Renamed socket:// to local://.

[libpwmd.git] / src / libpwmd.h.in

/* vim:tw=78:ts=8:sw=4:set ft=c:  */
/*
    Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02110-1301  USA
*/
/*! \headerfile libpwmd.h
 *
 * libpwmd is a library making it easy for applications to use the pwmd
 * server. Pwmd version 1.11 or later is required; either locally or remotely. 
 */

/*! \section ssh SSH Details
 *
 * A remote connection to a pwmd server is possible by using an SSH channel
 * which spawns a shell and executes a proxy server that connects to the pwmd
 * local UNIX domain socket. Authentication is done by using SSH public key
 * (see \ref ssh-keygen(1)) authentication and verifying the host key against
 * a local file containing SHA1 hashes of known hosts. It's a lot like how the
 * standard OpenSSH does things only the known_hosts file is in a different
 * format.
 *
 * The server hash can be had by using \ref pwmd_get_hostkey() and storing the
 * result in a file. This file is then used as the \a known_hosts argument to
 * the SSH connection functions.
 *
 * Here's an example \ref authorized_keys(5) entry. The hash portion should be
 * the same as the contents of the generated \ref ssh-keygen(1) \a
 * identity.pub file which is passed as a parameter to the SSH connection
 * functions:
 *
 * \code
 * command="socat gopen:$HOME/.pwmd/socket -" <hash> ...
 * \endcode
 *
 * \note Only an SSH identity without a passphrase is supported. For now
 * anyway. This is a limitation of libssh2 (version 1.1 as of this writing).
 *
 * \x11
 */

/*! \section pinentry Pinentry Details
 *
 * \ref pinentry(1) is a program that prompts the user for input which is
 * normally a passphrase or a confirmation. libpwmd can use this program
 * either locally (X11 forwarding is not yet supported) or have the pwmd
 * server use it's pinentry to retrieve a passphrase when needed. How this is
 * done depends what function gets called and whether the pwmd connection is
 * over an SSH channel.
 *
 * There are a few options that tell pinentry how and where to prompt for a
 * needed passphrase. See the \ref pwmd_option_t section for details. These
 * options are not sent (when using pwmd's pinentry, not the local one) until
 * the pinentry is needed.
 *
 * If using a local pinentry by calling \ref pwmd_open2(), \ref pwmd_save2(),
 * \ref pwmd_open_async2() or pwmd_save_async2(), libpwmd will send the
 * command "OPTION PINENTRY=0" to the pwmd server. This is needed so pwmd wont
 * try to launch it's own pinentry on passphrase or confirmation failure. So
 * you may need to reset this option manually depending on your needs;
 * especially when changing pinentry methods when doing a save (the passphrase
 * may be set as empty since the remote pinentry is disabled!).
 *
 * Some pinentry options can also be specified in a local configuration file
 * \a "~/.pwmd/pinentry.conf". These options are initial values for each
 * pinentry invokation (not retries) and may be changed by setting the
 * appropriate \ref pwmd_option_t. Each option and value is separated with a
 * '=' on a single line. Unrecognized options are ignored. Here are the
 * recognized options:
 *
 * \param PATH The full path to the location of the pinentry binary.
 * \param DISPLAY The X11 display to use.
 * \param TTYNAME The full path to the tty that pinentry should prompt on.
 * \param TTYTYPE The terminal type of the tty which is required if DISPLAY is
 * not set.
 *
 * \filepath
 *
 * \note The initial values for the pinentry TTY, TERM and DISPLAY are set
 * during \ref pwmd_new() depending on the current environment. They may need
 * to be reset as needed.
 *
 * \note After establishing an SSH connection, the pwmd pinentry is disabled
 * by sending the command "OPTION PINENTRY=0". This is needed because there
 * currently isn't a way to have the remote pinentry use the local display.
 * You must be careful to use either a local pinentry or set a passphrase
 * manually with \ref pwmd_setopt() when a passphrase is required or needed.
 *
 * \x11
 *
 * \see \ref ssh
 */

/*! \section Errors
 *
 * libpwmd uses libgpg-error for all error codes.  Some are user defined
 * GPG_ERR_USER_N codes, but most are reused from the existing ones.  Error
 * codes can be described by using \ref pwmd_strerror(), or the thread-safe
 * \ref pwmd_strerror_r().
 *
 * \note Internally, some error codes are a bitmask of an error source. In
 * order to simplify the result codes, libpwmd strips any error source from
 * the error code before returning it.
 */

/*! \section example Example Client
 *
 * The following example will list the element tree of the data file specified
 * in the first command line argument.
 *
 * \code
 * #include <stdio.h>
 * #include <stdlib.h>
 * #include <libpwmd.h>
 *
 * int main(int argc, char **argv)
 * {
 *     pwm_t *pwm = pwmd_new(NULL);
 *     gpg_error_t rc = pwmd_connect(pwm, NULL);
 *     char *result;
 *     
 *     if (!rc) {
 *         rc = pwmd_open(pwm, argv[1]);
 *
 *         if (!rc) {
 *             rc = pwmd_command(pwm, &result, "%s", "LIST");
 *
 *             if (!rc) {
 *                 printf("%s", result);
 *                 pwmd_free(result);
 *             }
 *         }
 *     }
 *
 *     pwmd_close(pwm);
 *     
 *     if (rc)
 *         fprintf(stderr, "ERR: %s\n", pwmd_strerror(rc));
 *
 *     exit(rc ? 1 : 0);
 * }
 * \endcode
 */

/*! \file */
#ifndef LIBPWMD_H
#define LIBPWMD_H

#include <gpg-error.h>
#include <stdarg.h>

#ifdef __cplusplus
extern "C" {
#endif

/*! \def LIBPWMD_VERSION
 *
 * The version of this library.
 */
#define LIBPWMD_VERSION 0x@VER_MAJOR@@VER_COMPAT@@VER_PATCH@


struct pwm_s;
/*! \typedef pwm_t
 *
 * When a handle is mentioned in this documentation it is a pointer of this
 * type. A new handle is created with \ref pwmd_new().
 */
typedef struct pwm_s pwm_t;


/*! \typedef pwmd_async_t
 *
 * The return code of \ref pwmd_process() which is used for all asynchronous
 * commands.
 */
typedef enum {
    /*! \internal */
    ASYNC_INIT,

    /*! \ref pwmd_process() should be called again. */
    ASYNC_PROCESS,

    /*! The command has completed. The result code should be checked for an
     * error. */
    ASYNC_DONE,
} pwmd_async_t;


/*! \typedef pwmd_ip_version_t
 *
 * The value of the option \ref PWMD_OPTION_IP_VERSION which is set with \ref
 * pwmd_setopt().
 */
typedef enum {
    /*! Try both IPv6 and IPv4 addresses. Note that IPv6 is tried first. */
    PWMD_IP_ANY,

    /*! Only try IPv4. */
    PWMD_IPV4,

    /*! Only try IPv6. */
    PWMD_IPV6
} pwmd_ip_version_t;


/*! \def PWMD_FD_READABLE
 * \hideinitializer
 *
 * Set when the file descriptor is readable.
 */
#define PWMD_FD_READABLE        0x01


/*! \def PWMD_FD_WRITABLE
 * \hideinitializer
 *
 * Set when the file descriptor is writable.
 */
#define PWMD_FD_WRITABLE        0x02


/*!
 * For use with \ref pwmd_get_fds().
 */
typedef struct {
    /*! The file descriptor. */
    int fd;

    /*! A bitmask of \ref PWMD_FD_READABLE and \ref PWMD_FD_WRITABLE. */
    unsigned flags;
} pwmd_fd_t;


/*! \typedef pwmd_socket_t
 *
 * For use with \ref pwmd_socket_type().
 */
typedef enum {
    /*! A local domain socket. */
    PWMD_SOCKET_LOCAL,

    /*! An SSH connection over a TCP socket. */
    PWMD_SOCKET_SSH
} pwmd_socket_t;


/*! \typedef pwmd_pinentry_t
 *
 * For use with \ref pwmd_getpin().
 */
typedef enum {
    /*! When opening a file. */
    PWMD_PINENTRY_OPEN,

    /*! When opening a file failed. */
    PWMD_PINENTRY_OPEN_FAILED,

    /*! When saving a file. */
    PWMD_PINENTRY_SAVE,

    /*! For passphrase confirmation. */
    PWMD_PINENTRY_SAVE_CONFIRM,

    /*! For the default or user defined string set with \ref
     * PWMD_OPTION_PINENTRY_DESC. */
    PWMD_PINENTRY_DEFAULT,

    /*! To terminate the pinentry process created with \ref pwmd_getpin(). */
    PWMD_PINENTRY_CLOSE
} pwmd_pinentry_t;


/*! \typedef pwmd_passphrase_cb_t
 *
 * The value of the option \ref PWMD_OPTION_PASSPHRASE_CB which is set with
 * \ref pwmd_setopt().
 *
 * \param user A user data pointer which is set with \ref
 * PWMD_OPTION_PASSPHRASE_DATA.
 * \param[out] passphrase The passphrase which may be an empty string or NULL.
 * It is not modified by libpwmd but must remain allocated for as long as it
 * is needed.
 * \return 0 on success or an error code which will cause a command to fail.
 */
typedef gpg_error_t (*pwmd_passphrase_cb_t)(void *user, char **passphrase);


/*! \typedef pwmd_status_cb_t
 *
 * The value of the option \ref PWMD_OPTION_STATUS_CB which is set with \ref
 * pwmd_setopt().
 *
 * \param user A user data pointer which is set with \ref
 * PWMD_OPTION_STATUS_DATA.
 * \param line The status message line received from the server.
 * \return 0 on success or an error code which will cause a command to fail.
 */
typedef int (*pwmd_status_cb_t)(void *user, const char *line);


/*! \typedef pwmd_inquire_cb_t
 *
 * This is a callback function that gets passed to \ref pwmd_inquire(). It is
 * used for sending data to the server for commands that need to reply to an
 * INQUIRE server response (STORE and IMPORT). The reason for this callback is
 * to let the client send as many bytes as it wants rather than the entire
 * chunk at once.  It gets called during an internal \ref assuan_transact()
 * from an internal inquire callback function which in turn calls this
 * function by looping over its return value.
 *
 * \param user The user data pointer passed to \ref pwmd_inquire().
 * \param cmd The same as the \a cmd argument to \ref pwmd_inquire().
 * \param rc The result of the last internal call to \ref assuan_send_data()
 * which did the sending of the data to the pwmd server. On the first call to
 * this callback it's value will always be 0 since no data has been sent yet.
 * \param[out] data The next chunk of data to send or NULL.
 * \param[out] len The length of \a data or 0.
 *
 * \retval 0 There is more data to be sent.
 * \retval GPG_ERR_EOF No need to call this function again, the current
 * \a line is the last to send.
 * \retval code Any other error code which will terminate the INQUIRE.
 *
 * \note The sent data is processed line-per-line. The line is either newline
 * terminated or is buffered until ASSUAN_LINELENGTH bytes have been
 * allocated. Any remaining bytes are sent after the INQUIRE has finished.
 */
typedef gpg_error_t (*pwmd_inquire_cb_t)(void *user, const char *cmd,
        gpg_error_t rc, char **data, size_t *len);


/*! \enum pwmd_option_t
 *
 * libpwmd options which are set with \ref pwmd_setopt().
 *
 * \filepath
 */
typedef enum {
    /*! A custom passphrase retrieval function which, when set, will be used
     * instead of \ref pinentry(1). This function will not be used if opening
     * a file and the passphrase is cached on the server or the file is a new
     * one. The value of this option should be a \ref pwmd_passphrase_cb_t.
     *
     * \note An empty string as the passphrase is allowed.
     */
    PWMD_OPTION_PASSPHRASE_CB,

    /*! User supplied data which is passed to the custom passphrase function.
     * */
    PWMD_OPTION_PASSPHRASE_DATA,

    /*! A string to use as the passphrase when doing an open or save. When not
     * NULL, this option has precedence over \ref PWMD_OPTION_PASSPHRASE_CB.
     *
     * \note An empty string as the passphrase is allowed.
     */
    PWMD_OPTION_PASSPHRASE,

    /*! An integer value that specifies the number of tries before \ref
     * pinentry(1) will give up when opening a file with the wrong supplied
     * passphrase. The default is 3.
     *
     * \note This option has no effect when trying to save a file. The user
     * must either cancel the pinentry causing the save to fail or enter the
     * correct passphrase during passphrase confirmation.
     */
    PWMD_OPTION_PINENTRY_TRIES,

    /*! A character string value which specifies the full path of the \ref
     * pinentry(1) binary. For the local \ref pinentry(1) method, the default
     * is specified at compile time.
     * 
     * \see \ref pinentry
     */
    PWMD_OPTION_PINENTRY_PATH,

    /*! A value which specifies the full path to the TTY that \ref pinentry(1)
     * will use to prompt on. When set and no DISPLAY is available, \ref
     * PWMD_OPTION_PINENTRY_TERM must also be set.
     *
     * \see \ref pinentry
     */
    PWMD_OPTION_PINENTRY_TTY,

    /*! A value which specifies the terminal type (e.g., vt100) that \ref
     * pinentry(1) will use when no X11 display is available.
     *
     * \see \ref pinentry
     */
    PWMD_OPTION_PINENTRY_TERM,

    /*! A value which specifies the X11 display that \ref pinentry(1) will
     * use.
     *
     * \x11
     *
     * \see \ref pinentry
     */
    PWMD_OPTION_PINENTRY_DISPLAY,

    /*! A character string that \ref pinentry(1) will use in it's dialog
     * window.
     */
    PWMD_OPTION_PINENTRY_TITLE,

    /*! \copydoc PWMD_OPTION_PINENTRY_TITLE */
    PWMD_OPTION_PINENTRY_PROMPT,

    /*! \copydoc PWMD_OPTION_PINENTRY_TITLE */
    PWMD_OPTION_PINENTRY_DESC,

    /*! For \ref pinentry(1) localization. */
    PWMD_OPTION_PINENTRY_LC_CTYPE,

    /*! \copydoc PWMD_OPTION_PINENTRY_LC_CTYPE */
    PWMD_OPTION_PINENTRY_LC_MESSAGES,

    /*! An integer value that specifies the number of seconds \ref pinentry(1)
     * will wait for input before timing out and aborting the current command.
     * If 0, then no timeout will be used. The default is 30.
     */
    PWMD_OPTION_PINENTRY_TIMEOUT,

    /*! A function of type \ref pwmd_status_cb_t that will process status
     * messages received from the pwmd server.
     */
    PWMD_OPTION_STATUS_CB,

    /*! A user data pointer which is passed to the status message function. */
    PWMD_OPTION_STATUS_DATA,

    /*! The IP version of type \ref pwmd_ip_version_t that \ref
     * pwmd_ssh_connect() and \ref pwmd_ssh_connect_async() will use when
     * connecting to the remote pwmd server. The default is \ref PWMD_IP_ANY.
     *
     * \pre_conn_req
     */
    PWMD_OPTION_IP_VERSION,
} pwmd_option_t;


/*! \brief Initialize the library.
 *
 * This function must be the first function called in the library before any
 * others. It sets up the memory allocators and internationalization among
 * other things.
 *
 * \return 0 on success or an error code.
 */
gpg_error_t pwmd_init(void);


/*! \brief Creates a new handle.
 *
 * Creates a new handle for use with the other functions.
 *
 * \param name If not NULL, the name of the application. The application name
 * is sent to the pwmd server after successfully connecting.
 *
 * \return a new handle or NULL if there was not enough memory.
 */
pwm_t *pwmd_new(const char *name)
    __attribute__ ((warn_unused_result));


/*! \brief Connect to a local pwmd server.
 *
 * Connects to a local unix domain socket.
 *
 * \param pwm A handle.
 * \param path The socket path to connect to. If NULL, then a default of
 * \a "~/.pwmd/socket" will be used.
 * \return 0 on success or an error code.
 * \filepath
 * \see pwmd_ssh_connect(), pwmd_ssh_connect_async(), pwmd_disconnect()
 */
gpg_error_t pwmd_connect(pwm_t *pwm, const char *path)
    __attribute__ ((warn_unused_result));


/*! \brief Establish a remote connection to a pwmd server.
 *
 * Connects to a pwmd server over an SSH channel.
 *
 * \param pwm A handle.
 * \param host The hostname to connect to.
 * \param port The port or -1 for the default of 22.
 * \param identity The SSH identity file to use for authentication. This
 * should specify the private key. The public key is assumed to be \a
 * identity.pub.
 * \param user The username on the SSH server to login as. If NULL then
 * invoking username will be used.
 * \param known_hosts A file containing the public SSH server key hash in SHA1
 * format which may be obtained with \ref pwmd_get_hostkey().
 * \return 0 on success or an error code.
 * \filepath
 * \see pwmd_ssh_connect_async(), \ref PWMD_OPTION_IP_VERSION,
 * pwmd_disconnect(), \ref ssh
 */
gpg_error_t pwmd_ssh_connect(pwm_t *pwm, const char *host, int port,
        const char *identity, const char *user, const char *known_hosts)
    __attribute__ ((warn_unused_result)); 


/*! \brief Establish a remote connection to a pwmd server (asynchronously).
 *
 * This is a variant of \ref pwmd_ssh_connect() that will not block while doing
 * DNS lookups or while connecting. 
 *
 * \process
 *
 * \param pwm A handle.
 * \param host The hostname to connect to.
 * \param port The port or -1 for the default of 22.
 * \param identity The SSH identity file to use for authentication. This
 * should specify the private key. The public key is assumed to be \a
 * identity.pub.
 * \param user The username on the SSH server to login as. If NULL, the
 * invoking username will be used.
 * \param known_hosts A file containing the public SSH server key hash in SHA1
 * format which may be obtained with \ref pwmd_get_hostkey().
 * \return 0 on success or an error code.
 * \filepath
 * \see pwmd_process(), \ref PWMD_OPTION_IP_VERSION, pwmd_disconnect(),
 * \ref ssh
 */
gpg_error_t pwmd_ssh_connect_async(pwm_t *pwm, const char *host, int port,
        const char *identity, const char *user, const char *known_hosts)
    __attribute__ ((warn_unused_result));


/*! \brief Establish a connection by parsing a URL.
 *
 * This allows for connecting to a pwmd server by parsing the given URL
 * string. Whether the connection is to a remote or local server depends on
 * the contents:
 * \code
 * local://[path/to/local/socket]
 *
 * or
 *
 * ssh[46]://[username@]hostname[:port],identity,known_hosts
 * \endcode
 *
 * The parameters in square brackets are optional and if not specified then
 * defaults will be used. If neither socket specification is matched, the
 * \a url is assumed to be a local://.
 *
 * \param pwm A handle.
 * \param url The string to parse.
 * \filepath
 * \return 0 on success or an error code.
 * \see \ref pwmd_socket_type(), pwmd_disconnect()
 */
gpg_error_t pwmd_connect_url(pwm_t *pwm, const char *url)
    __attribute__ ((warn_unused_result));


/*! \brief Establish a connection by parsing a URL (asynchronously).
 *
 * This allows for connecting to a pwmd server by parsing the given URL
 * string. Whether the connection is to a remote or local server depends on
 * the contents:
 * \code
 * local://[path/to/local/socket]
 *
 * or
 *
 * ssh[46]://[username@]hostname[:port],identity,known_hosts
 * \endcode
 *
 * The parameters in square brackets are optional and if not specified then
 * defaults will be used. If neither socket specification is matched, the
 * \a url is assumed to be a local://.
 *
 * \process
 *
 * \param pwm A handle.
 * \param url The string to parse.
 * \filepath
 * \return 0 on success or an error code.
 * \see \ref pwmd_socket_type(), pwmd_disconnect()
 */
gpg_error_t pwmd_connect_url_async(pwm_t *pwm, const char *url)
    __attribute__ ((warn_unused_result));


/*! \brief Retrieve a remote SSH host key.
 *
 * This key is needed for host verification of the remote pwmd server. You
 * should be sure that the remote host is really the host that your wanting to
 * connect to and not subject to a man-in-the-middle attack.
 *
 * \param pwm A handle.
 * \param host The hostname to connect to.
 * \param port The port or -1 for the default of 22.
 * \param[out] result The SHA1 sum of the server host key which must be freed
 * with \ref pwmd_free().
 * \return 0 on success or an error code.
 * \see pwmd_get_hostkey_async(), \ref ssh
 */
gpg_error_t pwmd_get_hostkey(pwm_t *pwm, const char *host, int port,
        char **result)
    __attribute__ ((warn_unused_result));


/*! \brief Retrieve a remote SSH host key (asynchronously).
 *
 * This key is needed for host verification of the remote pwmd server. You
 * should be sure that the remote host is really the host that your wanting to
 * connect to and not subject to a man-in-the-middle attack.
 *
 * \process
 *
 * \param pwm A handle.
 * \param host The hostname to connect to.
 * \param port The port or -1 for the default of 22.
 * \return 0 on success or an error code.
 * \see pwmd_get_hostkey(), \ref pwmd_process(), \ref ssh
 */
gpg_error_t pwmd_get_hostkey_async(pwm_t *pwm, const char *host, int port)
    __attribute__ ((warn_unused_result));


/*! \brief Get the associated file descriptor(s) for a handle.
 *
 * This function lets the application manually poll the available file
 * descriptors for the specified handle. It should be called after each
 * asynchronous function call and after each call to \ref pwmd_process() since
 * the polled file descriptors may have been closed since the previous call.
 *
 * After returning, \a n_fds is set to the number of available file
 * descriptors which are stored in \a fds. The .flags member of \ref pwmd_fd_t
 * specifies what can be monitored and is a bitmask of \ref PWMD_FD_READABLE
 * and \ref PWMD_FD_WRITABLE. When ready, \ref pwmd_process() should be
 * called.
 *
 * \param pwm A handle.
 * \param[out] fds Set to the file descriptor(s) of the associated handle.
 * \param[out] n_fds Initially the size of \a fds then updated to the number
 * of available file descriptors which are stored in \a fds.
 * \retval 0 on success or an error code.
 * \retval GPG_ERR_ERANGE There are more file descriptors than the amount
 * specified in \a n_fds. \a fds and \a n_fds are still usable though.
 * \see pwmd_process()
 */
gpg_error_t pwmd_get_fds(pwm_t *pwm, pwmd_fd_t *fds, int *n_fds)
    __attribute__ ((warn_unused_result));


/*! \brief Check for a unparsed buffered line.
 *
 * A buffered line is a line that was read from the server but has not yet
 * been processed. This function determines if there is such a line.
 *
 * \param pwm A handle.
 * \retval 0 if there is a pending line.
 * \retval GPG_ERR_NO_DATA if there is no pending line.
 * \see pwmd_process()
 */
gpg_error_t pwmd_pending_line(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Set handle options.
 *
 * See \ref pwmd_option_t for option specific details.
 *
 * \param pwm A handle.
 * \param opt The option and following value.
 * \return 0 on success or an error code.
 */
gpg_error_t pwmd_setopt(pwm_t *pwm, pwmd_option_t opt, ...)
    __attribute__ ((warn_unused_result));


/*! \brief Launch a local pinentry.
 *
 * Does not send any command to the server. Maybe useful if a passphrase is
 * needed before opening a file over a remote connection. This passphrase can
 * then be set with \ref pwmd_setopt().
 *
 * \param pwm A handle.
 * \param filename The filename to use in the pinentry dialog strings.
 * \param[out] result The entered value in the pinentry dialog which should be
 * freed with \ref pwmd_free().
 * \param which Determines the default strings shown in the pinentry
 * dialog. \ref pwmd_setopt() may also be used to override the defaults. In
 * this case \ref PWMD_PINENTRY_DEFAULT should be used. \ref
 * PWMD_PINENTRY_CLOSE should be used to terminate the pinentry process when
 * the pinentry is no longer needed.
 *
 * \return 0 on success or an error.
 */
gpg_error_t pwmd_getpin(pwm_t *pwm, const char *filename, char **result,
        pwmd_pinentry_t which)
    __attribute__ ((warn_unused_result));


/*! \brief Open a file on the pwmd server.
 *
 * This will send the OPEN command to the server.
 *
 * \param pwm A handle.
 * \param filename The filename to open. The \a filename is not a full path
 * but the data file only.
 * \return 0 on success or an error code.
 * \see \ref pinentry
 */
gpg_error_t pwmd_open(pwm_t *pwm, const char *filename)
    __attribute__ ((warn_unused_result));

/*! \brief Open a file on the pwmd server using a local pinentry.
 *
 * This will send the OPEN command to the server like \ref pwmd_open() but
 * will use the local pinentry and not pwmd's pinentry.
 *
 * \sigalrm
 *
 * \note This pinentry method is not thread safe. It needs to set a couple of
 * global variables for the pinentry timeout to work properly.
 *
 * \param pwm A handle.
 * \param filename The filename to open. The \a filename is not a full path
 * but the data file only.
 * \return 0 on success or an error code.
 * \retval GPG_ERR_PIN_BLOCKED Another handle is using the local pinentry.
 * \see \ref pinentry
 */
gpg_error_t pwmd_open2(pwm_t *pwm, const char *filename)
    __attribute__ ((warn_unused_result));


/*! \brief Open a file on the pwmd server asynchronously (fork method).
 *
 * This is kind of a hybrid of \ref pwmd_open2() and \ref pwmd_open_async().
 * It will use the local pinentry asynchronously and also do the OPEN command
 * asynchronously.
 *
 * \process
 *
 * \sigalrm
 *
 * \param pwm A handle.
 * \param filename The filename to open. The \a filename is not a full path
 * but the data file only.
 * \return 0 on success or an error code.
 * \see pwmd_process(), \ref pinentry
 */
gpg_error_t pwmd_open_async2(pwm_t *pwm, const char *filename)
    __attribute__ ((warn_unused_result));


/*! \brief Open a file on the pwmd server (asynchronously).
 *
 * This will send the OPEN command to the pwmd server. The difference from
 * \ref pwmd_open() is that it will not block if a pinentry is needed for
 * passphrase input.
 *
 * \process
 *
 * \param pwm A handle.
 * \param filename The filename to open. The \a filename is not a full path
 * but the data file only.
 * \return 0 on success or an error code.
 * \see pwmd_process(), \ref pinentry
 */
gpg_error_t pwmd_open_async(pwm_t *pwm, const char *filename)
    __attribute__ ((warn_unused_result));


/*! \brief Process an asynchronous function.
 *
 * After an asynchronous function has been called and has returned
 * successfully, this function must be called to process the command and
 * retrieve the result and return value.
 *
 * This function may also be called when not in a command to check for pending
 * status messages sent from the server or to process a pending line.
 *
 * \param pwm A handle.
 * \param[out] rc Set to the return code of the original command after
 * ASYNC_DONE has been returned. This value must be checked to determine if
 * the command succeeded.
 * \param[out] result Set to the result of the command when \a rc is 0. Note
 * that not all commands return a result.
 * \retval ASYNC_DONE The command has completed. \a rc should be checked to
 * determine if the command was successful or not.
 * \retval ASYNC_PROCESS The command is still running and this function should
 * be called again.
 * \see pwmd_get_fds(), pwmd_pending_line()
 */
pwmd_async_t pwmd_process(pwm_t *pwm, gpg_error_t *rc, char **result)
    __attribute__ ((warn_unused_result));


/*! \brief Save a file on the pwmd server.
 *
 * This will send the SAVE command.
 *
 * \param pwm A handle.
 * \return 0 on success or an error code.
 * \see \ref pinentry
 */
gpg_error_t pwmd_save(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Save a file on the pwmd server using the local pinentry.
 *
 * This will send the SAVE command like \ref pwmd_save() but will use a local
 * pinentry and not pwmd's pinentry.
 *
 * \param pwm A handle.
 * \return 0 on success or an error code.
 * \see \ref pinentry
 */
gpg_error_t pwmd_save2(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Save a file on the pwmd server asynchronously (fork method).
 *
 * This is kind of a hybrid of \ref pwmd_save2() and \ref pwmd_save_async().
 * It will use the local pinentry asynchronously and also do the SAVE command
 * asynchronously.
 *
 * \process
 *
 * \param pwm A handle.
 * \return 0 on success or an error code.
 * \see pwmd_process(), \ref pinentry
 */
gpg_error_t pwmd_save_async2(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Save changes to a file on the pwmd server (asynchronously).
 *
 * This will send the SAVE command to the pwmd server. The difference from
 * \ref pwmd_save() is that it will not block if a pinentry is needed for
 * passphrase input.
 *
 * \process
 *
 * \param pwm A handle.
 * \return 0 on success or an error code.
 * \see pwmd_process(), \ref pinentry
 */
gpg_error_t pwmd_save_async(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Send a command to the pwmd server.
 *
 * Sends a command to the pwmd server. You should avoid sending the BYE
 * command here because the assuan context will be freed and bad things will
 * happen. Use \ref pwmd_close() instead. For commands that use an INQUIRE to
 * send data to the server (STORE and IMPORT), \ref pwmd_inquire() must be
 * used and not this function.
 *
 * \param pwm A handle.
 * \param[out] result The result of the command when successful which must be
 * freed with \ref pwmd_free().
 * \param cmd The command to send and any following arguments.
 * \return 0 on success or an error code.
 *
 * \note Not all commands return a result.
 */
gpg_error_t pwmd_command(pwm_t *pwm, char **result, const char *cmd, ...)
    __attribute__ ((warn_unused_result));


/*! \brief Send a command to the pwmd server.
 *
 * Like \ref pwmd_command() but uses an argument pointer instead.
 *
 * \param pwm A handle.
 * \param[out] result The result of the command when successful which must be
 * freed with \ref pwmd_free().
 * \param cmd The command to send.
 * \param ap The arguments to \a cmd.
 * \return 0 on success or an error code.
 *
 * \note Not all commands return a result.
 */
gpg_error_t pwmd_command_ap(pwm_t *pwm, char **result, const char *cmd,
        va_list ap)
    __attribute__ ((warn_unused_result));


/*! \brief Send data to a pwmd server.
 *
 * This lets commands that use an INQUIRE (STORE and IMPORT) send the data
 * to the server. Use this function rather than \ref pwmd_command() for these
 * pwmd commands.
 *
 * \param pwm A handle.
 * \param cmd The command (without arguments) to send that uses an INQUIRE.
 * \param func A callback function of type \ref pwmd_inquire_cb_t which sets
 * the data to be sent.
 * \param user A user data pointer passed to the callback function \a func.
 * \return 0 on success or an error code.
 *
 * \see pwmd_inquire_cb_t
 */
gpg_error_t pwmd_inquire(pwm_t *pwm, const char *cmd, pwmd_inquire_cb_t func,
        void *user)
    __attribute__ ((warn_unused_result));


/*! \brief Close a connection to the pwmd server.
 *
 * This will close the connection but keep any previously set options for the
 * specified handle.
 *
 * \param pwm A handle.
 * \return 0 on success or an error code.
 * \see \ref pwmd_close()
 */
gpg_error_t pwmd_disconnect(pwm_t *pwm)
    __attribute__ ((warn_unused_result));


/*! \brief Close a handle.
 *
 * This will close the connection to a pwmd server and free any resources
 * associated with it.
 *
 * \param pwm A handle.
 * \return Nothing.
 * \see \ref pwmd_disconnect(), \ref pwmd_new()
 */
void pwmd_close(pwm_t *pwm);


/*! \brief The type of connection a handle has.
 *
 * Useful when you want to know what kind of connection a handle has.
 *
 * \param pwm A handle.
 * \param[out] type The type of socket.
 * \return 0 on success or an error code.
 * \see pwmd_connect_url()
 */
gpg_error_t pwmd_socket_type(pwm_t *pwm, pwmd_socket_t *type)
    __attribute__ ((warn_unused_result));


/*! \brief Free a previously allocated pointer.
 *
 * Use this function to free resources allocated by the other libpwmd memory
 * functions. Do not use it to free allocations made by other allocators.
 *
 * The difference between the standard free() and this function is that
 * this one will zero out the contents of the pointer before freeing it.
 *
 * \param ptr The pointer to deallocate.
 * \return Nothing.
 * \see pwmd_malloc(), pwmd_calloc(), pwmd_realloc(), pwmd_strdup(),
 * pwmd_process(), pwmd_command()
 */
void pwmd_free(void *ptr);


/*! \brief A wrapper around malloc.
 *
 * Like malloc(), but lets libpwmd keep track of the pointer.
 *
 * \param size The number of bytes to allocate.
 * \return A newly allocated pointer or NULL if there wasn't enough memory.
 * \see malloc(3), pwmd_free()
 */
void *pwmd_malloc(size_t size)
    __attribute__ ((warn_unused_result));


/*! \brief A wrapper around calloc().
 *
 * Like calloc(), but lets libpwmd keep track of the pointer.
 *
 * \param nmemb The number of elements to allocate.
 * \param size The number of bytes to allocate.
 * \return A newly allocated pointer or NULL if there wasn't enough memory.
 * \see calloc(3), pwmd_free()
 */
void *pwmd_calloc(size_t nmemb, size_t size)
    __attribute__ ((warn_unused_result));


/*! \brief A wrapper around realloc().
 *
 * Like realloc(), but lets libpwmd keep track of the pointer.
 *
 * \note This function will try and allocate the entire \a size before freeing
 * the original pointer and returning the new one.
 *
 * \param ptr The pointer to reallocate.
 * \param size The new number of bytes to allocate.
 * \return A newly allocated pointer or NULL if there wasn't enough memory.
 * \see realloc(3), pwmd_free()
 */
void *pwmd_realloc(void *ptr, size_t size)
    __attribute__ ((warn_unused_result));


/*! \brief A wrapper around strdup().
 *
 * Like strdup(), but lets libpwmd keep track of the pointer.
 *
 * \param str The string to duplicate.
 * \return A newly allocated character pointer or NULL if there wasn't
 * enough memory.
 * \see strdup(3), pwmd_free()
 */
char *pwmd_strdup(const char *str)
    __attribute__ ((warn_unused_result));

/*! \brief Duplicate a formatted string.
 *
 * Like \ref sprintf(3) but returns an allocated string.
 *
 * \param fmt The formatted string and any following arguments.
 * \return A newly allocated character pointer or NULL if there wasn't
 * enough memory.
 * \see pwmd_free()
 */
char *pwmd_strdup_printf(const char *fmt, ...)
    __attribute__ ((warn_unused_result));

/*! \def EPWMD_ERROR
 *  \hideinitializer
 *
 * A general pwmd error with no suitable description.
 */
#define EPWMD_ERROR             GPG_ERR_USER_1


/*! \def EPWMD_MAX_SLOTS
 *  \hideinitializer
 *
 * The maximum number of cache slots has been reached. There is no available
 * slot for a new file.
 */
#define EPWMD_MAX_SLOTS         GPG_ERR_USER_2


/*! \def EPWMD_LOOP
 *  \hideinitializer
 *
 * A recursion loop was detected while processing a "target" attribute.
 */
#define EPWMD_LOOP              GPG_ERR_USER_3


/*! \def EPWMD_NO_FILE
 *  \hideinitializer
 *
 * A command required an open file but no file has yet been opened.
 */
#define EPWMD_NO_FILE           GPG_ERR_USER_4


/*! \def EPWMD_LIBXML_ERROR
 *  \hideinitializer
 *
 * An XML parse or other libxml2 error occurred.
 */
#define EPWMD_LIBXML_ERROR      GPG_ERR_USER_5


/*! \def EPWMD_FILE_MODIFIED
 *  \hideinitializer
 *
 * The data file was modified either externally or by another client while
 * trying to process a command.
 */
#define EPWMD_FILE_MODIFIED     GPG_ERR_USER_6


/*! \def EPWMD_MAX
 *  \hideinitializer
 * \if cond1
 * \internal
 * \endif
 */
#define EPWMD_MAX               GPG_ERR_USER_7


/*! \brief Return a description of an error code.
 *
 * \param code The error code to describe.
 * \return A character description of the error code.
 * \see pwmd_strerror_r()
 */
const char *pwmd_strerror(gpg_error_t code)
    __attribute__ ((warn_unused_result));


/*! \brief Return a description of an error code (thread-safe).
 *
 * This is a thread-safe version of \ref pwmd_strerror().
 *
 * \param code The error code to describe.
 * \param[out] buf An allocated buffer to hold the error description.
 * \param size The size of the allocated buffer \a buf.
 *
 * \retval 0 Success.
 * \retval ERANGE \a size was not large enough to hold the entire description
 * and \a buf is set to the truncated error string.
 */
int pwmd_strerror_r(gpg_error_t code, char *buf, size_t size);

#ifdef __cplusplus
}
#endif

#endif