1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2006-2009 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
26 #include <sys/socket.h>
35 #include <sys/types.h>
37 #include <sys/select.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
52 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
54 #include <arpa/nameser.h>
66 #define N_(msgid) dgettext("libpwmd", msgid)
71 static char *_getpwuid(struct passwd
*pwd
)
73 size_t size
= sysconf(_SC_GETPW_R_SIZE_MAX
);
74 struct passwd
*result
;
81 buf
= pwmd_malloc(size
);
86 n
= getpwuid_r(getuid(), pwd
, buf
, size
, &result
);
103 static const char *_pwmd_strerror(gpg_error_t e
)
105 gpg_err_code_t code
= gpg_err_code(e
);
107 if (code
>= GPG_ERR_USER_1
&& code
< gpg_err_code(EPWMD_MAX
)) {
112 return N_("Unknown error");
114 return N_("No cache slots available");
116 return N_("Recursion loop");
118 return N_("No file is open");
120 return N_("General LibXML error");
122 return N_("File modified");
129 const char *pwmd_strerror(gpg_error_t code
)
131 const char *p
= _pwmd_strerror(code
);
133 return p
? p
: gpg_strerror(code
);
136 int pwmd_strerror_r(gpg_error_t code
, char *buf
, size_t size
)
138 const char *p
= _pwmd_strerror(code
);
141 snprintf(buf
, size
, "%s", p
);
143 if (strlen(p
) > size
)
149 return gpg_strerror_r(code
, buf
, size
);
152 gpg_error_t
pwmd_init()
154 static int initialized
;
163 bindtextdomain("libpwmd", LOCALEDIR
);
166 assuan_set_malloc_hooks(pwmd_malloc
, pwmd_realloc
, pwmd_free
);
167 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT
);
172 static gpg_error_t
_socket_connect_finalize(pwm_t
*pwm
)
175 int n
= assuan_get_active_fds(pwm
->ctx
, 0, active
, N_ARRAY(active
));
180 return GPG_ERR_EBADFD
;
186 assuan_set_pointer(pwm
->ctx
, pwm
);
189 // Until X11 forwarding is supported, disable the remote pwmd pinentry.
191 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
199 rc
= pwmd_command(pwm
, NULL
, "OPTION CLIENT NAME=%s", pwm
->name
);
205 rc
= pwmd_command(pwm
, &result
, "VERSION");
207 if (rc
&& rc
!= GPG_ERR_ASS_UNKNOWN_CMD
)
211 pwm
->version
= PWMD_V1
;
213 pwm
->version
= PWMD_V2
;
220 static int read_hook(assuan_context_t ctx
, assuan_fd_t fd
, void *data
,
221 size_t len
, ssize_t
*ret
)
223 pwm_t
*pwm
= assuan_get_pointer(ctx
);
225 if (!pwm
|| !pwm
->tcp_conn
)
227 *ret
= pth_read((int)fd
, data
, len
);
229 *ret
= read((int)fd
, data
, len
);
232 *ret
= libssh2_channel_read(pwm
->tcp_conn
->channel
, data
, len
);
234 return *ret
>= 0 ? 1 : 0;
237 static int write_hook(assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
238 size_t len
, ssize_t
*ret
)
240 pwm_t
*pwm
= assuan_get_pointer(ctx
);
242 if (!pwm
|| !pwm
->tcp_conn
)
244 *ret
= pth_write((int)fd
, data
, len
);
246 *ret
= write((int)fd
, data
, len
);
249 *ret
= libssh2_channel_write(pwm
->tcp_conn
->channel
, data
, len
);
251 return *ret
>= 0 ? 1 : 0;
254 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
);
255 static void free_tcp_conn(pwmd_tcp_conn_t
*conn
)
260 if (conn
->username
) {
261 pwmd_free(conn
->username
);
262 conn
->username
= NULL
;
265 if (conn
->known_hosts
) {
266 pwmd_free(conn
->known_hosts
);
267 conn
->known_hosts
= NULL
;
270 if (conn
->identity
) {
271 pwmd_free(conn
->identity
);
272 conn
->identity
= NULL
;
275 if (conn
->identity_pub
) {
276 pwmd_free(conn
->identity_pub
);
277 conn
->identity_pub
= NULL
;
281 pwmd_free(conn
->host
);
286 pwmd_free(conn
->hostkey
);
287 conn
->hostkey
= NULL
;
291 ares_destroy(conn
->chan
);
296 ares_free_hostent(conn
->he
);
311 static void _ssh_deinit(pwmd_tcp_conn_t
*conn
)
317 libssh2_channel_free(conn
->channel
);
320 libssh2_session_disconnect(conn
->session
, "Bye!");
321 libssh2_session_free(conn
->session
);
324 conn
->session
= NULL
;
325 conn
->channel
= NULL
;
329 static void _ssh_assuan_deinit(assuan_context_t ctx
)
331 pwm_t
*pwm
= assuan_get_pointer(ctx
);
334 pwm
->tcp_conn
->fd
= -1;
335 _ssh_deinit(pwm
->tcp_conn
);
336 pwm
->tcp_conn
= NULL
;
341 * Sets common options from both pwmd_ssh_connect() and
342 * pwmd_ssh_connect_async().
344 static gpg_error_t
init_tcp_conn(pwmd_tcp_conn_t
**dst
, const char *host
,
345 int port
, const char *identity
, const char *user
,
346 const char *known_hosts
, int get
)
348 pwmd_tcp_conn_t
*conn
;
354 return GPG_ERR_INV_ARG
;
357 if (!host
|| !*host
|| !identity
|| !*identity
|| !known_hosts
||
359 return GPG_ERR_INV_ARG
;
362 conn
= pwmd_calloc(1, sizeof(pwmd_tcp_conn_t
));
365 return gpg_error_from_errno(ENOMEM
);
367 conn
->port
= port
== -1 ? 22 : port
;
368 conn
->host
= pwmd_strdup(host
);
371 rc
= gpg_error_from_errno(ENOMEM
);
378 pwbuf
= _getpwuid(&pw
);
381 rc
= gpg_error_from_errno(errno
);
385 conn
->username
= pwmd_strdup(user
? user
: pw
.pw_name
);
387 if (!conn
->username
) {
388 rc
= gpg_error_from_errno(ENOMEM
);
392 conn
->identity
= expand_homedir((char *)identity
, &pw
);
394 if (!conn
->identity
) {
395 rc
= gpg_error_from_errno(ENOMEM
);
399 conn
->identity_pub
= pwmd_malloc(strlen(conn
->identity
)+5);
401 if (!conn
->identity_pub
) {
402 rc
= gpg_error_from_errno(ENOMEM
);
406 sprintf(conn
->identity_pub
, "%s.pub", conn
->identity
);
407 conn
->known_hosts
= expand_homedir((char *)known_hosts
, &pw
);
409 if (!conn
->known_hosts
) {
410 rc
= gpg_error_from_errno(ENOMEM
);
428 static gpg_error_t
do_connect(pwm_t
*pwm
, int prot
, void *addr
)
430 struct sockaddr_in their_addr
;
432 pwm
->tcp_conn
->fd
= socket(prot
, SOCK_STREAM
, 0);
434 if (pwm
->tcp_conn
->fd
== -1)
435 return gpg_error_from_syserror();
437 if (pwm
->tcp_conn
->async
)
438 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, O_NONBLOCK
);
440 pwm
->cmd
= ASYNC_CMD_CONNECT
;
441 their_addr
.sin_family
= prot
;
442 their_addr
.sin_port
= htons(pwm
->tcp_conn
->port
);
443 their_addr
.sin_addr
= *((struct in_addr
*)addr
);
444 memset(their_addr
.sin_zero
, '\0', sizeof their_addr
.sin_zero
);
447 if (pth_connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
448 sizeof(their_addr
)) == -1)
450 if (connect(pwm
->tcp_conn
->fd
, (struct sockaddr
*)&their_addr
,
451 sizeof(their_addr
)) == -1)
453 return gpg_error_from_syserror();
458 static gpg_error_t
ares_error_to_pwmd(int status
)
460 if (status
!= ARES_SUCCESS
)
461 warnx("%s", ares_strerror(status
));
467 return GPG_ERR_UNKNOWN_HOST
;
469 return GPG_ERR_EHOSTDOWN
;
471 return GPG_ERR_TIMEOUT
;
473 return gpg_error_from_errno(ENOMEM
);
474 case ARES_ECONNREFUSED
:
475 return GPG_ERR_ECONNREFUSED
;
478 return GPG_ERR_EHOSTUNREACH
;
484 static void dns_resolve_cb(void *arg
, int status
, int timeouts
,
485 unsigned char *abuf
, int alen
)
491 if (status
== ARES_EDESTRUCTION
)
494 if (status
!= ARES_SUCCESS
) {
495 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
499 /* Check for an IPv6 address first. */
500 if (pwm
->prot
== PWMD_IP_ANY
|| pwm
->prot
== PWMD_IPV6
)
501 rc
= ares_parse_aaaa_reply(abuf
, alen
, &he
, NULL
, NULL
);
503 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
505 if (rc
!= ARES_SUCCESS
) {
506 if (pwm
->prot
!= PWMD_IP_ANY
|| rc
!= ARES_ENODATA
) {
507 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
511 rc
= ares_parse_a_reply(abuf
, alen
, &he
, NULL
, NULL
);
513 if (rc
!= ARES_SUCCESS
) {
514 pwm
->tcp_conn
->rc
= ares_error_to_pwmd(status
);
519 pwm
->tcp_conn
->he
= he
;
520 pwm
->tcp_conn
->rc
= do_connect(pwm
, he
->h_addrtype
, he
->h_addr
);
523 static gpg_error_t
_do_pwmd_tcp_connect_async(pwm_t
*pwm
, const char *host
,
524 int port
, const char *identity
, const char *user
,
525 const char *known_hosts
, pwmd_async_cmd_t which
)
527 pwmd_tcp_conn_t
*conn
;
531 return GPG_ERR_INV_ARG
;
533 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
,
534 which
== ASYNC_CMD_HOSTKEY
? 1 : 0);
540 pwm
->tcp_conn
= conn
;
541 pwm
->tcp_conn
->cmd
= which
;
543 if (pwm
->tcp_conn
->cmd
== ASYNC_CMD_HOSTKEY
)
544 pwm
->tcp_conn
->get_only
= 1;
546 pwm
->cmd
= ASYNC_CMD_DNS
;
547 pwm
->state
= ASYNC_PROCESS
;
548 ares_init(&pwm
->tcp_conn
->chan
);
549 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
550 dns_resolve_cb
, pwm
);
554 gpg_error_t
pwmd_ssh_connect_async(pwm_t
*pwm
, const char *host
, int port
,
555 const char *identity
, const char *user
, const char *known_hosts
)
557 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, identity
, user
,
558 known_hosts
, ASYNC_CMD_CONNECT
);
561 static void *_ssh_malloc(size_t size
, void **data
)
563 return pwmd_malloc(size
);
566 static void _ssh_free(void *ptr
, void **data
)
571 static void *_ssh_realloc(void *ptr
, size_t size
, void **data
)
573 return pwmd_realloc(ptr
, size
);
576 static char *to_hex(const char *str
, size_t slen
)
579 char *buf
= pwmd_malloc(slen
*2+1);
584 for (i
= 0, buf
[0] = 0; i
< slen
; i
++) {
587 sprintf(tmp
, "%02x", (unsigned char)str
[i
]);
594 static int verify_host_key(pwm_t
*pwm
)
596 FILE *fp
= fopen(pwm
->tcp_conn
->known_hosts
, "r");
602 buf
= pwmd_malloc(LINE_MAX
);
607 while ((p
= fgets(buf
, LINE_MAX
, fp
))) {
608 if (*p
== '#' || isspace(*p
))
611 if (p
[strlen(p
)-1] == '\n')
614 if (!strcmp(buf
, pwm
->tcp_conn
->hostkey
))
631 static gpg_error_t
authenticate_ssh(pwm_t
*pwm
)
633 const char *fp
= libssh2_hostkey_hash(pwm
->tcp_conn
->session
,
634 LIBSSH2_HOSTKEY_HASH_SHA1
);
637 pwm
->tcp_conn
->hostkey
= to_hex(fp
, 20);
639 if (!pwm
->tcp_conn
->hostkey
)
640 return gpg_error_from_errno(ENOMEM
);
642 if (pwm
->tcp_conn
->get_only
)
645 if (!fp
|| verify_host_key(pwm
))
646 return GPG_ERR_BAD_CERT
;
648 userauth
= libssh2_userauth_list(pwm
->tcp_conn
->session
,
649 pwm
->tcp_conn
->username
, strlen(pwm
->tcp_conn
->username
));
651 if (!userauth
|| !strstr(userauth
, "publickey"))
652 return GPG_ERR_BAD_PIN_METHOD
;
654 if (libssh2_userauth_publickey_fromfile(pwm
->tcp_conn
->session
,
655 pwm
->tcp_conn
->username
, pwm
->tcp_conn
->identity_pub
,
656 pwm
->tcp_conn
->identity
, NULL
))
657 return GPG_ERR_BAD_SECKEY
;
662 static gpg_error_t
setup_tcp_session(pwm_t
*pwm
)
664 assuan_context_t ctx
;
665 struct assuan_io_hooks io_hooks
= {read_hook
, write_hook
};
668 pwm
->tcp_conn
->session
= libssh2_session_init_ex(_ssh_malloc
, _ssh_free
,
671 if (!pwm
->tcp_conn
->session
) {
672 rc
= gpg_error_from_errno(ENOMEM
);
676 if (libssh2_session_startup(pwm
->tcp_conn
->session
, pwm
->tcp_conn
->fd
)) {
677 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
681 rc
= authenticate_ssh(pwm
);
686 /* pwmd_get_hostkey(). */
687 if (pwm
->tcp_conn
->get_only
) {
688 pwm
->result
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
691 rc
= gpg_error_from_errno(ENOMEM
);
698 pwm
->tcp_conn
->channel
= libssh2_channel_open_session(pwm
->tcp_conn
->session
);
700 if (!pwm
->tcp_conn
->channel
) {
701 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
705 if (libssh2_channel_shell(pwm
->tcp_conn
->channel
)) {
706 rc
= GPG_ERR_ASSUAN_SERVER_FAULT
;
710 assuan_set_io_hooks(&io_hooks
);
711 rc
= assuan_socket_connect_fd(&ctx
, pwm
->tcp_conn
->fd
, 0, pwm
);
716 assuan_set_finish_handler(ctx
, _ssh_assuan_deinit
);
718 rc
= _socket_connect_finalize(pwm
);
726 free_tcp_conn(pwm
->tcp_conn
);
727 pwm
->tcp_conn
= NULL
;
731 static gpg_error_t
_do_pwmd_tcp_connect(pwm_t
*pwm
, const char *host
, int port
,
732 const char *identity
, const char *user
, const char *known_hosts
, int get
)
734 pwmd_tcp_conn_t
*conn
;
738 return GPG_ERR_INV_ARG
;
740 rc
= init_tcp_conn(&conn
, host
, port
, identity
, user
, known_hosts
, get
);
745 pwm
->tcp_conn
= conn
;
746 pwm
->tcp_conn
->get_only
= get
;
747 pwm
->cmd
= ASYNC_CMD_DNS
;
748 ares_init(&pwm
->tcp_conn
->chan
);
749 ares_query(pwm
->tcp_conn
->chan
, pwm
->tcp_conn
->host
, ns_c_any
, ns_t_any
,
750 dns_resolve_cb
, pwm
);
752 /* dns_resolve_cb() may have already been called. */
753 if (pwm
->tcp_conn
->rc
) {
754 rc
= pwm
->tcp_conn
->rc
;
759 * Fake a blocking DNS lookup. libcares does a better job than
769 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
770 ares_timeout(pwm
->tcp_conn
->chan
, NULL
, &tv
);
772 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
774 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
778 rc
= gpg_error_from_syserror();
782 rc
= GPG_ERR_TIMEOUT
;
786 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
788 if (pwm
->tcp_conn
->rc
)
790 } while (pwm
->cmd
== ASYNC_CMD_DNS
);
792 if (pwm
->tcp_conn
->rc
) {
793 rc
= pwm
->tcp_conn
->rc
;
797 return setup_tcp_session(pwm
);
803 gpg_error_t
pwmd_ssh_connect(pwm_t
*pwm
, const char *host
, int port
,
804 const char *identity
, const char *user
, const char *known_hosts
)
806 return _do_pwmd_tcp_connect(pwm
, host
, port
, identity
, user
, known_hosts
, 0);
809 gpg_error_t
pwmd_get_hostkey(pwm_t
*pwm
, const char *host
, int port
,
815 rc
= _do_pwmd_tcp_connect(pwm
, host
, port
, NULL
, NULL
, NULL
, 1);
820 hostkey
= pwmd_strdup(pwm
->tcp_conn
->hostkey
);
823 rc
= gpg_error_from_errno(ENOMEM
);
829 gpg_error_t
pwmd_get_hostkey_async(pwm_t
*pwm
, const char *host
, int port
)
831 return _do_pwmd_tcp_connect_async(pwm
, host
, port
, NULL
, NULL
, NULL
,
836 * ssh://[username@]hostname[:port],identity,known_hosts
838 * Any missing parameters are checked for in init_tcp_conn().
840 static int parse_ssh_url(char *str
, char **host
, int *port
, char **user
,
841 char **identity
, char **known_hosts
)
847 *host
= *user
= *identity
= *known_hosts
= NULL
;
849 p
= strrchr(str
, '@');
852 len
= strlen(str
)-strlen(p
)+1;
853 *user
= pwmd_malloc(len
);
854 snprintf(*user
, len
, "%s", str
);
863 len
= strlen(p
)-strlen(t
)+1;
864 *host
= pwmd_malloc(len
);
865 snprintf(*host
, len
, "%s", p
);
869 while (*t
&& isdigit(*t
))
881 len
= strlen(p
)-strlen(t
)+1;
882 *host
= pwmd_malloc(len
);
883 snprintf(*host
, len
, "%s", p
);
890 len
= strlen(t
)-strlen(t2
)+1;
894 *identity
= pwmd_malloc(len
);
895 snprintf(*identity
, len
, "%s", t
);
901 *known_hosts
= pwmd_malloc(len
);
902 snprintf(*known_hosts
, len
, "%s", t2
);
908 *host
= pwmd_malloc(len
);
909 snprintf(*host
, len
, "%s", p
);
917 static gpg_error_t
_pwmd_connect_url(pwm_t
*pwm
, const char *url
, int async
)
919 char *p
= (char *)url
;
923 return GPG_ERR_INV_ARG
;
925 if (!strncmp(p
, "socket://", 9)) {
927 rc
= pwmd_connect(pwm
, p
);
928 pwm
->state
= ASYNC_DONE
;
931 else if (!strncmp(p
, "ssh://", 6) || !strncmp(p
, "ssh6://", 7) ||
932 !strncmp(p
, "ssh4://", 7)) {
934 return GPG_ERR_NOT_IMPLEMENTED
;
938 char *identity
= NULL
;
939 char *known_hosts
= NULL
;
940 char *username
= NULL
;
942 if (!strncmp(p
, "ssh6://", 7)) {
943 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV6
);
946 else if (!strncmp(p
, "ssh4://", 7)) {
947 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IPV4
);
951 rc
= pwmd_setopt(pwm
, PWMD_OPTION_IP_VERSION
, PWMD_IP_ANY
);
958 rc
= parse_ssh_url(p
, &host
, &port
, &username
, &identity
,
965 rc
= pwmd_ssh_connect_async(pwm
, host
, port
, identity
, username
,
968 rc
= pwmd_ssh_connect(pwm
, host
, port
, identity
, username
,
981 pwmd_free(known_hosts
);
987 return GPG_ERR_UNSUPPORTED_PROTOCOL
;
990 gpg_error_t
pwmd_connect_url(pwm_t
*pwm
, const char *url
)
992 return _pwmd_connect_url(pwm
, url
, 0);
995 gpg_error_t
pwmd_connect_url_async(pwm_t
*pwm
, const char *url
)
997 return _pwmd_connect_url(pwm
, url
, 1);
1000 static char *expand_homedir(char *str
, struct passwd
*pw
)
1006 if (*p
!= '~' || *(p
+1) != '/')
1007 return pwmd_strdup(p
);
1012 pwbuf
= _getpwuid(&t
);
1021 result
= pwmd_strdup_printf("%s/%s", pw
->pw_dir
, p
);
1029 gpg_error_t
pwmd_connect(pwm_t
*pwm
, const char *path
)
1031 char *socketpath
= NULL
;
1032 assuan_context_t ctx
;
1038 return GPG_ERR_INV_ARG
;
1040 pwbuf
= _getpwuid(&pw
);
1043 return gpg_error_from_errno(errno
);
1045 if (!path
|| !*path
) {
1046 socketpath
= (char *)pwmd_malloc(strlen(pw
.pw_dir
) + strlen("/.pwmd/socket") + 1);
1047 sprintf(socketpath
, "%s/.pwmd/socket", pw
.pw_dir
);
1050 socketpath
= expand_homedir((char *)path
, &pw
);
1054 return gpg_error_from_errno(ENOMEM
);
1059 rc
= assuan_socket_connect_ext(&ctx
, socketpath
, -1, 0);
1060 pwmd_free(socketpath
);
1066 return _socket_connect_finalize(pwm
);
1069 void pwmd_close(pwm_t
*pwm
)
1075 assuan_disconnect(pwm
->ctx
);
1078 pwmd_free(pwm
->password
);
1081 pwmd_free(pwm
->title
);
1084 pwmd_free(pwm
->desc
);
1087 pwmd_free(pwm
->prompt
);
1089 if (pwm
->pinentry_tty
)
1090 pwmd_free(pwm
->pinentry_tty
);
1092 if (pwm
->pinentry_display
)
1093 pwmd_free(pwm
->pinentry_display
);
1095 if (pwm
->pinentry_term
)
1096 pwmd_free(pwm
->pinentry_term
);
1099 pwmd_free(pwm
->lcctype
);
1101 if (pwm
->lcmessages
)
1102 pwmd_free(pwm
->lcmessages
);
1105 pwmd_free(pwm
->filename
);
1108 pwmd_free(pwm
->name
);
1112 free_tcp_conn(pwm
->tcp_conn
);
1118 static int mem_realloc_cb(void *data
, const void *buffer
, size_t len
)
1120 membuf_t
*mem
= (membuf_t
*)data
;
1126 if ((p
= pwmd_realloc(mem
->buf
, mem
->len
+ len
)) == NULL
)
1130 memcpy((char *)mem
->buf
+ mem
->len
, buffer
, len
);
1135 static int _inquire_cb(void *data
, const char *keyword
)
1137 pwm_t
*pwm
= (pwm_t
*)data
;
1139 int flags
= fcntl(pwm
->fd
, F_GETFL
);
1141 /* Shouldn't get this far without a callback. */
1142 if (!pwm
->inquire_func
)
1143 return GPG_ERR_INV_ARG
;
1146 * Since the socket file descriptor is probably set to non-blocking, set to
1147 * blocking to prevent GPG_ERR_EAGAIN errors. This should be fixed when
1148 * asynchronous INQUIRE is supported by either libassuan or a later
1151 fcntl(pwm
->fd
, F_SETFL
, 0);
1154 char *result
= NULL
;
1158 rc
= pwm
->inquire_func(pwm
->inquire_data
, keyword
, rc
, &result
, &len
);
1159 rc
= gpg_err_code(rc
);
1161 if (rc
== GPG_ERR_EOF
|| !rc
) {
1162 if (len
<= 0 || !result
) {
1167 arc
= assuan_send_data(pwm
->ctx
, result
, len
);
1169 if (rc
== GPG_ERR_EOF
) {
1180 fcntl(pwm
->fd
, F_SETFL
, flags
);
1184 static gpg_error_t
do_nb_command(pwm_t
*pwm
, const char *cmd
, ...)
1190 if (pwm
->state
== ASYNC_DONE
)
1191 pwm
->state
= ASYNC_INIT
;
1193 if (pwm
->state
!= ASYNC_INIT
)
1194 return GPG_ERR_INV_STATE
;
1196 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1199 return gpg_error_from_errno(ENOMEM
);
1202 vsnprintf(buf
, ASSUAN_LINELENGTH
, cmd
, ap
);
1204 rc
= assuan_write_line(pwm
->ctx
, buf
);
1208 pwm
->state
= ASYNC_PROCESS
;
1213 gpg_error_t
pwmd_open_async(pwm_t
*pwm
, const char *filename
)
1215 if (!pwm
|| !filename
)
1216 return GPG_ERR_INV_ARG
;
1219 return GPG_ERR_INV_STATE
;
1221 if (pwm
->cmd
!= ASYNC_CMD_OPEN
) {
1227 pwmd_free(pwm
->filename
);
1229 pwm
->filename
= pwmd_strdup(filename
);
1231 rc
= send_pinentry_options(pwm
);
1237 pwm
->cmd
= ASYNC_CMD_OPEN
;
1238 return do_nb_command(pwm
, "OPEN %s %s", filename
,
1239 pwm
->password
? pwm
->password
: "");
1242 gpg_error_t
pwmd_save_async(pwm_t
*pwm
)
1247 return GPG_ERR_INV_ARG
;
1250 return GPG_ERR_INV_STATE
;
1252 rc
= send_pinentry_options(pwm
);
1257 pwm
->cmd
= ASYNC_CMD_SAVE
;
1258 return do_nb_command(pwm
, "SAVE %s", pwm
->password
? pwm
->password
: "");
1261 static gpg_error_t
parse_assuan_line(pwm_t
*pwm
)
1267 rc
= assuan_read_line(pwm
->ctx
, &line
, &len
);
1270 if (line
[0] == 'O' && line
[1] == 'K' &&
1271 (line
[2] == 0 || line
[2] == ' ')) {
1272 pwm
->state
= ASYNC_DONE
;
1274 else if (line
[0] == '#') {
1276 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' ')) {
1277 if (pwm
->status_func
) {
1278 pwm
->status_func(pwm
->status_data
,
1279 line
[1] == 0 ? line
+1 : line
+2);
1282 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
1283 (line
[3] == 0 || line
[3] == ' ')) {
1286 pwm
->state
= ASYNC_DONE
;
1293 gpg_error_t
pwmd_pending_line(pwm_t
*pwm
)
1296 return GPG_ERR_INV_ARG
;
1299 return GPG_ERR_INV_STATE
;
1301 return assuan_pending_line(pwm
->ctx
) ? 0 : GPG_ERR_NO_DATA
;
1304 static pwmd_async_t
reset_async(pwm_t
*pwm
, int done
)
1306 pwm
->state
= ASYNC_INIT
;
1307 pwm
->cmd
= ASYNC_CMD_NONE
;
1309 #ifdef WITH_PINENTRY
1310 if (pwm
->nb_fd
!= -1) {
1316 if (done
&& pwm
->tcp_conn
) {
1317 free_tcp_conn(pwm
->tcp_conn
);
1318 pwm
->tcp_conn
= NULL
;
1325 pwmd_async_t
pwmd_process(pwm_t
*pwm
, gpg_error_t
*rc
, char **result
)
1329 struct timeval tv
= {0, 0};
1335 return GPG_ERR_INV_ARG
;
1340 *rc
= GPG_ERR_INV_ARG
;
1343 else if (!pwm
->ctx
) {
1346 *rc
= GPG_ERR_INV_STATE
;
1350 case ASYNC_CMD_CONNECT
:
1351 case ASYNC_CMD_HOSTKEY
:
1357 /* When not in a command, this will let libassuan process status messages
1358 * by calling PWMD_OPTION_STATUS_FUNC. The client can poll the file
1359 * descriptor returned by pwmd_get_fd() to determine when this should be
1360 * called or call pwmd_pending_line() to determine whether a buffered line
1361 * needs to be processed. */
1362 if (pwm
->cmd
== ASYNC_CMD_NONE
) {
1363 *rc
= assuan_command(pwm
, pwm
->ctx
, NULL
, "NOP");
1367 /* Fixes pwmd_open/save_async2() when there is a cached or new file. */
1368 if (pwm
->state
== ASYNC_DONE
) {
1369 reset_async(pwm
, 0);
1373 if (pwm
->state
!= ASYNC_PROCESS
) {
1374 *rc
= GPG_ERR_INV_STATE
;
1379 if (pwm
->cmd
== ASYNC_CMD_DNS
) {
1382 if (pwm
->tcp_conn
->rc
) {
1383 *rc
= pwm
->tcp_conn
->rc
;
1384 reset_async(pwm
, 1);
1390 n
= ares_fds(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1392 /* Shouldn't happen. */
1397 n
= pth_select(n
, &rfds
, &wfds
, NULL
, &tv
);
1399 n
= select(n
, &rfds
, &wfds
, NULL
, &tv
);
1403 ares_process(pwm
->tcp_conn
->chan
, &rfds
, &wfds
);
1407 else if (pwm
->cmd
== ASYNC_CMD_CONNECT
) {
1408 if (pwm
->tcp_conn
->rc
== GPG_ERR_EINPROGRESS
) {
1410 socklen_t len
= sizeof(int);
1413 FD_SET(pwm
->tcp_conn
->fd
, &fds
);
1415 n
= pth_select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1417 n
= select(pwm
->tcp_conn
->fd
+1, NULL
, &fds
, NULL
, &tv
);
1420 if (!n
|| !FD_ISSET(pwm
->tcp_conn
->fd
, &fds
))
1423 *rc
= gpg_error_from_syserror();
1424 reset_async(pwm
, 1);
1428 ret
= getsockopt(pwm
->tcp_conn
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
1431 *rc
= ret
? gpg_error_from_syserror() : gpg_error_from_errno(n
);
1432 reset_async(pwm
, 1);
1436 else if (pwm
->tcp_conn
->rc
) {
1437 *rc
= pwm
->tcp_conn
->rc
;
1438 reset_async(pwm
, 1);
1442 fcntl(pwm
->tcp_conn
->fd
, F_SETFL
, 0);
1443 *rc
= setup_tcp_session(pwm
);
1446 switch (pwm
->tcp_conn
->cmd
) {
1447 case ASYNC_CMD_HOSTKEY
:
1449 *result
= pwm
->result
;
1456 return reset_async(pwm
, *rc
? 1 : 0);
1460 #ifdef WITH_PINENTRY
1461 if (pwm
->cmd
== ASYNC_CMD_OPEN2
|| pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1464 if (pwm
->nb_fd
== -1) {
1465 *rc
= GPG_ERR_INV_STATE
;
1466 return reset_async(pwm
, 0);
1470 FD_SET(pwm
->nb_fd
, &fds
);
1471 FD_SET(pwm
->fd
, &fds
);
1473 n
= pth_select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1475 n
= select(pwm
->nb_fd
+1, &fds
, NULL
, NULL
, &tv
);
1478 *rc
= gpg_error_from_syserror();
1479 return reset_async(pwm
, 0);
1482 if (n
> 0 && FD_ISSET(pwm
->nb_fd
, &fds
)) {
1483 pwmd_nb_status_t nb
;
1485 size_t len
= pth_read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1487 size_t len
= read(pwm
->nb_fd
, &nb
, sizeof(nb
));
1489 waitpid(pwm
->nb_pid
, &status
, WNOHANG
);
1491 if (len
!= sizeof(nb
)) {
1492 *rc
= gpg_error_from_syserror();
1493 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1498 if (*rc
== GPG_ERR_INV_PASSPHRASE
&& pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1499 reset_async(pwm
, 0);
1500 *rc
= pwmd_save_async2(pwm
);
1501 return ASYNC_PROCESS
;
1504 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN2
? 1 : 0);
1506 if (pwm
->cmd
== ASYNC_CMD_SAVE2
) {
1507 *rc
= do_save_command(pwm
, nb
.password
);
1508 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1509 return reset_async(pwm
, 0);
1512 if (pwm
->cmd
== ASYNC_CMD_OPEN2
) {
1513 *rc
= do_open_command(pwm
, pwm
->filename
, nb
.password
);
1514 memset(&nb
, 0, sizeof(pwmd_nb_status_t
));
1516 if (*rc
== GPG_ERR_INV_PASSPHRASE
) {
1517 if (++pwm
->pin_try
< pwm
->pinentry_tries
) {
1518 int n
= pwm
->pin_try
;
1520 reset_async(pwm
, 0);
1522 pwm
->cmd
= ASYNC_CMD_OPEN2
;
1523 *rc
= pwmd_open_async2(pwm
, pwm
->filename
);
1526 return reset_async(pwm
, 1);
1532 return reset_async(pwm
, *rc
? 1 : 0);
1536 /* Fall through so status messages can be processed during the
1542 *rc
= GPG_ERR_INV_STATE
;
1543 return reset_async(pwm
, 0);
1546 /* This is for the non-blocking OPEN and SAVE commands. */
1548 FD_SET(pwm
->fd
, &fds
);
1550 n
= pth_select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1552 n
= select(pwm
->fd
+1, &fds
, NULL
, NULL
, &tv
);
1556 *rc
= gpg_error_from_syserror();
1557 return reset_async(pwm
, 0);
1561 if (FD_ISSET(pwm
->fd
, &fds
))
1562 *rc
= parse_assuan_line(pwm
);
1565 while (!*rc
&& assuan_pending_line(pwm
->ctx
))
1566 *rc
= parse_assuan_line(pwm
);
1568 /* For pinentry retries. */
1569 if (!pwm
->tcp_conn
&& pwm
->cmd
== ASYNC_CMD_OPEN
&&
1570 gpg_err_code(*rc
) == GPG_ERR_INV_PASSPHRASE
&&
1571 ++pwm
->pin_try
< pwm
->pinentry_tries
) {
1572 pwm
->state
= ASYNC_INIT
;
1573 *rc
= pwmd_open_async(pwm
, pwm
->filename
);
1577 return reset_async(pwm
, pwm
->cmd
== ASYNC_CMD_OPEN
? 1 : 0);
1579 if (pwm
->state
== ASYNC_DONE
) {
1580 reset_async(pwm
, 0);
1587 static gpg_error_t
assuan_command(pwm_t
*pwm
, assuan_context_t ctx
,
1588 char **result
, const char *cmd
)
1596 rc
= assuan_transact(ctx
, cmd
, mem_realloc_cb
, &data
, _inquire_cb
, pwm
,
1597 pwm
->status_func
, pwm
->status_data
);
1601 pwmd_free(data
.buf
);
1607 mem_realloc_cb(&data
, "", 1);
1610 pwmd_free(data
.buf
);
1611 rc
= GPG_ERR_INV_ARG
;
1614 *result
= (char *)data
.buf
;
1618 return gpg_err_code(rc
);
1621 gpg_error_t
pwmd_inquire(pwm_t
*pwm
, const char *cmd
, pwmd_inquire_cb_t fn
,
1624 if (!pwm
|| !cmd
|| !fn
)
1625 return GPG_ERR_INV_ARG
;
1628 return GPG_ERR_INV_STATE
;
1630 pwm
->inquire_func
= fn
;
1631 pwm
->inquire_data
= data
;
1632 return assuan_command(pwm
, pwm
->ctx
, NULL
, cmd
);
1635 #ifdef WITH_PINENTRY
1636 static gpg_error_t
terminate_pinentry(pwm_t
*pwm
)
1638 pid_t pid
= pwm
->pid
;
1642 if (!pwm
|| pid
== -1)
1643 return GPG_ERR_INV_ARG
;
1645 if (kill(pid
, 0) == 0) {
1646 if (kill(pid
, SIGTERM
) == -1) {
1647 if (kill(pid
, SIGKILL
) == -1)
1648 return gpg_error_from_errno(errno
);
1652 return gpg_error_from_errno(errno
);
1657 static gpg_error_t
set_pinentry_strings(pwm_t
*pwm
, int which
)
1662 tmp
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
1665 return gpg_error_from_errno(ENOMEM
);
1668 pwm
->title
= pwmd_strdup_printf(N_("Password Manager Daemon: %s"),
1669 pwm
->name
? pwm
->name
: "libpwmd");
1675 pwm
->prompt
= pwmd_strdup(N_("Passphrase:"));
1680 if (!pwm
->desc
&& (which
== PINENTRY_OPEN
|| which
== PINENTRY_SAVE
)) {
1681 if (which
== PINENTRY_OPEN
)
1682 desc
= pwmd_strdup_printf(N_("A passphrase is required to open the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1684 desc
= pwmd_strdup_printf(N_("A passphrase is required to save to the file \"%s\". Please%%0Aenter the passphrase below."), pwm
->filename
);
1696 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s", desc
);
1698 if (pwm
->desc
!= desc
)
1701 case PINENTRY_OPEN_FAILED
:
1702 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1703 N_("Invalid passphrase, please try again."));
1705 case PINENTRY_SAVE_CONFIRM
:
1706 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETERROR %s",
1707 N_("Please type the passphrase again for confirmation."));
1711 error
= pinentry_command(pwm
, NULL
, tmp
);
1718 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETPROMPT %s", pwm
->prompt
);
1719 error
= pinentry_command(pwm
, NULL
, tmp
);
1726 snprintf(tmp
, ASSUAN_LINELENGTH
, "SETDESC %s", pwm
->title
);
1727 error
= pinentry_command(pwm
, NULL
, tmp
);
1733 return gpg_error_from_errno(ENOMEM
);
1736 static void update_pinentry_settings(pwm_t
*pwm
)
1742 char *pwbuf
= _getpwuid(&pw
);
1747 snprintf(buf
, sizeof(buf
), "%s/.pwmd/pinentry.conf", pw
.pw_dir
);
1749 if ((fp
= fopen(buf
, "r")) == NULL
) {
1754 while ((p
= fgets(buf
, sizeof(buf
), fp
)) != NULL
) {
1755 char name
[32], val
[256];
1757 if (sscanf(p
, " %31[a-zA-Z] = %255s", name
, val
) != 2)
1760 if (strcasecmp(name
, "TTYNAME") == 0) {
1761 pwmd_free(pwm
->pinentry_tty
);
1762 pwm
->pinentry_tty
= pwmd_strdup(val
);
1764 else if (strcasecmp(name
, "TTYTYPE") == 0) {
1765 pwmd_free(pwm
->pinentry_term
);
1766 pwm
->pinentry_term
= pwmd_strdup(val
);
1768 else if (strcasecmp(name
, "DISPLAY") == 0) {
1769 pwmd_free(pwm
->pinentry_display
);
1770 pwm
->pinentry_display
= pwmd_strdup(val
);
1772 else if (strcasecmp(name
, "PATH") == 0) {
1773 pwmd_free(pwm
->pinentry_path
);
1774 pwm
->pinentry_path
= expand_homedir(val
, &pw
);
1782 static gpg_error_t
launch_pinentry(pwm_t
*pwm
)
1785 assuan_context_t ctx
;
1786 int child_list
[] = {-1};
1787 char *display
= getenv("DISPLAY");
1788 const char *argv
[10];
1789 const char **p
= argv
;
1790 int have_display
= 0;
1792 char *ttybuf
= NULL
;
1794 update_pinentry_settings(pwm
);
1796 if (pwm
->pinentry_display
|| display
)
1799 if (!pwm
->pinentry_tty
) {
1800 ttybuf
= pwmd_malloc(255);
1803 return gpg_error_from_errno(ENOMEM
);
1805 rc
= ttyname_r(STDOUT_FILENO
, ttybuf
, 255);
1809 return gpg_error_from_errno(rc
);
1815 tty
= pwm
->pinentry_tty
;
1818 if (!have_display
&& !tty
)
1819 return GPG_ERR_ENOTTY
;
1822 *p
++ = have_display
? "--display" : "--ttyname";
1823 *p
++ = have_display
? pwm
->pinentry_display
? pwm
->pinentry_display
: display
: tty
;
1826 *p
++ = "--lc-ctype";
1827 *p
++ = pwm
->lcctype
;
1830 if (pwm
->lcmessages
) {
1831 *p
++ = "--lc-messages";
1832 *p
++ = pwm
->lcmessages
;
1837 if (!have_display
) {
1839 *p
++ = pwm
->pinentry_term
? pwm
->pinentry_term
: getenv("TERM");
1843 rc
= assuan_pipe_connect(&ctx
, pwm
->pinentry_path
? pwm
->pinentry_path
: PINENTRY_PATH
, argv
, child_list
);
1851 pwm
->pid
= assuan_get_pid(ctx
);
1853 return set_pinentry_strings(pwm
, 0);
1856 static gpg_error_t
pinentry_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1861 n
= launch_pinentry(pwm
);
1867 return assuan_command(pwm
, pwm
->pctx
, result
, cmd
);
1870 static void pinentry_disconnect(pwm_t
*pwm
)
1873 assuan_disconnect(pwm
->pctx
);
1880 * Only called from a child process.
1882 static void catchsig(int sig
)
1886 if (gelapsed
++ >= gtimeout
) {
1887 terminate_pinentry(gpwm
);
1888 gerror
= GPG_ERR_TIMEOUT
;
1900 * Borrowed from libassuan.
1902 static char *percent_escape(const char *atext
)
1904 const unsigned char *s
;
1905 int len
= strlen(atext
) * 3 + 1;
1906 char *buf
= (char *)pwmd_malloc(len
), *p
= buf
;
1911 for (s
=(const unsigned char *)atext
; *s
; s
++) {
1913 sprintf (p
, "%%%02X", *s
);
1924 static gpg_error_t
send_command(pwm_t
*pwm
, char **result
, const char *cmd
)
1927 return GPG_ERR_INV_ARG
;
1929 return assuan_command(pwm
, pwm
->ctx
, result
, cmd
);
1932 gpg_error_t
pwmd_command_ap(pwm_t
*pwm
, char **result
, const char *cmd
,
1941 return GPG_ERR_INV_ARG
;
1944 return GPG_ERR_INV_STATE
;
1947 * C99 allows the dst pointer to be null which will calculate the length
1948 * of the would-be result and return it.
1951 len
= vsnprintf(NULL
, 0, cmd
, ap
)+1;
1952 buf
= (char *)pwmd_malloc(len
);
1956 return gpg_error_from_errno(ENOMEM
);
1959 len
= vsnprintf(buf
, len
, cmd
, ap2
);
1962 if (buf
[strlen(buf
)-1] == '\n')
1963 buf
[strlen(buf
)-1] = 0;
1965 if (buf
[strlen(buf
)-1] == '\r')
1966 buf
[strlen(buf
)-1] = 0;
1968 error
= send_command(pwm
, result
, buf
);
1973 gpg_error_t
pwmd_command(pwm_t
*pwm
, char **result
, const char *cmd
, ...)
1979 return GPG_ERR_INV_ARG
;
1982 return GPG_ERR_INV_STATE
;
1988 error
= pwmd_command_ap(pwm
, result
, cmd
, ap
);
1993 #ifdef WITH_PINENTRY
1994 static gpg_error_t
do_getpin(pwm_t
*pwm
, char **result
)
1997 signal(SIGALRM
, catchsig
);
2002 return pinentry_command(pwm
, result
, "GETPIN");
2005 static gpg_error_t
getpin(pwm_t
*pwm
, char **result
, int which
)
2010 rc
= set_pinentry_strings(pwm
, which
);
2013 pinentry_disconnect(pwm
);
2017 rc
= do_getpin(pwm
, result
);
2020 * Since there was input cancel any timeout setting.
2023 signal(SIGALRM
, SIG_DFL
);
2027 pinentry_disconnect(pwm
);
2029 /* This lets pwmd_open2() with PWMD_OPTION_PINENTRY_TIMEOUT work. */
2030 if (rc
== GPG_ERR_EOF
&& gerror
== GPG_ERR_TIMEOUT
)
2040 static gpg_error_t
do_open_command(pwm_t
*pwm
, const char *filename
, char *password
)
2044 char *result
= NULL
;
2046 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2049 return gpg_error_from_errno(ENOMEM
);
2051 snprintf(buf
, ASSUAN_LINELENGTH
, "OPEN %s %s", filename
,
2052 password
? password
: "");
2053 error
= send_command(pwm
, &result
, buf
);
2056 if (error
&& result
)
2062 static gpg_error_t
send_pinentry_options(pwm_t
*pwm
)
2066 if (pwm
->pinentry_path
) {
2067 rc
= pwmd_command(pwm
, NULL
, "OPTION PATH=%s", pwm
->pinentry_path
);
2073 if (pwm
->pinentry_tty
) {
2074 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYNAME=%s", pwm
->pinentry_tty
);
2080 if (pwm
->pinentry_term
) {
2081 rc
= pwmd_command(pwm
, NULL
, "OPTION TTYTYPE=%s", pwm
->pinentry_term
);
2087 if (pwm
->pinentry_display
) {
2088 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->pinentry_display
);
2095 rc
= pwmd_command(pwm
, NULL
, "OPTION TITLE=%s", pwm
->title
);
2102 rc
= pwmd_command(pwm
, NULL
, "OPTION DESC=%s", pwm
->desc
);
2109 rc
= pwmd_command(pwm
, NULL
, "OPTION PROMPT=%s", pwm
->prompt
);
2116 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_CTYPE=%s", pwm
->lcctype
);
2122 if (pwm
->lcmessages
) {
2123 rc
= pwmd_command(pwm
, NULL
, "OPTION LC_MESSAGES=%s", pwm
->lcmessages
);
2129 if (pwm
->pinentry_timeout
>= 0) {
2130 rc
= pwmd_command(pwm
, NULL
, "OPTION TIMEOUT=%i", pwm
->pinentry_timeout
);
2139 static gpg_error_t
do_pwmd_open(pwm_t
*pwm
, const char *filename
, int nb
,
2142 char *result
= NULL
;
2143 char *password
= NULL
;
2148 if (!pwm
|| !filename
|| !*filename
)
2149 return GPG_ERR_INV_ARG
;
2152 return GPG_ERR_INV_STATE
;
2154 pin_try
= pwm
->pinentry_tries
- 1;
2157 * Avoid calling pinentry if the password is cached on the server or if
2158 * this is a new file. pwmd version 2 adds a VERSION command which is
2159 * determined in _socket_connect_finalize(). If the server is version 2,
2160 * ISCACHED can determine if a file exists.
2163 if (!pwm
->tcp_conn
&& pwm
->version
== PWMD_V1
) {
2165 if (pwm
->version
== PWMD_V1
) {
2167 rc
= pwmd_command(pwm
, &result
, "GETCONFIG data_directory");
2172 path
= pwmd_strdup_printf("%s/%s", result
, filename
);
2176 return gpg_error_from_errno(ENOMEM
);
2178 if (access(path
, R_OK
) == -1) {
2179 if (errno
== ENOENT
) {
2188 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", filename
);
2190 if (gpg_err_code(rc
) == GPG_ERR_ENOENT
)
2193 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2196 if (rc
== GPG_ERR_NOT_FOUND
) {
2197 if (pwm
->password
) {
2198 password
= pwm
->password
;
2202 if (pwm
->passfunc
) {
2203 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2212 #ifdef WITH_PINENTRY
2213 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2214 rc
= pwmd_command(pwm
, NULL
, "OPTION PINENTRY=0");
2220 pwm
->filename
= pwmd_strdup(filename
);
2223 return gpg_error_from_errno(ENOMEM
);
2225 /* Get the passphrase using the LOCAL pinentry. */
2229 pwmd_nb_status_t pw
;
2232 return gpg_error_from_syserror();
2245 if (pwm
->pinentry_timeout
!= 0) {
2247 gtimeout
= abs(pwm
->pinentry_timeout
);
2251 pw
.error
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2253 if (gtimeout
&& gelapsed
>= gtimeout
)
2254 pw
.error
= GPG_ERR_TIMEOUT
;
2257 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2260 pinentry_disconnect(pwm
);
2262 pth_write(p
[1], &pw
, sizeof(pw
));
2264 write(p
[1], &pw
, sizeof(pw
));
2266 memset(&pw
, 0, sizeof(pw
));
2271 rc
= gpg_error_from_syserror();
2285 if (pwm
->pinentry_timeout
!= 0) {
2287 gtimeout
= abs(pwm
->pinentry_timeout
);
2291 rc
= getpin(pwm
, &password
, PINENTRY_OPEN
);
2293 /* Don't timeout when an invalid passphrase was entered. */
2302 pwm
->state
= ASYNC_DONE
;
2304 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2305 rc
= send_pinentry_options(pwm
);
2311 rc
= do_open_command(pwm
, filename
, password
);
2314 * Keep the user defined password set with pwmd_setopt(). The password may
2315 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
2317 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2318 pwmd_free(password
);
2320 if (rc
== GPG_ERR_INV_PASSPHRASE
&& !pwm
->tcp_conn
) {
2321 if (pin_try
-- > 0 && !nb
) {
2323 #ifdef WITH_PINENTRY
2325 rc
= getpin(pwm
, &password
, PINENTRY_OPEN_FAILED
);
2328 rc
= pwmd_command(pwm
, &result
, "OPTION TITLE=%s",
2329 N_("Invalid passphrase, please try again."));
2337 #ifdef WITH_PINENTRY
2339 pinentry_disconnect(pwm
);
2347 pwmd_free(pwm
->filename
);
2349 pwm
->filename
= pwmd_strdup(filename
);
2355 gpg_error_t
pwmd_open2(pwm_t
*pwm
, const char *filename
)
2357 #ifndef WITH_PINENTRY
2358 return GPG_ERR_NOT_IMPLEMENTED
;
2360 return do_pwmd_open(pwm
, filename
, 0, 1);
2364 gpg_error_t
pwmd_open(pwm_t
*pwm
, const char *filename
)
2366 return do_pwmd_open(pwm
, filename
, 0, 0);
2369 gpg_error_t
pwmd_open_async2(pwm_t
*pwm
, const char *filename
)
2371 #ifndef WITH_PINENTRY
2372 return GPG_ERR_NOT_IMPLEMENTED
;
2376 if (!pwm
|| !filename
)
2377 return GPG_ERR_INV_ARG
;
2380 return GPG_ERR_INV_STATE
;
2382 if (pwm
->cmd
!= ASYNC_CMD_OPEN2
)
2385 pwm
->cmd
= ASYNC_CMD_OPEN2
;
2386 pwm
->state
= ASYNC_PROCESS
;
2387 rc
= do_pwmd_open(pwm
, filename
, 1, 1);
2390 reset_async(pwm
, 1);
2396 #ifdef WITH_PINENTRY
2397 static gpg_error_t
do_save_getpin(pwm_t
*pwm
, char **password
)
2401 char *result
= NULL
;
2404 error
= getpin(pwm
, &result
, confirm
? PINENTRY_SAVE_CONFIRM
: PINENTRY_SAVE
);
2408 pinentry_disconnect(pwm
);
2411 pwmd_free(*password
);
2421 if (strcmp(*password
, result
)) {
2422 pwmd_free(*password
);
2430 pinentry_disconnect(pwm
);
2435 static gpg_error_t
do_save_command(pwm_t
*pwm
, char *password
)
2439 char *result
= NULL
;
2441 buf
= pwmd_malloc(ASSUAN_LINELENGTH
+1);
2444 return gpg_error_from_errno(ENOMEM
);
2446 snprintf(buf
, ASSUAN_LINELENGTH
, "SAVE %s", password
? password
: "");
2447 error
= send_command(pwm
, &result
, buf
);
2450 if (error
&& result
)
2456 static gpg_error_t
do_pwmd_save(pwm_t
*pwm
, int nb
, int local_pinentry
)
2458 char *result
= NULL
;
2459 char *password
= NULL
;
2463 return GPG_ERR_INV_ARG
;
2466 return GPG_ERR_INV_STATE
;
2468 rc
= pwmd_command(pwm
, &result
, "ISCACHED %s", pwm
->filename
);
2470 if (rc
&& rc
!= GPG_ERR_NOT_FOUND
)
2473 if (rc
== GPG_ERR_NOT_FOUND
) {
2474 if (pwm
->password
) {
2475 password
= pwm
->password
;
2479 if (pwm
->passfunc
) {
2480 rc
= pwm
->passfunc(pwm
->passdata
, &password
);
2489 if (rc
== GPG_ERR_NOT_FOUND
&& local_pinentry
) {
2490 #ifdef WITH_PINENTRY
2491 /* Get the password using the LOCAL pinentry. */
2495 pwmd_nb_status_t pw
;
2498 return gpg_error_from_syserror();
2511 pw
.error
= do_save_getpin(pwm
, &password
);
2512 pinentry_disconnect(pwm
);
2513 snprintf(pw
.password
, sizeof(pw
.password
), "%s",
2516 pth_write(p
[1], &pw
, sizeof(pw
));
2518 write(p
[1], &pw
, sizeof(pw
));
2520 memset(&pw
, 0, sizeof(pw
));
2525 rc
= gpg_error_from_syserror();
2539 rc
= do_save_getpin(pwm
, &password
);
2546 pwm
->state
= ASYNC_DONE
;
2549 if (!local_pinentry
&& !pwm
->tcp_conn
) {
2550 rc
= send_pinentry_options(pwm
);
2556 rc
= do_save_command(pwm
, password
);
2558 if (!pwm
->passfunc
&& password
&& password
!= pwm
->password
)
2559 pwmd_free(password
);
2564 gpg_error_t
pwmd_save_async2(pwm_t
*pwm
)
2566 #ifndef WITH_PINENTRY
2567 return GPG_ERR_NOT_IMPLEMENTED
;
2572 return GPG_ERR_INV_ARG
;
2575 return GPG_ERR_INV_STATE
;
2577 pwm
->cmd
= ASYNC_CMD_SAVE2
;
2578 pwm
->state
= ASYNC_PROCESS
;
2579 rc
= do_pwmd_save(pwm
, 1, 1);
2582 reset_async(pwm
, 0);
2588 gpg_error_t
pwmd_save2(pwm_t
*pwm
)
2590 #ifndef WITH_PINENTRY
2591 return GPG_ERR_NOT_IMPLEMENTED
;
2593 return do_pwmd_save(pwm
, 0, 1);
2597 gpg_error_t
pwmd_save(pwm_t
*pwm
)
2599 return do_pwmd_save(pwm
, 0, 0);
2602 gpg_error_t
pwmd_setopt(pwm_t
*pwm
, pwmd_option_t opt
, ...)
2605 int n
= va_arg(ap
, int);
2607 gpg_error_t error
= 0;
2610 return GPG_ERR_INV_ARG
;
2615 case PWMD_OPTION_STATUS_CB
:
2616 pwm
->status_func
= va_arg(ap
, pwmd_status_cb_t
);
2618 case PWMD_OPTION_STATUS_DATA
:
2619 pwm
->status_data
= va_arg(ap
, void *);
2621 case PWMD_OPTION_PASSPHRASE_CB
:
2622 pwm
->passfunc
= va_arg(ap
, pwmd_passphrase_cb_t
);
2624 case PWMD_OPTION_PASSPHRASE_DATA
:
2625 pwm
->passdata
= va_arg(ap
, void *);
2627 case PWMD_OPTION_PASSPHRASE
:
2628 arg1
= va_arg(ap
, char *);
2631 pwmd_free(pwm
->password
);
2633 pwm
->password
= pwmd_strdup(arg1
);
2635 case PWMD_OPTION_PINENTRY_TRIES
:
2636 n
= va_arg(ap
, int);
2640 error
= GPG_ERR_INV_VALUE
;
2643 pwm
->pinentry_tries
= n
;
2645 case PWMD_OPTION_PINENTRY_TIMEOUT
:
2646 n
= va_arg(ap
, int);
2650 error
= GPG_ERR_INV_VALUE
;
2653 pwm
->pinentry_timeout
= n
;
2655 case PWMD_OPTION_PINENTRY_PATH
:
2656 if (pwm
->pinentry_path
)
2657 pwmd_free(pwm
->pinentry_path
);
2659 pwm
->pinentry_path
= expand_homedir(va_arg(ap
, char *), NULL
);
2661 case PWMD_OPTION_PINENTRY_TTY
:
2662 if (pwm
->pinentry_tty
)
2663 pwmd_free(pwm
->pinentry_tty
);
2665 pwm
->pinentry_tty
= pwmd_strdup(va_arg(ap
, char *));
2667 case PWMD_OPTION_PINENTRY_DISPLAY
:
2668 if (pwm
->pinentry_display
)
2669 pwmd_free(pwm
->pinentry_display
);
2671 pwm
->pinentry_display
= pwmd_strdup(va_arg(ap
, char *));
2673 case PWMD_OPTION_PINENTRY_TERM
:
2674 if (pwm
->pinentry_term
)
2675 pwmd_free(pwm
->pinentry_term
);
2677 pwm
->pinentry_term
= pwmd_strdup(va_arg(ap
, char *));
2679 case PWMD_OPTION_PINENTRY_TITLE
:
2681 pwmd_free(pwm
->title
);
2683 pwm
->title
= percent_escape(va_arg(ap
, char *));
2685 case PWMD_OPTION_PINENTRY_PROMPT
:
2687 pwmd_free(pwm
->prompt
);
2689 pwm
->prompt
= percent_escape(va_arg(ap
, char *));
2691 case PWMD_OPTION_PINENTRY_DESC
:
2693 pwmd_free(pwm
->desc
);
2695 pwm
->desc
= percent_escape(va_arg(ap
, char *));
2697 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
2699 pwmd_free(pwm
->lcctype
);
2701 pwm
->lcctype
= pwmd_strdup(va_arg(ap
, char *));
2703 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
2704 if (pwm
->lcmessages
)
2705 pwmd_free(pwm
->lcmessages
);
2707 pwm
->lcmessages
= pwmd_strdup(va_arg(ap
, char *));
2710 case PWMD_OPTION_IP_VERSION
:
2711 n
= va_arg(ap
, int);
2720 error
= GPG_ERR_INV_VALUE
;
2728 error
= GPG_ERR_NOT_IMPLEMENTED
;
2736 gpg_error_t
pwmd_get_fds(pwm_t
*pwm
, pwmd_fd_t
*fds
, int *n_fds
)
2741 int afds
[ARES_GETSOCK_MAXNUM
];
2746 if (!pwm
|| !fds
|| !n_fds
|| *n_fds
<= 0)
2747 return GPG_ERR_INV_ARG
;
2751 memset(afds
, 0, sizeof(int)*ARES_GETSOCK_MAXNUM
);
2753 memset(fds
, 0, sizeof(pwmd_fd_t
)*in_total
);
2758 case ASYNC_CMD_NONE
:
2759 case ASYNC_CMD_OPEN
:
2760 case ASYNC_CMD_SAVE
:
2761 #ifdef WITH_PINENTRY
2765 return GPG_ERR_INV_STATE
;
2768 fds
[fd
].fd
= pwm
->fd
;
2769 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2771 #ifdef WITH_PINENTRY
2772 case ASYNC_CMD_OPEN2
:
2773 case ASYNC_CMD_SAVE2
:
2774 /* The command has already completed (cached or new). */
2775 if (pwm
->state
== ASYNC_DONE
)
2778 if (pwm
->nb_fd
== -1)
2779 return GPG_ERR_INV_STATE
;
2782 fds
[fd
].fd
= pwm
->nb_fd
;
2783 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2788 if (!pwm
->tcp_conn
|| !pwm
->tcp_conn
->chan
)
2789 return GPG_ERR_INV_STATE
;
2791 n
= ares_getsock(pwm
->tcp_conn
->chan
, afds
, ARES_GETSOCK_MAXNUM
);
2793 for (i
= 0; i
< ARES_GETSOCK_MAXNUM
; i
++) {
2796 if (fd
> in_total
) {
2798 return GPG_ERR_ERANGE
;
2801 if (ARES_GETSOCK_READABLE(n
, i
)) {
2803 fds
[fd
].flags
|= PWMD_FD_READABLE
;
2806 if (ARES_GETSOCK_WRITABLE(n
, i
)) {
2808 fds
[fd
].flags
|= PWMD_FD_WRITABLE
;
2812 fds
[fd
++].fd
= afds
[i
];
2817 case ASYNC_CMD_CONNECT
:
2818 case ASYNC_CMD_HOSTKEY
:
2819 if (!pwm
->tcp_conn
|| pwm
->tcp_conn
->fd
== -1)
2820 return GPG_ERR_INV_STATE
;
2823 fds
[fd
].fd
= pwm
->tcp_conn
->fd
;
2824 fds
[fd
++].flags
= PWMD_FD_READABLE
;
2829 return GPG_ERR_INV_STATE
;
2832 pwm_t
*pwmd_new(const char *name
)
2834 pwm_t
*h
= pwmd_calloc(1, sizeof(pwm_t
));
2840 h
->name
= pwmd_strdup(name
);
2849 #ifdef WITH_PINENTRY
2852 h
->pinentry_timeout
= -30;
2853 h
->pinentry_tries
= 3;
2855 h
->prot
= PWMD_IP_ANY
;
2860 void pwmd_free(void *ptr
)
2865 void *pwmd_malloc(size_t size
)
2867 return xmalloc(size
);
2870 void *pwmd_calloc(size_t nmemb
, size_t size
)
2872 return xcalloc(nmemb
, size
);
2875 void *pwmd_realloc(void *ptr
, size_t size
)
2877 return xrealloc(ptr
, size
);
2880 char *pwmd_strdup(const char *str
)
2882 return xstrdup(str
);
2885 char *pwmd_strdup_printf(const char *fmt
, ...)
2896 len
= vsnprintf(NULL
, 0, fmt
, ap
);
2898 buf
= pwmd_malloc(++len
);
2901 vsnprintf(buf
, len
, fmt
, ap2
);