1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
26 #include <sys/socket.h>
35 #include <sys/types.h>
37 #include <sys/select.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
52 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
54 #include <arpa/nameser.h>
66 #define N_(msgid) dgettext("libpwmd", msgid)
71 static char *_getpwuid(struct passwd
*pwd
)
73 size_t size
= sysconf(_SC_GETPW_R_SIZE_MAX
);
74 struct passwd
*result
;
81 buf
= pwmd_malloc(size
);
86 n
= getpwuid_r(getuid(), pwd
, buf
, size
, &result
);
103 static const char *_pwmd_strerror(gpg_error_t e
)
105 gpg_err_code_t code
= gpg_err_code(e
);
107 if (code
>= GPG_ERR_USER_1
&& code
< gpg_err_code(EPWMD_MAX
)) {
112 return N_("Unknown error");
114 return N_("No cache slots available");
116 return N_("Recursion loop");
118 return N_("No file is open");
120 return N_("General LibXML error");
122 return N_("File modified");
129 const char *pwmd_strerror(gpg_error_t code
)
131 const char *p
= _pwmd_strerror(code
);
133 return p
? p
: gpg_strerror(code
);
136 int pwmd_strerror_r(gpg_error_t code
, char *buf
, size_t size
)
138 const char *p
= _pwmd_strerror(code
);
141 snprintf(buf
, size
, "%s", p
);
143 if (strlen(p
) > size
)
149 return gpg_strerror_r(code
, buf
, size
);
152 gpg_error_t
pwmd_init()
154 static int initialized
;
163 bindtextdomain("libpwmd", LOCALEDIR
);
166 assuan_set_malloc_hooks(pwmd_malloc
, pwmd_realloc
, pwmd_free
);
167 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
172 static gpg_error_t
_socket_connect_finalize(pwm_t
*pwm
)
175 int n
= assuan_get_active_fds(pwm
->ctx
, 0, active
, N_ARRAY(active
));
180 return GPG_ERR_EBADFD
;
186 assuan_set_pointer(pwm
->ctx
, pwm
);
189 // Until X11 forwarding is supported, disable the remote pwmd pinentry.
191 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
199 rc
= pwmd_command(pwm
, NULL
, "OPTION CLIENT NAME=%s", pwm
->name
);
205 rc
= pwmd_command(pwm
, &result
, "VERSION");
207 if (rc
&& rc
!= GPG_ERR_ASS_UNKNOWN_CMD
)
211 pwm
->version
= PWMD_V1
;
213 pwm
->version
= PWMD_V2
;
220 static int read_hook(assuan_context_t ctx
, assuan_fd_t fd
, void *data
,
221 size_t len
, ssize_t
*ret
)
223 pwm_t
*pwm
= assuan_get_pointer(ctx
);
225 if (!pwm
|| !pwm
->tcp_conn
)
227 *ret
= pth_read((int)fd
, data
, len
);
229 *ret
= read((int)fd
, data
, len
);
232 *ret
= libssh2_channel_read(pwm
->tcp_conn
->channel
, data
, len
);
234 return *ret
>= 0 ? 1 : 0;
237 static int write_hook(assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
238 size_t len
, ssize_t
*ret
)
240 pwm_t
*pwm
= assuan_get_pointer(ctx
);
242 if (!pwm
|| !pwm
->tcp_conn
)
244 *ret
= pth_write((int)fd
, data
, len
);
246 *ret
= write((int)fd
, data
, len
);
249 *ret
= libssh2_channel_write(pwm
->tcp_conn
->channel
, data
, len
);
251 return *ret
>= 0 ? 1 : 0;
254 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
);
255 static void free_tcp_conn(pwmd_tcp_conn_t
*conn
)
260 if (conn
->username
) {
261 pwmd_free(conn
->username
);
262 conn
->username
= NULL
;
265 if (conn
->known_hosts
) {
266 pwmd_free(conn
->known_hosts
);
267 conn
->known_hosts
= NULL
;
270 if (conn
->identity
) {
271 pwmd_free(conn
->identity
);
272 conn
->identity
= NULL
;
275 if (conn
->identity_pub
) {
276 pwmd_free(conn
->identity_pub
);
277 conn
->identity_pub
= NULL
;
281 pwmd_free(conn
->host
);
286 pwmd_free(conn
->hostkey
);
287 conn
->hostkey
= NULL
;
291 ares_destroy(conn
->chan
);
296 ares_free_hostent(conn
->he
);
300 if (!conn
->session
&& conn
->fd
>= 0) {
311 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
)
317 libssh2_channel_close(conn
->channel
);
318 libssh2_channel_free(conn
->channel
);
322 libssh2_session_disconnect(conn
->session
, "Bye!");
323 libssh2_session_free(conn
->session
);
326 conn
->session
= NULL
;
327 conn
->channel
= NULL
;
331 static void _ssh_assuan_deinit(assuan_context_t ctx
)
333 pwm_t
*pwm
= assuan_get_pointer(ctx
);
336 pwm
->tcp_conn
->fd
= -1;
337 _ssh_deinit(pwm
->tcp_conn
);
338 pwm
->tcp_conn
= NULL
;
343 * Sets common options from both pwmd_ssh_connect() and
344 * pwmd_ssh_connect_async().
346 static gpg_error_t
init_tcp_conn(pwmd_tcp_conn_t
**dst
, const char *host
,
347 int port
, const char *identity
, const char *user
,
348 const char *known_hosts
, int get
)
350 pwmd_tcp_conn_t
*conn
;
356 return GPG_ERR_INV_ARG
;
359 if (!host
|| !*host
|| !identity
|| !*identity
|| !known_hosts
||
361 return GPG_ERR_INV_ARG
;
364 conn
= pwmd_calloc(1, sizeof(pwmd_tcp_conn_t
));
367 return gpg_error_from_errno(ENOMEM
);
369 conn
->port
= port
== -1 ? 22 : port
;
370 conn
->host
= pwmd_strdup(host
);
373 rc
= gpg_error_from_errno(ENOMEM
);
380 pwbuf
= _getpwuid(&pw
);
383 rc
= gpg_error_from_errno(errno
);
387 conn
->username
= pwmd_strdup(user
? user
: pw
.pw_name
);
389 if (!conn
->username
) {
390 rc
= gpg_error_from_errno(ENOMEM
);
394 conn
->identity
= expand_homedir((char *)identity
, &pw
);
396 if (!conn
->identity
) {
397 rc
= gpg_error_from_errno(ENOMEM
);
401 conn
->identity_pub
= pwmd_malloc(strlen(conn
->identity
)+5);
403 if (!conn
->identity_pub
) {
404 rc
= gpg_error_from_errno(ENOMEM
);
408 sprintf(conn
->identity_pub
, "%s.pub", conn
->identity
);
409 conn
->known_hosts
= expand_homedir((char *)known_hosts
, &pw
);
411 if (!conn
->known_hosts
) {
412 rc
= gpg_error_from_errno(ENOMEM
);
430 static gpg_error_t
do_connect(pwm_t
*pwm
, int prot
, void *addr
)
432 struct sockaddr_in their_addr
;
434 pwm
->tcp_conn
->fd
= socket(prot
, SOCK_STREAM
, 0);
436 if (pwm
->tcp_conn
->fd
== -1)
437 return gpg_error_from_syserror();
439 if (pwm
->tcp_conn
->async
)
440 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, O_NONBLOCK
);
442 pwm
->cmd
= ASYNC_CMD_CONNECT
;
443 their_addr
.sin_family
= prot
;
444 their_addr
.sin_port
= htons(pwm
->tcp_conn
->port
);
445 their_addr
.sin_addr
= *((struct in_addr
*)addr
);
446 memset(their_addr
.sin_zero
, '\0', sizeof their_addr
.sin_zero
);
449 if (pth_connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
450 sizeof(their_addr
)) == -1)
452 if (connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
453 sizeof(their_addr
)) == -1)
455 return gpg_error_from_syserror();
460 static gpg_error_t
ares_error_to_pwmd(int status
)
462 if (status
!= ARES_SUCCESS
)
463 warnx("%s", ares_strerror(status
));
469 return GPG_ERR_UNKNOWN_HOST
;
471 return GPG_ERR_EHOSTDOWN
;
473 return GPG_ERR_TIMEOUT
;
475 return gpg_error_from_errno(ENOMEM
);
476 case ARES_ECONNREFUSED
:
477 return GPG_ERR_ECONNREFUSED
;
480 return GPG_ERR_EHOSTUNREACH
;
486 static void dns_resolve_cb(void *arg
, int status
, int timeouts
,
487 unsigned char *abuf
, int alen
)
493 if (status
== ARES_EDESTRUCTION
)
496 if (status
!= ARES_SUCCESS
) {
497 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
501 /* Check for an IPv6 address first. */
502 if (pwm
->prot
== PWMD_IP_ANY
|| pwm
->prot
== PWMD_IPV6
)
503 rc
= ares_parse_aaaa_reply(abuf
, alen
, &he
, NULL
, NULL
);
505 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
507 if (rc
!= ARES_SUCCESS
) {
508 if (pwm
->prot
!= PWMD_IP_ANY
|| rc
!= ARES_ENODATA
) {
509 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
513 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
515 if (rc
!= ARES_SUCCESS
) {
516 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
521 pwm
->tcp_conn
->he
= he
;
522 pwm
->tcp_conn
->rc
= do_connect(pwm
, he
->h_addrtype
, he
->h_addr
);
525 static gpg_error_t
_do_pwmd_tcp_connect_async(pwm_t
*pwm
, const char *host
,
526 int port
, const char *identity
, const char *user
,
527 const char *known_hosts
, pwmd_async_cmd_t which
)
529 pwmd_tcp_conn_t
*conn
;
533 return GPG_ERR_INV_ARG
;
535 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
,
536 which
== ASYNC_CMD_HOSTKEY
? 1 : 0);
542 pwm
->tcp_conn
= conn
;
543 pwm
->tcp_conn
->cmd
= which
;
545 if (pwm
->tcp_conn
->cmd
== ASYNC_CMD_HOSTKEY
)
546 pwm
->tcp_conn
->get_only
= 1;
548 pwm
->cmd
= ASYNC_CMD_DNS
;
549 pwm
->state
= ASYNC_PROCESS
;
550 ares_init(&pwm
->tcp_conn
->chan
);
551 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
552 dns_resolve_cb
, pwm
);
556 gpg_error_t
pwmd_ssh_connect_async(pwm_t
*pwm
, const char *host
, int port
,
557 const char *identity
, const char *user
, const char *known_hosts
)
559 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, identity
, user
,
560 known_hosts
, ASYNC_CMD_CONNECT
);
563 static void *_ssh_malloc(size_t size
, void **data
)
565 return pwmd_malloc(size
);
568 static void _ssh_free(void *ptr
, void **data
)
573 static void *_ssh_realloc(void *ptr
, size_t size
, void **data
)
575 return pwmd_realloc(ptr
, size
);
578 static char *to_hex(const char *str
, size_t slen
)
581 char *buf
= pwmd_malloc(slen
*2+1);
586 for (i
= 0, buf
[0] = 0; i
< slen
; i
++) {
589 sprintf(tmp
, "%02x", (unsigned char)str
[i
]);
596 static int verify_host_key(pwm_t
*pwm
)
598 FILE *fp
= fopen(pwm
->tcp_conn
->known_hosts
, "r");
604 buf
= pwmd_malloc(LINE_MAX
);
609 while ((p
= fgets(buf
, LINE_MAX
, fp
))) {
610 if (*p
== '#' || isspace(*p
))
613 if (p
[strlen(p
)-1] == '\n')
616 if (!strcmp(buf
, pwm
->tcp_conn
->hostkey
))
633 static gpg_error_t
authenticate_ssh(pwm_t
*pwm
)
635 const char *fp
= libssh2_hostkey_hash(pwm
->tcp_conn
->session
,
636 LIBSSH2_HOSTKEY_HASH_SHA1
);
639 pwm
->tcp_conn
->hostkey
= to_hex(fp
, 20);
641 if (!pwm
->tcp_conn
->hostkey
)
642 return gpg_error_from_errno(ENOMEM
);
644 if (pwm
->tcp_conn
->get_only
)
647 if (!fp
|| verify_host_key(pwm
))
648 return GPG_ERR_BAD_CERT
;
650 userauth
= libssh2_userauth_list(pwm
->tcp_conn
->session
,
651 pwm
->tcp_conn
->username
, strlen(pwm
->tcp_conn
->username
));
653 if (!userauth
|| !strstr(userauth
, "publickey"))
654 return GPG_ERR_BAD_PIN_METHOD
;
656 if (libssh2_userauth_publickey_fromfile(pwm
->tcp_conn
->session
,
657 pwm
->tcp_conn
->username
, pwm
->tcp_conn
->identity_pub
,
658 pwm
->tcp_conn
->identity
, NULL
))
659 return GPG_ERR_BAD_SECKEY
;
664 static gpg_error_t
setup_tcp_session(pwm_t
*pwm
)
666 assuan_context_t ctx
;
667 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
670 pwm
->tcp_conn
->session
= libssh2_session_init_ex(_ssh_malloc
, _ssh_free
,
673 if (!pwm
->tcp_conn
->session
) {
674 rc
= gpg_error_from_errno(ENOMEM
);
678 if (libssh2_session_startup(pwm
->tcp_conn
->session
, pwm
->tcp_conn
->fd
)) {
679 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
683 rc
= authenticate_ssh(pwm
);
688 /* pwmd_get_hostkey(). */
689 if (pwm
->tcp_conn
->get_only
) {
690 pwm
->result
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
693 rc
= gpg_error_from_errno(ENOMEM
);
700 pwm
->tcp_conn
->channel
= libssh2_channel_open_session(pwm
->tcp_conn
->session
);
702 if (!pwm
->tcp_conn
->channel
) {
703 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
707 if (libssh2_channel_shell(pwm
->tcp_conn
->channel
)) {
708 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
712 assuan_set_io_hooks(&io_hooks
);
713 rc
= assuan_socket_connect_fd(&ctx
, pwm
->tcp_conn
->fd
, 0, pwm
);
718 assuan_set_finish_handler(ctx
, _ssh_assuan_deinit
);
720 rc
= _socket_connect_finalize(pwm
);
728 free_tcp_conn(pwm
->tcp_conn
);
729 pwm
->tcp_conn
= NULL
;
733 static gpg_error_t
_do_pwmd_tcp_connect(pwm_t
*pwm
, const char *host
, int port
,
734 const char *identity
, const char *user
, const char *known_hosts
, int get
)
736 pwmd_tcp_conn_t
*conn
;
740 return GPG_ERR_INV_ARG
;
742 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
, get
);
747 pwm
->tcp_conn
= conn
;
748 pwm
->tcp_conn
->get_only
= get
;
749 pwm
->cmd
= ASYNC_CMD_DNS
;
750 ares_init(&pwm
->tcp_conn
->chan
);
751 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
752 dns_resolve_cb
, pwm
);
754 /* dns_resolve_cb() may have already been called. */
755 if (pwm
->tcp_conn
->rc
) {
756 rc
= pwm
->tcp_conn
->rc
;
761 * Fake a blocking DNS lookup. libcares does a better job than
771 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
772 ares_timeout(pwm
->tcp_conn
->chan
, NULL
, &tv
);
774 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
776 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
780 rc
= gpg_error_from_syserror();
784 rc
= GPG_ERR_TIMEOUT
;
788 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
790 if (pwm
->tcp_conn
->rc
)
792 } while (pwm
->cmd
== ASYNC_CMD_DNS
);
794 if (pwm
->tcp_conn
->rc
) {
795 rc
= pwm
->tcp_conn
->rc
;
799 return setup_tcp_session(pwm
);
805 gpg_error_t
pwmd_ssh_connect(pwm_t
*pwm
, const char *host
, int port
,
806 const char *identity
, const char *user
, const char *known_hosts
)
808 return _do_pwmd_tcp_connect(pwm
, host
, port
, identity
, user
, known_hosts
, 0);
811 gpg_error_t
pwmd_get_hostkey(pwm_t
*pwm
, const char *host
, int port
,
817 rc
= _do_pwmd_tcp_connect(pwm
, host
, port
, NULL
, NULL
, NULL
, 1);
822 hostkey
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
825 rc
= gpg_error_from_errno(ENOMEM
);
831 gpg_error_t
pwmd_get_hostkey_async(pwm_t
*pwm
, const char *host
, int port
)
833 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, NULL
, NULL
, NULL
,
838 * ssh://[username@]hostname[:port],identity,known_hosts
840 * Any missing parameters are checked for in init_tcp_conn().
842 static int parse_ssh_url(char *str
, char **host
, int *port
, char **user
,
843 char **identity
, char **known_hosts
)
849 *host
= *user
= *identity
= *known_hosts
= NULL
;
851 p
= strrchr(str
, '@');
854 len
= strlen(str
)-strlen(p
)+1;
855 *user
= pwmd_malloc(len
);
856 snprintf(*user
, len
, "%s", str
);
865 len
= strlen(p
)-strlen(t
)+1;
866 *host
= pwmd_malloc(len
);
867 snprintf(*host
, len
, "%s", p
);
871 while (*t
&& isdigit(*t
))
883 len
= strlen(p
)-strlen(t
)+1;
884 *host
= pwmd_malloc(len
);
885 snprintf(*host
, len
, "%s", p
);
892 len
= strlen(t
)-strlen(t2
)+1;
896 *identity
= pwmd_malloc(len
);
897 snprintf(*identity
, len
, "%s", t
);
903 *known_hosts
= pwmd_malloc(len
);
904 snprintf(*known_hosts
, len
, "%s", t2
);
910 *host
= pwmd_malloc(len
);
911 snprintf(*host
, len
, "%s", p
);
919 static gpg_error_t
_pwmd_connect_url(pwm_t
*pwm
, const char *url
, int async
)
921 char *p
= (char *)url
;
925 return GPG_ERR_INV_ARG
;
927 if (!strncmp(p
, "socket://", 9)) {
929 rc
= pwmd_connect(pwm
, p
);
930 pwm
->state
= ASYNC_DONE
;
933 else if (!strncmp(p
, "ssh://", 6) || !strncmp(p
, "ssh6://", 7) ||
934 !strncmp(p
, "ssh4://", 7)) {
936 return GPG_ERR_NOT_IMPLEMENTED
;
940 char *identity
= NULL
;
941 char *known_hosts
= NULL
;
942 char *username
= NULL
;
944 if (!strncmp(p
, "ssh6://", 7)) {
945 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV6
);
948 else if (!strncmp(p
, "ssh4://", 7)) {
949 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV4
);
953 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IP_ANY
);
960 rc
= parse_ssh_url(p
, &host
, &port
, &username
, &identity
,
967 rc
= pwmd_ssh_connect_async(pwm
, host
, port
, identity
, username
,
970 rc
= pwmd_ssh_connect(pwm
, host
, port
, identity
, username
,
983 pwmd_free(known_hosts
);
989 return GPG_ERR_UNSUPPORTED_PROTOCOL
;
992 gpg_error_t
pwmd_connect_url(pwm_t
*pwm
, const char *url
)
994 return _pwmd_connect_url(pwm
, url
, 0);
997 gpg_error_t
pwmd_connect_url_async(pwm_t
*pwm
, const char *url
)
999 return _pwmd_connect_url(pwm
, url
, 1);
1002 static char *expand_homedir(char *str
, struct passwd
*pw
)
1008 if (*p
!= '~' || *(p
+1) != '/')
1009 return pwmd_strdup(p
);
1014 pwbuf
= _getpwuid(&t
);
1023 result
= pwmd_strdup_printf("%s/%s", pw
->pw_dir
, p
);
1031 gpg_error_t
pwmd_connect(pwm_t
*pwm
, const char *path
)
1033 char *socketpath
= NULL
;
1034 assuan_context_t ctx
;
1040 return GPG_ERR_INV_ARG
;
1042 pwbuf
= _getpwuid(&pw
);
1045 return gpg_error_from_errno(errno
);
1047 if (!path
|| !*path
) {
1048 socketpath
= (char *)pwmd_malloc(strlen(pw
.pw_dir
) + strlen("/.pwmd/socket") + 1);
1049 sprintf(socketpath
, "%s/.pwmd/socket", pw
.pw_dir
);
1052 socketpath
= expand_homedir((char *)path
, &pw
);
1056 return gpg_error_from_errno(ENOMEM
);
1061 rc
= assuan_socket_connect_ext(&ctx
, socketpath
, -1, 0);
1062 pwmd_free(socketpath
);
1068 return _socket_connect_finalize(pwm
);
1071 void pwmd_close(pwm_t
*pwm
)
1077 assuan_disconnect(pwm
->ctx
);
1080 pwmd_free(pwm
->password
);
1083 pwmd_free(pwm
->title
);
1086 pwmd_free(pwm
->desc
);
1089 pwmd_free(pwm
->prompt
);
1091 if (pwm
->pinentry_tty
)
1092 pwmd_free(pwm
->pinentry_tty
);
1094 if (pwm
->pinentry_display
)
1095 pwmd_free(pwm
->pinentry_display
);
1097 if (pwm
->pinentry_term
)
1098 pwmd_free(pwm
->pinentry_term
);
1101 pwmd_free(pwm
->lcctype
);
1103 if (pwm
->lcmessages
)
1104 pwmd_free(pwm
->lcmessages
);
1107 pwmd_free(pwm
->filename
);
1110 pwmd_free(pwm
->name
);
1114 free_tcp_conn(pwm
->tcp_conn
);
1120 static int mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
1122 membuf_t
*mem
= (membuf_t
*)data
;
1128 if ((p
= pwmd_realloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
1132 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
1137 static int _inquire_cb(void *data
, const char *keyword
)
1139 pwm_t
*pwm
= (pwm_t
*)data
;
1141 int flags
= fcntl(pwm
->fd
, F_GETFL
);
1143 /* Shouldn't get this far without a callback. */
1144 if (!pwm
->inquire_func
)
1145 return GPG_ERR_INV_ARG
;
1147 /* Set to non-blocking so _pwmd_process() can return. */
1148 fcntl(pwm
->fd
, F_SETFL
, O_NONBLOCK
);
1151 char *result
= NULL
;
1155 rc
= pwm
->inquire_func(pwm
->inquire_data
, keyword
, rc
, &result
, &len
);
1156 rc
= gpg_err_code(rc
);
1158 if (rc
== GPG_ERR_EOF
|| !rc
) {
1159 if (len
<= 0 || !result
) {
1164 arc
= assuan_send_data(pwm
->ctx
, result
, len
);
1166 if (rc
== GPG_ERR_EOF
) {
1177 rc
= _pwmd_process(pwm
);
1180 fcntl(pwm
->fd
, F_SETFL
, flags
);
1184 static gpg_error_t
do_nb_command(pwm_t
*pwm
, const char *cmd
, ...)
1190 if (pwm
->state
== ASYNC_DONE
)
1191 pwm
->state
= ASYNC_INIT
;
1193 if (pwm
->state
!= ASYNC_INIT
)
1194 return GPG_ERR_INV_STATE
;
1196 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1199 return gpg_error_from_errno(ENOMEM
);
1202 vsnprintf(buf
, ASSUAN_LINELENGTH
, cmd
, ap
);
1204 rc
= assuan_write_line(pwm
->ctx
, buf
);
1208 pwm
->state
= ASYNC_PROCESS
;
1213 gpg_error_t
pwmd_open_async(pwm_t
*pwm
, const char *filename
)
1215 if (!pwm
|| !filename
)
1216 return GPG_ERR_INV_ARG
;
1219 return GPG_ERR_INV_STATE
;
1221 if (pwm
->cmd
!= ASYNC_CMD_OPEN
) {
1227 pwmd_free(pwm
->filename
);
1229 pwm
->filename
= pwmd_strdup(filename
);
1231 rc
= send_pinentry_options(pwm
);
1237 pwm
->cmd
= ASYNC_CMD_OPEN
;
1238 return do_nb_command(pwm
, "OPEN %s %s", filename
,
1239 pwm
->password
? pwm
->password
: "");
1242 gpg_error_t
pwmd_save_async(pwm_t
*pwm
)
1247 return GPG_ERR_INV_ARG
;
1250 return GPG_ERR_INV_STATE
;
1252 rc
= send_pinentry_options(pwm
);
1257 pwm
->cmd
= ASYNC_CMD_SAVE
;
1258 return do_nb_command(pwm
, "SAVE %s", pwm
->password
? pwm
->password
: "");
1261 static gpg_error_t
parse_assuan_line(pwm_t
*pwm
)
1267 rc
= assuan_read_line(pwm
->ctx
, &line
, &len
);
1270 if (line
[0] == 'O' && line
[1] == 'K' &&
1271 (line
[2] == 0 || line
[2] == ' ')) {
1272 pwm
->state
= ASYNC_DONE
;
1274 else if (line
[0] == '#') {
1276 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' ')) {
1277 if (pwm
->status_func
) {
1278 rc
= pwm
->status_func(pwm
->status_data
,
1279 line
[1] == 0 ? line
+1 : line
+2);
1282 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
1283 (line
[3] == 0 || line
[3] == ' ')) {
1286 pwm
->state
= ASYNC_DONE
;
1293 gpg_error_t
pwmd_pending_line(pwm_t
*pwm
)
1296 return GPG_ERR_INV_ARG
;
1299 return GPG_ERR_INV_STATE
;
1301 return assuan_pending_line(pwm
->ctx
) ? 0 : GPG_ERR_NO_DATA
;
1304 static pwmd_async_t
reset_async(pwm_t
*pwm
, int done
)
1306 pwm
->state
= ASYNC_INIT
;
1307 pwm
->cmd
= ASYNC_CMD_NONE
;
1309 #ifdef WITH_PINENTRY
1310 if (pwm
->nb_fd
!= -1) {
1316 if (done
&& pwm
->tcp_conn
) {
1317 free_tcp_conn(pwm
->tcp_conn
);
1318 pwm
->tcp_conn
= NULL
;
1326 * Used for processing status messages when not in an async command and for
1327 * waiting for the result from pwmd_open_async() and pwmd_save_async().
1329 static gpg_error_t
_pwmd_process(pwm_t
*pwm
)
1333 struct timeval tv
= {0, 0};
1337 FD_SET(pwm
->fd
, &fds
);
1339 n
= pth_select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1341 n
= select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1345 return gpg_error_from_syserror();
1348 if (FD_ISSET(pwm
->fd
, &fds
))
1349 rc
= parse_assuan_line(pwm
);
1352 while (!rc
&& assuan_pending_line(pwm
->ctx
))
1353 rc
= parse_assuan_line(pwm
);
1358 pwmd_async_t
pwmd_process(pwm_t
*pwm
, gpg_error_t
*rc
, char **result
)
1362 struct timeval tv
= {0, 0};
1368 return GPG_ERR_INV_ARG
;
1373 *rc
= GPG_ERR_INV_ARG
;
1376 else if (!pwm
->ctx
) {
1379 *rc
= GPG_ERR_INV_STATE
;
1383 case ASYNC_CMD_CONNECT
:
1384 case ASYNC_CMD_HOSTKEY
:
1390 /* When not in a command, this will let libassuan process status messages
1391 * by calling PWMD_OPTION_STATUS_FUNC. The client can poll the file
1392 * descriptor returned by pwmd_get_fd() to determine when this should be
1393 * called or call pwmd_pending_line() to determine whether a buffered line
1394 * needs to be processed. */
1395 if (pwm
->cmd
== ASYNC_CMD_NONE
) {
1396 *rc
= _pwmd_process(pwm
);
1400 /* Fixes pwmd_open/save_async2() when there is a cached or new file. */
1401 if (pwm
->state
== ASYNC_DONE
) {
1402 reset_async(pwm
, 0);
1406 if (pwm
->state
!= ASYNC_PROCESS
) {
1407 *rc
= GPG_ERR_INV_STATE
;
1412 if (pwm
->cmd
== ASYNC_CMD_DNS
) {
1415 if (pwm
->tcp_conn
->rc
) {
1416 *rc
= pwm
->tcp_conn
->rc
;
1417 reset_async(pwm
, 1);
1423 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1425 /* Shouldn't happen. */
1430 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
1432 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
1436 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1440 else if (pwm
->cmd
== ASYNC_CMD_CONNECT
) {
1441 if (pwm
->tcp_conn
->rc
== GPG_ERR_EINPROGRESS
) {
1443 socklen_t len
= sizeof(int);
1446 FD_SET(pwm
->tcp_conn
->fd
, &fds
);
1448 n
= pth_select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1450 n
= select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1453 if (!n
|| !FD_ISSET(pwm
->tcp_conn
->fd
, &fds
))
1456 *rc
= gpg_error_from_syserror();
1457 reset_async(pwm
, 1);
1461 ret
= getsockopt(pwm
->tcp_conn
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
1464 *rc
= ret
? gpg_error_from_syserror() : gpg_error_from_errno(n
);
1465 reset_async(pwm
, 1);
1469 else if (pwm
->tcp_conn
->rc
) {
1470 *rc
= pwm
->tcp_conn
->rc
;
1471 reset_async(pwm
, 1);
1475 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, 0);
1476 *rc
= setup_tcp_session(pwm
);
1479 switch (pwm
->tcp_conn
->cmd
) {
1480 case ASYNC_CMD_HOSTKEY
:
1482 *result
= pwm
->result
;
1489 return reset_async(pwm
, *rc
? 1 : 0);
1493 #ifdef WITH_PINENTRY
1494 if (pwm
->cmd
== ASYNC_CMD_OPEN2
|| pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1497 if (pwm
->nb_fd
== -1) {
1498 *rc
= GPG_ERR_INV_STATE
;
1499 return reset_async(pwm
, 0);
1503 FD_SET(pwm
->nb_fd
, &fds
);
1504 FD_SET(pwm
->fd
, &fds
);
1506 n
= pth_select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1508 n
= select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1511 *rc
= gpg_error_from_syserror();
1512 return reset_async(pwm
, 0);
1515 if (n
> 0 && FD_ISSET(pwm
->nb_fd
, &fds
)) {
1516 pwmd_nb_status_t nb
;
1518 size_t len
= pth_read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1520 size_t len
= read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1522 waitpid(pwm
->nb_pid
, &status
, WNOHANG
);
1524 if (len
!= sizeof(nb
)) {
1525 *rc
= gpg_error_from_syserror();
1526 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1531 if (*rc
== GPG_ERR_INV_PASSPHRASE
&& pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1532 reset_async(pwm
, 0);
1533 *rc
= pwmd_save_async2(pwm
);
1534 return ASYNC_PROCESS
;
1537 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1539 if (pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1540 *rc
= do_save_command(pwm
, nb
.password
);
1541 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1542 return reset_async(pwm
, 0);
1545 if (pwm
->cmd
== ASYNC_CMD_OPEN2
) {
1546 *rc
= do_open_command(pwm
, pwm
->filename
, nb
.password
);
1547 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1549 if (*rc
== GPG_ERR_INV_PASSPHRASE
) {
1550 if (++pwm
->pin_try
< pwm
->pinentry_tries
) {
1551 int n
= pwm
->pin_try
;
1553 reset_async(pwm
, 0);
1555 pwm
->cmd
= ASYNC_CMD_OPEN2
;
1556 *rc
= pwmd_open_async2(pwm
, pwm
->filename
);
1559 return reset_async(pwm
, 1);
1565 return reset_async(pwm
, *rc
? 1 : 0);
1569 /* Fall through so status messages can be processed during the
1575 *rc
= GPG_ERR_INV_STATE
;
1576 return reset_async(pwm
, 0);
1579 /* This is for pwmd_open_async() and pwmd_save_async(). For pinentry
1581 *rc
= _pwmd_process(pwm
);
1583 if (*rc
&& gpg_err_code(*rc
) != GPG_ERR_INV_PASSPHRASE
) {
1584 reset_async(pwm
, 0);
1589 if (!pwm
->tcp_conn
&& pwm
->cmd
== ASYNC_CMD_OPEN
&&
1591 if (pwm
->cmd
== ASYNC_CMD_OPEN
&&
1593 gpg_err_code(*rc
) == GPG_ERR_INV_PASSPHRASE
&&
1594 ++pwm
->pin_try
< pwm
->pinentry_tries
) {
1595 pwm
->state
= ASYNC_INIT
;
1596 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
1600 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN
? 1 : 0);
1602 if (pwm
->state
== ASYNC_DONE
) {
1603 reset_async(pwm
, 0);
1610 static gpg_error_t
assuan_command(pwm_t
*pwm
, assuan_context_t ctx
,
1611 char **result
, const char *cmd
)
1619 rc
= assuan_transact(ctx
, cmd
, mem_realloc_cb
, &data
, _inquire_cb
, pwm
,
1620 pwm
->status_func
, pwm
->status_data
);
1624 pwmd_free(data
.buf
);
1630 mem_realloc_cb(&data
, "", 1);
1633 pwmd_free(data
.buf
);
1634 rc
= GPG_ERR_INV_ARG
;
1637 *result
= (char *)data
.buf
;
1641 return gpg_err_code(rc
);
1644 gpg_error_t
pwmd_inquire(pwm_t
*pwm
, const char *cmd
, pwmd_inquire_cb_t fn
,
1647 if (!pwm
|| !cmd
|| !fn
)
1648 return GPG_ERR_INV_ARG
;
1651 return GPG_ERR_INV_STATE
;
1653 pwm
->inquire_func
= fn
;
1654 pwm
->inquire_data
= data
;
1655 return assuan_command(pwm
, pwm
->ctx
, NULL
, cmd
);
1658 #ifdef WITH_PINENTRY
1659 static gpg_error_t
terminate_pinentry(pwm_t
*pwm
)
1661 pid_t pid
= pwm
->pid
;
1665 if (!pwm
|| pid
== -1)
1666 return GPG_ERR_INV_ARG
;
1668 if (kill(pid
, 0) == 0) {
1669 if (kill(pid
, SIGTERM
) == -1) {
1670 if (kill(pid
, SIGKILL
) == -1)
1671 return gpg_error_from_errno(errno
);
1675 return gpg_error_from_errno(errno
);
1680 static gpg_error_t
set_pinentry_strings(pwm_t
*pwm
, int which
)
1685 tmp
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1688 return gpg_error_from_errno(ENOMEM
);
1691 pwm
->title
= pwmd_strdup_printf(N_("Password Manager Daemon: %s"),
1692 pwm
->name
? pwm
->name
: "libpwmd");
1698 pwm
->prompt
= pwmd_strdup(N_("Passphrase:"));
1703 if (!pwm
->desc
&& (which
== PINENTRY_OPEN
|| which
== PINENTRY_SAVE
)) {
1704 if (which
== PINENTRY_OPEN
)
1705 desc
= pwmd_strdup_printf(N_("A passphrase is required to open the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1707 desc
= pwmd_strdup_printf(N_("A passphrase is required to save to the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1719 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s", desc
);
1721 if (pwm
->desc
!= desc
)
1724 case PINENTRY_OPEN_FAILED
:
1725 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1726 N_("Invalid passphrase, please try again."));
1728 case PINENTRY_SAVE_CONFIRM
:
1729 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1730 N_("Please type the passphrase again for confirmation."));
1734 error
= pinentry_command(pwm
, NULL
, tmp
);
1741 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETPROMPT %s", pwm
->prompt
);
1742 error
= pinentry_command(pwm
, NULL
, tmp
);
1749 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETDESC %s", pwm
->title
);
1750 error
= pinentry_command(pwm
, NULL
, tmp
);
1756 return gpg_error_from_errno(ENOMEM
);
1759 static void update_pinentry_settings(pwm_t
*pwm
)
1765 char *pwbuf
= _getpwuid(&pw
);
1770 snprintf(buf
, sizeof(buf
), "%s/.pwmd/pinentry.conf", pw
.pw_dir
);
1772 if ((fp
= fopen(buf
, "r")) == NULL
) {
1777 while ((p
= fgets(buf
, sizeof(buf
), fp
)) != NULL
) {
1778 char name
[32], val
[256];
1780 if (sscanf(p
, " %31[a-zA-Z] = %255s", name
, val
) != 2)
1783 if (strcasecmp(name
, "TTYNAME") == 0) {
1784 pwmd_free(pwm
->pinentry_tty
);
1785 pwm
->pinentry_tty
= pwmd_strdup(val
);
1787 else if (strcasecmp(name
, "TTYTYPE") == 0) {
1788 pwmd_free(pwm
->pinentry_term
);
1789 pwm
->pinentry_term
= pwmd_strdup(val
);
1791 else if (strcasecmp(name
, "DISPLAY") == 0) {
1792 pwmd_free(pwm
->pinentry_display
);
1793 pwm
->pinentry_display
= pwmd_strdup(val
);
1795 else if (strcasecmp(name
, "PATH") == 0) {
1796 pwmd_free(pwm
->pinentry_path
);
1797 pwm
->pinentry_path
= expand_homedir(val
, &pw
);
1805 static gpg_error_t
launch_pinentry(pwm_t
*pwm
)
1808 assuan_context_t ctx
;
1809 int child_list
[] = {-1};
1810 char *display
= getenv("DISPLAY");
1811 const char *argv
[10];
1812 const char **p
= argv
;
1813 int have_display
= 0;
1815 char *ttybuf
= NULL
;
1817 update_pinentry_settings(pwm
);
1819 if (pwm
->pinentry_display
|| display
)
1822 if (!pwm
->pinentry_tty
) {
1823 ttybuf
= pwmd_malloc(255);
1826 return gpg_error_from_errno(ENOMEM
);
1828 rc
= ttyname_r(STDOUT_FILENO
, ttybuf
, 255);
1832 return gpg_error_from_errno(rc
);
1838 tty
= pwm
->pinentry_tty
;
1841 if (!have_display
&& !tty
)
1842 return GPG_ERR_ENOTTY
;
1845 *p
++ = have_display
? "--display" : "--ttyname";
1846 *p
++ = have_display
? pwm
->pinentry_display
? pwm
->pinentry_display
: display
: tty
;
1849 *p
++ = "--lc-ctype";
1850 *p
++ = pwm
->lcctype
;
1853 if (pwm
->lcmessages
) {
1854 *p
++ = "--lc-messages";
1855 *p
++ = pwm
->lcmessages
;
1860 if (!have_display
) {
1862 *p
++ = pwm
->pinentry_term
? pwm
->pinentry_term
: getenv("TERM");
1866 rc
= assuan_pipe_connect(&ctx
, pwm
->pinentry_path
? pwm
->pinentry_path
: PINENTRY_PATH
, argv
, child_list
);
1874 pwm
->pid
= assuan_get_pid(ctx
);
1876 return set_pinentry_strings(pwm
, 0);
1879 static gpg_error_t
pinentry_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1884 n
= launch_pinentry(pwm
);
1890 return assuan_command(pwm
, pwm
->pctx
, result
, cmd
);
1893 static void pinentry_disconnect(pwm_t
*pwm
)
1896 assuan_disconnect(pwm
->pctx
);
1903 * Only called from a child process.
1905 static void catchsig(int sig
)
1909 if (gelapsed
++ >= gtimeout
) {
1910 terminate_pinentry(gpwm
);
1911 gerror
= GPG_ERR_TIMEOUT
;
1923 * Borrowed from libassuan.
1925 static char *percent_escape(const char *atext
)
1927 const unsigned char *s
;
1928 int len
= strlen(atext
) * 3 + 1;
1929 char *buf
= (char *)pwmd_malloc(len
), *p
= buf
;
1934 for (s
=(const unsigned char *)atext
; *s
; s
++) {
1936 sprintf (p
, "%%%02X", *s
);
1947 static gpg_error_t
send_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1950 return GPG_ERR_INV_ARG
;
1952 return assuan_command(pwm
, pwm
->ctx
, result
, cmd
);
1955 gpg_error_t
pwmd_command_ap(pwm_t
*pwm
, char **result
, const char *cmd
,
1964 return GPG_ERR_INV_ARG
;
1967 return GPG_ERR_INV_STATE
;
1970 * C99 allows the dst pointer to be null which will calculate the length
1971 * of the would-be result and return it.
1974 len
= vsnprintf(NULL
, 0, cmd
, ap
)+1;
1975 buf
= (char *)pwmd_malloc(len
);
1979 return gpg_error_from_errno(ENOMEM
);
1982 len
= vsnprintf(buf
, len
, cmd
, ap2
);
1985 if (buf
[strlen(buf
)-1] == '\n')
1986 buf
[strlen(buf
)-1] = 0;
1988 if (buf
[strlen(buf
)-1] == '\r')
1989 buf
[strlen(buf
)-1] = 0;
1991 error
= send_command(pwm
, result
, buf
);
1996 gpg_error_t
pwmd_command(pwm_t
*pwm
, char **result
, const char *cmd
, ...)
2002 return GPG_ERR_INV_ARG
;
2005 return GPG_ERR_INV_STATE
;
2011 error
= pwmd_command_ap(pwm
, result
, cmd
, ap
);
2016 #ifdef WITH_PINENTRY
2017 static gpg_error_t
do_getpin(pwm_t
*pwm
, char **result
)
2020 signal(SIGALRM
, catchsig
);
2025 return pinentry_command(pwm
, result
, "GETPIN");
2028 static gpg_error_t
getpin(pwm_t
*pwm
, char **result
, int which
)
2033 rc
= set_pinentry_strings(pwm
, which
);
2036 pinentry_disconnect(pwm
);
2040 rc
= do_getpin(pwm
, result
);
2043 * Since there was input cancel any timeout setting.
2046 signal(SIGALRM
, SIG_DFL
);
2050 pinentry_disconnect(pwm
);
2052 /* This lets pwmd_open2() with PWMD_OPTION_PINENTRY_TIMEOUT work. */
2053 if (rc
== GPG_ERR_EOF
&& gerror
== GPG_ERR_TIMEOUT
)
2063 static gpg_error_t
do_open_command(pwm_t
*pwm
, const char *filename
, char *password
)
2067 char *result
= NULL
;
2069 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2072 return gpg_error_from_errno(ENOMEM
);
2074 snprintf(buf
, ASSUAN_LINELENGTH
, "OPEN %s %s", filename
,
2075 password
? password
: "");
2076 error
= send_command(pwm
, &result
, buf
);
2079 if (error
&& result
)
2085 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
)
2089 if (pwm
->pinentry_path
) {
2090 rc
= pwmd_command(pwm
, NULL
, "OPTION PATH=%s", pwm
->pinentry_path
);
2096 if (pwm
->pinentry_tty
) {
2097 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYNAME=%s", pwm
->pinentry_tty
);
2103 if (pwm
->pinentry_term
) {
2104 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYTYPE=%s", pwm
->pinentry_term
);
2110 if (pwm
->pinentry_display
) {
2111 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->pinentry_display
);
2118 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->title
);
2125 rc
= pwmd_command(pwm
, NULL
, "OPTION DESC=%s", pwm
->desc
);
2132 rc
= pwmd_command(pwm
, NULL
, "OPTION PROMPT=%s", pwm
->prompt
);
2139 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_CTYPE=%s", pwm
->lcctype
);
2145 if (pwm
->lcmessages
) {
2146 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_MESSAGES=%s", pwm
->lcmessages
);
2152 if (pwm
->pinentry_timeout
>= 0) {
2153 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=%i", pwm
->pinentry_timeout
);
2162 static gpg_error_t
do_pwmd_open(pwm_t
*pwm
, const char *filename
, int nb
,
2165 char *result
= NULL
;
2166 char *password
= NULL
;
2171 if (!pwm
|| !filename
|| !*filename
)
2172 return GPG_ERR_INV_ARG
;
2175 return GPG_ERR_INV_STATE
;
2177 pin_try
= pwm
->pinentry_tries
- 1;
2180 * Avoid calling pinentry if the password is cached on the server or if
2181 * this is a new file. pwmd version 2 adds a VERSION command which is
2182 * determined in _socket_connect_finalize(). If the server is version 2,
2183 * ISCACHED can determine if a file exists.
2186 if (!pwm
->tcp_conn
&& pwm
->version
== PWMD_V1
) {
2188 if (pwm
->version
== PWMD_V1
) {
2190 rc
= pwmd_command(pwm
, &result
, "GETCONFIG data_directory");
2195 path
= pwmd_strdup_printf("%s/%s", result
, filename
);
2199 return gpg_error_from_errno(ENOMEM
);
2201 if (access(path
, R_OK
) == -1) {
2202 if (errno
== ENOENT
) {
2211 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", filename
);
2213 if (gpg_err_code(rc
) == GPG_ERR_ENOENT
)
2216 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2219 if (rc
== GPG_ERR_NOT_FOUND
) {
2220 if (pwm
->password
) {
2221 password
= pwm
->password
;
2225 if (pwm
->passfunc
) {
2226 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2235 #ifdef WITH_PINENTRY
2236 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2237 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
2243 pwm
->filename
= pwmd_strdup(filename
);
2246 return gpg_error_from_errno(ENOMEM
);
2248 /* Get the passphrase using the LOCAL pinentry. */
2252 pwmd_nb_status_t pw
;
2255 return gpg_error_from_syserror();
2268 if (pwm
->pinentry_timeout
!= 0) {
2270 gtimeout
= abs(pwm
->pinentry_timeout
);
2274 pw
.error
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2276 if (gtimeout
&& gelapsed
>= gtimeout
)
2277 pw
.error
= GPG_ERR_TIMEOUT
;
2280 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2283 pinentry_disconnect(pwm
);
2285 pth_write(p
[1], &pw
, sizeof(pw
));
2287 write(p
[1], &pw
, sizeof(pw
));
2289 memset(&pw
, 0, sizeof(pw
));
2294 rc
= gpg_error_from_syserror();
2308 if (pwm
->pinentry_timeout
!= 0) {
2310 gtimeout
= abs(pwm
->pinentry_timeout
);
2314 rc
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2316 /* Don't timeout when an invalid passphrase was entered. */
2325 pwm
->state
= ASYNC_DONE
;
2328 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2330 if (!local_pinentry
) {
2332 rc
= send_pinentry_options(pwm
);
2338 rc
= do_open_command(pwm
, filename
, password
);
2341 * Keep the user defined password set with pwmd_setopt(). The password may
2342 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
2344 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2345 pwmd_free(password
);
2348 if (rc
== GPG_ERR_INV_PASSPHRASE
&& !pwm
->tcp_conn
) {
2350 if (rc
== GPG_ERR_INV_PASSPHRASE
) {
2352 if (pin_try
-- > 0 && !nb
) {
2354 #ifdef WITH_PINENTRY
2356 rc
= getpin(pwm
, &password
, PINENTRY_OPEN_FAILED
);
2359 rc
= pwmd_command(pwm
, &result
, "OPTION TITLE=%s",
2360 N_("Invalid passphrase, please try again."));
2368 #ifdef WITH_PINENTRY
2370 pinentry_disconnect(pwm
);
2378 pwmd_free(pwm
->filename
);
2380 pwm
->filename
= pwmd_strdup(filename
);
2386 gpg_error_t
pwmd_open2(pwm_t
*pwm
, const char *filename
)
2388 #ifndef WITH_PINENTRY
2389 return GPG_ERR_NOT_IMPLEMENTED
;
2391 return do_pwmd_open(pwm
, filename
, 0, 1);
2395 gpg_error_t
pwmd_open(pwm_t
*pwm
, const char *filename
)
2397 return do_pwmd_open(pwm
, filename
, 0, 0);
2400 gpg_error_t
pwmd_open_async2(pwm_t
*pwm
, const char *filename
)
2402 #ifndef WITH_PINENTRY
2403 return GPG_ERR_NOT_IMPLEMENTED
;
2407 if (!pwm
|| !filename
)
2408 return GPG_ERR_INV_ARG
;
2411 return GPG_ERR_INV_STATE
;
2413 if (pwm
->cmd
!= ASYNC_CMD_OPEN2
)
2416 pwm
->cmd
= ASYNC_CMD_OPEN2
;
2417 pwm
->state
= ASYNC_PROCESS
;
2418 rc
= do_pwmd_open(pwm
, filename
, 1, 1);
2421 reset_async(pwm
, 1);
2427 #ifdef WITH_PINENTRY
2428 static gpg_error_t
do_save_getpin(pwm_t
*pwm
, char **password
)
2432 char *result
= NULL
;
2435 error
= getpin(pwm
, &result
, confirm
? PINENTRY_SAVE_CONFIRM
: PINENTRY_SAVE
);
2439 pinentry_disconnect(pwm
);
2442 pwmd_free(*password
);
2452 if (strcmp(*password
, result
)) {
2453 pwmd_free(*password
);
2461 pinentry_disconnect(pwm
);
2466 static gpg_error_t
do_save_command(pwm_t
*pwm
, char *password
)
2470 char *result
= NULL
;
2472 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2475 return gpg_error_from_errno(ENOMEM
);
2477 snprintf(buf
, ASSUAN_LINELENGTH
, "SAVE %s", password
? password
: "");
2478 error
= send_command(pwm
, &result
, buf
);
2481 if (error
&& result
)
2487 static gpg_error_t
do_pwmd_save(pwm_t
*pwm
, int nb
, int local_pinentry
)
2489 char *result
= NULL
;
2490 char *password
= NULL
;
2494 return GPG_ERR_INV_ARG
;
2497 return GPG_ERR_INV_STATE
;
2499 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", pwm
->filename
);
2501 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2504 if (rc
== GPG_ERR_NOT_FOUND
) {
2505 if (pwm
->password
) {
2506 password
= pwm
->password
;
2510 if (pwm
->passfunc
) {
2511 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2520 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2521 #ifdef WITH_PINENTRY
2522 /* Get the password using the LOCAL pinentry. */
2526 pwmd_nb_status_t pw
;
2529 return gpg_error_from_syserror();
2542 pw
.error
= do_save_getpin(pwm
, &password
);
2543 pinentry_disconnect(pwm
);
2544 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2547 pth_write(p
[1], &pw
, sizeof(pw
));
2549 write(p
[1], &pw
, sizeof(pw
));
2551 memset(&pw
, 0, sizeof(pw
));
2556 rc
= gpg_error_from_syserror();
2570 rc
= do_save_getpin(pwm
, &password
);
2577 pwm
->state
= ASYNC_DONE
;
2581 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2583 if (!local_pinentry
) {
2585 rc
= send_pinentry_options(pwm
);
2591 rc
= do_save_command(pwm
, password
);
2593 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2594 pwmd_free(password
);
2599 gpg_error_t
pwmd_save_async2(pwm_t
*pwm
)
2601 #ifndef WITH_PINENTRY
2602 return GPG_ERR_NOT_IMPLEMENTED
;
2607 return GPG_ERR_INV_ARG
;
2610 return GPG_ERR_INV_STATE
;
2612 pwm
->cmd
= ASYNC_CMD_SAVE2
;
2613 pwm
->state
= ASYNC_PROCESS
;
2614 rc
= do_pwmd_save(pwm
, 1, 1);
2617 reset_async(pwm
, 0);
2623 gpg_error_t
pwmd_save2(pwm_t
*pwm
)
2625 #ifndef WITH_PINENTRY
2626 return GPG_ERR_NOT_IMPLEMENTED
;
2628 return do_pwmd_save(pwm
, 0, 1);
2632 gpg_error_t
pwmd_save(pwm_t
*pwm
)
2634 return do_pwmd_save(pwm
, 0, 0);
2637 gpg_error_t
pwmd_setopt(pwm_t
*pwm
, pwmd_option_t opt
, ...)
2640 int n
= va_arg(ap
, int);
2642 gpg_error_t error
= 0;
2645 return GPG_ERR_INV_ARG
;
2650 case PWMD_OPTION_STATUS_CB
:
2651 pwm
->status_func
= va_arg(ap
, pwmd_status_cb_t
);
2653 case PWMD_OPTION_STATUS_DATA
:
2654 pwm
->status_data
= va_arg(ap
, void *);
2656 case PWMD_OPTION_PASSPHRASE_CB
:
2657 pwm
->passfunc
= va_arg(ap
, pwmd_passphrase_cb_t
);
2659 case PWMD_OPTION_PASSPHRASE_DATA
:
2660 pwm
->passdata
= va_arg(ap
, void *);
2662 case PWMD_OPTION_PASSPHRASE
:
2663 arg1
= va_arg(ap
, char *);
2666 pwmd_free(pwm
->password
);
2668 pwm
->password
= pwmd_strdup(arg1
);
2670 case PWMD_OPTION_PINENTRY_TRIES
:
2671 n
= va_arg(ap
, int);
2675 error
= GPG_ERR_INV_VALUE
;
2678 pwm
->pinentry_tries
= n
;
2680 case PWMD_OPTION_PINENTRY_TIMEOUT
:
2681 n
= va_arg(ap
, int);
2685 error
= GPG_ERR_INV_VALUE
;
2688 pwm
->pinentry_timeout
= n
;
2690 case PWMD_OPTION_PINENTRY_PATH
:
2691 if (pwm
->pinentry_path
)
2692 pwmd_free(pwm
->pinentry_path
);
2694 pwm
->pinentry_path
= expand_homedir(va_arg(ap
, char *), NULL
);
2696 case PWMD_OPTION_PINENTRY_TTY
:
2697 if (pwm
->pinentry_tty
)
2698 pwmd_free(pwm
->pinentry_tty
);
2700 pwm
->pinentry_tty
= pwmd_strdup(va_arg(ap
, char *));
2702 case PWMD_OPTION_PINENTRY_DISPLAY
:
2703 if (pwm
->pinentry_display
)
2704 pwmd_free(pwm
->pinentry_display
);
2706 pwm
->pinentry_display
= pwmd_strdup(va_arg(ap
, char *));
2708 case PWMD_OPTION_PINENTRY_TERM
:
2709 if (pwm
->pinentry_term
)
2710 pwmd_free(pwm
->pinentry_term
);
2712 pwm
->pinentry_term
= pwmd_strdup(va_arg(ap
, char *));
2714 case PWMD_OPTION_PINENTRY_TITLE
:
2716 pwmd_free(pwm
->title
);
2718 pwm
->title
= percent_escape(va_arg(ap
, char *));
2720 case PWMD_OPTION_PINENTRY_PROMPT
:
2722 pwmd_free(pwm
->prompt
);
2724 pwm
->prompt
= percent_escape(va_arg(ap
, char *));
2726 case PWMD_OPTION_PINENTRY_DESC
:
2728 pwmd_free(pwm
->desc
);
2730 pwm
->desc
= percent_escape(va_arg(ap
, char *));
2732 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
2734 pwmd_free(pwm
->lcctype
);
2736 pwm
->lcctype
= pwmd_strdup(va_arg(ap
, char *));
2738 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
2739 if (pwm
->lcmessages
)
2740 pwmd_free(pwm
->lcmessages
);
2742 pwm
->lcmessages
= pwmd_strdup(va_arg(ap
, char *));
2745 case PWMD_OPTION_IP_VERSION
:
2746 n
= va_arg(ap
, int);
2755 error
= GPG_ERR_INV_VALUE
;
2763 error
= GPG_ERR_NOT_IMPLEMENTED
;
2771 gpg_error_t
pwmd_get_fds(pwm_t
*pwm
, pwmd_fd_t
*fds
, int *n_fds
)
2776 int afds
[ARES_GETSOCK_MAXNUM
];
2781 if (!pwm
|| !fds
|| !n_fds
|| *n_fds
<= 0)
2782 return GPG_ERR_INV_ARG
;
2786 memset(afds
, 0, sizeof(int)*ARES_GETSOCK_MAXNUM
);
2788 memset(fds
, 0, sizeof(pwmd_fd_t
)*in_total
);
2793 case ASYNC_CMD_NONE
:
2794 case ASYNC_CMD_OPEN
:
2795 case ASYNC_CMD_SAVE
:
2796 #ifdef WITH_PINENTRY
2800 return GPG_ERR_INV_STATE
;
2803 fds
[fd
].fd
= pwm
->fd
;
2804 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2806 #ifdef WITH_PINENTRY
2807 case ASYNC_CMD_OPEN2
:
2808 case ASYNC_CMD_SAVE2
:
2809 /* The command has already completed (cached or new). */
2810 if (pwm
->state
== ASYNC_DONE
)
2813 if (pwm
->nb_fd
== -1)
2814 return GPG_ERR_INV_STATE
;
2817 fds
[fd
].fd
= pwm
->nb_fd
;
2818 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2823 if (!pwm
->tcp_conn
|| !pwm
->tcp_conn
->chan
)
2824 return GPG_ERR_INV_STATE
;
2826 n
= ares_getsock(pwm
->tcp_conn
->chan
, afds
, ARES_GETSOCK_MAXNUM
);
2828 for (i
= 0; i
< ARES_GETSOCK_MAXNUM
; i
++) {
2831 if (fd
> in_total
) {
2833 return GPG_ERR_ERANGE
;
2836 if (ARES_GETSOCK_READABLE(n
, i
)) {
2838 fds
[fd
].flags
|= PWMD_FD_READABLE
;
2841 if (ARES_GETSOCK_WRITABLE(n
, i
)) {
2843 fds
[fd
].flags
|= PWMD_FD_WRITABLE
;
2847 fds
[fd
++].fd
= afds
[i
];
2852 case ASYNC_CMD_CONNECT
:
2853 case ASYNC_CMD_HOSTKEY
:
2854 if (!pwm
->tcp_conn
|| pwm
->tcp_conn
->fd
== -1)
2855 return GPG_ERR_INV_STATE
;
2858 fds
[fd
].fd
= pwm
->tcp_conn
->fd
;
2859 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2864 return GPG_ERR_INV_STATE
;
2867 pwm_t
*pwmd_new(const char *name
)
2869 pwm_t
*h
= pwmd_calloc(1, sizeof(pwm_t
));
2875 h
->name
= pwmd_strdup(name
);
2884 #ifdef WITH_PINENTRY
2887 h
->pinentry_timeout
= -30;
2888 h
->pinentry_tries
= 3;
2890 h
->prot
= PWMD_IP_ANY
;
2895 void pwmd_free(void *ptr
)
2900 void *pwmd_malloc(size_t size
)
2902 return xmalloc(size
);
2905 void *pwmd_calloc(size_t nmemb
, size_t size
)
2907 return xcalloc(nmemb
, size
);
2910 void *pwmd_realloc(void *ptr
, size_t size
)
2912 return xrealloc(ptr
, size
);
2915 char *pwmd_strdup(const char *str
)
2917 return xstrdup(str
);
2920 char *pwmd_strdup_printf(const char *fmt
, ...)
2931 len
= vsnprintf(NULL
, 0, fmt
, ap
);
2933 buf
= pwmd_malloc(++len
);
2936 vsnprintf(buf
, len
, fmt
, ap2
);