1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
26 #include <sys/socket.h>
35 #include <sys/types.h>
37 #include <sys/select.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
52 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
54 #include <arpa/nameser.h>
66 #define N_(msgid) dgettext("libpwmd", msgid)
71 static char *_getpwuid(struct passwd
*pwd
)
73 size_t size
= sysconf(_SC_GETPW_R_SIZE_MAX
);
74 struct passwd
*result
;
81 buf
= pwmd_malloc(size
);
86 n
= getpwuid_r(getuid(), pwd
, buf
, size
, &result
);
103 static const char *_pwmd_strerror(gpg_error_t e
)
105 gpg_err_code_t code
= gpg_err_code(e
);
107 if (code
>= GPG_ERR_USER_1
&& code
< gpg_err_code(EPWMD_MAX
)) {
112 return N_("Unknown error");
114 return N_("No cache slots available");
116 return N_("Recursion loop");
118 return N_("No file is open");
120 return N_("General LibXML error");
122 return N_("File modified");
129 const char *pwmd_strerror(gpg_error_t code
)
131 const char *p
= _pwmd_strerror(code
);
133 return p
? p
: gpg_strerror(code
);
136 int pwmd_strerror_r(gpg_error_t code
, char *buf
, size_t size
)
138 const char *p
= _pwmd_strerror(code
);
141 snprintf(buf
, size
, "%s", p
);
143 if (strlen(p
) > size
)
149 return gpg_strerror_r(code
, buf
, size
);
152 gpg_error_t
pwmd_init()
154 static int initialized
;
163 bindtextdomain("libpwmd", LOCALEDIR
);
166 assuan_set_malloc_hooks(pwmd_malloc
, pwmd_realloc
, pwmd_free
);
167 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
172 static gpg_error_t
_socket_connect_finalize(pwm_t
*pwm
)
175 int n
= assuan_get_active_fds(pwm
->ctx
, 0, active
, N_ARRAY(active
));
180 return GPG_ERR_EBADFD
;
186 assuan_set_pointer(pwm
->ctx
, pwm
);
189 // Until X11 forwarding is supported, disable the remote pwmd pinentry.
191 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
199 rc
= pwmd_command(pwm
, NULL
, "OPTION CLIENT NAME=%s", pwm
->name
);
205 rc
= pwmd_command(pwm
, &result
, "VERSION");
207 if (rc
&& rc
!= GPG_ERR_ASS_UNKNOWN_CMD
)
211 pwm
->version
= PWMD_V1
;
213 pwm
->version
= PWMD_V2
;
220 static int read_hook(assuan_context_t ctx
, assuan_fd_t fd
, void *data
,
221 size_t len
, ssize_t
*ret
)
223 pwm_t
*pwm
= assuan_get_pointer(ctx
);
225 if (!pwm
|| !pwm
->tcp_conn
)
227 *ret
= pth_read((int)fd
, data
, len
);
229 *ret
= read((int)fd
, data
, len
);
232 *ret
= libssh2_channel_read(pwm
->tcp_conn
->channel
, data
, len
);
234 return *ret
>= 0 ? 1 : 0;
237 static int write_hook(assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
238 size_t len
, ssize_t
*ret
)
240 pwm_t
*pwm
= assuan_get_pointer(ctx
);
242 if (!pwm
|| !pwm
->tcp_conn
)
244 *ret
= pth_write((int)fd
, data
, len
);
246 *ret
= write((int)fd
, data
, len
);
249 *ret
= libssh2_channel_write(pwm
->tcp_conn
->channel
, data
, len
);
251 return *ret
>= 0 ? 1 : 0;
254 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
);
255 static void free_tcp_conn(pwmd_tcp_conn_t
*conn
)
260 if (conn
->username
) {
261 pwmd_free(conn
->username
);
262 conn
->username
= NULL
;
265 if (conn
->known_hosts
) {
266 pwmd_free(conn
->known_hosts
);
267 conn
->known_hosts
= NULL
;
270 if (conn
->identity
) {
271 pwmd_free(conn
->identity
);
272 conn
->identity
= NULL
;
275 if (conn
->identity_pub
) {
276 pwmd_free(conn
->identity_pub
);
277 conn
->identity_pub
= NULL
;
281 pwmd_free(conn
->host
);
286 pwmd_free(conn
->hostkey
);
287 conn
->hostkey
= NULL
;
291 ares_destroy(conn
->chan
);
296 ares_free_hostent(conn
->he
);
300 if (!conn
->session
&& conn
->fd
>= 0) {
311 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
)
317 libssh2_channel_close(conn
->channel
);
318 libssh2_channel_free(conn
->channel
);
322 libssh2_session_disconnect(conn
->session
, "Bye!");
323 libssh2_session_free(conn
->session
);
326 conn
->session
= NULL
;
327 conn
->channel
= NULL
;
331 static void _ssh_assuan_deinit(assuan_context_t ctx
)
333 pwm_t
*pwm
= assuan_get_pointer(ctx
);
336 pwm
->tcp_conn
->fd
= -1;
337 _ssh_deinit(pwm
->tcp_conn
);
338 pwm
->tcp_conn
= NULL
;
343 * Sets common options from both pwmd_ssh_connect() and
344 * pwmd_ssh_connect_async().
346 static gpg_error_t
init_tcp_conn(pwmd_tcp_conn_t
**dst
, const char *host
,
347 int port
, const char *identity
, const char *user
,
348 const char *known_hosts
, int get
)
350 pwmd_tcp_conn_t
*conn
;
356 return GPG_ERR_INV_ARG
;
359 if (!host
|| !*host
|| !identity
|| !*identity
|| !known_hosts
||
361 return GPG_ERR_INV_ARG
;
364 conn
= pwmd_calloc(1, sizeof(pwmd_tcp_conn_t
));
367 return gpg_error_from_errno(ENOMEM
);
369 conn
->port
= port
== -1 ? 22 : port
;
370 conn
->host
= pwmd_strdup(host
);
373 rc
= gpg_error_from_errno(ENOMEM
);
380 pwbuf
= _getpwuid(&pw
);
383 rc
= gpg_error_from_errno(errno
);
387 conn
->username
= pwmd_strdup(user
? user
: pw
.pw_name
);
389 if (!conn
->username
) {
390 rc
= gpg_error_from_errno(ENOMEM
);
394 conn
->identity
= expand_homedir((char *)identity
, &pw
);
396 if (!conn
->identity
) {
397 rc
= gpg_error_from_errno(ENOMEM
);
401 conn
->identity_pub
= pwmd_malloc(strlen(conn
->identity
)+5);
403 if (!conn
->identity_pub
) {
404 rc
= gpg_error_from_errno(ENOMEM
);
408 sprintf(conn
->identity_pub
, "%s.pub", conn
->identity
);
409 conn
->known_hosts
= expand_homedir((char *)known_hosts
, &pw
);
411 if (!conn
->known_hosts
) {
412 rc
= gpg_error_from_errno(ENOMEM
);
430 static gpg_error_t
do_connect(pwm_t
*pwm
, int prot
, void *addr
)
432 struct sockaddr_in their_addr
;
434 pwm
->tcp_conn
->fd
= socket(prot
, SOCK_STREAM
, 0);
436 if (pwm
->tcp_conn
->fd
== -1)
437 return gpg_error_from_syserror();
439 if (pwm
->tcp_conn
->async
)
440 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, O_NONBLOCK
);
442 pwm
->cmd
= ASYNC_CMD_CONNECT
;
443 their_addr
.sin_family
= prot
;
444 their_addr
.sin_port
= htons(pwm
->tcp_conn
->port
);
445 their_addr
.sin_addr
= *((struct in_addr
*)addr
);
446 memset(their_addr
.sin_zero
, '\0', sizeof their_addr
.sin_zero
);
449 if (pth_connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
450 sizeof(their_addr
)) == -1)
452 if (connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
453 sizeof(their_addr
)) == -1)
455 return gpg_error_from_syserror();
460 static gpg_error_t
ares_error_to_pwmd(int status
)
462 if (status
!= ARES_SUCCESS
)
463 warnx("%s", ares_strerror(status
));
469 return GPG_ERR_UNKNOWN_HOST
;
471 return GPG_ERR_EHOSTDOWN
;
473 return GPG_ERR_TIMEOUT
;
475 return gpg_error_from_errno(ENOMEM
);
476 case ARES_ECONNREFUSED
:
477 return GPG_ERR_ECONNREFUSED
;
480 return GPG_ERR_EHOSTUNREACH
;
486 static void dns_resolve_cb(void *arg
, int status
, int timeouts
,
487 unsigned char *abuf
, int alen
)
493 if (status
== ARES_EDESTRUCTION
)
496 if (status
!= ARES_SUCCESS
) {
497 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
501 /* Check for an IPv6 address first. */
502 if (pwm
->prot
== PWMD_IP_ANY
|| pwm
->prot
== PWMD_IPV6
)
503 rc
= ares_parse_aaaa_reply(abuf
, alen
, &he
, NULL
, NULL
);
505 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
507 if (rc
!= ARES_SUCCESS
) {
508 if (pwm
->prot
!= PWMD_IP_ANY
|| rc
!= ARES_ENODATA
) {
509 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
513 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
515 if (rc
!= ARES_SUCCESS
) {
516 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
521 pwm
->tcp_conn
->he
= he
;
522 pwm
->tcp_conn
->rc
= do_connect(pwm
, he
->h_addrtype
, he
->h_addr
);
525 static gpg_error_t
_do_pwmd_tcp_connect_async(pwm_t
*pwm
, const char *host
,
526 int port
, const char *identity
, const char *user
,
527 const char *known_hosts
, pwmd_async_cmd_t which
)
529 pwmd_tcp_conn_t
*conn
;
533 return GPG_ERR_INV_ARG
;
535 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
,
536 which
== ASYNC_CMD_HOSTKEY
? 1 : 0);
542 pwm
->tcp_conn
= conn
;
543 pwm
->tcp_conn
->cmd
= which
;
545 if (pwm
->tcp_conn
->cmd
== ASYNC_CMD_HOSTKEY
)
546 pwm
->tcp_conn
->get_only
= 1;
548 pwm
->cmd
= ASYNC_CMD_DNS
;
549 pwm
->state
= ASYNC_PROCESS
;
550 ares_init(&pwm
->tcp_conn
->chan
);
551 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
552 dns_resolve_cb
, pwm
);
556 gpg_error_t
pwmd_ssh_connect_async(pwm_t
*pwm
, const char *host
, int port
,
557 const char *identity
, const char *user
, const char *known_hosts
)
559 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, identity
, user
,
560 known_hosts
, ASYNC_CMD_CONNECT
);
563 static void *_ssh_malloc(size_t size
, void **data
)
565 return pwmd_malloc(size
);
568 static void _ssh_free(void *ptr
, void **data
)
573 static void *_ssh_realloc(void *ptr
, size_t size
, void **data
)
575 return pwmd_realloc(ptr
, size
);
578 static char *to_hex(const char *str
, size_t slen
)
581 char *buf
= pwmd_malloc(slen
*2+1);
586 for (i
= 0, buf
[0] = 0; i
< slen
; i
++) {
589 sprintf(tmp
, "%02x", (unsigned char)str
[i
]);
596 static int verify_host_key(pwm_t
*pwm
)
598 FILE *fp
= fopen(pwm
->tcp_conn
->known_hosts
, "r");
604 buf
= pwmd_malloc(LINE_MAX
);
609 while ((p
= fgets(buf
, LINE_MAX
, fp
))) {
610 if (*p
== '#' || isspace(*p
))
613 if (p
[strlen(p
)-1] == '\n')
616 if (!strcmp(buf
, pwm
->tcp_conn
->hostkey
))
633 static gpg_error_t
authenticate_ssh(pwm_t
*pwm
)
635 const char *fp
= libssh2_hostkey_hash(pwm
->tcp_conn
->session
,
636 LIBSSH2_HOSTKEY_HASH_SHA1
);
639 pwm
->tcp_conn
->hostkey
= to_hex(fp
, 20);
641 if (!pwm
->tcp_conn
->hostkey
)
642 return gpg_error_from_errno(ENOMEM
);
644 if (pwm
->tcp_conn
->get_only
)
647 if (!fp
|| verify_host_key(pwm
))
648 return GPG_ERR_BAD_CERT
;
650 userauth
= libssh2_userauth_list(pwm
->tcp_conn
->session
,
651 pwm
->tcp_conn
->username
, strlen(pwm
->tcp_conn
->username
));
653 if (!userauth
|| !strstr(userauth
, "publickey"))
654 return GPG_ERR_BAD_PIN_METHOD
;
656 if (libssh2_userauth_publickey_fromfile(pwm
->tcp_conn
->session
,
657 pwm
->tcp_conn
->username
, pwm
->tcp_conn
->identity_pub
,
658 pwm
->tcp_conn
->identity
, NULL
))
659 return GPG_ERR_BAD_SECKEY
;
664 static gpg_error_t
setup_tcp_session(pwm_t
*pwm
)
666 assuan_context_t ctx
;
667 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
670 pwm
->tcp_conn
->session
= libssh2_session_init_ex(_ssh_malloc
, _ssh_free
,
673 if (!pwm
->tcp_conn
->session
) {
674 rc
= gpg_error_from_errno(ENOMEM
);
678 if (libssh2_session_startup(pwm
->tcp_conn
->session
, pwm
->tcp_conn
->fd
)) {
679 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
683 rc
= authenticate_ssh(pwm
);
688 /* pwmd_get_hostkey(). */
689 if (pwm
->tcp_conn
->get_only
) {
690 pwm
->result
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
693 rc
= gpg_error_from_errno(ENOMEM
);
700 pwm
->tcp_conn
->channel
= libssh2_channel_open_session(pwm
->tcp_conn
->session
);
702 if (!pwm
->tcp_conn
->channel
) {
703 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
707 if (libssh2_channel_shell(pwm
->tcp_conn
->channel
)) {
708 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
712 assuan_set_io_hooks(&io_hooks
);
713 rc
= assuan_socket_connect_fd(&ctx
, pwm
->tcp_conn
->fd
, 0, pwm
);
718 assuan_set_finish_handler(ctx
, _ssh_assuan_deinit
);
720 rc
= _socket_connect_finalize(pwm
);
728 free_tcp_conn(pwm
->tcp_conn
);
729 pwm
->tcp_conn
= NULL
;
733 static gpg_error_t
_do_pwmd_tcp_connect(pwm_t
*pwm
, const char *host
, int port
,
734 const char *identity
, const char *user
, const char *known_hosts
, int get
)
736 pwmd_tcp_conn_t
*conn
;
740 return GPG_ERR_INV_ARG
;
742 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
, get
);
747 pwm
->tcp_conn
= conn
;
748 pwm
->tcp_conn
->get_only
= get
;
749 pwm
->cmd
= ASYNC_CMD_DNS
;
750 ares_init(&pwm
->tcp_conn
->chan
);
751 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
752 dns_resolve_cb
, pwm
);
754 /* dns_resolve_cb() may have already been called. */
755 if (pwm
->tcp_conn
->rc
) {
756 rc
= pwm
->tcp_conn
->rc
;
761 * Fake a blocking DNS lookup. libcares does a better job than
771 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
772 ares_timeout(pwm
->tcp_conn
->chan
, NULL
, &tv
);
774 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
776 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
780 rc
= gpg_error_from_syserror();
784 rc
= GPG_ERR_TIMEOUT
;
788 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
790 if (pwm
->tcp_conn
->rc
)
792 } while (pwm
->cmd
== ASYNC_CMD_DNS
);
794 if (pwm
->tcp_conn
->rc
) {
795 rc
= pwm
->tcp_conn
->rc
;
799 return setup_tcp_session(pwm
);
805 gpg_error_t
pwmd_ssh_connect(pwm_t
*pwm
, const char *host
, int port
,
806 const char *identity
, const char *user
, const char *known_hosts
)
808 return _do_pwmd_tcp_connect(pwm
, host
, port
, identity
, user
, known_hosts
, 0);
811 gpg_error_t
pwmd_get_hostkey(pwm_t
*pwm
, const char *host
, int port
,
817 rc
= _do_pwmd_tcp_connect(pwm
, host
, port
, NULL
, NULL
, NULL
, 1);
822 hostkey
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
825 rc
= gpg_error_from_errno(ENOMEM
);
831 gpg_error_t
pwmd_get_hostkey_async(pwm_t
*pwm
, const char *host
, int port
)
833 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, NULL
, NULL
, NULL
,
838 * ssh://[username@]hostname[:port],identity,known_hosts
840 * Any missing parameters are checked for in init_tcp_conn().
842 static int parse_ssh_url(char *str
, char **host
, int *port
, char **user
,
843 char **identity
, char **known_hosts
)
849 *host
= *user
= *identity
= *known_hosts
= NULL
;
851 p
= strrchr(str
, '@');
854 len
= strlen(str
)-strlen(p
)+1;
855 *user
= pwmd_malloc(len
);
856 snprintf(*user
, len
, "%s", str
);
865 len
= strlen(p
)-strlen(t
)+1;
866 *host
= pwmd_malloc(len
);
867 snprintf(*host
, len
, "%s", p
);
871 while (*t
&& isdigit(*t
))
883 len
= strlen(p
)-strlen(t
)+1;
884 *host
= pwmd_malloc(len
);
885 snprintf(*host
, len
, "%s", p
);
892 len
= strlen(t
)-strlen(t2
)+1;
896 *identity
= pwmd_malloc(len
);
897 snprintf(*identity
, len
, "%s", t
);
903 *known_hosts
= pwmd_malloc(len
);
904 snprintf(*known_hosts
, len
, "%s", t2
);
910 *host
= pwmd_malloc(len
);
911 snprintf(*host
, len
, "%s", p
);
919 static gpg_error_t
_pwmd_connect_url(pwm_t
*pwm
, const char *url
, int async
)
921 char *p
= (char *)url
;
925 return GPG_ERR_INV_ARG
;
927 if (!strncmp(p
, "socket://", 9)) {
929 rc
= pwmd_connect(pwm
, p
);
930 pwm
->state
= ASYNC_DONE
;
933 else if (!strncmp(p
, "ssh://", 6) || !strncmp(p
, "ssh6://", 7) ||
934 !strncmp(p
, "ssh4://", 7)) {
936 return GPG_ERR_NOT_IMPLEMENTED
;
940 char *identity
= NULL
;
941 char *known_hosts
= NULL
;
942 char *username
= NULL
;
944 if (!strncmp(p
, "ssh6://", 7)) {
945 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV6
);
948 else if (!strncmp(p
, "ssh4://", 7)) {
949 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV4
);
953 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IP_ANY
);
960 rc
= parse_ssh_url(p
, &host
, &port
, &username
, &identity
,
967 rc
= pwmd_ssh_connect_async(pwm
, host
, port
, identity
, username
,
970 rc
= pwmd_ssh_connect(pwm
, host
, port
, identity
, username
,
983 pwmd_free(known_hosts
);
989 return GPG_ERR_UNSUPPORTED_PROTOCOL
;
992 gpg_error_t
pwmd_connect_url(pwm_t
*pwm
, const char *url
)
994 return _pwmd_connect_url(pwm
, url
, 0);
997 gpg_error_t
pwmd_connect_url_async(pwm_t
*pwm
, const char *url
)
999 return _pwmd_connect_url(pwm
, url
, 1);
1002 static char *expand_homedir(char *str
, struct passwd
*pw
)
1008 if (*p
!= '~' || *(p
+1) != '/')
1009 return pwmd_strdup(p
);
1014 pwbuf
= _getpwuid(&t
);
1023 result
= pwmd_strdup_printf("%s/%s", pw
->pw_dir
, p
);
1031 gpg_error_t
pwmd_connect(pwm_t
*pwm
, const char *path
)
1033 char *socketpath
= NULL
;
1034 assuan_context_t ctx
;
1040 return GPG_ERR_INV_ARG
;
1042 pwbuf
= _getpwuid(&pw
);
1045 return gpg_error_from_errno(errno
);
1047 if (!path
|| !*path
) {
1048 socketpath
= (char *)pwmd_malloc(strlen(pw
.pw_dir
) + strlen("/.pwmd/socket") + 1);
1049 sprintf(socketpath
, "%s/.pwmd/socket", pw
.pw_dir
);
1052 socketpath
= expand_homedir((char *)path
, &pw
);
1056 return gpg_error_from_errno(ENOMEM
);
1061 rc
= assuan_socket_connect_ext(&ctx
, socketpath
, -1, 0);
1062 pwmd_free(socketpath
);
1068 return _socket_connect_finalize(pwm
);
1071 void pwmd_close(pwm_t
*pwm
)
1077 assuan_disconnect(pwm
->ctx
);
1080 pwmd_free(pwm
->password
);
1083 pwmd_free(pwm
->title
);
1086 pwmd_free(pwm
->desc
);
1089 pwmd_free(pwm
->prompt
);
1091 if (pwm
->pinentry_tty
)
1092 pwmd_free(pwm
->pinentry_tty
);
1094 if (pwm
->pinentry_display
)
1095 pwmd_free(pwm
->pinentry_display
);
1097 if (pwm
->pinentry_term
)
1098 pwmd_free(pwm
->pinentry_term
);
1101 pwmd_free(pwm
->lcctype
);
1103 if (pwm
->lcmessages
)
1104 pwmd_free(pwm
->lcmessages
);
1107 pwmd_free(pwm
->filename
);
1110 pwmd_free(pwm
->name
);
1114 free_tcp_conn(pwm
->tcp_conn
);
1120 static int mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
1122 membuf_t
*mem
= (membuf_t
*)data
;
1128 if ((p
= pwmd_realloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
1132 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
1137 static int _inquire_cb(void *data
, const char *keyword
)
1139 pwm_t
*pwm
= (pwm_t
*)data
;
1141 int flags
= fcntl(pwm
->fd
, F_GETFL
);
1143 /* Shouldn't get this far without a callback. */
1144 if (!pwm
->inquire_func
)
1145 return GPG_ERR_INV_ARG
;
1148 char *result
= NULL
;
1152 rc
= pwm
->inquire_func(pwm
->inquire_data
, keyword
, rc
, &result
, &len
);
1153 rc
= gpg_err_code(rc
);
1155 if (rc
== GPG_ERR_EOF
|| !rc
) {
1156 if (len
<= 0 || !result
) {
1161 arc
= assuan_send_data(pwm
->ctx
, result
, len
);
1163 if (rc
== GPG_ERR_EOF
) {
1174 /* Set to non-blocking so _pwmd_process() can return. */
1175 fcntl(pwm
->fd
, F_SETFL
, O_NONBLOCK
);
1176 rc
= _pwmd_process(pwm
);
1177 fcntl(pwm
->fd
, F_SETFL
, flags
);
1181 fcntl(pwm
->fd
, F_SETFL
, flags
);
1185 static gpg_error_t
do_nb_command(pwm_t
*pwm
, const char *cmd
, ...)
1191 if (pwm
->state
== ASYNC_DONE
)
1192 pwm
->state
= ASYNC_INIT
;
1194 if (pwm
->state
!= ASYNC_INIT
)
1195 return GPG_ERR_INV_STATE
;
1197 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1200 return gpg_error_from_errno(ENOMEM
);
1203 vsnprintf(buf
, ASSUAN_LINELENGTH
, cmd
, ap
);
1205 rc
= assuan_write_line(pwm
->ctx
, buf
);
1209 pwm
->state
= ASYNC_PROCESS
;
1214 gpg_error_t
pwmd_open_async(pwm_t
*pwm
, const char *filename
)
1216 if (!pwm
|| !filename
)
1217 return GPG_ERR_INV_ARG
;
1220 return GPG_ERR_INV_STATE
;
1222 if (pwm
->cmd
!= ASYNC_CMD_OPEN
) {
1228 pwmd_free(pwm
->filename
);
1230 pwm
->filename
= pwmd_strdup(filename
);
1232 rc
= send_pinentry_options(pwm
);
1238 pwm
->cmd
= ASYNC_CMD_OPEN
;
1239 return do_nb_command(pwm
, "OPEN %s %s", filename
,
1240 pwm
->password
? pwm
->password
: "");
1243 gpg_error_t
pwmd_save_async(pwm_t
*pwm
)
1248 return GPG_ERR_INV_ARG
;
1251 return GPG_ERR_INV_STATE
;
1253 rc
= send_pinentry_options(pwm
);
1258 pwm
->cmd
= ASYNC_CMD_SAVE
;
1259 return do_nb_command(pwm
, "SAVE %s", pwm
->password
? pwm
->password
: "");
1262 static gpg_error_t
parse_assuan_line(pwm_t
*pwm
)
1268 rc
= assuan_read_line(pwm
->ctx
, &line
, &len
);
1271 if (line
[0] == 'O' && line
[1] == 'K' &&
1272 (line
[2] == 0 || line
[2] == ' ')) {
1273 pwm
->state
= ASYNC_DONE
;
1275 else if (line
[0] == '#') {
1277 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' ')) {
1278 if (pwm
->status_func
) {
1279 rc
= pwm
->status_func(pwm
->status_data
,
1280 line
[1] == 0 ? line
+1 : line
+2);
1283 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
1284 (line
[3] == 0 || line
[3] == ' ')) {
1287 pwm
->state
= ASYNC_DONE
;
1294 gpg_error_t
pwmd_pending_line(pwm_t
*pwm
)
1297 return GPG_ERR_INV_ARG
;
1300 return GPG_ERR_INV_STATE
;
1302 return assuan_pending_line(pwm
->ctx
) ? 0 : GPG_ERR_NO_DATA
;
1305 static pwmd_async_t
reset_async(pwm_t
*pwm
, int done
)
1307 pwm
->state
= ASYNC_INIT
;
1308 pwm
->cmd
= ASYNC_CMD_NONE
;
1310 #ifdef WITH_PINENTRY
1311 if (pwm
->nb_fd
!= -1) {
1317 if (done
&& pwm
->tcp_conn
) {
1318 free_tcp_conn(pwm
->tcp_conn
);
1319 pwm
->tcp_conn
= NULL
;
1327 * Used for processing status messages when not in an async command and for
1328 * waiting for the result from pwmd_open_async() and pwmd_save_async().
1330 static gpg_error_t
_pwmd_process(pwm_t
*pwm
)
1334 struct timeval tv
= {0, 0};
1338 FD_SET(pwm
->fd
, &fds
);
1340 n
= pth_select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1342 n
= select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1346 return gpg_error_from_syserror();
1349 if (FD_ISSET(pwm
->fd
, &fds
))
1350 rc
= parse_assuan_line(pwm
);
1353 while (!rc
&& assuan_pending_line(pwm
->ctx
))
1354 rc
= parse_assuan_line(pwm
);
1359 pwmd_async_t
pwmd_process(pwm_t
*pwm
, gpg_error_t
*rc
, char **result
)
1363 struct timeval tv
= {0, 0};
1369 return GPG_ERR_INV_ARG
;
1374 *rc
= GPG_ERR_INV_ARG
;
1377 else if (!pwm
->ctx
) {
1380 *rc
= GPG_ERR_INV_STATE
;
1384 case ASYNC_CMD_CONNECT
:
1385 case ASYNC_CMD_HOSTKEY
:
1391 /* When not in a command, this will let libassuan process status messages
1392 * by calling PWMD_OPTION_STATUS_FUNC. The client can poll the file
1393 * descriptor returned by pwmd_get_fd() to determine when this should be
1394 * called or call pwmd_pending_line() to determine whether a buffered line
1395 * needs to be processed. */
1396 if (pwm
->cmd
== ASYNC_CMD_NONE
) {
1397 *rc
= _pwmd_process(pwm
);
1401 /* Fixes pwmd_open/save_async2() when there is a cached or new file. */
1402 if (pwm
->state
== ASYNC_DONE
) {
1403 reset_async(pwm
, 0);
1407 if (pwm
->state
!= ASYNC_PROCESS
) {
1408 *rc
= GPG_ERR_INV_STATE
;
1413 if (pwm
->cmd
== ASYNC_CMD_DNS
) {
1416 if (pwm
->tcp_conn
->rc
) {
1417 *rc
= pwm
->tcp_conn
->rc
;
1418 reset_async(pwm
, 1);
1424 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1426 /* Shouldn't happen. */
1431 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
1433 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
1437 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1441 else if (pwm
->cmd
== ASYNC_CMD_CONNECT
) {
1442 if (pwm
->tcp_conn
->rc
== GPG_ERR_EINPROGRESS
) {
1444 socklen_t len
= sizeof(int);
1447 FD_SET(pwm
->tcp_conn
->fd
, &fds
);
1449 n
= pth_select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1451 n
= select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1454 if (!n
|| !FD_ISSET(pwm
->tcp_conn
->fd
, &fds
))
1457 *rc
= gpg_error_from_syserror();
1458 reset_async(pwm
, 1);
1462 ret
= getsockopt(pwm
->tcp_conn
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
1465 *rc
= ret
? gpg_error_from_syserror() : gpg_error_from_errno(n
);
1466 reset_async(pwm
, 1);
1470 else if (pwm
->tcp_conn
->rc
) {
1471 *rc
= pwm
->tcp_conn
->rc
;
1472 reset_async(pwm
, 1);
1476 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, 0);
1477 *rc
= setup_tcp_session(pwm
);
1480 switch (pwm
->tcp_conn
->cmd
) {
1481 case ASYNC_CMD_HOSTKEY
:
1483 *result
= pwm
->result
;
1490 return reset_async(pwm
, *rc
? 1 : 0);
1494 #ifdef WITH_PINENTRY
1495 if (pwm
->cmd
== ASYNC_CMD_OPEN2
|| pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1498 if (pwm
->nb_fd
== -1) {
1499 *rc
= GPG_ERR_INV_STATE
;
1500 return reset_async(pwm
, 0);
1504 FD_SET(pwm
->nb_fd
, &fds
);
1505 FD_SET(pwm
->fd
, &fds
);
1507 n
= pth_select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1509 n
= select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1512 *rc
= gpg_error_from_syserror();
1513 return reset_async(pwm
, 0);
1516 if (n
> 0 && FD_ISSET(pwm
->nb_fd
, &fds
)) {
1517 pwmd_nb_status_t nb
;
1519 size_t len
= pth_read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1521 size_t len
= read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1523 waitpid(pwm
->nb_pid
, &status
, WNOHANG
);
1525 if (len
!= sizeof(nb
)) {
1526 *rc
= gpg_error_from_syserror();
1527 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1532 if (*rc
== GPG_ERR_INV_PASSPHRASE
&& pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1533 reset_async(pwm
, 0);
1534 *rc
= pwmd_save_async2(pwm
);
1535 return ASYNC_PROCESS
;
1538 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1540 if (pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1541 *rc
= do_save_command(pwm
, nb
.password
);
1542 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1543 return reset_async(pwm
, 0);
1546 if (pwm
->cmd
== ASYNC_CMD_OPEN2
) {
1547 *rc
= do_open_command(pwm
, pwm
->filename
, nb
.password
);
1548 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1550 if (*rc
== GPG_ERR_INV_PASSPHRASE
) {
1551 if (++pwm
->pin_try
< pwm
->pinentry_tries
) {
1552 int n
= pwm
->pin_try
;
1554 reset_async(pwm
, 0);
1556 pwm
->cmd
= ASYNC_CMD_OPEN2
;
1557 *rc
= pwmd_open_async2(pwm
, pwm
->filename
);
1560 return reset_async(pwm
, 1);
1566 return reset_async(pwm
, *rc
? 1 : 0);
1570 /* Fall through so status messages can be processed during the
1576 *rc
= GPG_ERR_INV_STATE
;
1577 return reset_async(pwm
, 0);
1580 /* This is for pwmd_open_async() and pwmd_save_async(). For pinentry
1582 *rc
= _pwmd_process(pwm
);
1584 if (*rc
&& gpg_err_code(*rc
) != GPG_ERR_INV_PASSPHRASE
) {
1585 reset_async(pwm
, 0);
1590 if (!pwm
->tcp_conn
&& pwm
->cmd
== ASYNC_CMD_OPEN
&&
1592 if (pwm
->cmd
== ASYNC_CMD_OPEN
&&
1594 gpg_err_code(*rc
) == GPG_ERR_INV_PASSPHRASE
&&
1595 ++pwm
->pin_try
< pwm
->pinentry_tries
) {
1596 pwm
->state
= ASYNC_INIT
;
1597 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
1601 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN
? 1 : 0);
1603 if (pwm
->state
== ASYNC_DONE
) {
1604 reset_async(pwm
, 0);
1611 static gpg_error_t
assuan_command(pwm_t
*pwm
, assuan_context_t ctx
,
1612 char **result
, const char *cmd
)
1620 rc
= assuan_transact(ctx
, cmd
, mem_realloc_cb
, &data
, _inquire_cb
, pwm
,
1621 pwm
->status_func
, pwm
->status_data
);
1625 pwmd_free(data
.buf
);
1631 mem_realloc_cb(&data
, "", 1);
1634 pwmd_free(data
.buf
);
1635 rc
= GPG_ERR_INV_ARG
;
1638 *result
= (char *)data
.buf
;
1642 return gpg_err_code(rc
);
1645 gpg_error_t
pwmd_inquire(pwm_t
*pwm
, const char *cmd
, pwmd_inquire_cb_t fn
,
1648 if (!pwm
|| !cmd
|| !fn
)
1649 return GPG_ERR_INV_ARG
;
1652 return GPG_ERR_INV_STATE
;
1654 pwm
->inquire_func
= fn
;
1655 pwm
->inquire_data
= data
;
1656 return assuan_command(pwm
, pwm
->ctx
, NULL
, cmd
);
1659 #ifdef WITH_PINENTRY
1660 static gpg_error_t
terminate_pinentry(pwm_t
*pwm
)
1662 pid_t pid
= pwm
->pid
;
1666 if (!pwm
|| pid
== -1)
1667 return GPG_ERR_INV_ARG
;
1669 if (kill(pid
, 0) == 0) {
1670 if (kill(pid
, SIGTERM
) == -1) {
1671 if (kill(pid
, SIGKILL
) == -1)
1672 return gpg_error_from_errno(errno
);
1676 return gpg_error_from_errno(errno
);
1681 static gpg_error_t
set_pinentry_strings(pwm_t
*pwm
, int which
)
1686 tmp
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1689 return gpg_error_from_errno(ENOMEM
);
1692 pwm
->title
= pwmd_strdup_printf(N_("Password Manager Daemon: %s"),
1693 pwm
->name
? pwm
->name
: "libpwmd");
1699 pwm
->prompt
= pwmd_strdup(N_("Passphrase:"));
1704 if (!pwm
->desc
&& (which
== PINENTRY_OPEN
|| which
== PINENTRY_SAVE
)) {
1705 if (which
== PINENTRY_OPEN
)
1706 desc
= pwmd_strdup_printf(N_("A passphrase is required to open the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1708 desc
= pwmd_strdup_printf(N_("A passphrase is required to save to the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1720 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s", desc
);
1722 if (pwm
->desc
!= desc
)
1725 case PINENTRY_OPEN_FAILED
:
1726 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1727 N_("Invalid passphrase, please try again."));
1729 case PINENTRY_SAVE_CONFIRM
:
1730 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1731 N_("Please type the passphrase again for confirmation."));
1735 error
= pinentry_command(pwm
, NULL
, tmp
);
1742 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETPROMPT %s", pwm
->prompt
);
1743 error
= pinentry_command(pwm
, NULL
, tmp
);
1750 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETDESC %s", pwm
->title
);
1751 error
= pinentry_command(pwm
, NULL
, tmp
);
1757 return gpg_error_from_errno(ENOMEM
);
1760 static void update_pinentry_settings(pwm_t
*pwm
)
1766 char *pwbuf
= _getpwuid(&pw
);
1771 snprintf(buf
, sizeof(buf
), "%s/.pwmd/pinentry.conf", pw
.pw_dir
);
1773 if ((fp
= fopen(buf
, "r")) == NULL
) {
1778 while ((p
= fgets(buf
, sizeof(buf
), fp
)) != NULL
) {
1779 char name
[32], val
[256];
1781 if (sscanf(p
, " %31[a-zA-Z] = %255s", name
, val
) != 2)
1784 if (strcasecmp(name
, "TTYNAME") == 0) {
1785 pwmd_free(pwm
->pinentry_tty
);
1786 pwm
->pinentry_tty
= pwmd_strdup(val
);
1788 else if (strcasecmp(name
, "TTYTYPE") == 0) {
1789 pwmd_free(pwm
->pinentry_term
);
1790 pwm
->pinentry_term
= pwmd_strdup(val
);
1792 else if (strcasecmp(name
, "DISPLAY") == 0) {
1793 pwmd_free(pwm
->pinentry_display
);
1794 pwm
->pinentry_display
= pwmd_strdup(val
);
1796 else if (strcasecmp(name
, "PATH") == 0) {
1797 pwmd_free(pwm
->pinentry_path
);
1798 pwm
->pinentry_path
= expand_homedir(val
, &pw
);
1806 static gpg_error_t
launch_pinentry(pwm_t
*pwm
)
1809 assuan_context_t ctx
;
1810 int child_list
[] = {-1};
1811 char *display
= getenv("DISPLAY");
1812 const char *argv
[10];
1813 const char **p
= argv
;
1814 int have_display
= 0;
1816 char *ttybuf
= NULL
;
1818 update_pinentry_settings(pwm
);
1820 if (pwm
->pinentry_display
|| display
)
1823 if (!pwm
->pinentry_tty
) {
1824 ttybuf
= pwmd_malloc(255);
1827 return gpg_error_from_errno(ENOMEM
);
1829 rc
= ttyname_r(STDOUT_FILENO
, ttybuf
, 255);
1833 return gpg_error_from_errno(rc
);
1839 tty
= pwm
->pinentry_tty
;
1842 if (!have_display
&& !tty
)
1843 return GPG_ERR_ENOTTY
;
1846 *p
++ = have_display
? "--display" : "--ttyname";
1847 *p
++ = have_display
? pwm
->pinentry_display
? pwm
->pinentry_display
: display
: tty
;
1850 *p
++ = "--lc-ctype";
1851 *p
++ = pwm
->lcctype
;
1854 if (pwm
->lcmessages
) {
1855 *p
++ = "--lc-messages";
1856 *p
++ = pwm
->lcmessages
;
1861 if (!have_display
) {
1863 *p
++ = pwm
->pinentry_term
? pwm
->pinentry_term
: getenv("TERM");
1867 rc
= assuan_pipe_connect(&ctx
, pwm
->pinentry_path
? pwm
->pinentry_path
: PINENTRY_PATH
, argv
, child_list
);
1875 pwm
->pid
= assuan_get_pid(ctx
);
1877 return set_pinentry_strings(pwm
, 0);
1880 static gpg_error_t
pinentry_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1885 n
= launch_pinentry(pwm
);
1891 return assuan_command(pwm
, pwm
->pctx
, result
, cmd
);
1894 static void pinentry_disconnect(pwm_t
*pwm
)
1897 assuan_disconnect(pwm
->pctx
);
1904 * Only called from a child process.
1906 static void catchsig(int sig
)
1910 if (gelapsed
++ >= gtimeout
) {
1911 terminate_pinentry(gpwm
);
1912 gerror
= GPG_ERR_TIMEOUT
;
1924 * Borrowed from libassuan.
1926 static char *percent_escape(const char *atext
)
1928 const unsigned char *s
;
1929 int len
= strlen(atext
) * 3 + 1;
1930 char *buf
= (char *)pwmd_malloc(len
), *p
= buf
;
1935 for (s
=(const unsigned char *)atext
; *s
; s
++) {
1937 sprintf (p
, "%%%02X", *s
);
1948 static gpg_error_t
send_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1951 return GPG_ERR_INV_ARG
;
1953 return assuan_command(pwm
, pwm
->ctx
, result
, cmd
);
1956 gpg_error_t
pwmd_command_ap(pwm_t
*pwm
, char **result
, const char *cmd
,
1965 return GPG_ERR_INV_ARG
;
1968 return GPG_ERR_INV_STATE
;
1971 * C99 allows the dst pointer to be null which will calculate the length
1972 * of the would-be result and return it.
1975 len
= vsnprintf(NULL
, 0, cmd
, ap
)+1;
1976 buf
= (char *)pwmd_malloc(len
);
1980 return gpg_error_from_errno(ENOMEM
);
1983 len
= vsnprintf(buf
, len
, cmd
, ap2
);
1986 if (buf
[strlen(buf
)-1] == '\n')
1987 buf
[strlen(buf
)-1] = 0;
1989 if (buf
[strlen(buf
)-1] == '\r')
1990 buf
[strlen(buf
)-1] = 0;
1992 error
= send_command(pwm
, result
, buf
);
1997 gpg_error_t
pwmd_command(pwm_t
*pwm
, char **result
, const char *cmd
, ...)
2003 return GPG_ERR_INV_ARG
;
2006 return GPG_ERR_INV_STATE
;
2012 error
= pwmd_command_ap(pwm
, result
, cmd
, ap
);
2017 #ifdef WITH_PINENTRY
2018 static gpg_error_t
do_getpin(pwm_t
*pwm
, char **result
)
2021 signal(SIGALRM
, catchsig
);
2026 return pinentry_command(pwm
, result
, "GETPIN");
2029 static gpg_error_t
getpin(pwm_t
*pwm
, char **result
, int which
)
2034 rc
= set_pinentry_strings(pwm
, which
);
2037 pinentry_disconnect(pwm
);
2041 rc
= do_getpin(pwm
, result
);
2044 * Since there was input cancel any timeout setting.
2047 signal(SIGALRM
, SIG_DFL
);
2051 pinentry_disconnect(pwm
);
2053 /* This lets pwmd_open2() with PWMD_OPTION_PINENTRY_TIMEOUT work. */
2054 if (rc
== GPG_ERR_EOF
&& gerror
== GPG_ERR_TIMEOUT
)
2064 static gpg_error_t
do_open_command(pwm_t
*pwm
, const char *filename
, char *password
)
2068 char *result
= NULL
;
2070 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2073 return gpg_error_from_errno(ENOMEM
);
2075 snprintf(buf
, ASSUAN_LINELENGTH
, "OPEN %s %s", filename
,
2076 password
? password
: "");
2077 error
= send_command(pwm
, &result
, buf
);
2080 if (error
&& result
)
2086 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
)
2090 if (pwm
->pinentry_path
) {
2091 rc
= pwmd_command(pwm
, NULL
, "OPTION PATH=%s", pwm
->pinentry_path
);
2097 if (pwm
->pinentry_tty
) {
2098 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYNAME=%s", pwm
->pinentry_tty
);
2104 if (pwm
->pinentry_term
) {
2105 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYTYPE=%s", pwm
->pinentry_term
);
2111 if (pwm
->pinentry_display
) {
2112 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->pinentry_display
);
2119 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->title
);
2126 rc
= pwmd_command(pwm
, NULL
, "OPTION DESC=%s", pwm
->desc
);
2133 rc
= pwmd_command(pwm
, NULL
, "OPTION PROMPT=%s", pwm
->prompt
);
2140 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_CTYPE=%s", pwm
->lcctype
);
2146 if (pwm
->lcmessages
) {
2147 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_MESSAGES=%s", pwm
->lcmessages
);
2153 if (pwm
->pinentry_timeout
>= 0) {
2154 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=%i", pwm
->pinentry_timeout
);
2163 static gpg_error_t
do_pwmd_open(pwm_t
*pwm
, const char *filename
, int nb
,
2166 char *result
= NULL
;
2167 char *password
= NULL
;
2172 if (!pwm
|| !filename
|| !*filename
)
2173 return GPG_ERR_INV_ARG
;
2176 return GPG_ERR_INV_STATE
;
2178 pin_try
= pwm
->pinentry_tries
- 1;
2181 * Avoid calling pinentry if the password is cached on the server or if
2182 * this is a new file. pwmd version 2 adds a VERSION command which is
2183 * determined in _socket_connect_finalize(). If the server is version 2,
2184 * ISCACHED can determine if a file exists.
2187 if (!pwm
->tcp_conn
&& pwm
->version
== PWMD_V1
) {
2189 if (pwm
->version
== PWMD_V1
) {
2191 rc
= pwmd_command(pwm
, &result
, "GETCONFIG data_directory");
2196 path
= pwmd_strdup_printf("%s/%s", result
, filename
);
2200 return gpg_error_from_errno(ENOMEM
);
2202 if (access(path
, R_OK
) == -1) {
2203 if (errno
== ENOENT
) {
2212 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", filename
);
2214 if (gpg_err_code(rc
) == GPG_ERR_ENOENT
)
2217 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2220 if (rc
== GPG_ERR_NOT_FOUND
) {
2221 if (pwm
->password
) {
2222 password
= pwm
->password
;
2226 if (pwm
->passfunc
) {
2227 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2236 #ifdef WITH_PINENTRY
2237 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2238 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
2244 pwm
->filename
= pwmd_strdup(filename
);
2247 return gpg_error_from_errno(ENOMEM
);
2249 /* Get the passphrase using the LOCAL pinentry. */
2253 pwmd_nb_status_t pw
;
2256 return gpg_error_from_syserror();
2269 if (pwm
->pinentry_timeout
!= 0) {
2271 gtimeout
= abs(pwm
->pinentry_timeout
);
2275 pw
.error
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2277 if (gtimeout
&& gelapsed
>= gtimeout
)
2278 pw
.error
= GPG_ERR_TIMEOUT
;
2281 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2284 pinentry_disconnect(pwm
);
2286 pth_write(p
[1], &pw
, sizeof(pw
));
2288 write(p
[1], &pw
, sizeof(pw
));
2290 memset(&pw
, 0, sizeof(pw
));
2295 rc
= gpg_error_from_syserror();
2309 if (pwm
->pinentry_timeout
!= 0) {
2311 gtimeout
= abs(pwm
->pinentry_timeout
);
2315 rc
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2317 /* Don't timeout when an invalid passphrase was entered. */
2326 pwm
->state
= ASYNC_DONE
;
2329 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2331 if (!local_pinentry
) {
2333 rc
= send_pinentry_options(pwm
);
2339 rc
= do_open_command(pwm
, filename
, password
);
2342 * Keep the user defined password set with pwmd_setopt(). The password may
2343 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
2345 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2346 pwmd_free(password
);
2349 if (rc
== GPG_ERR_INV_PASSPHRASE
&& !pwm
->tcp_conn
) {
2351 if (rc
== GPG_ERR_INV_PASSPHRASE
) {
2353 if (pin_try
-- > 0 && !nb
) {
2355 #ifdef WITH_PINENTRY
2357 rc
= getpin(pwm
, &password
, PINENTRY_OPEN_FAILED
);
2360 rc
= pwmd_command(pwm
, &result
, "OPTION TITLE=%s",
2361 N_("Invalid passphrase, please try again."));
2369 #ifdef WITH_PINENTRY
2371 pinentry_disconnect(pwm
);
2379 pwmd_free(pwm
->filename
);
2381 pwm
->filename
= pwmd_strdup(filename
);
2387 gpg_error_t
pwmd_open2(pwm_t
*pwm
, const char *filename
)
2389 #ifndef WITH_PINENTRY
2390 return GPG_ERR_NOT_IMPLEMENTED
;
2392 return do_pwmd_open(pwm
, filename
, 0, 1);
2396 gpg_error_t
pwmd_open(pwm_t
*pwm
, const char *filename
)
2398 return do_pwmd_open(pwm
, filename
, 0, 0);
2401 gpg_error_t
pwmd_open_async2(pwm_t
*pwm
, const char *filename
)
2403 #ifndef WITH_PINENTRY
2404 return GPG_ERR_NOT_IMPLEMENTED
;
2408 if (!pwm
|| !filename
)
2409 return GPG_ERR_INV_ARG
;
2412 return GPG_ERR_INV_STATE
;
2414 if (pwm
->cmd
!= ASYNC_CMD_OPEN2
)
2417 pwm
->cmd
= ASYNC_CMD_OPEN2
;
2418 pwm
->state
= ASYNC_PROCESS
;
2419 rc
= do_pwmd_open(pwm
, filename
, 1, 1);
2422 reset_async(pwm
, 1);
2428 #ifdef WITH_PINENTRY
2429 static gpg_error_t
do_save_getpin(pwm_t
*pwm
, char **password
)
2433 char *result
= NULL
;
2436 error
= getpin(pwm
, &result
, confirm
? PINENTRY_SAVE_CONFIRM
: PINENTRY_SAVE
);
2440 pinentry_disconnect(pwm
);
2443 pwmd_free(*password
);
2453 if (strcmp(*password
, result
)) {
2454 pwmd_free(*password
);
2462 pinentry_disconnect(pwm
);
2467 static gpg_error_t
do_save_command(pwm_t
*pwm
, char *password
)
2471 char *result
= NULL
;
2473 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2476 return gpg_error_from_errno(ENOMEM
);
2478 snprintf(buf
, ASSUAN_LINELENGTH
, "SAVE %s", password
? password
: "");
2479 error
= send_command(pwm
, &result
, buf
);
2482 if (error
&& result
)
2488 static gpg_error_t
do_pwmd_save(pwm_t
*pwm
, int nb
, int local_pinentry
)
2490 char *result
= NULL
;
2491 char *password
= NULL
;
2495 return GPG_ERR_INV_ARG
;
2498 return GPG_ERR_INV_STATE
;
2500 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", pwm
->filename
);
2502 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2505 if (rc
== GPG_ERR_NOT_FOUND
) {
2506 if (pwm
->password
) {
2507 password
= pwm
->password
;
2511 if (pwm
->passfunc
) {
2512 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2521 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2522 #ifdef WITH_PINENTRY
2523 /* Get the password using the LOCAL pinentry. */
2527 pwmd_nb_status_t pw
;
2530 return gpg_error_from_syserror();
2543 pw
.error
= do_save_getpin(pwm
, &password
);
2544 pinentry_disconnect(pwm
);
2545 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2548 pth_write(p
[1], &pw
, sizeof(pw
));
2550 write(p
[1], &pw
, sizeof(pw
));
2552 memset(&pw
, 0, sizeof(pw
));
2557 rc
= gpg_error_from_syserror();
2571 rc
= do_save_getpin(pwm
, &password
);
2578 pwm
->state
= ASYNC_DONE
;
2582 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2584 if (!local_pinentry
) {
2586 rc
= send_pinentry_options(pwm
);
2592 rc
= do_save_command(pwm
, password
);
2594 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2595 pwmd_free(password
);
2600 gpg_error_t
pwmd_save_async2(pwm_t
*pwm
)
2602 #ifndef WITH_PINENTRY
2603 return GPG_ERR_NOT_IMPLEMENTED
;
2608 return GPG_ERR_INV_ARG
;
2611 return GPG_ERR_INV_STATE
;
2613 pwm
->cmd
= ASYNC_CMD_SAVE2
;
2614 pwm
->state
= ASYNC_PROCESS
;
2615 rc
= do_pwmd_save(pwm
, 1, 1);
2618 reset_async(pwm
, 0);
2624 gpg_error_t
pwmd_save2(pwm_t
*pwm
)
2626 #ifndef WITH_PINENTRY
2627 return GPG_ERR_NOT_IMPLEMENTED
;
2629 return do_pwmd_save(pwm
, 0, 1);
2633 gpg_error_t
pwmd_save(pwm_t
*pwm
)
2635 return do_pwmd_save(pwm
, 0, 0);
2638 gpg_error_t
pwmd_setopt(pwm_t
*pwm
, pwmd_option_t opt
, ...)
2641 int n
= va_arg(ap
, int);
2643 gpg_error_t error
= 0;
2646 return GPG_ERR_INV_ARG
;
2651 case PWMD_OPTION_STATUS_CB
:
2652 pwm
->status_func
= va_arg(ap
, pwmd_status_cb_t
);
2654 case PWMD_OPTION_STATUS_DATA
:
2655 pwm
->status_data
= va_arg(ap
, void *);
2657 case PWMD_OPTION_PASSPHRASE_CB
:
2658 pwm
->passfunc
= va_arg(ap
, pwmd_passphrase_cb_t
);
2660 case PWMD_OPTION_PASSPHRASE_DATA
:
2661 pwm
->passdata
= va_arg(ap
, void *);
2663 case PWMD_OPTION_PASSPHRASE
:
2664 arg1
= va_arg(ap
, char *);
2667 pwmd_free(pwm
->password
);
2669 pwm
->password
= pwmd_strdup(arg1
);
2671 case PWMD_OPTION_PINENTRY_TRIES
:
2672 n
= va_arg(ap
, int);
2676 error
= GPG_ERR_INV_VALUE
;
2679 pwm
->pinentry_tries
= n
;
2681 case PWMD_OPTION_PINENTRY_TIMEOUT
:
2682 n
= va_arg(ap
, int);
2686 error
= GPG_ERR_INV_VALUE
;
2689 pwm
->pinentry_timeout
= n
;
2691 case PWMD_OPTION_PINENTRY_PATH
:
2692 if (pwm
->pinentry_path
)
2693 pwmd_free(pwm
->pinentry_path
);
2695 pwm
->pinentry_path
= expand_homedir(va_arg(ap
, char *), NULL
);
2697 case PWMD_OPTION_PINENTRY_TTY
:
2698 if (pwm
->pinentry_tty
)
2699 pwmd_free(pwm
->pinentry_tty
);
2701 pwm
->pinentry_tty
= pwmd_strdup(va_arg(ap
, char *));
2703 case PWMD_OPTION_PINENTRY_DISPLAY
:
2704 if (pwm
->pinentry_display
)
2705 pwmd_free(pwm
->pinentry_display
);
2707 pwm
->pinentry_display
= pwmd_strdup(va_arg(ap
, char *));
2709 case PWMD_OPTION_PINENTRY_TERM
:
2710 if (pwm
->pinentry_term
)
2711 pwmd_free(pwm
->pinentry_term
);
2713 pwm
->pinentry_term
= pwmd_strdup(va_arg(ap
, char *));
2715 case PWMD_OPTION_PINENTRY_TITLE
:
2717 pwmd_free(pwm
->title
);
2719 pwm
->title
= percent_escape(va_arg(ap
, char *));
2721 case PWMD_OPTION_PINENTRY_PROMPT
:
2723 pwmd_free(pwm
->prompt
);
2725 pwm
->prompt
= percent_escape(va_arg(ap
, char *));
2727 case PWMD_OPTION_PINENTRY_DESC
:
2729 pwmd_free(pwm
->desc
);
2731 pwm
->desc
= percent_escape(va_arg(ap
, char *));
2733 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
2735 pwmd_free(pwm
->lcctype
);
2737 pwm
->lcctype
= pwmd_strdup(va_arg(ap
, char *));
2739 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
2740 if (pwm
->lcmessages
)
2741 pwmd_free(pwm
->lcmessages
);
2743 pwm
->lcmessages
= pwmd_strdup(va_arg(ap
, char *));
2746 case PWMD_OPTION_IP_VERSION
:
2747 n
= va_arg(ap
, int);
2756 error
= GPG_ERR_INV_VALUE
;
2764 error
= GPG_ERR_NOT_IMPLEMENTED
;
2772 gpg_error_t
pwmd_get_fds(pwm_t
*pwm
, pwmd_fd_t
*fds
, int *n_fds
)
2777 int afds
[ARES_GETSOCK_MAXNUM
];
2782 if (!pwm
|| !fds
|| !n_fds
|| *n_fds
<= 0)
2783 return GPG_ERR_INV_ARG
;
2787 memset(afds
, 0, sizeof(int)*ARES_GETSOCK_MAXNUM
);
2789 memset(fds
, 0, sizeof(pwmd_fd_t
)*in_total
);
2794 case ASYNC_CMD_NONE
:
2795 case ASYNC_CMD_OPEN
:
2796 case ASYNC_CMD_SAVE
:
2797 #ifdef WITH_PINENTRY
2801 return GPG_ERR_INV_STATE
;
2804 fds
[fd
].fd
= pwm
->fd
;
2805 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2807 #ifdef WITH_PINENTRY
2808 case ASYNC_CMD_OPEN2
:
2809 case ASYNC_CMD_SAVE2
:
2810 /* The command has already completed (cached or new). */
2811 if (pwm
->state
== ASYNC_DONE
)
2814 if (pwm
->nb_fd
== -1)
2815 return GPG_ERR_INV_STATE
;
2818 fds
[fd
].fd
= pwm
->nb_fd
;
2819 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2824 if (!pwm
->tcp_conn
|| !pwm
->tcp_conn
->chan
)
2825 return GPG_ERR_INV_STATE
;
2827 n
= ares_getsock(pwm
->tcp_conn
->chan
, afds
, ARES_GETSOCK_MAXNUM
);
2829 for (i
= 0; i
< ARES_GETSOCK_MAXNUM
; i
++) {
2832 if (fd
> in_total
) {
2834 return GPG_ERR_ERANGE
;
2837 if (ARES_GETSOCK_READABLE(n
, i
)) {
2839 fds
[fd
].flags
|= PWMD_FD_READABLE
;
2842 if (ARES_GETSOCK_WRITABLE(n
, i
)) {
2844 fds
[fd
].flags
|= PWMD_FD_WRITABLE
;
2848 fds
[fd
++].fd
= afds
[i
];
2853 case ASYNC_CMD_CONNECT
:
2854 case ASYNC_CMD_HOSTKEY
:
2855 if (!pwm
->tcp_conn
|| pwm
->tcp_conn
->fd
== -1)
2856 return GPG_ERR_INV_STATE
;
2859 fds
[fd
].fd
= pwm
->tcp_conn
->fd
;
2860 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2865 return GPG_ERR_INV_STATE
;
2868 pwm_t
*pwmd_new(const char *name
)
2870 pwm_t
*h
= pwmd_calloc(1, sizeof(pwm_t
));
2876 h
->name
= pwmd_strdup(name
);
2885 #ifdef WITH_PINENTRY
2888 h
->pinentry_timeout
= -30;
2889 h
->pinentry_tries
= 3;
2891 h
->prot
= PWMD_IP_ANY
;
2896 void pwmd_free(void *ptr
)
2901 void *pwmd_malloc(size_t size
)
2903 return xmalloc(size
);
2906 void *pwmd_calloc(size_t nmemb
, size_t size
)
2908 return xcalloc(nmemb
, size
);
2911 void *pwmd_realloc(void *ptr
, size_t size
)
2913 return xrealloc(ptr
, size
);
2916 char *pwmd_strdup(const char *str
)
2918 return xstrdup(str
);
2921 char *pwmd_strdup_printf(const char *fmt
, ...)
2932 len
= vsnprintf(NULL
, 0, fmt
, ap
);
2934 buf
= pwmd_malloc(++len
);
2937 vsnprintf(buf
, len
, fmt
, ap2
);