src/pinentry.c

   1 /*
   2     Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015,
   3     2016
   4     Ben Kibbey <bjk@luxsci.net>
   5
   6     This file is part of libpwmd.
   7
   8     Libpwmd is free software: you can redistribute it and/or modify
   9     it under the terms of the GNU General Public License as published by
  10     the Free Software Foundation, either version 2 of the License, or
  11     (at your option) any later version.
  12
  13     Libpwmd is distributed in the hope that it will be useful,
  14     but WITHOUT ANY WARRANTY; without even the implied warranty of
  15     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16     GNU General Public License for more details.
  17
  18     You should have received a copy of the GNU General Public License
  19     along with Libpwmd.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 #ifdef HAVE_CONFIG_H
  22 #include <config.h>
  23 #endif
  24
  25 #include <sys/types.h>
  26 #include <errno.h>
  27 #include <stdlib.h>
  28 #include <limits.h>
  29
  30 #ifdef HAVE_STRING_H
  31 #include <string.h>
  32 #endif
  33
  34 #include "pinentry.h"
  35 #include "misc.h"
  36
  37 #ifdef WITH_QUALITY
  38 #include "zxcvbn.h"
  39 #include <crack.h>
  40 #endif
  41
  42 static gpg_error_t set_pinentry_strings (pwm_t * pwm, pwmd_pinentry_t which);
  43
  44 static gpg_error_t
  45 launch_pinentry (pwm_t * pwm)
  46 {
  47   int rc;
  48   assuan_context_t ctx;
  49   int child_list[] = { -1 };
  50   const char *argv[10];
  51   const char **p = argv;
  52   static struct assuan_malloc_hooks mhooks = {
  53     pwmd_malloc, pwmd_realloc, pwmd_free
  54   };
  55
  56   update_pinentry_settings (pwm);
  57   if (!pwm->pinentry_display && !pwm->pinentry_tty)
  58     return GPG_ERR_ENOTTY;
  59
  60   *p++ = "pinentry";
  61   *p++ = pwm->pinentry_display ? "--display" : "--ttyname";
  62   *p++ = pwm->pinentry_display ? pwm->pinentry_display : pwm->pinentry_tty;
  63
  64   if (pwm->pinentry_lcctype)
  65     {
  66       *p++ = "--lc-ctype";
  67       *p++ = pwm->pinentry_lcctype;
  68     }
  69
  70   if (pwm->pinentry_lcmessages)
  71     {
  72       *p++ = "--lc-messages";
  73       *p++ = pwm->pinentry_lcmessages;
  74     }
  75
  76   *p = NULL;
  77
  78   if (!pwm->pinentry_display)
  79     {
  80       *p++ = "--ttytype";
  81       *p++ = pwm->pinentry_term ? pwm->pinentry_term : getenv ("TERM");
  82       *p = NULL;
  83     }
  84
  85   rc = assuan_new_ext (&ctx, GPG_ERR_SOURCE_PINENTRY, &mhooks, NULL, NULL);
  86   if (rc)
  87     return rc;
  88
  89   rc = assuan_pipe_connect (ctx,
  90                             pwm->pinentry_path ? pwm->
  91                             pinentry_path : PINENTRY_PATH, argv, child_list,
  92                             NULL, NULL, 0);
  93   if (rc)
  94     {
  95       assuan_release (ctx);
  96       return rc;
  97     }
  98
  99   pwm->pinentry_pid = assuan_get_pid (ctx);
 100   pwm->pctx = ctx;
 101   rc = set_pinentry_strings (pwm, 0);
 102   if (rc)
 103     _pinentry_disconnect (pwm);
 104
 105   return rc;
 106 }
 107
 108 static gpg_error_t
 109 pinentry_command (pwm_t * pwm, char **result, size_t * len, const char *cmd)
 110 {
 111   if (len)
 112     *len = 0;
 113
 114   if (result)
 115     *result = NULL;
 116
 117   if (!pwm->pctx)
 118     {
 119       gpg_error_t rc = launch_pinentry (pwm);
 120
 121       if (rc)
 122         return rc;
 123     }
 124
 125   return _assuan_command (pwm, pwm->pctx, result, len, cmd);
 126 }
 127
 128 #ifdef WITH_QUALITY
 129 static gpg_error_t
 130 quality_cb (void *data, const char *line)
 131 {
 132 #define MAX_ENTROPY 80 // in bits
 133   pwm_t *pwm = data;
 134   char buf[5];
 135   double match;
 136
 137   if (strncmp (line, "QUALITY ", 8))
 138     return GPG_ERR_INV_ARG;
 139
 140   match = ZxcvbnMatch (line+8, NULL, NULL);
 141   match = (match/MAX_ENTROPY)*100;
 142   snprintf (buf, sizeof (buf), "%u", (unsigned)match);
 143   return assuan_send_data (pwm->pctx, buf, strlen (buf));
 144 }
 145 #endif
 146
 147 static gpg_error_t
 148 set_pinentry_strings (pwm_t * pwm, pwmd_pinentry_t which)
 149 {
 150   char *tmp, *desc = NULL;
 151   gpg_error_t rc;
 152
 153   if (which != PWMD_PINENTRY_USER)
 154     {
 155       rc = pinentry_command (pwm, NULL, NULL, "SETERROR ");
 156       if (rc)
 157         return rc;
 158     }
 159
 160   tmp = pwmd_malloc (ASSUAN_LINELENGTH + 1);
 161   if (!tmp)
 162     return gpg_error_from_errno (ENOMEM);
 163
 164   if (!pwm->pinentry_prompt)
 165     {
 166       pwm->pinentry_prompt = pwmd_strdup (N_("Passphrase:"));
 167       if (!pwm->pinentry_prompt)
 168         {
 169           pwmd_free (tmp);
 170           return GPG_ERR_ENOMEM;
 171         }
 172     }
 173
 174   if (!pwm->pinentry_desc)
 175     {
 176       if (which == PWMD_PINENTRY_OPEN || which == PWMD_PINENTRY_OPEN_FAILED)
 177         {
 178           if (pwm->passphrase_hint && pwm->passphrase_info)
 179             {
 180               char *hint = pwmd_strdup (pwm->passphrase_hint), *hintp = hint;
 181               char *info = pwmd_strdup (pwm->passphrase_info), *infop = info;
 182               char *userid = strchr (hint, ' ');
 183
 184               if (userid && *userid)
 185                 *userid++ = 0;
 186
 187               infop = strchr (info, ' ');
 188               if (infop && *infop)
 189                 {
 190                   char *p = strchr (++infop, ' ');
 191
 192                   if (p)
 193                     infop[strlen(infop)-strlen(p)] = 0;
 194                 }
 195
 196               hintp += 8;
 197               infop += 8;
 198               desc = pwmd_strdup_printf (N_
 199                                          ("Please enter the passphrase to unlock the OpenPGP secret key:%%0A%%0AClient: %s%%0AData file: %s%%0AKey id: %s (0x%s)%%0AMain key ID: 0x%s"), pwm->name ? pwm->name : N_("unknown"), pwm->filename, userid, hintp, infop);
 200               pwmd_free (hint);
 201               pwmd_free (info);
 202             }
 203           else
 204             {
 205               desc = pwmd_strdup_printf (N_ ("A passphrase is required to decrypt the encrypted data file \"%s\". Please enter the passphrase below."), pwm->filename);
 206             }
 207         }
 208       else if (which == PWMD_PINENTRY_SAVE
 209                || which == PWMD_PINENTRY_SAVE_FAILED)
 210         desc =
 211           pwmd_strdup_printf (N_
 212                               ("Please enter the passphrase to use to encrypt the data file \"%s\"."),
 213                               pwm->filename);
 214       else if (which == PWMD_PINENTRY_SAVE_CONFIRM)
 215         desc =
 216           pwmd_strdup_printf (N_
 217                               ("Please re-enter the passphrase for confirmation."),
 218                               pwm->filename);
 219
 220       if (!desc)
 221         {
 222           pwmd_free (tmp);
 223           return GPG_ERR_ENOMEM;
 224         }
 225     }
 226   else
 227     desc = pwm->pinentry_desc;
 228
 229   if (which == PWMD_PINENTRY_USER)
 230     {
 231       snprintf (tmp, ASSUAN_LINELENGTH, "SETERROR %s",
 232                 pwm->pinentry_error ? pwm->pinentry_error : "");
 233       rc = pinentry_command (pwm, NULL, NULL, tmp);
 234       if (rc)
 235         {
 236           pwmd_free (tmp);
 237           return rc;
 238         }
 239
 240       snprintf (tmp, ASSUAN_LINELENGTH, "SETDESC %s",
 241                 pwm->pinentry_desc ? pwm->pinentry_desc : "");
 242     }
 243   else
 244     {
 245       if (which == PWMD_PINENTRY_SAVE_FAILED
 246           || which == PWMD_PINENTRY_OPEN_FAILED)
 247         {
 248           if (which == PWMD_PINENTRY_SAVE_FAILED)
 249             snprintf (tmp, ASSUAN_LINELENGTH, "SETERROR %s",
 250                       N_("Passphrases do not match, try again."));
 251           else
 252             {
 253               if (pwm->pinentry_tries)
 254                 {
 255                   strcpy (tmp, "SETERROR ");
 256                   snprintf (tmp + strlen ("SETERROR "), ASSUAN_LINELENGTH,
 257                             N_("Bad passphrase (try %i of %i)"),
 258                             pwm->pinentry_try + 1, pwm->pinentry_tries);
 259                 }
 260               else
 261                 snprintf (tmp, ASSUAN_LINELENGTH, "SETERROR %s",
 262                           N_("Bad passphrase, try again"));
 263             }
 264
 265           rc = pinentry_command (pwm, NULL, NULL, tmp);
 266           if (rc)
 267             {
 268               pwmd_free (tmp);
 269               return rc;
 270             }
 271         }
 272
 273       snprintf (tmp, ASSUAN_LINELENGTH, "SETDESC %s", desc);
 274
 275       if (pwm->pinentry_desc != desc)
 276         pwmd_free (desc);
 277     }
 278
 279   rc = pinentry_command (pwm, NULL, NULL, tmp);
 280   if (rc)
 281     {
 282       pwmd_free (tmp);
 283       return rc;
 284     }
 285
 286   snprintf (tmp, ASSUAN_LINELENGTH, "SETPROMPT %s", pwm->pinentry_prompt);
 287   rc = pinentry_command (pwm, NULL, NULL, tmp);
 288   pwmd_free (tmp);
 289
 290 #ifdef WITH_QUALITY
 291   if (!rc && (which == PWMD_PINENTRY_SAVE ||
 292               which == PWMD_PINENTRY_SAVE_FAILED))
 293     {
 294       rc = pinentry_command (pwm, NULL, NULL, "SETQUALITYBAR");
 295       if (!rc)
 296         {
 297           pwm->_inquire_func = quality_cb;
 298           pwm->_inquire_data = pwm;
 299         }
 300     }
 301 #endif
 302
 303   if (!rc && pwm->pinentry_timeout >= 0)
 304     {
 305       char buf[32];
 306
 307       snprintf(buf, sizeof(buf), "SETTIMEOUT %i", pwm->pinentry_timeout);
 308       rc = pinentry_command(pwm, NULL, NULL, buf);
 309     }
 310
 311   return rc;
 312 }
 313
 314 void
 315 _pinentry_disconnect (pwm_t * pwm)
 316 {
 317   if (pwm->pctx)
 318     assuan_release (pwm->pctx);
 319
 320   pwm->pctx = NULL;
 321   pwm->pinentry_pid = -1;
 322 }
 323
 324 gpg_error_t
 325 _getpin (pwm_t * pwm, char **result, size_t * len, pwmd_pinentry_t which)
 326 {
 327   gpg_error_t rc = set_pinentry_strings (pwm, which);
 328
 329   if (rc)
 330     {
 331       _pinentry_disconnect (pwm);
 332       return rc;
 333     }
 334
 335   rc = pinentry_command (pwm, result, len,
 336                          which == PWMD_PINENTRY_CONFIRM ? "CONFIRM" : "GETPIN");
 337   if (rc)
 338     {
 339       _pinentry_disconnect (pwm);
 340
 341       /* This lets PWMD_OPTION_PINENTRY_TIMEOUT work. Note that it is not
 342        * thread safe do to the global variables. */
 343       if (gpg_err_code (rc) == GPG_ERR_EOF)
 344         rc = GPG_ERR_CANCELED;
 345     }
 346   else if (which != PWMD_PINENTRY_CONFIRM && len && result)
 347     {
 348       if (*len)
 349         *len = strlen (*result);        // remove the null byte
 350       else
 351         {
 352           *result = pwmd_malloc (1);
 353           *(*result) = 0;
 354           *len = 1;
 355         }
 356     }
 357
 358   return rc;
 359 }
 360
 361 gpg_error_t
 362 _pwmd_getpin (pwm_t * pwm, const char *filename, char **result,
 363               size_t * len, pwmd_pinentry_t which)
 364 {
 365   gpg_error_t rc;
 366   char *p;
 367
 368   if (!pwm)
 369     return GPG_ERR_INV_ARG;
 370
 371   p = pwm->filename;
 372   if (which == PWMD_PINENTRY_CLOSE)
 373     {
 374       _pinentry_disconnect (pwm);
 375       return 0;
 376     }
 377
 378   if (!result && which != PWMD_PINENTRY_CONFIRM)
 379     return GPG_ERR_INV_ARG;
 380
 381   pwm->filename = (char *) filename;
 382   rc = _getpin (pwm, result, len, which);
 383   pwm->filename = p;
 384   return rc;
 385 }