search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'master' into exp
[libpwmd.git] / libpwmd.c
blob8d742971337191ad83ae9e6053ee7815a8e8a98c
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2008 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
18 */
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <err.h>
23 #include <errno.h>
24 #include <ctype.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/un.h>
28 #include <signal.h>
29 #include <stdarg.h>
30 #include <string.h>
31 #include <sys/wait.h>
32 #include <fcntl.h>
33 #include <pwd.h>
34 #include <time.h>
35 #include <sys/types.h>
36 #include <limits.h>
37 #include <sys/select.h>
38 #include <netdb.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
41 #include <libpwmd.h>
42
43 #ifdef HAVE_CONFIG_H
44 #include <config.h>
45 #endif
46
47 #ifdef HAVE_LIBGNUTLS
48 #include <gnutls/gnutls.h>
49 #include <gnutls/x509.h>
50 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
51 #include <event.h>
52 #include <evdns.h>
53 #endif
54
55 #ifdef HAVE_ASSUAN_H
56 #include <assuan.h>
57 #endif
58
59 #ifdef HAVE_SETLOCALE
60 #include <locale.h>
61 #endif
62
63 #include "gettext.h"
64 #define N_(msgid) dgettext("libpwmd", msgid)
65
66 #ifndef MEM_DEBUG
67 #include "mem.h"
68 #else
69 #define xfree free
70 #define xrealloc realloc
71 #define xmalloc malloc
72 #define xstrdup strdup
73 #define xcalloc calloc
74 #endif
75
76 #include "types.h"
77
78 #ifdef WITH_PINENTRY
79 static pwm_t *gpwm;
80 static int gelapsed, gtimeout;
81 static gpg_error_t pinentry_command(pwm_t *pwm, char **result, const char *cmd);
82 static gpg_error_t global_error;
83 #endif
84
85 const char *pwmd_strerror(gpg_error_t e)
86 {
87 gpg_err_code_t code = gpg_err_code(e);
88
89 if (code >= GPG_ERR_USER_1 && code < gpg_err_code(EPWMD_MAX)) {
90 switch (code) {
91 case GPG_ERR_USER_1:
92 default:
93 return N_("Unknown error");
94 case GPG_ERR_USER_2:
95 return N_("No cache slots available");
96 case GPG_ERR_USER_3:
97 return N_("Recursion loop");
98 case GPG_ERR_USER_4:
99 return N_("No file is open");
100 case GPG_ERR_USER_5:
101 return N_("General LibXML error");
102 case GPG_ERR_USER_6:
103 return N_("File modified");
104 }
105 }
106
107 return gpg_strerror(e);
108 }
109
110 gpg_error_t pwmd_init()
111 {
112 #ifdef HAVE_LIBGNUTLS
113 gnutls_global_set_mem_functions(xmalloc, xmalloc, NULL, xrealloc, xfree);
114 gnutls_global_init ();
115 event_init();
116 evdns_init();
117 #endif
118 #ifdef ENABLE_NLS
119 bindtextdomain("libpwmd", LOCALEDIR);
120 #endif
121 gpg_err_init();
122 assuan_set_malloc_hooks(xmalloc, xrealloc, xfree);
123 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT);
124 return 0;
125 }
126
127 static pwm_t *_socket_connect_finalize(pwm_t *pwm, assuan_context_t ctx)
128 {
129 int active[2];
130 int n = assuan_get_active_fds(ctx, 0, active, sizeof(active));
131
132 pwm->fd = n <= 0 ? -1 : dup(active[0]);
133 pwm->ctx = ctx;
134 #ifdef WITH_PINENTRY
135 pwm->pid = -1;
136 pwm->pinentry_tries = 3;
137 #endif
138 assuan_set_pointer(ctx, pwm);
139 return pwm;
140 }
141
142 #ifdef HAVE_LIBGNUTLS
143 static int read_hook(assuan_context_t ctx, assuan_fd_t fd, void *data,
144 size_t len, ssize_t *ret)
145 {
146 pwm_t *pwm = assuan_get_pointer(ctx);
147
148 if (!pwm || !pwm->session)
149 *ret = read((int)fd, data, len);
150 else {
151 do {
152 *ret = gnutls_record_recv(pwm->session, data, len);
153
154 if (*ret == GNUTLS_E_REHANDSHAKE) {
155 *ret = gnutls_rehandshake(pwm->session);
156
157 if (*ret == GNUTLS_E_WARNING_ALERT_RECEIVED ||
158 *ret == GNUTLS_A_NO_RENEGOTIATION) {
159 fprintf(stderr, "%s", gnutls_strerror(*ret));
160 continue;
161 }
162
163 if (*ret != GNUTLS_E_SUCCESS) {
164 fprintf(stderr, "%s", gnutls_strerror(*ret));
165 *ret = 0;
166 break;
167 }
168
169 *ret = gnutls_handshake(pwm->session);
170
171 if (*ret != GNUTLS_E_SUCCESS) {
172 fprintf(stderr, "%s", gnutls_strerror(*ret));
173 *ret = 0;
174 break;
175 }
176
177 continue;
178 }
179 } while (*ret == GNUTLS_E_INTERRUPTED || *ret == GNUTLS_E_AGAIN);
180 }
181
182 return *ret <= 0 ? 0 : 1;
183 }
184
185 static int write_hook(assuan_context_t ctx, assuan_fd_t fd, const void *data,
186 size_t len, ssize_t *ret)
187 {
188 pwm_t *pwm = assuan_get_pointer(ctx);
189
190 if (!pwm || !pwm->session)
191 *ret = write((int)fd, data, len);
192 else {
193 do {
194 *ret = gnutls_record_send(pwm->session, data, len);
195 } while (*ret == GNUTLS_E_INTERRUPTED || *ret == GNUTLS_E_AGAIN);
196 }
197
198 return *ret <= 0 ? 0 : 1;
199 }
200
201 static void _tls_deinit(pwm_t *pwm)
202 {
203 if (pwm->session) {
204 //FIXME hangs when missing cert
205 gnutls_bye(pwm->session, GNUTLS_SHUT_RDWR);
206 gnutls_deinit(pwm->session);
207 }
208
209 if (pwm->x509)
210 gnutls_certificate_free_credentials(pwm->x509);
211 }
212
213 static gpg_error_t verify_certificate(pwm_t *pwm)
214 {
215 unsigned int status;
216 const gnutls_datum_t *cert_list;
217 unsigned int cert_list_size;
218 int i;
219 gnutls_x509_crt_t cert;
220 gpg_error_t rc;
221
222 rc = gnutls_certificate_verify_peers2(pwm->session, &status);
223
224 if (rc < 0)
225 return GPG_ERR_UNKNOWN_ERRNO;
226
227 if (status & GNUTLS_CERT_INVALID)
228 return GPG_ERR_MISSING_CERT;
229
230 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
231 return GPG_ERR_BAD_SIGNATURE;
232
233 if (status & GNUTLS_CERT_REVOKED)
234 return GPG_ERR_CERT_REVOKED;
235
236 if (gnutls_certificate_type_get(pwm->session) != GNUTLS_CRT_X509)
237 return GPG_ERR_UNSUPPORTED_CERT;
238
239 if (gnutls_x509_crt_init(&cert) < 0)
240 return gpg_error_from_errno(ENOMEM);
241
242 cert_list = gnutls_certificate_get_peers (pwm->session, &cert_list_size);
243
244 if (!cert_list) {
245 rc = GPG_ERR_MISSING_CERT;
246 goto done;
247 }
248
249 for (i = 0; i < cert_list_size; i++) {
250 if (gnutls_x509_crt_import(cert, &cert_list[i], GNUTLS_X509_FMT_DER) < 0) {
251 rc = GPG_ERR_BAD_CERT_CHAIN;
252 goto done;
253 }
254 }
255
256 /* Beware here we do not check for errors.
257 */
258 if (gnutls_x509_crt_get_expiration_time(cert) < time (0)) {
259 rc = GPG_ERR_CERT_EXPIRED;
260 goto done;
261 }
262
263 if (gnutls_x509_crt_get_activation_time(cert) > time (0)) {
264 rc = GPG_ERR_CERT_TOO_YOUNG;
265 goto done;
266 }
267
268 #if 0
269 if (!gnutls_x509_crt_check_hostname (cert, hostname))
270 {
271 printf ("The certificate's owner does not match hostname '%s'\n",
272 hostname);
273 return 1;
274 }
275 #endif
276
277 done:
278 gnutls_x509_crt_deinit(cert);
279 return rc;
280 }
281
282 //FIXME return codes
283 static gpg_error_t _tls_init(pwm_t *pwm)
284 {
285 gpg_error_t rc;
286 const char *errstr;
287
288 rc = gnutls_certificate_allocate_credentials(&pwm->x509);
289
290 if (rc)
291 return gpg_error_from_errno(ENOMEM);
292
293 /* The client certificate must be signed by the CA of the pwmd server
294 * certificate in order for the client to authenticate successfully. Man in
295 * the middle attacks are still possible if the attacker is running a pwmd
296 * that doesn't require client certificate authentication. So require the
297 * client to verify the server certificate.
298 */
299 gnutls_certificate_set_x509_trust_file (pwm->x509, pwm->tcp_conn->ca,
300 GNUTLS_X509_FMT_PEM);
301
302 rc = gnutls_certificate_set_x509_key_file(pwm->x509, pwm->tcp_conn->cert,
303 pwm->tcp_conn->key, GNUTLS_X509_FMT_PEM);
304 rc = gnutls_init(&pwm->session, GNUTLS_CLIENT);
305 rc = gnutls_priority_set_direct(pwm->session, "SECURE256", &errstr);
306 rc = gnutls_credentials_set(pwm->session, GNUTLS_CRD_CERTIFICATE, pwm->x509);
307 gnutls_transport_set_ptr(pwm->session,
308 (gnutls_transport_ptr_t)pwm->tcp_conn->fd);
309 rc = gnutls_handshake(pwm->session);
310
311 if (rc < 0) {
312 gnutls_perror (rc);
313 rc = GPG_ERR_INV_CIPHER_MODE;
314 _tls_deinit(pwm);
315 return rc;
316 }
317
318 rc = verify_certificate(pwm);
319 if (rc)
320 _tls_deinit(pwm);
321 return rc;
322 }
323
324 static void _tls_assuan_deinit(assuan_context_t ctx)
325 {
326 pwm_t *pwm = assuan_get_pointer(ctx);
327
328 _tls_deinit(pwm);
329 }
330
331 static void free_tcp_conn(pwmd_tcp_conn_t *conn)
332 {
333 if (!conn)
334 return;
335
336 if (conn->cert)
337 xfree(conn->cert);
338
339 if (conn->key)
340 xfree(conn->key);
341
342 if (conn->ca)
343 xfree(conn->ca);
344
345 if (conn->host)
346 xfree(conn->host);
347
348 xfree(conn);
349 }
350
351 /*
352 * Sets common options from both pwmd_tcp_connect() and
353 * pwmd_tcp_connect_async().
354 */
355 static gpg_error_t init_tcp_conn(pwmd_tcp_conn_t **dst, char *host, int port,
356 const char *cert, const char *key, const char *ca)
357 {
358 char buf[PATH_MAX];
359 struct passwd *pw = getpwuid(getuid());
360 pwmd_tcp_conn_t *conn;
361 gpg_error_t rc = 0;
362
363 if (!host)
364 return GPG_ERR_INV_ARG;
365
366 conn = xcalloc(1, sizeof(pwmd_tcp_conn_t));
367 if (!conn)
368 return gpg_error_from_errno(ENOMEM);
369
370 conn->port = port == -1 ? 6466 : port;
371 conn->host = xstrdup(host);
372
373 if (!conn->host) {
374 rc = gpg_error_from_syserror();
375 goto fail;
376 }
377
378 if (!cert) {
379 snprintf(buf, sizeof(buf), "%s/.pwmd/client-cert.pem", pw->pw_dir);
380 conn->cert = xstrdup(buf);
381 }
382 else
383 conn->cert = xstrdup(cert);
384
385 if (!conn->cert) {
386 rc = gpg_error_from_syserror();
387 goto fail;
388 }
389
390 if (!key) {
391 snprintf(buf, sizeof(buf), "%s/.pwmd/client-key.pem", pw->pw_dir);
392 conn->key = xstrdup(buf);
393 }
394 else
395 conn->key = xstrdup(key);
396
397 if (!conn->key) {
398 rc = gpg_error_from_syserror();
399 goto fail;
400 }
401
402 if (!ca) {
403 snprintf(buf, sizeof(buf), "%s/.pwmd/ca-cert.pem", pw->pw_dir);
404 conn->ca = xstrdup(buf);
405 }
406 else
407 conn->ca = xstrdup(ca);
408
409 if (!conn->ca) {
410 rc = gpg_error_from_syserror();
411 goto fail;
412 }
413
414 conn->fd = socket(PF_INET, SOCK_STREAM, 0);
415
416 if (conn->fd == -1) {
417 rc = gpg_error_from_syserror();
418 goto fail;
419 }
420
421 *dst = conn;
422 return 0;
423
424 fail:
425 free_tcp_conn(conn);
426 return rc;
427 }
428
429 static gpg_error_t do_connect(pwm_t *pwm, void *addr)
430 {
431 struct sockaddr_in their_addr;
432
433 pwm->cmd = ASYNC_CMD_CONNECT;
434 their_addr.sin_family = AF_INET;
435 their_addr.sin_port = htons(pwm->tcp_conn->port);
436 their_addr.sin_addr = *((struct in_addr *)addr);
437 memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
438
439 if (connect(pwm->tcp_conn->fd, (struct sockaddr *)&their_addr,
440 sizeof(their_addr)) == -1)
441 return gpg_error_from_syserror();
442
443 return 0;
444 }
445
446 static void dns_resolve_cb(int result, char type, int count, int ttl,
447 void *addrs, void *arg)
448 {
449 pwm_t *pwm = arg;
450
451 if (result != DNS_ERR_NONE) {
452 switch (result) {
453 case DNS_ERR_NOTEXIST:
454 pwm->tcp_conn->rc = GPG_ERR_UNKNOWN_HOST;
455 break;
456 case DNS_ERR_SERVERFAILED:
457 pwm->tcp_conn->rc = GPG_ERR_EHOSTDOWN;
458 break;
459 case DNS_ERR_TIMEOUT:
460 pwm->tcp_conn->rc = GPG_ERR_TIMEOUT;
461 break;
462 default:
463 //FIXME
464 pwm->tcp_conn->rc = GPG_ERR_EHOSTUNREACH;
465 break;
466 }
467
468 return;
469 }
470
471 fcntl(pwm->tcp_conn->fd, F_SETFL, O_NONBLOCK);
472 pwm->tcp_conn->rc = do_connect(pwm, &addrs[0]);
473 }
474
475 pwm_t *pwmd_tcp_connect_async(char *host, int port, gpg_error_t *rc,
476 const char *cert, const char *key, const char *ca)
477 {
478 #ifndef HAVE_LIBGNUTLS
479 *rc = GPG_ERR_NOT_IMPLEMENTED;
480 return NULL;
481 #else
482 pwmd_tcp_conn_t *conn;
483 pwm_t *pwm;
484
485 *rc = init_tcp_conn(&conn, host, port, cert, key, ca);
486
487 if (*rc)
488 return NULL;
489
490 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
491 *rc = gpg_error_from_syserror();
492 free_tcp_conn(conn);
493 return NULL;
494 }
495
496 pwm->tcp_conn = conn;
497 pwm->cmd = ASYNC_CMD_DNS;
498 pwm->state = ASYNC_PROCESS;
499 evdns_resolv_conf_parse(DNS_OPTIONS_ALL, "/etc/resolv.conf");
500 evdns_resolve_ipv4(pwm->tcp_conn->host, 0, dns_resolve_cb, pwm);
501 return pwm;
502 #endif
503 }
504
505 static pwm_t *setup_context(pwm_t *pwm, gpg_error_t *rc)
506 {
507 assuan_context_t ctx;
508 struct assuan_io_hooks io_hooks = {read_hook, write_hook};
509 int fd = pwm->tcp_conn->fd;
510
511 *rc = _tls_init(pwm);
512 free_tcp_conn(pwm->tcp_conn);
513 pwm->tcp_conn = NULL;
514
515 if (*rc)
516 goto fail;
517
518 assuan_set_io_hooks(&io_hooks);
519 *rc = assuan_socket_connect_fd(&ctx, fd, 0, pwm);
520
521 if (*rc)
522 goto fail;
523
524 assuan_set_finish_handler(ctx, _tls_assuan_deinit);
525 return _socket_connect_finalize(pwm, ctx);
526
527 fail:
528 _tls_deinit(pwm);
529 xfree(pwm);
530 return NULL;
531 }
532
533 pwm_t *pwmd_tcp_connect(char *host, int port, gpg_error_t *rc, const char *cert,
534 const char *key, const char *ca)
535 {
536 struct hostent *he;
537 pwm_t *pwm = NULL;
538 pwmd_tcp_conn_t *conn;
539
540 *rc = init_tcp_conn(&conn, host, port, cert, key, ca);
541
542 if (*rc)
543 return NULL;
544
545 if ((he = gethostbyname(conn->host)) == NULL) {
546 // FIXME
547 *rc = gpg_error_from_syserror();
548 free_tcp_conn(conn);
549 return NULL;
550 }
551
552 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
553 *rc = gpg_error_from_syserror();
554 goto fail;
555 }
556
557 pwm->tcp_conn = conn;
558 *rc = do_connect(pwm, he->h_addr);
559
560 if (*rc)
561 goto fail;
562
563 return setup_context(pwm, rc);
564
565 fail:
566 xfree(pwm);
567
568 if (conn->fd >= 0)
569 close(conn->fd);
570
571 free_tcp_conn(conn);
572 return NULL;
573 }
574 #endif
575
576 pwm_t *pwmd_connect(const char *path, gpg_error_t *rc)
577 {
578 pwm_t *pwm = NULL;
579 char *socketpath = NULL;
580 struct passwd *pw;
581 assuan_context_t ctx;
582
583 if (!path) {
584 pw = getpwuid(getuid());
585 socketpath = (char *)xmalloc(strlen(pw->pw_dir) + strlen("/.pwmd/socket") + 1);
586 sprintf(socketpath, "%s/.pwmd/socket", pw->pw_dir);
587 }
588 else
589 socketpath = xstrdup(path);
590
591 *rc = assuan_socket_connect_ext(&ctx, socketpath, -1, 0);
592 xfree(socketpath);
593
594 if (*rc)
595 return NULL;
596
597 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
598 *rc = gpg_error_from_syserror();
599 return NULL;
600 }
601
602 return _socket_connect_finalize(pwm, ctx);
603 }
604
605 gpg_error_t pwmd_pending_line(pwm_t *pwm, char **line, size_t *len)
606 {
607 if (!pwm)
608 return GPG_ERR_INV_ARG;
609
610 if (assuan_pending_line(pwm->ctx))
611 return assuan_read_line(pwm->ctx, line, len);
612
613 return GPG_ERR_NO_DATA;
614 }
615
616 void pwmd_close(pwm_t *pwm)
617 {
618 if (!pwm)
619 return;
620
621 if (pwm->ctx)
622 assuan_disconnect(pwm->ctx);
623
624 if (pwm->password)
625 xfree(pwm->password);
626
627 if (pwm->title)
628 xfree(pwm->title);
629
630 if (pwm->desc)
631 xfree(pwm->desc);
632
633 if (pwm->prompt)
634 xfree(pwm->prompt);
635
636 if (pwm->pinentry_tty)
637 xfree(pwm->pinentry_tty);
638
639 if (pwm->pinentry_display)
640 xfree(pwm->pinentry_display);
641
642 if (pwm->pinentry_term)
643 xfree(pwm->pinentry_term);
644
645 if (pwm->filename)
646 xfree(pwm->filename);
647
648 xfree(pwm);
649 }
650
651 static int mem_realloc_cb(void *data, const void *buffer, size_t len)
652 {
653 membuf_t *mem = (membuf_t *)data;
654 void *p;
655
656 if (!buffer)
657 return 0;
658
659 if ((p = xrealloc(mem->buf, mem->len + len)) == NULL)
660 return 1;
661
662 mem->buf = p;
663 memcpy((char *)mem->buf + mem->len, buffer, len);
664 mem->len += len;
665 return 0;
666 }
667
668 void pwmd_free_result(void *data)
669 {
670 xfree(data);
671 }
672
673 static int _inquire_cb(void *data, const char *keyword)
674 {
675 pwm_t *pwm = (pwm_t *)data;
676 gpg_error_t rc = 0;
677 int flags = fcntl(pwm->fd, F_GETFL);
678
679 /* Shouldn't get this far without a callback. */
680 if (!pwm->inquire_func)
681 return GPG_ERR_INV_ARG;
682
683 /*
684 * Since the socket file descriptor is probably set to non-blocking, set to
685 * blocking to prevent GPG_ERR_EAGAIN errors. This should be fixes when
686 * asynchronous INQUIRE is supported by either libassuan or a later
687 * libpwmd.
688 */
689 fcntl(pwm->fd, F_SETFL, 0);
690
691 for (;;) {
692 char *result = NULL;
693 size_t len;
694 gpg_error_t arc;
695
696 rc = pwm->inquire_func(pwm->inquire_data, keyword, rc, &result, &len);
697 rc = gpg_err_code(rc);
698
699 if (rc == GPG_ERR_EOF || !rc) {
700 if (len <= 0 || !result || !*result) {
701 rc = 0;
702 break;
703 }
704
705 arc = assuan_send_data(pwm->ctx, result, len);
706
707 if (rc == GPG_ERR_EOF) {
708 rc = arc;
709 break;
710 }
711
712 rc = arc;
713 }
714 else if (rc)
715 break;
716 }
717
718 fcntl(pwm->fd, F_SETFL, flags);
719 return rc;
720 }
721
722 gpg_error_t pwmd_finalize(pwm_t *pwm)
723 {
724 if (!pwm || pwm->cmd == ASYNC_CMD_NONE || pwm->state != ASYNC_DONE)
725 return GPG_ERR_INV_ARG;
726
727 pwm->state = ASYNC_INIT;
728 pwm->cmd = ASYNC_CMD_NONE;
729
730 #ifdef HAVE_LIBGNUTLS
731 if (pwm->cmd == ASYNC_CMD_CONNECT || pwm->cmd == ASYNC_CMD_DNS) {
732 /* pwm is no longer a valid handle. */
733 if (pwm->tcp_conn->rc) {
734 free_tcp_conn(pwm->tcp_conn);
735 xfree(pwm);
736 }
737
738 free_tcp_conn(pwm->tcp_conn);
739 pwm->tcp_conn = NULL;
740 return 0;
741 }
742 #endif
743
744 if (pwm->fd < 0)
745 return GPG_ERR_INV_ARG;
746
747 pwm->state = ASYNC_INIT;
748 pwm->ntries = 0;
749 #ifdef WITH_PINENTRY
750 pwm->is_open_cmd = 0;
751 #endif
752 return 0;
753 }
754
755 static gpg_error_t do_nb_command(pwm_t *pwm, const char *cmd, const char *arg)
756 {
757 char *buf;
758 gpg_error_t rc;
759 size_t len = strlen(cmd) + 2;
760
761 len += arg ? strlen(arg) : 0;
762
763 if (pwm->state != ASYNC_INIT)
764 return GPG_ERR_UNEXPECTED;
765
766 buf = (char *)xmalloc(len);
767
768 if (!buf) {
769 rc = gpg_error_from_errno(ENOMEM);
770 goto fail;
771 }
772
773 snprintf(buf, len, "%s %s", cmd, arg ? arg : "");
774 rc = assuan_write_line(pwm->ctx, buf);
775 xfree(buf);
776
777 if (!rc)
778 pwm->state = ASYNC_PROCESS;
779
780 fail:
781 return rc;
782 }
783
784 gpg_error_t pwmd_open_async(pwm_t *pwm, const char *filename)
785 {
786 if (!pwm || !filename)
787 return GPG_ERR_INV_ARG;
788
789 /* For pinentry retries. */
790 if (!pwm->is_open_cmd) {
791 if (pwm->filename)
792 xfree(pwm->filename);
793
794 pwm->filename = xstrdup(filename);
795 }
796
797 pwm->is_open_cmd = 1;
798 return do_nb_command(pwm, "OPEN", filename);
799 }
800
801 gpg_error_t pwmd_save_async(pwm_t *pwm)
802 {
803 if (!pwm)
804 return GPG_ERR_INV_ARG;
805
806 return do_nb_command(pwm, "SAVE", NULL);
807 }
808
809 static gpg_error_t parse_assuan_line(pwm_t *pwm)
810 {
811 gpg_error_t rc;
812 char *line;
813 size_t len;
814
815 rc = assuan_read_line(pwm->ctx, &line, &len);
816
817 if (!rc) {
818 if (line[0] == 'O' && line[1] == 'K' &&
819 (line[2] == 0 || line[2] == ' ')) {
820 pwm->state = ASYNC_DONE;
821 }
822 else if (line[0] == '#') {
823 }
824 else if (line[0] == 'S' && (line[1] == 0 || line[1] == ' ')) {
825 if (pwm->status_func) {
826 pwm->status_func(pwm->status_data,
827 line[1] == 0 ? line+1 : line+2);
828 }
829 }
830 else if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R' &&
831 (line[3] == 0 || line[3] == ' ')) {
832 line += 4;
833 rc = atoi(line);
834 pwm->state = ASYNC_DONE;
835 }
836 }
837
838 return rc;
839 }
840
841 pwmd_async_t pwmd_process(pwm_t *pwm, gpg_error_t *rc)
842 {
843 fd_set fds;
844 int n;
845 struct timeval tv = {0, 0};
846
847 *rc = 0;
848
849 if (!pwm) {
850 *rc = GPG_ERR_INV_ARG;
851 return ASYNC_DONE;
852 }
853
854 #ifdef HAVE_LIBGNUTLS
855 if (pwm->cmd == ASYNC_CMD_DNS) {
856 if (pwm->tcp_conn->rc) {
857 *rc = pwm->tcp_conn->rc;
858 close(pwm->tcp_conn->fd);
859 pwm->state = ASYNC_DONE;
860 }
861
862 event_loop(EVLOOP_NONBLOCK);
863 return pwm->state;
864 }
865 else if (pwm->cmd == ASYNC_CMD_CONNECT) {
866 if (pwm->tcp_conn->rc == GPG_ERR_EINPROGRESS) {
867 int ret;
868 socklen_t len = sizeof(int);
869
870 FD_ZERO(&fds);
871 FD_SET(pwm->tcp_conn->fd, &fds);
872 n = select(pwm->tcp_conn->fd+1, NULL, &fds, NULL, &tv);
873
874 if (!n || !FD_ISSET(pwm->tcp_conn->fd, &fds))
875 return pwm->state;
876 else if (n == -1) {
877 *rc = gpg_error_from_syserror();
878 close(pwm->tcp_conn->fd);
879 pwm->state = ASYNC_DONE;
880 return pwm->state;
881 }
882
883 ret = getsockopt(pwm->tcp_conn->fd, SOL_SOCKET, SO_ERROR, &n, &len);
884 if (ret || n) {
885 *rc = ret ? gpg_error_from_syserror() : gpg_error_from_errno(n);
886 close(pwm->tcp_conn->fd);
887 pwm->state = ASYNC_DONE;
888 return pwm->state;
889 }
890 }
891 else if (pwm->tcp_conn->rc) {
892 *rc = pwm->tcp_conn->rc;
893 close(pwm->tcp_conn->fd);
894 pwm->state = ASYNC_DONE;
895 return pwm->state;
896 }
897
898 fcntl(pwm->tcp_conn->fd, F_SETFL, 0);
899 setup_context(pwm, rc);
900 pwm->state = ASYNC_DONE;
901 return pwm->state;
902 }
903 #endif
904
905 if (pwm->fd < 0) {
906 *rc = GPG_ERR_INV_ARG;
907 return ASYNC_DONE;
908 }
909 else if (pwm->state == ASYNC_DONE)
910 return pwm->state;
911 else if (pwm->state == ASYNC_INIT) {
912 *rc = GPG_ERR_UNEXPECTED;
913 return ASYNC_DONE;
914 }
915
916 FD_ZERO(&fds);
917 FD_SET(pwm->fd, &fds);
918 #ifdef WITH_LIBPTH
919 n = pth_select(pwm->fd+1, &fds, NULL, NULL, &tv);
920 #else
921 n = select(pwm->fd+1, &fds, NULL, NULL, &tv);
922 #endif
923
924 if (n > 0) {
925 if (FD_ISSET(pwm->fd, &fds))
926 *rc = parse_assuan_line(pwm);
927 }
928
929 while (!*rc && assuan_pending_line(pwm->ctx))
930 *rc = parse_assuan_line(pwm);
931
932 if (pwm->is_open_cmd && gpg_err_code(*rc) == EPWMD_BADKEY &&
933 ++pwm->ntries < pwm->pinentry_tries) {
934 pwm->state = ASYNC_INIT;
935 *rc = pwmd_open_async(pwm, pwm->filename);
936 }
937
938 return pwm->state;
939 }
940
941 static gpg_error_t assuan_command(pwm_t *pwm, assuan_context_t ctx,
942 char **result, const char *cmd)
943 {
944 membuf_t data;
945 gpg_error_t rc;
946
947 data.len = 0;
948 data.buf = NULL;
949
950 rc = assuan_transact(ctx, cmd, mem_realloc_cb, &data, _inquire_cb, pwm,
951 pwm->status_func, pwm->status_data);
952
953 if (rc) {
954 if (data.buf) {
955 xfree(data.buf);
956 data.buf = NULL;
957 }
958 }
959 else {
960 if (data.buf) {
961 mem_realloc_cb(&data, "", 1);
962 *result = (char *)data.buf;
963 }
964 }
965
966 return gpg_err_code(rc);
967 }
968
969 gpg_error_t pwmd_inquire(pwm_t *pwm, const char *cmd, pwmd_inquire_fn fn,
970 void *data)
971 {
972 if (!pwm || !cmd || !fn)
973 return GPG_ERR_INV_ARG;
974
975 pwm->inquire_func = fn;
976 pwm->inquire_data = data;
977 return assuan_command(pwm, pwm->ctx, NULL, cmd);
978 }
979
980 gpg_error_t pwmd_terminate_pinentry(pwm_t *pwm)
981 {
982 #ifndef WITH_PINENTRY
983 return GPG_ERR_NOT_IMPLEMENTED;
984 #else
985 if (!pwm || pwm->pid == -1)
986 return GPG_ERR_INV_ARG;
987
988 if (kill(pwm->pid, 0) == 0) {
989 if (kill(pwm->pid, SIGTERM) == -1) {
990 if (kill(pwm->pid, SIGKILL) == -1)
991 return gpg_error_from_errno(errno);
992 }
993
994 pwm->pin_error = GPG_ERR_TIMEOUT;
995 }
996 else
997 return gpg_error_from_errno(errno);
998
999 return 0;
1000 #endif
1001 }
1002
1003 #ifdef WITH_PINENTRY
1004 static gpg_error_t set_pinentry_strings(pwm_t *pwm, int which)
1005 {
1006 char *buf;
1007 char tmp[ASSUAN_LINELENGTH];
1008 gpg_error_t error;
1009
1010 if (!pwm->title)
1011 pwm->title = xstrdup(N_("LibPWMD"));
1012
1013 if (!pwm->prompt)
1014 pwm->prompt = xstrdup(N_("Password:"));
1015
1016 if (!pwm->desc && !which)
1017 pwm->desc = xstrdup(N_("Enter a password."));
1018
1019 if (which == 1) {
1020 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Invalid password, please try again."));
1021 buf = xstrdup(tmp);
1022 }
1023 else if (which == 2) {
1024 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Please type the password again for confirmation."));
1025 buf = xstrdup(tmp);
1026 }
1027 else {
1028 buf = (char *)xmalloc(strlen("SETERROR ") + strlen(pwm->desc) + 1);
1029 sprintf(buf, "SETERROR %s", pwm->desc);
1030 }
1031
1032 error = pinentry_command(pwm, NULL, buf);
1033 xfree(buf);
1034
1035 if (error)
1036 return error;
1037
1038 buf = (char *)xmalloc(strlen("SETPROMPT ") + strlen(pwm->prompt) + 1);
1039 sprintf(buf, "SETPROMPT %s", pwm->prompt);
1040 error = pinentry_command(pwm, NULL, buf);
1041 xfree(buf);
1042
1043 if (error)
1044 return error;
1045
1046 buf = (char *)xmalloc(strlen("SETDESC ") + strlen(pwm->title) + 1);
1047 sprintf(buf, "SETDESC %s", pwm->title);
1048 error = pinentry_command(pwm, NULL, buf);
1049 xfree(buf);
1050 return error;
1051 }
1052
1053 static void update_pinentry_settings(pwm_t *pwm)
1054 {
1055 FILE *fp;
1056 char buf[LINE_MAX];
1057 struct passwd *pw = getpwuid(getuid());
1058 char *p;
1059
1060 snprintf(buf, sizeof(buf), "%s/.pwmd/pinentry.conf", pw->pw_dir);
1061
1062 if ((fp = fopen(buf, "r")) == NULL)
1063 return;
1064
1065 while ((p = fgets(buf, sizeof(buf), fp)) != NULL) {
1066 char name[32], val[256];
1067
1068 if (sscanf(p, " %31[a-zA-Z] = %255s", name, val) != 2)
1069 continue;
1070
1071 if (strcasecmp(name, "TTYNAME") == 0) {
1072 xfree(pwm->pinentry_tty);
1073 pwm->pinentry_tty = xstrdup(val);
1074 }
1075 else if (strcasecmp(name, "TTYTYPE") == 0) {
1076 xfree(pwm->pinentry_term);
1077 pwm->pinentry_term = xstrdup(val);
1078 }
1079 else if (strcasecmp(name, "DISPLAY") == 0) {
1080 xfree(pwm->pinentry_display);
1081 pwm->pinentry_display = xstrdup(val);
1082 }
1083 else if (strcasecmp(name, "PATH") == 0) {
1084 xfree(pwm->pinentry_path);
1085 pwm->pinentry_path = xstrdup(val);
1086 }
1087 }
1088
1089 fclose(fp);
1090 }
1091
1092 static gpg_error_t launch_pinentry(pwm_t *pwm)
1093 {
1094 int rc;
1095 assuan_context_t ctx;
1096 int child_list[] = {-1};
1097 char *display = getenv("DISPLAY");
1098 const char *argv[6];
1099 int have_display = 0;
1100 char *tty = NULL;
1101
1102 update_pinentry_settings(pwm);
1103
1104 if (pwm->pinentry_display || display)
1105 have_display = 1;
1106 else {
1107 tty = pwm->pinentry_tty ? pwm->pinentry_tty : ttyname(STDOUT_FILENO);
1108
1109 if (!tty)
1110 return gpg_error_from_errno(errno);
1111 }
1112
1113 if (!have_display && !tty)
1114 return GPG_ERR_ENOTTY;
1115
1116 argv[0] = "pinentry";
1117 argv[1] = have_display ? "--display" : "--ttyname";
1118 argv[2] = have_display ? pwm->pinentry_display ? pwm->pinentry_display : display : tty;
1119 argv[3] = NULL;
1120
1121 if (!have_display) {
1122 argv[3] = "--ttytype";
1123 argv[4] = pwm->pinentry_term ? pwm->pinentry_term : getenv("TERM");
1124 argv[5] = NULL;
1125 }
1126
1127 rc = assuan_pipe_connect(&ctx, pwm->pinentry_path ? pwm->pinentry_path : PINENTRY_PATH, argv, child_list);
1128
1129 if (rc)
1130 return rc;
1131
1132 pwm->pid = assuan_get_pid(ctx);
1133 pwm->pctx = ctx;
1134 return set_pinentry_strings(pwm, 0);
1135 }
1136
1137 static gpg_error_t pinentry_command(pwm_t *pwm, char **result, const char *cmd)
1138 {
1139 gpg_error_t n;
1140
1141 if (!pwm->pctx) {
1142 n = launch_pinentry(pwm);
1143
1144 if (n)
1145 return n;
1146 }
1147
1148 return assuan_command(pwm, pwm->pctx, result, cmd);
1149 }
1150
1151 static void pinentry_disconnect(pwm_t *pwm)
1152 {
1153 if (pwm->pctx)
1154 assuan_disconnect(pwm->pctx);
1155
1156 pwm->pctx = NULL;
1157 pwm->pid = -1;
1158 }
1159
1160 /*
1161 * Only called from a child process.
1162 */
1163 static void catchsig(int sig)
1164 {
1165 switch (sig) {
1166 case SIGALRM:
1167 if (gelapsed++ >= gtimeout) {
1168 global_error = pwmd_terminate_pinentry(gpwm);
1169
1170 if (!global_error)
1171 global_error = GPG_ERR_TIMEOUT;
1172
1173 break;
1174 }
1175
1176 alarm(1);
1177 break;
1178 default:
1179 break;
1180 }
1181 }
1182
1183 /*
1184 * Borrowed from libassuan.
1185 */
1186 static char *percent_escape(const char *atext)
1187 {
1188 const unsigned char *s;
1189 int len = strlen(atext) * 3 + 1;
1190 char *buf = (char *)xmalloc(len), *p = buf;
1191
1192 if (!buf)
1193 return NULL;
1194
1195 for (s=(const unsigned char *)atext; *s; s++) {
1196 if (*s < ' ') {
1197 sprintf (p, "%%%02X", *s);
1198 p += 3;
1199 }
1200 else
1201 *p++ = *s;
1202 }
1203
1204 *p = 0;
1205 return buf;
1206 }
1207 #endif
1208
1209 static gpg_error_t send_command(pwm_t *pwm, char **result, const char *cmd)
1210 {
1211 if (!cmd)
1212 return GPG_ERR_INV_ARG;
1213
1214 return assuan_command(pwm, pwm->ctx, result, cmd);
1215 }
1216
1217 /*
1218 * Avoid sending the BYE command here. libassuan will close the file
1219 * descriptor and release the assuan context. Use pwmd_close() instead.
1220 */
1221 gpg_error_t pwmd_command(pwm_t *pwm, char **result, const char *cmd, ...)
1222 {
1223 va_list ap;
1224 char *buf;
1225 size_t len;
1226 gpg_error_t error;
1227
1228 if (!pwm || !cmd)
1229 return GPG_ERR_INV_ARG;
1230
1231 *result = NULL;
1232 va_start(ap, cmd);
1233 /*
1234 * C99 allows the dst pointer to be null which will calculate the length
1235 * of the result and return it.
1236 */
1237 len = vsnprintf(NULL, 0, cmd, ap);
1238 buf = (char *)xmalloc(len + 1);
1239 len = vsnprintf(buf, len + 1, cmd, ap);
1240 va_end(ap);
1241 error = send_command(pwm, result, buf);
1242 xfree(buf);
1243 return error;
1244 }
1245
1246 #ifdef WITH_PINENTRY
1247 static gpg_error_t do_getpin(pwm_t *pwm, char **result)
1248 {
1249 if (gtimeout) {
1250 signal(SIGALRM, catchsig);
1251 alarm(1);
1252 }
1253
1254 *result = NULL;
1255 return pinentry_command(pwm, result, "GETPIN");
1256 }
1257
1258 static gpg_error_t getpin(pwm_t *pwm, char **result, int *try_n, int which)
1259 {
1260 int pin_try = *try_n;
1261 gpg_error_t error;
1262
1263 getpin_again:
1264 *try_n = pin_try;
1265
1266 if (pin_try == -1) {
1267 error = set_pinentry_strings(pwm, which);
1268
1269 if (error) {
1270 pinentry_disconnect(pwm);
1271 return error;
1272 }
1273 }
1274 else {
1275 if (pwm->pinentry_tries-1 != pin_try) {
1276 error = set_pinentry_strings(pwm, 1);
1277
1278 if (error) {
1279 pinentry_disconnect(pwm);
1280 return error;
1281 }
1282 }
1283 }
1284
1285 error = do_getpin(pwm, result);
1286
1287 /*
1288 * Since there was input cancel any timeout setting.
1289 */
1290 alarm(0);
1291
1292 if (error) {
1293 if (error == GPG_ERR_CANCELED)
1294 return GPG_ERR_CANCELED;
1295
1296 if (pin_try != -1 && pin_try--)
1297 goto getpin_again;
1298
1299 if (pwm->pctx)
1300 pinentry_disconnect(pwm);
1301
1302 *try_n = pin_try;
1303 return error;
1304 }
1305
1306 return 0;
1307 }
1308 #endif
1309
1310 gpg_error_t pwmd_open_nb_finalize(pwm_t *pwm, pwmd_nb_status_t *pw)
1311 {
1312 gpg_error_t error;
1313
1314 #ifndef WITH_PINENTRY
1315 return GPG_ERR_NOT_IMPLEMENTED;
1316 #endif
1317
1318 if (!pwm || !pw || !pw->filename[0])
1319 return GPG_ERR_INV_ARG;
1320
1321 close(pw->fd);
1322
1323 if (pw->error) {
1324 error = pw->error;
1325 goto fail;
1326 }
1327
1328 if (pwm->filename)
1329 xfree(pwm->filename);
1330
1331 pwm->filename = xstrdup(pw->filename);
1332 memset(pw, 0, sizeof(pwmd_nb_status_t));
1333 return 0;
1334
1335 fail:
1336 memset(pw, 0, sizeof(pwmd_nb_status_t));
1337 return error;
1338 }
1339
1340 static gpg_error_t do_open_command(pwm_t *pwm, const char *filename, char *password)
1341 {
1342 char buf[ASSUAN_LINELENGTH];
1343 gpg_error_t error;
1344 char *result = NULL;
1345
1346 snprintf(buf, sizeof(buf), "OPEN %s %s", filename, password ? password : "");
1347 error = send_command(pwm, &result, buf);
1348 memset(buf, 0, sizeof(buf));
1349
1350 if (error && result)
1351 xfree(result);
1352
1353 return error;
1354 }
1355
1356 static int do_pwmd_open(pwm_t *pwm, gpg_error_t *error, const char *filename,
1357 int nb, int timeout)
1358 {
1359 char *result = NULL;
1360 char *password = NULL;
1361 char path[PATH_MAX];
1362 #ifdef WITH_PINENTRY
1363 int pin_try;
1364 #endif
1365
1366 if (!pwm || !filename || !*filename) {
1367 *error = GPG_ERR_INV_ARG;
1368 return nb ? -1 : 1;
1369 }
1370
1371 #ifdef WITH_PINENTRY
1372 pin_try = pwm->pinentry_tries - 1;
1373 #endif
1374
1375 /*
1376 * Avoid calling pinentry if the password is cached on the server or if
1377 * this is a new file.
1378 */
1379 *error = pwmd_command(pwm, &result, "GETCONFIG data_directory");
1380
1381 if (*error)
1382 return nb ? -1 : 1;
1383
1384 snprintf(path, sizeof(path), "%s/%s", result, filename);
1385 pwmd_free_result(result);
1386
1387 if (access(path, R_OK) == -1) {
1388 if (errno == ENOENT)
1389 goto gotpassword;
1390 }
1391
1392 *error = pwmd_command(pwm, &result, "ISCACHED %s", filename);
1393
1394 if (*error == EPWMD_CACHE_NOT_FOUND) {
1395 if (pwm->passfunc) {
1396 password = pwm->passfunc(pwm, pwm->passdata);
1397 goto gotpassword;
1398 }
1399
1400 #ifdef WITH_PINENTRY
1401 /*
1402 * Get the password from pinentry.
1403 */
1404 if (pwm->use_pinentry) {
1405 /*
1406 * Nonblocking is wanted. fork() then return a file descriptor
1407 * that the client can use to read() from.
1408 */
1409 if (nb) {
1410 int p[2];
1411 pid_t pid;
1412 pwmd_nb_status_t pw;
1413
1414 if (pipe(p) == -1) {
1415 *error = gpg_error_from_syserror();
1416 return -1;
1417 }
1418
1419 #ifdef WITH_LIBPTH
1420 pid = pth_fork();
1421 #else
1422 pid = fork();
1423 #endif
1424
1425 switch (pid) {
1426 case 0:
1427 close(p[0]);
1428 strncpy(pw.filename, filename, sizeof(pw.filename));
1429 pw.filename[sizeof(pw.filename)-1] = 0;
1430 pw.fd = p[0];
1431
1432 if (timeout > 0) {
1433 gpwm = pwm;
1434 gtimeout = timeout;
1435 gelapsed = 0;
1436 }
1437
1438 getpin_nb_again:
1439 *error = getpin(pwm, &password, &pin_try, 0);
1440
1441 if (*error) {
1442 getpin_nb_fail:
1443 if (pwm->pctx)
1444 pinentry_disconnect(pwm);
1445
1446 if (gtimeout && gelapsed >= gtimeout)
1447 *error = GPG_ERR_TIMEOUT;
1448
1449 pw.error = *error;
1450 #ifdef WITH_LIBPTH
1451 pth_write(p[1], &pw, sizeof(pw));
1452 #else
1453 write(p[1], &pw, sizeof(pw));
1454 #endif
1455 close(p[1]);
1456 _exit(1);
1457 }
1458
1459 /*
1460 * Don't count the time it takes to open the file
1461 * which may have many iterations.
1462 */
1463 signal(SIGALRM, SIG_DFL);
1464 *error = do_open_command(pwm, filename, password);
1465
1466 if (timeout)
1467 signal(SIGALRM, catchsig);
1468
1469 if (pwm->pctx && *error == EPWMD_BADKEY) {
1470 if (pin_try-- > 0)
1471 goto getpin_nb_again;
1472
1473 goto getpin_nb_fail;
1474 }
1475
1476 pinentry_disconnect(pwm);
1477 pw.error = 0;
1478 #ifdef WITH_LIBPTH
1479 pth_write(p[1], &pw, sizeof(pw));
1480 #else
1481 write(p[1], &pw, sizeof(pw));
1482 #endif
1483 close(p[1]);
1484 _exit(0);
1485 break;
1486 case -1:
1487 *error = gpg_error_from_syserror();
1488 close(p[0]);
1489 close(p[1]);
1490 return -1;
1491 default:
1492 break;
1493 }
1494
1495 close(p[1]);
1496 return p[0];
1497 }
1498 }
1499 else {
1500 #endif
1501 /*
1502 * Not using pinentry and the file was not found
1503 * in the cache.
1504 */
1505 password = pwm->password;
1506 #ifdef WITH_PINENTRY
1507 }
1508 #endif
1509 }
1510 else if (*error)
1511 return nb ? -1 : 1;
1512
1513 gotpassword:
1514 *error = do_open_command(pwm, filename, password);
1515
1516 /*
1517 * Keep the user defined password set with pwmd_setopt(). The password may
1518 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
1519 */
1520 if (password && password != pwm->password)
1521 xfree(password);
1522
1523 #ifdef WITH_PINENTRY
1524 if (*error == EPWMD_BADKEY) {
1525 if (pin_try-- > 0 && !nb) {
1526 *error = pwmd_command(pwm, &result, "OPTION TITLE=%s",
1527 N_("Invalid password, please try again."));
1528
1529 if (*error)
1530 return 1;
1531
1532 goto gotpassword;
1533 }
1534
1535 if (nb)
1536 pinentry_disconnect(pwm);
1537
1538 return nb ? -1 : 1;
1539 }
1540 #endif
1541
1542 if (!*error) {
1543 if (pwm->filename)
1544 xfree(pwm->filename);
1545
1546 pwm->filename = xstrdup(filename);
1547 }
1548
1549 /*
1550 * The file is cached or the file is a new file.
1551 */
1552 if (nb)
1553 return *error ? -1 : -2;
1554
1555 return *error ? 1 : 0;
1556 }
1557
1558 gpg_error_t pwmd_open(pwm_t *pwm, const char *filename)
1559 {
1560 gpg_error_t error;
1561
1562 do_pwmd_open(pwm, &error, filename, 0, 0);
1563 return error;
1564 }
1565
1566 int pwmd_open_nb(pwm_t *pwm, gpg_error_t *error, const char *filename,
1567 int timeout)
1568 {
1569 #ifndef WITH_PINENTRY
1570 *error = GPG_ERR_NOT_IMPLEMENTED;
1571 return -1;
1572 #else
1573 return do_pwmd_open(pwm, error, filename, 1, timeout);
1574 #endif
1575 }
1576
1577 #ifdef WITH_PINENTRY
1578 static gpg_error_t do_save_getpin(pwm_t *pwm, char **password)
1579 {
1580 int confirm = 0;
1581 gpg_error_t error;
1582 char *result = NULL;
1583 int pin_try = -1;
1584
1585 again:
1586 error = getpin(pwm, &result, &pin_try, confirm ? 2 : 0);
1587
1588 if (error) {
1589 if (pwm->pctx)
1590 pinentry_disconnect(pwm);
1591
1592 if (*password)
1593 xfree(*password);
1594
1595 return error;
1596 }
1597
1598 if (!confirm++) {
1599 *password = result;
1600 goto again;
1601 }
1602
1603 if (strcmp(*password, result)) {
1604 xfree(*password);
1605 xfree(result);
1606 pinentry_disconnect(pwm);
1607 error = EPWMD_BADKEY;
1608 return error;
1609 }
1610
1611 xfree(result);
1612 pinentry_disconnect(pwm);
1613 return 0;
1614 }
1615 #endif
1616
1617 static gpg_error_t do_save_command(pwm_t *pwm, char *password)
1618 {
1619 char buf[ASSUAN_LINELENGTH];
1620 gpg_error_t error;
1621 char *result = NULL;
1622
1623 snprintf(buf, sizeof(buf), "SAVE %s", password ? password : "");
1624 error = send_command(pwm, &result, buf);
1625 memset(&buf, 0, sizeof(buf));
1626
1627 if (error && result)
1628 xfree(result);
1629
1630 return error;
1631 }
1632
1633 gpg_error_t pwmd_save_nb_finalize(pwm_t *pwm, pwmd_nb_status_t *pw)
1634 {
1635 gpg_error_t rc;
1636
1637 #ifndef WITH_PINENTRY
1638 return GPG_ERR_NOT_IMPLEMENTED;
1639 #endif
1640
1641 if (!pwm || !pw || !pw->filename[0])
1642 return GPG_ERR_INV_ARG;
1643
1644 close(pw->fd);
1645 rc = pw->error;
1646 memset(pw, 0, sizeof(pwmd_nb_status_t));
1647 return rc;
1648 }
1649
1650 static int do_pwmd_save(pwm_t *pwm, gpg_error_t *error, int nb)
1651 {
1652 char *result = NULL;
1653 char *password = NULL;
1654
1655 if (!pwm) {
1656 *error = GPG_ERR_INV_ARG;
1657 return nb ? -1 : 1;
1658 }
1659
1660 if (pwm->use_pinentry || pwm->passfunc) {
1661 *error = pwmd_command(pwm, &result, "ISCACHED %s", pwm->filename);
1662
1663 if (*error == EPWMD_CACHE_NOT_FOUND) {
1664 #ifdef WITH_PINENTRY
1665 if (pwm->use_pinentry) {
1666 if (nb) {
1667 int p[2];
1668 pid_t pid;
1669 pwmd_nb_status_t pw;
1670
1671 if (pipe(p) == -1) {
1672 *error = gpg_error_from_syserror();
1673 return -1;
1674 }
1675
1676 #ifdef WITH_LIBPTH
1677 pid = pth_fork();
1678 #else
1679 pid = fork();
1680 #endif
1681
1682 switch (pid) {
1683 case 0:
1684 close(p[0]);
1685 strncpy(pw.filename, pwm->filename, sizeof(pw.filename));
1686 pw.filename[sizeof(pw.filename)-1] = 0;
1687 pw.fd = p[0];
1688
1689 do {
1690 password = NULL;
1691 *error = do_save_getpin(pwm, &password);
1692 } while (*error == EPWMD_BADKEY);
1693
1694 if (*error) {
1695 if (pwm->pctx)
1696 pinentry_disconnect(pwm);
1697
1698 pw.error = *error;
1699 #ifdef WITH_LIBPTH
1700 pth_write(p[1], &pw, sizeof(pw));
1701 #else
1702 write(p[1], &pw, sizeof(pw));
1703 #endif
1704 close(p[1]);
1705 _exit(1);
1706 }
1707
1708 *error = do_save_command(pwm, password);
1709 pinentry_disconnect(pwm);
1710 pw.error = *error;
1711 #ifdef WITH_LIBPTH
1712 pth_write(p[1], &pw, sizeof(pw));
1713 #else
1714 write(p[1], &pw, sizeof(pw));
1715 #endif
1716 close(p[1]);
1717 _exit(0);
1718 break;
1719 case -1:
1720 *error = gpg_error_from_syserror();
1721 close(p[0]);
1722 close(p[1]);
1723 return -1;
1724 default:
1725 break;
1726 }
1727
1728 close(p[1]);
1729 return p[0];
1730 }
1731
1732 *error = do_save_getpin(pwm, &password);
1733
1734 if (*error)
1735 return 1;
1736 }
1737 else {
1738 #endif
1739 if (pwm->passfunc)
1740 password = (*pwm->passfunc)(pwm, pwm->passdata);
1741 #ifdef WITH_PINENTRY
1742 }
1743 #endif
1744 }
1745 else {
1746 if (*error)
1747 return nb ? -1 : 1;
1748 }
1749 }
1750 else
1751 password = pwm->password;
1752
1753 *error = do_save_command(pwm, password);
1754
1755 if (password && password != pwm->password)
1756 xfree(password);
1757
1758 if (nb)
1759 return *error ? -1 : -2;
1760
1761 return *error ? 1 : 0;
1762 }
1763
1764 int pwmd_save_nb(pwm_t *pwm, gpg_error_t *error)
1765 {
1766 #ifndef WITH_PINENTRY
1767 *error = GPG_ERR_NOT_IMPLEMENTED;
1768 return -1;
1769 #else
1770 return do_pwmd_save(pwm, error, 1);
1771 #endif
1772 }
1773
1774 gpg_error_t pwmd_save(pwm_t *pwm)
1775 {
1776 gpg_error_t error;
1777
1778 do_pwmd_save(pwm, &error, 0);
1779 return error;
1780 }
1781
1782 gpg_error_t pwmd_setopt(pwm_t *pwm, pwmd_option_t opt, ...)
1783 {
1784 va_list ap;
1785 #ifdef WITH_PINENTRY
1786 int n = va_arg(ap, int);
1787 char *result;
1788 #endif
1789 char *arg1;
1790 gpg_error_t error = 0;
1791
1792 if (!pwm)
1793 return GPG_ERR_INV_ARG;
1794
1795 va_start(ap, opt);
1796
1797 switch (opt) {
1798 case PWMD_OPTION_STATUS_FUNC:
1799 pwm->status_func = va_arg(ap, pwmd_status_fn);
1800 break;
1801 case PWMD_OPTION_STATUS_DATA:
1802 pwm->status_data = va_arg(ap, void *);
1803 break;
1804 case PWMD_OPTION_PASSWORD_FUNC:
1805 pwm->passfunc = va_arg(ap, pwmd_password_fn);
1806 break;
1807 case PWMD_OPTION_PASSWORD_DATA:
1808 pwm->passdata = va_arg(ap, void *);
1809 break;
1810 case PWMD_OPTION_PASSWORD:
1811 arg1 = va_arg(ap, char *);
1812
1813 if (pwm->password)
1814 xfree(pwm->password);
1815
1816 pwm->password = xstrdup(arg1);
1817 break;
1818 #ifdef WITH_PINENTRY
1819 case PWMD_OPTION_PINENTRY:
1820 n = va_arg(ap, int);
1821
1822 if (n != 0 && n != 1) {
1823 va_end(ap);
1824 error = GPG_ERR_INV_VALUE;
1825 }
1826 else {
1827 pwm->use_pinentry = n;
1828 error = pwmd_command(pwm, &result, "OPTION PINENTRY=%i",
1829 !pwm->use_pinentry);
1830 }
1831 break;
1832 case PWMD_OPTION_PINENTRY_TRIES:
1833 n = va_arg(ap, int);
1834
1835 if (n <= 0) {
1836 va_end(ap);
1837 error = GPG_ERR_INV_VALUE;
1838 }
1839 else
1840 pwm->pinentry_tries = n;
1841 break;
1842 case PWMD_OPTION_PINENTRY_PATH:
1843 if (pwm->pinentry_path)
1844 xfree(pwm->pinentry_path);
1845
1846 pwm->pinentry_path = xstrdup(va_arg(ap, char *));
1847 break;
1848 case PWMD_OPTION_PINENTRY_TTY:
1849 if (pwm->pinentry_tty)
1850 xfree(pwm->pinentry_tty);
1851
1852 pwm->pinentry_tty = xstrdup(va_arg(ap, char *));
1853 break;
1854 case PWMD_OPTION_PINENTRY_DISPLAY:
1855 if (pwm->pinentry_display)
1856 xfree(pwm->pinentry_display);
1857
1858 pwm->pinentry_display = xstrdup(va_arg(ap, char *));
1859 break;
1860 case PWMD_OPTION_PINENTRY_TERM:
1861 if (pwm->pinentry_term)
1862 xfree(pwm->pinentry_term);
1863
1864 pwm->pinentry_term = xstrdup(va_arg(ap, char *));
1865 break;
1866 case PWMD_OPTION_PINENTRY_TITLE:
1867 if (pwm->title)
1868 xfree(pwm->title);
1869 pwm->title = percent_escape(va_arg(ap, char *));
1870 break;
1871 case PWMD_OPTION_PINENTRY_PROMPT:
1872 if (pwm->prompt)
1873 xfree(pwm->prompt);
1874 pwm->prompt = percent_escape(va_arg(ap, char *));
1875 break;
1876 case PWMD_OPTION_PINENTRY_DESC:
1877 if (pwm->desc)
1878 xfree(pwm->desc);
1879 pwm->desc = percent_escape(va_arg(ap, char *));
1880 break;
1881 #else
1882 case PWMD_OPTION_PINENTRY:
1883 case PWMD_OPTION_PINENTRY_TRIES:
1884 case PWMD_OPTION_PINENTRY_PATH:
1885 case PWMD_OPTION_PINENTRY_TTY:
1886 case PWMD_OPTION_PINENTRY_DISPLAY:
1887 case PWMD_OPTION_PINENTRY_TERM:
1888 case PWMD_OPTION_PINENTRY_TITLE:
1889 case PWMD_OPTION_PINENTRY_PROMPT:
1890 case PWMD_OPTION_PINENTRY_DESC:
1891 error = GPG_ERR_NOT_IMPLEMENTED;
1892 break;
1893 #endif
1894 default:
1895 error = GPG_ERR_NOT_IMPLEMENTED;
1896 break;
1897 }
1898
1899 va_end(ap);
1900 return error;
1901 }
1902
1903 gpg_error_t pwmd_assuan_ctx(pwm_t *pwm, assuan_context_t *ctx, int *fd)
1904 {
1905 if (!pwm)
1906 return GPG_ERR_INV_ARG;
1907
1908 *ctx = pwm->ctx;
1909 *fd = pwm->fd;
1910 return 0;
1911 }
An API for pwmd.