2 Copyright (C) 2006-2016 Ben Kibbey <bjk@luxsci.net>
4 This file is part of libpwmd.
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 This library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with this library; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
21 /*! \headerfile libpwmd.h
23 * libpwmd is a library making it easy for applications to use the pwmd server.
24 * Pwmd version 3.1 or later is required; either locally or remotely.
27 /*! \section threads Threads
29 * \ref libpwmd should be thread-safe on a per handle bases. Meaning that only
30 * one thread should access a \ref pwm_t handle at a time.
33 /*! \section remote Remote Connection Details
35 * There are two methods of connecting to a remote pwmd server: over SSH and
38 * Connections over SSH are done by creating an SSH channel to spawn a shell
39 * that executes a proxy server to connect to the pwmd local Unix Domain
40 * Socket. Authentication is done by using SSH public key (see \ref
41 * ssh-keygen(1)) authentication and verifying the host key against a local
42 * OpenSSH known hosts formatted file. A passphrase protected private SSH key
43 * is supported when \ref PWMD_OPTION_SSH_NEEDS_PASSPHRASE is set.
45 * An unknown servers public key can be added to a known hosts file after user
46 * confirmation by setting the callback function \ref pwmd_knownhost_cb_t
47 * before connecting to the unknown host.
49 * On the server side you'll need a proxy server to connect to the pwmd server.
50 * Below is an example of an \ref authorized_keys(5) entry that will do this.
51 * The \a public_key portion should be the same as the contents of the \ref
52 * ssh-keygen(1) \a identity.pub file generated on the client machine. The
53 * private key should be passed as the \a identity parameter to \ref
57 * command="socat UNIX-CONNECT:$HOME/.pwmd/socket -" <public_key> ...
60 * Pwmd itself can accept TLS connections so no proxy program is needed as is
61 * when using SSH. Like SSH connections, TLS connections are created with \ref
62 * pwmd_connect(). You will need to generate a client key and X509 certificate
63 * and then sign it with the same certificate authority (CA) that the pwmd
64 * server certificate was signed with.
66 * Certificates are similar to SSH public and private keys but a little harder
67 * to setup correctly. See the \ref certtool(1) (recommended) and \ref
68 * openssl(1) manual pages for details.
71 /*! \section pinentry Pinentry Details
73 * \ref pinentry(1) is a program that prompts the user for input which is
74 * normally a passphrase or a confirmation. libpwmd can use this program either
75 * locally (X11 forwarding is not yet supported) or have the pwmd server (read:
76 * \ref gpg-agent(1)) call pinentry to retrieve a passphrase when needed.
78 * There are a few options that tell pinentry how and where to prompt for a
79 * needed passphrase. See the \ref pwmd_option_t section for details. These
80 * options are sent to pwmd during \ref pwmd_open(), \ref pwmd_save() and \ref
81 * pwmd_passwd() only when pinentry use has not been disabled (\ref
82 * PWMD_OPTION_NO_PINENTRY) and when not over a remote connection.
84 * Some pinentry options may also be specified in the local configuration file
85 * \a "~/.config/libpwmd.conf".
89 * \note The initial values for the pinentry TTY, TERM and DISPLAY are set
90 * during \ref pwmd_new() depending on the current environment. They are then
91 * updated to the values specified in \a ~/.config/libpwmd.conf. They can then
92 * be reset or changed as needed by using \ref pwmd_setopt().
94 * \note After establishing a remote connection, pwmd's pinentry is disabled by
95 * sending the pwmd option \a "disable-pinentry" during \ref pwmd_open(). A
96 * local pinentry will be used instead.
98 * \see \ref remote, \ref configuration
101 /*! \section configuration Configuration File
103 * Initial values overriding libpwmd defaults for a handle may be specified in
104 * the configuration file \a ~/.config/libpwmd.conf. This file is read only
105 * once during \ref pwmd_new(). Option values may be updated by setting the
106 * associated option with \ref pwmd_setopt(). Blank lines and lines beginning
107 * with a '#' are ignored as are unrecognized options. See the documentation
108 * for each option for its' value type. Valid options are:
111 * Same as \ref PWMD_OPTION_PINENTRY_PATH.
113 * \par pinentry-display
114 * Same as \ref PWMD_OPTION_PINENTRY_DISPLAY.
116 * \par pinentry-ttyname
117 * Same as \ref PWMD_OPTION_PINENTRY_TTY.
119 * \par pinentry-ttytype
120 * Same as \ref PWMD_OPTION_PINENTRY_TERM.
122 * \par pinentry-lc-messages
123 * Same as \ref PWMD_OPTION_PINENTRY_LC_MESSAGES.
125 * \par pinentry-lc-ctype
126 * Same as \ref PWMD_OPTION_PINENTRY_LC_CTYPE.
128 * \par pinentry-timeout
129 * Same as \ref PWMD_OPTION_PINENTRY_TIMEOUT.
131 * \par pinentry-tries
132 * Same as \ref PWMD_OPTION_PINENTRY_TRIES.
135 * Same as \ref PWMD_OPTION_NO_PINENTRY.
137 * \par local-pinentry
138 * Same as \ref PWMD_OPTION_LOCAL_PINENTRY.
141 * Same as \ref PWMD_OPTION_SSH_AGENT.
144 * Same as \ref PWMD_OPTION_TLS_VERIFY.
147 * Same as \ref PWMD_OPTION_TLS_PRIORITY.
149 * \par socket-timeout
150 * Same as \ref PWMD_OPTION_SOCKET_TIMEOUT.
153 * Same as \ref PWMD_OPTION_LOCK_ON_OPEN.
156 * Path to file containing additional libpwmd.conf settings.
161 * libpwmd uses libgpg-error for all error codes. Error codes can be described
162 * by using \ref gpg_strerror(), or the thread-safe \ref gpg_strerror_r().
164 * \note libgpg-error returns an error code as a bitmask of an error source and
165 * the error code. Determining the error source can help you determine where
166 * the error occurred, be it from \ref pinentry(1), \ref gpg-agent(1), \ref
167 * libgcrypt, \ref pwmd(1) or \ref libpwmd(3). pwmd uses the \ref
168 * GPG_ERR_SOURCE_USER_1 error source and libpwmd uses \ref
169 * GPG_ERR_SOURCE_USER_2. To view the error source and description of an error
170 * code the \ref gpg-error(1) command line utility may be of use. Also see the
171 * \ref libgpg-error documentation for error code manipulation.
182 #ifdef GPG_ERR_SOURCE_DEFAULT
183 #error "GPG_ERR_SOURCE_DEFAULT already defined."
185 #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_2
187 #include <gpg-error.h>
195 /*! \def LIBPWMD_VERSION
196 * \brief Version information.
198 * The version of this library.
200 #define LIBPWMD_VERSION 0x@VER_MAJOR_HEX@@VER_MINOR_HEX@@VER_PATCH_HEX@
203 /*! \def LIBPWMD_VERSION_MAJOR
204 * \brief Version information.
206 * The major release number of this library.
208 #define LIBPWMD_VERSION_MAJOR @VER_MAJOR@
211 /*! \def LIBPWMD_VERSION_MINOR
212 * \brief Version information.
214 * The minor release number of this library.
216 #define LIBPWMD_VERSION_MINOR @VER_MINOR@
219 /*! \def LIBPWMD_VERSION_PATCH
220 * \brief Version information.
222 * The patch level of this library.
224 #define LIBPWMD_VERSION_PATCH @VER_PATCH@
227 /*! \def LIBPWMD_VERSION_STR
228 * \brief Version information.
230 * A string representation of the version of this library.
232 #define LIBPWMD_VERSION_STR @VER_STRING@
235 /*! \brief Returns this version of libpwmd.
240 LIBPWMD_API
const char *pwmd_version ();
245 * \brief A libpwmd handle.
247 * When a pwmd handle or context is mentioned in this documentation it
248 * is a pointer of this type. A new handle is created with \ref
251 typedef struct pwm_s pwm_t
;
254 /*! \typedef pwmd_socket_t
255 * \brief The type of socket a handle is connected to.
257 * For use with \ref pwmd_socket_type().
261 /*! A local UNIX domain socket. */
264 /*! An SSH channel over a TCP socket. */
267 /*! A TLS connection over a TCP socket. */
272 /*! \typedef pwmd_pinentry_t
273 * \brief Local pinentry commands and not pwmd pinentry.
275 * These determine what prompt a local pinentry uses. For use with \ref
280 /*! When opening a file. */
283 /*! When opening a file failed due to a bad passphrase. */
284 PWMD_PINENTRY_OPEN_FAILED
,
286 /*! When saving a file. */
289 /*! For passphrase confirmation. */
290 PWMD_PINENTRY_SAVE_CONFIRM
,
292 /*! When saving a file and passphrase confirmation failed. */
293 PWMD_PINENTRY_SAVE_FAILED
,
295 /*! For confirmation of a user-defined prompt. */
296 PWMD_PINENTRY_CONFIRM
,
298 /*! For the default or user defined string set with \ref
299 * PWMD_OPTION_PINENTRY_DESC. */
302 /*! To terminate the pinentry process created with \ref pwmd_getpin(). */
307 /*! \typedef pwmd_status_cb_t
308 * \brief Process status messages.
310 * The value of the option \ref PWMD_OPTION_STATUS_CB which is set with \ref
313 * \param user A user data pointer which is set with \ref
314 * PWMD_OPTION_STATUS_DATA.
315 * \param line The status message line received from the server.
316 * \return 0 on success or an error code which will cause a command to fail.
318 typedef gpg_error_t (*pwmd_status_cb_t
) (void *user
, const char *line
);
321 /*! \typedef pwmd_inquire_cb_t
322 * \brief Send data to the pwmd server.
324 * This is a callback function that is used for sending data to the server for
325 * commands that need to reply to an INQUIRE server response. The reason for
326 * this callback is to let the client send as many bytes as it wants rather
327 * than the entire data at once. It gets called during an internal \ref
328 * assuan_transact() from an internal inquire callback function which in turn
329 * calls this function by looping over its return value.
331 * \param user The user data pointer passed to the libpwmd function specifying
333 * \param keyword The name of this inquire. Could be a command name or some
334 * keyword describing what needs to be sent. See the pwmd and \ref
335 * gpg-agent(1) documentation for details.
336 * \param rc The result of the last internal call to \ref assuan_send_data()
337 * which did the sending of the data to the pwmd server. On the first call to
338 * this callback it's value will always be 0 since no data has been sent yet.
339 * This should be checked during each call to this function and should return
340 * the same error code when set. Its purpose is to let the client clean up
341 * before letting the command fail.
342 * \param[out] data The next chunk of data to send or NULL.
343 * \param[out] len The length of \a data or 0.
345 * \retval 0 There is more data to be sent.
346 * \retval GPG_ERR_EOF No need to call this function again, the current
347 * \a data is the last to send.
348 * \retval code Any other error code which will cancel the INQUIRE.
350 * \note The sent data is processed line-per-line. The line is either newline
351 * terminated or is buffered until ASSUAN_LINELENGTH bytes have been
352 * allocated. Any remaining bytes are sent after the INQUIRE has finished.
354 typedef gpg_error_t (*pwmd_inquire_cb_t
) (void *user
, const char *keyword
,
355 gpg_error_t rc
, char **data
,
359 /*! \typedef pwmd_knownhost_cb_t
360 * \brief Verify a remote SSH connection.
362 * When the current SSH connections host key was not found in the known hosts
363 * file, then this callback function can be used to confirm the addition of the
364 * new host key to the known_hosts file. When \ref PWMD_OPTION_KNOWNHOST_CB is
365 * not set then the default callback function will be used.
367 * \param user User data which was set with \ref PWMD_OPTION_KNOWNHOST_DATA.
368 * \param host The hostname as passed to \ref pwmd_connect().
369 * \param hostkey The raw binary data of the host key.
370 * \param len The length of \a hostkey.
371 * \retval 0 Add the host key to the known hosts file.
372 * \retval GPG_ERR_NOT_CONFIRMED Do not add the host key and abort the
373 * connection. This is the recommended error code although any other non-zero
374 * return value will also abort the connection.
376 * \note If the known hosts file cannot be modified do to filesystem
377 * restrictions when adding the new host key, no error is returned. Instead,
378 * the host key is added to the current connections host key cache and the
379 * connection is accepted.
383 typedef gpg_error_t (*pwmd_knownhost_cb_t
) (void *user
, const char *host
,
388 /*! \enum pwmd_option_t
389 * \brief libpwmd options.
391 * Options are set with \ref pwmd_setopt(). Some options must be set before a
392 * connection is made to have any effect.
396 /* Note to self: dont change the order or insert. Only append. */
399 /*! A string value which specifies the full path of the \ref pinentry(1)
400 * binary. The default is specified at compile time.
402 * \note This only affects the local pinentry.
405 PWMD_OPTION_PINENTRY_PATH
,
408 /*! A string value which specifies the full path to the TTY that \ref
409 * pinentry(1) will use to prompt on. When set and no DISPLAY is
410 * available, \ref PWMD_OPTION_PINENTRY_TERM must also be set.
414 PWMD_OPTION_PINENTRY_TTY
,
417 /*! A string value which specifies the terminal type (i.e., vt100) that
418 * \ref pinentry(1) will use when no X11 display is available.
422 PWMD_OPTION_PINENTRY_TERM
,
425 /*! A string value which specifies the X11 display that \ref pinentry(1)
426 * will use. \ref pinentry(1) seems to make DISPLAY have a higher priority
427 * than \ref PWMD_OPTION_PINENTRY_TTY.
431 PWMD_OPTION_PINENTRY_DISPLAY
,
434 /*! A character string that \ref pinentry(1) will use in it's dialog
437 PWMD_OPTION_PINENTRY_ERROR
,
440 /*! \copydoc PWMD_OPTION_PINENTRY_ERROR */
441 PWMD_OPTION_PINENTRY_PROMPT
,
444 /*! \copydoc PWMD_OPTION_PINENTRY_ERROR */
445 PWMD_OPTION_PINENTRY_DESC
,
448 /*! For \ref pinentry(1) localization. */
449 PWMD_OPTION_PINENTRY_LC_CTYPE
,
452 /*! \copydoc PWMD_OPTION_PINENTRY_LC_CTYPE */
453 PWMD_OPTION_PINENTRY_LC_MESSAGES
,
456 /*! An integer value that specifies the number of seconds \ref pinentry(1)
457 * will wait for input before timing out and aborting the current command.
458 * If 0, then no timeout will be used. The default is 30.
460 * \note This only affects the local pinentry.
462 PWMD_OPTION_PINENTRY_TIMEOUT
,
465 /*! An integer value that specifies the number of times to prompt for a
466 * passphrase before returning an error.
468 * \note This only affects the local pinentry.
470 PWMD_OPTION_PINENTRY_TRIES
,
473 /*! A function of type \ref pwmd_status_cb_t that will process status
474 * messages received from the pwmd server.
476 PWMD_OPTION_STATUS_CB
,
479 /*! A user data pointer which is passed to the status message function
480 * \ref PWMD_OPTION_STATUS_CB. */
481 PWMD_OPTION_STATUS_DATA
,
484 /*! A function of type \ref pwmd_knownhost_cb_t that will be used to
485 * confirm a host key that was not found in the known hosts file.
489 PWMD_OPTION_KNOWNHOST_CB
,
492 /*! User supplied data which is passed to the known host function \ref
493 * PWMD_OPTION_KNOWNHOST_CB.
497 PWMD_OPTION_KNOWNHOST_DATA
,
500 /*! When the total number of bytes to be sent via an INQUIRE is known,
501 * this should be set so XFER status messages can be parsed correctly.
502 * When not known or unset, 0 is used as the total argument to the XFER
503 * status message. This option should be reset in every function that
504 * uses an \ref pwmd_inquire_cb_t.
506 * \note During the INQUIRE, \ref PWMD_OPTION_STATUS_CB is called, when
507 * set, after every iteration of the \ref pwmd_inquire_cb_t.
509 * \note This is a libpwmd feature. pwmd itself does not send XFER status
510 * messages during an INQUIRE. Status messages can be parsed only when
511 * \ref PWMD_OPTION_STATUS_CB is set.
513 PWMD_OPTION_INQUIRE_TOTAL
,
516 /*! When set to 1, lock the file mutex during \ref pwmd_open() as if the LOCK
517 * command had been sent.
519 PWMD_OPTION_LOCK_ON_OPEN
,
522 /*! Use ssh-agent to retrieve the private key to authenticate with when
523 * connecting to a remote pwmd server. */
524 PWMD_OPTION_SSH_AGENT
,
527 /*! When 1, disable pinentry use. This will prevent both pwmd and libpwmd
528 * from using a pinentry program and will prompt from the terminal if
531 * \note This must be set before calling \ref pwmd_open().
532 * \see \ref PWMD_OPTION_OVERRIDE_INQUIRE, \ref PWMD_OPTION_LOCAL_PINENTRY
534 PWMD_OPTION_NO_PINENTRY
,
537 /*! When 1, libpwmd will disable pwmd's pinentry and use it's own
538 * pinentry. This option is set by default when the connection is a remote
541 * \note This must be set before calling \ref pwmd_open().
543 PWMD_OPTION_LOCAL_PINENTRY
,
546 /*! When set, override libpwmd's internal handling of server inquires with
547 * the PASSPHRASE, NEW_PASSPHRASE and SIGN_PASSPHRASE keywords. Handling of
548 * these keywords is done automatically when \ref PWMD_OPTION_NO_PINENTRY or
549 * \ref PWMD_OPTION_LOCAL_PINENTRY is set or when the connection is a remote
552 * \see \ref remote, \ref PWMD_OPTION_LOCAL_PINENTRY, \ref pwmd_password()
554 PWMD_OPTION_OVERRIDE_INQUIRE
,
557 /*! An int specifying a timeout in seconds before a TCP connection or
558 * data transfer function will timeout causing a connection or command to
559 * fail. This option can be specified both before and after a connection
560 * has been established. When 0, no timeout is used.
562 PWMD_OPTION_SOCKET_TIMEOUT
,
565 /*! An int specifying whether to enable TLS hostname verification against the
566 * server certificate chain. Default is 0 or disabled. */
567 PWMD_OPTION_TLS_VERIFY
,
570 /*! Set to 1 to not modify the signal handler to ignore SIGPIPE. The default
571 * is 0, or to ignore this signal. */
575 /*! Get the version of the pwmd server as an unsigned integer. This is a
576 * read-only setting and is only available after connecting. */
577 PWMD_OPTION_SERVER_VERSION
,
580 /*! The SSH identity file requires a passphrase. When set, prompt for the
581 * passphrase after connecting. Note that only libssh2 built with OpenSSL
582 * supports this feature as of libssh2-1.7.0. */
583 PWMD_OPTION_SSH_NEEDS_PASSPHRASE
,
586 /*! Set SSH private identity passphrase. When set there is no need to set
587 * \ref PWMD_OPTION_SSH_NEEDS_PASSPHRASE. The value of this option is
588 * duplicated then freed after the call to \ref pwmd_connect(). Note that
589 * only libssh2 built with OpenSSL supports this feature as of
591 PWMD_OPTION_SSH_PASSPHRASE
,
594 /*! The TLS cipher priority string to use for a TLS connection. The default
595 * is SECURE256:SECURE192:SECURE128:-VERS-SSL3.0:-VERS-TLS1.0. */
596 PWMD_OPTION_TLS_PRIORITY
,
600 /*! \def PWMD_FEATURE_PINENTRY
602 * \brief Pinentry support.
604 * This is for a local or fork()'ed pinentry.
606 #define PWMD_FEATURE_PINENTRY 0x0001
608 /*! \def PWMD_FEATURE_QUALITY
610 * \brief Password quality checking.
612 * A password quality meter is shown when the pinentry supports it.
614 #define PWMD_FEATURE_QUALITY 0x0002
616 /*! \def PWMD_FEATURE_SSH
618 * \brief Remote connections over an SSH channel.
622 #define PWMD_FEATURE_SSH 0x0004
624 /*! \def PWMD_FEATURE_GNUTLS
626 * \brief Remote connections over TLS.
630 #define PWMD_FEATURE_GNUTLS 0x0008
633 /*! \brief libpwmd compile time features.
635 * Useful for clients to determine what features are compiled into libpwmd at
638 * \return A bitmask of features.
640 LIBPWMD_API
unsigned int pwmd_features ();
643 /*! \brief Initialize the library.
645 * This function must be the first function called in the library before any
646 * others. It sets up the memory allocators and internationalization among
649 * \return 0 on success or an error code.
651 LIBPWMD_API gpg_error_t
pwmd_init (void);
653 /*! \brief Deinitialize the library.
655 * This function is mainly for cleaning up other libraries that
656 * libpwmd links with to prevent memory and other leaks showing up in
657 * a debugger. It should be the final libpwmd function call before
660 LIBPWMD_API
void pwmd_deinit (void);
663 /*! \brief Creates a new handle.
665 * Creates a new handle or context for use with the other functions.
667 * \param name If not NULL, the name of the application. The application name
668 * is sent to the pwmd server after successfully connecting and is used in
670 * \param[out] pwm A new handle for use with the other functions.
672 * \return 0 on success or an error code.
674 LIBPWMD_API gpg_error_t
pwmd_new (const char *name
, pwm_t
**pwm
);
677 /*! \brief Set user data for a handle.
679 * Use this function to associate user data with a handle that can later be
680 * retrieved with \ref pwmd_get_pointer().
682 * \param pwm A handle.
683 * \param data A pointer to the user data.
686 LIBPWMD_API
void pwmd_set_pointer (pwm_t
*pwm
, void *data
);
689 /*! \brief Get user data for a handle.
691 * Return the user data pointer previously set with \ref pwmd_set_pointer().
693 * \param pwm A handle.
694 * \returns A pointer to the user data.
696 LIBPWMD_API
void *pwmd_get_pointer (pwm_t
*pwm
);
699 /*! \brief Cancel an operation.
701 * This is limited in functionality as it will only cancel an initiating
702 * connection to the pwmd server. Command cancellation is not yet supported.
704 * \param pwm A handle.
705 * \return 0 on success or an error code.
707 LIBPWMD_API gpg_error_t
pwmd_cancel (pwm_t
*pwm
);
710 /*! \brief Establish a connection to a pwmd server.
712 * Connects to the pwmd server specified in \a url. The format of \a url is:
714 * file:///path/to/socket, or
716 * ssh[46]://[username@]hostname[:port], or
718 * tls[46]://hostname[:port]
720 * If \a url is NULL then the default local pwmd socket \a ~/.pwmd/socket
723 * The remaining arguments are parameters for the \a url.
725 * For SSH connections, the first of the positional parameters should be the
726 * identity file to use and is required to be non-NULL unless \ref
727 * PWMD_OPTION_SSH_AGENT is set. The final parameter is the known hosts file
728 * to use or NULL to use a default of \a ~/.ssh/knownhosts.
730 * For TLS connections, the first positional parameter should be the client
731 * certificate filename. The second parameter should be the client
732 * certificate key filename. The third parameter should be the Certificate
733 * Authority (CA) file that was used to sign the server certificate. The
734 * final parameter is an SHA-256 hash of the server fingerprint to verify
737 * For local connections, any remaining parameters are ignored.
739 * \param pwm A handle.
740 * \param url The socket to connect to.
741 * \param ... Remaining parameters for the \a url.
742 * \return 0 on success or an error code.
744 * \see \ref PWMD_OPTION_SSH_AGENT, \ref PWMD_OPTION_SOCKET_TIMEOUT,
745 * pwmd_socket_type(), pwmd_disconnect(), \ref remote
747 LIBPWMD_API gpg_error_t
pwmd_connect (pwm_t
*pwm
, const char *url
, ...);
749 /*! \brief Get the error code of a failed GnuTLS function.
751 * When an TLS error occurs while connecting or during a command, this function
752 * can be used to get the error code and error description.
754 * \param pwm A handle.
755 * \param[out] str The textual representation of the gnutls error code.
756 * \return 0 on success or a GnuTLS error code.
758 LIBPWMD_API
int pwmd_gnutls_error (pwm_t
*pwm
, const char **str
);
760 /*! \brief Set handle options.
762 * See \ref pwmd_option_t for option specific details.
764 * \param pwm A handle.
765 * \param opt The option.
766 * \param ... The option value.
767 * \return 0 on success or an error code.
769 LIBPWMD_API gpg_error_t
pwmd_setopt (pwm_t
*pwm
, int opt
, ...);
772 /*! \brief Get the value for a handle option.
774 * Retrieves the default or previously set value for a handle option. See
775 * \ref pwmd_option_t for option specific details.
777 * \param pwm A handle.
778 * \param opt The option.
779 * \param ... A pointer to the option value type to store the value.
780 * \return 0 on success or an error code.
781 * \note The value is returned as a pointer and not duplicated.
783 LIBPWMD_API gpg_error_t
pwmd_getopt (pwm_t
*pwm
, int opt
, ...);
786 /*! \brief Launch a local pinentry.
788 * Does not send any command to the pwmd server. This maybe useful if a
789 * passphrase is needed while opening a file over a remote connection and
790 * during an \ref pwmd_open() server inquire.
792 * This function may also be used to display a user confirmation dialog with
793 * pinentry when \a which is \ref PWMD_PINENTRY_CONFIRM. The text show in the
794 * pinentry is set with \ref pwmd_setopt().
796 * \param pwm A handle.
797 * \param filename The filename to use in the pinentry dialog strings when
798 * using the default pinentry strings.
799 * \param[out] result The entered value in the pinentry dialog which should be
800 * freed with \ref pwmd_free().
801 * \param[out] len The length of \a result.
802 * \param which Determines the default strings shown in the pinentry
803 * dialog. \ref pwmd_setopt() may also be used to override the defaults. In
804 * this case \ref PWMD_PINENTRY_USER should be used. \ref PWMD_PINENTRY_CLOSE
805 * should be used to terminate the pinentry process when the pinentry is no
808 * \return 0 on success or an error.
810 * \see pwmd_password()
812 LIBPWMD_API gpg_error_t
pwmd_getpin (pwm_t
*pwm
, const char *filename
,
813 char **result
, size_t *len
,
814 pwmd_pinentry_t which
);
816 /*! \brief Obtain a passphrase from a local pinentry.
818 * This is the same function that libpwmd uses during an inquire when using
819 * the local pinentry and the inquire keyword is one of PASSPHRASE,
820 * NEW_PASSPHRASE or SIGN_PASSPHRASE. Provided for convenience since it sets
821 * proper pinentry strings and handles new passphrase confirmation.
823 * \param pwm A handle.
824 * \param keyword The keyword to determine pinentry strings. Usually one of
825 * PASSPHRASE, NEW_PASSPHRASE or SIGN_PASSPHRASE as sent by pwmd.
826 * \param[out] result The obtained passphrase which should be freed with \ref
828 * \param[out] size The length of \a result.
830 * \return 0 on success or an error.
832 LIBPWMD_API gpg_error_t
pwmd_password (pwm_t
*pwm
, const char *keyword
,
833 char **result
, size_t *size
);
835 /*! \brief Test the quality of a passphrase.
837 * When built with passphrase quality checking, you can test the amount of
838 * entropy a passphrase contains with this function. It simply wraps around the
839 * zxcvbn-c quality checking function.
841 * \param passphrase The passphrase to test.
842 * \param[out] result The entropy of the passphrase in bits.
844 * \return 0 on success or an error code.
846 LIBPWMD_API gpg_error_t
pwmd_test_quality (const char *passphrase
,
849 /*! \brief Open a file on the pwmd server.
851 * This will send the OPEN command to the server.
853 * To make use of \a callback, \ref PWMD_OPTION_OVERRIDE_INQUIRE must also be
856 * \param pwm A handle.
857 * \param filename The filename to open. The \a filename is not a full path
858 * but the data filename only.
859 * \param callback A callback function to invoke when pwmd inquires data from
861 * \param data User data passed to the \a callback function.
862 * \return 0 on success or an error code.
863 * \see \ref PWMD_OPTION_OVERRIDE_INQUIRE, \ref pinentry, \ref pwmd_password()
865 LIBPWMD_API gpg_error_t
pwmd_open (pwm_t
*pwm
, const char *filename
,
866 pwmd_inquire_cb_t callback
, void *data
);
869 /*! \brief Check for socket activity.
871 * This function should be called periodically to check for any pending status
872 * messages sent from the server and when \em not in a command.
874 * \param pwm A handle.
875 * \return 0 on success or an error code.
877 * \note This function makes use of \ref pwmd_status_cb_t.
879 LIBPWMD_API gpg_error_t
pwmd_process (pwm_t
*pwm
);
882 /*! \brief Generate a new key.
884 * Generate a new signing or encryption key or both. This will only
885 * generate a key without saving the XML document to disk.
887 * The inquire \a callback function should be used when a GENKEY option
888 * specified in \a args inquires data.
890 * \param pwm A handle.
891 * \param args Any GENKEY protocol command options or NULL.
892 * \param callback A callback function to invoke when pwmd inquires data from
894 * \param user User data passed to the \a callback function.
895 * \return 0 on success or an error code.
896 * \see \ref PWMD_OPTION_OVERRIDE_INQUIRE, \ref PWMD_OPTION_NO_PINENTRY,
897 * \ref PWMD_OPTION_LOCAL_PINENTRY, \ref pwmd_command(), \ref pinentry
899 LIBPWMD_API gpg_error_t
pwmd_genkey (pwm_t
*pwm
, const char *args
,
900 pwmd_inquire_cb_t callback
, void *user
);
903 /*! \brief Save a file on the pwmd server.
905 * This will send the SAVE command and write any changes to the document to
908 * The inquire \a callback function should be used when a SAVE option specified
909 * in \a args inquires data.
911 * \param pwm A handle.
912 * \param args Any SAVE protocol command options or NULL.
913 * \param callback A callback function to invoke when pwmd inquires data from
915 * \param user User data passed to the \a callback function.
916 * \return 0 on success or an error code.
917 * \see \ref PWMD_OPTION_OVERRIDE_INQUIRE, \ref PWMD_OPTION_NO_PINENTRY,
918 * \ref PWMD_OPTION_LOCAL_PINENTRY, \ref pwmd_command(), \ref pinentry
920 LIBPWMD_API gpg_error_t
pwmd_save (pwm_t
*pwm
, const char *args
,
921 pwmd_inquire_cb_t callback
, void *user
);
924 /*! \brief Change the passphrase for a data file.
926 * This will send the PASSWD command to the server taking care of pinentry
929 * The inquire \a callback function should be used when a PASSWD option
930 * specified in \a args inquires data.
932 * \param pwm A handle.
933 * \param args Any PASSWD protocol command options or NULL.
934 * \param callback A callback function to invoke when pwmd inquires data from
936 * \param user User data passed to the \a callback function.
937 * \return 0 on success or an error code.
938 * \see \ref PWMD_OPTION_OVERRIDE_INQUIRE, \ref PWMD_OPTION_NO_PINENTRY,
939 * \ref PWMD_OPTION_LOCAL_PINENTRY, \ref pwmd_command(), \ref pinentry
941 LIBPWMD_API gpg_error_t
pwmd_passwd (pwm_t
*pwm
, const char *args
,
942 pwmd_inquire_cb_t callback
, void *user
);
945 /*! \brief Send a command to the pwmd server.
947 * You should avoid sending the BYE command here because the assuan context
948 * will be freed and bad things will happen. Use \ref pwmd_close() instead.
950 * For pwmd commands that use an INQUIRE to retrieve data from a client, the
951 * \a callback parameter must be non-NULL and will be used to send the data to
954 * \param pwm A handle.
955 * \param[out] result The result of the command when successful which must be
956 * freed with \ref pwmd_free().
957 * \param[out] len The length of \a result.
958 * \param callback A callback function to invoke when pwmd inquires data from
960 * \param user User data passed to the \a callback function.
961 * \param cmd The command to send and any command arguments.
962 * \return 0 on success or an error code.
964 * \note Not all commands return a \a result.
966 LIBPWMD_API gpg_error_t
pwmd_command (pwm_t
*pwm
, char **result
,
968 pwmd_inquire_cb_t callback
,
969 void *user
, const char *cmd
, ...);
972 /*! \brief Send a command to the pwmd server.
974 * Like \ref pwmd_command() but uses an argument pointer instead.
976 * \param pwm A handle.
977 * \param[out] result The result of the command when successful which must be
978 * freed with \ref pwmd_free().
979 * \param[out] len The length of \a result.
980 * \param callback A callback function to invoke when pwmd inquires data from
982 * \param user User data passed to the \a callback function.
983 * \param cmd The command to send.
984 * \param ap The arguments to \a cmd.
985 * \return 0 on success or an error code.
987 * \note Not all commands return a \a result.
989 LIBPWMD_API gpg_error_t
pwmd_command_ap (pwm_t
*pwm
, char **result
,
991 pwmd_inquire_cb_t callback
,
992 void *user
, const char *cmd
,
996 /*! \brief Close a connection to the pwmd server.
998 * This will close the connection but keep any previously set options for the
999 * specified handle \a pwm. Calling \ref pwmd_connect() will re-acquire an
1000 * libassuan context.
1002 * \param pwm A handle.
1003 * \return 0 on success or an error code.
1004 * \see \ref pwmd_close()
1006 LIBPWMD_API gpg_error_t
pwmd_disconnect (pwm_t
*pwm
);
1009 /*! \brief Close a handle.
1011 * This will close the connection to a pwmd server and free any resources
1012 * associated with it.
1014 * \param pwm A handle.
1016 * \see \ref pwmd_disconnect(), \ref pwmd_new()
1018 LIBPWMD_API
void pwmd_close (pwm_t
*pwm
);
1021 /*! \brief The type of connection a handle has.
1023 * Useful when you need to know what kind of connection a handle has.
1025 * \param pwm A handle.
1026 * \param[out] type The type of socket.
1027 * \return 0 on success or an error code.
1029 * \see \ref pwmd_socket_t
1031 LIBPWMD_API gpg_error_t
pwmd_socket_type (pwm_t
*pwm
,
1032 pwmd_socket_t
* type
);
1034 /*! \brief Get the file descriptor associated with a handle.
1036 * May be useful to determine whether a handle is ready for reading or
1037 * writing by using select(2) or poll(2).
1039 * \param pwm A handle.
1040 * \param[out] fd Set to the file descriptor associated with \a pwm.
1041 * \return 0 on success or an error code.
1043 LIBPWMD_API gpg_error_t
pwmd_fd (pwm_t
*pwm
, int *fd
);
1046 /*! \brief Free a previously allocated pointer.
1048 * Use this function to free resources allocated by the other libpwmd memory
1049 * functions. Do not use it to free allocations made by other allocators.
1051 * The difference between the standard free() and this function is that
1052 * this one will zero out the contents of the pointer before freeing it.
1054 * \param ptr The pointer to deallocate.
1056 * \see pwmd_malloc(), pwmd_calloc(), pwmd_realloc(), pwmd_strdup(),
1059 LIBPWMD_API
void pwmd_free (void *ptr
);
1062 /*! \brief A wrapper around malloc.
1064 * Like malloc(), but lets libpwmd keep track of the pointer.
1066 * \param size The number of bytes to allocate.
1067 * \return A newly allocated pointer or NULL if there wasn't enough memory.
1068 * \see malloc(3), pwmd_free()
1070 LIBPWMD_API
void *pwmd_malloc (size_t size
);
1073 /*! \brief A wrapper around calloc().
1075 * Like calloc(), but lets libpwmd keep track of the pointer.
1077 * \param nmemb The number of elements to allocate.
1078 * \param size The number of bytes to allocate.
1079 * \return A newly allocated pointer or NULL if there wasn't enough memory.
1080 * \see calloc(3), pwmd_free()
1082 LIBPWMD_API
void *pwmd_calloc (size_t nmemb
, size_t size
);
1085 /*! \brief A wrapper around realloc().
1087 * Like realloc(), but lets libpwmd keep track of the pointer.
1089 * \param ptr The pointer to reallocate.
1090 * \param size The new number of bytes to allocate.
1091 * \return A newly allocated pointer or NULL if there wasn't enough memory.
1092 * \see realloc(3), pwmd_free()
1094 LIBPWMD_API
void *pwmd_realloc (void *ptr
, size_t size
);
1097 /*! \brief A wrapper around strdup().
1099 * Like strdup(), but lets libpwmd keep track of the pointer.
1101 * \param str The string to duplicate.
1102 * \return A newly allocated character pointer or NULL if there wasn't
1104 * \see strdup(3), pwmd_free()
1106 LIBPWMD_API
char *pwmd_strdup (const char *str
);
1109 /*! \brief Duplicate a formatted string.
1111 * Like \ref asprintf(3), but lets libpwmd keep track of the pointer.
1113 * \param fmt The formatted string and any following arguments.
1114 * \return A newly allocated character pointer or NULL if there wasn't
1118 LIBPWMD_API
char *pwmd_strdup_printf (const char *fmt
, ...);