROMPT
:
2750 pwmd_free(pwm
->prompt
);
2752 pwm
->prompt
= percent_escape(va_arg(ap
, char *));
2754 case PWMD_OPTION_PINENTRY_DESC
:
2756 pwmd_free(pwm
->desc
);
2758 pwm
->desc
= percent_escape(va_arg(ap
, char *));
2760 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
2762 pwmd_free(pwm
->lcctype
);
2764 pwm
->lcctype
= pwmd_strdup(va_arg(ap
, char *));
2766 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
2767 if (pwm
->lcmessages
)
2768 pwmd_free(pwm
->lcmessages
);
2770 pwm
->lcmessages
= pwmd_strdup(va_arg(ap
, char *));
2773 case PWMD_OPTION_IP_VERSION
:
2774 n
= va_arg(ap
, int);
2783 error
= GPG_ERR_INV_VALUE
;
2791 error
= GPG_ERR_NOT_IMPLEMENTED
;
2799 gpg_error_t
pwmd_get_fds(pwm_t
*pwm
, pwmd_fd_t
*fds
, int *n_fds
)
2804 int afds
[ARES_GETSOCK_MAXNUM
];
2809 if (!pwm
|| !fds
|| !n_fds
|| *n_fds
<= 0)
2810 return GPG_ERR_INV_ARG
;
2814 memset(afds
, 0, sizeof(int)*ARES_GETSOCK_MAXNUM
);
2816 memset(fds
, 0, sizeof(pwmd_fd_t
)*in_total
);
2821 case ASYNC_CMD_NONE
:
2822 case ASYNC_CMD_OPEN
:
2823 case ASYNC_CMD_SAVE
:
2824 #ifdef WITH_PINENTRY
2828 return GPG_ERR_INV_STATE
;
2831 fds
[fd
].fd
= pwm
->fd
;
2832 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2834 #ifdef WITH_PINENTRY
2835 case ASYNC_CMD_OPEN2
:
2836 case ASYNC_CMD_SAVE2
:
2837 /* The command has already completed (cached or new). */
2838 if (pwm
->state
== ASYNC_DONE
)
2841 if (pwm
->nb_fd
== -1)
2842 return GPG_ERR_INV_STATE
;
2845 fds
[fd
].fd
= pwm
->nb_fd
;
2846 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2851 if (!pwm
->tcp_conn
|| !pwm
->tcp_conn
->chan
)
2852 return GPG_ERR_INV_STATE
;
2854 n
= ares_getsock(pwm
->tcp_conn
->chan
, afds
, ARES_GETSOCK_MAXNUM
);
2856 for (i
= 0; i
< ARES_GETSOCK_MAXNUM
; i
++) {
2859 if (fd
> in_total
) {
2861 return GPG_ERR_ERANGE
;
2864 if (ARES_GETSOCK_READABLE(n
, i
)) {
2866 fds
[fd
].flags
|= PWMD_FD_READABLE
;
2869 if (ARES_GETSOCK_WRITABLE(n
, i
)) {
2871 fds
[fd
].flags
|= PWMD_FD_WRITABLE
;
2875 fds
[fd
++].fd
= afds
[i
];
2880 case ASYNC_CMD_CONNECT
:
2881 case ASYNC_CMD_HOSTKEY
:
2882 if (!pwm
->tcp_conn
|| pwm
->tcp_conn
->fd
== -1)
2883 return GPG_ERR_INV_STATE
;
2886 fds
[fd
].fd
= pwm
->tcp_conn
->fd
;
2887 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2892 return GPG_ERR_INV_STATE
;
2895 pwm_t
*pwmd_new(const char *name
)
2897 pwm_t
*h
= pwmd_calloc(1, sizeof(pwm_t
));
2903 h
->name
= pwmd_strdup(name
);
2912 #ifdef WITH_PINENTRY
2915 h
->pinentry_timeout
= -30;
2916 h
->pinentry_tries
= 3;
2918 h
->prot
= PWMD_IP_ANY
;
2923 void pwmd_free(void *ptr
)
2928 void *pwmd_malloc(size_t size
)
2930 return xmalloc(size
);
2933 void *pwmd_calloc(size_t nmemb
, size_t size
)
2935 return xcalloc(nmemb
, size
);
2938 void *pwmd_realloc(void *ptr
, size_t size
)
2940 return xrealloc(ptr
, size
);
2943 char *pwmd_strdup(const char *str
)
2945 return xstrdup(str
);
2948 char *pwmd_strdup_printf(const char *fmt
, ...)
2959 len
= vsnprintf(NULL
, 0, fmt
, ap
);
2961 buf
= pwmd_malloc(++len
);
2964 vsnprintf(buf
, len
, fmt
, ap2
);