1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
26 #include <sys/socket.h>
35 #include <sys/types.h>
37 #include <sys/select.h>
60 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
);
61 static gpg_error_t
_pwmd_process(pwm_t
*pwm
);
62 static gpg_error_t
set_pinentry_retry(pwm_t
*pwm
);
63 static gpg_error_t
get_custom_passphrase(pwm_t
*pwm
, char **result
);
65 static const char *_pwmd_strerror(gpg_error_t e
)
67 gpg_err_code_t code
= gpg_err_code(e
);
69 if (code
>= GPG_ERR_USER_1
&& code
< gpg_err_code(EPWMD_MAX
)) {
74 return N_("Unknown error");
76 return N_("No cache slots available");
78 return N_("Recursion loop");
80 return N_("No file is open");
82 return N_("General LibXML error");
84 return N_("File modified");
91 const char *pwmd_strerror(gpg_error_t code
)
93 const char *p
= _pwmd_strerror(code
);
95 return p
? p
: gpg_strerror(code
);
98 int pwmd_strerror_r(gpg_error_t code
, char *buf
, size_t size
)
100 const char *p
= _pwmd_strerror(code
);
103 snprintf(buf
, size
, "%s", p
);
105 if (strlen(p
) > size
)
111 return gpg_strerror_r(code
, buf
, size
);
114 gpg_error_t
pwmd_init()
116 static int initialized
;
125 bindtextdomain("libpwmd", LOCALEDIR
);
128 assuan_set_malloc_hooks(pwmd_malloc
, pwmd_realloc
, pwmd_free
);
129 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
134 gpg_error_t
_connect_finalize(pwm_t
*pwm
)
137 int n
= assuan_get_active_fds(pwm
->ctx
, 0, active
, N_ARRAY(active
));
142 return GPG_ERR_EBADFD
;
148 assuan_set_pointer(pwm
->ctx
, pwm
);
151 // Until X11 forwarding is supported, disable the remote pwmd pinentry.
153 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
161 rc
= pwmd_command(pwm
, NULL
, "OPTION CLIENT NAME=%s", pwm
->name
);
167 rc
= pwmd_command(pwm
, &result
, "VERSION");
169 if (rc
&& rc
!= GPG_ERR_ASS_UNKNOWN_CMD
)
173 pwm
->version
= PWMD_V1
;
175 pwm
->version
= PWMD_V2
;
181 static gpg_error_t
_pwmd_connect_url(pwm_t
*pwm
, const char *url
, int async
)
183 char *p
= (char *)url
;
187 return GPG_ERR_INV_ARG
;
189 if (!p
|| !strncmp(p
, "socket://", 9)) {
195 else if (!strncmp(p
, "ssh://", 6) || !strncmp(p
, "ssh6://", 7) ||
196 !strncmp(p
, "ssh4://", 7)) {
198 return GPG_ERR_NOT_IMPLEMENTED
;
202 char *identity
= NULL
;
203 char *known_hosts
= NULL
;
204 char *username
= NULL
;
206 if (!strncmp(p
, "ssh6://", 7)) {
207 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV6
);
210 else if (!strncmp(p
, "ssh4://", 7)) {
211 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV4
);
215 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IP_ANY
);
222 rc
= _parse_ssh_url(p
, &host
, &port
, &username
, &identity
,
229 rc
= pwmd_ssh_connect_async(pwm
, host
, port
, identity
, username
,
232 rc
= pwmd_ssh_connect(pwm
, host
, port
, identity
, username
,
246 pwmd_free(known_hosts
);
253 rc
= pwmd_connect(pwm
, p
);
254 pwm
->state
= ASYNC_DONE
;
258 gpg_error_t
pwmd_connect_url(pwm_t
*pwm
, const char *url
)
260 return _pwmd_connect_url(pwm
, url
, 0);
263 gpg_error_t
pwmd_connect_url_async(pwm_t
*pwm
, const char *url
)
265 return _pwmd_connect_url(pwm
, url
, 1);
268 gpg_error_t
pwmd_connect(pwm_t
*pwm
, const char *path
)
270 char *socketpath
= NULL
;
271 assuan_context_t ctx
;
277 return GPG_ERR_INV_ARG
;
279 pwbuf
= _getpwuid(&pw
);
282 return gpg_error_from_errno(errno
);
285 socketpath
= pwmd_strdup_printf("%s/.pwmd/socket", pw
.pw_dir
);
287 socketpath
= _expand_homedir((char *)path
, &pw
);
292 return gpg_error_from_errno(ENOMEM
);
294 rc
= assuan_socket_connect_ext(&ctx
, socketpath
, -1, 0);
295 pwmd_free(socketpath
);
298 return gpg_err_code(rc
);
301 return _connect_finalize(pwm
);
304 static void disconnect(pwm_t
*pwm
)
306 if (!pwm
|| !pwm
->ctx
)
309 assuan_disconnect(pwm
->ctx
);
314 void pwmd_close(pwm_t
*pwm
)
322 pwmd_free(pwm
->password
);
325 pwmd_free(pwm
->title
);
328 pwmd_free(pwm
->desc
);
331 pwmd_free(pwm
->prompt
);
333 if (pwm
->pinentry_tty
)
334 pwmd_free(pwm
->pinentry_tty
);
336 if (pwm
->pinentry_display
)
337 pwmd_free(pwm
->pinentry_display
);
339 if (pwm
->pinentry_term
)
340 pwmd_free(pwm
->pinentry_term
);
343 pwmd_free(pwm
->lcctype
);
346 pwmd_free(pwm
->lcmessages
);
349 pwmd_free(pwm
->filename
);
352 pwmd_free(pwm
->name
);
356 _free_ssh_conn(pwm
->tcp_conn
);
362 gpg_error_t
pwmd_ssh_connect_async(pwm_t
*pwm
, const char *host
, int port
,
363 const char *identity
, const char *user
, const char *known_hosts
)
366 return GPG_ERR_NOT_IMPLEMENTED
;
368 return _do_pwmd_ssh_connect_async(pwm
, host
, port
, identity
, user
,
369 known_hosts
, ASYNC_CMD_CONNECT
);
373 gpg_error_t
pwmd_ssh_connect(pwm_t
*pwm
, const char *host
, int port
,
374 const char *identity
, const char *user
, const char *known_hosts
)
377 return GPG_ERR_NOT_IMPLEMENTED
;
379 return _do_pwmd_ssh_connect(pwm
, host
, port
, identity
, user
, known_hosts
, 0);
383 gpg_error_t
pwmd_get_hostkey(pwm_t
*pwm
, const char *host
, int port
,
387 return GPG_ERR_NOT_IMPLEMENTED
;
392 rc
= _do_pwmd_ssh_connect(pwm
, host
, port
, NULL
, NULL
, NULL
, 1);
397 hostkey
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
400 rc
= gpg_error_from_errno(ENOMEM
);
407 gpg_error_t
pwmd_get_hostkey_async(pwm_t
*pwm
, const char *host
, int port
)
410 return GPG_ERR_NOT_IMPLEMENTED
;
412 return _do_pwmd_ssh_connect_async(pwm
, host
, port
, NULL
, NULL
, NULL
,
417 static int inquire_realloc_cb(void *data
, const void *buffer
, size_t len
)
419 membuf_t
*mem
= (membuf_t
*)data
;
425 if ((p
= pwmd_realloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
426 return gpg_error_from_errno(ENOMEM
);
429 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
434 static int inquire_cb(void *data
, const char *keyword
)
436 pwm_t
*pwm
= (pwm_t
*)data
;
438 int flags
= fcntl(pwm
->fd
, F_GETFL
);
440 /* Shouldn't get this far without a callback. */
441 if (!pwm
->inquire_func
)
442 return GPG_ERR_INV_ARG
;
449 rc
= pwm
->inquire_func(pwm
->inquire_data
, keyword
, rc
, &result
, &len
);
450 rc
= gpg_err_code(rc
);
452 if (rc
== GPG_ERR_EOF
|| !rc
) {
453 if (len
<= 0 || !result
) {
458 arc
= assuan_send_data(pwm
->ctx
, result
, len
);
459 arc
= gpg_err_code(arc
);
461 if (rc
== GPG_ERR_EOF
) {
472 /* Set to non-blocking so _pwmd_process() can return. */
473 fcntl(pwm
->fd
, F_SETFL
, O_NONBLOCK
);
474 rc
= _pwmd_process(pwm
);
475 fcntl(pwm
->fd
, F_SETFL
, flags
);
479 fcntl(pwm
->fd
, F_SETFL
, flags
);
480 return gpg_err_code(rc
);
483 static gpg_error_t
do_nb_command(pwm_t
*pwm
, const char *cmd
, ...)
490 if (pwm
->state
== ASYNC_DONE
)
491 pwm
->state
= ASYNC_INIT
;
493 if (pwm
->state
!= ASYNC_INIT
)
494 return GPG_ERR_INV_STATE
;
496 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
499 return gpg_error_from_errno(ENOMEM
);
502 len
= vsnprintf(buf
, ASSUAN_LINELENGTH
+1, cmd
, ap
);
505 if (len
>= ASSUAN_LINELENGTH
+1) {
507 return GPG_ERR_LINE_TOO_LONG
;
510 rc
= assuan_write_line(pwm
->ctx
, buf
);
514 pwm
->state
= ASYNC_PROCESS
;
516 return gpg_err_code(rc
);
519 gpg_error_t
pwmd_open_async(pwm_t
*pwm
, const char *filename
)
522 const char *f
= NULL
;
525 if (!pwm
|| !filename
)
526 return GPG_ERR_INV_ARG
;
529 return GPG_ERR_INV_STATE
;
531 if (pwm
->cmd
!= ASYNC_CMD_NONE
)
532 return GPG_ERR_ASS_NESTED_COMMANDS
;
534 if (pwm
->lastcmd
== ASYNC_CMD_NONE
) {
538 pwmd_free(pwm
->filename
);
540 pwm
->filename
= pwmd_strdup(filename
);
543 return gpg_error_from_errno(ENOMEM
);
545 gpg_error_t rc
= send_pinentry_options(pwm
);
550 rc
= get_custom_passphrase(pwm
, &p
);
552 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
558 else if (pwm
->lastcmd
== ASYNC_CMD_OPEN2
) {
563 else if (pwm
->lastcmd
== ASYNC_CMD_OPEN
) {
564 rc
= set_pinentry_retry(pwm
);
573 return GPG_ERR_INV_STATE
;
575 pwm
->cmd
= ASYNC_CMD_OPEN
;
576 return do_nb_command(pwm
, "OPEN %s %s", f
, p
? p
: "");
579 gpg_error_t
pwmd_save_async(pwm_t
*pwm
)
584 return GPG_ERR_INV_ARG
;
587 return GPG_ERR_INV_STATE
;
589 if (pwm
->cmd
!= ASYNC_CMD_NONE
)
590 return GPG_ERR_ASS_NESTED_COMMANDS
;
592 if (pwm
->lastcmd
!= ASYNC_CMD_SAVE2
) {
593 gpg_error_t rc
= send_pinentry_options(pwm
);
598 rc
= get_custom_passphrase(pwm
, &p
);
600 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
608 pwm
->cmd
= ASYNC_CMD_SAVE
;
609 return do_nb_command(pwm
, "SAVE %s", p
? p
: "");
612 static gpg_error_t
parse_assuan_line(pwm_t
*pwm
)
618 rc
= assuan_read_line(pwm
->ctx
, &line
, &len
);
621 if (line
[0] == 'O' && line
[1] == 'K' &&
622 (line
[2] == 0 || line
[2] == ' ')) {
623 pwm
->state
= ASYNC_DONE
;
625 else if (line
[0] == '#') {
627 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' ')) {
628 if (pwm
->status_func
) {
629 rc
= pwm
->status_func(pwm
->status_data
,
630 line
[1] == 0 ? line
+1 : line
+2);
633 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
634 (line
[3] == 0 || line
[3] == ' ')) {
637 pwm
->state
= ASYNC_DONE
;
641 return gpg_err_code(rc
);
644 gpg_error_t
pwmd_pending_line(pwm_t
*pwm
)
647 return GPG_ERR_INV_ARG
;
650 return GPG_ERR_INV_STATE
;
652 return assuan_pending_line(pwm
->ctx
) ? 0 : GPG_ERR_NO_DATA
;
655 static pwmd_async_t
reset_async(pwm_t
*pwm
, int done
)
657 pwm
->state
= ASYNC_INIT
;
658 pwm
->cmd
= pwm
->lastcmd
= ASYNC_CMD_NONE
;
661 if (pwm
->nb_fd
!= -1) {
666 if (pwm
->_password
) {
667 pwmd_free(pwm
->_password
);
668 pwm
->_password
= NULL
;
672 if (done
&& pwm
->tcp_conn
) {
673 _free_ssh_conn(pwm
->tcp_conn
);
674 pwm
->tcp_conn
= NULL
;
682 * Used for processing status messages when not in an async command and for
683 * waiting for the result from pwmd_open_async() and pwmd_save_async().
685 static gpg_error_t
_pwmd_process(pwm_t
*pwm
)
689 struct timeval tv
= {0, 0};
693 FD_SET(pwm
->fd
, &fds
);
695 n
= pth_select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
697 n
= select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
701 return gpg_error_from_syserror();
704 if (FD_ISSET(pwm
->fd
, &fds
))
705 rc
= parse_assuan_line(pwm
);
708 while (!rc
&& assuan_pending_line(pwm
->ctx
))
709 rc
= parse_assuan_line(pwm
);
711 return gpg_err_code(rc
);
714 static void reset_handle(pwm_t
*h
)
719 _pinentry_disconnect(h
);
727 gpg_error_t
pwmd_disconnect(pwm_t
*pwm
)
730 return GPG_ERR_INV_ARG
;
733 if (pwm
->fd
== -1 && pwm
->tcp_conn
&& pwm
->tcp_conn
->fd
== -1)
737 return GPG_ERR_INV_STATE
;
743 _ssh_disconnect(pwm
);
750 pwmd_async_t
pwmd_process(pwm_t
*pwm
, gpg_error_t
*rc
, char **result
)
752 #if defined(WITH_PINENTRY) || defined(WITH_TCP)
755 struct timeval tv
= {0, 0};
762 return GPG_ERR_INV_ARG
;
767 *rc
= GPG_ERR_INV_ARG
;
770 else if (!pwm
->ctx
) {
773 *rc
= GPG_ERR_INV_STATE
;
777 case ASYNC_CMD_CONNECT
:
778 case ASYNC_CMD_HOSTKEY
:
784 /* When not in a command, this will let libassuan process status messages
785 * by calling PWMD_OPTION_STATUS_FUNC. The client can poll the file
786 * descriptor returned by pwmd_get_fd() to determine when this should be
787 * called or call pwmd_pending_line() to determine whether a buffered line
788 * needs to be processed. */
789 if (pwm
->cmd
== ASYNC_CMD_NONE
) {
790 *rc
= _pwmd_process(pwm
);
794 /* Fixes pwmd_open/save_async2() when there is a cached or new file. */
795 if (pwm
->state
== ASYNC_DONE
) {
796 *rc
= _pwmd_process(pwm
);
797 return reset_async(pwm
, 0);
800 if (pwm
->state
!= ASYNC_PROCESS
) {
801 *rc
= GPG_ERR_INV_STATE
;
806 if (pwm
->cmd
== ASYNC_CMD_DNS
) {
809 if (pwm
->tcp_conn
->rc
) {
810 *rc
= pwm
->tcp_conn
->rc
;
811 return reset_async(pwm
, 1);
816 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
818 /* Shouldn't happen. */
823 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
825 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
829 *rc
= gpg_error_from_syserror();
830 return reset_async(pwm
, 1);
834 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
838 else if (pwm
->cmd
== ASYNC_CMD_CONNECT
) {
839 if (pwm
->tcp_conn
->rc
== GPG_ERR_EINPROGRESS
) {
841 socklen_t len
= sizeof(int);
844 FD_SET(pwm
->tcp_conn
->fd
, &fds
);
846 n
= pth_select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
848 n
= select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
851 if (!n
|| !FD_ISSET(pwm
->tcp_conn
->fd
, &fds
))
854 *rc
= gpg_error_from_syserror();
855 return reset_async(pwm
, 1);
858 ret
= getsockopt(pwm
->tcp_conn
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
861 *rc
= ret
? gpg_error_from_syserror() : gpg_error_from_errno(n
);
862 return reset_async(pwm
, 1);
865 else if (pwm
->tcp_conn
->rc
) {
866 *rc
= pwm
->tcp_conn
->rc
;
867 return reset_async(pwm
, 1);
870 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, 0);
871 *rc
= _setup_ssh_session(pwm
);
874 switch (pwm
->tcp_conn
->cmd
) {
875 case ASYNC_CMD_HOSTKEY
:
876 *result
= pwm
->result
;
883 return reset_async(pwm
, *rc
? 1 : 0);
888 if (pwm
->cmd
== ASYNC_CMD_OPEN2
|| pwm
->cmd
== ASYNC_CMD_SAVE2
) {
891 if (pwm
->nb_fd
== -1) {
892 *rc
= GPG_ERR_INV_STATE
;
893 return reset_async(pwm
, 0);
897 FD_SET(pwm
->nb_fd
, &fds
);
898 FD_SET(pwm
->fd
, &fds
);
900 n
= pth_select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
902 n
= select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
905 *rc
= gpg_error_from_syserror();
906 return reset_async(pwm
, 0);
909 if (n
> 0 && FD_ISSET(pwm
->nb_fd
, &fds
)) {
912 size_t len
= pth_read(pwm
->nb_fd
, &nb
, sizeof(nb
));
914 size_t len
= read(pwm
->nb_fd
, &nb
, sizeof(nb
));
916 waitpid(pwm
->nb_pid
, &status
, WNOHANG
);
918 if (len
!= sizeof(nb
)) {
919 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
920 *rc
= gpg_error_from_syserror();
921 return reset_async(pwm
, 0);
927 return reset_async(pwm
, 0);
929 /* Since the non-blocking pinentry returned a success, do a
930 * non-blocking OPEN or SAVE. */
931 pwmd_async_cmd_t c
= pwm
->cmd
;
933 pwm
->_password
= pwmd_strdup(nb
.password
);
934 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
937 if (!pwm
->_password
) {
938 *rc
= gpg_error_from_errno(ENOMEM
);
939 return reset_async(pwm
, 0);
942 if (c
== ASYNC_CMD_SAVE2
)
943 *rc
= pwmd_save_async(pwm
);
945 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
952 return ASYNC_PROCESS
;
955 /* Fall through so status messages can be processed during the
961 *rc
= GPG_ERR_INV_STATE
;
962 return reset_async(pwm
, 0);
965 /* This is for pwmd_open_async() and pwmd_save_async(). For pinentry
967 *rc
= _pwmd_process(pwm
);
969 if (*rc
&& *rc
!= GPG_ERR_INV_PASSPHRASE
)
970 return reset_async(pwm
, 0);
972 if (pwm
->cmd
== ASYNC_CMD_OPEN
&&
973 *rc
== GPG_ERR_INV_PASSPHRASE
&&
975 (!pwm
->tcp_conn
|| (pwm
->tcp_conn
&& pwm
->lastcmd
== ASYNC_CMD_OPEN2
)) &&
977 ++pwm
->pin_try
< pwm
->pinentry_tries
) {
978 if (!get_custom_passphrase(pwm
, NULL
))
982 if (pwm
->_password
) {
984 pwm
->lastcmd
= ASYNC_CMD_OPEN2
;
985 *rc
= pwmd_open_async2(pwm
, pwm
->filename
);
990 pwm
->lastcmd
= ASYNC_CMD_OPEN
;
991 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
998 if (*rc
|| pwm
->state
== ASYNC_DONE
)
999 return reset_async(pwm
, 0);
1004 gpg_error_t
_assuan_command(pwm_t
*pwm
, assuan_context_t ctx
,
1005 char **result
, const char *cmd
)
1011 return GPG_ERR_INV_ARG
;
1013 if (strlen(cmd
) >= ASSUAN_LINELENGTH
+1)
1014 return GPG_ERR_LINE_TOO_LONG
;
1018 rc
= assuan_transact(ctx
, cmd
, inquire_realloc_cb
, &data
,
1020 pwm
->pctx
== ctx
? pwm
->_inquire_func
: inquire_cb
,
1021 pwm
->pctx
== ctx
? pwm
->_inquire_data
: pwm
,
1025 pwm
->status_func
, pwm
->status_data
);
1029 pwmd_free(data
.buf
);
1035 inquire_realloc_cb(&data
, "", 1);
1038 pwmd_free(data
.buf
);
1039 rc
= GPG_ERR_INV_ARG
;
1042 *result
= (char *)data
.buf
;
1046 return gpg_err_code(rc
);
1049 gpg_error_t
pwmd_inquire(pwm_t
*pwm
, const char *cmd
, pwmd_inquire_cb_t fn
,
1052 if (!pwm
|| !cmd
|| !fn
)
1053 return GPG_ERR_INV_ARG
;
1056 return GPG_ERR_INV_STATE
;
1058 pwm
->inquire_func
= fn
;
1059 pwm
->inquire_data
= data
;
1060 return _assuan_command(pwm
, pwm
->ctx
, NULL
, cmd
);
1063 gpg_error_t
pwmd_command_ap(pwm_t
*pwm
, char **result
, const char *cmd
,
1071 return GPG_ERR_INV_ARG
;
1074 return GPG_ERR_INV_STATE
;
1077 * C99 allows the dst pointer to be null which will calculate the length
1078 * of the would-be result and return it.
1081 len
= vsnprintf(NULL
, 0, cmd
, ap
)+1;
1082 buf
= (char *)pwmd_malloc(len
);
1086 return gpg_error_from_errno(ENOMEM
);
1089 len
= vsnprintf(buf
, len
, cmd
, ap2
);
1092 if (buf
[strlen(buf
)-1] == '\n')
1093 buf
[strlen(buf
)-1] = 0;
1095 if (buf
[strlen(buf
)-1] == '\r')
1096 buf
[strlen(buf
)-1] = 0;
1098 gpg_error_t rc
= _assuan_command(pwm
, pwm
->ctx
, result
, buf
);
1103 gpg_error_t
pwmd_command(pwm_t
*pwm
, char **result
, const char *cmd
, ...)
1108 return GPG_ERR_INV_ARG
;
1111 return GPG_ERR_INV_STATE
;
1117 gpg_error_t rc
= pwmd_command_ap(pwm
, result
, cmd
, ap
);
1122 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
)
1126 if (pwm
->pinentry_path
) {
1127 rc
= pwmd_command(pwm
, NULL
, "OPTION PATH=%s", pwm
->pinentry_path
);
1133 if (pwm
->pinentry_tty
) {
1134 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYNAME=%s", pwm
->pinentry_tty
);
1140 if (pwm
->pinentry_term
) {
1141 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYTYPE=%s", pwm
->pinentry_term
);
1147 if (pwm
->pinentry_display
) {
1148 rc
= pwmd_command(pwm
, NULL
, "OPTION DISPLAY=%s",
1149 pwm
->pinentry_display
);
1156 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->title
);
1163 rc
= pwmd_command(pwm
, NULL
, "OPTION DESC=%s", pwm
->desc
);
1170 rc
= pwmd_command(pwm
, NULL
, "OPTION PROMPT=%s", pwm
->prompt
);
1177 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_CTYPE=%s", pwm
->lcctype
);
1183 if (pwm
->lcmessages
) {
1184 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_MESSAGES=%s", pwm
->lcmessages
);
1190 if (pwm
->pinentry_timeout
>= 0 && !pwm
->pin_try
) {
1191 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=%i", pwm
->pinentry_timeout
);
1200 gpg_error_t
pwmd_socket_type(pwm_t
*pwm
, pwmd_socket_t
*result
)
1202 if (!pwm
|| !result
)
1203 return GPG_ERR_INV_ARG
;
1206 if (pwm
->fd
== -1 && pwm
->tcp_conn
&& pwm
->tcp_conn
->fd
== -1)
1210 return GPG_ERR_INV_STATE
;
1213 *result
= pwm
->tcp_conn
? PWMD_SOCKET_SSH
: PWMD_SOCKET_UDS
;
1215 *result
= PWMD_SOCKET_UDS
;
1220 static gpg_error_t
set_pinentry_retry(pwm_t
*pwm
)
1224 if (pwm
->pin_try
== 1) {
1225 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s",
1226 N_("Invalid passphrase, please try again."));
1231 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=0");
1237 static gpg_error_t
get_custom_passphrase(pwm_t
*pwm
, char **result
)
1239 gpg_error_t rc
= GPG_ERR_NO_DATA
;
1244 if (pwm
->password
|| pwm
->passfunc
)
1248 if (pwm
->password
) {
1250 *result
= pwm
->password
;
1252 else if (pwm
->passfunc
)
1253 rc
= pwm
->passfunc(pwm
->passdata
, result
);
1258 static gpg_error_t
do_pwmd_open(pwm_t
*pwm
, const char *filename
, int nb
,
1261 char *result
= NULL
;
1262 char *password
= NULL
;
1266 if (pwm
->lastcmd
!= ASYNC_CMD_OPEN2
)
1269 if (!pwm
|| !filename
|| !*filename
)
1270 return GPG_ERR_INV_ARG
;
1273 return GPG_ERR_INV_STATE
;
1276 * Avoid calling pinentry if the password is cached on the server or if
1277 * this is a new file. pwmd version 2 adds a VERSION command which is
1278 * determined in _connect_finalize(). If the server is version 2,
1279 * ISCACHED will return GPG_ERR_ENOENT if it doesn't exist.
1282 /* Don't try a local filesystem lookup of the data file over a remote
1284 if (!pwm
->tcp_conn
&& pwm
->version
== PWMD_V1
) {
1286 if (pwm
->version
== PWMD_V1
) {
1288 rc
= pwmd_command(pwm
, &result
, "GETCONFIG data_directory");
1293 path
= pwmd_strdup_printf("%s/%s", result
, filename
);
1297 return gpg_error_from_errno(ENOMEM
);
1299 if (access(path
, R_OK
) == -1) {
1300 if (errno
== ENOENT
) {
1309 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", filename
);
1311 /* pwmd >= 2.0 specific. This is a new file which doesn't require a
1313 if (rc
== GPG_ERR_ENOENT
)
1316 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
1319 if (rc
== GPG_ERR_NOT_FOUND
) {
1320 rc
= get_custom_passphrase(pwm
, &password
);
1322 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
1324 else if (rc
== GPG_ERR_NO_DATA
)
1325 rc
= GPG_ERR_NOT_FOUND
;
1330 #ifdef WITH_PINENTRY
1331 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
1332 /* Prevent pwmd from using it's pinentry if the passphrase fails. */
1333 if (!pwm
->pin_try
) {
1334 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
1340 rc
= _pinentry_open(pwm
, filename
, &password
, nb
);
1342 /* pwmd_process() should be called if using a non-blocking local
1344 if (rc
|| (!rc
&& nb
))
1350 reset_async(pwm
, 0);
1353 if (!local_pinentry
&& !pwm
->tcp_conn
&& !pwm
->pin_try
) {
1355 if (!local_pinentry
&& !pwm
->pin_try
) {
1357 rc
= send_pinentry_options(pwm
);
1363 rc
= pwmd_command(pwm
, NULL
, "OPEN %s %s", filename
,
1364 password
? password
: "");
1367 * Keep the user defined password set with pwmd_setopt(). The password may
1368 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
1370 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
1371 pwmd_free(password
);
1373 if (rc
== GPG_ERR_INV_PASSPHRASE
) {
1374 if (++pwm
->pin_try
< pwm
->pinentry_tries
) {
1375 if (!get_custom_passphrase(pwm
, NULL
))
1378 #ifdef WITH_PINENTRY
1380 if (pwm
->tcp_conn
&& !local_pinentry
)
1382 else if (local_pinentry
)
1383 rc
= _getpin(pwm
, &password
, PWMD_PINENTRY_OPEN_FAILED
);
1387 rc
= _getpin(pwm
, &password
, PWMD_PINENTRY_OPEN_FAILED
);
1397 rc
= set_pinentry_retry(pwm
);
1404 #ifdef WITH_PINENTRY
1405 else if (local_pinentry
)
1406 _pinentry_disconnect(pwm
);
1412 #ifdef WITH_PINENTRY
1413 else if (rc
&& local_pinentry
)
1414 _pinentry_disconnect(pwm
);
1419 pwmd_free(pwm
->filename
);
1421 pwm
->filename
= pwmd_strdup(filename
);
1427 gpg_error_t
pwmd_open2(pwm_t
*pwm
, const char *filename
)
1429 #ifndef WITH_PINENTRY
1430 return GPG_ERR_NOT_IMPLEMENTED
;
1432 return do_pwmd_open(pwm
, filename
, 0, 1);
1436 gpg_error_t
pwmd_open(pwm_t
*pwm
, const char *filename
)
1438 return do_pwmd_open(pwm
, filename
, 0, 0);
1441 gpg_error_t
pwmd_open_async2(pwm_t
*pwm
, const char *filename
)
1443 #ifndef WITH_PINENTRY
1444 return GPG_ERR_NOT_IMPLEMENTED
;
1446 if (!pwm
|| !filename
)
1447 return GPG_ERR_INV_ARG
;
1450 return GPG_ERR_INV_STATE
;
1452 if (pwm
->cmd
!= ASYNC_CMD_NONE
)
1453 return GPG_ERR_ASS_NESTED_COMMANDS
;
1455 /* Initialize a new command since this is not a pinentry retry. */
1456 if (pwm
->lastcmd
!= ASYNC_CMD_OPEN2
)
1459 pwm
->cmd
= ASYNC_CMD_OPEN2
;
1460 pwm
->state
= ASYNC_PROCESS
;
1461 gpg_error_t rc
= do_pwmd_open(pwm
, filename
, 1, 1);
1464 reset_async(pwm
, 0);
1470 static gpg_error_t
do_pwmd_save(pwm_t
*pwm
, int nb
, int local_pinentry
)
1472 char *result
= NULL
;
1473 char *password
= NULL
;
1477 return GPG_ERR_INV_ARG
;
1480 return GPG_ERR_INV_STATE
;
1482 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", pwm
->filename
);
1484 if (rc
== GPG_ERR_ENOENT
)
1485 rc
= GPG_ERR_NOT_FOUND
;
1487 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
1490 if (rc
== GPG_ERR_NOT_FOUND
) {
1491 rc
= get_custom_passphrase(pwm
, &password
);
1493 if (rc
&& rc
!= GPG_ERR_NO_DATA
)
1495 else if (rc
== GPG_ERR_NO_DATA
)
1496 rc
= GPG_ERR_NOT_FOUND
;
1501 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
1502 #ifdef WITH_PINENTRY
1503 /* Get the password using the LOCAL pinentry. */
1507 pwmd_nb_status_t pw
;
1510 return gpg_error_from_syserror();
1523 pw
.error
= _do_save_getpin(pwm
, &password
);
1526 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
1528 pwmd_free(password
);
1531 pth_write(p
[1], &pw
, sizeof(pw
));
1533 write(p
[1], &pw
, sizeof(pw
));
1535 memset(&pw
, 0, sizeof(pw
));
1540 rc
= gpg_error_from_syserror();
1554 rc
= _do_save_getpin(pwm
, &password
);
1561 pwm
->state
= ASYNC_DONE
;
1564 reset_async(pwm
, 0);
1567 if (!local_pinentry
&& !pwm
->tcp_conn
) {
1569 if (!local_pinentry
) {
1571 rc
= send_pinentry_options(pwm
);
1577 rc
= pwmd_command(pwm
, NULL
, "SAVE %s", password
? password
: "");
1579 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
1580 pwmd_free(password
);
1585 gpg_error_t
pwmd_save_async2(pwm_t
*pwm
)
1587 #ifndef WITH_PINENTRY
1588 return GPG_ERR_NOT_IMPLEMENTED
;
1591 return GPG_ERR_INV_ARG
;
1594 return GPG_ERR_INV_STATE
;
1596 if (pwm
->cmd
!= ASYNC_CMD_NONE
)
1597 return GPG_ERR_ASS_NESTED_COMMANDS
;
1599 pwm
->cmd
= ASYNC_CMD_SAVE2
;
1600 pwm
->state
= ASYNC_PROCESS
;
1601 gpg_error_t rc
= do_pwmd_save(pwm
, 1, 1);
1604 reset_async(pwm
, 0);
1610 gpg_error_t
pwmd_save2(pwm_t
*pwm
)
1612 #ifndef WITH_PINENTRY
1613 return GPG_ERR_NOT_IMPLEMENTED
;
1615 return do_pwmd_save(pwm
, 0, 1);
1619 gpg_error_t
pwmd_save(pwm_t
*pwm
)
1621 return do_pwmd_save(pwm
, 0, 0);
1624 gpg_error_t
pwmd_setopt(pwm_t
*pwm
, pwmd_option_t opt
, ...)
1627 int n
= va_arg(ap
, int);
1632 return GPG_ERR_INV_ARG
;
1637 case PWMD_OPTION_STATUS_CB
:
1638 pwm
->status_func
= va_arg(ap
, pwmd_status_cb_t
);
1640 case PWMD_OPTION_STATUS_DATA
:
1641 pwm
->status_data
= va_arg(ap
, void *);
1643 case PWMD_OPTION_PASSPHRASE_CB
:
1644 pwm
->passfunc
= va_arg(ap
, pwmd_passphrase_cb_t
);
1646 case PWMD_OPTION_PASSPHRASE_DATA
:
1647 pwm
->passdata
= va_arg(ap
, void *);
1649 case PWMD_OPTION_PASSPHRASE
:
1650 arg1
= va_arg(ap
, char *);
1653 pwmd_free(pwm
->password
);
1655 pwm
->password
= pwmd_strdup(arg1
);
1657 case PWMD_OPTION_PINENTRY_TRIES
:
1658 n
= va_arg(ap
, int);
1662 rc
= GPG_ERR_INV_VALUE
;
1665 pwm
->pinentry_tries
= n
;
1667 case PWMD_OPTION_PINENTRY_TIMEOUT
:
1668 n
= va_arg(ap
, int);
1672 rc
= GPG_ERR_INV_VALUE
;
1675 pwm
->pinentry_timeout
= n
;
1677 case PWMD_OPTION_PINENTRY_PATH
:
1678 if (pwm
->pinentry_path
)
1679 pwmd_free(pwm
->pinentry_path
);
1681 pwm
->pinentry_path
= _expand_homedir(va_arg(ap
, char *), NULL
);
1683 case PWMD_OPTION_PINENTRY_TTY
:
1684 if (pwm
->pinentry_tty
)
1685 pwmd_free(pwm
->pinentry_tty
);
1687 pwm
->pinentry_tty
= pwmd_strdup(va_arg(ap
, char *));
1689 case PWMD_OPTION_PINENTRY_DISPLAY
:
1690 if (pwm
->pinentry_display
)
1691 pwmd_free(pwm
->pinentry_display
);
1693 pwm
->pinentry_display
= pwmd_strdup(va_arg(ap
, char *));
1695 case PWMD_OPTION_PINENTRY_TERM
:
1696 if (pwm
->pinentry_term
)
1697 pwmd_free(pwm
->pinentry_term
);
1699 pwm
->pinentry_term
= pwmd_strdup(va_arg(ap
, char *));
1701 case PWMD_OPTION_PINENTRY_TITLE
:
1703 pwmd_free(pwm
->title
);
1705 pwm
->title
= _percent_escape(va_arg(ap
, char *));
1707 case PWMD_OPTION_PINENTRY_PROMPT
:
1709 pwmd_free(pwm
->prompt
);
1711 pwm
->prompt
= _percent_escape(va_arg(ap
, char *));
1713 case PWMD_OPTION_PINENTRY_DESC
:
1715 pwmd_free(pwm
->desc
);
1717 pwm
->desc
= _percent_escape(va_arg(ap
, char *));
1719 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
1721 pwmd_free(pwm
->lcctype
);
1723 pwm
->lcctype
= pwmd_strdup(va_arg(ap
, char *));
1725 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
1726 if (pwm
->lcmessages
)
1727 pwmd_free(pwm
->lcmessages
);
1729 pwm
->lcmessages
= pwmd_strdup(va_arg(ap
, char *));
1731 case PWMD_OPTION_IP_VERSION
:
1733 n
= va_arg(ap
, int);
1742 rc
= GPG_ERR_INV_VALUE
;
1748 rc
= GPG_ERR_NOT_IMPLEMENTED
;
1752 rc
= GPG_ERR_UNKNOWN_OPTION
;
1760 gpg_error_t
pwmd_get_fds(pwm_t
*pwm
, pwmd_fd_t
*fds
, int *n_fds
)
1765 int afds
[ARES_GETSOCK_MAXNUM
];
1770 if (!pwm
|| !fds
|| !n_fds
|| *n_fds
<= 0)
1771 return GPG_ERR_INV_ARG
;
1775 memset(afds
, 0, sizeof(int)*ARES_GETSOCK_MAXNUM
);
1777 memset(fds
, 0, sizeof(pwmd_fd_t
)*in_total
);
1782 case ASYNC_CMD_NONE
:
1783 case ASYNC_CMD_OPEN
:
1784 case ASYNC_CMD_SAVE
:
1785 #ifdef WITH_PINENTRY
1789 return GPG_ERR_INV_STATE
;
1792 fds
[fd
].fd
= pwm
->fd
;
1793 fds
[fd
++].flags
= PWMD_FD_READABLE
;
1795 #ifdef WITH_PINENTRY
1796 case ASYNC_CMD_OPEN2
:
1797 case ASYNC_CMD_SAVE2
:
1798 /* The command has already completed (cached or new). */
1799 if (pwm
->state
== ASYNC_DONE
)
1802 if (pwm
->nb_fd
== -1)
1803 return GPG_ERR_INV_STATE
;
1806 fds
[fd
].fd
= pwm
->nb_fd
;
1807 fds
[fd
++].flags
= PWMD_FD_READABLE
;
1812 if (!pwm
->tcp_conn
|| !pwm
->tcp_conn
->chan
)
1813 return GPG_ERR_INV_STATE
;
1815 n
= ares_getsock(pwm
->tcp_conn
->chan
, afds
, ARES_GETSOCK_MAXNUM
);
1817 for (i
= 0; i
< ARES_GETSOCK_MAXNUM
; i
++) {
1820 if (fd
> in_total
) {
1822 return GPG_ERR_ERANGE
;
1825 if (ARES_GETSOCK_READABLE(n
, i
)) {
1827 fds
[fd
].flags
|= PWMD_FD_READABLE
;
1830 if (ARES_GETSOCK_WRITABLE(n
, i
)) {
1832 fds
[fd
].flags
|= PWMD_FD_WRITABLE
;
1836 fds
[fd
++].fd
= afds
[i
];
1841 case ASYNC_CMD_CONNECT
:
1842 case ASYNC_CMD_HOSTKEY
:
1843 if (!pwm
->tcp_conn
|| pwm
->tcp_conn
->fd
== -1)
1844 return GPG_ERR_INV_STATE
;
1847 fds
[fd
].fd
= pwm
->tcp_conn
->fd
;
1848 fds
[fd
++].flags
= PWMD_FD_READABLE
;
1853 return GPG_ERR_INV_STATE
;
1856 pwm_t
*pwmd_new(const char *name
)
1858 pwm_t
*h
= pwmd_calloc(1, sizeof(pwm_t
));
1864 h
->name
= pwmd_strdup(name
);
1873 h
->pinentry_timeout
= -30;
1874 h
->pinentry_tries
= 3;
1876 h
->prot
= PWMD_IP_ANY
;
1879 if (ttyname(STDOUT_FILENO
)) {
1882 ttyname_r(STDOUT_FILENO
, buf
, sizeof(buf
));
1883 h
->pinentry_tty
= pwmd_strdup(buf
);
1885 if (!h
->pinentry_tty
)
1889 if (getenv("TERM") && h
->pinentry_tty
) {
1890 h
->pinentry_term
= pwmd_strdup(getenv("TERM"));
1892 if (!h
->pinentry_term
)
1896 if (getenv("DISPLAY")) {
1897 h
->pinentry_display
= pwmd_strdup(getenv("DISPLAY"));
1899 if (!h
->pinentry_display
)
1910 void pwmd_free(void *ptr
)
1915 void *pwmd_malloc(size_t size
)
1917 return _xmalloc(size
);
1920 void *pwmd_calloc(size_t nmemb
, size_t size
)
1922 return _xcalloc(nmemb
, size
);
1925 void *pwmd_realloc(void *ptr
, size_t size
)
1927 return _xrealloc(ptr
, size
);
1930 char *pwmd_strdup(const char *str
)
1932 return _xstrdup(str
);
1935 char *pwmd_strdup_printf(const char *fmt
, ...)
1946 len
= vsnprintf(NULL
, 0, fmt
, ap
);
1948 buf
= pwmd_malloc(++len
);
1951 vsnprintf(buf
, len
, fmt
, ap2
);
1957 gpg_error_t
pwmd_getpin(pwm_t
*pwm
, const char *filename
, char **result
,
1958 pwmd_pinentry_t which
)
1960 #ifndef WITH_PINENTRY
1961 return GPG_ERR_NOT_IMPLEMENTED
;
1963 return _pwmd_getpin(pwm
, filename
, result
, which
);